Chuyển tới nội dung chính
Kubernetes

Kubernetes Roadmap

Hành trình mastering Kubernetes từ core concepts đến production-grade security, observability và GitOps — chuẩn bị cho CKA/CKAD.

7Giai đoạn
38Chủ đề
20Bắt buộc
⬤ Bắt buộc — phải học⬤ Nên học — quan trọng⬤ Tuỳ chọn — mở rộng
Stage 1

Core Concepts

Architecture, Pods, Deployments, Services — nền tảng K8s không thể bỏ qua

🏗️K8s ArchitectureControl plane (etcd, API server, scheduler), kubelet, kube-proxyBắt buộc
📦Pods & ContainersLifecycle phases, init containers, sidecar pattern, probesBắt buộc
🔄Deployments & ReplicaSetsRolling updates, rollbacks, maxSurge/maxUnavailableBắt buộc
🌐ServicesClusterIP, NodePort, LoadBalancer, ExternalName, selectorsBắt buộc
📂NamespacesResource isolation, default quotas, cross-namespace DNSBắt buộc
🏷️Labels, Annotations & SelectorsMetadata strategy, node affinity, topology spreadBắt buộc
Stage 2⚙️

Configuration & Storage

ConfigMaps, Secrets, PersistentVolumes — quản lý config và state đúng cách

📋ConfigMapsenv vars, envFrom, volume mounts, config reload patternsBắt buộc
🔐SecretsOpaque, TLS, docker-registry types — encryption at restBắt buộc
💾Persistent VolumesPV, PVC, access modes (RWO/ROX/RWX), reclaim policiesBắt buộc
🗂️Storage ClassesDynamic provisioning, volume binding mode, CSI driversBắt buộc
📊Resource Requests & LimitsCPU throttling, OOMKill, LimitRange, QoS classesBắt buộc
Stage 3🎛️

Workload Controllers

StatefulSets, DaemonSets, Jobs — đúng controller cho đúng workload

🗄️StatefulSetsStable network identity, ordered pod management, volumeClaimTemplatesBắt buộc
🤖DaemonSetsNode-level agents, log collectors, monitoring exportersNên học
Jobs & CronJobsBatch workloads, parallelism, backoffLimit, concurrencyPolicyNên học
📈Horizontal Pod AutoscalerCPU/memory metrics, custom metrics API, stabilization windowNên học
📏Vertical Pod AutoscalerResource right-sizing, Off/Initial/Auto modesTuỳ chọn
Stage 4🌐

Networking

Ingress, Network Policies, Service Mesh — L7 networking và traffic control

🚪Ingress Controllersnginx, AWS ALB, Traefik, path/host routing, TLS terminationBắt buộc
🛡️Network PoliciesPod-to-pod isolation, ingress/egress rules, namespace selectorBắt buộc
🔗CoreDNSService discovery, headless services, custom DNS, Corefile tuningNên học
🔌CNI PluginsCalico, Flannel, Cilium — eBPF networking, network policiesNên học
🕸️Service Mesh (Istio)mTLS, traffic management, circuit breaking, observabilityTuỳ chọn
Stage 5🔒

Security

RBAC, Pod Security, Secrets Management — zero-trust Kubernetes cluster

🔑RBACRoles, ClusterRoles, RoleBindings, ClusterRoleBindings, auditBắt buộc
👤Service AccountsProjected tokens, IRSA (AWS), Workload Identity (GCP)Bắt buộc
🛡️Pod Security StandardsPrivileged / Baseline / Restricted profiles, admissionBắt buộc
🔐External SecretsESO, AWS Secrets Manager, Vault, SOPS+age encryptionNên học
🔍Image SecurityTrivy image scanning, OPA Gatekeeper, Kyverno policiesNên học
🦅Falco (Runtime Security)Syscall monitoring, abnormal behavior detectionTuỳ chọn
Stage 6📦

Package Management & GitOps

Helm, Kustomize, ArgoCD — deployment best practices cho production

Helm ChartsTemplates, named templates, values, chart repos, OCI registryBắt buộc
🧩KustomizeBases, overlays, patches, configmap/secret generatorsNên học
🔄GitOps với ArgoCDApp of Apps, sync waves, health checks, notificationsNên học
🌊FluxCDHelm controller, Kustomize controller, image automationTuỳ chọn
Stage 7📊

Observability & Operations

Prometheus, Grafana, Loki — full-stack monitoring cho production K8s

🔥PrometheusMetrics scraping, PromQL, recording rules, AlertmanagerBắt buộc
📊Grafana DashboardsPre-built K8s dashboards, data sources, alert routingBắt buộc
📋Loki (Logging)Log aggregation, LogQL, label selectors, PromtailNên học
🔍Jaeger / Tempo (Tracing)Distributed tracing, span context propagation, samplingTuỳ chọn
📈Cluster AutoscalerNode provisioning/deprovisioning, scale-down policiesNên học
🚀KarpenterJust-in-time node provisioning, consolidation, spot supportTuỳ chọn
🌍Multi-cluster ManagementCluster API, Fleet, ArgoCD multi-cluster, SubmarinerTuỳ chọn