Kubestronaut Path 2026 Deep-Dive - CKA, CKAD, CKS, KCNA, KCSA and the CNCF Certification Ladder (Prometheus, Istio, Cilium, OpenTelemetry, Argo)

Intro — In May 2026, Kubestronaut has become the cloud-native diploma

The Kubestronaut program, first announced at KubeCon Paris in January 2024, has crossed 20,000 holders worldwide as of May 2026. The title — awarded only to people who simultaneously hold valid CKA, CKAD, CKS, KCNA and KCSA certifications — has gone from "a cool patch" to a line item on senior SRE and platform engineering job posts in barely two years.

On top of that, the Golden Kubestronaut track (holding every active CNCF certification at once) introduced in late 2025, plus the six-plus associate exams that now exist, has turned cloud-native certification into a proper ladder. This post is not a marketing page — it covers actual exam environments, question patterns, prep hours, and salary impact honestly.

Kubestronaut at a glance — what, why, how

The Kubestronaut title is granted when you hold the five core CNCF certifications, run by the CNCF and proctored by the Linux Foundation, valid at the same time. Each cert has a typical two-year validity, and as of May 2026 every exam is delivered via PSI Bridge under online proctoring.

CKA — Certified Kubernetes Administrator. Cluster operator track.
CKAD — Certified Kubernetes Application Developer. Workload author track.
CKS — Certified Kubernetes Security Specialist. Security track. CKA is a prerequisite.
KCNA — Kubernetes and Cloud Native Associate. Entry track.
KCSA — Kubernetes and Cloud Native Security Associate. Entry security track.

Kubestronauts get one free CNCF exam voucher per year, a limited-edition jacket and patch, hall-of-fame listing on the Linux Foundation site, and access to a dedicated lounge at CNCF events. The free voucher is effectively a 600 USD per year benefit, so this is more than a vanity title.

The ladder — Associate, Professional, Specialty

CNCF certifications are organized into three tiers.

Associate: KCNA, KCSA, PCA (Prometheus), ICA (Istio), CAPA (Cilium), OTCA (OpenTelemetry), CGOA (Argo). 90 minutes, multiple choice, 75% to pass.
Professional: CKA, CKAD, CKS. Two hours, hands-on terminal. Passing score 66% for CKA/CKAD, 67% for CKS.
Specialty: CCSCA (Certified Cloud Security Specialist) and other senior tracks added in 2026.

The table below is the cleanest summary.

Cert	Tier	Time	Format	Pass	Fee (USD)
KCNA	Associate	90 min	60 MC	75%	250
KCSA	Associate	90 min	60 MC	75%	250
PCA	Associate	90 min	60 MC	75%	250
ICA	Associate	90 min	60 MC	75%	250
CAPA	Associate	90 min	60 MC	75%	250
OTCA	Associate	90 min	60 MC	75%	250
CGOA	Associate	90 min	60 MC	75%	250
CKAD	Pro	2 hr	Hands-on terminal	66%	445
CKA	Pro	2 hr	Hands-on terminal	66%	445
CKS	Pro	2 hr	Hands-on terminal	67%	445
CCSCA	Specialty	2 hr	Hands-on terminal	67%	545

Fees are list price. Around KubeCon and Black Friday, 40-50% discount coupons go out, and Linux Foundation bundles (one exam plus training course) land around 595 USD.

KCNA — the ABCs of cloud native

KCNA starts from "why use Kubernetes at all". Domain weighting is:

Kubernetes Fundamentals 46%: control plane, workloads, scheduling, services and networking.
Container Orchestration 22%: runtimes, security, networking.
Cloud Native Architecture 16%: autonomy, resilience, microservices, serverless.
Cloud Native Observability 8%: metrics vs logs vs traces.
Cloud Native Application Delivery 8%: GitOps, CI/CD.

A typical KCNA question is conceptual: "Which of the following best describes the sidecar pattern?" There are no hands-on tasks, so the CNCF free docs plus 12-16 hours of KodeKloud video usually clears it. KCNA's real value is less the certificate itself and more that it forces you to standardize vocabulary before CKA.

KCSA — Cloud-native security entry exam

KCSA was added in late 2023 as the entry-level security exam. Its domains are:

Overview of Cloud Native Security 14%: the 4C model (Cloud, Cluster, Container, Code).
Kubernetes Cluster Component Security 22%: API server, etcd, kubelet, kube-proxy hardening.
Kubernetes Security Fundamentals 22%: RBAC, Pod Security Standards, Network Policy, Secrets.
Kubernetes Threat Model 16%: attack surface analysis.
Platform Security 16%: supply chain, image signing, policy engines.
Compliance and Security Frameworks 10%: NIST 800-190, MITRE ATT&CK for Containers.

