What's the difference between Docker and Kubernetes and when is each relevant?

Docker is container technology (build & run OCI images) relevant for local dev & node-level. Kubernetes is an orchestration platform running containers across many nodes, managing scaling, networking, storage, and resilience. Modern production teams use both: Docker to build images, Kubernetes to run them at scale. The material covers both from fundamentals to production.

Does the training prepare participants for CNCF certifications (CKAD/CKA)?

Material is aligned with CKAD (developer) and CKA (administrator) blueprints. Our primary focus is enterprise application; single-test prep is a secondary outcome, and participants pursuing certification get a strong foundation plus additional learning paths. CKS (security) is covered conceptually; specific exam prep is available as an add-on module.

How do we migrate from Pod Security Policies, removed in v1.25?

Pod Security Policies (PSP) were removed in Kubernetes v1.25. The replacement is Pod Security Standards (PSS): Privileged, Baseline, Restricted. The module teaches migration: workload identification, mapping old PSP to PSS, adding appropriate securityContext (runAsNonRoot, readOnlyRootFilesystem, seccomp, capability drops), and enforcement via Pod Security admission. For deeper control, we teach OPA Gatekeeper or Kyverno.

When does a service mesh (Istio / Linkerd) make sense vs over-engineering?

Service mesh helps when the team needs automatic cross-service mTLS, canary traffic shifting, cross-service policy, or mesh-level observability. It becomes over-engineering when services are few, team is small, and mTLS needs can be met at app/ingress level. The module gives concrete adoption criteria based on scale & need, treating default install as a separate decision.

How does the module teach supply-chain security?

The module covers image hygiene (multi-stage build, distroless base), scanning (Trivy/Grype), SBOM (CycloneDX/SPDX), image signing with cosign (Sigstore), and admission policy that rejects unsigned images or those from untrusted registries. Approach maps to SLSA principles and NIST SP 800-204C recommendations.

Is GitOps (ArgoCD) required or optional?

GitOps is not a technical requirement, but a modern production practice. Benefits: change trail auditable, easy rollback, environment drift detected, and PR-based review becomes the production gate. We recommend GitOps adoption from the start for teams wanting sustainable production posture. The material covers ArgoCD because it's the most mature in CNCF, but the same patterns apply to Flux.

How do we manage K8s cluster cost (Kubernetes FinOps)?

The Kubernetes FinOps module covers OpenCost for cost allocation per namespace/workload, node group strategy (mixed instance + spot), request/limit rightsizing based on observability data, autoscaler (HPA + Cluster Autoscaler / Karpenter), and common anti-patterns (request/limit too high, log retention without lifecycle, multi-AZ without egress cost consideration).

Can the material adapt to specific distributions (EKS / AKS / GKE / on-prem)?

Yes. The vanilla Kubernetes core material applies universally; distribution modules cover unique features (EKS Fargate, AKS Pod Identity, GKE Autopilot, OpenShift if on-prem). TNA determines the most relevant distribution focus for your team.

How does this program measure impact on delivery & production?

We use Kirkpatrick: Level 1 (reaction), Level 2 (knowledge via assessment), Level 3 (behavior — applied manifests, GitOps, hardening), Level 4 (results — release frequency, MTTR, PSS compliance, kube-bench results). Phillips ROI Level 5 on finance request with isolated training effect. Baseline is set during TNA.

What's the ideal program duration and effective batch size?

A 4–5 day bootcamp covers fundamentals + core labs. For deeper transformation, we recommend a 2–3 month phased program: bootcamp → GitOps → PSS/CIS hardening → observability. Ideal batch size is 10–20 participants so everyone gets facilitator access and lab time; larger batches are split so labs stay effective.

Digital & AI Upskilling

Kubernetes for Engineering Teams

Equip your engineering team to run containers at production scale with Docker, Kubernetes v1.30+, Helm, and ArgoCD — guided by the CIS Kubernetes Benchmark, Pod Security Standards, and NIST SP 800-204C so delivery is fast, costs are efficient, and security posture is sustainable.

format: In-house / online / hybrid
duration: 4–5 intensive days or 2–3 month phased program
participants: 10–20 per cohort
language: Indonesian / English

Quick Answer

Corporate Kubernetes training for engineering teams is an in-house program equipping developers, SREs, and platform engineers to run containers in production — Docker, Kubernetes v1.30+, Helm, ArgoCD, observability — guided by the CIS Kubernetes Benchmark, Pod Security Standards, and NIST SP 800-204C, and aligned with CNCF CKAD/CKA competencies.

