Kubernetes Fundamentals

Kubernetes Fundamentals Overview

Attribute	Value
Goal	Production k8s operations competency
Target	Ongoing (learn by doing)
Interest Link	IT > Cloud > Kubernetes/k3s
Status	In Progress
Primary Resource	k3s cluster on kvm-01, Cilium docs
Practice Environment	k3s-master-01 (10.50.1.120)
Documentation	domus-infra-ops: runbooks/k3s-deployment.adoc

Attribute

Value

Goal

Production k8s operations competency

Target

Ongoing (learn by doing)

Interest Link

IT > Cloud > Kubernetes/k3s

Status

In Progress

Primary Resource

k3s cluster on kvm-01, Cilium docs

Practice Environment

k3s-master-01 (10.50.1.120)

Documentation

domus-infra-ops: runbooks/k3s-deployment.adoc

Curriculum

Module	Description	Status	Notes
Core Concepts	Pods, deployments, services	[x] Done	Prometheus/Grafana deployed
Networking	CNI, services, ingress	[x] Done	Cilium + MetalLB
Storage	PV, PVC, StorageClass	[x] Done	NFS provisioner
Configuration	ConfigMaps, Secrets	[x] Done	Vault Agent Injector
Helm	Charts, values, releases	[x] Done	Multiple apps deployed
Observability	Prometheus, Grafana, AlertManager	[x] Done	Full stack running
Security	RBAC, NetworkPolicies, Vault	[ ] In Progress	Cilium policies next
GitOps	ArgoCD, declarative config	[ ] Not Started	Runbook created
HA Operations	Multi-node, etcd, upgrades	[ ] Not Started	Needs kvm-02

Module

Description

Status

Notes

Core Concepts

Pods, deployments, services

[x] Done

Prometheus/Grafana deployed

Networking

CNI, services, ingress

[x] Done

Cilium + MetalLB

Storage

PV, PVC, StorageClass

[x] Done

NFS provisioner

Configuration

ConfigMaps, Secrets

[x] Done

Vault Agent Injector

Helm

Charts, values, releases

[x] Done

Multiple apps deployed

Observability

Prometheus, Grafana, AlertManager

[x] Done

Full stack running

Security

RBAC, NetworkPolicies, Vault

[ ] In Progress

Cilium policies next

GitOps

ArgoCD, declarative config

[ ] Not Started

Runbook created

HA Operations

Multi-node, etcd, upgrades

[ ] Not Started

Needs kvm-02

Progress: 6 / 9 modules (67%)

Current Tasks

Priority	Task	Due	Status
P1	Deploy ArgoCD	2026-03	[ ] Pending
P1	Deploy MinIO (S3 storage)	2026-03	[ ] Pending
P2	Configure Cilium NetworkPolicies	2026-03	[ ] Pending
P2	Add custom Grafana dashboards	2026-03	[ ] Pending

Priority

Task

Due

Status

Deploy ArgoCD

2026-03

[ ] Pending

Deploy MinIO (S3 storage)

2026-03

[ ] Pending

Configure Cilium NetworkPolicies

2026-03

[ ] Pending

Add custom Grafana dashboards

2026-03

[ ] Pending

Deployed Projects

Project	Description	Status
k3s-cluster	Single-node k3s on Rocky 9	[x] Running
cilium-cni	eBPF networking + Hubble	[x] Running
metallb	L2 LoadBalancer (10.50.1.130-140)	[x] Running
traefik-ingress	Ingress controller	[x] Running
prometheus-stack	Prometheus + Grafana + AlertManager	[x] Running
vault-agent	Secrets injection	[x] Running
wazuh-siem	Security monitoring	[x] Running
argocd	GitOps deployment	[ ] Pending
minio	S3-compatible storage	[ ] Pending

Project

Description

Status

k3s-cluster

Single-node k3s on Rocky 9

[x] Running

cilium-cni

eBPF networking + Hubble

[x] Running

metallb

L2 LoadBalancer (10.50.1.130-140)

[x] Running

traefik-ingress

Ingress controller

[x] Running

prometheus-stack

Prometheus + Grafana + AlertManager

[x] Running

vault-agent

Secrets injection

[x] Running

wazuh-siem

Security monitoring

[x] Running

argocd

GitOps deployment

[ ] Pending

minio

S3-compatible storage

[ ] Pending

Key Learnings

From k3s deployment:

Cilium 1.16.5 LTS (not 1.19.x - breaks SSH)
NFS provisioner for dynamic PVCs
MetalLB L2 mode for bare-metal LoadBalancer
Vault Agent TLS requires explicit ca.crt secret

kubectl Patterns:

kubectl get pods -A -o custom-columns=…
kubectl get pods -o json | jq '.items[] | …'
kubectl wait --for=condition=Ready pod -l app=…

Next Focus:

GitOps with ArgoCD
Network policies for zero-trust
HA cluster with 3 control plane nodes