Yes, the CKS exam is really difficult. I just passed CKS on Monday only with the passing grade (67%). I think I failed the dockerfile analysis.
I saw few “easy” questions. I had 16 questions, so 7min 30seconds to answer each. It’s not enough, if you have to constantly consult the Kubernetes docs, like I had to.
While I got 95% last June on the CKA exam. The difference is practice. You have to practice, practice, practice. Previously, I obsessively practiced CKA for at least 6 months after finishing the course. (It was way too much.) This time, I took only a few weeks to review with the CKS Study Guide on DevOpsCube, then took a long 4 days weekend to practice and do the Killer Shell mock exam. It was brutal, and was a good preparation for the exam. It threw me a couple of curve balls which took me completely off guard. Each session is active for 36 hours, that helps. But it was almost not enough in my case.
Sadly, I found the CKS course labs were not enough. There are no labs for some subjects, and the OPA one is outdated and its content is not covered in the video.
I tried the CKS Challenges, but I got blocked on the first question. I had to scan images with trivy, but trivy could not download vulnerability databases from Github because the KodeKloud infrastructure had reached the free limit on the Github API. So trivy failed. I know I could have used a personal access token, but I was rather ticked off.
If you got time before your next attempt, I suggest first practicing with the Killercoda playgrounds, specifically the Killer Shell CKS scenarios. Some scenarios cover cases for which there are no labs in the CKS course. Do them many times so it becomes second nature. Then use the Killer Shell mock exam to practice: you have two free attempts with the exam purchase. That way, the commands will come automatically to you. If you don’t have a KodeKloud Pro subscription (so no access to playgrounds), you could use the Killercoda playgrounds to practice on your own, that’s what I did. (And sometimes used kind or k3d locally.)
Alistair has good tips, I often use k explain
instead of relying on the docs. For example, to check what securityContext
options are available on a pod, and which are only on containers. Mumshad’s course on JSONPATH is also a must, with a lot of practice, and it helped me a little. However, for Falco logs, I find it easier to override a policy so it formats the logs like it was required. I still have to use awk
or cut
to remove unwanted text, though. To use sed
, you must be proficient with regular expressions; and I find sed
pretty tricky, compared with Regular Expressions libraries for different programming languages. It also have an unorthodox syntax for character classes.
Good luck. I am so happy I don’t have to go through that a second time.