CKA vs CKAD vs CKS - Kubernetes Certifications in Practice

Kubernetes has ceased being a fad and has become the standard for container orchestration in production. If you work with microservices, internal platforms, or cloud infrastructure, sooner or later you’ll encounter K8s. And at that moment, the question arises: is it worth investing in a certificate? And if so, which one — CKA, CKAD or CKS?

The Cloud Native Computing Foundation (CNCF) offers three main Kubernetes certification paths. These are not theoretical multiple-choice test certificates, but practical examinations — you get access to a live cluster and two hours to solve real-world problems. This makes CNCF certificates particularly valuable in the job market: they confirm real skills, not the ability to guess answers.

If you’re wondering which certificate you need, here’s the short version: CKA is the choice for cluster administrators, CKAD for developers working with applications on K8s, CKS for those responsible for the security of Kubernetes environments. In this article, I’ll go through all three certificates, compare their scopes, difficulty, exam formats and help determine which one to start with. I’ll also talk about what preparation looks like and what EITT does to help teams prepare for these examinations.

Why do Kubernetes certifications matter in 2026?

Kubernetes is not a new technology — the project debuted in 2014 and has been the de facto standard in container orchestration for years. But what has changed in recent years is the scale of adoption and the depth of K8s integration in technology stacks. Kubernetes is no longer a technology for early adopters — it’s the foundation of internal platforms upon which entire development departments rely.

In 2026, Kubernetes is not just about container orchestration. It’s an abstraction layer for cloud infrastructure. Companies build internal self-service platforms for developers on it, implement GitOps, deploy operational automation and manage complex multi-cloud architectures. This change fundamentally raises the bar for competencies — it’s no longer enough to launch a cluster and deploy an application. You need to understand security, networking, storage, observability and production-scale operations.

And that’s precisely why CNCF certificates matter. Not because they’re “another certificate for the CV”, but because they represent verification of competencies that the market needs and which are not in surplus. The gap between demand for Kubernetes specialists and the availability of qualified people is not shrinking — as a result, holders of CKA, CKAD and CKS have markedly better salary ranges and stronger negotiating positions.

The second reason why these certificates are valuable is their format. CNCF deliberately abandoned multiple-choice tests in favour of practical examinations. On the CKA, you get access to a terminal and a Kubernetes cluster — you have 120 minutes to solve problems you would encounter in real work. This cannot be passed by “cramming” — you actually need to know how to manage a cluster. This distinguishes CNCF certificates from many other certification programmes, which can be passed with memorised knowledge of slides.

What is the CNCF certification ecosystem?

The Cloud Native Computing Foundation is a non-profit foundation that manages open projects in the cloud-native space — from Kubernetes through Prometheus and Envoy to Helm and many others. CNCF launched a certification programme to standardise the level of competency in the Kubernetes ecosystem and help organisations identify specialists with verified knowledge.

The CNCF certification ecosystem includes not only three main Kubernetes certificates (CKA, CKAD, CKS), but also a range of other programmes, such as KCNA (Kubernetes and Cloud Native Associate — entry-level certificate, theoretical), KCSA (Kubernetes and Cloud Native Security Associate), PCA (Prometheus Certified Associate), ICA (Istio Certified Associate) and KCA (Kubernetes and Cloud Native Associate). In this article, I focus on the three main K8s certificates, which have the greatest impact on career and earnings.

All CNCF certificates share common characteristics: they are vendor-independent (not tied to any cloud provider), based on upstream Kubernetes (the official, unmodified version), and practical (examinations require work in a real environment). This makes them particularly valuable — you’re not learning the specifics of one platform (like EKS, AKS or GKE), but Kubernetes fundamentals that work everywhere.

The examination format is consistent: online examinations, in proctored mode (supervision via camera and microphone), with access to official Kubernetes documentation. You can use the documentation, but not Google, Stack Overflow or your own notes. This is a realistic reflection of work — no one remembers all kubectl flags by heart, but you need to be able to navigate the documentation and quickly find the information you need.

The examination price is $395 for CKA, CKAD and CKS. The price includes one free retake — if you don’t pass on the first attempt, you have a second try at no additional cost. This lowers financial risk and provides psychological comfort: you don’t have to pass on the first attempt, you have a buffer.

