I sat the Kubernetes and Cloud Native Associate (KCNA) and passed. KCNA is the entry-level CNCF certification - it covers Kubernetes fundamentals and the wider cloud native landscape at a conceptual level, and it is the natural first step before the hands-on CKA, CKAD, and CKS exams.

It is a multiple-choice exam, so it rewards knowing what the pieces are and how they relate, not hands-on kubectl skill. If you already work with Kubernetes, a lot of this will be familiar, so calibrate the prep to what you already know.

For more content on other relevant certifications, check Certifications.

The exam at a glance

Questions60
Time90 minutes
FormatMultiple choice, online proctored
Passing score75%
Cost250 USD (two attempts included)
Validity2 years

The pass mark is a flat 75%, not a scaled score, so the smaller domains still count - do not leave them to chance.

The four domains

KCNA has four domains. The percentages are the share of scored content, straight from the official curriculum - the bigger the share, the more of your study time it deserves. Note the curriculum was restructured: older guides reference a five-domain version, so calibrate against the current one below.

Kubernetes Fundamentals (44%)

By far the largest domain, and the core of the exam. The Kubernetes architecture, the main resources, and how you interact with a cluster. If you only have time for one area, this is it.

Focus areas:

  • Kubernetes architecture - control plane vs node components
  • Core resources - Pods, Deployments, ReplicaSets, Services, namespaces
  • Configuration - ConfigMaps and Secrets
  • kubectl basics and the API-driven, declarative model
  • Containers and the container runtime (CRI)

Container Orchestration (28%)

The second-largest domain. Why orchestration exists and how Kubernetes does it - scheduling, networking, storage, and security at a conceptual level.

Focus areas:

  • Scheduling and how Pods land on nodes
  • Networking model - Services, the CNI, Pod-to-Pod communication
  • Storage - volumes, persistent volumes, the CSI
  • Container security and the runtime ecosystem
  • Service mesh and the role it plays

Cloud Native Application Delivery (16%)

How cloud native software gets built and shipped. CI/CD, GitOps, and the packaging tools you would meet around Kubernetes.

Focus areas:

  • CI/CD fundamentals in a cloud native context
  • GitOps and declarative delivery
  • Packaging - Helm and templating
  • Application delivery patterns and rollout strategies

Cloud Native Architecture (12%)

The wider landscape around Kubernetes. Autoscaling, serverless, open standards, and the roles and personas in the cloud native world. Conceptual, breadth-first.

Focus areas:

  • Autoscaling - horizontal vs vertical, cluster autoscaling
  • Serverless and event-driven concepts
  • Open standards and the role of the CNCF
  • Observability concepts - metrics, logs, traces (Prometheus, OpenTelemetry)
  • Community, governance, and personas

Concepts to know well

For KCNA you need to recognise what each piece is and what it is for, not how to configure it:

ConceptKnow this about it
PodSmallest deployable unit; one or more containers sharing network and storage
DeploymentDeclarative rollouts and scaling of stateless Pods via ReplicaSets
ServiceStable networking endpoint for a set of Pods; ClusterIP, NodePort, LoadBalancer
kube-apiserverThe control plane front door; everything goes through the API
etcdThe cluster's key-value store of record
kubeletNode agent that runs and reports on Pods
kube-schedulerDecides which node a Pod runs on
ConfigMap / SecretNon-sensitive vs sensitive configuration injected into Pods
CNIPluggable networking layer for Pod connectivity
HelmPackage manager for Kubernetes applications
PrometheusThe default cloud native metrics and monitoring project
kubectlThe CLI you use to talk to the API server

Easy things to mix up

These are the distinctions the exam likes to probe. Knowing the boundary between a pair is usually the whole question:

  • Deployment vs StatefulSet vs DaemonSet - Deployments for stateless replicas, StatefulSets for stable identity and storage, DaemonSets for one Pod per node.
  • Service types - ClusterIP is internal only, NodePort exposes a port on every node, LoadBalancer provisions an external load balancer.
  • ConfigMap vs Secret - both inject configuration, but Secrets are for sensitive data and are base64-encoded (not encrypted by default).
  • Liveness vs readiness vs startup probes - liveness restarts a stuck container, readiness gates traffic, startup protects slow-starting apps.
  • Requests vs limits - requests are what the scheduler reserves, limits are the hard ceiling the runtime enforces.
  • Labels vs annotations - labels are for selecting and grouping objects, annotations are for non-identifying metadata.
  • Control plane vs node components - api-server, scheduler, etcd, and controllers run the cluster; kubelet, kube-proxy, and the runtime run the workloads.
  • Container vs container runtime - the container is the running unit, the runtime (containerd, CRI-O) is what runs it via the CRI.

Resources

KCNA is conceptual, so a structured course plus practice questions covers most of it. You do not need to spend much.

Essential

  • KCNA Curriculum (CNCF) - the syllabus. The domains and their weights tell you exactly what is in scope.
  • LFS250: Kubernetes and Cloud Native Essentials - the Linux Foundation’s own course, written to the KCNA curriculum. The closest thing to an official study path.
  • KodeKloud KCNA course - the most recommended third-party prep, with hands-on labs and practice questions. Pick this or LFS250 if you want one guided path.
  • A throwaway cluster to poke at - minikube, kind, or a free Killercoda sandbox - plus the kubectl Quick Reference. Even on a conceptual exam, touching the objects makes them stick.

Useful

Skip if you are tight on time

  • Community write-ups like How to Ace the KCNA, and Pass the KCNA Exam - good for orientation and a second pass over the topics, but they overlap with the course and curriculum. Pick one, skim the rest.

Notes

  1. Verify the curriculum version. KCNA was restructured to four domains - plenty of older guides still teach the five-domain layout, and the weightings have shifted.
  2. This is a breadth exam. Know what each piece is for and how the control plane and nodes fit together; do not go deep on any single object.
  3. Even though it is multiple choice, a few hours with kubectl on a throwaway cluster makes the concepts far more concrete than reading.
  4. The cloud native landscape questions reward knowing the flagship CNCF projects by what they do - Prometheus for metrics, Helm for packaging, etcd for state.
  5. KCNA is the on-ramp to the hands-on CNCF exams. If CKA or CKAD is next, treat this as the groundwork for them.