substack link : https://handsonk8s.substack.com/

In today's cloud-native landscape, Kubernetes is the undisputed standard. This course transcends theoretical knowledge by embedding every concept in a hands-on, project-based journey. We've structured it as a dynamic learning platform to cater to your specific skill level. Whether you're a beginner needing guidance, a practitioner building production skills, or an expert pushing the boundaries, you'll find a path tailored for you.

Over 60 days, you won't just learn Kubernetes; you'll architect, build, and operate a complete, production-grade microservices platform from the ground up, culminating in a specialized, portfolio-ready project.

This course is designed for all levels:

• Fresh CS graduates: Build a rock-solid foundation and a standout portfolio project.
• Software engineers & System administrators: Master the tools and patterns for transitioning into DevOps or SRE roles.
• Seasoned DevOps/SRE/Principal Engineers: Deepen your expertise, explore advanced topics like eBPF and custom operators, and learn to architect systems at hyperscale.
• Product managers & QA engineers: Gain the deep technical context needed to lead and innovate in a cloud-native environment.

• Multi-Track Learning: Choose your path: 🎓 Beginner, 🧑‍💻 Practitioner, or 🚀 Advanced. Progress at a pace and depth that suits your experience.
• 100% Hands-On & Project-Based: Every day involves coding, configuring, and building.
• "Break-It-Fridays": Dedicated weekly sessions to master the #1 engineering skill: debugging and incident response in realistic scenarios.
• Architectural-First Approach: We start with the end in mind, so you understand the "why" behind every technical decision.
• Real Production Patterns: Curriculum based on proven practices from leading tech companies.
• Multi-Cloud Implementations: Specific labs for AWS (EKS), GCP (GKE), and Azure (AKS) nuances.

• Containerization and Orchestration Fundamentals
• Kubernetes Deep Architecture (Control Plane, Networking, Storage)
• Service Mesh (Istio) & Advanced Networking (eBPF with Cilium)
• GitOps & CI/CD (ArgoCD, Flagger)
• Comprehensive Observability (Prometheus, Grafana, Jaeger, ELK)
• Security Hardening (RBAC, Pod Security, Runtime with Falco)
• Multi-Cluster & Hyperscale Management
• Cost Optimization (FinOps) & Performance Engineering
• Building Custom Kubernetes Operators

• Basic Linux command line knowledge
• Fundamental understanding of networking concepts (IP, DNS)
• Git version control basics
• Familiarity with any programming language

• Module 0: The Foundation (Self-Paced): Cover the absolute fundamentals to ensure everyone starts with a solid baseline.
• Day 0: The Architect's View: A single session to review the final architecture of the platform you'll build, providing context for the entire journey.
• Phase 1: Foundation (Days 1-15): Master containerization and core Kubernetes concepts by building and deploying a multi-service application locally.
• Phase 2: Production Readiness (Days 16-30): Evolve the application and cluster with production-grade networking, security, and storage.
• Phase 3: Operations & Automation (Days 31-45): Build robust CI/CD pipelines, a comprehensive observability stack, and automate operational tasks.
• Phase 4: Scale & Optimize (Days 46-60): Architect for hyperscale with multi-cluster management, advanced optimization, and a final capstone project.

• Topics: What is a Container?, Linux Kernel Primitives (cgroups, namespaces), The "Why" of Orchestration, Networking Fundamentals (CIDR, DNS, Proxies), GitOps Principles.
• 🎓 Beginner Lab: A guided tour of building and running your first Docker image.
• 🚀 Advanced Challenge: Write a simple container runtime in Go, without using the Docker daemon, to understand the underlying syscalls.

• Session: A comprehensive walkthrough of the final system architecture. We'll cover the flow of requests, the role of each component (service mesh, CI/CD, observability), and the key design decisions. You'll always know how your daily work fits into the bigger picture.

• Day 1-4: Docker Deep Dive, Networking, Storage, Security
  • 🎓 Beginner Track: Guided labs on Dockerfiles, networking, and volumes. Strong emphasis on understanding why multi-stage builds are critical for security and size.
  • 🧑‍💻 Practitioner Track: (Original Curriculum) Containerize a Node.js REST API with PostgreSQL. Implement multi-stage builds, layer caching, non-root users, and resource limits. Use Docker Compose to orchestrate the local environment.
  • 🚀 Advanced Track: Containerize a complex, stateful legacy Java application. Write a linter script to programmatically enforce Dockerfile best practices (e.g., disallow ADD, require version pinning).
• Day 5: Break-It-Friday
  • 🎓 Beginner: A container fails to start. Debug the docker logs to find the incorrect database connection string passed as an environment variable.
  • 🧑‍💻 Practitioner: Your multi-container application has a networking issue. One service cannot resolve another's DNS name. Find and fix the misconfigured Docker network.
  • 🚀 Advanced: A container works on your machine but not on the build server. Diagnose a subtle file permission issue between the host bind mount and the container's non-root user.

• Day 6-9: Cluster Setup, Pods, Controllers, Services
  • 🎓 Beginner Track: Use a managed UI like Lens alongside kubectl to visualize Pods, Deployments, and Services. Focus on understanding the YAML manifest structure for each object.
  • 🧑‍💻 Practitioner Track: (Original Curriculum) Deploy a local kind cluster. Explore control plane components. Deploy applications using Deployments, StatefulSets, and DaemonSets. Configure ClusterIP, NodePort, and LoadBalancer services.
  • 🚀 Advanced Track: Manually bootstrap a control plane using kubeadm. Write a custom scheduler extender that prioritizes nodes based on a custom metric (e.g., GPU temperature).
• Day 10: Break-It-Friday
  • 🎓 Beginner: A new pod is stuck in the Pending state. Use kubectl describe pod to discover it cannot be scheduled due to insufficient CPU resources.
  • 🧑‍💻 Practitioner: You applied a new ConfigMap, but the running pods aren't using the new values. Debug the deployment strategy and rollout process to update the application correctly.
  • 🚀 Advanced: The cluster's CoreDNS is experiencing intermittent resolution failures under load. Analyze its logs, tune its scaling parameters, and configure node-local DNS caching to resolve the issue.

• Day 11-14: Multi-Tier Apps, Health, Resources, Storage
  • 🎓 Beginner Track: Follow a detailed, step-by-step guide to deploy the full e-commerce platform. Focus on using kubectl logs and kubectl port-forward to verify and debug each component.
  • 🧑‍💻 Practitioner Track: (Original Curriculum) Deploy the e-commerce platform (React, Node.js, PostgreSQL). Configure liveness/readiness probes, CPU/memory requests and limits, and Persistent Volumes for the database.
  • 🚀 Advanced Track: Implement the "Operator Pattern". Build a basic Custom Resource Definition (CRD) and a simple controller in Go or Python to manage the deployment and lifecycle of the e-commerce application declaratively.
• Day 15: Break-It-Friday
  • 🎓 Beginner: The frontend pod is in CrashLoopBackOff. Debug the logs to find it's crashing because the backend API service isn't available yet. Implement a startup probe to fix it.
  • 🧑‍💻 Practitioner: The application is throwing 503 errors. Diagnose that the readinessProbe is failing, causing the pod to be removed from the Service endpoint. Fix the underlying health check logic.
  • 🚀 Advanced: The database pod was evicted due to node pressure. It was rescheduled to a new node, but can't start because it can't re-attach its Persistent Volume. Debug the multi-attach error and reconfigure the StatefulSet for regional persistent disks.

The remaining phases will follow this detailed, multi-track format.

• Topics: Ingress, Service Mesh, Network Policies.
• Labs:
  • 🎓 Beginner: Deploy the NGINX Ingress Controller and configure basic host-based routing.
  • 🧑‍💻 Practitioner: Deploy Istio. Implement traffic routing (e.g., canary), mTLS for security, and network policies for microsegmentation.
  • 🚀 Advanced: Replace the cluster CNI with Cilium. Use Hubble for deep network observability and write eBPF-based L7 network policies.
• Day 20: Break-It-Friday: Debug a TLS handshake failure in the service mesh.

• Topics: RBAC, Pod Security, Secrets Management, Runtime Security.
• Labs:
  • 🎓 Beginner: Apply Pod Security Standards (baseline, restricted). Scan images with trivy and fix reported CVEs.
  • 🧑‍💻 Practitioner: Implement fine-grained RBAC roles. Integrate HashiCorp Vault for external secrets management. Deploy Falco for runtime threat detection.
  • 🚀 Advanced: Build a custom validating admission webhook to enforce complex, organization-specific security policies before any resource is created in the cluster.
• Day 25: Break-It-Friday: A critical process is killed by the OOM killer; debug the memory limits and QoS class.

• Topics: Storage Classes, Database Operations, Backup & DR.
• Labs:
  • 🎓 Beginner: Understand different Storage Classes. Use Velero to perform a simple stateless application backup and restore.
  • 🧑‍💻 Practitioner: Deploy a production-ready PostgreSQL cluster using the Patroni operator. Configure and test automated backups and point-in-time recovery with Velero.
  • 🚀 Advanced: Deploy and manage a distributed storage system like Rook-Ceph inside Kubernetes. Benchmark and tune its performance for different I/O patterns.
• Day 30: Break-It-Friday: A Persistent Volume Claim is stuck in Pending; debug the StorageClass and provisioner.

