Kubernetes 101
A comprehensive tutorial series covering Kubernetes fundamentals through production-ready deployments. This series takes you from understanding what Kubernetes is to deploying and managing production workloads with confidence.
About This Series
Through working with containerized applications and microservices architectures, I've learned that Kubernetes has become the de facto standard for container orchestration. However, the learning curve is steep, and many tutorials either oversimplify or overwhelm with complexity.
This series provides a practical, hands-on approach to learning Kubernetes - starting with core concepts and progressing to production-grade deployments. Each article builds on previous knowledge while remaining self-contained for reference.
Who This Series Is For
Developers moving from traditional deployments to containerized microservices
DevOps engineers implementing container orchestration
System administrators managing Kubernetes clusters
Platform engineers building internal developer platforms
Anyone looking to understand modern cloud-native infrastructure
Prerequisites
Basic Docker knowledge: Understanding containers, images, and Dockerfiles
Linux command line: Comfortable with terminal commands
YAML syntax: Familiarity with YAML configuration files
Networking basics: Understanding of IPs, ports, DNS, load balancing
Development experience: General programming/scripting knowledge helpful
Learning Path
This series is organized into four progressive phases:
Phase 1: Foundation (Articles 1-3)
Goal: Understand Kubernetes fundamentals and set up development environment
What is Kubernetes and when do you need it?
Core concepts: Pods, Nodes, Clusters
Container orchestration fundamentals
Setting realistic expectations
Control plane components (API Server, etcd, Scheduler, Controller Manager)
Node components (kubelet, kube-proxy, container runtime)
The control loop and declarative state management
How Kubernetes actually works
Installing kubectl and local Kubernetes
Minikube, kind, and Docker Desktop comparison
Running your first pods and services
Development workflow and troubleshooting
Phase 2: Core Concepts (Articles 4-7)
Goal: Master essential Kubernetes resources and patterns
Understanding Pods (the smallest deployable unit)
Deployments, ReplicaSets, StatefulSets
DaemonSets, Jobs, and CronJobs
Health checks and resource management
Service types: ClusterIP, NodePort, LoadBalancer
Ingress controllers and routing
DNS and service discovery
Network Policies for security
ConfigMaps for application configuration
Secrets management best practices
Environment variables and volume mounts
External secret managers integration
Volumes and volume types
PersistentVolumes and PersistentVolumeClaims
StorageClasses and dynamic provisioning
Stateful applications and data management
Phase 3: Advanced Operations (Articles 8-10)
Goal: Implement security, package management, and observability
Resource isolation with Namespaces
Role-Based Access Control fundamentals
ServiceAccounts, Roles, and ClusterRoles
Multi-tenancy patterns and security
What is Helm and why use it?
Charts, releases, and repositories
Templating and values files
Creating reusable Helm charts
Logging strategies and aggregation
Metrics collection with Prometheus
Visualization with Grafana
Distributed tracing and observability
Phase 4: Production Readiness (Articles 11-12)
Goal: Deploy and operate Kubernetes in production
GitOps principles and benefits
ArgoCD and FluxCD implementations
Deployment strategies (rolling, blue-green, canary)
Automated testing and validation
Security hardening checklist
Resource quotas and limits
Autoscaling (HPA, VPA, Cluster Autoscaler)
Cost optimization and disaster recovery
Bringing it all together
Phase 5: Advanced Topics (Articles 13-15)
Goal: Modern traffic management, declarative cluster operations, and latest resource APIs with Go microservices
Complete resource API reference (K8s v1.28+)
Deployment, StatefulSet, DaemonSet, Job, CronJob
HPA (
autoscaling/v2), VPA, PodDisruptionBudget, PriorityClassResourceQuota, LimitRange, NetworkPolicy
Deploying a Go HTTP microservice end-to-end
Why Gateway API replaces Ingress
GatewayClass, Gateway, HTTPRoute β the role model (Ian / Chihiro / Ana)
Traffic splitting, header matching, redirects, header manipulation
GRPCRoute for Go gRPC microservices
TLSRoute (passthrough), ReferenceGrant (cross-namespace), BackendTLSPolicy
Migration path from Ingress to Gateway API
Management cluster and workload cluster architecture
Cluster, Machine, MachineSet, MachineDeployment CRDs
KubeadmControlPlane β control plane lifecycle management
MachineHealthCheck β auto-remediation for unhealthy nodes
ClusterClass β reusable cluster topology templates
Infrastructure providers: Docker (local), AWS (CAPA), Azure (CAPZ), vSphere (CAPV)
Cluster upgrade and scale workflows
Phase 6: Cloud IAM Integration (Articles 16-17)
Goal: Securely integrate Kubernetes workloads with cloud provider identity systems β no static credentials
Microsoft Entra Managed Identity in Kubernetes
Why managed identity eliminates static credential risk
System-assigned vs user-assigned managed identity trade-offs
AKS Workload Identity architecture (OIDC federation)
Step-by-step setup: identity β federated credential β role assignment β pod deployment
DefaultAzureCredentialintegration in Go, Python, Node.jsMulti-tenancy patterns: one identity per service per namespace
Security best practices and troubleshooting AADSTS errors
The danger of static IAM credentials in Kubernetes Secrets
IAM Roles for Service Accounts (IRSA): OIDC federation with AWS STS
EKS Pod Identity: the modern, simplified approach
IRSA vs EKS Pod Identity β when to use which
Cross-account role assumption patterns
LoadDefaultConfig/boto3/ AWS SDK v3 credential chain integrationIAM policy least-privilege patterns and CloudTrail auditing
Terraform resources for both IRSA and Pod Identity
How to Use This Series
Sequential Learning (Recommended for Beginners)
Start with Article 1 and progress through each article in order. Each builds on concepts from previous articles.
