Containerization

Kubernetes Zero-to-Hero

From your first container to running production clusters with GitOps, autoscaling, service mesh, and CKA-level operations.

Foundation → Intermediate → Advanced → Expert → Specialist ~180 hours 113 of 113 lessons ready KCNA · CKAD · CKA · CKS
Start the course

A complete, hands-on path through containers and Kubernetes: images and Docker, the cluster architecture, the core objects, Helm packaging, networking and service mesh, storage, autoscaling, security and policy, GitOps delivery, observability, and managed Kubernetes (AKS/EKS/GKE) — finishing with a production capstone and CKA/CKAD/CKS interview prep.

What you’ll be able to do

  • Explain containers vs VMs vs serverless and build/run Docker images confidently
  • Describe the Kubernetes control plane and node components and what each does
  • Deploy and operate workloads with Pods, Deployments, Services, ConfigMaps and Helm
  • Design pod networking, ingress/Gateway API and a service mesh with zero-trust mTLS
  • Autoscale (HPA/KEDA/Karpenter), manage storage, and enforce policy and supply-chain security
  • Deliver with GitOps (Argo CD / Flux) and run Day-2 ops, observability and backup/restore
  • Operate managed Kubernetes (AKS/EKS/GKE) and be ready for CKAD/CKA/CKS and platform roles

Prerequisites

  • Comfort with a Linux shell and basic networking (helpful, not mandatory)
  • Docker Desktop or Podman, plus a free local cluster (kind / minikube / k3d) for the labs

Who it’s for

Developers and sysadmins new to containers, engineers moving to Kubernetes, and anyone targeting CKAD/CKA/CKS or real platform/SRE work.

Curriculum

Tier 1 · Foundation — Containers & the Cloud-Native Model

Start at the very beginning: containers, images, and how they differ from VMs and serverless.

  1. 1 Containers vs Serverless vs VMs: Picking a Compute Model Junior 17 min read
  2. 2 Containers & Docker Basics: Images, Layers, and Registries Junior 15 min read
  3. 3 Mastering Multi-Stage Dockerfiles: BuildKit Cache Mounts, Slim Images & Reproducible Builds Intermediate 14 min read
  4. 4 Multi-Architecture Container Builds with docker buildx bake: Remote Cache, Provenance, and Registry-Native Pipelines Advanced 15 min read

Tier 1 · Foundation — Kubernetes Core Concepts (KCNA)

The cluster model and the core objects, hands-on with kubectl.

  1. 5 What Is Kubernetes? Control Plane, Nodes, etcd & the kubelet Junior 16 min read
  2. 6 Kubernetes Architecture Deep-Dive: Control Plane, etcd, Scheduler & the Request Flow Junior 22 min read
  3. 7 Pods, ReplicaSets, Deployments & Services: The Core Objects Junior 17 min read
  4. 8 kubectl First Steps: Your First Local Cluster & Deployment Junior 16 min read
  5. 9 Docker, kubectl & Helm: The Practical Command Reference (Basic → Advanced) Intermediate 13 min read
  6. 10 Kubernetes Pods, In Depth: Containers, Probes, Lifecycle, Init & Every Field Junior 30 min read
  7. 11 Kubernetes Deployments & ReplicaSets, In Depth: Rollouts, Rollback & Strategies Junior 27 min read
  8. 12 kubectl Mastery: Imperative vs Declarative, Contexts, and Every Core Command Junior 27 min read
  9. 13 Kubernetes Namespaces, ResourceQuotas & LimitRanges, In Depth Junior 24 min read
  10. 14 Kubernetes Labels, Selectors, Annotations & Field Selectors, In Depth Junior 27 min read

Tier 2 · Intermediate — Workloads & Scheduling (CKAD)

Run real workloads: scheduling, stateful apps, and autoscaling.