Free Consultation

Pod Security Policies were removed in Kubernetes v1.25

The replacement is Pod Security Standards (Privileged/Baseline/Restricted). Teams still relying on PSP must migrate — a dedicated module guides workload identification, PSS mapping, and enforcement via Pod Security admission or Gatekeeper/Kyverno.

Aligned with CNCF CKAD/CKA competencies

The curriculum aligns with Certified Kubernetes Application Developer (CKAD) and Certified Kubernetes Administrator (CKA) blueprints. Primary focus remains enterprise application (production, hardening, FinOps), but participants pursuing certification get a strong foundation.

Healthy adoption pattern: paved-road > each team rediscovering

Successful K8s adoption across many teams typically rests on a paved-road curated by the platform team: library charts, ArgoCD ApplicationSets, policy as code (Gatekeeper/Kyverno). Without paved-road, posture goes uneven and cluster costs explode. The module teaches this pattern explicitly.

Kubernetes & Container Orchestration (Engineering Teams)

Corporate Kubernetes training for engineering teams is an in-house program equipping developers, SREs, and platform engineers to run container workloads in production — from Docker fundamentals, Kubernetes v1.30+ manifests, Helm, GitOps via ArgoCD, to observability and hardening — mapped to the CIS Kubernetes Benchmark, Pod Security Standards (Restricted/Baseline/Privileged), NIST SP 800-204C for microservices security, and aligned with the CKAD/CKA certification competencies from CNCF.

1Designed via training needs analysis (TNA): roles (developer/SRE/platform/security), distribution choice (EKS/AKS/GKE/on-prem), and adoption stage

2Grounded in official Kubernetes v1.30+ (deprecations include Pod Security Policies, removed in v1.25, replaced by Pod Security Standards)

3Hands-on with CNCF tooling: kubectl, Helm, ArgoCD, Prometheus + Grafana, OpenTelemetry, cert-manager

4Hardening mapped to the CIS Kubernetes Benchmark and Pod Security Standards (PSS): Baseline & Restricted

5Microservices security follows NIST SP 800-204C and the OWASP Kubernetes Security Cheat Sheet

6Aligned with CNCF certification competencies: CKAD (developer), CKA (administrator), optionally CKS (security)

Measurable Outcomes

Expected Outcomes

Indicators mapped to Kirkpatrick levels and CKAD/CKA competencies — qualitative targets, set during TNA against your team baseline.

K8s fundamentals (Kirkpatrick L2 — Learning): Most participants pass manifest assessment (Deployment/Service/Ingress/ConfigMap/Secret), basic networking, and kubectl
GitOps deployment (L3 — Behavior): Participants build a Helm chart + ArgoCD pipeline for one internal app, with auditable rollback
Pod Security Standards (L3 — Behavior): Team workloads migrated to PSS Baseline or Restricted, with configuration docs (runAsNonRoot, readOnlyRootFilesystem, seccomp, drop capabilities)
CIS Kubernetes Benchmark hardening: Priority CIS K8s controls applied in lab cluster (control plane, kubelet, RBAC, networking)
Production observability: Team has initial SLO/SLI dashboards (Prometheus + Grafana) + OpenTelemetry traces for one service
CKAD/CKA readiness: Participants map competencies against CKAD/CKA blueprints and can take CNCF certification exams per individual readiness

Program Format

Program Format Options

Chosen by team's K8s adoption stage — finalized after TNA.

Docker → Kubernetes Bootcamp (4–5 days)

Intensive bootcamp: Docker fundamentals, K8s v1.30+ manifests, Service & Ingress, ConfigMap & Secret, basic observability, Baseline PSS hardening. Hands-on in lab cluster.

Best for: Engineering teams productionizing container workloads for the first time

GitOps & Helm Mastery Workshop

Practical workshop building reusable Helm charts + multi-environment ArgoCD GitOps pipelines (dev/stg/prod) with rollback and progressive delivery.