Think of KCSA as roughly "half of CKS". CKS is hands-on whereas KCSA is multiple choice, which makes it the right warmup. It's the second associate I recommend after KCNA.

CKA — the classic operator track

CKA is the oldest exam in the family. The September 2024 V1.31 refresh shifted the weighting to:

Cluster Architecture, Installation and Configuration 25%
Workloads and Scheduling 15%
Services and Networking 20%
Storage 10%
Troubleshooting 30%

That 30% troubleshooting is the heart of the exam. Recurring scenarios:

A node is NotReady. Diagnose and recover. (kubelet service, kubeconfig path, container runtime.)
A Pod is Pending. (Taint/Toleration, node selectors, resource shortage.)
A Service refuses connections. (Endpoints, kube-proxy iptables, NetworkPolicy.)
etcd backup and restore. (etcdctl snapshot save/restore.)

The standard CKA skill set looks like this.

alias k=kubectl
export do='--dry-run=client -o yaml'
export now='--grace-period=0 --force'

k create deployment web --image=nginx:1.27 --replicas=3 $do > web.yaml
k apply -f web.yaml

k get pods -A -o wide --sort-by=.spec.nodeName

k describe pod failing-pod | sed -n '/Events/,$p'

k drain node-2 --ignore-daemonsets --delete-emptydir-data
sudo systemctl status kubelet
sudo journalctl -u kubelet -n 200 --no-pager

The alias k=kubectl and export do='--dry-run=client -o yaml' macros are the canonical time-savers. You have to clear 15-20 questions in two hours, so finger automation decides whether you pass.

CKAD — the application developer track

CKAD pivots away from cluster ops and toward building and shipping workloads. As of May 2026 the domains are:

Application Design and Build 20%: Job, CronJob, init containers, multi-container patterns.
Application Deployment 20%: Deployment strategies, Helm, Kustomize.
Application Observability and Maintenance 15%: probes, logging, monitoring.
Application Environment, Configuration and Security 25%: ConfigMap, Secret, SecurityContext, ServiceAccount.
Services and Networking 20%: Service, Ingress, NetworkPolicy.

The typical CKAD workflow is: scaffold a Pod YAML via dry-run, then edit fields quickly.

apiVersion: v1
kind: Pod
metadata:
  name: web
  labels:
    app: web
spec:
  containers:
    - name: web
      image: nginx:1.27
      ports:
        - containerPort: 80
      readinessProbe:
        httpGet:
          path: /
          port: 80
        initialDelaySeconds: 3
        periodSeconds: 5
      livenessProbe:
        httpGet:
          path: /
          port: 80
        initialDelaySeconds: 10
        periodSeconds: 10
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits:
          cpu: 500m
          memory: 256Mi

If CKA is "rescue the cluster", CKAD is "ship a well-behaved workload".

CKS — the security track, hardest of the five

CKS requires CKA as a prerequisite. The late-2024 V1.30 curriculum domains are:

Cluster Setup 10%: CIS Benchmark, kubelet hardening, kube-apiserver flags.
Cluster Hardening 15%: least-privilege RBAC, ServiceAccount.
System Hardening 10%: host OS, AppArmor, seccomp.
Minimize Microservice Vulnerabilities 20%: Pod Security Standards, sandboxing (gVisor, Kata Containers), Secrets.
Supply Chain Security 20%: image verification, Cosign, SBOMs, admission controllers.
Monitoring, Logging and Runtime Security 20%: Falco, audit logging.

A canonical CKS scenario: "Attach a gVisor RuntimeClass to the Pod below and add a NetworkPolicy that denies all egress except to a PostgreSQL backend."

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-egress-default
  namespace: payments
spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
        - namespaceSelector:
            matchLabels:
              tier: data
      ports:
        - protocol: TCP
          port: 5432

apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
  name: gvisor
handler: runsc
---
apiVersion: v1
kind: Pod
metadata:
  name: untrusted-app
spec:
  runtimeClassName: gvisor
  containers:
    - name: app
      image: registry.internal/untrusted/app:1.0

Add "now write a Falco rule that fires on it" and the question is complete. The Falco DSL skeleton looks like this.

