TechPracticeExams
← Back to all articles
KCNAKubernetesCloud NativeCNCFCertificationStudy Guide

Getting Started with KCNA

9 May 2026·7 min read·By Jacob
25% off
$9.99$7.49
one-time payment
Start practising →

Lifetime access · No subscription

7-day money-back guarantee

One-time offer for KCNA Practice Exams! Expires in

15:00
  • Practice question sets with real exam scenarios
  • Detailed explanations for every answer, right or wrong
  • Topic mode to drill specific exam domains
  • Exam simulator timed to match the real exam format
Use codeat checkout

The Kubernetes and Cloud Native Associate (KCNA) is the CNCF's entry-level certification for the cloud native ecosystem. It validates foundational knowledge of Kubernetes, container orchestration, cloud native observability, and application delivery practices. Unlike the CKA or CKAD, the KCNA is a multiple-choice exam with no hands-on component. It's designed for people who are new to Kubernetes and want to demonstrate they understand the fundamentals before moving into more advanced certifications or roles.

If you're starting your cloud native journey, the KCNA is a solid first step. It builds the vocabulary and conceptual foundation you'll need for the hands-on Kubernetes certifications.

Exam Overview

DetailValue
Exam codeKCNA
Questions60
Time90 minutes
Passing score75%
FormatMultiple choice
Cost$250 USD (includes one free retake)

The KCNA includes one free retake if you don't pass on your first attempt. That's a generous policy compared to most certification vendors and reduces the financial risk of attempting it before you're fully ready.

Exam Domains

DomainWeight
Kubernetes Fundamentals46%
Container Orchestration22%
Cloud Native Architecture16%
Cloud Native Observability8%
Cloud Native Application Delivery8%

Kubernetes Fundamentals at 46% is by far the dominant domain. If your Kubernetes knowledge is shaky, no amount of CNCF ecosystem knowledge will compensate. Get the Kubernetes core down first.

Core Concepts to Master

Kubernetes Architecture

Understand the two-tier architecture of a Kubernetes cluster:

Control plane components: the kube-apiserver (all communication goes through it), etcd (the cluster's key-value store for all state), kube-scheduler (assigns pods to nodes), kube-controller-manager (runs built-in controllers), and cloud-controller-manager (integrates with cloud provider APIs).

Node components: kubelet (runs on every node; ensures containers described in PodSpecs are running), kube-proxy (maintains network rules on nodes), and a container runtime (containerd or CRI-O).

Know how components communicate: almost everything goes through the kube-apiserver. Direct etcd access is only for the apiserver.

Core Kubernetes Objects

These appear throughout the exam. Know what each does and how they relate:

  • Pod: smallest deployable unit; one or more containers sharing a network namespace and storage volumes
  • Deployment: manages ReplicaSets; provides declarative rolling updates and rollbacks for stateless applications
  • StatefulSet: manages stateful applications with stable network identities and ordered pod management
  • DaemonSet: runs exactly one pod per node; used for node-level services like log collectors and monitoring agents
  • Service: stable network endpoint for a set of pods; four types: ClusterIP, NodePort, LoadBalancer, ExternalName
  • ConfigMap: stores non-sensitive configuration data as key-value pairs
  • Secret: stores sensitive data; base64-encoded by default (not encrypted unless you configure encryption at rest)
  • Namespace: logical cluster partitioning; resource quotas and RBAC policies can be scoped per namespace
  • PersistentVolume (PV) and PersistentVolumeClaim (PVC): PV is a storage resource in the cluster; PVC is a request for storage by a pod

Kubernetes Networking

Understand the four networking problems Kubernetes solves:

  1. Container-to-container communication inside a pod (shared network namespace)
  2. Pod-to-pod communication across nodes (flat network model; all pods can reach each other)
  3. Pod-to-service communication (services provide stable IPs via kube-proxy)
  4. External-to-service communication (NodePort, LoadBalancer, Ingress)

The Container Network Interface (CNI) is the plugin standard for implementing pod networking. Common CNI plugins include Calico, Flannel, Cilium, and Weave. The KCNA doesn't test CNI plugin internals but expects you to know what CNI is and why it exists.