Certificates are valid for 2 years from the date of passing the examination. After this time, you must pass the examination again (recertification), which enforces current competencies — Kubernetes evolves quickly, so knowledge from three years ago may already be outdated.

What is CKA (Certified Kubernetes Administrator)?

CKA is a certificate for people who administer Kubernetes clusters in production. It focuses on cluster infrastructure management — installation, configuration, scaling, upgrades, problem diagnosis and maintaining high availability. This is a certificate for system administrators, DevOps engineers, platform engineers and SREs, who are responsible for ensuring the cluster works, is efficient and resilient to failures.

CKA subject matter scope

The CKA examination covers the following domains:

1. Storage (10% of examination)

• Persistent Volumes and Persistent Volume Claims
• Storage Classes and dynamic provisioning
• Volume management for stateful applications

2. Troubleshooting (30% of examination)

• Diagnosing problems with applications in the cluster
• Debugging node failures
• Log analysis and resource monitoring
• Resolving problems with internal cluster networking

3. Workloads & Scheduling (15% of examination)

• Deployments, ReplicaSets, DaemonSets, StatefulSets, Jobs, CronJobs
• Node selectors, taints, tolerations, node affinity
• Resource limits and requests
• ConfigMaps and Secrets

4. Cluster Architecture, Installation & Configuration (25% of examination)

• Installing a cluster from scratch (kubeadm)
• Managing control plane and worker nodes
• etcd: backup, restore, high availability
• Cluster and component upgrades
• Certificate management

5. Services & Networking (20% of examination)

• Services (ClusterIP, NodePort, LoadBalancer)
• Ingress controllers and Ingress resources
• Network Policies
• CoreDNS
• CNI plugins

The greatest emphasis is on troubleshooting (30% of examination) — this is the most important skill for an administrator. Second place goes to architecture and cluster installation (25%), which means you must understand how the cluster works “under the bonnet”. Without this knowledge, you won’t pass CKA.

Who is CKA for?

CKA is for you if:

• You administer Kubernetes clusters in an organisation
• You’re DevOps/SRE and responsible for K8s infrastructure
• You’re building internal developer platforms based on Kubernetes
• You want to transition from traditional system administration (VMs) to the world of containers
• You’re planning to become a platform engineer or Kubernetes consultant

You don’t have to be a senior admin to pass CKA — the certificate is attainable for people with basic experience in Kubernetes and Linux systems, if you prepare appropriately. But the certificate is not for absolute beginners — it requires knowledge of Linux basics, networking and containers.

CKA difficulty level

CKA is a practical examination of medium difficulty. It’s not the most difficult CNCF certificate (that’s CKS), but it’s not a walk in the park either. Main challenges:

1. Time pressure — you have 120 minutes for approximately 15-20 tasks. Some take 2 minutes (create a pod), others 10-15 minutes (troubleshoot broken cluster). You must manage time and not get stuck on one task.

2. Troubleshooting in limited context — you get a cluster with a problem and little information. You must independently diagnose what’s wrong. This requires understanding how Kubernetes works internally.

3. Using documentation — theoretically you have access to documentation, but in practice you don’t have time to read long pages. You must know where to look and how to quickly find examples.

4. Minimalist tooling — you work mainly with kubectl and a text editor (vim/nano). You don’t have an IDE, autocompletion is limited, you’ll only recognise errors in YAML after kubectl apply.

CKA pass rate is approximately 50-60% amongst people who take the examination without training preparation. Amongst people who go through preparatory training (e.g. at EITT) and solve practice exams, the pass rate rises to 80-85%. The free retake means that effective pass rate (you pass on first or second attempt) is significantly higher.

What is CKAD (Certified Kubernetes Application Developer)?

CKAD is a certificate for developers who build applications running on Kubernetes. Unlike CKA, CKAD doesn’t focus on cluster administration — it assumes the cluster is already running, and your task is to deploy applications on it, manage configuration, debug application problems and understand how your application cooperates with K8s.

This is a certificate for software developers, DevOps engineers working on the application side, cloud-native developers — anyone who writes code that later goes to Kubernetes.

