K8s-RTA-Exam Review. Hello there! 👽

Hello there! 👽

Some time ago — to be exact, since 2024 — I started noticing the growth of microservices due to cloud-related topics. Even though it’s not my area, I felt curious to explore more about it, especially Docker and Kubernetes. I am not a specialist nor do I master both technologies. What I can tell you is that, from the security side, it’s common to deal with these topics not only in CTFs. Last year, I had to work on an incident involving abnormal increases in an Azure account using its managed Kubernetes, and it is important to understand how Docker and K8s work.

Before giving you my review about the certification, I want to give you a brief overview of why K8s and microservices are important. Note: I won’t go deep into it since it’s quite a complex topic to understand at first, and it can branch out into many more areas such as internal configurations, networking, security, and more.

So… What Exactly Are Docker and Kubernetes?

🐳 Docker (the container part)

Docker is a tool that lets you “package” an application with everything it needs to run — like its code, libraries, and settings — into something called a container. Think of it as a lunchbox: no matter where you take it (your laptop, a server, or the cloud), the food inside (your app) will taste the same. It solves the classic problem of “it works on my machine but not on yours.”

And…

☸️ Kubernetes (the organizer)

Kubernetes, often called K8s, is like the manager of many lunchboxes (containers). Imagine you have not one but hundreds of containers running your app. Kubernetes helps you organize, scale, and keep them healthy. If one container breaks, Kubernetes replaces it. If more people use your app, Kubernetes automatically adds more containers to handle the traffic.

👉 In short:

• Docker = builds and runs containers.
• Kubernetes = manages lots of containers at scale.

The above is a short description that ChatGPT helped me summarize since I’m not an expert on the topic. If you are in Cloud Security or a Pentester, you really don’t need to go too deep into it, but you should at least know the minimum basics — as with any technology — because sooner or later we will face it, not as “devs” but as security specialists.

Let me tell you that before all this breakdown, I personally did dive a bit deeper using platforms like KodeKloud, Whizlabs, Cloud Academy and Udemy, paying for monthly subscriptions or one-time courses to understand and practice labs on Docker first, and later Kubernetes. And yes, as you read, you should study and understand Docker before jumping into K8s. It’s not a hard rule, but essentially Kubernetes was born out of containers.

There are different container technologies, not just Docker, but Docker has been the most popular. You don’t need to know them all, just the basics: installation, simple configurations like listing images, creating images, stopping and deleting them. I’m sure you’ve already used it in CTFs/Job — it’s very popular — and today many tools can be run in a containerized mode and easily destroyed afterward.

Once you understand Docker, the next step is to learn Kubernetes — an orchestrator for containers at scale. Imagine you run Naabu in a Docker container to scan ports for a domain; now imagine that same idea but with hundreds of applications running in docker containers for example (pentester mindset).

In the dev and infra/DevOps world, there are compatibility problems between apps that require specific library or software versions. For a company to run a functional application, those apps need to work together — that’s where containers come in. But it’s not just 10 containers; it can be 20, 50, or even hundreds. Containers are often replicated, and if one is destroyed another is created — that’s where the concept of replicas comes in.

I won’t go into detail here, but network segmentation and communication between pods also matter. This is exactly the point where Docker (or Docker Compose — often seen as a “mini Kubernetes” for small apps) is no longer enough, and you need a more powerful orchestrator called Kubernetes (or K8s for short). In the DevOps world, it’s a major tool, and many developers keep it in their toolkit to stand out.

As a pentester or cloud security specialist, we’re more interested in how to verify that everything is running securely: that permissions and service accounts have the minimum required privileges, and that credentials like tokens and certificates aren’t exposed in a way that could let attackers compromise users.

I’ll leave you some links about academies and videos where you can learn, as DevOps, how to configure Docker and Kubernetes:

Additionally, I’m sharing the link to the Kubernetes certification. If you’re interested in becoming an expert in the future, it’s important to know that in order to take the Kubernetes security certification, you must first obtain the administrator one:

Well, for now I’ll leave the explanation and resources here — let’s dive straight into the CWL K8s-RTA certification…

Lab Architecture Image:

The following architecture is provided by the academy:

The architecture looks pretty good and gives us an idea of the initial attack path.

Pricing Plan:

The certification costs 99 dollars, but I got it at a lower price thanks to a discount from the academy. They frequently offer promotions to support the community, so don’t worry if you don’t find a discount at the moment — you’ll likely see one in the future. Just make sure to keep an eye on their social media, since that’s where they usually post them, in addition to their official website:

Syllabus:

The syllabus shows us the following, which are basic but very important topics in pentesting. They don’t go any deeper because it isn’t necessary if you only need to audit a cluster or come across exposed credentials:

Prerequisites:

You’re probably wondering if, even without much knowledge about Docker or K8s, you’re still fit to take it. I can tell you that yes, you can definitely do it. Of course, if you already have some knowledge, that will always help. As a tip, on their new Infinity platform they offer several Kubernetes pentesting labs, and since they are guided labs, you learn a lot. I’ve taken them myself and they indeed helped me move forward with this cert. But don’t worry — it’s a mid-level certification, not an advanced one:

Certification Procedure:

The certification is not time-locked; you can do it at your own pace. It’s based on flags that you answer, and when you finish it gives you the certificate. That said, the lab has a duration of approximately 30 days, so it’s not completely infinite — make sure you can study and complete the lab within that time. However, with the videos and PDF material you’ll have plenty to study and understand which commands you need to run:

Exam Experience:

For me, it was a fun certification that I had been waiting for, and it’s a topic I enjoy — not as a dev, but as a pentester. Enumerating Kubernetes and performing lateral movements is quite fun. Two years ago, it felt like a heavy and difficult subject to understand, so I focused on studying through academies to become DevOps. I lost some time but gained extra knowledge. When I say “lost time” I mean that much of what I learned back then was advanced material I won’t really use unless I change roles or jobs.

That’s why it’s important to ask close friends what you should study and what is truly worth it. Nowadays, I value my time much more and focus it on what’s really useful for me and what I can practice at work. At the same time, it’s also valid to learn new topics — we won’t use everything, but knowledge never hurts. On the contrary, it enriches you!

It took me less than a week to finish the lab. I don’t remember the exact number of days, but around five. I got stuck in a rabbit hole that was more about enumeration, but I managed to get out of it. I was dedicating just a few hours per day while also reading the PDFs and watching the videos. I recommend focusing on the documentation and not only on the videos — that’s where I realized I didn’t have all the commands I needed. It’s really just a matter of analyzing what you have and what you can do.

In conclusion, this is an introductory certification that is quite challenging and a great way to start doing pentesting in K8s. The price is affordable, and there’s no reporting — only flags — so it’s a good fit if you’re working on heavy projects and your time is limited. That’s something to appreciate, especially when you already have multiple reports to write at work. With that said, I hope this reading has been useful to you, and that the course and lab help you sharpen your K8s skills! 💪

Happy Hacking!!! 🏴‍☠️