All About The New CNCF Cilium Certified Associate (CCA) Certification!
What a year it has been for Cilium enthusiasts! A graduation. Two major releases (1.13 and 1.14). Two CiliumCon conferences (Amsterdam and Chicago). Dozens of labs and dozens of bees! Multiple learning tracks. Even a map of the world of Cilium.
But while 2023 has been a tremendous year for the vibrant Cilium community (with over 17,000 GitHub stars and 18,000 participants on the Cilium Slack), 2024 will also start with a bang with the release of the new Cilium Certified Associate (CCA) certification.
Many of you Cilium users would like to show your peers and prospective employers that you know Cilium inside out. That’s one of the reasons the Isovalent’s Cilium badges have been so popular: over 5,000 of them have been allocated since we launched them a year ago.
As Cilium is now a CNCF graduated project and is becoming the de-facto default cloud networking platform for Kubernetes, it became clear a formal certification was needed to recognize the Cilium experts.
The Cilium Certified Associate (CCA) exam is now generally available – you can head over to the Linux Foundation page to enroll.
Who is the Cilium Certified Associate (CCA) exam for?
We know from talking to a multitude of Cilium users that there are many different types of engineers that are using Cilium on a daily basis: the network engineers who need to connect their clusters to the rest of the network, the security engineers who need to enforce encryption or mutual authentication in the cluster and the SRE and DevOps engineers who need to monitor the health of the applications running on the clusters.
More broadly, ideal candidates for the CCA would require some level of Kubernetes knowledge – ideally KCNA or beyond – , some networking knowledge (like understanding the 7-layer OSI model, BGP, TCP, HTTP, DNS) and of course, to be familiar with Cilium.
To pass the CCA, you don’t need to be an expert in all things Cilium ; it is not expected of you that you master all Cilium CLI commands or that you can write eBPF programs. However, hands-on experience with Cilium is highly recommended, if only on virtual labs, home labs or non-prod clusters.
Ultimately, the exam is for any platform, cloud and network engineers keen to validate their knowledge of Cilium.
What is on the blueprint for the CCA ?
The following Cilium domains make up the curriculum of the certification:
- Architecture (20%)
- Understand the role of Cilium in Kubernetes environments
- Cilium Architecture
- IP Address Management (IPAM) with Cilium
- Cilium Component Roles
- Datapath Models
- Network Policy (18%)
- Interpret Cilium Network Policies and Intent
- Understand Cilium’s identity-based network security model
- Policy Enforcement Modes
- Policy Rule Structure
- Kubernetes Network Policies versus Cilium Network Policies
- Service Mesh (16%)
- Know how to use Ingress or Gateway API for ingress routing
- Service Mesh Use Cases
- Understand the benefits of Gateway API over Ingress
- Encrypting traffic in transit with Cilium
- Sidecar-based versus Sidecarless Architectures
- Network Observability (10%)
- Understand the observability capabilities of Hubble
- Enabling Layer 7 Protocol Visibility
- Know how to use Hubble from the command line or the Hubble UI
- Installation and Configuration (10%)
- Know how to use Cilium CLI to query and modify the configuration
- Using Cilium CLI to install Cilium, run connectivity tests, and monitor its status
- Cluster Mesh (10%)
- Understand the benefits of Cluster Mesh for multi-cluster connectivity
- Achieve service discovery and load balancing across clusters with Cluster Mesh
- eBPF (10%)
- Understand the role of eBPF in Cilium
- eBPF Key Benefits
- eBPF-based Platforms versus IPtables-based Platforms
- BGP and External Networking (6%)
- Egress Connectivity Requirements
- Understand options to connect Cilium-managed clusters with external networks
What does the CCA demonstrate?
If you pass the CCA, it demonstrates that you possess a good understanding of the major features, benefits and use cases offered by Cilium and that you can make an informed decision on how Cilium could be installed and configured on your Kubernetes clusters.
Who created the CCA exam?
