Certified Kubernetes Security Specialist Masterclass

Name: Certified Kubernetes Security Specialist Masterclass
Rating: 4.2 (58 reviews)

Certified Kubernetes Security Specialist Ultimate Preparation Guide Masterclass | Theory | Hands-on | Labs | Complete

Created byDeepak Dubey

Last updated 2/2026

English

What you'll learn

Use Network security policies to restrict cluster level access
Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
Properly set up Ingress objects with security control
Protect node metadata and endpoints
Minimize use of, and access to, GUI elements
Verify platform binaries before deploying
Restrict access to Kubernetes API
Use Role Based Access Controls to minimize exposure
Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
Update Kubernetes frequently
Minimize host OS footprint (reduce attack surface)
Minimize IAM roles
Minimize external access to the network
Appropriately use kernel hardening tools such as AppArmor, seccomp
Setup appropriate OS level security domains
Manage Kubernetes secrets
Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
Implement pod to pod encryption by use of mTLS
Minimize base image footprint
Secure your supply chain: whitelist allowed registries, sign and validate images
Use static analysis of user workloads (Kubernetes resources, Docker files)
Scan images for known vulnerabilities
Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
Detect threats within physical infrastructure, apps, networks, data, users and workloads
Detect all phases of attack regardless where it occurs and how it spreads
Perform deep analytical investigation and identification of bad actors within environment
Ensure immutability of containers at runtime
Use Audit Logs to monitor access

Course content

2 sections • 65 lectures • 13h 57m total length

CKS Exam Strategy, Tips & Tricks22:34
Master the cks exam by practicing 16 clusters, kubectl context switching, ssh into master or worker nodes, and expect one question on falco, app armor, or trivy.
Trivy Introduction6:10
Learn how to use Trivy for image scanning to detect high and critical vulnerabilities in containers, with exam-focused workflows for certified Kubernetes security specialist exam across Linux, macOS, and Windows.
Trivy - Scan Pods5:24
Extract Secrets & Save to a File4:47
Extract secrets from a Kubernetes secret and save them to a file using kubectl, showing jsonpath, template, and yq options, with base64 decoding for username and password.
gVisor Demo6:06
CIS Benchmarks for Hardening a Kubernetes Cluster11:42
Explore CIS benchmarks for hardening a Kubernetes cluster, learn to audit with kube-bench, identify fail steps, and implement remediation and configuration refinements to secure the control plane.
Fix Dockerfile and Deployment.yaml for any security vulnerabilities4:21
Enable Auditing10:07
Falco10:22
AppArmor13:08
Gatekeeper or Open Policy Agent12:32
PodSecurityPolicy8:29
Fix Incorrectly Specified ServiceAccount in a Pod, Create Role, Rolebinding etc.5:45
Create a question one service account in question one namespace, grant backend role for pods, namespaces, and config maps, bind a role binding, attach pod, and ensure no secret access.
Fix Overly Permissive Permissions for Pod's SA & Create SA, Role, Rolebindings6:06
Scenario Based Question - Admission Controller - Image Scanner7:03
Scenario Based Question - Network Policies - 16:39
Scenario Based Question - Network Policies - 25:21
Scenario Based Question - Verify Platform Binaries6:11
Verify platform binaries against sha512 checksums to ensure integrity of Kube API server, Kube controller manager, Kube proxy, and Kubelet, and delete corrupted binaries when checksums do not match.
Read Kubernetes Secrets from ETCD3:54
Create & Secure an Ingress12:28

