Skip to content
GitHub

CNPA - Certified Cloud Native Platform Engineering Associate

Multiple-choice exam | 120 minutes | Passing score: 75% | $250 USD

Overview

Section titled “Overview”

The CNPA (Certified Cloud Native Platform Engineering Associate) validates foundational knowledge of platform engineering concepts, practices, and tooling in the cloud native ecosystem. It’s a multiple-choice exam — you need to understand concepts, not configure live clusters.

KubeDojo covers ~80%+ of CNPA topics through our existing Platform Engineering track. This page maps CNPA domains to existing modules so you can prepare efficiently.

CNPA is the associate-level companion to CNPE. If CNPE is “prove you can build a platform,” CNPA is “prove you understand what a platform is and why it matters.” Pass CNPA first, then level up to the hands-on CNPE.

Exam Domains

Section titled “Exam Domains”
DomainWeightKubeDojo Coverage
Platform Engineering Core Fundamentals36%Excellent (6 discipline + 6 GitOps + 7 toolkit modules)
Platform Observability, Security & Conformance20%Excellent (4 foundation + 5 discipline + 10 toolkit modules)
Continuous Delivery & Platform Engineering16%Excellent (6 discipline + 7 toolkit modules)
Platform APIs and Provisioning Infrastructure12%Excellent (6 discipline + 5 toolkit modules)
IDPs and Developer Experience8%Excellent (6 discipline + 6 toolkit modules)
Measuring Your Platform8%Good (7 SRE discipline + 2 toolkit modules)

Domain 1: Platform Engineering Core Fundamentals (36%)

Section titled “Domain 1: Platform Engineering Core Fundamentals (36%)”

Competencies

Section titled “Competencies”
  • Declarative resource management
  • DevOps principles and culture
  • Application environments and lifecycle
  • Platform architecture concepts
  • Continuous Integration and Continuous Delivery
  • GitOps fundamentals

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Platform Engineering (start here):

ModuleTopicRelevance
Platform Eng 2.1What is Platform Engineering?Direct
Platform Eng 2.2Developer Experience (DevEx)Direct
Platform Eng 2.3Internal Developer PlatformsDirect
Platform Eng 2.4Golden Paths and paved roadsDirect
Platform Eng 2.5Self-Service InfrastructureDirect
Platform Eng 2.6Platform Maturity ModelsDirect

GitOps:

ModuleTopicRelevance
GitOps 3.1What is GitOps? OpenGitOps 4 principlesDirect
GitOps 3.2Repository strategies, mono vs multi-repoDirect
GitOps 3.3Environment promotion patternsDirect
GitOps 3.4Drift detection and reconciliationDirect
GitOps 3.5Secrets management in GitOpsDirect
GitOps 3.6Multi-cluster GitOpsDirect

Architecture & IaC:

ModuleTopicRelevance
Distributed Systems 5.1Distributed systems fundamentalsDirect
IaC 6.1Infrastructure as Code fundamentalsDirect
Systems Thinking 1.1Systems thinking for platform designPartial

Tools (conceptual understanding):

ModuleTopicRelevance
ArgoCDArgoCD: GitOps deliveryDirect
FluxFlux CD: GitOps controllersDirect
Helm & KustomizeDeclarative packaging and customizationDirect
DaggerCI/CD pipeline designDirect
TektonK8s-native CI/CD pipelinesDirect
Argo WorkflowsWorkflow automationDirect
Argo RolloutsProgressive delivery: canary, blue-greenDirect

Domain 2: Platform Observability, Security & Conformance (20%)

Section titled “Domain 2: Platform Observability, Security & Conformance (20%)”

Competencies

Section titled “Competencies”
  • Observability fundamentals (metrics, logs, traces)
  • Secure communication patterns
  • Policy engines and admission controllers
  • Kubernetes security concepts
  • CI/CD pipeline security

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Observability Theory:

ModuleTopicRelevance
Observability 3.1What is Observability?Direct
Observability 3.2Metrics, Logs, TracesDirect
Observability 3.3Instrumentation principlesDirect
Observability 3.4From data to insightDirect

Security:

ModuleTopicRelevance
Security 4.1Security mindsetDirect
Security 4.2Defense in depthDirect
Security 4.3Identity and access managementDirect
DevSecOps 4.1DevSecOps fundamentalsDirect
DevSecOps 4.3Security in CI/CDDirect

