What is a Kubestronaut?

The “Kubestronaut” title is a badge of honor that CNCF has been offering since March 2024 to Kubernetes professionals who have successfully passed all the Kubernetes certifications(CKA, CKAD, CKS, KCNA, KCSA). This term is meant to be used within the Kubernetes community to denote someone who has mastered the full spectrum of Kubernetes knowledge, from foundational concepts to application development to security. Apart from the catchy title itself, this programme brings 5 50% off discounts for other CNCF certifications, a “Kubestronaut” branded jacket, 20% off three CNCF events and a mention of you together with the other kubestronauts on the CNCF website.

Becoming a Kubestronaut

The world of Kubernetes is vast and constantly evolving, but there’s one thing that remains constant for professionals looking to demonstrate their expertise: the Kubernetes certification path. For those passionate about container orchestration, achieving Kubernetes certifications is a powerful way to validate skills and increase career opportunities. But what if you could conquer all the Kubernetes certifications and earn a special title that reflects your dedication? In the paragraphs below I will go chronologically through each certification I achieved together with the preparation and materials I covered.

CKAD

What It Is: The CKAD exam is designed for developers who want to showcase their skills in running applications on Kubernetes. It focuses on Kubernetes objects, application deployment strategies, and troubleshooting techniques for application containers. This, in my opinion, is the easiest certification (obviously excluding KCNA and KCSA).

How I Studied:

  • Followed the course together with the labs from Mumshad’s Kodekloud CKAD course. Completed the 2 killer.sh practice tests that come with the exam booking.
  • Focused on YAML manifests and Kubernetes Objects: Understanding the inner workings of Kubernetes resources like Pods, Deployments, Services, Service Accounts and ConfigMaps was crucial.
  • Kubernetes Official Docs: While the CKA and CKAD exams share some overlap, I paid particular attention to things like Helm charts, deployment rollout commands, setting environment variables and accessing secrets, which are more prevalent in the CKAD certification.
  • Practiced troubleshooting different scenarios: pods failing health checks, secrets not being mounted correctly, service not exposing the application as expected or pod crashing due to misconfigured resource limits.

CKA

What It Is: The CKA certification is often considered the foundation for anyone serious about working with Kubernetes in a production environment. It focuses on Kubernetes administration skills, covering topics like cluster architecture, installation, networking, storage, and troubleshooting.

How I Studied:

  • Hands-On Practice: Kubernetes is a hands-on technology, so my first step was to spend countless hours in a lab environment. I spun up multiple clusters using tools like Minikube and Kind, and I also got familiar with cloud providers’ managed Kubernetes services. Wrote a couple of scripts to spin up clusters using kubeadm.
  • Training Resources: Followed the course together with the labs from Mumshad’s Kodekloud CKA course. The official Kubernetes documentation is also an essential study resource. Completed the 2 killer.sh practice tests that come with the exam booking.

This cert requires you to have a good understanding of the Kubernetes internals. You will be asked to work with scenarios like backing up etcd and restoring it from an existing backup, upgrading the control plane version, fixing a node which is not in a ‘ready’ state or draining nodes.

CKS

What It Is: Security is paramount in cloud-native environments and the CKS certification tests your ability to secure Kubernetes environments and container-based applications. Topics range from securing the container lifecycle to implementing security policies and managing vulnerabilities.

How I Studied:

  • Secure Container Practices: Spent extra time studying container security, particularly best practices for building and scanning secure container images.
  • Networking & RBAC: Kubernetes has extensive security configurations, including role-based access control (RBAC) and network policies. Practiced setting up these features and configuring them to limit access to resources.
  • Security specific concepts: Reviewed the documentation about AppArmor profiles, pod security standards and seccomp.
  • Tools: Explored security tools such as Aqua Security, Kube-bench, and Falco to get a practical sense of security scanning in real Kubernetes environments.
  • Training resources: Followed the course together with the labs from Mumshad’s Kodekloud CKS course. Completed the 2 killer.sh practice tests that come with the exam booking.

Challenges with the above certs

There’s a lot to remember, especially in a timed, hands-on exam. You need to know how to troubleshoot quickly and efficiently, which meant I had to learn to work with the official Kubernetes documentation as my primary source of truth and find example manifests fast for configuring things like environment variables in a pod, persistent volume claims and accessing them from a pod or ingress objects.

KCNA & KCSA

These 2 certifications are meant to be entry level and to provide a high level overview of Kubernetes and the cloud native landscape. They will cover best practices for securing containerized workloads, deploying applications in Kubernetes, and ensuring effective application monitoring and observability. There are not any courses that will prepare you for these certifications however the Kubernetes documentation together with general awareness of the CNCF tools (Prometheus for metrics collection, Helm for Kubernetes package management, Jaeger for tracing, Opentelemetry for application observability, container runtimes and images standards, etc.) should be enough.

Personally I did not find a lot of value in these 2 certifications and I believe that most of the kubestronauts (me included) took them last so that they can get the kubestronaut title 😌.

Closing thought

Kubestronaut is a cool title to have and proves you were patient enough to go though the rigorous study and practice necessary to pass the exams. It also proves you were willing to spend a generous amount of money to cover the certifications and training costs (which can easily surpass $1500 even if you factor in the discounts for the bundles. Unless you could claim the costs from your employer, kubestronaut proves to be an expensive title 😊). As with any other certification, experience will always take precedence and can replace any certification. However, given the nature of the challenging job market these days, being a kubestronaut can give you a small competitive edge over other candidates and might place you in a pole position for that role you were dreaming for 🚀.