My Kubernetes Learning track
- Alex Morgan
- Learning , Education
- October 16, 2024
My Kubernetes knowledge has been patchy at best for a long time. I remember getting into learning about K8s back in 2019 when reading some great internal articles at Duo in 2019; Jordan Wright’s “Kubernetes is Bad” and Jeremy Erikson’s “Kubernetes is LESS bad”. These were great and had a whole bunch of detail, though at the time I was only really having a look at Kubernetes from a distance and didn’t get too hands-on like I usually would with something new that interests me.
Over the years I did learn more, sporadically. I learnt a bunch listening to Ian Coldwater’s talks and Tweets. I also attended some O’Reily courses on Kubernetes Threat Modeling and tried to dig into the security aspects.
I noticed one thing though, I never really “got it”. I realise now that I jumped ahead too soon, having some background in security and understanding of more traditional networking and computing portions I thought I could just jump straight to the security considerations. I needed to go back, the foundations were missing.
So, a while ago I started to look back at the foundational pieces, and I decided it would be worthwhile putting together a learning track for myself, which you can find below.
This is a collection of learning resources; articles, courses, books and other pieces that I’ve looked at/will look through on Kubernetes. The content here is not meant to cover everything and is intended more as an intro, with some deep dives randomly thrown in there. My goal is not to create a huge list to overwhelm but some places to get started, and other bits to come back to from time to time. Oh, and this assumes a level of understanding of containers in general and the next step is Kubernetes, though I’ve added some links that include both container learning info and K8s.
Learning Track
1️⃣ Where to Start?
Let’s start with the Google paper Large-scale cluster management at Google with Borg.
Generally, people start at or link people to kubernetes.io, but I personally enjoyed going back to this Google paper from 2015, which gives a great foundation and understanding of the “why” for Kubernetes and where it came from after 10 years of Google running Borg in production.
If you’re interested here’s my personal write-up on that paper. Note - It’s rough and quick, and just me learning out loud, so not really meant as a review to hold up to the light.
Renata Rocha recently shared this nice roadmap as a good visual way to tackle learning topics as you get into K8s: https://roadmap.sh/kubernetes
2️⃣ Next?
Let’s have a look at 3 options to check out next:
- Borg, Omega, and Kubernetes: Lessons learned from three container-management systems over a decade - A great paper following on from the above with loads of learnings and explanations around Kubernetes. This could also replace the paper above as a starting point.
- Kubernetes Basics tutorial on kubernetes.io is very solid: https://kubernetes.io/docs/tutorials/kubernetes-basics/
- Want something visual? This Google Comic is a nice explainer (from Google but not GKE specific): https://cloud.google.com/kubernetes-engine/kubernetes-comic
3️⃣ Hands-on
Let’s take a look at some hands-on learning:
- Kubernetes the Hard Way by Kelsey Hightower: https://github.com/kelseyhightower/kubernetes-the-hard-way
- Crank up 4 VMs and get into the weeds from start to finish with Kelsey Hightower. I really enjoyed this as a run-through and managed to enjoy some mistakes that lead me to learning more.
- Folks have suggested the same with Minikube too
- https://kodekloud.com/ - I’ve heard a lot of good things about Klodekloud but I’m yet to check it out
- There are a fair few courses on things like Coursera or others with cloud-specific labs like GKE
Resources
📚 Books
- Kubernetes Up and Running - Third Edition - https://www.oreilly.com/library/view/kubernetes-up-and/9781098110192/ - Enjoyed reading through this and skipping around the sections as I did some hands-on learning.
- Production Kubernetes - https://www.google.co.uk/books/edition/Production_Kubernetes/WrIlEAAAQBAJ?hl=en&gbpv=1&pg=PR2
- I’ve seen this book get some good reviews but I’m yet to check it out, I have it on the bookshelf still.
- The Docker Book - https://books.google.co.uk/books?id=4xQKBAAAQBAJ&printsec=copyright&redir_esc=y#v=onepage&q&f=false
- OK so this is not Kubernetes, but I decided to go back and give this a bit of a read too.
📑 Docs
Blog posts, documentation and other pieces. Not meant to be exhaustive, just a starting point.
