Which container development certification is best for me?
Which container development certification path is right for you? Let's talk containers and Kubernetes certifications, what they can mean for your career, and how to achieve your goals.
Jun 08, 2023 • 20 Minute Read
Considering your options when it comes to container development certification paths? This post will talk about the various containers certifications on offer, what each cert covers, and what it could mean for your career. Let’s get started!
Accelerate your career
Get started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.
We’ll start with some basic common questions around certifications, and then dig into the different containers certifications on offer and which organizations are behind them.
Table of contents
- Accelerate your career
- Why are containers certifications important?
- What roles do containers certifications target?
- Docker Certified Associate certification (DCA)
- Linux Foundation and the Cloud Native Computing Foundation (CNCF)
- Red Hat
- Getting containers certification exam-ready
- Build the skills you need for a better career.
Why are containers certifications important?
Containerization technology is at the heart of almost every large-scale, high-quality application today. This means that understanding how to create, package, deploy, manage, secure, and scale your applications using containers is an extremely important skill for any software engineer.
If you’re a novice looking to learn a new technology, or you’re looking to change careers and want to showcase your containers skills, a certification can certainly help.
Containers certifications are a great gateway into working with deployments on cloud platforms as well, and all major cloud providers have their own offerings for containers and container clusters.
What roles do containers certifications target?
The containers certifications we’ll focus on lay the foundation for many roles, like:
- Full-stack developer
- DevOps engineer
- Release engineer
- Automation engineer
And that's just to name a few. In this guide, we’ll cover the Docker Certified Associate certification, a number of different Kubernetes certifications offered by the Cloud Native Computing Foundation, plus container certifications specific to the Red Hat Linux ecosystem.
Docker Certified Associate certification (DCA)
When you first start researching container certifications, you may come across the Docker Certified Associate (DCA). This certification was first launched in 2017 and covers a lot of core containerization concepts. It’s often the first certification people go for when starting out on their containers journey.
Who runs the DCA exam?
Who is the DCA exam for and what does it cover?
This entry-level certification targets professionals who have worked with Docker and Kubernetes for about six to 12 months. It focuses on containers rather than container clusters. The exam is 90 minutes and includes a total of 55 questions - 13 multiple choice and 42 discrete-option multiple choice.
The certification covers the following domains:
- Orchestration: 25%
- Image creation, management, and registry: 20%
- Installation and configuration: 15%
- Networking: 15%
- Security: 15%
- Storage and volumes: 10%
Is it worth taking the DCA exam?
If you're a total beginner and haven’t worked with containers before, the DCA is a good place to start. This is the only cert that has more of a focus on Docker containers and commands. You may find that other certifications tend to take Docker containerization a little bit for granted and focus on deploying containers on Kubernetes. So if you have the time and you want to ensure that you have a solid understanding of Docker before you move on to Kubernetes, then this certification is worth it. Check out our DCA course to help you get started.
However, it is worth mentioning that this certification has been superseded by others. So if you're already a Docker practitioner and familiar with Docker commands and configurations, this certification may not hold that much value for you.
Linux Foundation and the Cloud Native Computing Foundation (CNCF)
Founded in 2000, the Linux Foundation is a non-profit technology consortium. It focuses on standardizing and promoting the growth of the Linux operating system through events, training, and certifications, including Kubernetes-focused certifications.
The Cloud Native Computing Foundation (CNCF) was founded in 2015 by the Linux Foundation. Google originally developed the open-source system Kubernetes in 2014, but then handed over operational control to the CNCF in 2018.
The main objective of the CNCF is to advance containers technology, which means that certifications offered by the CNCF are considered to be state of the art, and highly relevant.
CNCF certification roadmap
The first thing you should be aware of is that CNCF certifications expect you to be familiar with the Linux ecosystem. You should know how to create, register, and deploy Docker containers. And they're assuming you're aware of the concepts and fundamentals covered in the DCA exam. So if you're a containers novice, then these certifications would be the second stop in your containers certification journey.
The first certificate in the CNCF ecosystem is the Kubernetes and Cloud Native Associate (KCNA). This certification serves to demonstrate a learner's foundational knowledge and skills in Kubernetes and the cloud native ecosystem. This is the certification to take first before jumping into other CNCF certifications, either on the development track or the administration track.
Once you have the basics of Kubernetes covered, you can then choose what track you want to take. If you’re a developer or a DevOps engineer writing code for applications and want to know how best to use Kubernetes to deploy and scale your applications, the Certified Kubernetes Application Developer (CKAD) is for you.
On the other hand, if you’re an administrator or automation engineer working in operations or a security-focused role, you might find the certifications on the administrator path more relevant. You'll start off with the Certified Kubernetes Administrator (CKA). And if you want to dive deeper, you can then take the Certified Kubernetes Security Specialist (CKS) certification. Just note that the CKA is a mandatory prerequisite for the CKS.