- rule: Shell in Container
  desc: Detect interactive shell spawn inside container
  condition: >
    spawned_process and container and
    proc.name in (bash, sh, zsh)
  output: >
    Interactive shell launched in container
    (user=%user.name container=%container.id image=%container.image.repository)
  priority: WARNING
  tags: [container, shell, mitre_execution]

CKS is not a memorization exam — you need to have actually written Pod Security Standards, Network Policies and Falco rules on a blank page. Average prep time is 80-120 hours.

The associate ladder — PCA, ICA, CAPA, OTCA, CGOA, CCSCA

Across 2025 and 2026, CNCF added an associate certification per graduated project.

PCA (Prometheus Certified Associate): PromQL, recording rules, alerting rules, exporters, federation, remote_write.
ICA (Istio Certified Associate): VirtualService, DestinationRule, Gateway, AuthorizationPolicy, mTLS, telemetry v2.
CAPA (Cilium Associate): eBPF datapath, CiliumNetworkPolicy, Hubble, ClusterMesh.
OTCA (OpenTelemetry Certified Associate): SDK, Collector, exporters, OTLP, trace/metric/log signals.
CGOA (Argo Certified Associate): Argo Workflows, Events, Rollouts, CD; GitOps patterns.
CCSCA (Certified Cloud Security Specialist): 2026 hands-on security specialty. CKS's senior counterpart.

All associate exams share the same shape — 60 multiple choice, 90 minutes, 75% to pass. If you've used the tool in production for at least a quarter, 30-50 hours of prep lands you at the passing line.

Golden Kubestronaut — every CNCF cert at once

Golden Kubestronaut is awarded to anyone holding the five Kubestronaut certs, six-plus associates, plus the Linux Foundation LFCS/LFCT — every active CNCF-adjacent certification at once. As of May 2026 the global count is under 200.

Additional perks include:

Gold jacket and a separate patch.
VIP seating at KubeCon main keynotes.
Automatic CNCF Ambassador nomination.
Free vouchers for every cert each year.

Golden Kubestronaut is more about signalling within the cloud-native ecosystem than practical value. For senior SRE and platform engineering hires at large firms, it's a fast indicator that "this person genuinely goes deep".

Exam environment — PSI Bridge, ID checks, the whiteboard rule

In late 2024 Linux Foundation migrated all CNCF exams from ExamsLocal to PSI Bridge. As of May 2026 every CNCF exam runs on PSI Bridge with these rules:

Check-in opens 15 minutes before start. One government-issued photo ID is mandatory (passport recommended).
During the exam the desk may hold only a computer, keyboard, mouse and one glass of water. No paper, no pens.
A whiteboard is built into the exam UI — that's where your notes go.
A 360-degree room scan with the camera is required. Looking away from the screen or audible background noise triggers a warning or disqualification.
The only external content allowed is kubernetes.io, kubernetes.io/blog, and github.com/kubernetes, in a single browser tab, plus the docs search inside the exam UI.

Plenty of candidates miss the one-tab rule. Opening a new tab or window mid-exam is immediate disqualification. Train ahead of time to keep the kubectl reference, the official cheat sheet and docs search within that one tab.

Exam tips — clearing 17 questions in two hours

CKA, CKAD and CKS are all hands-on terminal exams, so time allocation decides outcomes.

First 5 minutes: skim every question and flag the high-value, low-effort ones. Each question's weight is shown as a percentage on the right.
Aliases (10 seconds): alias k=kubectl, export do='--dry-run=client -o yaml', export now='--grace-period=0 --force', source <(kubectl completion bash).
vimrc (20 seconds): ~/.vimrc with set ts=2 sw=2 et ai. Broken YAML indentation invalidates the answer.
Use kubectl explain: if you can't recall an API field, run kubectl explain pod.spec.containers --recursive.
Context switch commands: every task displays a context-switch command at the top. Running commands on the wrong cluster scores zero.
Double-check at the end: even after submitting, verify each answer twice. For CKS, write the verification command that proves the policy actually fires.

CKA usually has 17-20 tasks, CKAD 14-17, CKS 15-18. To stay safe you need to finish each task in 5-9 minutes.

Study material — Killer Shell, KodeKloud, A Cloud Guru, LF Training

As of May 2026 the most cost-effective combination is the following stack.

