Search our courses
Training

Obtaining a CKS demonstrates a candidate possesses the requisite abilities to secure container-based applications and Kubernetes platforms during build, deployment and runtime, and is qualified to perform these tasks in a professional setting.

Certified Kubernetes Security Specialist (CKS)

Price €2,250.00

Course Code

GTLFKS

Duration

4 Days

Course Fee

€2,250.00which includes the exam voucher.

(if you reside in Ireland please contact us in relation to Skillnet subsidies)

Accreditation

Certified Kubernetes Security Specialist

 

The Certified Kubernetes Security Specialist (CKS) program provides assurance that a CKS has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. CKA certification is required to sit for this exam.

CKS is a performance-based certification exam that tests candidates’ knowledge of Kubernetes and cloud security in a simulated, real world environment. 

Target Audience

A Certified Kubernetes Security Specialist (CKS) is an accomplished Kubernetes practitioner (must be CKA certified) who has demonstrated competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.  The course is designed with both Administrator and Application Developer roles in mind.

Attendee Requirements

Attendees must be CKA certified. Suited for both onprem (baremetal) K8S as well as users of managed K8S in the public cloud.


Monday 25 November - Thursday 28 November (4 days) 09.30 - 17.00
 Live Online GMT +01:00

Expand all

Course Description

Obtaining a CKS demonstrates a candidate possesses the requisite abilities to secure container-based applications and Kubernetes platforms during build, deployment and runtime, and is qualified to perform these tasks in a professional setting.

Course Outline

1. Introduction to CKS

 

2. Understanding the K8S attack surface

 

3. K8S Cluster setup & hardening

3.1 Benchmarking
3.2.1 CIS Benchmarks

3.2.2 OSCAP

3.2.3 Kube-bench
 3.3. Kubernetes Security Authentication
 3.3.1.1. User accounts
 3.3.1.2. Service account

3.4. TLS
3.4.1. Intro to TLS in general
3.4.2. TLS in K8S
3.4.3. Managing certs in K8S
3.4.3.1. Creating certs
3.4.3.2. Viewing certs


3.5. Working with the Certs API


3.6. Managing Kubeconfig


3.7. API groups


3.8. Authorization
3.8.1. RBAC
3.8.2. Roles
3.8.3. ClusterRoles
3.8.4. Rolebindings
3.8.5. ClusterRoleBindings


3.9. Security Aspects for Kubelet


3.10. Security Aspects for Kube-proxy


3.11. Security aspects K8S container images and binaries


3.12. K8S versions


3.13. Cluster Upgrades

 

3.14. Securing CRE
3.14.1. Docker
3.14.2. Containerd
3.14.3. Crio-d

 

4.     K8S Networking & Security
4.1. K8S networking revisited
4.2. K8S CNIs
4.3. K8S Default Network Policies
4.3.1. Network policies on L3
4.3.2. Network policies on L3
 

4.4. Cilium CNU Network Policies
4.4.1. Network policies on L3
4.4.2. Network policies on L4
4.4.3. Network policies on L7
 

4.5. Enhanced Network Policies on Calico
 

4.6. Network encryption.
4.6.1. Network encryption with Calico
4.6.2. Network encryption with Cilium
 

4.7. K8S Ingress
4.7.1. Ingresses revisited
4.7.2. Nginx-ingress and annotations
4.7.3. Nginx-ingress and TLS
4.7.4. Nginx-ingress and Cert-manager
4.8. Traefik
4.9. Cilium Ingress

5.      Hardening the OS of the nodes

5.1. K8S nodes and security aspects.


5.2. Limiting node access


5.3. Hardening SSH


5.4. Privilege escalation in Linux


5.5. Node hardening tasks
5.5.1. Keeping the attack surface small
5.5.2. Restricting use of kernel modules
5.5.3. Firewalling on Linux
5.5.4. Minimize IAM roles
5.5.5. Minimize external access to the network
5.5.6. Syscalls in Linux
5.5.7. Tracee
5.5.8. Seccomp
5.5.9. Apparmor
5.5.10. Selinux
5.5.11. Linux Capabilities



6. Minimize Micoroservice Vulernabilities
 

6.1. Working with Security Contexts
6.2. Admission Controllers
6.3. Pod Security Policies (PSP)
6.4. OPA - Open Policy Agent
6.5. OPA Gatekeeper
6.6. Managing K8S secrets
6.7. External secrets

6.8. K8S Container Sandboxing
6.8.1. g-Visor
6.8.2. Kata containers
6.8.3. Runtime classes in K8S


6.9. About SSL and Mutual SSL
6.10. MTLS and POD-2-POD encryption

7. Supply Chain Security
7.1. Best practices in crafting and forging containers
7.2. Container image security
7.3. (External) registry control
7.4. Static analys/scanning of container images
7.4.1. Trivy
7.4.2. CLair
7.4.3. Grype
7.4.4. Kubesec

8. Monitoring, logging and runtime security

8.1. Introduction
8.2. Analysis of syscall usage
8.3. Falco
8.4. Mutable or immutable container
8.5. Ensuring Runtime immutability of containers
8.6. K8S auditing

 

Exam

This exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes. Candidates have two (2) hours to complete the tasks.

The exam is taken remotely with a live proctor monitoring via webcam and screen sharing. Candidates for CKS must hold a current Certified Kubernetes Administrator (CKA) certification to demonstrate they possess sufficient Kubernetes expertise before sitting for the CKS. CKS may be purchased but not scheduled until CKA certification has been achieved. CKA Certification must be active (non-expired) on the date the CKS exam (including Retakes) is scheduled.

The certification remains valid for two years from the date it is awarded.

Learning Path

The Certified Kubernetes Administrator (CKA) is a requirement.

Ways to Attend

Live Online or Onsite

Book Now
 
Participant number 1 €2,250.00

Book Now

Required fields

 

 

Technical ICT learning & mentoring services

Private Team Training

Our instructors are specialist consultants with vast real world experience and expertise allowing them to design and deliver client-focused courses for your organisation.

Learn more about our Private Team Training

What Our Clients Say

"Absolutely fantastic training. Thoroughly enjoyed it thanks to our highly enthusiastic tutor.  It wouldn't be an understatement to say that it was the best professional training that I have ever received."

 

Customised Linux with Networking

Live Online -  February 2022

 


“It was very positive. This course was 4 days but covered a semester worth of work if it was done in college. The labs were relevant and delegates were provided the lab/coursebook for further study and practice after the course finished. GuruTeam's course was excellent and provides a deeper understanding of the architecture and how it all works. The hands-on aspect was very helpful as it helped solidify the concepts as I went along."

 

Kubernetes Administration Certification - GTLFK

Live Online September 2024

 

 

 

“The Instructor was very knowledgeable, laid back and very approachable during the course. The environment setup was second to none.  Very easy to jump in and follow along with minimal pre-req setup."

Kubernetes Administration Certification - GTLFK

Onsite May 2024

 

“Very engaging and practical course so hope to be able to put the learning into practice.”

 

Being Agile in Business - GTBAB

Live Online September 2021

 

“Great instructor, who encouraged active participation. The breakout groups and exercises kept the group engaged and the content relevant to our own products”.

 

Site Reliability Engineering Foundation - GTDSRE

Live Online January 2022

 

 

 

"Intelligence is the ability to avoid doing work, yet
getting the work done"

Linus Torvalds, creator of Linux and GIT

Technical ICT learning & mentoring services

About GuruTeam

GuruTeam is a high-level ICT Learning, Mentoring and Consultancy services company. We specialise in delivering instructor-led on and off-site training in Blockchain, Linux, Cloud, Big Data, DevOps, Kubernetes, Agile, Software & Web Development technologies. View our Testimonials

Download our eBrochure
Our Accreditation Partners
  •  
  •  
  •  

 

Upcoming Courses

Kubernetes Administration

4th - 7th November 2024

 Live Online

 

Learn More

RUST PROGRAMMING

4th - 7th November 2024

Live Online

GMT +01:00  09:30 - 17:00 hrs

This course will help you understand what Rust applications look like, how to write Rust applications properly, and how to get the most out of the language and its libraries.

 

 

 

 

 

Learn More

INTRO TO PYTHON 3 

ADVANCED PYTHON 3

15th - 17th October 2024
29th - 31st October 2024

Live Online

   GMT +01:00  09:30 - 17:00 hrs

  Python is a powerful and 
  popular object-oriented 
  programming/scripting
 language with many high q
uality  libraries.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

 

 

 

 

Learn More

 GO LANG TRAINING

4th to 7th November 2024

Live Online      

GMT +01:00  09:30 - 17:00 hrs

This Go language programming training course will help you understand how Go works, and immediately be more productive. If you are building a team using Go, this will be a great opportunity to get your team on the same page and speaking the same language. Innovative lab exercises and code samples are provided to reinforce skills and quickly master the topics.

Learn More

Newsletter

Stay up to date, receive updates on scheduled dates, new courses, offers, and events.

Subscribe to our Newsletter