The Cloud Native Computer Foundation and Linux Foundation Training and Certification led the development of the certification. The content of the exam is currently being created by a set of SMEs across multiple companies, including Cilium experts from Microsoft, Solo.io, Conoa, Accenture, Datadog and Isovalent.
What is the format of the exam?
The exam is a multiple choice exam and is 90-minutes long.
Are there any pre-requisites for the CCA exam?
There are no pre-requisites for this exam.
How can I be notified when the exam is available?
The exam is now available. You can enroll on the Linux Foundation CCA page.
How much does the exam cost?
The certification costs $250.
How do I get a discount on the CCA exam?
To get a discount code on the exam, you simply need to take one of our Cilium Discovery Labs. Each Discovery lab will let you explore multiple Cilium features, based on a particular role:
- Discovery: SecOps Engineer lab
- Discovery: Cloud Network Engineer lab
- Discovery: Platform Engineer lab
On completion of any Discovery lab, you will be entitled to a 15% discount on the CCA.
On completion of all three Discovery labs, you will be entitled to a 40% discount on the CCA.
How can I prepare for the CCA ?
There are many resources you can use to pass the CCA first time. We know you all like to learn via different methods so here are a few different avenues on how to get ready for the exam:
CCA Study Guide
This excellent study guide is a very useful set of resources for anyone looking at taking the CCA. Feel free to raise Pull Requests to update the repo with any other useful collateral you come across!
Isovalent Cilium Labs
Our collection of labs has expanded significantly in the past year. We now have over 25 free online labs that you can do at your own leisure.
On completion of these labs, you will receive a digital badge via Credly. Here are some of the badges you might get on completion of the Discovery labs:
We offer a set of longer learning paths you can follow to help you learn Cilium, based on your particular skillset:
- Platform Ops Learning Path
- Cloud Network Engineer Learning Path
- SecOps Engineer Learning Path
- Platform Engineer Learning Path
- Cloud Architect Learning Path
Isovalent Resource Library
In addition to the labs, you can find lots of additional content in the Isovalent Resource Library, including case studies, tutorials and blog posts and features.
Cilium.io
On Cilium.io, you will find lots of very useful references, such as a comprehensive list of use cases and user case studies.
Training Course
The recent “Introduction to Cilium” course covers most domains covered in the CCA.
Videos
The Isovalent YouTube channel and the eBPF & Cilium Community channel are both great sources of video content on Cilium. Make sure you subscribe to both!
Documentation
The Cilium docs are the primary reference for the exam. Make sure you are familiar with the core concepts explained in the Cilium docs. This includes:
- Introduction to Cilium & Hubble
- Cilium Component Overview
- Cilium installation
- Hubble Introduction
- Hubble CLI
- Cilium Terminology
- Cilium Networking Concepts
- Kubernetes Networking with Cilium
- BGP with Cilium
- LB IPAM
- eBPF Datapath
- Multi Cluster Networking
- Cilium Service Mesh
- Network Security with Cilium
- Overview of Cilium Network Policy
- Layer 7 Protocol Visibility
- Cilium configuration
- Cilium troubleshooting
Learning Together
Learning a new technology with others is definitely more fun with others! Why don’t you join the Cilium Slack community? For specific questions around the exam, head over to the #certifications
channel.
Good luck with the exam!
Liz Rice is Chief Open Source Officer with eBPF pioneers Isovalent, creators of the Cilium project, which provides cloud native networking, observability and security. She is a member of the Open UK Board, and of the CNCF’s Governing Board. She was chair of the CNCF’s Technical Oversight Committee 2019-2022, and co-chaired the KubeCon / CloudNativeCon 2018 events in Copenhagen, Shanghai, and Seattle.
Her background and core competence is systems software engineering, but she loves the whole process of building products.
Prior to joining Isovalent, Nico worked in many different roles—operations and support, design and architecture, and technical pre-sales—at companies such as HashiCorp, VMware, and Cisco.
In his current role, Nico focuses primarily on creating content to make networking a more approachable field and regularly speaks at events like KubeCon, VMworld, and Cisco Live.