Linux Foundation Training: the official course. One exam plus the bundled training is roughly 595 USD. Pacing is gentle but it covers every domain.
KodeKloud: highest praise across Korea, India and the US. Mumshad Mannambeth's course is effectively the de facto industry standard.
Killer Shell: simulator provided free with every Linux Foundation exam registration. About 1.3x harder than the real thing.
A Cloud Guru / Pluralsight: video first. Better for KCNA and KCSA than for CKA.
CNCF Curriculum repository: the official domain PDF. Updated quarterly.
udemy "CKA with Practice Tests": the Udemy version of the same KodeKloud course — same content, cheaper.

Recommended flow: KodeKloud for concepts, the official CNCF PDF to gap-check, then two passes of Killer Shell. People who hit 80% on Killer Shell almost always clear the real exam.

Prep hour guide — first year vs fifth year

Realistic prep ranges based on field experience look like this.

Cert	1-2 yr	3-5 yr	Senior	Notes
KCNA	30-50h	12-20h	6-12h	concept review
KCSA	40-60h	20-30h	12-20h	halve it with prior security work
CKAD	80-120h	40-70h	25-40h	includes dry-run + Kustomize practice
CKA	120-160h	70-100h	40-60h	real-cluster troubleshooting time
CKS	100-140h	70-100h	50-80h	Falco/OPA/Trivy labs included
PCA	40-60h	20-30h	12-20h	PromQL is the core
ICA	60-80h	30-50h	20-30h	mTLS and traffic management labs
CAPA	60-80h	30-50h	20-30h	eBPF concepts + CiliumNetworkPolicy
OTCA	50-70h	25-40h	15-25h	Collector configuration labs
CGOA	50-70h	25-40h	15-25h	Argo CD / Rollouts labs

Hours combine lab time, video and mocks. Video alone does not build the muscle memory needed in the terminal.

Korean community — KCD Seoul, Kubernetes Korea User Group

Roughly 380 Kubestronauts are based in Korea as of May 2026. Anchor communities:

Kubernetes Korea User Group (K8s Korea): facebook.com/groups/k8skr, around 17,000 members, monthly meetups.
KCD Seoul: the Seoul edition of the official CNCF KCD series. November 2025 drew 1,400 attendees.
CNCG Seoul/Busan: regional chapters in Busan and Daejeon. Lively exam-postmortem chats.
OpenInfra Day Korea: broader infra event but with a sizable K8s/CNCF track.
NHN Forward, AWS Community Day, Naver DEVIEW: enterprise conferences with Kubernetes tracks.
inflearn / fastcampus: domestic Korean-language video courses. A useful entry point if KodeKloud English is a hurdle.

K8s Korea's Slack has a channel dedicated to within-24-hour postmortems after sittings. Members share difficulty and domain trends without breaking NDA on actual questions.

Japanese community — CNDT, KCD Tokyo, JKD

Japan has been running CloudNative Days Tokyo (CNDT) since 2018, roughly 1-2 years ahead of Korea's cloud-native conference scene.

Cloud Native Days Tokyo / Summer (CNDT/CNDS): every autumn and summer. CNDT 2024 drew 2,800 attendees.
KCD Tokyo: first held in 2024 as part of the official CNCF KCD series.
Japan Container Days (JKD): predecessor of CNDT, still alive as a sub-event.
Cloud Native Community Japan (CNCJ): the umbrella organization. The #cncj Slack channel is active.
OpenStack Days Tokyo: where the Kubernetes track now dominates.

The Japanese market has a large SIer footprint, so Kubestronaut holders quickly become the internal Kubernetes champion. SoftBank, LINE, CyberAgent, ZOZO, Yahoo Japan and Rakuten all subsidize cert costs as part of in-house learning budgets, with full reimbursement on pass.

Salary impact — how much does Kubestronaut move your pay

A certification alone does not set your salary. That said, the data consistently shows holders earn 12-22% more than equivalent non-holders.

Market	1-3 yr	4-7 yr	8+ yr	Source
US (remote)	110-140k USD	160-220k USD	240k USD+	Stack Overflow Developer Survey 2025
EU	65-85k EUR	90-130k EUR	140k EUR+	KodeKloud State of K8s 2025
Korea	65-85M KRW	95M-140M KRW	150M KRW+	Jobplanet + Wanted 2025
Japan	7-9M JPY	11-15M JPY	16M JPY+	doda IT/Engineer 2025
India (remote)	18-28L INR	35-55L INR	60L INR+	KodeKloud Survey 2025

The 2024 CNCF Survey reports that 67% of Kubestronaut holders received a raise or new job within 12 months of certification. Self-selection probably inflates that number, so treat the +12-22% range as the safer anchor.

kubectl workflow — finger automation that wins the exam

In hands-on exams, what separates a pass from a fail is how fast you produce a working answer. Memorize these patterns until they're automatic.