  1. 15 Advanced Kubernetes Scheduling: Affinity, Topology Spread Constraints, Taints, and Priority-Based Preemption Expert 18 min read
  2. 16 Running Stateful PostgreSQL on Kubernetes: StatefulSets, Operators, Automated Failover, and Point-in-Time Recovery Expert 16 min read
  3. 17 Kubernetes Autoscaling in Depth: HPA, KEDA Event-Driven Scaling & Node Autoscaling Advanced 16 min read
  4. 18 Right-Sizing Kubernetes Workloads: Vertical Pod Autoscaler, Resource Recommendations, and Bin-Packing Efficiency Advanced 15 min read
  5. 19 Kubernetes Jobs, CronJobs & DaemonSets, In Depth Junior 26 min read
  6. 20 Kubernetes StatefulSets, In Depth: Stable Identity, Ordered Lifecycle & Per-Pod Storage Intermediate 28 min read
  7. 21 Kubernetes Pod Autoscaling, In Depth: the HPA Algorithm, Metrics & VPA Intermediate 30 min read

Tier 2 · Intermediate — Packaging & Configuration (CKAD)

Package and configure apps: Helm, Kustomize and Dapr.

  1. 22 Authoring Production-Grade Helm Charts: Library Charts, Values Schemas & CI Testing Intermediate 13 min read
  2. 23 Helm for Complex Releases: Umbrella Charts, Library Charts, Lifecycle Hooks, and Safe Rollbacks Advanced 15 min read
  3. 24 Kustomize in Depth: Overlays, Components, Strategic Merge Patches, and Secret/Config Generators Intermediate 15 min read
  4. 25 Configure Dapr on Kubernetes for Service Invocation, State, and Pub/Sub Building Blocks Advanced 18 min read
  5. 26 Helm Fundamentals: Charts, Templates, Values, Releases & Repositories Junior 32 min read
  6. 27 Kubernetes ConfigMaps & Secrets, In Depth: Injection, Mounting, Immutability & Encryption Junior 26 min read
  7. 28 The Kubernetes Downward API, In Depth: Exposing Pod & Container Metadata to Workloads Intermediate 27 min read

Tier 2 · Intermediate — Networking & Ingress

Connect and expose workloads: network policies, the Gateway API, and bare-metal load balancing.

  1. 29 Designing Zero-Trust Pod Networking: Default-Deny NetworkPolicies and Cilium L7-Aware Rules Advanced 16 min read
  2. 30 Adopting the Kubernetes Gateway API: GatewayClass, HTTPRoute Traffic Splitting, and Migrating off Ingress Advanced 18 min read
  3. 31 Deploy MetalLB and kube-vip for Bare-Metal Kubernetes Load Balancing Intermediate 18 min read
  4. 32 Kubernetes Services & Networking, In Depth: ClusterIP, NodePort, LoadBalancer, Headless & DNS Junior 30 min read
  5. 33 Kubernetes Ingress, In Depth: Controllers, Rules, TLS, IngressClass & the Gateway API Intermediate 29 min read

Tier 2 · Intermediate — Storage

Persist data: the CSI, volume snapshots, cloning and resize.

  1. 34 Mastering Kubernetes Storage with CSI: Volume Snapshots, Cloning, Online Resize, and Topology-Aware Provisioning Advanced 16 min read
  2. 35 Kubernetes Storage, In Depth: Volumes, PV, PVC, StorageClass & Access Modes Intermediate 30 min read

Tier 2 · Intermediate — Production Readiness (Day-2)

What makes a workload production-ready: probes, PDBs, QoS, graceful shutdown and the Day-2 checklist.

  1. 36 Production-Ready Kubernetes Workloads: The Day-2 Readiness Checklist Intermediate 24 min read

Tier 3 · Advanced — Cluster Provisioning & Operations (CKA)

Build and run the cluster itself: kubeadm HA, immutable clusters, etcd backup and upgrades.

  1. 37 Provisioning Production Kubernetes: kubeadm, HA Control Plane, etcd Backup & Upgrades Advanced 26 min read
  2. 38 Deploy Talos Linux Immutable Kubernetes Nodes with Cluster API Advanced 18 min read
  3. 39 Set Up etcd Snapshot Backups and Disaster Restore for Self-Managed Kubernetes Advanced 18 min read
  4. 40 Kubernetes Worker Node Internals, In Depth: kubelet, the CRI, kube-proxy & cgroups Advanced 27 min read

Tier 3 · Advanced — Security & Supply Chain (CKS)

Harden everything: RBAC, Pod Security, policy engines, image signing, runtime security and secrets.