But, what about cloud?
Well, as you might have noticed, CNCF certifications focus on Kubernetes and cloud native architecture. They aren’t specific to any one cloud platform. But gaining expertise in Kubernetes can help you transition to working with Kubernetes on any of the big three cloud platforms - Amazon Web Services, Microsoft Azure, and Google Cloud. And architecture and DevOps certifications on these platforms often have Kubernetes as a core requirement. If you're interested in microservices frameworks and certifications based on these frameworks, a foundational understanding of Kubernetes is a real asset.
Kubernetes and Cloud Native Associate certification (KCNA)
The KCNA certification is what the CNCF terms a pre-professional certification, so it's considered beginner level. This certification shows that you know something about working with Kubernetes at a high level.
Who is the KCNA certification for?
This cert is primarily meant for those just getting started with containers and Kubernetes, and working on cloud native technologies. It's designed to equip you with the foundational knowledge for other CNCF credentials.
If you’re in a role where a high-level understanding of Kubernetes and cloud native will help you, this cert is worth looking into. Product managers, engineering managers, tech leads, or product marketers may find this knowledge helpful when it comes to making long-term product decisions.
What does the KCNA certification exam cover?
This exam is an online proctored exam with multiple choice questions. In fact, this is the only certification in the CNCF suite that is multiple choice. So if you prefer your options laid out for you, this is for you!
Here are the main domains this exam covers:
- Kubernetes fundamentals: 46%
- Container orchestration: 22%
- Cloud native architecture: 16%
- Cloud native observability: 8%
- Cloud native application delivery: 8%
A large part of the exam focuses on Kubernetes fundamentals, its architecture, resources, and APIs, as well as containers and scheduling. Under container orchestration, you’ll need to understand how the container runtime, security, and networking functions work. This portion also includes the service mesh and storage in containers.
The cloud native architecture portion includes autoscaling and serverless containers, and the creation and configuration of rules and personas on container clusters. The monitoring and observability domain includes using Prometheus and cost management. And finally, the application delivery section covers GitOps and CI/CD pipelines for automated delivery of software using Kubernetes.
Is it worth taking the KCNA certification exam?
If you're comfortable building and deploying cloud native applications and are a competent user of Kubernetes, you may choose to skip this certification altogether and go directly to the professional certs on the developer or administrator paths, as these carry more weight. However, if you’re new to cloud native and Kubernetes development, I’d highly recommend this certification as a way to build up your resume and confidence in tackling the more advanced certs.
Which container development certification is best for me?
Certified Kubernetes Application Developer certification (CKAD)
The Certified Kubernetes Application Developer (CKAD) is a professional-level certification, which means that it’s meant for engineers responsible for actually building, deploying, and configuring cloud native applications with Kubernetes.
Who is the CKAD certification for?
If your dream is to become a full-stack developer, and you're looking to build and deploy applications at scale on Kubernetes, look no further. This cert focuses on application development and deployment on Kubernetes rather than administration. So if you're a developer on a team using Kubernetes but aren’t responsible for administering and managing a Kubernetes cluster, you should choose this certification.
What does the CKAD certification exam cover?
This is an advanced certification, so it assumes that you’re well-versed with core containers and Kubernetes concepts. It also assumes working knowledge of container runtimes and microservice architecture, so it’s helpful if you've had some real-world experience building and deploying production-ready pipelines.
This certification is achieved via an online proctored exam, but it's not multiple choice. It's a performance-based test. It gives you a set of 15-20 problems that you need to solve using the command line, all within two hours. So you actually have to complete tasks in the right manner using the right set of commands and configurations. To help you complete your tasks, you’re allowed access to certain sites.
When you register, you'll also have two attempts to practice with an exam simulator provided by killer.sh. Given that this exam is real time, it's worthwhile practicing common operations using the command line to ensure that you're very familiar with the basic structure of various commands.
Here are the broad topics covered by the certification:
- Application design and build: 20%
- Application deployment: 20%
- Application observability and maintenance: 15%
- Application environment, configuration, security: 25%
- Services and networking: 20%
The application design and build domain covers defining, building, and modifying container images; running jobs and cron jobs on Kubernetes; using multi-container port designs such as sidecar, init, and others; and using persistent and ephemeral volumes with containers.
Application deployment covers common strategies using deployments for rolling updates and using the Helm package manager for deployments. The observability and maintenance domain tests the use of probes and health checks, and the use of logs and tools to monitor and debug Kubernetes applications.
The application environment, configuration, and security domain covers authentication and authorization to Kubernetes clusters, defining resource requirements, limits and quotas, using secrets and service accounts, and how to secure your applications. And finally, the services and networking domain includes configuring network policies, and configuring ingress rules to expose applications to the external world.
