Domain
Cloud & Infrastructure
Skill Profile
Kubernetes Advanced
HPA, Ingress, RBAC, Network Policies, Operators, Custom Resources
Cloud & Infrastructure
Kubernetes & Orchestration
Roles
7
where this skill appears
Levels
5
structured growth path
Mandatory requirements
25
the other 10 optional
Group
Kubernetes & Orchestration
Last updated
3/17/2026
How to Use
Choose your current level and compare expectations. The items below show what to cover to advance to the next level.
What is Expected at Each Level
The table shows how skill depth grows from Junior to Principal. Click a row to see details.
| Role | Required | Description |
|---|---|---|
| Cloud Engineer | Required | Understands Kubernetes resource types (Deployments, Services, ConfigMaps). Uses kubectl to inspect pod status, view logs, and apply existing manifests in cloud environments. |
| DevOps Engineer | Understands advanced Kubernetes concepts: CustomResourceDefinitions, operators, admission webhooks. Studies cluster architecture (etcd, API server, scheduler, controller manager). Works with kubectl for problem diagnostics under senior engineer guidance. | |
| DevSecOps Engineer | Studies advanced Kubernetes concepts: Custom Resources, Operators, admission webhooks. Configures Pod Disruption Budgets and Priority Classes. Applies Horizontal Pod Autoscaler. Uses kubectl debug for pod troubleshooting. Understands etcd and control plane principles. | |
| Infrastructure Engineer | Understands core Kubernetes concepts: pods, nodes, namespaces, and labels. Performs basic cluster operations like scaling replicas and restarting deployments under guidance. | |
| MLOps Engineer | Understands basic Kubernetes Advanced concepts. Uses ready-made configurations. Performs simple operations under senior guidance. | |
| Platform Engineer | Required | Works with namespaces and RBAC for team isolation on the platform. Configures ResourceQuotas and LimitRanges for tenants. Understands Ingress controllers and network policies. Uses kubectl for diagnosing cluster problems. |
| Site Reliability Engineer (SRE) | Works with Kubernetes for SRE: kubectl for diagnostics, pod logs, describe for troubleshooting. Understands deployments, services, configmaps. Follows runbooks during incidents. |
| Role | Required | Description |
|---|---|---|
| Cloud Engineer | Required | Configures Kubernetes RBAC, network policies, and Ingress controllers for multi-tenant cloud environments. Writes Helm charts and manages cluster upgrades with zero-downtime strategies. |
| DevOps Engineer | Configures advanced Kubernetes features: HPA/VPA for autoscaling, PodDisruptionBudget, affinity/anti-affinity rules. Manages RBAC policies, configures NetworkPolicy for namespace isolation. Deploys and manages operators (cert-manager, external-dns). | |
| DevSecOps Engineer | Develops Kubernetes Operators with Operator SDK for operations automation. Configures admission webhooks (validating/mutating) for security policy enforcement. Introduces Vertical Pod Autoscaler and KEDA for event-driven scaling. Manages Custom Resources for extending cluster API. | |
| Infrastructure Engineer | Manages Kubernetes clusters with custom resource definitions and operators. Configures persistent storage, resource quotas, and horizontal pod autoscaling for production workloads. | |
| MLOps Engineer | Independently configures and manages Kubernetes Advanced. Writes IaC for typical tasks. Understands networking and security basics. | |
| Platform Engineer | Required | Creates Custom Resource Definitions (CRDs) for automating platform processes. Configures Pod Security Standards and Network Policies for multi-tenant clusters. Manages stateful applications through operators (etcd, PostgreSQL). Optimizes scheduler and affinity rules. |
| Site Reliability Engineer (SRE) | Administers Kubernetes: RBAC, network policies, resource quotas. Configures HPA/VPA for autoscaling. Diagnoses complex issues: CrashLoopBackOff, evictions, networking issues. |
| Role | Required | Description |
|---|---|---|
| Cloud Engineer | Required | Designs infrastructure solutions with Kubernetes Advanced. Optimizes cost and performance. Introduces best practices and security hardening. |
| DevOps Engineer | Required | Designs production cluster architecture: multi-tenancy through namespaces and RBAC, service mesh (Istio/Linkerd), custom controllers. Configures cluster autoscaler, optimizes resources through VPA and Goldilocks. Implements GitOps for cluster management. |
| DevSecOps Engineer | Required | Designs multi-cluster Kubernetes platform with federation. Introduces service mesh (Istio/Linkerd) with mTLS and traffic management. Develops custom controllers for security workflow automation. Configures cluster autoscaling considering security zones. Optimizes etcd performance and backup. |