Container Fundamentals

Kubernetes orchestrates containers. Know the container model:

  • Containers package an application and its dependencies into an isolated, portable unit
  • Container images are built from Dockerfiles (or similar) and stored in container registries
  • OCI (Open Container Initiative) defines the image and runtime specifications; containers don't require Docker specifically
  • containerd and CRI-O are the dominant Kubernetes-compatible container runtimes; Docker was deprecated as a Kubernetes runtime

Cloud Native Architecture Principles

The Cloud Native Computing Foundation defines cloud native as applications that are containerised, dynamically scheduled, and managed via microservices. The KCNA expects familiarity with:

  • Microservices: breaking applications into small, independently deployable services
  • Immutable infrastructure: replacing rather than modifying running instances; containers support this naturally
  • Declarative configuration: specifying desired state rather than imperative steps; Kubernetes YAML manifests are declarative
  • The Twelve-Factor App methodology: twelve practices for building portable, scalable applications

Cloud Native Observability

The three pillars of observability and the tools associated with each:

  • Metrics: numerical measurements over time. Prometheus is the CNCF standard for Kubernetes metrics. Grafana is commonly used for dashboards.
  • Logs: timestamped event records. Fluentd and Fluent Bit are common log aggregation tools in the CNCF ecosystem.
  • Traces: records of request paths through distributed systems. Jaeger and OpenTelemetry are the primary tracing tools.

OpenTelemetry (OTel) is increasingly the standard for instrument-once, export-anywhere observability data. The KCNA expects you to know that OTel provides a vendor-neutral SDK and collector for metrics, logs, and traces.

Cloud Native Application Delivery

The exam covers GitOps and continuous delivery concepts at a foundational level:

  • GitOps: Git as the single source of truth for infrastructure and application state; changes are made via pull requests and applied automatically
  • Argo CD: the most common GitOps operator for Kubernetes; watches Git repositories and reconciles cluster state
  • Helm: the package manager for Kubernetes; packages applications as charts with templated manifests and configurable values
  • CI/CD: continuous integration builds and tests code; continuous delivery/deployment automates the path from code commit to running in production

Common Exam Traps

Secrets aren't encrypted by default: Kubernetes Secrets are base64-encoded, not encrypted. Base64 is an encoding scheme, not a security measure. You need to configure encryption at rest (via EncryptionConfiguration) and use RBAC to restrict Secret access to protect them properly.

Deployment vs StatefulSet: Deployments are for stateless applications where any pod is interchangeable. StatefulSets are for databases and other stateful workloads that need stable hostnames and ordered scaling. Candidates who use Deployment as the default answer for every workload type choose incorrectly on StatefulSet questions.

ClusterIP vs NodePort vs LoadBalancer: ClusterIP is internal-only; NodePort exposes on every node's IP at a static port; LoadBalancer provisions an external load balancer via the cloud provider. Ingress is a separate concept that routes HTTP traffic to multiple services using host and path rules.

OCI vs Docker: Docker created the container format but is no longer the only container runtime. OCI standardised the image and runtime specs. Kubernetes uses CRI (Container Runtime Interface) to talk to runtimes, and Docker is not a CRI-compatible runtime (though it uses containerd underneath).

Study Plan

WeekFocus
1Kubernetes architecture, control plane vs nodes, core objects
2Networking, storage, RBAC, namespaces
3Container fundamentals, cloud native architecture principles
4Observability tools, GitOps, application delivery, practice exams

If you can commit 1-2 hours daily, four weeks is comfortable. You don't need access to a live Kubernetes cluster for the KCNA, but working through basic kubectl commands on a local cluster (kind or minikube) will make the concepts much more concrete.

Final Thoughts

The KCNA rewards candidates who understand the why behind Kubernetes design decisions, not just the names of components. When you know why etcd exists, why pods share a network namespace, and why StatefulSets were added alongside Deployments, the exam questions feel logical rather than arbitrary.

Use this certification as a foundation. The CKA and CKAD build directly on KCNA-level knowledge, but with hands-on components that require real skill. Get the concepts solid here, and those certifications become significantly more accessible.

Start with our KCNA practice exams to see where your knowledge gaps are and what to prioritise in your study sessions.

Ready to test your knowledge?

KCNA Practice Exams

Put what you've learned to the test with practice questions that mirror the real exam.

Start Practising →

Related Articles

Free KCNA Practice Exams

2 min read

How Hard Is the KCNA Exam?

5 min read

← Back to all articles