CKAD subject matter scope

1. Application Design and Build (20% of examination)

• Defining and building container images
• Choosing the appropriate base image
• Managing application lifecycle in Kubernetes
• Job patterns: init containers, sidecar containers, multi-container pods

2. Application Deployment (20% of examination)

• Deployments, rolling updates, rollbacks
• Blue/Green deployments, Canary deployments
• Helm basics
• Kustomize

3. Application Observability and Maintenance (15% of examination)

• Liveness, readiness, startup probes
• Application logging and debugging
• Monitoring resource usage
• Diagnosing application problems in the cluster

4. Application Environment, Configuration and Security (25% of examination)

• ConfigMaps and Secrets in applications
• Resource requests and limits for containers
• Security Contexts
• Service Accounts and RBAC for applications
• Admission controllers

5. Services & Networking (20% of examination)

• Defining Services for applications
• Network Policies — controlling communication between Pods
• Ingress — exposing applications externally

The greatest emphasis is on application configuration and security (25%) and design and deployment (20% each). CKAD doesn’t require knowledge of cluster installation or etcd management — it focuses on what a developer needs to know to work effectively with K8s.

Who is CKAD for?

CKAD is for you if:

• You’re a developer and your applications run on Kubernetes
• You write microservices deployed in containers
• You want to understand how Kubernetes affects application architecture
• You need to debug problems with applications in K8s (why is the Pod crashing? Why isn’t it receiving traffic?)
• You work in a DevOps team and handle both code and infrastructure

CKAD is more accessible for people without system administration experience. If you’re a developer who has never managed servers, but work with Docker and deploy on K8s, CKAD is a better entry point than CKA.

CKAD difficulty level

CKAD is commonly considered easier than CKA, mainly because the scope is narrower and doesn’t cover deep infrastructure aspects. But “easier” doesn’t mean “easy”.

The examination lasts 120 minutes, you have approximately 15-20 tasks and similarly to CKA, you must navigate kubectl and YAMLs efficiently. Questions are more concentrated on specific developer tasks: create a Deployment with specific parameters, add a probe, configure a Secret, diagnose why a Pod won’t start.

CKAD pass rate is slightly higher than CKA — approximately 60-65% without preparation, 85-90% after training and practice. The main challenge is working with YAMLs under time pressure — one indentation error and the Pod won’t start, and you’re losing minutes on debugging.

CKAD doesn’t require as deep understanding of cluster architecture as CKA, but requires very good knowledge of the Kubernetes API — you must know what objects exist, what fields they have in their specification, how they work together. Most people who don’t pass CKAD fail not through lack of knowledge, but through lack of practice in quickly creating correct manifests.

What is CKS (Certified Kubernetes Security Specialist)?

CKS is a certificate for people responsible for the security of Kubernetes clusters. It is the most difficult CNCF certificate and requires prior possession of CKA — you cannot take CKS without an active CKA.

CKS assumes you already know how to administer a cluster (hence the CKA requirement) and focuses on advanced security aspects: cluster hardening, supply chain security, runtime security, network policies, RBAC, audit logging, vulnerability scanning and much more. This is a certificate for security engineers, DevSecOps specialists, platform security architects — people who implement and maintain secure Kubernetes environments in production.

CKS subject matter scope

1. Cluster Setup (10% of examination)

• Network policies
• CIS Benchmark for Kubernetes
• Ingress with TLS
• Node security (securing nodes)
• GUI considerations (restricting access to Dashboard)

2. Cluster Hardening (15% of examination)

• RBAC (Role-Based Access Control)
• Service Accounts security
• Restricting access to Kubernetes API
• Upgrading Kubernetes with security patches
• Certificates and PKI infrastructure

3. System Hardening (15% of examination)

• AppArmor, Seccomp
• Kernel hardening
• Minimising attack surface at node level
• Managing node access (SSH, sudo)

4. Minimize Microservice Vulnerabilities (20% of examination)

• Security Contexts (runAsUser, readOnlyRootFilesystem, etc.)
• Pod Security Standards (PSS) / Pod Security Admission
• Secret management
• Hardening container images (distroless images, minimal base images)
• Static analysis / vulnerability scanning

5. Supply Chain Security (20% of examination)

• Scanning images for vulnerabilities (Trivy, Clair)
• Image signing and verification
• Trusted container registries
• Admission controllers (validating, mutating webhooks)
• OPA/Gatekeeper policies

6. Monitoring, Logging and Runtime Security (20% of examination)

• Audit logging in Kubernetes
• Falco — runtime security monitoring
• Immutability of containers at runtime
• Detecting anomalies in network traffic

CKS is the only CNCF examination that requires knowledge beyond Kubernetes itself — you must know Linux security mechanisms (AppArmor, Seccomp), image scanning tools, supply chain security concepts and runtime monitoring. This makes it significantly broader in scope than CKA or CKAD.