Best for: Teams already on K8s but delivery still manual / fragmented

Cluster Hardening & PSS Migration

Consultative session applying CIS Kubernetes Benchmark priorities and migrating workloads to Pod Security Standards Baseline/Restricted, plus NetworkPolicy & RBAC review.

Best for: Teams facing security audit or migrating post-PSP removal

Recurring Platform Engineering Enablement

Recurring program (monthly/quarterly) for platform teams: SLO review, capacity planning, upgrade patterns, and institutionalization of internal paved-road.

Best for: Organizations with internal platform & multi-team applications

Free Consultation

Discuss your team's Kubernetes adoption plan

Start with a free training needs analysis: we map your distribution, roles, adoption stage, and target posture, then build a proposal and budget based on real needs.

Request Proposal

Curriculum

Curriculum Framework

Designed via ADDIE; final modules curated by distribution (EKS/AKS/GKE/on-prem), role, and TNA baseline. Topics below represent full coverage.

Comparison

Choosing the Program Format

Concise decision matrix — final recommendation set after training needs analysis.

Aspect	Docker → K8s Bootcamp	GitOps & Helm Mastery	Cluster Hardening & PSS Migration	Recurring Platform Engineering
Primary goal	K8s production foundation	Consistent GitOps delivery	Hardening & PSS posture	Sustained platform discipline
Ideal participants	Teams productionizing containers	Teams running, delivery manual	Facing audit / PSP migration	Platform team multi-team apps
Typical duration	4–5 intensive days	2–3 day workshop	1–2 week consulting	Monthly / quarterly
Main output	Fundamentals mastery + labs	Helm chart + ArgoCD pipeline	PSS Baseline/Restricted + kube-bench	Library chart + paved-road
Related certification	CKAD/CKA foundation	CKAD application	CKS (security) preparation	CKA / practitioner supporting

For Whom

Who This Program Is For

Application Developer (CKAD-aligned)

Teams writing code and wanting to deploy their own apps to K8s.

Common challenges

Not yet comfortable writing manifests (Deployment/Service/Ingress) and debugging crashing pods
Unclear when to use Helm vs Kustomize and how to structure them
GitOps workflow not understood; deploys still manual kubectl apply to production

Site Reliability Engineer / Platform Engineer (CKA-aligned)

Teams operating clusters and platform for application teams.

Common challenges

No safe, repeatable cluster upgrade pattern
Fragmented observability: metrics & logs not connected; alert noise high
Ad-hoc capacity planning; cluster costs rise without namespace visibility

Security Engineer (CKS-aligned)

Teams ensuring K8s posture meets audit & regulation.

Common challenges

PSP removed in v1.25 with migration to Pod Security Standards still pending
CIS Kubernetes Benchmark not applied consistently; no kube-bench report
Supply-chain security incomplete: images not signed, SBOM not yet used

DevOps / Build Engineer

Teams designing CI/CD pipelines and internal paved-roads.

Common challenges

CI/CD pipelines still per-team custom; no paved-road standard
GitOps not adopted; rollback depends on human + kubectl
No PR-based workflow for production changes

Tech Lead / Engineering Manager

Owners of K8s adoption decisions and delivery accountability.

Common challenges

Hard to decide when team is ready to manage K8s themselves vs use managed service
Cluster cost vs benefit concerns; no Kubernetes FinOps yet
Platform maturity roadmap not yet progressively staged

Industry Context

Industry Applications

One specific use case per industry, naming relevant workloads, regulations, and K8s patterns.

Banking & Financial Services

Modernization of bank digital service backends (internet banking, mobile, API channels) on K8s with posture meeting POJK 11/POJK.03/2022 (bank IT risk management) and SEOJK 29/SEOJK.03/2022 (cyber security) — including PSS Restricted, strict RBAC, and audit trail usable for OJK examinations.

See in Banking & Financial Services context →

Technology & Startups

Internal K8s platform (paved-road) for fast-growing technology companies — so dozens of product teams deploy safely & quickly without each team rediscovering the same patterns.