Tools (know what they do):

ModuleTopicRelevance
PrometheusPull-based monitoring, PromQLDirect
OpenTelemetryOTel Collector, auto-instrumentationDirect
GrafanaDashboards, data sourcesDirect
LokiLog aggregation, LogQLDirect
TracingJaeger/Tempo, context propagationDirect
OPA/GatekeeperPolicy engine, admission controlDirect
KyvernoYAML-native policy engineDirect
SPIFFE/SPIREWorkload identity, mTLSDirect
Service MeshIstio/Linkerd mTLSDirect
CKA RBACRBAC fundamentalsDirect

Domain 3: Continuous Delivery & Platform Engineering (16%)

Section titled “Domain 3: Continuous Delivery & Platform Engineering (16%)”

Competencies

Section titled “Competencies”
  • CI pipeline concepts and design
  • Incident response and management
  • GitOps basics and workflows

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
GitOps 3.1What is GitOps? OpenGitOps principlesDirect
GitOps 3.3Environment promotion patternsDirect
GitOps 3.4Drift detection and reconciliationDirect
SRE 1.5Incident ManagementDirect
SRE 1.6Blameless PostmortemsDirect
DevSecOps 4.2Shift-left (CI integration)Partial

Tools:

ModuleTopicRelevance
ArgoCDArgoCD: Application CRD, sync, RBACDirect
FluxFlux CD: GitRepository, HelmReleaseDirect
Argo RolloutsProgressive delivery strategiesDirect
DaggerCI/CD pipeline designDirect
TektonK8s-native CI/CD pipelinesDirect
Argo WorkflowsWorkflow automationDirect
Supply ChainSigstore/Cosign, image signingPartial

Domain 4: Platform APIs and Provisioning Infrastructure (12%)

Section titled “Domain 4: Platform APIs and Provisioning Infrastructure (12%)”

Competencies

Section titled “Competencies”
  • Reconciliation loop pattern
  • Custom Resource Definitions (CRDs)
  • Infrastructure provisioning as code
  • Kubernetes Operators

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
Platform Eng 2.5Self-Service InfrastructureDirect
IaC 6.1Infrastructure as CodeDirect
IaC 6.4IaC at ScaleDirect
Distributed Systems 5.2Consensus and coordination (reconciliation)Partial
CKA CRDsCRD creation and operator patternDirect
CKA Extension InterfacesK8s extension pointsDirect

Tools:

ModuleTopicRelevance
CrossplaneXRDs, Compositions, ProvidersDirect
KubebuilderBuilding custom operatorsDirect
Cluster APIDeclarative cluster lifecycleDirect
Helm & KustomizeDeclarative resource packagingPartial
vClusterVirtual clusters for provisioningPartial

Domain 5: IDPs and Developer Experience (8%)

Section titled “Domain 5: IDPs and Developer Experience (8%)”

Competencies

Section titled “Competencies”
  • Service catalogs and software templates
  • Developer portals
  • AI/ML in platform automation

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
Platform Eng 2.2Developer Experience (DevEx)Direct
Platform Eng 2.3Internal Developer PlatformsDirect
Platform Eng 2.4Golden Paths and templatesDirect
Platform Eng 2.6Platform Maturity ModelsDirect
AIOps 6.1AIOps foundationsDirect
AIOps 6.6Auto-remediation with AIPartial

Tools:

ModuleTopicRelevance
BackstageSoftware Catalog, Templates, TechDocsDirect
K9s CLIDeveloper CLI toolingPartial
Telepresence/TiltInner-loop developmentPartial
DevPodReproducible dev environmentsPartial
Gitpod/CodespacesCloud development environmentsPartial
AIOps ToolsAI-powered observability featuresPartial

Domain 6: Measuring Your Platform (8%)

Section titled “Domain 6: Measuring Your Platform (8%)”

Competencies

Section titled “Competencies”
  • DORA metrics (deployment frequency, lead time, MTTR, change failure rate)
  • Platform efficiency and adoption metrics
  • SLOs and error budgets for platforms