• Topics: GitOps, Progressive Delivery, Automated Testing.
• Labs:
  • 🎓 Beginner: Create a GitHub Actions workflow to automatically build and push a Docker image on every commit.
  • 🧑‍💻 Practitioner: Build a full GitOps pipeline with ArgoCD for automated synchronization. Implement canary deployments with Flagger and automated rollbacks.
  • 🚀 Advanced: Build a self-service developer platform using Crossplane. Enable developers to provision their entire application stack with a single YAML file committed to Git.
• Day 35: Break-It-Friday: ArgoCD shows OutOfSync; debug the drift between the Git repository and the live cluster state.

• Topics: Metrics, Logging, Tracing (The "Three Pillars").
• Labs:
  • 🎓 Beginner: Deploy the Prometheus/Grafana stack using Helm. Import a community dashboard to visualize cluster metrics.
  • 🧑‍💻 Practitioner: Instrument the application with custom metrics for SLI/SLO tracking. Set up centralized logging with the ELK stack and distributed tracing with Jaeger.
  • 🚀 Advanced: Implement a full FinOps stack. Correlate Prometheus metrics with cloud provider billing data to create a dashboard showing the exact cost per feature/team/request.
• Day 40: Break-It-Friday: Grafana shows "No Data"; debug the entire metrics pipeline from service discovery to Prometheus scrape configurations.

• Topics: Cluster Autoscaling, Custom Controllers, Cost Optimization.
• Labs:
  • 🎓 Beginner: Configure and observe the Horizontal Pod Autoscaler (HPA) in action.
  • 🧑‍💻 Practitioner: Implement the Cluster Autoscaler. Automate cluster upgrades with zero downtime.
  • 🚀 Advanced: Replace Cluster Autoscaler with Karpenter for faster, more efficient node provisioning. Write a cost-optimization controller that automatically replaces On-Demand nodes with Spot Instances during off-peak hours.
• Day 45: Break-It-Friday: HPA is not scaling the deployment up despite high CPU; debug the metrics-server and HPA configuration.

• Topics: Federation, Workload Distribution, Global Load Balancing.
• Labs:
  • 🎓 Beginner: Discuss the architectural reasons for multi-cluster. Use karmada or kubefed to deploy a simple app across two kind clusters.
  • 🧑‍💻 Practitioner: Implement a multi-cluster service mesh using Istio. Configure cross-cluster service discovery and test a DR failover scenario.
  • 🚀 Advanced: Design and implement a global load balancing (GSLB) solution that directs traffic to the closest and healthiest cluster based on latency probes.
• Day 50: Break-It-Friday: Test and debug a full multi-region failover procedure.

• Topics: Advanced Autoscaling, Resource Efficiency, Chaos Engineering.
• Labs:
  • 🎓 Beginner: Learn about Vertical Pod Autoscaling (VPA) and its recommendations.
  • 🧑‍💻 Practitioner: Implement VPA in conjunction with HPA. Use Chaos Mesh to run controlled chaos experiments (e.g., kill random pods, inject network latency) and harden the system.
  • 🚀 Advanced: Implement predictive autoscaling. Use Prometheus time-series data and a simple forecasting model (e.g., ARIMA) to scale up deployments before anticipated traffic spikes.
• Day 55: Platform Engineering & Final Prep: All tracks focus on building internal developer platforms, self-service tooling, and preparing for the final capstone.

• Day 56-59: Final Project Integration & Specialization: Students integrate all course components into their final platform, choosing a specialization:
  • E-commerce Specialization: Focus on low-latency, high-availability for customer traffic.
  • Data Engineering Specialization: Re-architect the platform to run a Kafka and Spark cluster efficiently.
  • MLOps Specialization: Integrate Kubeflow and build pipelines to serve machine learning models at scale.
• Day 60: Production Readiness Review & Demo Day:
  • Code Lab: Validate the final project against a production readiness checklist (security scan, load test, DR test).
  • Final Presentation: Present your architecture, demonstrate your platform's capabilities, and document its operational procedures.

Upon completion, students will have:

• Built a Portfolio: A production-ready, specialized microservices platform from scratch.
• Deployed to Cloud: Hands-on experience with multi-region Kubernetes infrastructure.
• Mastered Automation: Architected complete CI/CD and GitOps workflows.
• Achieved Operational Excellence: Mastered monitoring, security, and advanced troubleshooting.
• Engineered for Scale: Designed and built systems capable of handling millions of requests.

• Daily Coding Challenges & Labs (40% of evaluation)
• Weekly "Break-It-Friday" Root Cause Analysis Reports (30% of evaluation)
• Peer-Reviewed Infrastructure-as-Code (10% of evaluation)
• Final Capstone Project & Presentation (20% of evaluation)