Kubernetes Platform Engineering-A 24-Week Mastery Roadmap¶

Authoring lens: Principal Platform Engineer / Kubernetes Maintainer. Target outcome: A graduate of this curriculum is capable of (a) building and operating a hardened Kubernetes cluster from scratch on bare metal or any cloud, (b) extending the control plane via custom controllers/operators built with controller-runtime or client-go, and (c) contributing patches to kubernetes/kubernetes or one of its core ecosystems (Cilium, Istio, ArgoCD, Crossplane).

This is not "kubectl in 24 weeks." It assumes the reader has used Kubernetes (deployed an app, run kubectl), understands containers (see the CONTAINER_INTERNALS_PLAN curriculum if not), and is ready to read kubernetes/kubernetes source as primary literature.

Repository Layout¶

File	Purpose
`00_PRELUDE_AND_PHILOSOPHY.md`	What Kubernetes is, what it isn't, the design ethics, reading list.
`01_MONTH_CONTROL_PLANE.md`	Weeks 1–4. etcd & Raft, kube-apiserver, scheduler, controllers.
`02_MONTH_KUBELET_AND_CRI.md`	Weeks 5–8. kubelet, CRI, kube-proxy, CSI, device plugins.
`03_MONTH_CONTROLLERS_AND_OPERATORS.md`	Weeks 9–12. client-go, controller-runtime, CRDs, the operator pattern.
`04_MONTH_NETWORKING_AND_STORAGE.md`	Weeks 13–16. CNI, Cilium/eBPF, service meshes, CSI, dynamic provisioning.
`05_MONTH_PLATFORM_AND_DAY2.md`	Weeks 17–20. GitOps (Argo/Flux), IaC (Crossplane), HPA/VPA, admission, OPA.
`06_MONTH_HARD_WAY_CAPSTONE.md`	Weeks 21–24. K8s the Hard Way; multi-tenancy; mTLS; capstone.
`APPENDIX_A_HARDENING.md`	CIS, Pod Security, network policy, RBAC, audit.
`APPENDIX_B_TROUBLESHOOTING.md`	Reference flows: pod-pending, node-notready, etcd-degraded, etc.
`APPENDIX_C_CONTRIBUTING.md`	Contributing to k8s.io: SIGs, KEPs, first-PR playbook.
`CAPSTONE_PROJECTS.md`	Three tracks: hard-way bare-metal cluster, GitOps platform, operator from scratch.

How Each Week Is Structured¶

Conceptual Core-the why, with a mental model.
Mechanical Detail-the how, with kubernetes/kubernetes source pointers.
Lab-a hands-on exercise using a real cluster (kind, k3s, or hard-way).
Hardening Drill-a security/compliance micro-task.
Operations Slice-a Day-2-ops micro-task: monitoring, scaling, recovery.

Each week is sized for ~12–16 focused hours. Almost every lab requires a working cluster-invest early in a smooth local cluster setup (kind or k3d for dev; a 3-node kubeadm cluster on cloud VMs for realistic ops).

Progression Strategy¶

Control Plane ──► Kubelet & CRI ──► Controllers & Operators
      │                │                    │
      └────────┬───────┴────────────────────┘
               ▼
   Networking & Storage
               │
               ▼
   Platform & Day-2 Ops
               │
               ▼
   Hard Way & Capstone

Prerequisites¶

Container fluency (the CONTAINER_INTERNALS_PLAN weeks 1–3 minimum).
Linux fluency (the LINUX curriculum weeks 9–10 minimum: namespaces & cgroups).
Comfortable with at least one of Go, Python, or Rust at a "I can build a small CLI" level.
A budget for cloud VMs OR hardware to run a multi-node cluster (3 small VMs is sufficient).

Capstone Tracks (pick one in Month 6)¶

Hard Way Track-provision a multi-node Kubernetes cluster from scratch on bare metal or cloud, with mTLS, fine-grained RBAC, multi-tenancy, and a documented runbook.
Platform Track-build a GitOps-driven platform-as-a-service: ArgoCD/Flux + Crossplane + OPA Gatekeeper + multi-tenancy + self-service. Demonstrate onboarding a new team in <30 minutes.
Operator Track-build a non-trivial operator from scratch (e.g., a stateful database operator with backup/restore, or an operator that manages an external SaaS resource via Crossplane composition). Production quality.

Details in CAPSTONE_PROJECTS.md.

Print this path

Want to read offline or archive? Open the printable version — every section of this path concatenated into one page, styled for paper. Use your browser's Print → Save as PDF.