☸️ kubejutsu

Train like a shinobi. Build like an engineer.

Hands-on Kubernetes labs with a disciplined, mission-based workflow: manifests, debugging, networking, storage, security, Helm, scheduling, observability, and real-world troubleshooting.

---

Why this repository exists

kubejutsu is a public Kubernetes lab repository built to document real practice, not just collect YAML.

The core idea is simple:

• write manifests by hand
• solve the task yourself first
• verify everything with kubectl
• keep the exact commands you used
• document what failed, what changed, and what you learned
• keep each lab in its own folder

This gives the repository two strengths:

• it stays useful as a public portfolio
• it stays useful as a real training archive

The visual identity can be shinobi-inspired, but the technical content stays practical, clean, and production-minded.

Mission format

Each lab usually contains:

• task.md
• solution.yaml
• commands.sh
• notes.md

Workflow philosophy

• Write manifests by hand
• Try solving the lab before looking at any solution
• Verify everything with kubectl
• Keep the exact commands you used
• Document mistakes, fixes, and lessons learned
• Commit each lab separately

Commit convention

Examples:

• feat(pods): lab-001 pod basics
• feat(deployments): lab-014 blue-green
• fix(networkpolicy): correct ingress rule
• docs(storage): improve notes for pvc binding

Topic index

Topic	Folder
Pods	01-pods
Deployments	02-deployments
ConfigMaps + Secrets	03-configmaps-secrets
Storage	04-storage
Services + Ingress	05-services-ingress
NetworkPolicy	06-networkpolicy
RBAC + Security	07-rbac-security
HPA + KEDA + Autoscaling	08-hpa-keda-autoscaling
Helm	09-helm
Scheduling	10-scheduling
Observability	11-observability
Jobs + CronJobs	12-jobs-cronjobs
Debugging	13-debugging
Real-World Apps	14-realworld-apps
CKA Sprint	15-cka-sprint

---

Lab index

Lab titles keep the original wording and source attribution.
Folder names stay short, stable, and GitHub-friendly.

01 — Pods

Folder: 01-pods

• Lab 001 — Pod basics — manifest, exec, logs, delete (KodeKloud Free)
• Lab 002 — Liveness + Readiness + Startup probes (Killercoda omkar)
• Lab 003 — QoS Classes — Guaranteed / Burstable / BestEffort (Killercoda omkar)
• Lab 004 — Resource limits + OOMKill — exit code 137 (Killercoda omkar)
• Lab 005 — Init containers — sequential, wait-for-service (Killercoda omkar)
• Lab 006 — Sidecar containers — shared emptyDir log pattern (Killercoda omkar)
• Lab 007 — Security context — runAsNonRoot + readOnly + capabilities (Killercoda omkar)
• Lab 008 — Environment variables — inject into pod (KodeKloud Engineer)
• Lab 009 — CKA Challenge 14 — Pod deployment timed (Killercoda CKA)
• Lab 010 — SadServers Buenos Aires — CrashLoop + RBAC debug (SadServers)

02 — Deployments

Folder: 02-deployments

• Lab 011 — Deployment basics — scale, labels, matchLabels (KodeKloud Free)
• Lab 012 — Rolling update — maxSurge + maxUnavailable deep (KodeKloud Free)
• Lab 013 — Pause + resume rollout — verify 50/50 in-flight (Killercoda omkar)
• Lab 014 — Blue-Green — zero-downtime service selector swap (Killercoda omkar)
• Lab 015 — Canary — 20% weighted traffic split (Killercoda omkar)
• Lab 016 — Update Deployment in-place — image + rollout history (Killercoda omkar)
• Lab 017 — Rollout rollback — undo to specific revision (Killercoda omkar)
• Lab 018 — Troubleshoot broken Deployment (KodeKloud Engineer)
• Lab 019 — CKA Challenge 07 — Deployment troubleshooting (Killercoda CKA)
• Lab 020 — CKA Challenge 15 — Rollout and Rollback (Killercoda CKA)

03 — ConfigMaps + Secrets

Folder: 03-configmaps-secrets

• Lab 021 — ConfigMap as env vars — inject + verify printenv (Killercoda omkar)
• Lab 022 — ConfigMap as volume — mount file, exec, cat (Killercoda omkar)
• Lab 023 — Secrets — create, base64 decode, inject as env (Killercoda omkar)
• Lab 024 — Secrets — same secret as env var AND volume mount (Killercoda omkar)
• Lab 025 — LimitRange — default requests auto-applied to pods (Killercoda omkar)
• Lab 026 — ResourceQuota — 5th pod rejected, fix deployment (Killercoda omkar)
• Lab 027 — Manage Secrets opaque type (KodeKloud Engineer)
• Lab 028 — CKA Challenge 10 — ConfigMap + Deployment troubleshoot (Killercoda CKA)

