Volodymyr Pokhyla, Senior DevOps Developer at Svitla Systems, has recently added the Kubestronaut badge to his already rare collection and, with it, entered a group of approximately 15 people worldwide who hold both the AWS Golden Jacket and the Kubestronaut jacket simultaneously.
The AWS Golden Jacket recognizes engineers who have passed every active AWS certification - currently 13 across cloud architecture, security, and networking. Only around 200 people worldwide have earned it.
The Kubestronaut badge requires all five CNCF Kubernetes certifications, three of which are fully hands-on practical exams with a live terminal and real clusters. Earning both puts Volodymyr among a handful of engineers on earth with verified, end-to-end mastery of modern cloud-native infrastructure.
At Svitla Systems, we're proud to have engineers like Volodymyr on the team. To support and encourage their continuous growth, Svitla covers certification costs and provides bonuses for engineers who get certified across AWS, Azure, and DevOps.
This investment benefits everyone, including our clients, who can trust that their infrastructure is designed and operated by experts certified at the highest level the industry recognizes.
To go deeper on his latest achievement, we sat down with Volodymyr to talk about how the Kubestronaut path truly works: the exams, the grind, the strategy, and what it all means when you're already operating at a level most engineers never reach.
You already hold the AWS Golden Jacket, and that’s a huge achievement. What pulled you toward Kubestronaut?
Kubernetes has become the industry standard for container orchestration. For me, it was a natural next step. Given how widely it's adopted across cloud-native architectures, I see it as a core layer alongside AWS, especially when it comes to building portable, scalable, and resilient systems.
Kubestronaut was about going deep and mastering that layer end-to-end rather than just being familiar with it.
Also, the approach I use for any certification series, including AWS, is to go hardest-first.
For AWS, I started with DevOps Professional and Solution Architect Professional, then Specialty exams, then Associate, and finally the Cloud Practitioner and AI Practitioner. I did the same with Kubernetes: I started with the three hands-on exams, leaving the two theoretical ones for the last bit.
The Road to the AWS Golden Jacket – Interview with Volodymyr PokhylaLearn how to become one of the appoximately 100 professionals worldwide who hold the AWS Golden Jacket.Read the article
Walk us through the five Kubestronaut exams. What are we actually talking about here?
Kubestronaut is a certification program focused on Kubernetes and cloud-native technologies, managed by the Cloud Native Computing Foundation (CNCF) and the Linux Foundation.
The core program includes 5 Kubernetes-related certifications:
The Kubestronaut status requires all five CNCF certifications to be active at the same time. Three of them - CKA, CKAD, and CKS are fully hands-on. You sit down, get access to a remote Linux terminal, and tasks appear on screen. There’s no multiple choice. You either fix the cluster, or you don't.
The other two - KCNA and KCSA are theoretical: multiple choice, standard format.
I passed CKA first, prepared thoroughly for it, then CKAD a week later. Then I took a break and worked toward CKS, that's the hardest one. After CKS, I left KCNA and KCSA for the end and passed them within 2 or 3 days of each other.
One important thing: all five must be active simultaneously. If one expires before you've completed the rest, the status doesn't count. It works the same way as the AWS Golden Jacket, everything has to be valid at once.
On that note, I'd like to add that the certification space is moving super fast. Anthropic just launched its first official technical credential, the Claude Certified Architect – Foundations, in March 2026. It's a proctored, architecture-level exam for engineers building production-grade AI systems. In my opinion, it's a sign that structured certification is spreading well beyond traditional cloud and infrastructure domains.
How do the hands-on exams actually work? Can you use any resources during the exam?
There's a defined list of permitted resources for each practical exam, mainly the official Kubernetes documentation. For CKS, Cilium and Falco tool documentation is also allowed.
You get access to a remote machine, a terminal, and now also a basic editor. You can play around within the approved resources. No outside searching, of course.
The theoretical exams, KCNA and KCSA, work the standard way: you're on your own.
One thing worth knowing: check-in takes time. For CKS, my proctor check-in alone took about 30 minutes, showing the room from every angle, checking under the desk, on the windowsill, everything. That time doesn't count against you. The two-hour clock only starts when the proctor releases the exam.
And unlike AWS, there's no accommodation time for non-native English speakers. AWS adds 30 minutes for that.
How did you structure your days to fit everything in?
Evenings and weekends, mostly. KodeKloud was my primary resource; it combines theory with hands-on labs directly in the browser, which matters a lot for practical exams. They offer playgrounds where you can work through scenarios as many times as needed.
There's also KillerCoda for free practice, and Killer Shell, which comes included when you purchase a certification from Linux Foundation. You get two attempts at a Killer Shell practice exam, and those sessions are close enough to the real thing that a good percentage of questions will feel familiar on exam day.
Annual KodeKloud subscriptions are priced higher, but they run frequent promotions. I found a 50% discount and then got additional promo codes, eventually paying $162 for the full year.
The certifications themselves: practical exams run around $445 each, theoretical ones around $250. You can buy bundles. I picked up my last two in a bundle during Chinese New Year for $212 instead of $500. You get one year from purchase to sit the exam, and I think that's enough time for anyone to prepare properly.
CKS is considered the toughest in the series. What made it hard for you?
It's not just Kubernetes, it's rather Kubernetes security, which pulls in a whole set of additional tools. AppArmor, Falco, Cilium. You need to know them well enough to apply them quickly under time pressure.
What surprised me was how broad the scope gets. There were questions around Docker daemon security, Linux-level hardening, and runtime auditing, not just Kubernetes-specific topics.
