Free Online Course · Self-paced

Kubernetes Operator Tutorial - Build Production-Ready Operators

Free Kubernetes Operator course with hands-on lessons from core concepts through production Go, Helm, and hybrid operators—plus observability, security, CI/CD, and OLM packaging. Built on controller-runtime, Kubebuilder, and Operator SDK; examples run on kind or Minikube. Use the syllabus below or the series sidebar to jump to any topic.

  • 45 parts
  • ~666 min total
  • Intermediate to Advanced
  • Updated Jun 2026
Reviewed Deepak Prasad
Start the course View syllabus
Kubernetes Operator Tutorial - Build Production-Ready Operators
By Last updated

This Kubernetes Operator tutorial takes you from the reconcile loop and Custom Resource Definitions all the way to production-grade Go, Helm, and hybrid operators with testing, admission webhooks, Prometheus metrics, upgrades, and packaging. Across 45 lessons in 15 chapters, every example is built on the standard stack — controller-runtime, kubebuilder, and Operator SDK — and tested on real kind and Minikube clusters.

The syllabus below matches the left sidebar on every lesson in this series: foundations, CRDs and API evolution, admission and controller internals, reconciliation and apply patterns, day-two operations (troubleshooting, health, metrics, tracing), security, configuration, Go and Helm operator tracks, CI/CD, OLM, and hybrid workflows. Open any section that matches the work you have in front of you—lessons are written to stand alone when you already meet their prerequisites.

If you are new to Operators, follow the syllabus from the top. If you already know the basics, skip straight to the topic you need.

Click Start the course to begin with "What is a Kubernetes Operator?", or use the syllabus to open any lesson directly.

What you'll learn

  • Understand the Operator pattern end-to-end - reconcile loop, CRDs, design patterns, maturity model
  • Write CRDs with OpenAPI v3 validation, CEL rules, status subresource, conversion webhooks, and admission webhooks
  • Implement controllers with controller-runtime - watches, predicates, finalizers, owner references, SSA
  • Apply production patterns - RBAC scoping, leader election, multi-tenancy, Prometheus metrics, health probes
  • Build a Go-based Operator end to end with testing, packaging, upgrades, and troubleshooting
  • Choose between Helm-based, Go-based, and hybrid Operator approaches with full working examples
  • Package and ship to OperatorHub with an OLM bundle that targets a clear capability level
  • Plan brownfield cutover from plain Helm to a Helm-based operator without duplicate releases
  • Add OpenTelemetry tracing for reconcile paths without tracing every cache read
  • Use CEL in CRDs for cross-field, immutability, and transition rules without webhooks
  • Tune controller-runtime concurrency, REST QPS, cache reads, and predicates for large clusters
  • Harden operator Deployments with pod security, NetworkPolicy egress, and image digest pinning
  • Structure reconciler unit tests with Ginkgo, Gomega, and the fake client before envtest or kind

Prerequisites

  • Comfortable with Kubernetes basics - pods, deployments, services, kubectl, YAML
  • A workstation that can run kind / Minikube (8 GB RAM minimum, 16 GB recommended)
  • Working knowledge of Go (for the controller-runtime and Operator SDK chapters)
  • Familiarity with Helm (for the Helm-based and hybrid Operator chapters)

