Certified Kubernetes Security Specialist Challenge Series

Prabhjyot_KodeKloud · April 15, 2022, 8:53am

Hey Folks, We are launching a special series to help you prepare for the Kubernetes CKS certifications. Check out the Certified Kubernetes Security Specialist Challenge Series, where you can put all your hardcore Kubernetes skills to the test.

This series consists of a set of complex challenges that will assist you in mastering Kubernetes Security concepts and getting ready for the coveted Certified Kubernetes Security Specialist Certification.

Record your solutions and share on social media on your blog/video on YouTube. Top solutions win exciting prizes.

And these are absolutely free for anyone to attempt.

So what are you waiting for? Get started right now.

Link to the CKS challenges: https://bit.ly/3JIvnJq

Click on this link to know more: https://bit.ly/3Evkud3

Tej_Singh_Rana · April 15, 2022, 11:00am

Thanks for sharing and giving this opportunity.

theevilhammie · April 16, 2022, 2:59am

Anyone tried the challenge and had issues with the loading the apparmor profile?

I get the following error:
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.

Tej_Singh_Rana · April 18, 2022, 6:01am

Hi @theevilhammie
Thanks for your feedback. Definitely, we will check it and will update you.

Regards,
KodeKloud Support

Tej_Singh_Rana · April 20, 2022, 6:27am

Hi @theevilhammie
Please try now. We updated it.

Regards,
KodeKloud Support

alessandro.affinito · April 20, 2022, 9:05am

Do you share somewhere the winners each month?
Or at least if a contest was already won?

ShafaqKhan · April 20, 2022, 9:37am

alessandro.affinito · April 20, 2022, 2:19pm

Hi
the website seems down since 10 mins, could you check it please?

Tej_Singh_Rana · April 20, 2022, 2:23pm

Sorry for this inconvenience caused, @alessandro.affinito Our engineers are investigating. I will update you.

Regards,
KodeKloud Support

alessandro.affinito · April 20, 2022, 2:31pm

@Tej_Singh_Rana
do you have any info regarding the previous question instead?

Tej_Singh_Rana · April 20, 2022, 3:09pm

Hi @alessandro.affinito

Yes, every month we will announce the winners on the KodeKloud tutorials page as a blog and also will announce the winners on social media such as LinkedIn, Twitter, Facebook, and YouTube.
If you are already a member of our KodeKloud student slack workspace then we will announce it on the general slack channel too.
Also, we will email the winners with exam coupons.

Regards,
KodeKloud Support

Tej_Singh_Rana · April 21, 2022, 3:41am

Thanks for your patience, @alessandro.affinito Site is up and running. Please give it a try.

Regards,
KodeKloud Support

alessandro.affinito · April 24, 2022, 9:59am

Hi @Tej_Singh_Rana ,
For the second challenge what do you mean exactly with:

The deployment has a secret hardcoded. Instead, create a secret called ‘prod-db’ for all the hardcoded values and consume the secret values as environment variables within the deployment.

I’ve created the secret and I read the prod env variables from there (env.valueFrom.secretKeyRef) but I still don’t get the last point of the challenge

Tej_Singh_Rana · April 25, 2022, 4:01am

DMed you the similar example, Please try it.

philipsmit · May 10, 2022, 8:36pm

Has anyone had any luck with Challenge4? All tasks completed successfully except for the policy. I’ve got:

apiVersion: audit.k8s.io/v1 
kind: Policy
omitStages:
  - "RequestReceived"
rules:
  - level: Metadata
    resources:
    - group: "" 
      resources: ["configmaps","pods"]
    namespaces: ["omega", "citadel", "eden-prime"]

This gives me the info needed to complete the other tasks however, it gets marked as incorrect. Any pointers?

Tej-Singh-Rana · May 24, 2022, 5:06pm

Hello @philipsmit ,
It should work, please give it another try. Let me know if you are still facing an issue.

Regards,
KodeKloud Support

Javier3 · June 1, 2022, 4:42am

philipsmit:

apiVersion: audit.k8s.io/v1 
kind: Policy
omitStages:
  - "RequestReceived"
rules:
  - level: Metadata
    resources:
    - group: "" 
      resources: ["configmaps","pods"]
    namespaces: ["omega", "citadel", "eden-prime"]

Yes, it works, I’ve just cleared it. @Tej-Singh-Rana could you please check the issue in challenge 2?

Dinesh_Kodekloud · June 1, 2022, 9:23am

Hi @Javier3 ,
Could you please let me know, what issue are you facing with challenge 2?

Javier3 · June 1, 2022, 9:37am

Sure thing

CKS Challenege 2 - startupProbe to remove shells - Kubernetes - KodeKloud - DevOps Learning Community

philipsmit · July 6, 2022, 6:36pm

Challenge 2 - The following network policy is being marked incorrect; although multiple solution guides provide the same solution. Can you provide insight into why this is marked incorrect?

kind: NetworkPolicy
metadata:
  name: prod-netpol
  namespace: prod
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: prod