Who is CKS for?

CKS is for you if:

• You’re responsible for the security of Kubernetes clusters in an organisation
• You’re a security engineer with experience in cloud-native
• You work as DevSecOps and implement secure-by-design practices
• You’re building internal platforms and must ensure multi-tenancy and isolation
• You want to specialise in one of the most sought-after market areas (Kubernetes + security)

CKS requires an active CKA certificate — you cannot pass it without prior possession of CKA. This is a formal requirement that CNCF enforces during examination registration. This makes sense: CKS assumes you can manage a cluster and focuses exclusively on the security layer.

CKS difficulty level

CKS is the most difficult CNCF examination. Pass rate is approximately 40-50% without preparation, 70-75% after intensive training and practice. Main challenges:

1. Enormous amount of material — CKS covers not only Kubernetes, but also AppArmor, Seccomp, Falco, Trivy, OPA, audit logging, PKI. This is broad knowledge from different areas.

2. Tools outside the K8s ecosystem — you must be able to work with tools such as Falco (runtime monitoring) or Trivy (image scanning), which are not part of core Kubernetes.

3. Troubleshooting security issues — questions like “This Pod won’t start due to policy violation — fix it” require not only knowledge of YAMLs, but also understanding why a specific security control is blocking the action.

4. No margin of error — in CKA if you don’t know how to solve one task, you can skip it and still pass. In CKS almost every task has high weight, so it’s harder to “work around it”.

The examination time is 120 minutes, the number of tasks is approximately 15-16, which gives more time per task than in CKA/CKAD, but the tasks are more complex.

CKS is worth the effort if security is an area you want to specialise in. The combination of CKA + CKS positions you as a Kubernetes security expert — one of the most sought-after specialisations in the market.

Comparison table: CKA vs CKAD vs CKS

Criterion	CKA	CKAD	CKS
Full name	Certified Kubernetes Administrator	Certified Kubernetes Application Developer	Certified Kubernetes Security Specialist
For whom	Administrators, DevOps, SRE, Platform Engineers	Developers, DevOps (app focus)	Security Engineers, DevSecOps
Difficulty level	Medium	Easier than CKA	Difficult (most difficult CNCF)
Requirements	None (but experience with K8s recommended)	None (easier start for devs)	Requires active CKA
Examination time	120 minutes	120 minutes	120 minutes
Number of tasks	~15-20	~15-20	~15-16
Examination price	$395 (with retake)	$395 (with retake)	$395 (with retake)
Format	Practical, proctored online	Practical, proctored online	Practical, proctored online
Main domains	Troubleshooting (30%), Architecture (25%), Networking (20%)	Config & Security (25%), Design & Deployment (20%)	Supply Chain (20%), Microservice Vulnerabilities (20%), Runtime Security (20%)
Pass rate (without training)	~50-60%	~60-65%	~40-50%
Pass rate (after training)	~80-85%	~85-90%	~70-75%
Certificate validity	2 years	2 years	2 years
Recertification	Examination again	Examination again	Examination again (also requires active CKA)
Typical roles	Kubernetes Admin, DevOps Engineer, SRE, Platform Engineer	Cloud-Native Developer, DevOps (app side)	Security Engineer, DevSecOps, Security Architect
Impact on earnings	High	Moderate-high	Very high
Career path	Infrastructure & Platform	Application Development	Security & Compliance

Examination format — what distinguishes CNCF certificates?

CNCF certificates stand out against most other IT certifications in examination format. There are no multiple-choice questions. No theory. You get access to a terminal and a Kubernetes cluster — you have 120 minutes to solve specific problems.

Examination environment

The examination takes place online, in proctored mode — an examiner supervises you via camera and microphone. Technical requirements:

• Stable internet connection (minimum 5 Mbps)
• Computer with camera and microphone
• Clean, closed room (no other people in the room)
• No second monitor (only one screen)
• No notes, books, second device

Before the examination, the proctor verifies your ID, inspects the room (with camera) and checks that you don’t have prohibited materials. This is a standard requirement, but it’s worth preparing for it — some people feel uncomfortable with camera supervision.

