The Complete Kubernetes Learning Roadmap — From Beginner to CKA/CKAD

February 10, 2026 · 12 min read

DevOps & Cloud Learning Hub

Learning Kubernetes without a roadmap is like navigating a city without a map — you will eventually get somewhere, but you will waste a lot of time going in circles. This is the plan I wish I had when I started. Six months of structured learning, from "what is a container" to passing the CKA exam and being confident enough to run production clusters.

The 6-Month Plan — Overview

Month	Focus	Goal
Month 1	Foundations	Understand containers, pods, core objects
Month 2	Core Operations	Deployments, Services, storage, configuration
Month 3	Networking and Security	Network model, Ingress, RBAC, policies
Month 4	Operations and Observability	Monitoring, logging, Helm, GitOps
Month 5	Advanced Topics	Operators, service mesh, performance, multi-cluster
Month 6	Certification Prep	CKA/CKAD practice, mock exams, weak spots

Month 1 — Foundations (Weeks 1-4)

Week 1: Containers and Docker

Before Kubernetes, you need to understand what it orchestrates. Build containers, write Dockerfiles, understand layers and image registries.

# Build a simple container
cat > Dockerfile <<EOF
FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]
EOF

docker build -t my-app:v1 .
docker run -p 3000:3000 my-app:v1

Practice: Containerize 3 different applications (Node.js, Python Flask, Go). Push them to Docker Hub.

Week 2: Kubernetes Architecture

Learn the control plane (API server, etcd, scheduler, controller manager) and node components (kubelet, kube-proxy, container runtime). Understand how a kubectl apply travels through the system.

# Set up a local cluster
# Option 1: Minikube
minikube start --cpus=4 --memory=8192

# Option 2: kind (Kubernetes in Docker) — lightweight, multi-node
kind create cluster --config=- <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
  - role: worker
  - role: worker
EOF

# Explore the cluster
kubectl cluster-info
kubectl get nodes -o wide
kubectl get pods -n kube-system

Related post: Kubernetes Fundamentals

Week 3: Pods and Basic Objects

Create pods imperatively and declaratively. Understand pod lifecycle, restart policies, and multi-container pods.

# Imperative
kubectl run nginx --image=nginx:1.25 --port=80

# Declarative
kubectl apply -f pod.yaml

# Debug
kubectl describe pod nginx
kubectl logs nginx
kubectl exec -it nginx -- /bin/sh

Related post: Kubernetes Pods Deep Dive

Week 4: Namespaces and kubectl Mastery

Learn namespaces for isolation, resource quotas, and become fast with kubectl. Speed matters for the CKA exam.

# Essential kubectl shortcuts (add to ~/.bashrc)
alias k='kubectl'
alias kgp='kubectl get pods'
alias kgs='kubectl get svc'
alias kgn='kubectl get nodes'
alias kd='kubectl describe'
alias kaf='kubectl apply -f'
alias kdel='kubectl delete'

# Context switching
kubectl config get-contexts
kubectl config use-context production-cluster
kubectl config set-context --current --namespace=production

Related posts: Kubernetes Namespaces, kubectl Mastery

Month 1 Self-Check

Can you explain the Kubernetes architecture from memory?
Can you create a pod from scratch without looking at docs?
Can you troubleshoot a pod stuck in CrashLoopBackOff?
Can you navigate kubectl without pausing to think?

Month 2 — Core Operations (Weeks 5-8)

Week 5: Deployments and ReplicaSets

Rolling updates, rollbacks, scaling strategies. Understand the Deployment -> ReplicaSet -> Pod hierarchy.

Related post: Kubernetes Deployments

Week 6: Services and Service Discovery

ClusterIP, NodePort, LoadBalancer, ExternalName. Understand DNS-based service discovery (service-name.namespace.svc.cluster.local).

Related post: Kubernetes Services

Week 7: Storage — PV, PVC, StorageClass

Static and dynamic provisioning, access modes, reclaim policies. Deploy a StatefulSet with per-pod persistent storage.

