KCA Study Plan

How to prepare for the Kyverno Certified Associate exam — a structured study plan covering all domains in priority order.

Study time

1–6 weeks

Difficulty

Intermediate

Pass mark

75%

Exam cost

$250

Prerequisites before you start

Kubernetes RBAC and admission controller concepts. Understanding of Kubernetes resource schemas (Pod spec, labels, annotations).

4-week KCA study schedule

This schedule works whether you have 4 weeks or 4 months — compress or expand each week based on your available time. Engineers with relevant background can often move faster through early weeks.

Week 1

Writing Policies (32%) & Kyverno Fundamentals (18%)

Writing Policies (32%): policy rule structure (match, exclude, mutate, validate, generate, verify-images), preconditions, JMESPath expressions, Kyverno variables and context. Kyverno Fundamentals (18%): architecture, admission controller role, webhooks, policy modes (Audit vs Enforce). These two domains total 50% of the exam.
Week 2

Installation, Configuration & Applying Policies

Installation, Configuration, and Upgrades (18%): Helm install, admission controller registration, webhook configuration, high availability setup. Applying Policies (10%): ClusterPolicy vs Policy scope, exemptions, policy reports, violation handling.
Week 3

Kyverno CLI & Policy Management

Kyverno CLI (12%): kyverno test, kyverno apply, unit testing policies, CI integration. Policy Management (10%): policy lifecycle, versioning, policy reports (PolicyReport, ClusterPolicyReport), organizing policies in GitOps.
Week 4

Mock Exams & Policy Writing Practice

Run timed mocks targeting 85%+. Writing Policies is the largest domain — review rule structures for validate, mutate, and generate rule types. Practice reading YAML policies and predicting their behavior.

Practice with KCA mock exams60 questions · 90-minute timer · full explanations

Study tips for KCA

Writing Policies (32%) is the biggest domain — understand all four rule types: validate, mutate, generate, and verify-images, and their YAML structure.
Know the difference between ClusterPolicy (cluster-wide) and Policy (namespaced) — scope questions appear frequently.
Kyverno CLI is distinctly testable: `kyverno test` for unit testing policies, `kyverno apply` for dry-runs. Know which command does what.
Understand the difference between Audit mode (log violations, allow resources) and Enforce mode (reject violations). This is a critical operational decision.

Mock exam strategy

Mock exams are the most important study tool for associate-level CNCF certs. Here is how to use them effectively:

Take your first mock without studying — use the results as a diagnostic to see your baseline and find your weakest domains.
Study the domains you missed most, not the ones you already know.
Always do mocks under real conditions: no notes, 90-minute timer, no pausing.
Review every wrong answer after each mock. Understanding why wrong answers are wrong is as valuable as knowing the right answer.
Target 85%+ consistently before booking the real exam. The extra buffer protects against nerves on exam day.

Recommended KCA resources

Official CNCF KCA curriculum — the authoritative list of topics. Use it as your checklist.
The KCA exam is closed-book — read official documentation now, not on exam day.
Community Slack channels (CNCF Slack #certifications) have real candidates discussing recent exam experiences.

KCA mock exam hub Free KCA sample questions KCA exam tips