- Kubernetes Basics tutorial is very solid: https://kubernetes.io/docs/tutorials/kubernetes-basics/
- The Google Comic mentioned above (from Google but not GKE specific): https://cloud.google.com/kubernetes-engine/kubernetes-comic
- A good set of posts on Container networking setup
- Post that goes into a lot of detail about how Kubernetes works to create a deployment - On GitHub by Jamie Hannaford
- Post on how Kubernetes service traffic direction is done
- Blog post from Figma around their Migration to K8s
- Blog post from Duo on their migration to K8s (I was there at the time this happened)
- The Duo blog mentions this as a good resource to learn from: A compiled list of links to public failure stories related to Kubernetes
- Kubernetes Security
- Azure K8s (AKS)
- Google K8s (GKE)
- Amazon K8s (EKS)
📜 Papers
- Large-scale cluster management at Google with Borg: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43438.pdf
- This really is the starting point I’d suggest, it’s a great read with some nice technical bits but not over the top
- Borg, Omega, and Kubernetes: Lessons learned from three container-management systems over a decade
- Really this is the next step from the above paper, goes into more detail about why Kubernetes is structured in certain ways and the things learnt which are golden! (bonus - it is single column and not double like other papers, big fan 🖤)
📹 Videos
- Kubernetes Networking 101 - Randy Abernethy: https://youtu.be/cUGXu2tiZMc?si=zHK-b-KSlzUru47g&t=713 (Kubercon North America 2022)
- Datadog Playlist, Kubernetes security fundamentals: https://www.youtube.com/playlist?list=PLdh-RwQzDsaNWBex2I09OFLCph7l_KnQE (playlist also includes container security fundamentals videos)
- Surviving Day 2 - How to Troubleshoot Kubernetes Networking: https://www.youtube.com/watch?v=920BZXvQpVs Thomas Graf, Isovalent **** (from KubeCon Europe 2023)
- Debugging Distroless Images with Kubectl Debug and CDebug | Chainguard (2024)
- Strongly suggest checking out Chainguard in general, especially their secure container image repo: https://images.chainguard.dev/. They also have some great education resources https://edu.chainguard.dev/
🏋️ Courses
Kuberenetes.io links to a couple of free courses and the Linux Foundation cert courses: https://kubernetes.io/training/
Getting Started with Google Kubernetes Engine: https://www.cloudskillsboost.google/course_templates/2 - Free on cloudskillboost
Architecting with Google Kubernetes Engine Specialization (Coursera)Getting Started with Google Kubernetes Engine - Need a Coursera subscription Kube Academy by VMware: https://kube.academy/courses/getting-started
Loads more to add here - I’ll add any that are actually good learning experiences, not just ones that are “available”`
🪪 Certification
Certified Kubernetes Administrator (CKA): https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/ Certified Kubernetes Security Specialists (CKS): https://training.linuxfoundation.org/certification/certified-kubernetes-security-specialist/ Certified Cloud Native Security Expert (CCNSE: https://www.practical-devsecops.com/certified-cloud-native-security-expert/
💾 Kubernetes Commands
I thought it’d be fun to throw in some of the commands I’m accustomed to and use, especially for troubleshooting (Taken from my personal Gist on setting up mac env)
Command | Description |
---|---|
kubectl get pods | List pods in current namespace |
kubectl describe pod pod_name | Show pod’s details |
kubectl logs pod_name | View pod’s logs |
kubectl exec -it pod_name -- bash | Enter pod’s shell |
kubectl get nodes | List cluster nodes |
kubectl top nodes | Show node resource usage |
kubectl get deployments | List deployments |
kubectl scale deployment my-app --replicas=3 | Scale app |
kubectl apply -f manifest.yaml | Create/update from file |
kubectl port-forward pod_name 8080:80 | Forward local to pod port |
Kubernetes Troubleshooting
Command | Description |
---|---|
kubectl top nodes | Show node resource usage |
kubectl top pods | Show pod resource usage |
kubectl get events --sort-by='.metadata.creationTimestamp' -n ns | Recent events in namespace |
kubectl get pods --all-namespaces -o wide | All pods with IPs |
kubectl cluster-info dump | Dump cluster state for debugging |
kubectl rollout status deployment/app | Check rollout status |
kubectl scale deployment my-app --replicas=3 | Scale app for performance |
kubectl port-forward pod_name 8080:80 | Forward port for direct access |
kubectl auth can-i create pods | Check permissions |
kubectl get componentstatuses | Check control plane health |