Kubernetes Deep Dive

Topics:

• Kernel namespaces (PID, NET, MNT, UTS, IPC)
• cgroups v1/v2 and resource limits
• veth pairs, bridges, overlay networks
• iproute2 (ip link|addr|route) and tc
• Manual containerization with nsenter (no Docker)

Outcome: Understand Linux process/traffic isolation, debug network/resource issues, and manually assemble a “container.”

Topics:

• OCI image/artifact specs
• Working with registries (Harbor, GHCR, ECR)
• Dockerfile best practices (multi-stage, layer caching)

Outcome: Build secure, optimized images and publish them to repositories.

Topics:

• API objects (Pod → Deployment → ReplicaSet)
• Reconciliation loop: kube-api, scheduler, controller-manager
• etcd and desired state
• CRDs, controller-runtime, operator pattern

Outcome: Describe resources via YAML, troubleshoot lifecycle issues, and write basic controllers.

Topics:

• CNI plugins and pod network namespaces
• kube-proxy and service networking
• ClusterIP/NodePort/LoadBalancer services
• Service Discovery, DNS, headless services
• ingress-nginx: architecture, annotations, LB

Outcome: Design/debug cluster networking and configure public-facing ingress.

Topics:

• Talos architecture: immutability, secure boot
• Cluster deployment and control-plane upgrades
• talm for configuration management
• Debugging without SSH: talosctl, kubectl-node-shell

Outcome: Deploy/maintain Kubernetes clusters on Talos Linux and troubleshoot node issues.

Topics:

• CSI architecture, sidecars, VolumeLifecycle
• PV/PVC/StorageClass, reclaim policies, topology-aware volumes
• Snapshots and VolumePopulator
• In-tree vs. CSI drivers

Outcome: Master Kubernetes storage, select drivers, and manage volumes/backups in production.

Topics:

• DRBD and block device replication
• linstor-controller, satellite, linstor-csi
• Volume/replica/snapshot management
• Quorum, fencing, replica balancing

Outcome: Deploy LINSTOR, ensure HA volumes, and recover from failures.

Topics:

• Cilium/Kube-OVN: eBPF datapath
• CNI chaining
• MetalLB for external load balancing
• Ingress/egress traffic
• NetworkPolicy (L3/L4 + L7 HTTP)
• Debugging with cilium-dbg, tcpdump -i vxlan

Outcome: Confidently debug Kubernetes networking, enforce security policies, and fix complex issues.

Topics:

• apiserver AuthN/AuthZ
• JWT tokens, certificates
• Keycloak integration
• ServiceAccount and RBAC policies
• oauth-proxy/oidc-proxy

Outcome: Implement SSO authentication and delegate secure access.

Topics:

• KubeVirt architecture: virt-operator, virt-launcher, libvirt-qemu
• VM lifecycle, hot-plug disks/networks
• Frontend/backend networking
• Storage and live migration

Outcome: Run/debug VMs inside Kubernetes.

Topics:

• Cluster API: CRDs, providers
• etcd, KubeVirt-CSI, CCM, cluster-autoscaler
• Kamaji, Konnectivity for multi-layer traffic

Outcome: Automate nested Kubernetes cluster lifecycle.

Topics:

• CI: buildx, artifact publishing
• CD: ArgoCD vs. FluxCD
• Cozystack’s cozypkg for developer workflows

Outcome: Automate CI/CD and release cycles.

Topics:

• Metrics/logs with VictoriaMetrics, Grafana
• Alerting pipeline (IRM via Alerta)
• Incident resolution best practices

Outcome: Master monitoring, logging, and alerting.

Topics:

• Kubernetes API Aggregation Layer
• OpenAPI/Swagger
• Cozystack’s Core/System/Apps CRDs

Outcome: Extend Cozystack’s platform functionality.

Topics:

• kubebuilder scaffolding, CRD v1
• controller-runtime: reconcile, watches, ownerRef
• Validating/Mutating webhooks
• ChatGPT as a pair-programmer

Outcome: Build operators to automate custom app lifecycles.

Topics:

• SeaweedFS: master, volume-server, filer-server, S3 gateway
• Replication backends
• COSI (Container Object Storage Interface):
  • S3 bucket provisioning via Kubernetes manifests
  • Temporary credentials for apps
• Debugging with weed shell

Outcome: Deploy S3-compatible storage in-cluster and automate bucket lifecycle.