Перейти до вмісту
GitHub

CNPE - Certified Cloud Native Platform Engineer

Цей контент ще не доступний вашою мовою.

Performance-based exam | 120 minutes | Passing score: TBD | $445 USD | Launched November 2025

Overview

Section titled “Overview”

The CNPE (Certified Cloud Native Platform Engineer) validates skills in designing, building, and operating Internal Developer Platforms on Kubernetes. It’s a hands-on exam — you’ll configure real infrastructure, not answer multiple-choice questions.

KubeDojo covers ~90% of CNPE topics through our existing Platform Engineering track. This page maps CNPE domains to existing modules so you can prepare efficiently.

Unlike other certifications, CNPE is NOT K8s-version-specific. It tests platform engineering practices, not raw kubectl skills. Think of it as “CKA for platform teams.”

Exam Domains

Section titled “Exam Domains”
DomainWeightKubeDojo Coverage
GitOps & Continuous Delivery25%Excellent (6 discipline + 7 toolkit modules)
Platform APIs & Self-Service25%Excellent (6 discipline + 4 toolkit modules)
Observability & Operations20%Excellent (4 foundation + 7 discipline + 10 toolkit modules)
Platform Architecture15%Excellent (7 foundation + 3 discipline modules)
Security & Policy15%Excellent (4 foundation + 6 discipline + 6 toolkit modules)

Domain 1: GitOps & Continuous Delivery (25%)

Section titled “Domain 1: GitOps & Continuous Delivery (25%)”

Competencies

Section titled “Competencies”
  • Implementing GitOps workflows for application and infrastructure deployment
  • Building and configuring CI/CD pipelines integrated with Kubernetes
  • Deploying applications using progressive delivery strategies (blue/green, canary)

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory (start here):

ModuleTopicRelevance
GitOps 3.1What is GitOps? OpenGitOps 4 principlesDirect
GitOps 3.2Repository strategies, mono vs multi-repoDirect
GitOps 3.3Environment promotion patternsDirect
GitOps 3.4Drift detection and reconciliationDirect
GitOps 3.5Secrets management in GitOpsDirect
GitOps 3.6Multi-cluster GitOpsDirect

Tools (hands-on):

ModuleTopicRelevance
ArgoCDArgoCD: Application CRD, sync, RBAC, ApplicationSetDirect
Argo RolloutsProgressive delivery: canary, blue-green, analysisDirect
FluxFlux CD: 5 controllers, GitRepository, HelmReleaseDirect
Helm & KustomizePackaging and customizationDirect
DaggerCI/CD pipeline designDirect
TektonK8s-native CI/CD pipelinesDirect
Argo WorkflowsWorkflow automationDirect

Domain 2: Platform APIs & Self-Service (25%)

Section titled “Domain 2: Platform APIs & Self-Service (25%)”

Competencies

Section titled “Competencies”
  • Designing and creating CRDs for platform services
  • Implementing self-service provisioning using platform APIs
  • Using Kubernetes Operators for platform automation
  • Using automation frameworks for self-service provisioning

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
Platform Eng 2.1What is Platform Engineering?Direct
Platform Eng 2.2Developer Experience (DevEx)Direct
Platform Eng 2.3Internal Developer PlatformsDirect
Platform Eng 2.4Golden Paths and paved roadsDirect
Platform Eng 2.5Self-Service InfrastructureDirect
Platform Eng 2.6Platform Maturity ModelsDirect

Tools:

ModuleTopicRelevance
BackstageSoftware Catalog, Templates, TechDocsDirect
CrossplaneXRDs, Compositions, ProvidersDirect
KubebuilderBuilding custom operatorsDirect
Cluster APIDeclarative cluster lifecycleDirect
vClusterVirtual clusters for self-serviceDirect
CKA CRDsCRD creation and operator patternDirect

Domain 3: Observability & Operations (20%)

Section titled “Domain 3: Observability & Operations (20%)”

Competencies

Section titled “Competencies”
  • Implementing monitoring, alerting, logging, and tracing solutions
  • Measuring platform efficiency using deployment metrics (DORA)
  • Diagnosing and remediating platform issues

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
Observability 3.1What is Observability?Direct
Observability 3.2Metrics, Logs, TracesDirect
Observability 3.3Instrumentation principlesDirect
SRE 1.1What is SRE?Direct
SRE 1.2SLOs (SLIs, SLAs)Direct
SRE 1.3Error Budgets and burn ratesDirect
SRE 1.5Incident ManagementDirect

Tools:

ModuleTopicRelevance
PrometheusPull-based monitoring, PromQL, ServiceMonitorDirect
OpenTelemetryOTel Collector, auto-instrumentationDirect
GrafanaDashboards, data sources, provisioningDirect
LokiLog aggregation, LogQLDirect
TracingJaeger/Tempo, context propagationDirect
SLO ToolingSloth, Pyrra, error budget dashboardsDirect
Continuous ProfilingParca, Pyroscope (4th pillar)Partial
FinOpsOpenCost, cost allocation, right-sizingDirect

Domain 4: Platform Architecture (15%)

Section titled “Domain 4: Platform Architecture (15%)”

Competencies

Section titled “Competencies”
  • Applying best practices for networking, storage, and compute
  • Using cost management solutions for right-sizing and scaling
  • Optimizing multi-tenancy resource usage