# Pod / Deployment / Service / Ingress scaffolds
k run nginx --image=nginx:1.27 --port=80 $do > pod.yaml
k create deployment api --image=api:1.0 --replicas=3 --port=8080 $do > deploy.yaml
k expose deployment api --port=80 --target-port=8080 --type=ClusterIP $do > svc.yaml
k create ingress api --rule="api.example.com/*=api:80" $do > ing.yaml

# Job / CronJob
k create job hello --image=busybox:1.36 -- /bin/sh -c "echo hi; sleep 5" $do > job.yaml
k create cronjob nightly --image=busybox:1.36 --schedule="0 2 * * *" -- /bin/sh -c "echo nightly" $do > cron.yaml

# ConfigMap / Secret
k create configmap app-cfg --from-literal=ENV=prod --from-file=app.properties $do > cm.yaml
k create secret generic db-cred --from-literal=DB_USER=app --from-literal=DB_PASS=pa55w0rd $do > secret.yaml

# RBAC
k create serviceaccount deployer -n ci
k create clusterrole reader --verb=get,list,watch --resource=pods,deployments $do > role.yaml
k create clusterrolebinding deployer-reader --clusterrole=reader --serviceaccount=ci:deployer $do > rb.yaml

Combine these with the do and now environment variables, kubectl explain and kubectl get -o jsonpath, and roughly 90% of answers will flow out of your fingers.

Helm, Kustomize and GitOps — beyond CKAD

The exam is kubectl-centric but production isn't. Helm, Kustomize and Argo CD/Flux are taking up more and more space across the CNCF certification ladder.

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: prod
commonLabels:
  app: payments
  env: prod
resources:
  - ../../base
patches:
  - target:
      kind: Deployment
      name: payments
    patch: |-
      - op: replace
        path: /spec/replicas
        value: 8
      - op: replace
        path: /spec/template/spec/containers/0/image
        value: registry.internal/payments:1.42.0
images:
  - name: payments
    newTag: 1.42.0
configMapGenerator:
  - name: payments-cfg
    literals:
      - ENV=prod
      - REGION=apne2

# Helm basics
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install pg bitnami/postgresql --version 15.5.20 -n data --create-namespace \
  --set auth.username=app --set auth.password=pa55w0rd

# Argo CD App definition (declarative GitOps)
kubectl apply -n argocd -f - <<'YAML'
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: payments-prod
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/org/payments.git
    path: deploy/overlays/prod
    targetRevision: main
  destination:
    server: https://kubernetes.default.svc
    namespace: prod
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
YAML

CKAD doesn't drill deep on Helm or Kustomize, but CGOA (Argo), OTCA and any senior production role require them.

Security tooling — Falco, OPA Gatekeeper, Kyverno, Trivy

CKS leans heavily on four tools:

Falco: runtime intrusion detection on eBPF-monitored syscalls.
OPA Gatekeeper: Rego-based admission policies.
Kyverno: YAML-friendly admission policies. Easier to read for non-Rego users.
Trivy: image, IaC and SBOM scanning. From Aqua Security.

A short Kyverno policy looks like this.

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-nonroot
spec:
  validationFailureAction: Enforce
  background: true
  rules:
    - name: check-runAsNonRoot
      match:
        any:
          - resources:
              kinds: ["Pod"]
      validate:
        message: "Pods must set runAsNonRoot=true"
        pattern:
          spec:
            securityContext:
              runAsNonRoot: true

If you can write a policy like this from scratch in the exam terminal, you are clearly above the CKS passing line.

Observability track — Prometheus, OpenTelemetry, Istio

PCA, OTCA and ICA form a tight cluster. Cloud-native observability splits into three pillars (metrics, traces, logs), and the standards are Prometheus, OpenTelemetry, and OpenSearch/Loki.

PCA: PromQL 24%, instances/scrape 18%, alerting 18%, instrumentation 16%, ops/deployment 14%, other 10%.
OTCA: distributed tracing concepts 22%, the OTel Collector 28%, SDK/API 20%, OTLP 12%, conventions 18%.
ICA: traffic management 30%, security 25%, observability 15%, install/upgrade 20%, customization 10%.

A handful of PromQL one-liners cover most of PCA.

