Certified Kubernetes Security Specialist (CKS) Online Training

This intermediate Certified Kubernetes Security Specialist (CKS) training prepares DevOps professionals to minimize microservice vulnerabilities and set up and harden Kubernetes clusters.

The world of IT has seen a big shift from using virtualized application deployment environments to containerized application deployment environments — and Kubernetes is one of the most popular platforms when creating and managing those environments. So it only makes sense that being able to secure container-based applications and Kubernetes platforms has become a requirement.

With this Kubernetes Security Specialist training, you’ll learn how to secure the containers that bundle and run your applications.

After finishing this Kubernetes training, you'll know how to minimize microservice vulnerabilities and set up and harden Kubernetes clusters.

For anyone who manages DevOps professionals, this Kubernetes training can be used to onboard new DevOps professionals, curated into individual or team training plans, or as a Kubernetes reference resource.

Certified Kubernetes Security Specialist (CKS): What You Need to Know

This Certified Kubernetes Security Specialist (CKS) training has videos that cover topics such as:

Performing basic installations with Kubernetes (K8s) clusters
Configuring and managing Kubernetes clusters
Providing Kubernetes networking, storage, and security solutions
Monitoring Kubernetes performance with logs and troubleshooting problems

Who Should Take Certified Kubernetes Security Specialist (CKS) Training?

This Certified Kubernetes Security Specialist (CKS) training is considered professional-level Kubernetes training, which means it was designed for DevOps professionals. This Kubernetes skills course is designed for DevOps professionals with three to five years of experience with DevOps.

New or aspiring DevOps professionals. If you want to work as a DevOps professional in the future, mastering Kubernetes early is a sure-fire way to stay ahead of the curve. And what better way to showcase your Kubernetes skills than by knowing about Kubernetes security principles like cluster hardening and microservice vulnerability prevention — often overlooked topics in the IT world.

By using this Certified Kubernetes Security Specialist (CKS) training, you can separate yourself from the crowds early on.

Experienced DevOps professionals. Though it was developed by engineers at Google, Kubernetes has only been around since 2015. So even some veterans in the DevOps space may not be comfortable working with Kubernetes.

But with how popular microservice architecture and application security have become, it’s only a matter of time before you find yourself needing to learn about Kubernetes security. And by using this training, you'll learn how to secure container-based applications and Kubernetes platforms during build, deployment, and runtime

Skill:
Intro to Certified Kubernetes Security (CKS)
- 1. Overview
  1 min
- 2. Overview of Kubernetes Certifications
  10 mins
- 3. Kubernetes Cluster and Node Hardening
  12 mins
- 4. Secure Microservices with Service Mesh and Policy
  11 mins
- 5. Discuss Software Supply Chain Security
  12 mins
- 6. Kubernetes Monitoring and Runtime Security
  9 mins
- 7. Conclusion
  1 min
Skill:
Intro to Network Policy for Kubernetes
- 1. Overview
  1 min
- 2. Learn Network Policy Security Concepts in Kubernetes
  8 mins
- 3. Block Network Traffic by Source CIDR Block
  8 mins
- 4. Apply Pod Selectors to Kubernetes Network Policy
  6 mins
- 5. Select Network Traffic by Source Namespace
  7 mins
- 6. Apply Egress Rules to Kubernetes Network Policy
  9 mins
- 7. Deploy Example Kubernetes Network Policy Scenario
  8 mins
- 8. Practice Kubernetes Network Policy
  8 mins
- 9. Conclusion
  1 min
Skill:
Limiting Access to Kubernetes GUIs
- 1. Overview
  1 min
- 2. Intro to Securing Kubernetes GUIs
  14 mins
- 3. Secure Kubernetes GUIs with Cloud Native Firewalls
  10 mins
- 4. Encrypt Network Packets with Ingress and TLS
  7 mins
- 5. Understand Kubernetes Network Policies for Securing GUIs
  6 mins
- 6. Enable AuthN and AuthZ for Kubernetes GUI Security
  7 mins
- 7. Disable Web UIs for Improved Cluster Security
  8 mins
- 8. Conclusion
  1 min
Skill:
Using CIS Benchmark to Evaluate Kubernetes Cluster Security
- 1. Overview
  1 min
- 2. Intro to CIS Benchmarks for Kubernetes
  10 mins
- 3. Discuss the CIS Kubernetes Benchmark Document
  10 mins
- 4. Understand Etcd and Control Plane Authentication Recommendations
  11 mins
- 5. Review Kubernetes Worker Node CIS Benchmarks
  10 mins
- 6. Learn Kubernetes Policy CIS Benchmarks
  13 mins
- 7. Conclusion
  1 min
Skill:
Securely Handling Secrets in Kubernetes Clusters
- 1. Overview
  1 min
- 2. Intro to Kubernetes Sealed Secrets
  13 mins
- 3. Deploy Bitnami Sealed Secrets to Kubernetes Cluster
  18 mins
- 4. Encrypt Secrets with Kubeseal CLI Tool
  12 mins
- 5. Deploy and Unwrap Sealed Secret Resources on Kubernetes
  6 mins
- 6. Conclusion
  1 min
Skill:
Intro to Chaos Testing Kubernetes Clusters
- 1. Overview
  1 min
- 2. Intro to Chaos Mesh for Kubernetes
  12 mins
- 3. Install Chaos Mesh on Kubernetes Clusters
  15 mins
- 4. Explore the Chaos Mesh Dashboard UI
  9 mins
- 5. Inject HTTP Chaos Mesh Experiment into Pods
  18 mins
- 6. Conclusion
  1 min
Skill:
Signing Container Images for Kubernetes Deployment
- 1. Overview
  1 min
- 2. Intro to Signing Container Images
  12 mins
- 3. Understanding Sigstore Cosign CLI
  13 mins
- 4. Install Cosign CLI and Generate Key Pair
  14 mins
- 5. Build and Digitally Sign Container Image with Cosign
  15 mins
- 6. Conclusion
  1 min
Skill:
Control Network Traffic in Kubernetes with Open Service Mesh
- 1. Overview
  1 min
- 2. Intro to Open Service Mesh for Kubernetes
  9 mins
- 3. Understand Open Service Mesh Installation Process
  10 mins
- 4. Install Open Service Mesh on Kubernetes with OSM CLI
  10 mins
- 5. Onboard Kubernetes Namespaces to Open Service Mesh
  10 mins
- 6. Verify Service Connectivity from OSM Client Pod
  7 mins
- 7. Limit Network Connectivity with OSM IngressBackend Resource
  13 mins
- 8. Conclusion
  1 min
Skill:
Securely Store Secrets in Kubernetes with Vault
- 1. Overview
  1 min
- 2. Intro to Hashicorp Vault on Kubernetes
  8 mins
- 3. Understanding Hashicorp Vault Architecture on Kubernetes
  10 mins
- 4. Install Hashicorp Vault on Kubernetes with Helm
  12 mins
- 5. Initialize and Unseal Hashicorp Vault and Create Secret
  10 mins
- 6. Create Vault Permissions Policy and Role
  9 mins
- 7. Inject Hashicorp Vault Secrets into Kubernetes Pod
  12 mins
- 8. Conclusion
  1 min
Skill:
Implement Pod Security Policies in Kubernetes
- 1. Overview
  1 min
- 2. Intro to Pod Security Policies
  10 mins
- 3. Learn Pod Security Policy Architecture
  9 mins
- 4. Test Default Behavior of Kubernetes PSPs
  13 mins
- 5. Create Kubernetes Service Account and Pod Security Policy
  7 mins
- 6. Create Role and Validate PSP Behavior
  10 mins
- 7. Conclusion
  1 min
Skill:
Understanding Kubernetes Admission Controllers
- 1. Overview
  1 min
- 2. Intro to Kubernetes Admission Controllers
  14 mins
- 3. Learn About Dynamic Admission Controllers
  10 mins
- 4. Examine Built-in Kubernetes Admission Controllers
  14 mins
- 5. Customize Kubernetes (k3s) API Server Admission Plugins
  15 mins
- 6. Conclusion
  1 min
Skill:
Master Auditing in Kubernetes Clusters
- 1. Overview
  1 min
- 2. Intro to Auditing in Kubernetes
  14 mins
- 3. Understanding Kubernetes Audit Policy Configuration
  14 mins
- 4. Install K3S and Enable Audit Logging
  13 mins
- 5. Enable Kubernetes Audit Backend
  10 mins
- 6. Conclusion
  1 min
Skill:
Working with Kubernetes Events
- 1. Overview
  1 min
- 2. Intro to Kubernetes Event Resources
  17 mins
- 3. Explore Kubernetes Event Schema
  11 mins
- 4. Understand Node Level Events in Kubernetes
  6 mins
- 5. Explore Pod Events in Kubernetes
  9 mins
- 6. Filter Kubernetes Events with Kubectl CLI
  10 mins
- 7. Conclusion
  1 min
Skill:
Process Kubernetes Audit Logs with PowerShell
- 1. Overview
  1 min
- 2. Intro to Processing Kubernetes Audit Logs
  11 mins
- 3. Provision Kubernetes Audit Database with MySQL
  12 mins
- 4. Connect to MySQL Database from PowerShell and VSCode
  14 mins
- 5. Parse Kubernetes JSON Audit Logs and Insert MySQL Records
  17 mins
- 6. Conclusion
  1 min
Skill:
Validate Container Image Signatures in Kubernetes
- 1. Overview
  1 min
- 2. Intro to Container Image Verification in Kubernetes
  18 mins
- 3. Customize Connaisseur Helm Variables
  11 mins
- 4. Install Connaisseur Helm Chart
  7 mins
- 5. Build and Test Signed Container Image
  18 mins
- 6. Conclusion
  1 min
Skill:
Scan Linux Container Images for Vulnerabilities with Trivy
- 1. Overview
  1 min
- 2. Intro to Container Image Vulnerability Scanning Tools
  10 mins
- 3. Explore Trivy Scanner Functionality
  11 mins
- 4. Deep Dive Into Trivy Vulnerability Data Sources
  13 mins
- 5. Run Trivy Vulnerability Scan on Linux VM
  17 mins
- 6. Conclusion
  1 min
Skill:
Detect Runtime Security Threats with Falco
- 1. Overview
  1 min
- 2. Intro to Falco Open Source Event Detection
  11 mins
- 3. Learn About Falco Sidekick Utility
  9 mins
- 4. Engage with the Falco Development Community
  9 mins
- 5. Install Falco on Linux Virtual Machine
  10 mins
- 6. Review Falco Configuration Files and Launch Falco
  12 mins
- 7. Conclusion
  1 min
Skill:
Secure Kubernetes Access with Teleport
- 1. Overview
  1 min
- 2. Intro to Teleport Proxy Security for Kubernetes
  7 mins
- 3. Understanding Teleport Architecture on Kubernetes
  9 mins
- 4. Install Teleport Proxy on Kubernetes Cluster
  11 mins
- 5. Configure Teleport DNS Endpoint and User
  14 mins
- 6. Login to Kubernetes Cluster via Teleport CLI
  13 mins
- 7. Conclusion
  1 min
Skill:
Enforce Kubernetes Resource Configuration with Kyverno Policies
- 1. Overview
  1 min
- 2. Intro to Kyverno Policy Management for Kubernetes
  16 mins
- 3. Install Kyverno on Kubernetes Cluster with Helm
  15 mins
- 4. Examine Kyverno Policy Library and Network Policy
  10 mins
- 5. Apply Kyverno Policy to Enforce Kubernetes Quotas
  7 mins
- 6. Conclusion
  1 min
Skill:
Monitoring Kubernetes with Sumo Logic
- 1. Overview
  1 min
- 2. Intro to Kubernetes Monitoring with Sumo Logic
  10 mins
- 3. Install Sumo Logic Helm Chart on Kubernetes Cluster
  11 mins
- 4. Explore Sumo Logic Open Source Components
  10 mins
- 5. Explore Built-in Kubernetes Dashboards in Sumo Logic
  10 mins
- 6. Understanding Kubernetes E-mail Alerts in Sumo Logic
  11 mins
- 7. Conclusion
  1 min
Skill:
Understanding Dynamic Admission Controllers for Kubernetes
- 1. Overview
  1 min
- 2. Intro to Kubernetes Dynamic Admission Controllers
  8 mins
- 3. Learn Basic Structure of Validating Webhook Configuration
  8 mins
- 4. Understanding Kubernetes Webhook Configuration Rules
  9 mins
- 5. Setting the Client Config for Kubernetes Webhook Configs
  7 mins
- 6. Understanding Extra Webhook Config Options
  6 mins
- 7. Inspect Validating Webhook Config Requests
  12 mins
- 8. Conclusion
  1 min
Skill:
Automate Container Image Scanning in GitHub Actions
- 1. Overview
  1 min
- 2. Intro to Container Image Scanning with GitHub Actions
  14 mins
- 3. Create Simple GitHub Actions Project
  6 mins
- 4. Install and Run Trivy in GitHub Actions
  17 mins
- 5. Abort GitHub Actions Workflow on Detected Vulnerabilities
  6 mins
- 6. Improve Trivy Performance in GitHub Actions
  15 mins
- 7. Conclusion
  1 min
Skill:
Explore Chaos Mesh Experiments for Kubernetes Clusters
- 1. Overview
  1 min
- 2. Schedule Chaos Mesh Experiments with Cron Expressions
  20 mins
- 3. Develop Complex Chaos Mesh Workflows
  16 mins
- 4. Inject Stress Chaos into Kubernetes Pods
  8 mins
- 5. Perform Kubernetes Network Attacks with Chaos Mesh
  11 mins
- 6. Conclusion
  1 min
Skill:
Implement Pod Security Standards in Kubernetes
- 1. Overview
  1 min
- 2. Intro to Pod Security Standards
  16 mins
- 3. Implement Warning for Baseline Pod Security Standard on Namespace
  18 mins
- 4. Enforce Baseline Pod Security Standard Versions
  12 mins
- 5. Apply Pod Security Standard to Entire Kubernetes Cluster
  12 mins
- 6. Conclusion
  1 min
Skill:
Control Kubernetes API Priority and Fairness
- 1. Overview
  1 min
- 2. Intro to Kubernetes API Priority and Fairness
  9 mins
- 3. Understanding API Priority & Fairness Resources
  8 mins
- 4. Examine Kubernetes FlowSchema Resource Type
  11 mins
- 5. Validate FlowSchema Applied During k8s API Requests
  11 mins
- 6. Explore Kubernetes Priority Level Configuration Queues
  10 mins
- 7. Conclusion
  1 min
Skill:
Validate Kubernetes Infrastructure with PowerShell Pester Tests
- 1. Overview
  1 min
- 2. Intro to Kubernetes Infrastructure Testing with Pester
  8 mins
- 3. Discuss Specific Use Cases for Automated Kubernetes Testing
  8 mins
- 4. Setting Up PowerShell and Pester Dev Environment
  6 mins
- 5. Add Pester Template Strings to Test Cases
  7 mins
- 6. Conclusion
  1 min
Skill:
Understanding Open Policy Agent
- 1. Overview
  1 min
- 2. Intro to Open Policy Agent (OPA) Concepts
  10 mins
- 3. Understand OPA Gatekeeper Architecture with Kubernetes
  10 mins
- 4. Install OPA Gatekeeper on Kubernetes Cluster
  8 mins
- 5. Deploy OPA Constraints to Kubernetes Cluster
  10 mins
- 6. Remediate Audit Violations from OPA Gatekeeper
  10 mins
- 7. Conclusion
  1 min
Skill:
Validate Kubernetes Resource Configurations with Datree
- 1. Overview
  1 min
- 2. Intro to Kubernetes Resource Validation with Datree
  11 mins
- 3. Run Datree CLI Against Local Kubernetes Manifest
  10 mins
- 4. Skip Datree Policy Rules with Resource Annotations
  10 mins
- 5. Evaluate Datree Policy Rules on Live Kubernetes Resources
  13 mins
- 6. Configure Datree Policies Centrally or Locally
  9 mins
- 7. Conclusion
  1 min
Skill:
Develop Rego Policies for Open Policy Agent
- 1. Overview
  1 min
- 2. Intro to Rego for Open Policy Agent (OPA)
  8 mins
- 3. Create Rego Policy and Parse with OPA CLI
  9 mins
- 4. Pass Inputs to Rego Policies and Use String Functions
  9 mins
- 5. Evaluate Rego Policy Return Values
  9 mins
- 6. Implement Time Window Policy in Rego
  9 mins
- 7. Conclusion
  1 min

Loading transcripts...

Overview

Access all premium content with a free week!

Start a free week

Course overview

1 HOURS OF TRAINING

SKILLS

VIDEOS

VIRTUAL LABS

0 PRACTICE EXAMS

Trevor Sullivan

Nugget trainer since 2020

Read the full bio

What is it like to train with us?

Our learners say it best.

Helps me learn the skills I need when I need them

THOMAS S. | SYSTEMS ENGINEER & CONSULTANT

Read Reviews

Certified Kubernetes Security Specialist (CKS) FAQs: Cost, Training, Value

Is the Certified Kubernetes Security Specialist (CKS) worth it?

For IT professionals who work with containers, container-based applications and container security, the CKS is worth it to prove your competence with a wide array of abilities related to securing container-based apps and Kubernetes platforms. Safeguarding Kubernetes clusters is a critical skill – container applications are being adopted by more and more organizations. The Certified Kubernetes Security Specialist certification is a valuable investment in your career as a DevOps or systems engineer.

How much does the Certified Kubernetes Security Specialist (CKS) cost?

The Certified Kubernetes Security Specialist (CKS) exam costs $395. However, that's not the total cost of earning it, since the Certified Kubernetes Administrator (CKA) is a prerequisite, and that also costs $395 to earn. Your CKA credential must be valid and active at the time of taking the CKS exam, which means the total cost of earning the CKS is at least $790, before adding any courses or training costs.

How difficult is the Certified Kubernetes Security Specialist (CKS) exam?

The CKS certification exam is a comprehensive, performance-based test that's taken in a simulator environment. It tests your familiarity with implementing security policies, configuring authentication mechanisms and applying role-based access controls (RBAC) to containers and Kubernetes environments. With the right preparation and study, the Certified Kubernetes Security Specialist (CKS) exam isn't an overwhelming challenge, but it is nevertheless an advanced and specialized certification, and the exam reflects that.

Does the Certified Kubernetes Security Specialist (CKS) expire?

Yes, the Certified Kubernetes Security Specialist (CKS) certification expires after two years. Two years is on the short side for a late-career certification like the CKS, but it's important that the container security specialists keep their skills and knowledge fresh in the face of changing technologies and attack vectors. If maintaining an active credential is necessary for your job or maintaining compliance, the certification can be renewed by retaking (and passing) the CKS exam.

What's the best way to study for the Certified Kubernetes Security Specialist (CKS)?

The Certified Kubernetes Security Specialist (CKS) exam is performance-based, delivered and proctored digitally. That means there's very few knowledge-based questions. Hands-on experience with Kubernetes clusters and security configurations is crucial, so the way to study for the CKS is with a test environment where you can practice various security scenarios. Find ways to experiment and make mistakes securing Kubernetes network environments and containers, like in a virtual sim.

Certified Kubernetes Application Developer (CKAD)

CompTIA Linux+ (XK0-004)

What is it like to train with us?

Our learners say it best.

Certified Kubernetes Security Specialist (CKS) FAQs: Cost, Training, Value

Let's chat!