Terminal and tools

You work in a browser with access to a terminal (usually Ubuntu with installed kubectl, vim/nano, tmux). You don’t have access to an IDE, autocompletion is limited to built-in bash, you don’t have snippets or keyboard shortcuts you’re used to.

The examination consists of multiple clusters — some tasks take place on cluster A, some on B, some on C. Before each task you get a command switching context — you must execute it, otherwise you’re working on the wrong cluster and losing points.

Permitted documentation

You can use official Kubernetes documentation during the examination:

• kubernetes.io/docs
• kubernetes.io/blog
• github.com/kubernetes (only official repo)

Not permitted to use:

• Google, Stack Overflow
• Your own notes
• Online courses
• Forums and Slack channels

In practice, access to documentation is useful, but doesn’t save the examination — if you can’t solve a problem, documentation isn’t enough. You need to know where to look and how to quickly find an example you can adapt.

Scoring

Tasks have different point weights (from 2% to 8% each). You must achieve at least 66% to pass (sometimes the threshold is 67%, depending on examination version). This means you can skip several tasks and still pass — you don’t need to have 100%.

You receive the result 24 hours after the examination (sometimes faster). If you don’t pass, you can use the free retake — you can arrange the date at any time within a year of purchasing the examination.

How does this differ from other certificates?

Most IT certificates (AWS, Azure, CompTIA, Cisco) are multiple-choice tests or simulations (drag-and-drop, fill-in-the-blank). They can be passed by “cramming” and good guessing. CNCF certificates don’t allow this — either you can solve the problem or you can’t.

This difference means that CKA, CKAD and CKS have higher value in the job market — employers know that the certificate holder actually knows how to work with Kubernetes, not just guess answers. This also means that examination preparation requires practice, not reading — you must spend dozens of hours in the cluster, solving hands-on tasks.

What is the recommended order for taking Kubernetes certificates?

If you’re planning to obtain more than one CNCF certificate (which is a good idea for maximising market value), it’s worth planning the order. CNCF doesn’t formally enforce a path (except CKS, which requires CKA), but logical progression matters.

Path for administrators and DevOps

CKA → CKS

If your role is administration, infrastructure, SRE or platform engineering, start with CKA. This is the foundation — without CKA you’ll have gaps in understanding cluster architecture, which will make working with K8s at production level difficult.

After obtaining CKA, if you’re interested in security (and you should be, because every organisation needs security in K8s), go for CKS. It requires active CKA, so naturally comes second. The combination of CKA + CKS is a strong profile in the market — it positions you as a Kubernetes expert with emphasis on security, which is one of the most sought-after specialisations.

Optionally, if you also work on the application side (deploy applications, not just manage infrastructure), you can add CKAD as a third certificate. But for a typical admin, CKAD is not a priority — most CKAD knowledge you’ll know after CKA.

Path for developers

CKAD → CKA → CKS

If you’re a developer who works with applications on Kubernetes, but doesn’t administer clusters, start with CKAD. It’s more practical for your daily work and doesn’t require deep knowledge of infrastructure.

After CKAD, if you want to expand competencies towards DevOps or platform engineering, go for CKA. This will give you full understanding of how the cluster works and how to debug problems beyond the application.

You can consider CKS as a third step if you’re interested in DevSecOps. But for most developers CKAD + CKA is a sufficiently solid combination.

Path for security specialists

CKA → CKS

If you work in security and your organisation is implementing Kubernetes, you must understand the platform you’re securing. Start with CKA to build foundations (without them CKS will be inaccessible), then go straight to CKS.

CKS is a certificate that directly responds to the needs of security engineers — hardening, compliance, supply chain security, runtime protection. The combination of CKA + CKS is the minimum for a security specialist in a Kubernetes environment.

Is it worth obtaining all three?

Yes, if you want to maximise market value. Possessing CKA + CKAD + CKS distinguishes you as a full-stack Kubernetes specialist — someone who knows the platform from the infrastructure, application and security sides. This is a rare combination of competencies and directly translates to higher salary ranges.