See in Technology & Startups context →

State-Owned Enterprises (BUMN)

Standardizing holding-level K8s platform across BUMN subsidiaries with uniform security baseline, audit trail usable for BPK/SPI, and FinOps reportable to the holding.

See in State-Owned Enterprises (BUMN) context →

Retail & FMCG

E-commerce backend & modern POS systems on K8s for multi-channel retail — with peak-season resilience (Harbolnas, Lebaran), aggressive autoscaling patterns, and FinOps because traffic bursts sharply impact costs.

See in Retail & FMCG context →

Healthcare & Pharmaceuticals

SIMRS and hospital integration platform on K8s, with strict patient-data access controls (UU PDP specific data), complete audit log, and KARS readiness for information governance.

See in Healthcare & Pharmaceuticals context →

Logistics & Supply Chain

K8s platform for tracking systems, TMS, WMS, and logistics order orchestration — with real-time workloads, multi-partner integration, and high resilience because downtime causes large operational losses.

See in Logistics & Supply Chain context →

Delivery Method

Delivery

Format adapts to your engineering team distribution; all formats hands-on in lab clusters.

On-site intensive & workshop

Facilitator comes to your office for a 4–5 day bootcamp; labs in EKS/AKS/GKE clusters or on-prem (kind/minikube/k3d), with your internal workload case studies.

Live online + managed labs

Interactive classes via Zoom/Teams; labs run in lab clusters provided by Neksus or your internal accounts with limited scope.

Hybrid

On-site for consultative modules (PSS migration, hardening, paved-road); online for concepts & labs — suits multi-location teams.

Scheduling fits team release & on-call calendar

Materials & labs localized to your distribution (EKS / AKS / GKE / on-prem)

Lab cluster with cost guardrails provided; alternative is labs in internal non-production cluster

Participation certificate + competency mapping against CKAD/CKA blueprint

Evaluation report & prioritized hardening recommendations for technical leadership

Engagement Flow

Engagement Path

Follows ADDIE + K8s adoption patterns — qualitative durations, scaled to adoption stage & distribution.

Training Needs Analysis & K8s Adoption Position

Mapping distribution (EKS/AKS/GKE/on-prem), roles, adoption stage (greenfield/migration/scale), critical workloads, and measurement baseline. Output: needs profile + lab scope.

Initial stage

Program Design by Role (ADDIE)

Drafting measurable learning objectives, role-based syllabi (dev/SRE/platform/security), lab scenarios, and framework map to CIS, PSS, NIST SP 800-204C, CKAD/CKA.

Pre-delivery

Docker → Kubernetes Bootcamp

Core 4–5 day session: Docker fundamentals, K8s manifests, Service/Ingress, ConfigMap/Secret, basic observability, Baseline PSS hardening. Hands-on in lab cluster.

Core week

GitOps & Helm on Real Workload

Practical workshop building Helm chart + ArgoCD pipeline for one internal app, with rollback and progressive delivery.

Post-bootcamp

Hardening, PSS Migration & RBAC Review

Consultative session applying priority CIS controls, migrating workloads to PSS Baseline/Restricted, and RBAC + NetworkPolicy review.

Rolling per workload

Observability, FinOps & Institutionalization

Recurring cadence: SLO review, autoscaler tuning, OpenCost per namespace, game day. Kirkpatrick L1–L4 evaluation (Phillips L5 on request) and platform maturity roadmap.

Recurring & continuous

Case Studies

Typical Outcome Patterns

Illustrative patterns based on similar program structures — no named clients or promised numbers. CKAD/CKA certifications & CIS Kubernetes Benchmark / Pod Security Standards references are attributed as external CNCF / CIS sources.

Financial institution with digital services on EKS

Intervention

Bootcamp + PSS migration & RBAC review workshop + ArgoCD GitOps

Result

Production workloads moved to PSS Baseline/Restricted, audit log centralized, change trails auditable by OJK

Technology company with hundreds of microservices across teams

Intervention

Platform engineering enablement: library chart + ApplicationSet + Gatekeeper

Result

Stable paved-road, fast new-team onboarding, and consistent posture across teams

Seasonal multi-partner logistics provider

Intervention

Bootcamp + SLO/SLI workshop + autoscaling tuning + game day

Result

Peak-season resilience improved and cluster cost more controlled

Procurement Info

Information for Procurement & Vendor Management

What procurement, finance, legal, and information security teams need.