Each task isn't a single isolated question. It's a scenario that requires you to investigate a problem, fix it, verify the fix, and move on. That combination of depth and time pressure is what makes CKS legitimately difficult.
Speed is underestimated. You can know the material and still run out of time if you haven't practiced working fast.
I recommend flagging anything you're not certain about. Linux Foundation's exam interface lets you mark questions for review and come back after you've moved through everything else.
AWS and Kubernetes represent quite different ways of thinking about infrastructure. Which required more of a mental shift?
AWS felt like an evolution. Even with managed services and abstraction layers, you're still working with recognizable patterns: networking, scaling, and access control. I also work extensively with Amazon EKS, so Kubernetes within the AWS ecosystem was already familiar ground.
Kubernetes itself requires a different way of thinking: declarative configuration, reconciliation loops, immutable infrastructure, and distributed systems at the center of everything.
AWS was more of a progression from what I already knew. Kubernetes was a shift in how you reason about building and operating systems.
Three exams are hands-on, and two are multiple-choice. So, which is harder - knowing or doing?
Doing, without question.
AWS Professional-level exams are genuinely difficult. Deep architecture, tradeoffs, edge cases. I'd also put AWS Advanced Networking Specialty in that tier. But with those exams, you're selecting the best answer from a set of options. You can reason your way to an answer even when you're not completely sure about it.
With Kubernetes practical exams, there's no reasoning your way through it. Either you can fix the cluster under time pressure, or you can't. That's a different kind of hard.
The AWS Golden Jacket is about breadth - 13 active certifications across many domains. Kubestronaut is about depth in one ecosystem. Does the finish line feel different?
Yes. Completely different.
With AWS, completing the full set feels like a marathon across many domains, architecture, security, networking, AI, and operational practices. It's an accumulation of breadth over a long stretch of time.
With Kubernetes, it's a more focused thing. The hands-on exams, especially CKS, demand a specific kind of mastery. You know you can operate production-grade clusters, handle security incidents, and manage workloads. It's narrower but deeper.
I passed the AWS Generative AI Professional on March 15, 2026. That single exam automatically renewed several of my other certifications - AI Practitioner, Machine Learning Engineer Associate, and Data Engineer Associate, Cloud Practitioner for another three years each.
Linux Foundation doesn't have that system yet, though at a recent Kubestronaut community meeting, someone proposed a similar model to CNCF, where passing a higher-level practical exam would automatically renew a lower-level one. It's not in place yet, but it's discussed.
Do Kubernetes certifications have anything to say about AI and ML workloads?
Not yet directly. The current exams - CKA, CKAD, and CKS - still focus on classic cluster management, networking, scheduling, and security. There's nothing in the exam syllabus about GPU scheduling, Kubeflow, or KServe.
That said, Kubernetes is fast becoming the underlying platform for AI and ML workloads.
The foundation you build through these certifications - knowing how clusters function, how to secure them, how scheduling decisions get made, translates directly to operating AI workloads reliably. The certification doesn't test it yet, but the knowledge applies.
What's the recommended path for someone starting from zero?
Start with KCNA. It's the entry point: Kubernetes concepts, cloud-native ecosystem, no pressure. Then KCSA to get security fundamentals early. Then, CKA, that's where it gets real, and where most of the core administrative knowledge lives.
CKAD builds on it from an application developer's perspective. CKS last, once everything else is solid.
If you've been working with Kubernetes for years already, you can flip the order. Start with the practical exams, CKA, CKAD, CKS, and leave KCNA and KCSA for the end. They become fast finishes once you've cleared the hard ones.
Either way, don't skip hands-on practice. KodeKloud, KillerCoda, Killer.sh. The exams are pass-by-doing, not pass-by-reading.
Start with the practical exams, CKA, CKAD, CKS, and leave KCNA and KCSA for the end. They become fast finishes once you've cleared the hard ones.
Some engineers argue that if you have real experience, certifications are just paperwork. What do you say?
Certifications validate what you know. They also fill in gaps. The CKS covers security tools I rarely face on actual projects.
AWS Professional and Specialty exams regularly include services I've never used in a client environment. That exposure matters as it shows you what's possible and how it fits into a broader architecture.
But there's a ceiling. If someone has 200 or 300 certifications, that's a flag for me, not a signal. The question stops being "what do they know" and starts being "have they ever built anything?" Certifications are complementary to hands-on work. When they're stacked on top of real project experience, they're meaningful. On their own, they're just a list.
I have around 22 active certifications right now.
What does Kubestronaut mean to you personally?
It confirms that I understand Kubernetes' infrastructure at a level that matters. Security, operational patterns, how the ecosystem actually behaves, not just the abstractions built on top of it.
In the modern toolchain, a lot of people work with Kubernetes through Helm, Argo CD, Flux, and other layers that handle the complexity for you.
These certifications test raw Kubernetes, with no abstractions, no CD systems making decisions for you. Passing them means you know what's happening underneath all of that.
Professionally, it's validation for clients and colleagues. Personally, it's proof to myself that the depth is there.
What's next? Is Golden Kubestronaut already on the list?
There are around 10 additional specialized certifications required for Golden Kubestronaut status - Argo, Kyverno, Cilium, Prometheus, Istio, and others. I'll likely pick them up from autumn onward, depending on project load.
From what I can tell, there are only a handful of people in the world who hold both the AWS Golden Jacket and the Kubestronaut Jacket. I haven't come across anyone yet who holds both golden-level versions of each. That's the target.
