I took the CKS exam yesterday and unfortunately unable to clear the exam by ~2% of passing score I would have been cleared provided the environment was friendly, and if the proctor haven’t wasted time by constant pings. I started the exam and he wasted my first 5 mins checking something. I asked him to give those 5 mins back but he didn’t give me. That PSI environment sucks.
But main question is – In few of the scenarios, I needed to inspect the containers via crictl. So, when I was trying to use the crictl, I got bunch of docker.sock authentication and authorization issues. I’ve never seen that in any of the simulators or any where. Please let me know how can I get through that kind of questions where crictl is needed? How to fix those? How to make crictl ps, crictl inspect work in exam environment? Need ASAP as I may retake while everything is fresh in my mind
It’s sad to hear that you missed it by so close.
Other exam attendants have also faced the crictl configuration issue.
The issue is with configuring the /etc/crictl.yaml for --runtime-endpoint and --image-endpoint.
It can be done by referring to the official docs:
cat <<EOF | sudo tee -a /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
EOF
Or
crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock # Set the containerd sock as runtime endpoint
crictl config --set image-endpoint=unix:///run/containerd/containerd.sock # Set the containerd sock as image endpoint
For more on this, you can go through the discussion on KK Discord
Thanks @Santosh_KodeKloud Really appreciate it. Was it done on purpose in the exam to not set this out? or the cluster setup was incorrect? Due to this, i missed out answering 3 questions faster
Gotcha, do you also know if there will be same set of questions if we retake the exam? Although, I don’t remember now what they asked honestly, but at least got an idea on kind of questions
I believe it is a bug that crictl is not configured. I also raised a ticket about it, but was several days later.
After your retake, and assuming it’s still not working, raise a ticket immediately, also referring in it the ticket number of the one you already created. They keep the exam environment for a few days for forensics if tickets are raised.
In the meantime, commit to memory what Santosh has pointed out. Type it into your mousepad so you can paste it to the different terminals
I had a similar issue and some folks who took the tests mentioned that this was mentioned in the questions to use docker. At least I didn’t see it in the question, have you tried docker if crictl was not working? do you guys think this was intentional? This is such a fundamental that crictl is not configured correctly.
Hello, I just passed the CKS exam yesterday, indeed crictl wasn’t present, but at the beginning of the exam or at some time there were some messages when it said that docker is present and not crictl, personally I used docker ps -a and docker inspect $container_id one or two times at the exam and everything worked properly.
IMPORTANT: don’t forget to be on the correct node where the containers are present (after kubectl get po -owide) and don’t forget to be root to have full docker access in order for the commands to work properly
So, basically, you need to try both to see which one is working, in the end the commands are the same only the executable is different crictl or docker. I also recommed CKS Simulator from killer.sh (2 free 36h active sessions from linuxfoundation) after Certified Kubernetes Security Specialist (CKS) and CKS - Challenges from KodeKloud to have a full preparation for the exam, good luck!
I would have been cleared provided the environment was friendly, and if the proctor haven’t wasted time by constant pings. I started the exam and he wasted my first 5 mins checking something. I asked him to give those 5 mins back but he didn’t give me. That PSI environment sucks.