04 — Storage

Folder: 04-storage

• Lab 029 — PV + PVC + Deployment — file persists after pod delete (Killercoda omkar)
• Lab 030 — StatefulSet MySQL + PVC — stable name + data (KodeKloud Engineer)
• Lab 031 — CKA Challenge 01 — Persistent Volume spec (Killercoda CKA)
• Lab 032 — CKA Challenge 06 — StorageClass + dynamic PVC (Killercoda CKA)
• Lab 033 — CKA Challenge 13 — PVC stuck Pending (Killercoda CKA)
• Lab 034 — SadServers Bengaluru — StatefulSet not rescheduling (SadServers)

05 — Services + Ingress

Folder: 05-services-ingress

• Lab 035 — Services KK Free — ClusterIP + NodePort + endpoints (KodeKloud Free)
• Lab 036 — ClusterIP — curl by DNS name, watch endpoints live (Killercoda omkar)
• Lab 037 — Fix selector mismatch — endpoints show none (Killercoda omkar)
• Lab 038 — Headless Service + StatefulSet DNS resolution (kind cluster)
• Lab 039 — Ingress path routing — /app1 /app2 to different services (Killercoda omkar)
• Lab 040 — Ingress multi-path /api /video (Killercoda omkar)
• Lab 041 — TLS Ingress — self-signed cert + curl -k https (Killercoda omkar)
• Lab 042 — Fix Ingress 404 — broken pathType + service ref (Killercoda omkar)
• Lab 043 — CKA Challenge 03 — Service creation (Killercoda CKA)
• Lab 044 — CKA Challenge 12 — Ingress (Killercoda CKA)
• Lab 045 — SadServers Bilbao — Nginx + LoadBalancer broken (SadServers)

06 — NetworkPolicy

Folder: 06-networkpolicy

• Lab 046 — Default-deny all + selective allow backend (Killercoda omkar)
• Lab 047 — Cross-namespace NP — AND vs OR selector logic (Killercoda omkar)
• Lab 048 — Egress NP — block all except port 5432 + DNS 53 (Killercoda omkar)
• Lab 049 — Bidirectional NP — ingress + egress simultaneously (Killercoda omkar)
• Lab 050 — Fix NP misconfiguration — app stops responding (Killercoda omkar)
• Lab 051 — CKA Challenge 11 — NetworkPolicy troubleshoot (Killercoda CKA)
• Lab 052 — CKA Challenge 18 — NetworkPolicy creation (Killercoda CKA)

07 — RBAC + Security

Folder: 07-rbac-security

• Lab 053 — Role + RoleBinding — least privilege pod viewer (Killercoda omkar)
• Lab 054 — ClusterRole + ClusterRoleBinding — cluster-wide read (Killercoda omkar)
• Lab 055 — ServiceAccount — token decode, automount disable (Killercoda omkar)
• Lab 056 — RBAC Fix — pod can't call API, find + fix (Killercoda omkar)
• Lab 057 — Fix RBAC pod — pod fails due to SA permissions (Killercoda omkar)
• Lab 058 — Fix ServiceAccount — Payment API can't authenticate (Killercoda omkar)
• Lab 059 — Pod Security — runAsNonRoot + readOnly + emptyDir (Killercoda omkar)
• Lab 060 — CKA Challenge 05 — ServiceAccount + RBAC (Killercoda CKA)
• Lab 061 — CKA Challenge 20 — RBAC can-i verification (Killercoda CKA)

08 — HPA + KEDA + Autoscaling

Folder: 08-hpa-keda-autoscaling

• Lab 062 — HPA — scale under CPU load (CKA Challenge 22)
• Lab 063 — HPA — remove requests → unknown metric (kind cluster)
• Lab 064 — KEDA — scale-to-zero Redis queue (kind cluster)
• Lab 065 — PDB — minAvailable drain protection (kind cluster)
• Lab 066 — SadServers Kilifi — resource misallocation (SadServers)

09 — Helm

Folder: 09-helm

• Lab 067 — Helm operations — install, upgrade, rollback, lint (Killercoda omkar)
• Lab 068 — Helm install Redis — CKA Challenge 21 (Killercoda CKA)
• Lab 069 — Write Helm chart from scratch — no helm create (kind cluster)
• Lab 070 — _helpers.tpl — named template for common labels (kind cluster)
• Lab 071 — Dev vs Prod values — same chart, 2 values files (kind cluster)

10 — Scheduling

Folder: 10-scheduling

• Lab 072 — Taint + Toleration — Pending then schedules (kind cluster)
• Lab 073 — nodeSelector — pod only on labeled node (kind cluster)
• Lab 074 — Node Affinity required — zone-a/b, test zone-c Pending (kind cluster)
• Lab 075 — Pod Anti-Affinity — 3 replicas spread across nodes (kind cluster)
• Lab 076 — CKA Challenge 02 — Drain + cordon + uncordon (Killercoda CKA)
• Lab 077 — CKA Challenge 16 — Node troubleshooting (Killercoda CKA)

