Introduction
I had somewhat hinted at this in my previous post “What’s the Point of Certifications in 2025?”.
I successfully passed all 5 “official” CNCF / Kubernetes certifications, which should grant me (it’s not official yet, apparently it takes some time) the coveted (or not?) title of Kubestronaut.
And since this was a long-term side project (I started the full journey in 2025), I’m offering a little feedback on how I experienced it.
Note: many people have already shared their experience, and there are already great articles from the Cloud Native community. I’ll try not to repeat too much.
What Are These Certifications Again?
The 5 official CNCF Kubernetes certifications are:
- KCNA (Kubernetes and Cloud Native Associate): entry-level certification that validates basic concepts of Kubernetes and cloud native
- KCSA (Kubernetes and Cloud Native Security Associate): entry-level certification focused on security concepts in Kubernetes
- CKA (Certified Kubernetes Administrator): practical certification that validates cluster administration skills
- CKAD (Certified Kubernetes Application Developer): practical certification that validates application development skills on Kubernetes
- CKS (Certified Kubernetes Security Specialist): advanced practical certification that validates cluster security skills (prerequisite: CKA)
Why Kubestronaut?
First, for those who don’t know me, I’ve been a Kubernetes expert since 2017/2018, so I could have had these certifications, or at least a subset of them, for a long time. But having always worked for end clients (so no consulting, whether freelance or at a consulting firm, where having a certificate can provide some additional legitimacy to land a client), I never felt the need.
I won’t lie and say I didn’t WANT to have them at all. It’s always nice to know that the CNCF has officially validated that you know what you’re talking about (even though, in reality, the validated skills are debatable. We’ll talk about that later). But the prohibitive price (at least if I had to pay out of pocket) had always put me off.
The Money
Because YES, it costs a pretty penny (to put it politely).
- Count $445 each for CKA, CKAD, CKS
- $250 each for KCNA / KCSA
How will the CKA benefit me?
- Credential Recognition
- Career Advancement
- Networking Opportunities
- Cross-industry Career Opportunities
Source: https://training.linuxfoundation.org
That’s all well and good, but it still adds up to more than €1500. Fortunately, you can count on very regular promotions and bulk pricing through bundles to reduce the pain.
The goal is to find the best Bundle + promo combination to save the most, and apparently now, the best I’ve found is to buy during “Cyber Monday week” (-50/-60% depending on bundles), and separately purchase the KCNA+KCSA bundle at -60% and CKA+CKAD+CKS also at -60% (the bundle with all 5 is less attractive because it’s capped at -50%)
Which totals just over €600 (still quite a bit).
From there, you have 1 year to pass all 5 certifications (but you can do it in 2 rounds. That’s what I did by taking the CKx at the end of 2024, and the KCxA in 2025).
Note: My employer paid for my CKx certifications, with the idea of motivating juniors to seriously pursue these certifications. Without that, I probably would never have done it.
Process and Difficulty
I won’t present the exams in the order I took them, but rather in the order of difficulty they’re usually presented. Because, in hindsight, I find it’s fairly representative, from my point of view, of their actual difficulty.
KCNA: a general knowledge MCQ on Cloud Native. Really, paying $250 for this is robbery. It’s really everything I hate about certifications (which I talked about in the article on technical certifications). Out of the 60 questions, there’s always only one correct answer and you can “guess” 3/4 just by eliminating the wrong answers, often ridiculous. To me, KCNA has no technical value. I got 97%, which corresponds to 2 errors out of 60, probably ambiguous questions or wrong answers where I looked for “too complicated” (the simplest answer is correct, you have to ignore edge cases that only experts would know). I finished it in 30 minutes instead of 90.
KCSA: a slightly tougher MCQ. I went in without preparation as well, and I got a decent score (93%, 4 mistakes). Some questions gave me more trouble. There are one or two questions about the “NIST SP 800-161 Rev. 1” that I didn’t know, and 4-5 questions where I saw 2 “mediocre” plausible answers, without being able to distinguish between them because in my opinion they weren’t 100% accurate. It could be an English comprehension issue on my part, or just that I’m not as good as I think. 93 is still very respectable, considering you’re allowed 15 mistakes. I finished it in 50 minutes because I spent a lot of time thinking about those ambiguous questions.
CKAD: one of the two historic certifications. Being a Certified Kubernetes Application Developer makes you someone capable of “designing, building, and deploying cloud native applications.” What’s great about the CKx is that they are practical exams. You have a list of ~17 simple tasks to complete in 2 hours on virtual machines. If you succeed, it means you’re technically capable of performing real tasks on real clusters, not just that you’ve crammed. The downside is that the tasks to perform are extremely far from the reality of tasks you actually do: creating YAML manifests for deployments and Kubernetes services by hand. Nobody does that (at least, I hope?). In terms of difficulty, I may have been lucky, but I found it trivial. I finished it in 1 hour instead of 2 and got nearly 100%.
CKA: the other historic certification. Again, 17 exercises to manipulate applications in Kubernetes and also play a bit with control plane components (notably the api-server and etcd). A small setback here: I did well on the simulators (we’ll talk about that), but I couldn’t finish everything within the 2 hours and got a fairly mediocre score (71%). Beyond the previous knowledge needed for CKAD, you need to have a very good understanding of clusters created with kubeadm since you’ll be manipulating and modifying 17 clusters created this way.
