Question about CKS exam preparation

wahthailand · April 17, 2024, 2:36am

Hello Team,
I’m going to take the CKS exam very soon. I have the following questions.

Can I use an external Monitor extended from my Laptop?
About the topic of Kubernetes security best practice. Where can I get information about security best practices for Dockerfile, Deployment file? ( I couldn’t see this topic in KodeKloud CKS course).
About the Falco configuration. How can I omit the priority field from my log file? for example
priority: NONE

rob_kodekloud · April 17, 2024, 3:52am

First of all, make sure you read the Community FAQ, which has a lot of info about the exam. Once you’ve done that…

You can only use one monitor, and it can be an external monitor. How you set that up depend upon whether you are using Windows or a Mac. See the Community FAQ for details.
Besides what you have in the CKS mock exams, you might also find KillerCoda’s CKS scenarios helpful, a couple of which deal with this issue.
If you have a question like this, you’ll need to delete the priority field from the output manually, since the output will have the priority field and a mess of other output that might not be according to what a question asks of you.

Good luck. The exam is a vicious bear

wahthailand · April 17, 2024, 4:43am

Hi Rob,

Removing the priority field is not allowed.
root@controlplane ~ ➜ journalctl -fu falco
Apr 17 00:33:09 controlplane falco[15584]: 1 Errors:
Apr 17 00:33:09 controlplane falco[15584]: In rules content: (/etc/falco/falco_rules.local.yaml:0:0)
Apr 17 00:33:09 controlplane falco[15584]: rule ‘Write below binary dir’: (/etc/falco/falco_rules.local.yaml:30:2)
Apr 17 00:33:09 controlplane falco[15584]: ------
Apr 17 00:33:09 controlplane falco[15584]: - rule: Write below binary dir
Apr 17 00:33:09 controlplane falco[15584]: ^
Apr 17 00:33:09 controlplane falco[15584]: ------
Apr 17 00:33:09 controlplane falco[15584]: LOAD_ERR_YAML_VALIDATE (Error validating internal structure of YAML file): Item has no mapping for key ‘priority’
Apr 17 00:33:09 controlplane systemd[1]: falco.service: Main process exited, code=exited, status=1/FAILURE
Apr 17 00:33:09 controlplane systemd[1]: falco.service: Failed with result ‘exit-code’.

Here is the output
00:41:32.049673926: Error 00:41:32.049673926,0,tar -xmf - -C /

I want to remove 00:41:32.049673926: Error and keep only “%evt.time,%user.uid,%proc.cmdline”

wahthailand · April 17, 2024, 4:44am

Okay, I got it. You mentioned to delete it manually from an output file.

Alistair_KodeKloud · April 17, 2024, 4:57am

If you need to make further changes to the output of falco that are not possible with the rule format, e.g. remove the timestamp or priority, then sed is your friend. You will lose loads of time trying to edit the content of the log output in vi, unless you know lots of vi tricks.

A good understanding of basic Linux shell commands can save a lot of time in CKS exam.

rob_kodekloud · April 17, 2024, 5:12am

sed is indeed your friend. Although knowing Visual Mode editing in vim should be another one of your exam buddies

Alistair_KodeKloud · April 17, 2024, 5:14am

github.com

kodekloudhub/community-faq/blob/main/docs/vi-101.md

# vi-101

**IMPORTANT** - The `vimium` chrome extension is known to cause issues with using vi in lab terminals due to the fact that it intercepts the keystrokes that the vi editor is expecting. The whole point of this extension is to use vi commands to drive the browser itself, therefore the vi inside the browser will never receive the commands!</br>If you have this extension, please disable it.

Other browser extensions may also cause issues, especially ones that add or change hot keys.

Real simple guide to the most important stuff with `vi` editor and questions commonly asked

* [I cannot type anything!](#i-cannot-type-anything)
* [I cannot exit vi](#i-cannot-exit-vi)
* [Modes](#modes)
* [Most useful normal mode commands](#most-useful-normal-mode-commands)
    * [Files](#files)
    * [Editing](#editing)
* [Suggested settings for YAML editing](#suggested-settings-for-yaml-editing)

*REMEMBER* Labs work best in Chrome. Firefox and Edge should be OK. Other browsers like Brave etc. are not verified so you shouldn't use them.

PRACTICE is king! Try out and get used to all these techniques in the KodeKloud labs so that they are second nature when you come to the exam.

This file has been truncated. show original

wahthailand · April 17, 2024, 5:24am

Thank you for your great help. I also have questions about this topic in kodekloud.

Am I right to understand that the connection between kube-apiserver and etcd is already TLS by default as I see the following parameters in kube-apiserver.yaml

- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379

but to do so due to specify cipher suites to follow the exam question?

Alistair_KodeKloud · April 17, 2024, 7:07pm

It is already mTLS

The explanation on what cipher suites are and how they’re used is in the article (I wrote it )

You can use any of the labs to experiment with setting cipher parameters.