| Infrastructure Engineer | Required | Designs infrastructure solutions with Kubernetes Advanced. Optimizes cost and performance. Implements best practices and security hardening. |
| MLOps Engineer | Required | Architects infrastructure solutions with Kubernetes Advanced. Optimizes cost and performance. Implements best practices and security hardening. |
| Platform Engineer | Required | Develops Kubernetes operators for IDP automation (Operator SDK/kubebuilder). Designs multi-tenant architecture with virtual clusters (vCluster). Implements advanced networking (Cilium, eBPF). Creates admission webhooks for platform policy enforcement. |
| Site Reliability Engineer (SRE) | Required | Designs Kubernetes reliability: pod disruption budgets, topology spread constraints, custom operators for automation. Configures multi-zone deployment, graceful shutdown. Optimizes cluster performance. |
| Role | Required | Description |
|---|---|---|
| Cloud Engineer | Required | Defines multi-cluster Kubernetes strategy across cloud providers. Establishes GitOps workflows with ArgoCD/Flux, implements service mesh policies, and optimizes cluster costs with FinOps practices. |
| DevOps Engineer | Required | Defines organizational Kubernetes platform architecture: cluster standards, multi-cluster management (Rancher/Tanzu), federation. Designs platform engineering layer: Kubernetes abstractions for developers, CIS benchmark security standards. |
| DevSecOps Engineer | Required | Defines Kubernetes platform architecture for the organization. Manages platform engineering team. Builds Internal Developer Platform (IDP) with self-service and guardrails. Introduces GitOps with ArgoCD/Flux for all environments. Defines multi-tenancy standards and resource quotas. |
| Infrastructure Engineer | Required | Defines Kubernetes platform strategy including cluster provisioning automation, security hardening standards, and disaster recovery procedures. Conducts architecture reviews for workload placement and resource optimization. |
| MLOps Engineer | Required | Defines infrastructure strategy with Kubernetes Advanced. Establishes IaC standards. Conducts architecture reviews. Optimizes FinOps. |
| Platform Engineer | Required | Defines multi-cluster Kubernetes strategy for organization: federation, fleet management (Rancher/Tanzu). Leads platform API development through CRDs and controllers. Designs cluster lifecycle management with automatic upgrades and disaster recovery. |
| Site Reliability Engineer (SRE) | Required | Defines K8s standards: cluster configuration baselines, security hardening, upgrade procedures. Implements policy engines (Kyverno/OPA Gatekeeper). Coordinates cluster lifecycle management. |
| Role | Required | Description |
|---|---|---|
| Cloud Engineer | Required | Shapes Kubernetes platform evolution strategy: multi-cluster federation, service mesh (Istio/Linkerd), GitOps through ArgoCD/Flux. Designs custom operators, admission webhooks, scheduler extensions. Defines multi-tenancy architecture and resource governance. |
| DevOps Engineer | Required | Develops organizational container orchestration strategy: multi-cloud Kubernetes clusters, service mesh architecture, platform engineering vision. Defines platform evolution from Kubernetes to Internal Developer Platform, mentors platform engineering teams. |
| DevSecOps Engineer | Required | Architecturally designs enterprise Kubernetes platform: multi-cluster, multi-region, multi-cloud. Defines Platform Engineering strategy for the organization. Develops reference architecture for secure container platform. Influences investment in platform tools and teams. |
| Infrastructure Engineer | Required | Defines advanced Kubernetes pattern architecture for the organization: custom operators with controller-runtime, CRD design for internal abstractions, multi-cluster federation through Liqo or Admiralty. Designs Kubernetes extension strategy through admission webhooks, scheduler extenders and custom CNI plugins. |
| MLOps Engineer | Required | Defines the strategy for advanced Kubernetes capabilities in the MLOps platform: custom operators for ML model lifecycle management, CRDs for describing training pipelines. Designs GPU scheduling architecture with device plugins, configures topology-aware scheduling for distributed training, and defines autoscaling policies for inference based on GPU utilization. |
| Platform Engineer | Required | Shapes architectural strategy for Kubernetes platform: edge computing, serverless on K8s (Knative), WebAssembly workloads. Influences upstream Kubernetes through KEPs and community contributions. Defines 3-5 year roadmap for organizational container platform evolution. |
| Site Reliability Engineer (SRE) | Required | Designs Kubernetes platform: multi-cluster management (fleet), federation, cluster-as-a-service. Defines K8s evolution strategy: version upgrades, feature adoption, vendor evaluation. |
Loading comments...
Sign In to join the discussion