Advanced Kubernetes Bootcamp : SFD-CKPro – Certified Kubernetes Professional

About Course

You already know how to deploy applications on Kubernetes.
Now it’s time to build production-grade systems.

This course is designed for developers and DevOps engineers who have completed the basics of Kubernetes and want to move beyond “it works” to scalable, traffic-aware, secure, and extensible Kubernetes workloads.

In this course, you’ll learn how Kubernetes behaves under real production conditions—how pods are scheduled across nodes and zones, how resources are allocated and scaled, how traffic enters and flows through the cluster, and how Kubernetes can be extended using CRDs and Operators.

You’ll also explore modern Kubernetes traffic management using the Gateway API, understand when (and when not) to introduce a service mesh, and learn how application teams can apply security controls without slowing down development.

Finally, the course introduces you to Agentic Kubernetes—how AI-assisted tools can help debug, operate, and extend Kubernetes systems—setting the stage for more advanced automation and AgenticOps courses later.

This is the natural next step after Kubernetes Essentials and the bridge toward advanced platform engineering, operators, and automation.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Understand and apply advanced pod scheduling using affinity, anti-affinity, and topology spread constraints
Manage CPU and memory resources effectively using requests, limits, and Kubernetes autoscaling patterns
Implement autoscaling strategies using HPA, VPA, and KEDA based on real workload needs
Design modern traffic entry and routing using the Kubernetes Gateway API
Apply rate limiting, authentication, and routing strategies for multi-team Kubernetes environments
Decide when a service mesh is required—and when it is not
Secure Kubernetes workloads using NetworkPolicies, Pod Security Admission, and RBAC (from an application team perspective)
Package and manage applications using Helm charts with real-world best practices
Extend Kubernetes using Custom Resource Definitions (CRDs)
Understand and design Kubernetes Operators, including when not to write one
Explore AI-assisted and agentic approaches to Kubernetes debugging and operations (introductory level)

Course Content

Module 0: Introduction and Getting Started
Think of Module 0 as setting the baseline. You'll create a local Kubernetes cluster using KIND, deploy all five components of the voting application, and verify it works end-to-end. This deployment works, but it's not production-ready. Over the next nine modules, you'll evolve this basic setup into a robust, scalable, secure production deployment. By the end of this module, you'll have a working multi-node Kubernetes cluster with the Example Voting App running locally. This exact setup becomes your playground for exploring advanced scheduling, autoscaling, traffic management, security policies, and more.

Welcome and About this Course

02:52
Introduction and Getting Started
What will you learn ?

04:58
Setting up 3 Node Kubernetes Cluster with KiND

10:10
Deploy the Sample App

08:10
Lab: Setting Up Your Kubernetes Playground
Module Wrap Up

00:48
Quiz: Module 0 – Introduction and Getting Started

Module 1: Advanced Pod Scheduling
This module teaches you to take control of the scheduler. You'll learn how to place postgres on SSD nodes, spread vote replicas across different machines, and use taints to keep general workloads off your database servers. These are the first production readiness improvements to your application.

Introduction to Module 2

01:27
Module 1: Advanced Pod Scheduling
How Scheduler Works ?

05:18
Affinity – nodeAffinity, podAffinity, podAntiAffinity

10:09
Taints and Tolerations

08:31
Lab Walkthrough

06:11
Lab: Scheduling the Voting App for Production
Quiz: Module 1 – Advanced Pod Scheduling
Module 1 Wrapup

00:43

Module 2: Autoscaling – HPA, VPA and KEDA
Autoscaling makes the app self-adjusting. Kubernetes watches metrics, compares them to targets you define, and automatically adjusts replicas or resource allocations. Your Voting App becomes resilient to traffic spikes without manual intervention.

Module 3: Gateway API
In this module, you'll install a Gateway controller (Contour), create Gateway and HTTPRoute resources, implement sophisticated routing rules for the Voting App, and explore traffic splitting patterns for canary deployments. By the end, you'll understand why Gateway API is the future of Kubernetes traffic management.

Overview
Introduction to Gateway API

01:49
Reading Materials
Ingress Problems

02:33
Resource Model

03:09
HTTP Route

02:55
Traffic Splitting

02:10
Namespaces & Controllers

02:29
Migrating from Ingress to Gateway API

02:00
Lab: Routing Traffic with Gateway API
Quiz: Module 3 – Gateway API

Module 4: Service Mesh
Service mesh is a crossroads decision in production readiness. Many teams adopt it prematurely, adding complexity without benefit. Others add it too late, missing observability and security gaps. This module teaches you when a service mesh adds value versus when it adds unnecessary overhead.

Overview
What is Service Mesh & Why Should You Care?

02:35
The Sidecar Pattern — How It Works

03:31
The Three Superpowers: mTLS, Observability, Traffic Management

04:19
Istio vs Linkerd — Swiss Army Knife vs Scalpel

04:15
The Decision Framework — Should You Adopt?

05:04
Alternatives & When to Say “Not Yet”

04:30
Wrap-up & Lab Preview

03:13
Reading : Service Mesh: When to Adopt
Quest: Service Mesh Exploration with Linkerd
Quiz: Module 4 – Service Mesh

Module 5: Security – Network Policies, Pod Security Admission , RBAC Policies
This module teaches defense-in-depth security for Kubernetes applications. You'll build multiple layers of protection, each addressing different attack vectors. NetworkPolicy controls traffic at the network level. Pod Security Admission prevents privilege escalation at the pod level. RBAC limits API access. Secrets management protects credentials. Together, these layers create a security posture that's resilient even when individual components are compromised.