But don’t do them all at once. Pass the first certificate, work with K8s in practice for a few months, then proceed to the next. Certificates are valid for two years, so if you pass all of them within three months, they’ll all expire at a similar time and you’ll have to recertify them together. It’s better to spread this out over time.

How to prepare for Kubernetes examinations — practical strategies

Preparation for CNCF certificates differs from preparation for typical IT examinations. Reading books is not enough — you must spend dozens of hours in the terminal, solving practical tasks. Here are proven preparation strategies.

1. Build theoretical foundation

Before you start practising, you must understand basic Kubernetes concepts:

• Cluster architecture (control plane, nodes, etcd, API server, scheduler)
• Basic objects: Pod, Deployment, Service, ConfigMap, Secret, PersistentVolume
• Networking: ClusterIP, NodePort, LoadBalancer, Ingress, Network Policies
• RBAC: Role, RoleBinding, ClusterRole, ClusterRoleBinding, ServiceAccount

Official Kubernetes documentation (kubernetes.io/docs) is the best source. You don’t have to read it all — focus on the Concepts and Tasks sections.

If you prefer structural training, EITT offers Kubernetes courses both for beginners (Kubernetes Fundamentals) and advanced preparation for CKA/CKAD/CKS. The course gives you not only theory, but also interaction with a trainer who will answer questions and help understand difficult topics.

2. Set up a local cluster and practise

Theoretical knowledge is one thing, but you must practise in a real cluster. Options:

Minikube / kind (Kubernetes in Docker) — lightweight local clusters, ideal for learning. They work on a laptop, don’t require cloud.

K3s / k3d — minimalist Kubernetes distribution, quick to launch.

Cloud cluster — AWS EKS, Azure AKS, Google GKE offer free trials. But note: the examination is on upstream Kubernetes, not on a managed service — managed clusters hide the control plane, so you won’t practise full administration.

Killer.sh / Killer Coda — platforms with interactive labs, specially designed for CKA/CKAD/CKS preparation. Killer.sh offers an examination simulator at the price of purchasing an CNCF examination voucher.

Dedicate at least 40-60 hours to practice. This is not an examination you’ll pass on a weekend before the date.

3. Master kubectl and YAML inside out

The examination is practically continuous work with kubectl and editing YAMLs. You must be able to:

Quickly create manifests:

kubectl run nginx --image=nginx --dry-run=client -o yaml > pod.yaml
kubectl create deployment app --image=nginx --replicas=3 --dry-run=client -o yaml > deployment.yaml

Edit objects on the fly:

kubectl edit deployment app
kubectl set image deployment/app nginx=nginx:1.21

Debug problems:

kubectl describe pod failing-pod
kubectl logs failing-pod
kubectl get events --sort-by=.metadata.creationTimestamp

Efficiently work with documentation — bookmark frequently used pages, learn Ctrl+F in the browser, copy and adapt examples.

Practise speed — solve tasks against time. If one task takes you 15 minutes, and there are 18 of them on the examination, you won’t pass. You must be fast.

4. Solve practice exams

Practice exams are the most important element of preparation. They give you realistic tasks in conditions similar to the examination.

Killer.sh — the best simulator. You receive two sessions (each for 36 hours) at the price of an CNCF examination voucher. Tasks are more difficult than on the real examination, which is an advantage — if you handle Killer.sh, the real examination will be easier.

Udemy courses — Mumshad Mannambeth has excellent preparatory courses with practical tasks (CKA, CKAD, CKS). KodeKloud Labs are included in the course price.

GitHub repos — the community creates free practical tasks (e.g. dgkanatsios/CKAD-exercises). Worth reviewing and practising.

Do at least 3-5 complete practice exams before the real examination. Analyse errors — why didn’t you pass the task? What didn’t you know? What took too long?

5. Manage time on the examination

120 minutes is less than you think. On the examination:

• Read the question carefully — sometimes a detail (namespace, label, context) is crucial
• Switch context before each task — don’t do the task on the wrong cluster
• If a task takes more than 10 minutes, skip it and return to it later (if there’s time)
• Check each task after completion: kubectl get, kubectl describe — make sure it works
• Leave the last 10 minutes to complete skipped tasks

Flag questions you don’t know — the examination has a flagging function. If you see a task that terrifies you, flag it and move on. You’ll return when you finish easier ones.