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
Systems Thinking 1.1Systems thinking for architectsPartial
Distributed Systems 5.1Distributed systems fundamentalsDirect
Distributed Systems 5.2Consensus and coordinationDirect
Reliability 2.3Redundancy and fault toleranceDirect
IaC 6.1Infrastructure as CodeDirect
IaC 6.4IaC at ScaleDirect

Tools:

ModuleTopicRelevance
KarpenterAutoscaling, right-sizingDirect
KEDAEvent-driven autoscalingDirect
FinOpsCost management, OpenCostDirect
vClusterMulti-tenancy with virtual clustersDirect
CiliumeBPF networking, policiesDirect

Domain 5: Security & Policy (15%)

Section titled “Domain 5: Security & Policy (15%)”

Competencies

Section titled “Competencies”
  • Configuring secure service-to-service communication
  • Applying RBAC and security controls
  • Generating audit trails and enforcing compliance (SBOM)
  • Using policy engines and admission controllers
  • Integrating security scanning into pipelines

KubeDojo Learning Path

Section titled “KubeDojo Learning Path”

Theory:

ModuleTopicRelevance
Security 4.1Security mindsetDirect
Security 4.2Defense in depthDirect
DevSecOps 4.1DevSecOps fundamentalsDirect
DevSecOps 4.2Shift-left securityDirect
DevSecOps 4.3Security in CI/CDDirect
DevSecOps 4.4Supply chain security, SBOMDirect
DevSecOps 4.5Runtime securityDirect

Tools:

ModuleTopicRelevance
OPA/GatekeeperPolicy engine (Rego), admission controlDirect
KyvernoYAML-native policy engineDirect
FalcoRuntime threat detectionDirect
Supply ChainSigstore/Cosign, image signing, SBOMDirect
Vault & ESOSecrets managementDirect
SPIFFE/SPIREWorkload identity, mTLSDirect
Service MeshIstio/Linkerd mTLSDirect

Study Strategy

Section titled “Study Strategy”
CNPE PREPARATION PATH (recommended order)
══════════════════════════════════════════════════════════════


Week 1-2: Foundations
├── Platform Engineering discipline (6 modules)
├── Security Principles foundation (4 modules)
└── Observability Theory foundation (4 modules)


Week 3-4: GitOps & CD (25% of exam!)
├── GitOps discipline (6 modules)
├── ArgoCD + Flux toolkit modules
└── Argo Rollouts (progressive delivery)


Week 5-6: Platform APIs & Self-Service (25% of exam!)
├── Backstage + Crossplane toolkit modules
├── CKA CRDs/Operators module
├── Kubebuilder module (build an operator)
└── vCluster for multi-tenancy


Week 7-8: Observability & Operations (20%)
├── SRE discipline (SLOs, error budgets, incidents)
├── Prometheus + OTel + Grafana + Loki toolkit
├── SLO Tooling (Sloth/Pyrra)
└── FinOps / OpenCost


Week 9-10: Security & Policy (15%)
├── DevSecOps discipline (5 modules)
├── OPA/Gatekeeper + Kyverno
├── Supply chain security (Sigstore/SBOM)
└── SPIFFE/SPIRE + Service Mesh mTLS


Week 11-12: Architecture & Practice (15%)
├── Distributed Systems foundation
├── Karpenter + KEDA (autoscaling)
├── Chaos Engineering (resilience testing)
└── Mock exercises, killer.sh equivalent

Exam Tips

Section titled “Exam Tips”
  • This is a hands-on exam — you’ll configure real clusters, not answer theory questions
  • Focus on ArgoCD and Crossplane — they’re the most heavily tested tools (GitOps + Self-Service = 50% of exam)
  • Know your CRDs — designing and creating CRDs is a core skill
  • Practice PromQL — you’ll need to write queries and create alerts
  • RBAC + OPA/Kyverno policies — security is tested with real policy enforcement scenarios
  • Time management: 120 minutes for ~15-20 tasks. Budget ~6-8 minutes per task.

Gap Analysis

Section titled “Gap Analysis”

Our Platform Engineering track covers ~95%+ of the CNPE curriculum. Remaining minor gaps:

TopicStatusNotes
Argo Events (event-driven automation)CoveredSee Argo Events in the CAPA track — EventSource, Sensor, EventBus, Triggers
DORA metrics implementationCoveredDORA metrics now covered in the SRE discipline modules; SLOs and error budgets provide the measurement framework
Hierarchical NamespacesMinor gap (niche topic)Niche multi-tenancy topic, unlikely to be exam-critical; vCluster module covers multi-tenancy alternatives

These gaps are minor. The 60+ modules mapped above provide comprehensive CNPE preparation.

Section titled “Related Certifications”
CERTIFICATION PATH
══════════════════════════════════════════════════════════════


Entry Level:
├── KCNA (Cloud Native Associate) — K8s fundamentals
├── KCSA (Security Associate) — Security fundamentals
└── CNPA (Platform Engineering Associate) — Platform basics


Professional Level:
├── CKA (K8s Administrator) — Cluster operations
├── CKAD (K8s Developer) — Application deployment
├── CKS (K8s Security Specialist) — Security hardening
└── CNPE (Platform Engineer) ← YOU ARE HERE


Specialist (Coming):
└── CKNE (K8s Network Engineer) — Advanced networking

The CNPE complements CKA/CKS by testing platform-level skills rather than cluster-level operations. If you’ve completed KubeDojo’s CKA + Platform Engineering tracks, you’re well-prepared.