Overview
Intro: Your App is Wide Open

02:56
NetworkPolicy: Building Walls Between Pods

05:08
Pod Security Admission: No More Dangerous Pods

05:06
RBAC: Least Privilege for Your Apps

04:51
Secrets: Stop Putting Passwords in Plain Sight

05:29
Defense in Depth: Tying It All Together

00:00
Lab: Securing the Voting App
Quiz: Module 5 – Security (NetworkPolicy, PSA, RBAC)

Module 6: Writing Helm Charts
Helm is the package manager for Kubernetes. It transforms your collection of YAML files into reusable, parameterized, versionable deployment packages called charts.

Overview
Writing Helm Charts
Lab: Helm-ifying the Voting App
Quiz: Module 6 – Writing Helm Charts
The Raw YAML Problem
Helm’s Big Three
Inside a Helm Chart
Templates and Values
The Templatization Trap
Chart Dependencies
Lifecycle Hooks
What’s Coming in the Lab

Module 7: CRDs
CRDs are the foundation of the Kubernetes extension model. Once you understand CRDs, you unlock Operators (Module 8), Helm patterns, and the entire CNCF ecosystem

Module 8: Building K8s Operators (Workflow)
This module transforms you from "I created a CRD" to "I built an operator that automates reconciliation." You'll build a working VoteConfig operator using Kubebuilder that watches VoteConfig resources and automatically creates and updates ConfigMaps. By the end, you'll understand the complete operator development workflow and how operators make custom resources truly declarative.

Module 9: Intro to Agentic Kubernetes
This module introduces the emerging field of AI-assisted Kubernetes operations. You will learn how Model Context Protocol enables AI models to interact with your cluster safely, try AI-powered troubleshooting on deliberately broken deployments, and develop the safety awareness needed to use these tools responsibly.

Student Ratings & Reviews

No Review Yet

About Course

Membership Required

Membership Required

What Will You Learn?

Course Content

Welcome and About this Course

Introduction and Getting Started

What will you learn ?

Setting up 3 Node Kubernetes Cluster with KiND

Deploy the Sample App

Lab: Setting Up Your Kubernetes Playground

Module Wrap Up

Quiz: Module 0 – Introduction and Getting Started

Introduction to Module 2

Module 1: Advanced Pod Scheduling

How Scheduler Works ?

Affinity – nodeAffinity, podAffinity, podAntiAffinity

Taints and Tolerations

Lab Walkthrough

Lab: Scheduling the Voting App for Production

Quiz: Module 1 – Advanced Pod Scheduling

Module 1 Wrapup

Module 2: Autoscaling – HPA, VPA and KEDA Autoscaling makes the app self-adjusting. Kubernetes watches metrics, compares them to targets you define, and automatically adjusts replicas or resource allocations. Your Voting App becomes resilient to traffic spikes without manual intervention.

Module Intro

Autoscaling 101

Autoscaling Reading Material

Horizontal Pod Autoscaler Concepts

Verticle Pod Autoscaler

Kubernetes Event Driven Automation (KEDA)

Lab: Making the Voting App Auto-Scale

Quiz: Module 2 – Autoscaling

Overview

Introduction to Gateway API

Reading Materials

Ingress Problems

Resource Model

HTTP Route

Traffic Splitting

Namespaces & Controllers

Migrating from Ingress to Gateway API

Lab: Routing Traffic with Gateway API

Quiz: Module 3 – Gateway API

Overview

What is Service Mesh & Why Should You Care?

The Sidecar Pattern — How It Works

The Three Superpowers: mTLS, Observability, Traffic Management

Istio vs Linkerd — Swiss Army Knife vs Scalpel

The Decision Framework — Should You Adopt?

Alternatives & When to Say “Not Yet”

Wrap-up & Lab Preview

Reading : Service Mesh: When to Adopt

Quest: Service Mesh Exploration with Linkerd

Quiz: Module 4 – Service Mesh

Overview

Intro: Your App is Wide Open

NetworkPolicy: Building Walls Between Pods

Pod Security Admission: No More Dangerous Pods

RBAC: Least Privilege for Your Apps

Secrets: Stop Putting Passwords in Plain Sight

Defense in Depth: Tying It All Together

Lab: Securing the Voting App

Quiz: Module 5 – Security (NetworkPolicy, PSA, RBAC)

Module 6: Writing Helm Charts Helm is the package manager for Kubernetes. It transforms your collection of YAML files into reusable, parameterized, versionable deployment packages called charts.

Overview

Writing Helm Charts

Lab: Helm-ifying the Voting App

Quiz: Module 6 – Writing Helm Charts

The Raw YAML Problem

Helm’s Big Three

Inside a Helm Chart

Templates and Values

The Templatization Trap

Chart Dependencies

Lifecycle Hooks

What’s Coming in the Lab

Module 7: CRDs CRDs are the foundation of the Kubernetes extension model. Once you understand CRDs, you unlock Operators (Module 8), Helm patterns, and the entire CNCF ecosystem

Overview

Module 7: Extending Kubernetes with CRDs

Lab: Creating the VoteConfig Custom Resource

Quiz: Module 7 – Extending Kubernetes with CRDs

Module 2: Autoscaling – HPA, VPA and KEDA
Autoscaling makes the app self-adjusting. Kubernetes watches metrics, compares them to targets you define, and automatically adjusts replicas or resource allocations. Your Voting App becomes resilient to traffic spikes without manual intervention.

Module 6: Writing Helm Charts
Helm is the package manager for Kubernetes. It transforms your collection of YAML files into reusable, parameterized, versionable deployment packages called charts.

Module 7: CRDs
CRDs are the foundation of the Kubernetes extension model. Once you understand CRDs, you unlock Operators (Module 8), Helm patterns, and the entire CNCF ecosystem