Syllabus

15 chapters · 45 lessons · ~666 min of reading

  1. 1 Operator Foundations 6 lessons
    1. Part 1 What is a Kubernetes Operator? 12 min read
    2. Part 2 Kubernetes Operator vs Controller vs CRD 10 min read
    3. Part 3 Desired state vs actual state (level-triggered model) 11 min read
    4. Part 4 The Kubernetes reconcile loop explained 15 min read
    5. Part 5 Operator design patterns - Singleton, Capability, Lifecycle, Auto-Pilot 16 min read
    6. Part 6 Operator capability levels I-V (maturity model) 16 min read
  2. 2 CRDs & API evolution 3 lessons
    1. Part 7 Kubernetes CRDs explained - a complete guide 13 min read
    2. Part 8 CEL validation in CRDs - practical rules for operator APIs 8 min read
    3. Part 9 CRD version upgrades and conversion webhooks 17 min read
  3. 3 Admission webhooks 1 lesson
    1. Part 10 Mutating and validating admission webhooks 18 min read
  4. 4 controller-runtime Internals 7 lessons
    1. Part 11 controller-runtime architecture - Manager, Cache, Informer, Workqueue 12 min read
    2. Part 12 Performance tuning - concurrency, client QPS, cache, predicates, APF 8 min read
    3. Part 13 Watches, events, and predicates 14 min read
    4. Part 14 Requeue, RequeueAfter, and error handling in controller-runtime 10 min read
    5. Part 15 Status subresource and conditions (KEP-1623) 18 min read
    6. Part 16 Finalizers - two-phase deletion and cleanup 18 min read
    7. Part 17 Owner references and garbage collection 13 min read
  5. 5 Reconciliation & apply 5 lessons
    1. Part 18 Multi-resource reconciliation - managing N child resources per CR 18 min read
    2. Part 19 Drift detection patterns - periodic resync vs spec diffing 14 min read
    3. Part 20 Server-Side Apply (SSA) in Kubernetes operators 24 min read
    4. Part 21 Avoid reconcile loop explosions - predicates, Owns, RequeueAfter 13 min read
    5. Part 22 Pause and resume patterns - spec, annotations, GitOps 8 min read
  6. 6 Troubleshooting 1 lesson
    1. Part 23 Debugging Operators - kubectl, logs, webhooks, SSA 14 min read
  7. 7 HA, health & metrics 4 lessons
    1. Part 24 Leader election - HA operators with lease locks 15 min read
    2. Part 25 Health and readiness probes (/healthz, /readyz) 16 min read
    3. Part 26 Prometheus metrics for operators 14 min read
    4. Part 27 OpenTelemetry tracing for controller-runtime operators 11 min read
  8. 8 Security & multi-tenancy 3 lessons
    1. Part 28 Operator RBAC - ClusterRole, kubebuilder markers, audit 14 min read
    2. Part 29 Hardening beyond RBAC - pod security, NetworkPolicy, supply chain 5 min read
    3. Part 30 Multi-tenant Operator patterns - per-namespace leases and listers 15 min read
  9. 9 Setup 1 lesson
    1. Part 31 Install Operator-SDK on Linux (Go, kubectl, Helm 4, kind, ttl.sh) 15 min read
  10. 10 Configuration 1 lesson
    1. Part 32 Configuration - flags, env vars, ConfigMap/Secret, live reload 7 min read
  11. 11 Go-Based Operators 4 lessons
    1. Part 33 Go Kubernetes Operator SDK tutorial - build a controller from scratch 16 min read
    2. Part 34 controller-runtime tutorial - status, finalizers, drift, webhooks 19 min read
    3. Part 35 Testing Kubernetes Operators with envtest, fake client, and kind 17 min read
    4. Part 36 Unit testing Reconcile with Ginkgo and Gomega - structure and assertions 8 min read
  12. 12 CI/CD 2 lessons
    1. Part 37 CI/CD with GitHub Actions - fmt, test, envtest, image, bundle 15 min read
    2. Part 38 Release pipeline - tag, image, staging smoke test, promotion, rollback 11 min read
  13. 13 OLM & OperatorHub 1 lesson
    1. Part 39 OLM bundles - package, ship, list on OperatorHub 11 min read
  14. 14 Helm-Based Operators 4 lessons
    1. Part 40 Helm-based Operator Part 1 - chart, CRD, watches.yaml 31 min read
    2. Part 41 Helm-based Operator Part 2 - lifecycle, drift, hooks, scope 30 min read
    3. Part 42 Migrate a Helm chart to a Helm-based operator - values, cutover, risks 8 min read
    4. Part 43 Helm-based Operator vs Flux vs Argo CD 10 min read
  15. 15 Hybrid Helm + Go Operators 2 lessons
    1. Part 44 Hybrid Operator Part 1 - build the foundation (Go + Helm v4 SDK) 34 min read
    2. Part 45 Hybrid Operator Part 2 - custom status, finalizer, drift, cross-CR 24 min read
Deepak Prasad

R&D Engineer

Founder of GoLinuxCloud with more than 15 years of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive …