CKS tips and takeaways

Yay! I got my ‘CKS - Certified Kubernetes Security Specialist’ certification.

It was quite a ride, as I had almost forgotten about it. You see, I had 2 goals this year: the GitOps homelab and CKS. I have done and learned a lot in the homelab, so much so that I had neglected the CKS a bit. I was under the impression that I had some time left when I was reminded by The Linux Foundation that I only had 4 weeks left to plan the exam (and potential retake). After those 4 weeks, the money my employer generously paid for me to get certified would be down the drain. So I applied myself and studied as hard as I could.

I knew CKA had taken me some practice, not because it is so hard, but because you need to be fast to get through all the assignments. CKA, CKS and CKAD are hands on exams where you get a terminal, vim kubectl (and the k alias luckily), and a Firefox browser that can only browse the official documentation pages.

In order to get through all the assignments in the allotted time, you have to know your way around the documentation very well.

Practice, practice, practice

For CKA, I prepared using the Linux Foundation course. I did some of the labs multiple times to ensure I could do an “open” assignment unguided using just the documentation. Being able to do the labs where every step is instructed in detail is not enough.

For CKS, I heard from friends that there is a serious Linux sysadmin component to it, that happens on the Linux (Debian on the exam) nodes. As a former developer turned Kubernetes Engineer, I felt that the Linux Foundation course labs did not prepare me sufficiently for that. I am not affiliated with Kodekloud, but their course is great, and the labs being prepared for you in the cloud is a huge productivity booster. So I highly recommend taking a Kodekloud subscription for a month to do their labs.

And remember to stay focused in your practice: are you just following instructions, or can you find these instructions and example configs to edit in the official documentation? If what you are doing in a lab is not obvious to you, try doing it again using just the official documentation.

Embrace Vim

I spent the last 2 years (since the CKA exam) using (neo)vim as my main IDE, but if you don’t yet, spend some time getting used to vim. It really helps with speed on the exam to be able to indent the next 5 lines at once (^, Ctrl+V, 5j, space space, Esc), move or replace an entire line(dd, then P to paste above current line, p to paste below, cc to replace, Shift+V to select multiple lines, then d for delete or c for change), or change text within "" (simply ci", change inside ").

You will never get this fast with nano. Embrace vim, leave the mouse alone as much as possible. Your shoulders, your wrists and the children in Uganda will thank you.

Practice exams

The Linux Foundation gives you 2 Killer.sh practice exams, and kodekloud also provides 3 practice exams. I found the kodekloud exams had a lot of overlap (I did 2 and felt like most of it was the exact same assignment), and their environment is more helpful/easier: zsh with better autocomplete, whereas the real exam has a bare bash shell where autocomplete only happens with some delay after you press tab, not with greyed out text appearing as you’re typing (like zsh).

So keep that in mind and use your killer.sh practice exams when you feel you’ve mastered the labs!

aliases and shortcuts

Don’t. For CKA 2 years ago, I had trained myself to write out some 3-letter aliases of the oh-my-zsh kubectl plugin, as well as kubectl config set-context --current --namespace and --dry-run -oyaml as a var. Now, there was a different node you ssh’ed into for every assignment, so those aliases wouldn’t stick around anyway, and the assignments and files were set up such that you usually didn’t need to k get deploy name -o yaml. I still did often, purely out of habit, before noticing the yaml was already on the filesystem.

yq / jq chops

Like vim, these skills are generally good to have, not just for the exam. I spent the night before the exam practicing them a bit, because I noticed I was scrolling through YAML and searching through json in less (with /, n, N) for things that could have been simple queries. In my quest to save any minute I could off of the time I need, I decided to practice my jq/yq query writing.

In the end, none of the assignments in the actual exam required these skills, but I am still grateful to finally understand when I need to do .someArraywithbrackets[] | select .key == "value" and when I need to do .someArraywithoutbrackets | group_by(.key).

Enjoy the process!

If you follow these tips, you should have no trouble learning all the required tools and skills for CKS, or any other Kubernetes exam, such as CKA or CKAD. Then the last tip is to enjoy it!

I find these hands-on exams very satisfying to do: they give me a feeling of mastery and confidence that no multiple choice or pen and paper exam has ever given me. Engineers and tinkerers who love doing and fixing things should really try these hands-on exams. Coming out of the exam, I felt like a Kubernetes God: “I can fix any cluster, write any policy manifest and find any misbehaving container now!” It sounds stupid, but if you know, you know. It’s a really good feeling and one of the best ways to demonstrate your technical ability.