Is it worth taking the CKAD certification exam?
As you can see, the exam covers a fairly wide ranging set of topics, which cut across different areas in application development and deployment. This certification is difficult. There’s no getting around it. But if you pass, it's a real asset on your resume (and definitely gives you bragging rights). It makes you more attractive to employers and gets you hands-on experience with the job that you'll be doing. And we have a CKAD course to help you get prepared!
Certified Kubernetes Administrator certification (CKA)
The Certified Kubernetes Administrator (CKA) is another Kubernetes professional-level certification, and the first on the administrator path.
Who is the CKA certification for?
This cert is for system and cloud administrators responsible for managing instances on Kubernetes clusters, either on-premises or on a cloud platform. If you plan to develop Kubernetes applications - write code that's containerized and deployed to Kubernetes - the CKAD may be a better fit.
What does the CKA certification exam cover?
This certification assumes that you have basic knowledge of working with containers and Kubernetes clusters. You'll definitely need to know the basics of some of the topics covered by the CKAD, but the main focus is managing the Kubernetes environment, and configuring and securing Kubernetes clusters using best practices.
Once again, this is a hands-on exam, not multiple choice. During the two-hour exam, you'll have access to a command line running Kubernetes and you'll run commands to complete about 15 to 20 performance-based tasks. When you register for the exam, you'll have two attempts to practice with an exam simulator provided by killer.sh.
Here are the domains and competencies covered by this certification:
- Cluster architecture, installation, and configuration: 25%
- Workloads and scheduling: 15%
- Services and networking: 20%
- Storage: 10%
- Troubleshooting: 30%
As you can see, there’s some overlap with the topics covered in the CKAD exam. For example, services and networking is a common domain across both. But in the CKA, the emphasis isn't on the best practices of application design, deployment, and monitoring, because this certification has less to do with applications deployed in the cluster and is more about the cluster itself. The focus is on ensuring that the cluster is healthy, configured correctly, and is secure.
The cluster architecture, installation, and configuration domain involves provisioning infrastructure for clusters, configuring and upgrading clusters, managing access using roles, cluster backup, and recovery. Workloads and scheduling covers deployments, rollbacks, rolling updates using the right primitives for auto-healing, scaling deployments, and scheduling pods.
Services and networking covers connectivity between cluster nodes, between the pods on a cluster, using the right endpoint for your services, and using ingress controllers and ingress resources. The storage domain covers the use of storage classes and persistent volumes, configuring applications that use persistent storage, setting volume access modes, and reclaim policies.
And finally, the troubleshooting domain involves topics such as monitoring applications, evaluating cluster and node logging, and troubleshooting application failures, networking, and cluster component failure issues.
Is it worth taking the CKA certification exam?
Looking to upskill as an admin of cloud native deployments? Then this is the right cert for you. And if you’re hoping to take the Certified Security Specialist (CKS), the CKA is a mandatory prerequisite. Check out our CKA course to help you prepare.
Which container development certification is best for me?
Certified Kubernetes Security Specialist certification (CKS)
Of all the exams offered by the CNCF, the Certified Kubernetes Security Specialist (CKS) is by far the most advanced. Before you sit for this exam, an essential prerequisite is that you have an active (non-expired) CKA certification.
As the name suggests, this exam goes beyond basic cluster administration and focuses on the application of best practices for securing container-based applications on Kubernetes during build, deployment, and runtime.
Who is the CKS certification for?
If you're a highly skilled Kubernetes administrator, this exam can set you apart in any recruitment process. Security is increasingly important in today’s world, and it's only going to get more important in the future. Going beyond administration and including security in your skillset is a clear level up in your career.
What does the CKS certification exam cover?
Once again, this is a hands-on, online proctored, performance-based test. You’ll have to complete a number of tasks in two hours using the Kubernetes command line.
Here are the domains and topics covered in this exam:
- Cluster setup: 10%
- Cluster hardening: 15%
- System hardening: 15%
- Minimize microservice vulnerabilities: 20%
- Supply chain security: 20%
- Monitoring, logging, and runtime security: 20%
The cluster setup domain focuses on the security configuration of Kubernetes components, restricting cluster-level access, restricting access to GUI elements, and verifying the binaries that you deploy.
Cluster hardening includes configuring role-based access control to minimize API exposure, minimizing permissions on service accounts, and Kubernetes upgrades. The system hardening domain includes reducing the attack surface of the host operating system, minimizing identity and access management roles, and external access to the network. This portion also covers the use of kernel hardening tools such as AppArmor.
Minimizing microservice vulnerabilities deals with security domains, managing Kubernetes secrets, port-to-port encryption, and using container sandboxes in multi-tenant environments. Supply chain security focuses on the container image footprint, allowlist signed and validated images, and scanning images for vulnerabilities.