# Dynamic provisioning example
kubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-volume
spec:
  accessModes: ["ReadWriteOnce"]
  storageClassName: standard
  resources:
    requests:
      storage: 10Gi
EOF

kubectl get pvc
kubectl get pv

Related post: Kubernetes Storage

Week 8: ConfigMaps, Secrets, and Environment Configuration

Inject configuration into pods via environment variables and volume mounts. Understand the difference between ConfigMaps and Secrets.

Related post: ConfigMaps and Secrets

Month 2 Self-Check

Can you perform a rolling update and rollback?
Can you explain how DNS-based service discovery works?
Can you set up a StatefulSet with persistent storage?
Can you inject ConfigMaps and Secrets into a pod both as env vars and volume mounts?

Month 3 — Networking and Security (Weeks 9-12)

Week 9: Kubernetes Networking Model

Pod networking, CNI plugins (Calico, Cilium, Flannel), pod-to-pod communication, Service networking, kube-proxy modes (iptables vs IPVS).

Related post: Kubernetes Networking

Week 10: Ingress and Traffic Management

Ingress controllers (NGINX, Traefik), path-based and host-based routing, TLS termination, cert-manager for automatic certificates.

Related post: Kubernetes Ingress

Week 11: RBAC and Authentication

Roles, ClusterRoles, RoleBindings, ServiceAccounts. Set up least-privilege access for developers and CI/CD pipelines.

Related post: Kubernetes RBAC

Week 12: Security Hardening

Pod Security Standards, Network Policies, Secrets encryption, image scanning, admission controllers.

Related post: Kubernetes Security

Month 3 Self-Check

Can you write a Network Policy from scratch?
Can you configure an Ingress with TLS?
Can you set up RBAC that gives a developer read-only access to one namespace?
Can you explain the difference between Pod Security Standards levels?

Month 4 — Operations and Observability (Weeks 13-16)

Week 13: Monitoring with Prometheus and Grafana

Deploy the Prometheus stack, understand metrics collection, set up dashboards and alerting rules.

Related post: Kubernetes Monitoring

Week 14: Logging with EFK/Loki

Centralized logging, Fluent Bit as DaemonSet, structured logging, log aggregation and querying.

Related post: Kubernetes Logging

Week 15: Helm Package Manager

Charts, values files, templates, hooks, dependencies. Create your own Helm chart from scratch.

# Create a chart scaffold
helm create my-app
# Edit templates and values.yaml
helm install my-app ./my-app --values production.yaml
helm upgrade my-app ./my-app --values production.yaml
helm list
helm history my-app

Related post: Kubernetes Helm

Week 16: GitOps with ArgoCD

Declarative application management, sync policies, ApplicationSets, progressive delivery.

Related post: Kubernetes GitOps

Month 4 Self-Check

Can you deploy Prometheus and create a custom alert?
Can you query logs across all pods in a namespace?
Can you create and deploy a Helm chart?
Can you set up ArgoCD to deploy from a Git repo?

Month 5 — Advanced Topics (Weeks 17-20)

Week 17: Operators and CRDs

Build a custom operator, understand the operator pattern, controller-runtime, reconciliation loops.

Related post: Kubernetes Operators

Week 18: Service Mesh

Istio or Linkerd installation, traffic management, mTLS, observability features, canary deployments.

Related post: Kubernetes Service Mesh

Week 19: Performance Tuning and Cost Optimization

Control plane tuning, CoreDNS optimization, right-sizing pods, autoscaling strategies, cost monitoring.

Week 20: Multi-Cluster and Disaster Recovery

Multi-cluster patterns, Velero backups, etcd backup/restore, DR strategies, federation.

Month 5 Self-Check

Can you explain the operator pattern and when to use it?
Can you configure Istio for canary deployments?
Can you identify and fix a performance bottleneck?
Can you back up and restore a cluster with Velero?

Month 6 — Certification Prep (Weeks 21-24)

Certification Guide

Cert	Focus	Duration	Passing Score	Cost	Difficulty
CKA	Cluster administration, troubleshooting	2 hours	66%	$395	Medium-Hard
CKAD	Application developer tasks	2 hours	66%	$395	Medium
CKS	Security specialist	2 hours	67%	$395	Hard

Recommended order: CKAD first (easiest, builds confidence), then CKA, then CKS.

