How I Passed KCNA and KCSA — And What to Actually Study

Life had other plans for a while. Health issues I didn’t see coming, a cross-border move at thirty from Italy to Switzerland, and the long reset that follows both: it kept me away from the keyboard longer than I wanted. But here I am.

The AI wave didn’t wait. I’ve been deep in it: building agent workflows, experimenting with LLMs, rethinking how automation fits into engineering work. It’s changed my mental model in ways I didn’t expect, and I’ll write about it properly soon.

What I want to share today: I passed KCNA and KCSA. Two more on the Kubeastronaut path, the CNCF distinction that requires all five core Kubernetes certifications. I’ve already written about getting started with Kubernetes on a homelab. In the last couple of weeks I cleared two of the three that were left:

• KCNA
• KCSA

Easy ones? Relatively. But CNCF proctoring is never casual: the setup is strict, the clock is real, and “easy” still means you have to show up prepared.

The CKS is next. Booked for next month. Then the jacket is mine.

Here’s what worked.

KCNA

The most approachable of the four I’ve taken. Unlike CKA and CKAD, it’s multiple choice (same as KCSA), so the pressure shifts from hands-on speed to breadth of knowledge across Kubernetes and the CNCF ecosystem. Different exam, different muscle.

The course I recommend: Dive into Cloud Native, Containers, Kubernetes and the KCNA on Udemy.

If you already hold CKA or CKAD, skip Kubernetes Fundamentals and Kubernetes Deep Dive entirely. Skim the first three chapters, then go deep on:

• Telemetry and Observability
• Cloud Native Application Delivery

No mock exams in the course. I bought those separately from SkillCertPro — the UI is slow, the UX is rough, but the questions are solid and cover most of what actually appears on the exam. Free alternatives exist. I chose paid given the time pressure.

That’s the full recipe. Follow it and you’ll pass comfortably.

KCSA

This one hit harder. It earns its reputation: vertical on security, unforgiving, and genuinely testing if your background is purely operational Kubernetes. Pod Security Standards, AppArmor, seccomp, admission webhooks, SecurityContext configurations, and multiple threat modelling frameworks specific to Kubernetes. If you haven’t touched these, the exam will find out quickly.

The course I recommend: KodeKloud’s KCSA course. One month runs about $35. Worth it. The video explanations are clear, the per-session quizzes are sharp, and the three included mocks cover roughly ninety percent of what appeared on my exam.

What I focused on:

• Overview of Cloud Native Security: good foundation
• Kubernetes Cluster Component Security: can move fast here
• Kubernetes Security Fundamentals: do the audit logging section, the rest is familiar from CKA/CKAD
• Kubernetes Threat Model: don’t rush this. 5-6 exam questions come from this topic alone
• Platform Security: very important
• Compliance and Security: covers material not in standard CKA/CKAD prep

The last three sections catch people off guard. Together they account for roughly half the exam, and none of them appear in standard CKA or CKAD prep. Don’t rush them.

I also bought extra Udemy mocks. In hindsight, unnecessary. The KodeKloud ones are enough.

There’s also a free mock on GitHub. Can’t confirm how current it is, but worth a look.

What’s next

CKS next month. Then Kubeastronaut.

I’m also going deeper on the AI side: agents, LLMs, practical automation, Openclaw. That thread has been running quietly for months. More on it soon.

If you’re on the same certification path, feel free to reach out.