Hello Team,
I’m going to take the CKS exam very soon. I have the following questions.
- Can I use an external Monitor extended from my Laptop?
- About the topic of Kubernetes security best practice. Where can I get information about security best practices for Dockerfile, Deployment file? ( I couldn’t see this topic in KodeKloud CKS course).
- About the Falco configuration. How can I omit the priority field from my log file? for example
priority: NONE
First of all, make sure you read the Community FAQ, which has a lot of info about the exam. Once you’ve done that…
- You can only use one monitor, and it can be an external monitor. How you set that up depend upon whether you are using Windows or a Mac. See the Community FAQ for details.
- Besides what you have in the CKS mock exams, you might also find KillerCoda’s CKS scenarios helpful, a couple of which deal with this issue.
- If you have a question like this, you’ll need to delete the priority field from the output manually, since the output will have the priority field and a mess of other output that might not be according to what a question asks of you.
Good luck. The exam is a vicious bear
Hi Rob,
Removing the priority field is not allowed.
root@controlplane ~ ➜ journalctl -fu falco
Apr 17 00:33:09 controlplane falco[15584]: 1 Errors:
Apr 17 00:33:09 controlplane falco[15584]: In rules content: (/etc/falco/falco_rules.local.yaml:0:0)
Apr 17 00:33:09 controlplane falco[15584]: rule ‘Write below binary dir’: (/etc/falco/falco_rules.local.yaml:30:2)
Apr 17 00:33:09 controlplane falco[15584]: ------
Apr 17 00:33:09 controlplane falco[15584]: - rule: Write below binary dir
Apr 17 00:33:09 controlplane falco[15584]: ^
Apr 17 00:33:09 controlplane falco[15584]: ------
Apr 17 00:33:09 controlplane falco[15584]: LOAD_ERR_YAML_VALIDATE (Error validating internal structure of YAML file): Item has no mapping for key ‘priority’
Apr 17 00:33:09 controlplane systemd[1]: falco.service: Main process exited, code=exited, status=1/FAILURE
Apr 17 00:33:09 controlplane systemd[1]: falco.service: Failed with result ‘exit-code’.
Here is the output
00:41:32.049673926: Error 00:41:32.049673926,0,tar -xmf - -C /
I want to remove 00:41:32.049673926: Error and keep only “%evt.time,%user.uid,%proc.cmdline”
Okay, I got it. You mentioned to delete it manually from an output file.
If you need to make further changes to the output of falco that are not possible with the rule format, e.g. remove the timestamp or priority, then sed
is your friend. You will lose loads of time trying to edit the content of the log output in vi
, unless you know lots of vi
tricks.
A good understanding of basic Linux shell commands can save a lot of time in CKS exam.
sed is indeed your friend. Although knowing Visual Mode editing in vim should be another one of your exam buddies
Thank you for your great help. I also have questions about this topic in kodekloud.
Am I right to understand that the connection between kube-apiserver and etcd is already TLS by default as I see the following parameters in kube-apiserver.yaml
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379
but to do so due to specify cipher suites to follow the exam question?
It is already mTLS
The explanation on what cipher suites are and how they’re used is in the article (I wrote it )
You can use any of the labs to experiment with setting cipher parameters.