Kubernetes - CKS experience feedback

It’s been a while since I shared some tips my first CNCF certification exam. Meanwhile, I and several teammates at SoKube successfully passed the CK{AD,A,S} series, which makes SoKube a KCSP and KTP certified company. This makes totally sense as we - at SoKube - help other companies entering and maturing in the Container & Kubernetes ecosystem and more globally navigating in the entire Cloud-Native landscape!

Certified Kubernetes Security specialist
Certified Kubernetes Security specialist

Yet another CNCF exam?

True at some point! CKS is still an online proctored exam composed of a bunch of labs or problems to solve. You can read many blogposts out there, presenting the curriculum and a few tips.

I thought I already knew a lot about Kubernetes with topics covered by the CKAD / CKA. I then realized CKS unveils a whole new dimension, that largely expands outside the boundaries of the Kubernetes cluster…

If you want to get details of the proctoring procedure, hands-on labs experience, time-boxed concerns, I suggest you to read my previous blogpost. Here I would like to emphasise on the important changes since 2020 and things that are really important for your CKS exam. Thus, you should already be accustomed to the protocol as CKA is mandatory to register the CKS exam.

The perfect bookmark list as Curriculum

Doing a copy-paste of the CKS curriculum doesn’t bring a lot of value. You can easily find it on the CNCF website or on Github. Instead I would rather highlight the Security topics within the Kubernetes documentation pages. These pages will be useful during the exam, unless you prefer using the “search” bar of the Kubernetes documentation site and remembering the key-words (AppArmor, Ingress, Security Context, …).

Cluster Setup & Networking

Container Runtime Security

Control-plane components

Kernel hardening

Kubernetes primitives

Policies & Security Context


Software Supply Chain


You might notice some minor improvements to the exam UI, but this is in the console that things happens 😃 It’s no more needed to learn and remember the commands to enable the “k” alias or the completion. These are by default enabled in the candidate session and on all Kubernetes control-plane and worker nodes!

You can still boost a little bit your shell experience with these two ones, but it makes a bit less sense for the CKS as you often have to connect to Kubernetes nodes.

# speed up imperative commands
export dy="--dry-run=client -o yaml"

# speed up pod termination