6. Prepare the environment on examination day

On examination day:

• Turn off all applications (Slack, email, notifications)
• Shut yourself in a quiet room
• Inspect the room before the examination (the proctor will require this)
• Have ID with you (passport, driving licence)
• Check internet connection — don’t do the examination on Wi-Fi with poor signal

Pre-examination test is available 24h before the examination — check that the environment works, switch to the correct context, do a simple kubectl get nodes. This will give you comfort that everything works.

How EITT supports preparation for Kubernetes certificates

At EITT, we have been preparing teams and individual specialists for Kubernetes certificates for years. Our team of over 500 experts includes trainers with active CKA, CKAD and CKS certificates, who work with Kubernetes in production on a daily basis — these are not theorists who learned K8s for the examination, but practitioners who manage clusters at enterprise scale.

CKA, CKAD, CKS preparatory training

We offer dedicated preparatory courses for all three certificates. Training lasts 3-4 days (depending on certificate and formula) and combines theory with intensive practice:

Day 1-2: Review of examination topics — we go through all examination domains, explain difficult concepts, show how given topics are tested on the examination.

Day 2-3: Hands-on labs — we solve practical tasks, identical to those on the examination. The trainer shows best solving strategies, keyboard shortcuts, how to use documentation.

Day 3-4: Practice exam + review — simulated examination in conditions similar to the real one (time, pressure, environment). After the examination, we analyse errors, answer questions, show alternative solutions.

Training is available in open form (individual registrations, set date) and closed (dedicated for companies, with programme adapted to team level and organisation context). In the closed formula, we can focus on specific use cases of your environment — if you work on EKS and want to understand how to prepare for CKA in AWS context, we’ll adapt the training to this.

Training + voucher packages

We offer training + examination voucher packages, which lower the total certification cost and eliminate organisational risk on the participant’s side. The CNCF examination voucher ($395) is included in the training price, so after finishing the course you can immediately arrange an examination date.

Post-training support

After training, we don’t leave you alone. Trainers are available for questions (email, Slack) for 30 days after training — if you encounter a problem during preparation, you can ask. This is particularly valuable just before the examination, when final doubts arise.

Additionally, access to training materials (slides, labs, practice tasks) remains active for 90 days — you can return to exercises and repeat material.

Pass rate statistics

Pass rate of our participants after EITT training:

• CKA: 82% (first attempt), 95% (with use of retake)
• CKAD: 87% (first attempt), 97% (with retake)
• CKS: 71% (first attempt), 88% (with retake)

These figures are markedly higher than market average (50-65% depending on examination), which confirms the effectiveness of our approach: intensive practice, not theory.

Consultancy for companies — certification programmes for teams

If you’re planning to build a certification programme for an entire DevOps/SRE/Platform Engineering team, we offer comprehensive consultancy:

Competency analysis — we conduct an assessment of the team’s current skills (self-assessment or technical assessment) and identify gaps.

Certification path design — we determine who should obtain which certificate, in what order, and how to spread this over time.

Support in obtaining co-financing — training programmes can be co-financed from the National Training Fund (KFS). We help prepare documentation and obtain co-financing.

Dedicated training — we conduct a cycle of closed training for the team, adapted to your needs and project schedule.

Progress tracking — after training, we monitor who passed, who needs support, and help achieve high pass rate in the team.

Our previous experience includes over 2500 completed training courses with quality rating of 4.8/5 from participants. We work with companies such as ING, mBank, PKO, which build Kubernetes competencies at enterprise scale.

Frequently asked questions (FAQ)

Can I pass CKA/CKAD/CKS without Kubernetes experience?

Theoretically yes — nothing blocks your examination registration. But it’s not a good idea. CNCF examinations require practical skills that you won’t gain from examination materials alone. If you’ve never worked with Kubernetes, start with a basic Kubernetes course (e.g. Kubernetes Fundamentals at EITT), work with a cluster for a few weeks/months, and only then proceed to certification.

For CKAD, the entry threshold is lower — if you have experience with Docker and application deployments, you can prepare for CKAD in 4-6 weeks of intensive learning. CKA requires a bit more experience (knowledge of Linux, networking, distributed systems). CKS absolutely requires experience — without it there’s no point in attempting.