10 — Jobs + CronJobs

Folder: 12-jobs-cronjobs

• Lab 078 — Job — parallelism:3 completions:6, watch concurrent pods (Killercoda omkar)
• Lab 079 — CronJob basics — schedule + verify execution (Killercoda omkar)
• Lab 080 — CronJob data pipeline — retry + deadline (Killercoda omkar)
• Lab 081 — Countdown Job completions + backoffLimit (KodeKloud Engineer)
• Lab 082 — Create CronJobs with exact schedule (KodeKloud Engineer)

11 — Observability

Folder: 11-observability

• Lab 083 — Deploy kube-prometheus-stack + explore (kind cluster)
• Lab 084 — PromQL — 5 queries from scratch (kind cluster)
• Lab 085 — Grafana dashboard — 4 panels from scratch, no import (kind cluster)
• Lab 086 — Alertmanager — PodCrashLooping + HighErrorRate → Slack (kind cluster)
• Lab 087 — Loki + Promtail — LogQL for ERROR logs last 1h (kind cluster)
• Lab 088 — SadServers — Prometheus scrape debug (SadServers)

12 — Debugging

Folder: 13-debugging

• Lab 089 — CrashLoopBackOff — systematic diagnosis (Killercoda)
• Lab 090 — OOMKilled — exit 137, Last State, fix (Killercoda)
• Lab 091 — ImagePullBackOff — wrong name, missing pull secret (Killercoda)
• Lab 092 — Service empty endpoints — selector mismatch (Killercoda)
• Lab 093 — Pending pod — resources + taint mismatch (Killercoda)
• Lab 094 — Ingress 404 — controller missing, wrong pathType (Killercoda)
• Lab 095 — SadServers Singara — k3s web app NodePort debug (SadServers)
• Lab 096 — Chaos 1 — OOMKill: diagnose fast (kind cluster)
• Lab 097 — Chaos 2 — CrashLoopBackOff: fix quickly (kind cluster)
• Lab 098 — Chaos 3 — NetworkPolicy suddenly blocks app (kind cluster)

13 — Real-World Apps

Folder: 14-realworld-apps

• Lab 099 — Nginx Web Server — Pod + NodePort + curl verify (KodeKloud Engineer)
• Lab 100 — MySQL StatefulSet — PVC + headless + data persistence (KodeKloud Engineer)
• Lab 101 — Redis Deployment — ClusterIP + env config (KodeKloud Engineer)
• Lab 102 — Jenkins — Deployment + NodePort + PVC (KodeKloud Engineer)
• Lab 103 — Grafana — Deployment + Service + PVC (KodeKloud Engineer)
• Lab 104 — Nginx + PhpFpm — 2 containers + shared volume (KodeKloud Engineer)
• Lab 105 — Node App — specific image + port + NodePort (KodeKloud Engineer)
• Lab 106 — Guestbook App — 3 Deployments + 3 Services (KodeKloud Engineer)
• Lab 107 — LAMP Stack — Apache + MySQL + PHP (KodeKloud Engineer)
• Lab 108 — Drupal + MySQL — 2 Deployments + PVC (KodeKloud Engineer)
• Lab 109 — Troubleshoot Nginx+PhpFpm broken (KodeKloud Engineer)
• Lab 110 — Fix PhpFpm broken config (KodeKloud Engineer)

14 — CKA Sprint

Folder: 15-cka-sprint

• Lab 111 — CKA Challenge 04 — ETCD Backup + Restore (Killercoda CKA)
• Lab 112 — CKA Challenge 08 — Kubernetes cluster upgrade (Killercoda CKA)
• Lab 113 — CKA Challenge 09 — Deployment scaling + update (Killercoda CKA)
• Lab 114 — CKA Challenge 17 — Service troubleshooting (Killercoda CKA)
• Lab 115 — CKA Challenge 14 redo (Killercoda CKA)
• Lab 116 — CKA Challenge 05 redo (Killercoda CKA)
• Lab 117 — CKA Challenge 11 redo (Killercoda CKA)
• Lab 118 — CKA Challenge 12 redo (Killercoda CKA)
• Lab 119 — CKA Mock Practice — full run (Killercoda)
• Lab 120 — SadServers Tigoni — StatefulSet Helm upgrade v1→v2 (SadServers)

---

How each lab folder is expected to look

lab-xxx-name/
├── task.md
├── solution.yaml
├── commands.sh
└── notes.md

How to work through a lab

1. Read the task carefully
2. Solve it manually first
3. Verify it with kubectl
4. Save the final manifest
5. Save the exact commands used
6. Write short notes about what worked, what failed, and what was fixed
7. Commit the lab

Playgrounds

• Killercoda Playground
• Killercoda CKA
• Killercoda omkar scenarios
• KodeKloud Playground
• SadServers Kubernetes

Other

• SadServers Kubernetes
• local kind cluster for custom practice

Notes

• Display names preserve the original lab wording and source names.
• Folder names are normalized for readability and consistency.
• This repository can grow lab by lab without needing to rewrite the main structure.

Roadmap

See ROADMAP.md

---