Linux Foundation CKS glossary of hardening, admission, runtime terms, traps, and decision cues.
Use this glossary when Certified Kubernetes Security Specialist (CKS) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| Service account | Kubernetes identity used by pods and automation. |
| Admission controller | API server plugin or policy layer that validates or mutates requests. |
| Pod security | Controls that restrict risky pod settings such as privileged mode or host access. |
| Network policy | Rules controlling pod ingress and egress traffic. |
| Audit log | Record of Kubernetes API activity for investigation and compliance. |
| etcd | Key-value store backing Kubernetes cluster state. |
| Pair | How to separate them |
|---|---|
| Cluster security model vs Identity and RBAC | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.