Learn Kubernetes Roadmap

A structured path to mastering Kubernetes for developers who already know Docker. Covers core concepts, local setup, workloads, networking, storage, Helm, security, and production readiness.

study, coding, productivity

by Morris

Container Orchestration Concepts

Understand why Kubernetes exists and what problems it solves that Docker and Docker Compose cannot.

  • Understand the limits of Docker Compose at scale
  • Learn what a container orchestrator does
  • Understand the difference between imperative and declarative configuration
  • Study the Kubernetes core design principles: desired state and reconciliation loops
  • Read the official Kubernetes overview documentation
  • Understand what a cluster is (control plane + worker nodes)

Kubernetes Architecture

Learn the components of the control plane and worker nodes. Understanding what each component does makes debugging and configuration much easier.

  • Learn the control plane components
  • Learn the worker node components
  • Understand how kubectl communicates with the cluster
  • Learn what namespaces are and why they matter
  • Understand how the scheduler decides where to place a Pod
  • Sketch the request flow from kubectl apply to a running container

Local Setup

Get a local Kubernetes cluster running and master the kubectl CLI basics before working with real clusters.

  • Install kubectl
  • Choose and install a local cluster tool: minikube or kind
  • Learn core kubectl commands: get, describe, apply, delete
  • Learn kubectl exec, port-forward, and logs
  • Set up kubectl aliases and autocompletion
  • Explore a running cluster with kubectl get and describe

Pods and Workloads

Learn the core workload resources. Understand when to use Deployments, DaemonSets, and StatefulSets - each solves a different problem.

  • Understand what a Pod is and why it is ephemeral
  • Write a basic Pod manifest and apply it
  • Understand Deployments and ReplicaSets
  • Learn when to use a DaemonSet
  • Learn when to use a StatefulSet
  • Understand Jobs and CronJobs for batch workloads
  • Practice scaling a Deployment up and down

Services and Networking

Learn how traffic flows inside and into a Kubernetes cluster. Services, Ingress, and DNS are essential for connecting your workloads.

  • Understand why Services exist
  • Learn the three main Service types
  • Understand DNS within the cluster
  • Learn what an Ingress is and when to use it
  • Install nginx-ingress-controller on minikube and test routing
  • Understand NetworkPolicies for restricting Pod-to-Pod traffic

ConfigMaps and Secrets

Decouple configuration from container images. Learn when to use ConfigMaps vs Secrets and the right way to consume them.

  • Understand why configuration should not be baked into images
  • Create and use a ConfigMap
  • Create and use a Secret
  • Understand the difference between env vars and volume mounts for config
  • Never commit Secret values to YAML files in version control
  • Practice updating a ConfigMap and observing the change in a running Pod

Storage

Learn how Kubernetes handles persistent storage. Pods are ephemeral; your data must not be.

  • Understand why Pod-local storage is dangerous
  • Understand PersistentVolumes and PersistentVolumeClaims
  • Write a PersistentVolumeClaim and attach it to a Pod
  • Understand access modes: ReadWriteOnce, ReadOnlyMany, ReadWriteMany
  • Understand StatefulSet volume templates for databases
  • Deploy a PostgreSQL StatefulSet to your local cluster and connect to it

Helm Package Manager

Learn Helm to manage complex Kubernetes applications as versioned packages. Essential for installing third-party software and managing your own app releases.

  • Understand what Helm is and why it exists
  • Install Helm and add the Bitnami repository
  • Install a chart and inspect what it created
  • Understand the structure of a Helm chart
  • Use a values.yaml override file for each environment
  • Find charts for common infrastructure on Artifact Hub

Rolling Deployments and Rollbacks

Learn how Kubernetes updates applications with zero downtime and how to configure health probes correctly - the most critical reliability mechanism.

  • Understand the rolling update strategy
  • Configure liveness and readiness probes correctly
  • Implement health check endpoints in your application
  • Trigger a rolling update and watch it happen
  • Understand resource requests and limits and always set them
  • Learn about the HorizontalPodAutoscaler for automatic scaling

Monitoring and Observability

Learn to see what is happening inside your cluster using kubectl, then add Prometheus and Grafana for metrics.

  • Master the debugging workflow with kubectl
  • Understand common Pod failure states
  • Install Prometheus and Grafana via Helm
  • Understand the four golden signals of monitoring
  • Add structured logging to your application
  • Set up basic alerting rules in Prometheus

RBAC and Security

Learn Role-Based Access Control to limit what users and workloads can do in your cluster. Security is not optional in production.

  • Understand the RBAC model: subjects, roles, bindings
  • Create a Role and RoleBinding for a developer
  • Understand ServiceAccounts and why Pods need them
  • Configure security contexts to prevent privilege escalation
  • Use kubectl auth can-i to debug RBAC
  • Scan your manifests for security issues with kubesec or kube-score

Production Readiness Checklist

Before going to production, verify your cluster and workloads meet the essential reliability, security, and observability requirements.

  • Workload requirements: all Deployments have resource requests and limits
  • Health probes: all Deployments have liveness and readiness probes configured
  • Replicas: all critical workloads run with at least 2 replicas; databases use StatefulSets
  • Pod Disruption Budgets: set minAvailable or maxUnavailable to prevent all replicas being taken down during node maintenance
  • Secrets management: no plaintext secrets in YAML committed to source control
  • RBAC: workloads use dedicated ServiceAccounts with minimal permissions; no workload uses the default ServiceAccount
  • Monitoring: Prometheus and Grafana installed; dashboards configured for CPU, memory, error rate, and latency
  • Logging: applications emit structured JSON logs; a log aggregator (Loki, Elasticsearch) collects and indexes them
  • Backup: PersistentVolumes are snapshotted regularly (Velero or cloud provider snapshots)
  • Network policies: default-deny ingress policy in place; services only accept traffic from known sources
Itemi