Topic-Based Learning (For Experienced Users)
Jump to specific topics based on your needs. Each article is self-contained with clear prerequisites listed.
Reference Material
Use the series as a reference when implementing specific Kubernetes features. All articles include practical examples and code snippets.
Hands-On Practice
Every article includes:
Runnable examples: YAML manifests you can apply to your cluster
kubectl commands: Practical command-line examples
Real-world scenarios: Based on actual project experiences
Best practices: What works in production environments
Common pitfalls: Mistakes to avoid and how to fix them
What You'll Build
By the end of this series, you'll have:
β Local Kubernetes development environment
β Understanding of all core Kubernetes resources
β Working knowledge of networking and storage
β Security implementation with RBAC and policies
β Observability with monitoring and logging
β GitOps deployment pipeline
β Production-ready best practices
β Go microservice deployed with HPA, PDB, NetworkPolicy, and ResourceQuota
β Modern L7/gRPC/TLS traffic management with Kubernetes Gateway API
β Declarative multi-cluster lifecycle management with Cluster API
β Zero-credential Azure workloads using MS Entra Managed Identity and Workload Identity
β Zero-credential AWS workloads using IRSA and EKS Pod Identity
Cloud Provider Coverage
While focusing on core Kubernetes concepts (cloud-agnostic), this series includes practical examples for:
AWS EKS (Elastic Kubernetes Service)
Azure AKS (Azure Kubernetes Service)
Google GKE (Google Kubernetes Engine)
The fundamentals apply across all Kubernetes distributions - once you understand the core concepts, you can work with any Kubernetes environment.
Tools and Technologies
This series covers:
Kubernetes: Core platform (v1.28+)
kubectl: Command-line interface
Minikube/kind: Local development
Helm: Package management
Prometheus/Grafana: Monitoring
ArgoCD/FluxCD: GitOps
Container runtimes: Docker, containerd
Gateway API v1.5.0: GatewayClass, Gateway, HTTPRoute, GRPCRoute, TLSRoute
Envoy Gateway: Gateway API controller implementation
Cluster API v1.12: CAPI, CAPA (AWS), CAPZ (Azure), CAPD (local)
Go 1.24: Microservice application throughout Phase 5
AKS Workload Identity: OIDC-federated managed identity for Azure workloads
MS Entra Managed Identity: System-assigned and user-assigned identity for AKS
AWS IRSA: IAM Roles for Service Accounts via EKS OIDC federation
EKS Pod Identity: Modern AWS credential vending for Kubernetes pods
Learning Approach
Each article follows this pattern:
Introduction: Real project experiences and why the topic matters
Concepts: Clear explanations with diagrams
Hands-on examples: Practical implementation
Best practices: Production-grade patterns
Common issues: Troubleshooting and solutions
What I learned: Key takeaways and insights
Beyond This Series
After completing these articles, you'll be ready to:
Deploy production workloads to Kubernetes
Implement security and compliance requirements
Build internal developer platforms
Contribute to Kubernetes projects
Pursue Kubernetes certifications (CKA, CKAD, CKS)
Getting Started
Ready to begin? Start with Article 1: Introduction to Kubernetes to understand what Kubernetes is and when you actually need it.
Series Structure
Contributing
Found errors or have suggestions? This series is continuously improved based on real-world experiences and feedback.
Additional Resources
Official Documentation: kubernetes.io/docs
Kubernetes GitHub: github.com/kubernetes/kubernetes
Community: kubernetes.slack.com
CNCF Landscape: landscape.cncf.io
Let's build cloud-native applications together. π
Last updated