How much time is needed to prepare for the examination?

Depends on your experience and preparation intensity:

CKA: 6-10 weeks (at 10-15h per week) for someone with basic K8s experience. If you work with K8s daily, 4-6 weeks may suffice.

CKAD: 4-8 weeks (10-15h per week) for a developer with container experience.

CKS: 8-12 weeks (15-20h per week), provided you already have CKA. CKS requires learning new tools (Falco, Trivy, OPA) and a wide range of security topics.

If you go through preparatory training (e.g. at EITT), you can shorten this time — 3-4 day training + 2-3 weeks of independent practice is a realistic schedule.

Are Kubernetes certificates worth their price?

Yes, if you work with Kubernetes or plan to do so. The price of $395 per examination (with retake) is an investment that pays back quickly. CNCF certificates affect salary ranges — particularly CKA and CKS — and increase your value in the job market. In the context of potential salary increase, ROI from CNCF certificate is one of the best in the IT industry.

For companies building Kubernetes teams, employee certificates are not just competencies — it’s also a signal to clients and partners that the organisation treats K8s seriously.

How long are CKA/CKAD/CKS certificates valid?

Certificates are valid for 2 years from the date of passing the examination. After this time, you must pass the examination again (recertification). For CKS, recertification also requires active CKA — if your CKA has expired, you must refresh it before CKS recertification.

Recertification is the same examination as initial certification (same scope, price, format). There is no shortened version for people recertifying.

Can I use notes during the examination?

No. The only permitted source of information is official Kubernetes documentation (kubernetes.io). You cannot use your own notes, online courses, Stack Overflow, forums, Slack channels or any external materials. The proctor monitors your screen and activity — if they detect an attempt to use prohibited sources, the examination will be cancelled.

You can (and should) have Kubernetes documentation open in an additional browser tab — this is permitted and expected.

What if I don’t pass the examination on the first attempt?

No problem — you have a free retake. The examination price ($395) includes a second voucher, which you can use at any time within a year of purchase. If you don’t pass on the first attempt, arrange the date again, analyse errors, practise weak areas and try again.

Statistically, people who don’t pass on the first attempt pass on the second — having experience from the first examination, you already know what to expect and can manage time better.

Which certificate gives the highest salary increase?

Amongst the three CNCF certificates, CKS has the greatest impact on earnings, particularly in combination with CKA. This stems from the fact that security is one of the most sought-after areas, and there are fewest certified Kubernetes security specialists.

CKA has high impact on earnings for administrative roles (DevOps, SRE, Platform Engineer) — CKA holders are valued markedly higher than people without certificate.

CKAD has moderate-high impact — useful for developers, but not as high as CKA/CKS. For a developer who doesn’t plan to transition to DevOps side, CKAD + cloud certificate (AWS/Azure) may be a better investment than CKAD alone.

Best combination in terms of earnings: CKA + CKS. This positions you as a Kubernetes expert with emphasis on security — one of the most profitable specialisations in the market in 2026.

Are CNCF certificates recognised only in Poland or globally?

CNCF certificates are global certificates — CNCF is an international organisation, and examinations are identical worldwide (in English). Your certificate has the same value in Poland as in Germany, UK, USA or Singapore.

This is particularly important if you work remotely for foreign clients or are considering emigration for earnings — CNCF certificates are widely recognised and valued in all markets where Kubernetes is used (i.e. everywhere).

---

Want to prepare for CKA, CKAD or CKS with practical support from experts? Check the Kubernetes training offer at EITT — we prepare for all three certificates with trainers who possess them themselves and work with Kubernetes in production on a daily basis.

Planning a certification programme for a DevOps team? Contact us to discuss how we can support you in building Kubernetes competencies — from needs analysis to dedicated training and support in obtaining co-financing.

Read Also

• Cybersecurity Certifications - CISSP, CEH, Security+ Comparison
• Highest-Paying IT Certifications in Poland 2026

Read also

• Highest-Paying IT Certifications in Poland 2026
• IT Certification Costs in 2026 — Complete Pricing Guide

Develop your skills

Want to deepen your knowledge in this area? Check out our training led by experienced EITT instructors.

➡️ Certified Kubernetes Application Developer (CKAD) Exam Preparation — EITT training