Monitoring, logging, and runtime security involves analyzing process and file activities to detect malicious access, detecting phases of an attack, detecting threats to infrastructure, ensuring immutable containers, and other security investigation-based topics.
Is it worth taking the CKS certification exam?
As you can tell, this exam is no walk in the park. But if you want to set yourself apart, this is the certification for you. And we’ve got you covered with our hands-on CKS course.
Red Hat
Now that we've seen what container-based certifications are offered by the CNCF, let's turn our attention to a slightly different universe. Red Hat is a software company that is a leading provider of enterprise software solutions built using open source products. Their enterprise products include high-performance Linux - you may have heard of Red Hat Enterprise Linux? Well, they also offer enterprise products for container and Kubernetes technologies.
Companies across the world use Red Hat products, which means if you're planning to work on container clusters in the Red Hat ecosystem, you should definitely consider the container-focused Red Hat certifications.
Red Hat has its own family of containerization products that it develops and maintains called OpenShift. The flagship product in the OpenShift family is the OpenShift Container Platform, an on-premises platform-as-a-service built around Linux containers, orchestrated and managed by Kubernetes, and installed on a cluster of machines running Red Hat Enterprise Linux. It's Kubernetes at its core, but it has a number of services and features that are unique to Red Hat, and these features may work differently from open source Kubernetes.
One thing to keep in mind is that Red Hat uses Podman as a containerization technology and not Docker, so any experience that you have with Docker will help, but may not be directly useful.
Red Hat certification roadmap
If you head over to the Red Hat certifications page, you'll find a huge list on offer. There are Red Hat certs for all their enterprise products. The three specific certifications we’re focusing on here are the ones on containers and container clusters.
Here’s a roadmap for the Red Hat container-based certifications. The dependencies marked are very loose - this is a suggested path rather than a strict requirement. So for example, you could take the Red Hat Certified Specialist in Containers and Kubernetes alone without doing the OpenShift Administration or OpenShift Application Development certs.
Red Hat Certified Specialist in OpenShift Administration certification
The Red Hat Certified Specialist in OpenShift Administration targets IT professionals who are looking to administer the OpenShift Container Platform. If you already happen to have a Red Hat Certified Systems Administrator certification, then you have the right background.
This exam will demonstrate that you have the ability to manage the OpenShift Container Platform, manage users and policies, control access to resources, manage networking and applications, schedule pods, and deploy and scale your application.
If you're looking for a system administrator or DevOps role in an organization that uses Red Hat OpenShift containers, then this is the right certification for you.
Looking for more info? Check out our Red Hat Certified Specialist in OpenShift Administration exam prep course.
Red Hat Certified Specialist in OpenShift Application Development certification
If you happen to be an enterprise application developer rather than an administrator, and you're looking to work with Red Hat OpenShift, the Red Hat Certified Specialist in OpenShift Application Development certification is right for you.
This certification focuses less on administration and more on the process of creating containerized applications, building and deploying these applications, monitoring application health, and porting existing applications to the OpenShift Container Platform.
Red Hat Certified Specialist in Containers and Kubernetes
If you want to move beyond the basics in OpenShift Administration and application deployment, you can choose to take the Red Hat Certified Specialist in Containers and Kubernetes. This approaches OpenShift from an architect’s point of view, where you understand the container and OpenShift architecture and create containerized and multi-container applications on OpenShift.
The other Red Hat certifications are not strict prerequisites for this one. You could definitely tackle this cert standalone if you're already familiar with working on the OpenShift platform. You can check out our Red Hat Certified Specialist in Containers and Kubernetes course to help you get prepared.
Getting containers certification exam-ready
Okay, so you’ve decided which containers certification you want to go for, but where do you begin? A good place to start is by taking a course - I’ve linked to ACG’s certification prep courses throughout this post, as well as to all the relevant certification providers. You can also download our Containers Certification Guide as a handy reference.
As a reminder, the majority of the containers exams on offer are hands-on. So make sure you spend time doing labs and getting a feel for command line commands. Get used to navigating, searching, and using the permitted Kubernetes documentation sites. This will save you time in the exams. You don't need to memorize commands, but if you practice, you'll know how to construct them quickly during the exam. And that will help tremendously!
When you actually build and deploy containerized applications in a hands-on way, you remember the little tricks, the small details, and all the nitty gritty details. It might be slow and painful, but there’s really no substitute for it.
Knowing how to work with Kubernetes also sets you up nicely for cloud architecture and Devops certifications on all the three major cloud providers. So if you’re interested in moving in that direction, I’d recommend checking out our AWS, Microsoft Azure, and Google Cloud certification guides.
Build the skills you need for a better career.
Master modern tech skills, get certified, and level up your career. Whether you’re starting out or a seasoned pro, you can learn by doing and advance your career in cloud with ACG.