Week 21-22: CKA/CKAD Focused Practice

# CKA core topics — practice these until they are muscle memory:
# 1. Cluster installation with kubeadm
kubeadm init --pod-network-cidr=192.168.0.0/16

# 2. etcd backup and restore
ETCDCTL_API=3 etcdctl snapshot save /tmp/etcd-backup.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

# 3. Troubleshooting broken clusters
kubectl get nodes  # Check node status
kubectl get pods -n kube-system  # Check control plane pods
systemctl status kubelet  # Check kubelet on the node
journalctl -u kubelet  # Check kubelet logs

# 4. Network policies
# 5. RBAC
# 6. Upgrade a cluster (kubeadm upgrade)
# 7. Volumes and storage

Week 23: Mock Exams

Take at least 3 full mock exams under timed conditions. Do not look at answers until the timer runs out.

Week 24: Weak Spot Review

Review every question you got wrong in mock exams. Redo those topics until they are second nature.

Exam Tips

Bookmark the docs — kubernetes.io/docs is open during the exam. Know where things are.
Use imperative commands — kubectl run, kubectl create, kubectl expose are faster than writing YAML.
Set up aliases first — alias k=kubectl, export do="--dry-run=client -o yaml".
Use kubectl explain — kubectl explain pod.spec.containers.livenessProbe is faster than searching docs.
Do not get stuck — Flag hard questions and come back. Easy questions are worth the same points.
Practice with the PSI browser — The exam environment is different from your local terminal.

# Speed tricks for the exam
alias k=kubectl
export do="--dry-run=client -o yaml"

# Generate YAML templates quickly
k run nginx --image=nginx $do > pod.yaml
k create deployment web --image=nginx --replicas=3 $do > deploy.yaml
k create service clusterip web --tcp=80:80 $do > svc.yaml
k create configmap app-config --from-literal=key=value $do > cm.yaml
k create secret generic db-creds --from-literal=password=s3cret $do > secret.yaml

Skills Checklist

Track your progress with this checklist. You should be able to do all of these confidently before attempting the CKA:

#	Skill	Status
1	Create pods, deployments, services from memory
2	Perform rolling updates and rollbacks
3	Configure ConfigMaps and Secrets
4	Set up PersistentVolumes and StatefulSets
5	Write and apply Network Policies
6	Configure RBAC (Roles, Bindings, ServiceAccounts)
7	Set up Ingress with TLS
8	Deploy monitoring with Prometheus
9	Configure centralized logging
10	Create and deploy Helm charts
11	Set up GitOps with ArgoCD
12	Troubleshoot CrashLoopBackOff, Pending, ImagePullBackOff
13	Troubleshoot node NotReady
14	Backup and restore etcd
15	Configure HPA and VPA
16	Write liveness, readiness, and startup probes
17	Debug networking issues between pods/services
18	Manage namespaces, quotas, and limit ranges
19	Install a cluster with kubeadm
20	Upgrade a cluster (control plane + nodes)
21	Drain and cordon nodes
22	Use JSONPath and custom-columns with kubectl
23	Understand pod scheduling (affinity, taints, tolerations)
24	Configure Pod Security Standards

Career Paths

Kubernetes skills open several career paths. Your choice depends on whether you prefer infrastructure, applications, or a mix:

Role	Focus	K8s Depth	Avg Salary (US)
Kubernetes Administrator	Cluster lifecycle, upgrades, security	Deep	$130-170K
Platform Engineer	Developer experience, internal platforms, IaC	Deep	$150-200K
Site Reliability Engineer	Reliability, monitoring, incident response	Medium-Deep	$150-200K
Cloud Native Developer	Building apps for K8s, 12-factor, microservices	Medium	$120-160K
DevOps Engineer	CI/CD, infrastructure, automation	Medium	$120-170K

