| last-updated | 2026-05-03 |
|---|---|
| difficulty | intermediate |
A structured certification path for platform engineers responsible for building and maintaining internal developer platforms, infrastructure automation, and deployment systems.
- Role Definition
- Recommended Certification Path
- Skills Roadmap
- Career Progression and Salary Ranges
- Hands-On Projects to Build
- Learning Resources
Platform engineers design, build, and maintain the internal platforms that development teams use to build, deploy, and operate applications. The role bridges the gap between traditional infrastructure/operations and software development.
- Build and maintain Internal Developer Platforms (IDPs)
- Design CI/CD pipelines and deployment workflows
- Manage Kubernetes clusters and container orchestration
- Implement Infrastructure as Code for all environments
- Create self-service capabilities for development teams
- Establish observability and monitoring standards
- Enforce security policies through automation
- Define golden paths and platform abstractions
- Focuses on building platforms as products for internal teams
- Emphasizes developer experience and self-service
- Treats infrastructure capabilities as APIs
- Applies product management thinking to internal tooling
Linux Foundation Certified IT Associate (LFCA)
- Linux fundamentals, networking basics, cloud concepts
- Good starting point for those new to infrastructure
- Cost: ~$395
- Prep time: 4-6 weeks
- https://training.linuxfoundation.org/certification/certified-it-associate/
Red Hat Certified System Administrator (RHCSA - EX200)
- Hands-on Linux administration on RHEL 9 (performance-based exam)
- Stronger Red Hat / RHEL specific path; complementary to LFCA / LFCS
- Cost: ~$500
- Prep time: 6-8 weeks
- → Full RHCSA study guide
CompTIA Cloud+ (CV0-004)
- Vendor-neutral cloud concepts, architecture, security
- Covers multi-cloud fundamentals
- Cost: ~$369
- Prep time: 6-8 weeks
- https://www.comptia.org/certifications/cloud
Certified Kubernetes Administrator (CKA)
- Cluster installation, configuration, and management
- Networking, storage, security, troubleshooting
- Performance-based exam (hands-on)
- Cost: ~$395
- Prep time: 8-12 weeks
- https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/
HashiCorp Terraform Associate (003)
- Terraform workflow, state management, modules
- Provider configuration and HCL syntax
- Cost: ~$70.50
- Prep time: 4-6 weeks
- https://developer.hashicorp.com/terraform/tutorials/certification-003/associate-study-003
Choose one based on your organization's primary cloud:
AWS Solutions Architect Associate (SAA-C03)
- Broad AWS service knowledge
- Architecture best practices
- Cost: ~$150
- https://aws.amazon.com/certification/certified-solutions-architect-associate/
OR Azure Administrator Associate (AZ-104)
- Azure resource management
- Identity, networking, compute, storage
- Cost: ~$165
- https://learn.microsoft.com/en-us/credentials/certifications/azure-administrator/
OR Google Cloud Professional Cloud Architect
- GCP architecture and design
- Migration and optimization
- Cost: ~$200
- https://cloud.google.com/learn/certification/cloud-architect
Certified Kubernetes Security Specialist (CKS)
- Cluster hardening, system hardening
- Supply chain security, runtime security
- Requires CKA as prerequisite
- Cost: ~$395
- Prep time: 6-8 weeks
- https://training.linuxfoundation.org/certification/certified-kubernetes-security-specialist/
Argo Project Associate (APA)
- GitOps principles and Argo CD
- Progressive delivery with Argo Rollouts
- Cost: ~$250
- https://training.linuxfoundation.org/certification/argo-project-associate-apa/
Prometheus Certified Associate (PCA)
- Monitoring, alerting, PromQL
- Cloud-native observability
- Cost: ~$250
- https://training.linuxfoundation.org/certification/prometheus-certified-associate/
