- You should already be familiar with Kubernetes core concepts and administration workflows (cluster architecture,
kubectl, scheduling, networking, storage, and troubleshooting). - If you have not completed the Certified Kubernetes Administrator (CKA) curriculum or you’re not confident with cluster administration, stop and complete CKA-level preparation first. The CKS builds on those fundamentals and focuses specifically on securing clusters, workloads, and runtime environments.

Prioritize the CKA-level skills (cluster architecture,
kubectl usage, control plane components, and troubleshooting) before attempting CKS-focused security tasks — the CKS assumes those fundamentals.- Is hands-on and timed.
- Uses multiple Kubernetes clusters, with a student node provided as your starting point. From there, you’ll SSH into other clusters and nodes as needed.
- Includes 16 realistic tasks covering cluster and workload security, runtime detection, supply chain protection, and incident response.

- Enforcing pod security standards and admission controls (e.g., Pod Security Admission, OPA/Gatekeeper).
- Implementing network segmentation and network policies.
- Applying least-privilege access with RBAC and service accounts.
- Managing secrets securely and validating encryption at rest.
- Runtime detection and response using tools such as Falco.
- Supply chain hardening with image scanning and SBOMs, e.g., Trivy.
- Node and control plane hardening using tools like kube-bench.
- Securing ingress and service-to-service traffic with TLS/mTLS and service mesh options such as Istio.

- Duration: 2 hours per mock exam (matches the real exam time constraints and pressure).
- Tasks per exam: 16 hands-on tasks that require command-line work, configuration edits, policy creation, and investigative troubleshooting.
- Environment: Multiple clusters and nodes; you will begin on a student node and connect to other targets as required.
- Candidates who have completed CKA-level training and are now focused on Kubernetes security.
- Engineers responsible for cluster security, DevSecOps professionals, and incident responders who need hands-on practice.
- Anyone preparing to pass the CKS and wanting realistic, timed practice with exam-style scenarios.
- Practical experience securing Kubernetes clusters end-to-end.
- Improved confidence responding to runtime incidents and hardening clusters.
- Familiarity with common security tooling and best practices required for the CKS.
- Certified Kubernetes Administrator (CKA) — KodeKloud
- Falco — runtime security
- Trivy — vulnerability scanner
- kube-bench — CIS benchmark checks
- Istio — service mesh with mTLS
- Kubernetes Documentation — Concepts and Tasks