  1. 41 Designing Least-Privilege RBAC in Kubernetes: Roles, Aggregation & Auditing at Scale Advanced 16 min read
  2. 42 Migrating to Pod Security Admission: Enforcing Baseline and Restricted Profiles Without Breaking Workloads Advanced 17 min read
  3. 43 Deploy Kyverno Policies to Enforce Image Signing, Resource Limits, and Pod Security Advanced 18 min read
  4. 44 Policy-as-Code with Kyverno: Validate, Mutate, Generate, and Verify Image Signatures Admission-Time Advanced 18 min read
  5. 45 Policy-as-Code Guardrails with OPA Gatekeeper: Constraint Templates, Mutation, and CI Gating Advanced 15 min read
  6. 46 Securing the Container Supply Chain: Signing with Cosign, SBOMs, and SLSA Provenance Advanced 16 min read
  7. 47 Deploy Trivy Operator on Kubernetes for Continuous Vulnerability and Config Auditing Intermediate 17 min read
  8. 48 Configure Vault JWT/OIDC and Kubernetes Auth Methods for Secretless Workload Access Advanced 18 min read
  9. 49 Hardening the Docker Daemon: Rootless Mode, User Namespace Remapping, and Custom seccomp/AppArmor Profiles Advanced 17 min read
  10. 50 Working Directly with containerd: nerdctl, Encrypted Images, and Sandboxed Runtimes via RuntimeClass Expert 18 min read
  11. 51 Kubernetes RBAC & Service Accounts, In Depth (Fundamentals) Intermediate 26 min read
  12. 52 Kubernetes Admission Control, In Depth: Validating & Mutating Webhooks + ValidatingAdmissionPolicy Advanced 34 min read
  13. 53 Kubernetes Security Contexts, In Depth: runAsNonRoot, Capabilities, seccomp & AppArmor Intermediate 27 min read

Tier 3 · Advanced — Networking Deep & Service Mesh

Datapath and mesh: Cilium/eBPF, Istio ambient, Linkerd, and cluster mesh.

  1. 54 Cilium and eBPF Network Policy: L3-L7 Segmentation and Hubble Flow Visibility Expert 18 min read
  2. 55 Istio Ambient Mesh in Practice: Zero-Trust mTLS, Traffic Management & L7 Authorization Expert 17 min read
  3. 56 Deploy Istio Ambient Mesh Waypoint Proxies for L7 Authorization Policies Advanced 18 min read
  4. 57 Linkerd in Production: Automatic mTLS, Retry/Timeout Budgets, and Multicluster Failover Advanced 16 min read
  5. 58 Cilium Beyond CNI: Cluster Mesh, Egress Gateway, and the BGP Control Plane Expert 18 min read
  6. 59 Kubernetes Networking Internals, In Depth: The Network Model, CNI, IPAM & the Datapath Advanced 34 min read

Tier 3 · Advanced — GitOps & Progressive Delivery

Declarative delivery at scale: Argo CD, Flux, and progressive rollouts.

  1. 60 GitOps at Scale with Argo CD: App-of-Apps, ApplicationSets & Progressive Delivery Advanced 16 min read
  2. 61 Scaling GitOps with Argo CD: App-of-Apps, ApplicationSets, and Multi-Cluster Fan-Out Expert 14 min read
  3. 62 GitOps with Flux: Image Update Automation, OCI Artifact Sources, and Hard Multi-Tenancy Advanced 13 min read
  4. 63 Flux CD GitOps at Scale: Monorepo Structure, Kustomize Overlays, and Multi-Tenancy Advanced 15 min read
  5. 64 Blue-Green on Kubernetes with Argo Rollouts: Preview Services, Analysis Gates, and Automated Promotion Advanced 16 min read
  6. 65 Progressive Delivery on Kubernetes with Argo Rollouts: Canary, Analysis, and Automated Rollback Advanced 17 min read

Tier 3 · Advanced — Observability & SRE

See inside the cluster: OpenTelemetry, APM and logs with SigNoz, Datadog, New Relic and Dynatrace.

