preloader

Kubernetes
Advanced

Master production-grade Kubernetes: cloudification strategies, Helm & GitOps, observability, service mesh, security, storage, networking, and multi-cluster management for enterprise deployments.

12
Training Modules
6
Hands-on Labs
26
Topics Covered
CKA
Certification Prep
14 h
Duration

Learning Objectives

Understand Cloudification strategies and the 5R migration framework for containerized applications

Master Helm, Kustomize, Helmsman, and Helmfile for enterprise packaging and deployment

Implement GitOps continuous delivery with ArgoCD, Flux, and Fleet

Deploy full observability stacks: Prometheus/Grafana monitoring and PLG/EFK logging pipelines

Configure Ingress controllers, cert-manager, Let's Encrypt, and Cloudflare for secure traffic management

Operate service mesh with Istio/Envoy, CRDs & Operators, and multi-cluster architectures

Cloudification & Containerization

Cloud migration strategies, microservices patterns, and the path to Kubernetes

Cloud Migration & the 5R Framework

Gartner 5R strategies: Rehost, Refactor, Revise, Rebuild, Replace — technical and non-technical migration factors, component decoupling

SOA, Microservices & Twelve-Factor

SOA vs microservices architectures, the Twelve-Factor App methodology, Dockerization steps and Kubernetization patterns

etcd & Troubleshooting

etcd deep dive and systematic Kubernetes troubleshooting

etcd Architecture & Operations

Distributed key-value store, Raft consensus protocol, leader elections, failure tolerance, quorum, cross-DC deployment, benchmarking

etcd Backup, Restore & Maintenance

etcdctl snapshots, member replacement procedures, compaction, disk/storage latency considerations

K8s Troubleshooting Methodology

Systematic troubleshooting: DB, control plane, workers, services (CRDs, Operators), application, and networking layers

⚡ Lab: RKE Install, etcd & Node Troubleshooting

Packaging & Deployment Tools

Helm, Kustomize, Helmsman, and Helmfile for enterprise workflows

Helm Charts, Repositories & Releases

Chart structure (Chart.yaml, values.yaml, templates), Helm repositories, releases lifecycle, Helm

⚡ Lab: Helm Chart Deployment

Kustomize & Overlay Mechanism

Kubernetes-native configuration management, patch-don't-fork philosophy, overlay strategy vs Helm templating

Helmsman & Helmfile

Helmsman: Charts as Code, declarative desired-state, hooks & ordering. Helmfile: declarative spec, modular infrastructure, version-controlled chart deployments

CI/CD & GitOps

Continuous delivery with ArgoCD, Flux, and Fleet at scale

ArgoCD

Declarative GitOps CD for Kubernetes, automated drift detection, multi-cluster deployment, RBAC, SSO integration, PreSync/Sync/PostSync hooks, blue/green & canary rollouts

Flux

Continuous and progressive delivery, open and extensible toolkit, source controllers, Helm and Kustomize reconciliation

Fleet — GitOps at Scale

Manage up to a million clusters, deploy from raw YAML, Helm charts, or Kustomize, lightweight single-cluster to massive multi-cluster

Ingress & TLS Certificate Management

Layer 7 routing, automated TLS with cert-manager, and Cloudflare integration

Ingress Controllers

L7 HTTP/S routing, SSL termination, host & path-based routing. NGINX Ingress: DaemonSet vs Deployment, NodePort vs LoadBalancer exposure options. Traefik overview

⚡ Lab: Ingress & Cert Manager

Let's Encrypt & Cert Manager

ACME protocol, Certbot, cert-manager CRDs (ClusterIssuers, Issuers, Certificates), HTTP01/DNS01 challenges, wildcard certificates, Ingress TLS annotations

Cloudflare

DNS service, reverse proxy, CDN, WAF, DDoS protection, SSL offloading, traffic analytics, integration with cert-manager DNS01 challenge

Container Registry

Enterprise image management with Harbor and Quay

Registry Concepts & Lifecycle

Image layers as blobs, manifests, repositories, pull/push/delete/list operations, public vs private registries, image lifecycle management

Harbor & Quay

Harbor: RBAC, vulnerability scanning, image signing, installation options (VM, K8s app, external DB). Project Quay: Red Hat's container registry, enterprise features

CoreDNS & Advanced Scheduling

Cluster DNS configuration and fine-grained pod placement

CoreDNS Deep Dive

Corefile configuration, plugins architecture, external plugins, stub domains, ExternalDNS for hybrid/multi-environment service discovery, cache tuning

Advanced Scheduling

kube-scheduler filtering & scoring, nodeSelector, NodeAffinity, Taints & Tolerations, Pod Priority & Preemption, node-pressure eviction, bin packing, scheduling framework plugins

Monitoring & Logging

Full observability with Prometheus, Grafana, and modern logging pipelines

Prometheus, AlertManager & Grafana

Prometheus exporter pods, Time Series DB, PromQL, targets & scraping, AlertManager routing (email, PagerDuty, OpsGenie), Grafana dashboards & plugins

⚡ Lab: Prometheus & Grafana Stack

Logging: Operator, PLG & EFK

Logging Operator with Fluent Bit + Fluentd pipeline, CRDs (logging, output, flow, clusteroutput, clusterflow). PLG stack (Promtail/Loki/Grafana) vs EFK (Elasticsearch/Fluentd/Kibana)

Storage & Networking

Distributed block storage with Longhorn and CNI deep dive with Flannel & Calico

Block Storage with Longhorn

Cloud-native distributed block storage, microservice-based architecture, replicated volumes, snapshots, S3 backup, cross-AZ scheduling, RWX, data locality, GUI dashboard

⚡ Lab: Longhorn & Network Policies

Networking: Flannel, Calico & Canal

Flannel layer 3 fabric, Calico with eBPF data plane, NetworkPolicy (actions, selectors, protocols, CIDR), Canal = Flannel + Calico, pod-to-pod communication

Service Mesh

Service-to-service communication with Envoy and Istio

Service Mesh Concepts & Envoy

Service mesh as infrastructure layer, TCP/IP analogy, functionalities (discovery, routing, circuit breaking, mTLS, A/B testing), benefits vs limits, Envoy proxy architecture

Istio

Programmable application-aware network, sidecar injection, traffic management, canary deployments, Istio ecosystem, comparison with/without service mesh

CRDs, Operators & Backup

Kubernetes extensibility and disaster recovery with Velero

Custom Resources & Operators

CRD definition & scoping, RESTful API endpoints, Operator pattern (reconcile loop, lifecycle management), operator maturity levels, OperatorHub, Strimzi Kafka Operator example

⚡ Lab: CRD & Velero Backup

Backup & Restore with Velero

Velero architecture (server + CLI), backup & restore K8s objects via Discovery API, persistent volume snapshots, Restic file-system backups, plugins, S3 storage, cluster migration

MetalLB & Multi-Cloud

Bare-metal load balancing and multi-cluster management strategies

MetalLB Load Balancer

LoadBalancer for bare-metal clusters, address allocation from IP pools, Layer 2 (ARP/NDP) and BGP external announcement modes, integration with Ingress controllers

Multi-Cloud & Multi-Cluster Management

Multi-cloud strategies (hybrid, multi-provider), Cloud Broker role (aggregation, integration, customization), multi-K8s cluster management, API aggregation, Rancher & Fleet

Target Certifications

CKA

Certified Kubernetes Administrator — validates your skills in managing and operating production K8s clusters

CKAD

Certified Kubernetes Application Developer — validates your ability to design, build, and deploy cloud native apps

Interested in this training?

Get in touch with our team to discuss scheduling, pricing, and custom options for your organization.

Contact Us