Practice Resources

Free

Resource	What It Offers
Minikube	Local single-node cluster
kind	Multi-node clusters in Docker containers
KillerCoda	Free browser-based K8s labs
Kubernetes docs	Official tutorials and task guides
Play with Kubernetes	Browser-based K8s playground

Paid (Worth It)

Resource	What It Offers	Cost
KodeKloud	Video courses + hands-on labs	~$25/month
Killer.sh	CKA/CKAD exam simulators (2 free with exam purchase)	Included with exam
A Cloud Guru	Video courses + cloud sandboxes	~$35/month

Lab Setup Guide

# Recommended local lab: kind with 3 nodes
cat > kind-cluster.yaml <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
    kubeadmConfigPatches:
      - |
        kind: InitConfiguration
        nodeRegistration:
          kubeletExtraArgs:
            node-labels: "ingress-ready=true"
    extraPortMappings:
      - containerPort: 80
        hostPort: 80
        protocol: TCP
      - containerPort: 443
        hostPort: 443
        protocol: TCP
  - role: worker
  - role: worker
EOF

kind create cluster --config kind-cluster.yaml --name lab

# Install essentials
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install monitoring prometheus-community/kube-prometheus-stack -n monitoring --create-namespace

All 30 Kubernetes Posts — Organized by Topic

Use this as your study index. Each post covers a specific topic in depth:

Topic Area	Posts
Fundamentals	Kubernetes Fundamentals, Pods Deep Dive, Deployments, Services
Configuration	Namespaces, ConfigMaps and Secrets, Storage
CLI and Tooling	kubectl Mastery, Helm
Networking	Networking, Ingress
Security	RBAC, Security
Observability	Monitoring, Logging
Operations	Troubleshooting, GitOps, Production Checklist
Advanced	Operators, Service Mesh, Cost Optimization
Architecture	Multi-Cluster, Disaster Recovery, Performance Tuning
Career	Interview Questions, Complete Roadmap (this post)

Six months is enough time to go from zero to CKA-certified if you are consistent. The key word is consistent — 1 hour every day beats 7 hours on Sunday. Set up your lab cluster today, start with Week 1, and do not skip the self-checks. Every expert was once a beginner who just refused to stop practicing.

The 6-Month Plan — Overview​

Month 1 — Foundations (Weeks 1-4)​

Week 1: Containers and Docker​

Week 2: Kubernetes Architecture​

Week 3: Pods and Basic Objects​

Week 4: Namespaces and kubectl Mastery​

Month 1 Self-Check​

Month 2 — Core Operations (Weeks 5-8)​

Week 5: Deployments and ReplicaSets​

Week 6: Services and Service Discovery​

Week 7: Storage — PV, PVC, StorageClass​

Week 8: ConfigMaps, Secrets, and Environment Configuration​

Month 2 Self-Check​

Month 3 — Networking and Security (Weeks 9-12)​

Week 9: Kubernetes Networking Model​

Week 10: Ingress and Traffic Management​

Week 11: RBAC and Authentication​

Week 12: Security Hardening​

Month 3 Self-Check​

Month 4 — Operations and Observability (Weeks 13-16)​

Week 13: Monitoring with Prometheus and Grafana​

Week 14: Logging with EFK/Loki​

Week 15: Helm Package Manager​

Week 16: GitOps with ArgoCD​

Month 4 Self-Check​

Month 5 — Advanced Topics (Weeks 17-20)​

Week 17: Operators and CRDs​

Week 18: Service Mesh​

Week 19: Performance Tuning and Cost Optimization​

Week 20: Multi-Cluster and Disaster Recovery​

Month 5 Self-Check​

Month 6 — Certification Prep (Weeks 21-24)​

Certification Guide​

Week 21-22: CKA/CKAD Focused Practice​

Week 23: Mock Exams​

Week 24: Weak Spot Review​

Exam Tips​

Skills Checklist​

Career Paths​

Practice Resources​

Free​

Paid (Worth It)​

Lab Setup Guide​

All 30 Kubernetes Posts — Organized by Topic​

Stay Updated