  1. 66 Deploy SigNoz on Kubernetes for OpenTelemetry-Native APM and Log Management Intermediate 17 min read
  2. 67 Deploy the Datadog Agent and Cluster Agent on Kubernetes with APM and Log Collection Intermediate 18 min read
  3. 68 Deploy New Relic Infrastructure and APM Agents on Kubernetes with Pixie Intermediate 17 min read
  4. 69 Deploy Dynatrace OneAgent and OpenTelemetry Collector on EKS for Full-Stack Observability Advanced 18 min read
  5. 70 Kubernetes Monitoring, In Depth: metrics-server, Prometheus, Grafana & Alerting Intermediate 26 min read

Tier 3 · Advanced — Backup, Recovery & DR

Protect cluster state and data: Velero, cross-cluster restore and application-consistent backups.

  1. 71 Deploy Velero on AKS for Namespace Backups to Azure Blob with Scheduled Snapshots Advanced 18 min read
  2. 72 Configure Velero with Kopia File-Level Backups and Cross-Cluster Restore on EKS Advanced 18 min read
  3. 73 Deploy Kasten K10 for Application-Consistent Kubernetes Backups and Policy Automation Advanced 18 min read

Tier 3 · Advanced — Extending Kubernetes

Build on the platform: operators with kubebuilder and aggregated API servers / CRDs.

  1. 74 Building a Kubernetes Operator with Kubebuilder: CRDs, Reconciliation & Production Hardening Expert 17 min read
  2. 75 Extending the Kubernetes API: Aggregated API Servers, CRD Conversion Webhooks, and Versioning Strategy Expert 18 min read
  3. 76 Kubernetes CRDs, Controllers & the Operator Pattern, In Depth (Fundamentals) Intermediate 26 min read

Tier 4 · Expert — Multi-Tenancy & Platform Engineering

Run a platform many teams share: multi-tenancy, an internal developer portal, and cost control.

  1. 77 Building Multi-Tenant Kubernetes: Virtual Clusters, Hierarchical Namespaces, Quotas, and Isolation Tiers Expert 18 min read
  2. 78 Build a Backstage Developer Portal with the Kubernetes and TechDocs Plugins Advanced 18 min read
  3. 79 Kubernetes Cost Allocation and Rightsizing with Kubecost Intermediate 17 min read

Tier 4 · Expert — Enterprise Architecture & Design

Design enterprise Kubernetes: managed-platform tradeoffs, reference microservices architectures, and modernisation.

  1. 80 Understanding Managed Kubernetes: AKS, EKS, and GKE Compared Junior 17 min read
  2. 81 Azure Enterprise Architecture: Production Microservices on AKS Advanced 21 min read
  3. 82 AWS Enterprise Architecture: Production Microservices on EKS Advanced 27 min read
  4. 83 GCP Enterprise Architecture: Production Microservices on GKE Advanced 24 min read
  5. 84 Migrating a Monolith to Microservices on GKE: A Pragmatic Path Intermediate 17 min read

Tier 5 · Specialist — Amazon EKS

Master EKS: pod identity, Karpenter, VPC CNI networking, and fleet upgrades.

  1. 85 Running EKS at Scale: Pod Identity, Karpenter Autoscaling, and VPC CNI Networking Expert 17 min read
  2. 86 EKS Cluster Upgrades: Version Lifecycle, Add-on Compatibility, and Fleet Operations Advanced 16 min read
  3. 87 Migrating EKS Workloads from IRSA to EKS Pod Identity: Mechanics, Trust, and Rollout Expert 15 min read
  4. 88 Solving EKS IP Exhaustion: VPC CNI Prefix Delegation, Custom Networking, and Security Groups for Pods Expert 18 min read
  5. 89 Deploy Karpenter on EKS with Consolidation, Spot Diversification, and Disruption Budgets Advanced 18 min read

Tier 5 · Specialist — Azure AKS

Master AKS: day-2 upgrades, networking/observability, the Istio add-on, secrets CSI, Gateway and Arc.

