The information and communication industry is a newly emerging industry in the past few decades, which has had a huge impact on our lives. The traditional shopping and travel methods have undergone tremendous changes, and our horizons have been broadened. You can understand the customs and customs around the world, all of which are inseparable from the development of information and communication technology. At the same time, in order to maintain the smooth operation of the society, the market also needs a large number of talents to support it. How to select talents, in addition to having excellent technology , You also need a professional certificate to prove yourself. The container certificate created by the Linux Foundation and the Cloud Native Computing Foundation (CNCF) is a certificate with high gold content.
Commonly tested subjects for container certificates
CKA Certification: The CKA certification exam was created by the Linux Foundation and the Cloud Native Computing Foundation (CNCF) to facilitate the continued development of the Kubernetes ecosystem. The exam is a remote online, proctored, practice-based certification exam that requires solving multiple tasks at the command line running Kubernetes. The CKA certification exam is designed for Kubernetes administrators, cloud administrators, and other IT professionals who manage Kubernetes instances.
CKS certificate:
CKS is a performance-based certification exam that tests candidates' knowledge of Kubernetes and cloud security in a simulated real-world environment. Earning a CKS certificate demonstrates that students have the necessary competencies to secure container-based applications and Kubernetes platforms at build, deploy, and run time, and are qualified to perform these tasks in a professional environment.
Container Exam Matters
1. CKA certificate
Examination Content:
Cluster architecture, installation and configuration: 25%
• Manage role-based access control (RBAC)
• Install a basic cluster using Kubeadm
• Manage highly available Kubernetes clusters
• Set up the infrastructure to deploy a Kubernetes cluster
• Use Kubeadm to perform version upgrades on Kubernetes clusters
• Implement etcd backup and restore
Workload and Scheduling: 15%
• Understand deployment and how to perform rolling updates and rollbacks
• Configure applications using ConfigMaps and Secrets
• Learn how to extend the application
• Understand the primitives used to create robust, self-healing application deployments
• Understand how resource constraints affect Pod scheduling
• Learn about inventory management and common templating tools
Services and Networks: 20%
• Understand host network configuration on cluster nodes
• Understand connectivity between Pods
• Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
• Learn how to use ingress controllers and ingress resources
• Know how to configure and use CoreDNS
• Choose the appropriate container network interface plugin
Storage: 10%
• Understand storage classes, persistent volumes
• Understand volume modes, access modes, and volume reclamation policies
• Understand persistent capacity declaration primitives
• Learn how to configure applications with persistent storage
Troubleshooting: 30%
• Evaluate cluster and node logs
• Learn how to monitor applications
• Manage container stdout and stderr logs
• Troubleshoot application failures
• Troubleshoot cluster component failures
• Troubleshoot network problems
Exam Mode: Online Exam
Exam time: 2 hours
Validity period of certification: 3 years
Software version: Kubernetes v1.27
Retake Policy: 1 retake is acceptable
Experience Level: Intermediate
2. CKS certificate
Examination Content:
Cluster installation: 10%
-
Use network security policies to restrict access at the cluster level
-
Check the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi) using CIS benchmarks
-
Properly setup Ingress objects with security controls
-
Secure Node Metadata and Endpoints
-
Minimize the use and access of GUI elements
-
Validate platform binaries before deploying
Cluster Enhancement: 15%
-
Restrict access to the Kubernetes API
-
Use role-based access controls to minimize exposure
-
Use service accounts sparingly, e.g. disable default settings, reduce permissions for newly created accounts
-
Update Kubernetes frequently
System Enhancement: 15%
-
Minimize the size of the host OS (reduce attack surface)
-
Minimize IAM roles
-
Minimize external access to the network
-
Appropriate use of kernel hardening tools such as AppArmor, seccomp
Microservice Vulnerabilities Minimized: 20%
-
Set up appropriate OS-level security domains, e.g. using PSP, OPA, security context
-
Manage Kubernetes secrets
-
Use container runtimes (eg gvisor, kata containers) in a multi-tenant environment
-
Pod-to-Pod encryption using mTLS
Supply chain security: 20%
-
Minimize base image size
-
Secure your supply chain: whitelist allowed registries, sign and verify images
-
Use static analysis of user workloads (e.g. kubernetes resources, Docker files)
-
Scan images for known vulnerabilities
Monitoring, logging, and runtime security: 20%
-
Perform behavioral analysis of syscall process and file activity at the host and container level to detect malicious activity
-
Detect threats in physical infrastructure, applications, networks, data, users and workloads
-
Detect all stages of an attack, no matter where it occurs or how it spreads
-
Conduct in-depth analytical investigation and identification of bad actors in the environment
-
Ensuring containers are immutable at runtime
-
Use audit logs to monitor access
Exam Mode: Online Exam
Exam time: 2 hours
Validity period of certification: 2 years
Software version: Kubernetes v1.27
Validity period: The test qualification is valid within 12 months from the date of test code registration
Retake Policy: 1 retake is acceptable
Experience Level: Intermediate