YAML19:43
Explore YAML's purpose as a human-friendly data serialization format, contrast it with XML and JSON, and learn core syntax such as strings, numbers, booleans, nulls, dates, tags, blocks, and anchors.
Docker14:57
What and Why Kubernetes10:05
Kubernetes Core Architecture - Part 17:35
Explore Kubernetes core architecture, including control plane components like Kube API server, etcd, kube scheduler, kube controller manager, cloud controller manager, node components, add-ons, and networking for high availability clusters.
Kubernetes Core Architecture - Part 28:28
kubectl node commands24:39
Namespaces3:42
kubectl namespace commands14:37
Pods12:00
Explore the pod concept and lifecycle, including pods with multiple containers. Dive into Kubernetes networking, controllers, health checks, resource management, security, autoscaling, and logging.
kubectl pod commands23:33
Deployments5:36
kubectl deployment commands17:37
kubectl deployment commands - part 226:32
DaemonSets11:53
kubectl daemonsets commands11:03
Learn to manage kubernetes daemonsets with kubectl, including listing, describing, creating, applying, deleting, editing, and rolling updates; inspect YAML, monitor rollout status, and label resources for node targeting.
StatefulSets17:34
kubectl statefulset commands11:07
Jobs23:26
kubectl job and cronjob commands25:43
Learn to manage kubectl jobs and cron jobs with listing, describing, creating, and deleting across namespaces, generating YAML via dry runs, and configuring schedules, completions, and history limits.
Services9:33
kubectl service commands39:04
ConfigMaps9:13
kubectl configmap commands14:57
Secrets9:18
kubectl secrets commands16:22
Master kubectl secrets commands to list, describe, create (from literal, file, directory, dot env), patch, and manage TLS and docker registry secrets across namespaces.
Labels & Selectors7:11
Requests and Limits13:26
kubectl requests and limits commands12:24
Logging & Monitoring6:14
Explore Kubernetes logging and monitoring, including container, node, and control plane logs; learn log collection methods such as sidecar and centralized collectors, and tools like Prometheus, Grafana, and EFK stack.
Troubleshooting Clusters8:36
Taints & Tolerations9:26
kubectl taints & tolerations commands20:55
Kubernetes Storage13:28
kubectl storage commands16:55
Ingress18:51
Init Containers6:20
Environment Variables9:57
Commands & Arguments10:09
Explore how to define and override commands and arguments for Kubernetes containers, comparing Dockerfile entrypoint and CMD with Kubernetes command and args, and using environment variables and shell execution.
Service Accounts9:39
Explore Kubernetes service accounts, non-human identities for pods and system components, including namespace binding, portability, and cross-namespace access, plus credentials and authentication via JWTs and token review.
Security Context13:48
Static Pods8:44
Resources Quotas20:50
Limit Ranges16:47
Role Based Access Control (RBAC)32:01
kubectl rbac commands24:52

Requirements

Must know the basics of Kubernetes
Must have some hands on experience of Kubernetes
Ideally CKA or CKAD certified as that is also a prerequisite to take the CKS Exam

Description

Cluster Setup

Use Network security policies to restrict cluster level access
Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
Properly set up Ingress objects with security control
Protect node metadata and endpoints
Minimize use of, and access to, GUI elements
Verify platform binaries before deploying

Cluster Hardening

Restrict access to Kubernetes API
Use Role Based Access Controls to minimize exposure
Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
Update Kubernetes frequently

System Hardening

Minimize host OS footprint (reduce attack surface)
Minimize IAM roles
Minimize external access to the network
Appropriately use kernel hardening tools such as AppArmor, seccomp

Minimize Microservice Vulnerabilities

Setup appropriate OS level security domains
Manage Kubernetes secrets
Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
Implement pod to pod encryption by use of mTLS

Supply Chain Security

Minimize base image footprint
Secure your supply chain: whitelist allowed registries, sign and validate images
Use static analysis of user workloads (e.g.Kubernetes resources, Docker files)
Scan images for known vulnerabilities

Monitoring, Logging and Runtime Security

Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
Detect threats within physical infrastructure, apps, networks, data, users and workloads
Detect all phases of attack regardless where it occurs and how it spreads
Perform deep analytical investigation and identification of bad actors within environment
Ensure immutability of containers at runtime
Use Audit Logs to monitor access

Who this course is for:

Anyone wishing to learn about Kubernetes Security or want to pass the CKS Exam

Certified Kubernetes Security Specialist Masterclass

What you'll learn

Explore related topics

Course content

Introduction20 lectures • 2hr 49min

Core Kubernetes Concepts - Theory45 lectures • 11hr 9min

Requirements

Description

Who this course is for: