L09 — Advanced
How Kubernetes is built, and how to extend it. After this level, the platform stops being a black box — you understand what runs in your cluster, why, and how to write your own controllers if you need to.
What you’ll understand after this level
- The controller pattern in depth — informers, work queues, the reconcile loop
- Custom Resources (CRDs) — extending the Kubernetes API with your own object types
- Operators — controllers that manage CRs and encode operational knowledge
- Finalizers — async cleanup hooks for objects that own external resources
- Garbage collection — owner references, cascading deletion, orphan/background policies
- Admission controllers and webhooks — reject / mutate objects at admission time
- The pause container — what
/pausedoes and why every pod has one - IPVS vs iptables for kube-proxy
- The aggregation layer — running auxiliary API servers alongside the core one
- etcd’s role, and what
etcdctldoes - Scheduler extenders — when built-in scheduling primitives aren’t enough
Notes in this level
| Note | Status | What’s in it |
|---|---|---|
| Operators | 🟡 | |
| Custom Controllers | ⚪ | |
| CRDs | ✅ | |
| Admission Controllers & Webhooks | ✅ | |
| Finalizers | ✅ | |
| Garbage Collection | 🟡 | |
| Aggregation Layer | ✅ | |
| IPVS | ✅ | |
| Pause Container | 🟡 | |
| etcd | ✅ | |
| Scheduler Extenders | ✅ |
Suggested reading order
- Operators — what you’re aiming to understand
- CRDs — the API extension mechanism
- Garbage Collection → Finalizers — controller patterns you’ll see everywhere
- Admission Controllers & Webhooks — the other half of “policy”
- Custom Controllers — write your own reconcile loop
- etcd — the storage layer, when you need to operate the cluster
- Aggregation Layer + Scheduler Extenders — advanced extension points
- Pause Container + IPVS — reference notes, read as you need them
Where to go next
If you’ve made it from L00 to L09, you have the same conceptual model the Kubernetes docs and source code use. From here, the natural next stops are: