The Certified Kubernetes Security Specialist (CKS) exam is the most challenging in the lineup of practical Kubernetes exams from CNCF. I won't delve deep into its specifics here, as the Internet is full of relevant information. It's worth saying that only those candidates who have passed the Certified Kubernetes Administrator (CKA) exam successfully are eligible for the CKS exam. The topics required for the exam can be found here. Additionally, proficiency with tools like falco, sysdig, and trivy is essential. You need to keep in mind that the Kubernetes cluster version used in the exam is updated following the release of each new Kubernetes version, and the delay between the release of a new Kubernetes version and the exam's version update usually does not exceed two months.
Preparation: Initial Steps and Unexpected Hurdles
My preparation began two years ago with a course on kodekloud.com. However, after two months, I had to interrupt my studies due to family circumstances. When I returned to my preparation some time later, I was faced with the necessity to move to another country. Due to it I had very little time for my studies, and I decided to take the exam without proper preparation. As expected, my first attempt was unsuccessful.
Next, I turned to the course offered by linuxfoundation.org, but I found its content too sparse for independent preparation. Following the community's advice, I purchased a course from killer.sh, which eventually proved to be the most beneficial, especially in the practical aspect.
Nevertheless, a number of questions in the killer.sh simulator were limited, and most of them did not provide a full picture of the possible exam tasks. This prompted me to create my own exam emulator based on AWS EC2 spot instances, using Terraform and Terragrunt.
CKS Simulator: Birth and Growth
While developing the simulator, I managed to prepare for the exam and passed it. It happened on the second attempt due to technical problems from the examination center. After having passed it, I decided to share my experience and tools. It led to the creation of the CKS Simulator project.
Since then, 9 other professionals have joined the project. At present some of them are helping to update the database with exam questions, while others are assisting with documentation and the release of new versions. We are actively gathering feedback from those who've taken the exam to improve our simulator continuously.
Mastering the CKS Exam: Insights and Tips
For the examination, candidates connect through a secure browser to a virtual machine's desktop (similar to VNC). You won't have access to your browser bookmarks. Within this virtual machine you can launch as many terminals as you like and access the allowed documentation. However, remember that you can only have one page open at a time. It’s common to have problems with exam infrastructure. They include slow terminal responses or connection issues. If you encounter any such difficulties, immediately contact the support, and they'll reschedule your attempt.
Having connected to this virtual machine, you'll find connections pre-configured for approximately 16 Kubernetes clusters. As a rule, each exam question utilizes its cluster. Questions vary in their point values, usually ranging from 1 to 12 points. Time management is crucial in this exam. As experience shows each point corresponds to roughly 1.1 minute. So, if a question is worth 4 points, try not to spend more than 5 minutes on it. If it takes longer, mark the question and move on to others, returning to it after you've seen all the remaining questions.
Aim to use imperative commands as much as possible, such as for creating pods, deployments, secrets. Save manifests from these commands, edit the obtained manifests, and apply them to the cluster. The virtual machine's terminal has the alias k=kubectl set up. Make use of it, and also use the auto-completion feature (Tab key). Prioritize using the 'help' feature of console utilities whenever possible, as searching through the browser can be time-consuming.
How the Simulator Works:
- The simulator sets up a VPC (Virtual Private Cloud), subnets, 10 Kubernetes (k8s) clusters with prepared resources, and a work-PC with tests for validation.
- To create exam infrastructure we use Terraform modules as templates. Terragrunt manifests consist of some modules and their parameters. Terragrunt executes these manifests and creates all the necessary exam infrastructure.
- The vpc module handles network creation.
- The ssh-keys module manages the creation of SSH keys.
- k8s_self_management sets up a k8s cluster with specific parameters, such as the k8s version, EC2 node type, the number of worker nodes, their labels within the k8s cluster, and runtime (containerd,cri-o,containerd_gvisor).
- The work_pc module is responsible for creating the work-PC.
 
- For convenience, all launch scripts have been added to a Makefile. To set up a new mock exam, you just need to execute the command TASK=01 make run_cks_mock, and to remove itTASK=01 make delete_cks_mock.
- Once the exam is set up, the script's output will provide you with the IP address of the work-PC. You log into it and complete the assignments.
- To check the remaining time for the exam, use the time_leftcommand, and to evaluate the assignments, usecheck_result.
- For a detailed guide you can refer to the documentation or watch the video tutorial.
Resources and Future Plans
Currently, we have ready-made Terraform modules for scenario creation, lab works, and simulators for CKS and CKA exams, as well as video materials. We are planning to develop the simulator for the CKAD exam and lab works for AWS EKS in a very short time.
The Most Effective Path to Passing the CKS Exam:
- Purchase the exam during discount periods. For example, during Cyber Monday, discounts can exceed 50%.
- I recommend buying and going through Kim Wüstkamp's course. Dive into all the theoretical materials and complete the practical assignments provided in the course.
- Upon purchasing the course, you'll gain access to a Slack channel. Here, you can pose questions to the course author and interact with other participants who are also preparing for the exam or have recently passed it. It's an excellent opportunity to learn about new exam questions and add them to your simulator.
- Regularly take the mock exam on our simulator until your final score consistently reaches 90% or above.
- Complete the mock exam on the killer.sh platform. Its user interface closely mirrors the real exam, which will help you get accustomed to the format and prepare better .
- After going through all these preparatory steps, you'll be ready to tackle the actual CKS exam.
Conclusion
If our project draws your interest, join us on GitHub or our YouTube channel. We always welcome new members and their feedback. We hope our platform will assist many engineers in passing the CKS and other IT-related exams successfully.
If you have any changes or additions to share, please let me know!