CKS: the last practical certification (aside from MCQs), but with a focus on security compared to CKA/CKAD. This one truly has value in my opinion. It’s both complex, with a fairly wide range of aspects to master, and most importantly useful, because it covers realistic security topics, regardless of the cluster. Unlike CKA/CKAD, you really leave with skills you can imagine using in production in a more realistic scenario than the provided kubeadm clusters.
Aside: PSI Proctored Exam
Really one of the things I hate most about these certifications. Unlike other tech certifications that can be taken either at home under supervision or in a room managed by a specialized organization, CNCF certifications can ONLY be taken remotely via “proctored exam.”
Let’s not mince words, the experience is disastrous. I can’t count the feedback I’ve had from people who lost a “try” due to software bugs or other technical problems. Personally, I had to test several machines to find one that worked with their garbage “secure browser.” And that’s only because I started early enough and did the test beforehand.
That, plus having to have a closed room available, without papers/posters, without cameras, without screens, which you’ll have to tour by sweeping from bottom to top at 360° to prove to the examiner that “no, we’re not going to cheat.”
It would be so much simpler to have partner exam centers, but no, the LF maintains that “it’s for our own good.” I had to take all 5 exams in my son’s room, on a board and 2 trestles, because it was the only room that was suitable. I’ve read about people doing it in their bathroom… What a nightmare.
Aside: killer.sh
It’s somewhat hidden, but all CKA/CKAD/CKS exams give access to 2 practice exams on the killer.sh website. Really, I can ONLY recommend that you do them, because they are very useful.
On one hand, they are similar in difficulty depending on the case, or even much harder. If you get a good score on killer.sh, there’s a good chance you’ll pass your CKA/AD/S.
And since there are 2 runs, you can start by testing one run, see what you did wrong (you have access to each run’s platform for 36 hours, that gives you time to tryhard to get 100%) and know what to review afterwards. Once you’re confident, you can do the 2nd run and confirm that you’re ready to take the real exam.
If you don’t have enough “runs,” you can always look for other simulators, like sailor-sh/CK-X. As for KCNA/KCSA, there are also many quizzes that have been generated on the fly using LLMs but they’re rarely high quality and the questions are very different, as well as “pirate” sites with authentic questions. It’s up to you to decide what you think about that.
What I Already Knew vs What I Learned
KCNA / KCSA: I learned nothing. These are basic MCQs that serve no purpose and demonstrate no skills on a resume.
CKAD: I didn’t learn much, except for a few kubectl subcommands that save time, like kubectl expose, or some details about how Kubernetes API lifecycles are managed. Since a large part of the exam consists of generating YAML manifests for the various Kubernetes APIs, it’s important to know all the kubectl create subcommands and also know when it’s faster to search for a ready-to-use manifest in the official documentation and copy/paste it.
CKA: In addition to the previous recommendations, there are a few tricks to know (which I already knew), like not forgetting to save all the static manifests present in /etc/kubernetes/manifests/ to another folder because it’s easy to break the cluster and lose all points for the question. You also need to know how to quickly find where container logs are stored with containerd to debug when the API server is down, not hesitate to restart the kubelet to save time in case of crashloop backoff, and know how to manipulate data in etcd with etcdctl. Again, I’m really skeptical about the day-to-day usefulness, unless you’re managing clusters created with kubeadm in production (which I haven’t done for a long time).
CKS: There are quite a few differing opinions on the usefulness of the CKS among those who have taken it. Everyone agrees that it’s hard (it’s true). It’s the most demanding, I was sweating bullets when I took it, and I had to do some revision on some topics I didn’t know. It’s also the only one where I really feel like I learned useful things (etcd encryption, apparmor/seccomp revision/discoveries). One of the points highlighted as negative is that it requires knowing a minimum about third-party projects like falco / trivy / cilium / istio, which goes beyond the strict scope of Kubernetes and drifts into other projects (which have their own certifications, by the way). Personally, I didn’t find it “shocking,” but I understand the concern for an official Kubernetes certification.
Conclusion / Would I Do It Again?
It depends on the question. I’m not a “CNCF ambassador” so I won’t hesitate to say what I think.
If it’s about KCNA/KCSA, it’s a big NO. They serve absolutely no purpose.
If the question is “will I retake the CKx certifications when they expire,” it’s almost certain that no.
Unless I go freelance / work at a consulting firm (not planned at all) and it would be useful (remains to be proven, in my opinion my resume has more value), I don’t see any advantage to retaking them, only disadvantages. Honestly, the “proctored exam” experience was too painful, and KCNA/KCSA have no value in my eyes.
If it’s a thought exercise like “let’s imagine, we go back to 2024, would you do it again,” the answer is probably “yes,” with conditions.
I said it above, my employer paid for the CKx certifications, with the idea that I, “the old guy,” would motivate the “young ones” who also had their certifications paid for, to take them.
And that was really fun: doing it as a group and “competing against each other.” It worked pretty well actually, I passed each certification first, but they ended up getting better scores than me (I find it funny, they’re happy to have beaten the “old guy”).
So between the cost being covered on one hand, and the collaboration / team growth aspect, it was worth it.