- Command line proficiency (bash scripting)
- File systems, permissions, processes
- Networking (TCP/IP, DNS, HTTP, TLS)
- systemd, package management
- Performance monitoring and tuning
- Docker/OCI container building and management
- Image optimization and multi-stage builds
- Container registries (ECR, ACR, Artifact Registry, Harbor)
- Container security scanning
- Podman and containerd
- Cluster architecture and components
- Workload management (Deployments, StatefulSets, DaemonSets, Jobs)
- Networking (Services, Ingress, NetworkPolicies, CNI)
- Storage (PV, PVC, StorageClasses, CSI)
- RBAC and security contexts
- Helm chart development
- Custom Resource Definitions and Operators
- Terraform (modules, state, workspaces, providers)
- Pulumi or Crossplane as alternatives
- Configuration management (Ansible)
- Policy as Code (OPA/Gatekeeper, Kyverno, Sentinel)
- GitHub Actions, GitLab CI, or Jenkins
- Build systems (Gradle, Maven, npm)
- Artifact management (Artifactory, Nexus)
- GitOps (Argo CD, Flux)
- Progressive delivery (canary, blue-green)
- Feature flags
- Metrics (Prometheus, Grafana, Datadog)
- Logging (ELK/EFK stack, Loki, CloudWatch)
- Tracing (Jaeger, Tempo, X-Ray)
- Alerting and on-call (PagerDuty, OpsGenie)
- SLIs, SLOs, SLAs, error budgets
- Secret management (Vault, AWS Secrets Manager, SOPS)
- Network security and zero trust
- Supply chain security (Sigstore, Cosign)
- Vulnerability scanning (Trivy, Snyk)
- Identity and access management
Salary ranges are approximate for the US market (2025) and vary by location, company size, and industry.
- Salary: $85,000 - $120,000
- Focus: Learning tools, following established patterns
- Certifications: LFCA, Cloud+, one cloud associate cert
- Salary: $120,000 - $170,000
- Focus: Building platform components, automation
- Certifications: CKA, Terraform Associate, cloud cert
- Salary: $160,000 - $220,000
- Focus: Platform architecture, mentoring, cross-team initiatives
- Certifications: CKS, multiple cloud certs, GitOps certs
- Salary: $200,000 - $300,000+
- Focus: Platform strategy, organizational impact, technical leadership
- Certifications: Advanced certs, thought leadership
- Set up a Kubernetes cluster (EKS/AKS/GKE or kind/k3s)
- Deploy Argo CD for GitOps
- Create a golden path template for deploying microservices
- Add Prometheus and Grafana for monitoring
- Build reusable CI/CD pipeline templates (GitHub Actions or GitLab CI)
- Include build, test, security scan, and deploy stages
- Create a self-service mechanism for teams to adopt pipelines
- Implement progressive delivery with canary deployments
- Build Terraform modules for standard infrastructure patterns
- Implement remote state with locking
- Add policy checks with OPA or Sentinel
- Create a self-service Terraform workflow via Atlantis or Spacelift
- Deploy Backstage as a developer portal
- Create software catalog entries and templates
- Integrate with CI/CD, monitoring, and documentation
- Build custom plugins for your platform
- Build a multi-cluster Kubernetes platform
- Implement fleet management across environments
- Add cross-cluster observability
- Implement disaster recovery and failover
- "Team Topologies" by Matthew Skelton and Manuel Pais
- "Platform Engineering on Kubernetes" by Mauricio Salatino
- "Kubernetes in Action" by Marko Luksa
- "Infrastructure as Code" by Kief Morris
- Platform Engineering Community: https://platformengineering.org/
- CNCF Landscape: https://landscape.cncf.io/
- Kubernetes Documentation: https://kubernetes.io/docs/
- Terraform Tutorials: https://developer.hashicorp.com/terraform/tutorials
- The New Stack: https://thenewstack.io/
- Killercoda (interactive scenarios): https://killercoda.com/
- KodeKloud (hands-on labs): https://kodekloud.com/
- A Cloud Guru (cloud labs): https://acloudguru.com/
- Play with Kubernetes: https://labs.play-with-k8s.com/