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
SRE 1.2SLOs (SLIs, SLAs)Direct
SRE 1.3Error Budgets and burn ratesDirect
SRE 1.4Toil and automation metricsDirect
SRE 1.7Capacity PlanningPartial
Platform Eng 2.6Platform Maturity ModelsDirect
Reliability 2.4Measuring reliabilityDirect
Reliability 2.5SLOs, SLIs, error budgets (theory)Direct

Tools:

ModuleTopicRelevance
SLO ToolingSloth, Pyrra, error budget dashboardsDirect
FinOpsOpenCost, cost allocation, efficiencyDirect

Study Strategy

Section titled “Study Strategy”
CNPA PREPARATION PATH (recommended order)
══════════════════════════════════════════════════════════════


Week 1-2: Core Fundamentals (36% of exam!)
├── Platform Engineering discipline (6 modules)
├── GitOps discipline (6 modules)
├── IaC 6.1 (Infrastructure as Code basics)
└── Distributed Systems 5.1 (architecture concepts)


Week 3: Observability, Security & Conformance (20%)
├── Observability Theory foundation (4 modules)
├── Security Principles foundation (4 modules)
├── DevSecOps 4.1 + 4.3 (fundamentals + CI/CD security)
└── Know your tools: Prometheus, OTel, OPA, Kyverno


Week 4: Continuous Delivery (16%)
├── Review GitOps discipline modules (from Week 1)
├── SRE 1.5 + 1.6 (incident response + postmortems)
├── CI/CD pipeline tools: Dagger, Tekton, Argo Workflows
└── ArgoCD + Flux (conceptual understanding)


Week 5: Platform APIs & IDPs (12% + 8%)
├── CKA CRDs/Operators module (reconciliation loop)
├── Crossplane + Kubebuilder (conceptual)
├── Backstage (service catalogs, developer portals)
└── AIOps 6.1 (AI/ML in automation)


Week 6: Measuring & Review (8% + exam prep)
├── SRE modules: SLOs, error budgets, toil
├── DORA metrics concepts (review Platform Eng 2.6)
├── FinOps / OpenCost (platform efficiency)
└── Full domain review, focus on 36% core fundamentals

Exam Tips

Section titled “Exam Tips”
  • This is a multiple-choice exam — focus on conceptual understanding, not hands-on configuration
  • Core Fundamentals = 36% of the exam — nail platform engineering concepts, GitOps, and DevOps principles first
  • Know the “why” not just the “what” — understand why GitOps uses pull-based reconciliation, why platforms need golden paths, etc.
  • DORA metrics come up everywhere — know the four key metrics and what they measure
  • GitOps principles — memorize the OpenGitOps four principles (declarative, versioned, automated, reconciled)
  • Policy engines — understand OPA vs Kyverno at a conceptual level (when to use each)
  • Time management: 120 minutes for multiple-choice is generous. Read questions carefully, flag uncertain ones, review at the end.

Gap Analysis

Section titled “Gap Analysis”

Our Platform Engineering track covers ~85%+ of the CNPA curriculum. Remaining minor gaps:

TopicStatusNotes
DORA metrics implementationCoveredDORA metrics (deployment frequency, lead time, MTTR, change failure rate) now covered in the SRE discipline modules alongside SLOs and error budgets
DevOps culture & historyMinor gapPlatform Eng modules assume DevOps context; KCNA cloud-native modules provide additional background
Application environment lifecycleCoveredSpread across GitOps environment promotion and IaC modules

These gaps are minor. The 50+ modules mapped above provide comprehensive CNPA preparation.

Section titled “Related Certifications”
CERTIFICATION PATH
══════════════════════════════════════════════════════════════


Entry Level:
├── KCNA (Cloud Native Associate) — K8s fundamentals
├── KCSA (Security Associate) — Security fundamentals
└── CNPA (Platform Engineering Associate) ← YOU ARE HERE


Professional Level:
├── CKA (K8s Administrator) — Cluster operations
├── CKAD (K8s Developer) — Application deployment
├── CKS (K8s Security Specialist) — Security hardening
└── CNPE (Platform Engineer) — Hands-on platform engineering


Specialist (Coming):
└── CKNE (K8s Network Engineer) — Advanced networking

The CNPA is the natural stepping stone to CNPE. CNPA tests your conceptual understanding of platform engineering; CNPE tests your ability to build and operate platforms hands-on. If you pass CNPA, continue with KubeDojo’s platform toolkit modules to build hands-on skills for CNPE.