Skip to content
K8S for Devs!

What’s Next?

Section titled “What’s Next?”

Production Operations and Security

Section titled “Production Operations and Security”

You’ve now covered a huge amount of ground — from the absolute basics to the primary workload controllers. At this point, you have the knowledge to run a wide variety of applications.

This series would focus on securing your applications, observing their behavior, and automating their lifecycle.

Chapter 1: Securing Access with Role-Based Access Control (RBAC)

Section titled “Chapter 1: Securing Access with Role-Based Access Control (RBAC)”

Concept
So far, you’ve been acting as the cluster administrator with full permissions. In a real environment, you need to grant limited, specific permissions to users and applications. RBAC is the fundamental security mechanism for controlling who can do what to which resources.

We would learn

  • How to define Roles (namespaced permissions) and ClusterRoles (cluster-wide permissions)
  • How to grant them to users or applications (ServiceAccounts) using RoleBindings and ClusterRoleBindings

Chapter 2: Securing Network Traffic with Network Policies

Section titled “Chapter 2: Securing Network Traffic with Network Policies”

Concept
By default, any Pod can talk to any other Pod in the cluster, regardless of namespace — this is not secure. A NetworkPolicy acts as a firewall for your Pods, allowing you to define explicit rules about what traffic is allowed to enter (ingress) or leave (egress) a Pod.

We would learn

  • How to create a default-deny policy for a namespace
  • How to explicitly allow only the traffic you need (e.g., allowing “frontend” Pods to talk to “backend” Pods on a specific port, and nothing else)

Chapter 3: Monitoring and Alerting with Prometheus

Section titled “Chapter 3: Monitoring and Alerting with Prometheus”

Concept
If you can’t see what’s happening in your cluster, you can’t operate it effectively. Prometheus is the de-facto open-source standard for metrics collection in the Kubernetes world.

We would learn

  • How to install Prometheus in your cluster (using a Helm chart)
  • How to expose and “scrape” metrics from your applications
  • How to write basic PromQL queries to inspect performance data

Chapter 4: Visualizing Data with Grafana

Section titled “Chapter 4: Visualizing Data with Grafana”

Concept
Raw metrics are useful, but visual dashboards are far more powerful for spotting trends and problems. Grafana is the leading open-source tool for building dashboards from data sources like Prometheus.

We would learn

  • How to connect Grafana to our Prometheus instance
  • How to build a basic dashboard to visualize CPU, memory, and request latency of the applications we’ve deployed

Chapter 5: Automating Deployments with GitOps (using Argo CD)

Section titled “Chapter 5: Automating Deployments with GitOps (using Argo CD)”

Concept
So far, we’ve been pushing changes with kubectl apply and helm install. A more modern approach is GitOps — Git becomes the single source of truth, and an agent in the cluster (like Argo CD) automatically syncs the live state with Git.

We would learn

  • The core principles of GitOps
  • How to install and configure Argo CD
  • How to make an application automatically deploy and update whenever you push new YAML/manifests to a GitHub repository