Errata

Certified Kubernetes Security Specialist (CKS) Study Guide

Errata for Certified Kubernetes Security Specialist (CKS) Study Guide

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date submitted Date corrected
Page Protecting Node Metadata and Endpoints
Table 2-1. Inbound control plane node ports

The Kubernetes API server port is 6443, not 6643.

See kubernetes.io/docs/reference/networking/ports-and-protocols/#control-plane

 Chris Devine  Nov 13, 2023 
Page Cluster Setup: Exam Essentials
5th paragraph

"Know where to find the hash file and how to use a validation tool to identify if the binary has been tempered with" should read "been tampered with."

 Chris Devine  Nov 13, 2023 
Page page 25, Creating the TLS Certificate and Key
First paragraph of section, the openssl req command

The cert is created for domain accounting.tls with the command
“openssl req -nodes -new -x509 -keyout accounting.key -out accounting.crt \
-subj "/CN=accounting.tls”

Then later the certificate is used for an ingress accessed with a different domain name accounting.internal.acme.com

“kubectl create ingress accounting-ingress \
--rule="accounting.internal.acme.com/*=accounting-service:80, \
tls=accounting-secret" -n t75”

For better consistency the certificate should be created with domain name accounting.internal.acme.com
“openssl req -nodes -new -x509 -keyout accounting.key -out accounting.crt \
-subj "/CN=accounting.internal.acme.com”

 Carlos Santana  Jan 11, 2024