I've been interested in Kubernetes security for a while now. This interest still keeps growing and lately I seem to be getting involved with Kubernetes more and more, so I wanted to get certified in this. A quick search led to Certified Kubernetes Security Specialist, but I've decided that this is going to be a fun ride and it's best to start from the beginning. A few weeks back I've taken the exam and got certified for KCNA (Kubernetes and Cloud Native Associate).

Kubernetes Security World

It's a fascinating and an ever-evolving topic. What I like about it is that it encompasses Linux, container, API, network and web security topics. My journey with Kubernetes and container security started a few years back, but then it was on-and-off due to other priorites. I've poked at some clusters a number of times following NSA's hardening guide, launching BishopFox's Bad Pods and tools such as Peirates and kube-hunter. Recently I got more involved into the holistic picture of container security - which also includes things such as supply chain security, container registries, EKS cluster networking – things get even more interesting.

Preparing

I started with purchasing the exam and course bundle. I hesitated whether I should order the course, but curiosity won, as I've never tried any of the course materials from the Linux Foundation before. I was able to get a 40% discount from the original price of $299 because of a promo. I'd suggest finding a coupon online or just waiting for a while to see if any promo comes up.

I was quite happy with the course material, which was mostly text articles and a bit of video. It was concise but to the point; somehow catchy. I've gone through it three or four times.

Once I started thinking about the exam (which actually was right after going through the course materials for the first time), I looked up some reviews. This one is very good and covers all main points.

These are some good resources I've come across while going through the course as well as reading other blog posts about KCNA:

• CNCF Cloud Native Interactive Landscape - very cool map of different CNCF projects
• @memenetes - why not some good memes as a learning resource?
• Online Boutique - cloud-first microservices demo application
• Open Standards: Anchoring Extensibility for Cloud-Native Tooling - Katie Gamanji, CNCF - a nice overview of open standards relating to Kubernetes and cloud in general
• The Twelve-Factor App - a set of guides on how to develop a modern apps that run as a service

Before the exam I went through the course materials once again and played some more with cheatsheet and minikube.

Exam Experience

This was my first experience with "PSI Exams" proctored exam and it wasn't bad. Some questions did make me scratch my head and think "hmmm, was this in the learning materials?", but otherwise most of the multiple choice questions made sense. I ended the exam quite early and the next day got a message that I passed with a good score.

Overall Thoughts

This exam is comparable to AWS Certified Cloud Practitioner in a sense that it covers the basics and sets the path for further learning. It does what it needs to - demonstrates that the certified person knows how Kubernetes orchestration works at the basic level. In addition to that, the certification shed some more light on what is CNCF and how it operates. This cert should be a good prelude to CKA and CKS, which I'm definitely going to be taking sometime soon.