# 1-minute request rate
rate(http_requests_total[1m])

# 5xx ratio
sum(rate(http_requests_total{code=~"5.."}[5m]))
  / sum(rate(http_requests_total[5m]))

# p99 latency
histogram_quantile(0.99,
  sum by (le)(rate(http_request_duration_seconds_bucket[5m])))

# Node disk projection (will it fill in 24h?)
predict_linear(node_filesystem_avail_bytes{mountpoint="/"}[6h], 86400) < 0

Read and write these comfortably and PCA is essentially a sure thing.

Scheduling the run — 6 months to all five certs

A standard 6-month plan to clear the full Kubestronaut sequence looks like:

Weeks 0-4: KCNA. KodeKloud 12 hours plus the official PDF plus Killer Shell free tier.
Weeks 5-8: KCSA. After KCNA, reinforce security. 30-50 hours.
Weeks 9-16: CKAD. About 100 hours. Two-hour Killer Shell session every Saturday.
Weeks 17-22: CKA. 120-160 hours. One mock exam per week.
Weeks 23-26: CKS. 100-140 hours. Book it immediately after CKA passes so the vim and k muscle memory is still warm.

Once all five are valid simultaneously, the Kubestronaut title is granted automatically. Processing usually takes 3-5 business days.

Common pitfalls — time management, the one-tab rule, answer verification

Five recurring failure patterns to avoid:

Bad time allocation: spending 30 minutes on question one and running out for the rest. Skip hard tasks immediately and circle back at the end.
One-tab violations: some kubernetes.io links auto-open in a new tab. Always navigate within the same tab.
Broken YAML indentation: without the vimrc settings, an answer can grade as zero. Type the one-line vimrc within the first 30 seconds.
Skipping verification: writing a policy without checking it actually fires loses points. Lean on kubectl auth can-i and kubectl run --rm -it test --image=busybox.
Wrong context: every task switches the cluster. Run the context command shown at the top, every single time.

Avoiding these five alone visibly raises pass rates.

Conclusion — certs are the starting line, operational experience is the real value

Kubestronaut is less "a marathon you breeze through if you're already good" and more "external pressure that forces you to study Kubernetes systematically". Working through CKAD, CKA and CKS forces RBAC, Pod Security Standards, NetworkPolicy, image signing, GitOps and observability concepts into muscle memory.

The certificate itself doesn't set your salary. But a 12-22% comp delta at equivalent experience, plus 67% of holders receiving a raise or new job within 12 months, is hard to ignore. More importantly, the cloud-native ecosystem has already started sorting people along this ladder. By late 2026 the associate certifications will be preferred attributes for new graduate hires, and Kubestronaut will be the default signal for senior SRE roles.

References

CNCF Certifications Overview — https://www.cncf.io/training/certification/
Kubestronaut Program — https://www.linuxfoundation.org/kubestronaut
CNCF Curriculum Repository — https://github.com/cncf/curriculum
CKA Exam Curriculum — https://github.com/cncf/curriculum/blob/main/CKA_Curriculum_v1.31.pdf
CKAD Exam Curriculum — https://github.com/cncf/curriculum/blob/main/CKAD_Curriculum.pdf
CKS Exam Curriculum — https://github.com/cncf/curriculum/blob/main/CKS_Curriculum_v1.30.pdf
KCNA Exam Curriculum — https://github.com/cncf/curriculum/blob/main/KCNA_Curriculum.pdf
KCSA Exam Curriculum — https://github.com/cncf/curriculum/blob/main/KCSA_Curriculum.pdf
Killer Shell Simulator — https://killer.sh
KodeKloud — https://kodekloud.com/
Linux Foundation Training — https://training.linuxfoundation.org/
Learn CNCF — https://learn.cncf.io/
Kubernetes Documentation — https://kubernetes.io/docs/
Cilium Documentation — https://docs.cilium.io/
Istio Documentation — https://istio.io/latest/docs/
OpenTelemetry Documentation — https://opentelemetry.io/docs/
Argo Project — https://argoproj.github.io/
Prometheus Documentation — https://prometheus.io/docs/introduction/overview/
Falco Documentation — https://falco.org/docs/
Kyverno — https://kyverno.io/docs/
OPA Gatekeeper — https://open-policy-agent.github.io/gatekeeper/website/
Trivy — https://trivy.dev/
KCD Seoul — https://community.cncf.io/kcd-seoul/
KCD Tokyo — https://community.cncf.io/kcd-tokyo/
Cloud Native Days Tokyo — https://cloudnativedays.jp/
Stack Overflow Developer Survey 2025 — https://survey.stackoverflow.co/2025

Subscribe to the newsletter if this was useful