  1. 90 AKS Day-2 Operations: Cluster Upgrades, Node Lifecycle, and Fleet Management Expert 16 min read
  2. 91 Production-Grade AKS: Networking, Ingress, and Observability Advanced 15 min read
  3. 92 Running the Managed Istio Add-on on AKS: mTLS, Ingress Gateways, and Egress Control Advanced 17 min read
  4. 93 Secrets Store CSI Driver on AKS: Mounting Key Vault Secrets with Rotation and K8s Sync Intermediate 14 min read
  5. 94 Application Gateway for Containers: Gateway API on AKS with Traffic Splitting, mTLS, and Header Routing Advanced 18 min read
  6. 95 Azure Arc-Enabled Kubernetes: GitOps, Policy, and Fleet Governance for Hybrid Clusters Advanced 16 min read

Tier 5 · Specialist — Google GKE

Master GKE: Autopilot hardening, Dataplane V2, the multi-cluster Gateway API, and Workload Identity.

  1. 96 GKE Autopilot in Production: A Hardening and Cost-Control Playbook Advanced 15 min read
  2. 97 GKE Dataplane V2: Cilium-Based Network Policy and Observability Expert 16 min read
  3. 98 GKE Gateway API: Single and Multi-Cluster Traffic Management Expert 17 min read
  4. 99 GKE Workload Identity Deep Dive: Secure Pod-to-Google-API Access Without Keys Expert 14 min read

Tier 5 · Specialist — Data & Streaming on Kubernetes

Run stateful data platforms: Kafka, Confluent, Flink, Trino and Airflow on Kubernetes.

  1. 100 Self-Managed Kafka on Kubernetes with Strimzi for a Trading Platform Advanced 19 min read
  2. 101 Deploy Confluent Platform for Apache Kafka on Kubernetes with the Confluent Operator Advanced 18 min read
  3. 102 Deploy Apache Flink on Kubernetes with the Flink Operator, Checkpointing, and Savepoints Advanced 18 min read
  4. 103 Deploy Trino on Kubernetes for Federated Query Across Hive, Iceberg, and PostgreSQL Advanced 18 min read
  5. 104 Deploy Apache Airflow on Kubernetes with the Official Helm Chart and KubernetesExecutor Intermediate 18 min read

Tier 5 · Specialist — AI/ML on Kubernetes

Serve models at scale: GPU scheduling and LLM inference platforms on Kubernetes.

  1. 105 GPU Inference Platform for LLMs on AWS EKS with Karpenter Advanced 18 min read
  2. 106 GPU Workloads and KAITO Inference on AKS: Node Pools, Drivers, and Autoscaling Expert 17 min read

Track · Troubleshooting (Easy → Complex)

Diagnose anything: a method and per-area playbooks, then control-plane/etcd complex incident RCA.

  1. 107 Kubernetes Troubleshooting Playbooks: Pods, Nodes, Networking, Storage & RBAC Intermediate 24 min read
  2. 108 Advanced Kubernetes Troubleshooting: Control-Plane, etcd & Complex Incident RCA Advanced 24 min read

Track · Architecting (Easy → Complex)

Turn requirements into designs: a six-rung ladder from a single cluster to multi-region mission-critical.

  1. 109 The Kubernetes Architecting Ladder: From a Single Cluster to Multi-Region Mission-Critical Advanced 26 min read

Track · Certification Center

Pass the CNCF exams: the KCNA/CKAD/CKA/CKS prep kit plus interview & certification preparation.

  1. 110 Kubernetes Exam-Prep Kit: KCNA, CKA, CKAD & CKS — Checklists, Practice Tasks & Speed Tips Advanced 30 min read
  2. 111 Kubernetes Interview & Certification Prep: KCNA / CKAD / CKA / CKS Roadmap Advanced 18 min read

Track · Job-Ready — Projects, Capstone & Interview

Get hired: a production capstone and a six-project portfolio ladder.

  1. 112 Capstone: Ship a Production-Grade App on Kubernetes (GitOps + Autoscaling + Observability) Advanced 24 min read
  2. 113 Real-World Kubernetes Portfolio Projects: From First Deploy to a Multi-Cluster Platform Advanced 20 min read
All courses Browse all Containerization articles