Legal entity

Indonesian PT under the Selestia ecosystem (Eduprima group); complete NPWP & legal documents; ready for PKS/contracts and vendor onboarding.

Proposal

Structured proposal: measurable learning objectives, role-based syllabus, framework map (Kubernetes v1.30+/CIS K8s Benchmark/Pod Security Standards/NIST SP 800-204C/CKAD-CKA), facilitator profile, schedule, and TNA-based cost detail.

Pricing model

TNA-based — flat per program, per session, per participant, tiered, or custom. No standard numbers without needs analysis; estimates issued after TNA is agreed.

Payment & tax

Flexible terms (DP + balance / per-batch installments); tax invoice (PPN) and PO documentation supported.

BUMN/government procurement

Familiar with BUMN/government procurement: vendor documentation, e-procurement / SPSE, HPS/offers, and compliance clauses.

Measurement

Kirkpatrick L1–L3 evaluation reports (attendance, knowledge assessment, lab) + competency mapping to CKAD/CKA; Phillips ROI L5 on finance/risk request.

Confidentiality & data security

NDA signing, confidentiality of internal workloads used as case studies, and practices aligned with UU PDP and your internal security policy.

Material ownership

Manifests, Helm charts, and documents built for your company are yours; usage rights of training materials are agreed in the contract.

FAQ

Frequently Asked Questions

Next Step

Discuss your team's Kubernetes adoption plan

Start with a free training needs analysis: we map your distribution, roles, adoption stage, and target posture, then build a proposal and budget based on real needs.

Training needs analysis at no cost — the natural first step
Proposal, role-based syllabus, and framework map (Kubernetes v1.30+/CIS/PSS/NIST 800-204C/CKAD-CKA) within a few business days
Labs in sandbox cluster with cost guardrails; internal workload review option
Procurement-ready documents (company profile, NPWP, NDA, PPN tax invoice)

Request Proposal & Free TNA Free Consultation

Explore More

Discuss your team's Kubernetes adoption plan

Start with a free training needs analysis: we map your distribution, roles, adoption stage, and target posture, then build a proposal and budget based on real needs.

Training needs analysis at no cost — the natural first step
Proposal, role-based syllabus, and framework map (Kubernetes v1.30+/CIS/PSS/NIST 800-204C/CKAD-CKA) within a few business days
Labs in sandbox cluster with cost guardrails; internal workload review option
Procurement-ready documents (company profile, NPWP, NDA, PPN tax invoice)

Kubernetes for Engineering Teams

Kubernetes & Container Orchestration (Engineering Teams)

Expected Outcomes

Program Format Options

Docker → Kubernetes Bootcamp (4–5 days)

GitOps & Helm Mastery Workshop

Cluster Hardening & PSS Migration

Recurring Platform Engineering Enablement

Discuss your team's Kubernetes adoption plan

Curriculum Framework

1Docker Fundamentals & Image Hygiene

2Kubernetes Fundamentals (v1.30+)

3Helm & GitOps with ArgoCD

4Networking, Storage & Stateful Workloads

5Pod Security Standards, RBAC & CIS Hardening

6Observability, Reliability & Kubernetes FinOps

7Supply-Chain Security & Microservices (NIST SP 800-204C)

Choosing the Program Format

Who This Program Is For

Application Developer (CKAD-aligned)

Site Reliability Engineer / Platform Engineer (CKA-aligned)

Security Engineer (CKS-aligned)

DevOps / Build Engineer

Tech Lead / Engineering Manager

Industry Applications

Delivery

On-site intensive & workshop

Live online + managed labs

Hybrid

Engagement Path

Training Needs Analysis & K8s Adoption Position

Program Design by Role (ADDIE)

Docker → Kubernetes Bootcamp

GitOps & Helm on Real Workload

Hardening, PSS Migration & RBAC Review

Observability, FinOps & Institutionalization

Typical Outcome Patterns

Information for Procurement & Vendor Management

Frequently Asked Questions

What's the difference between Docker and Kubernetes and when is each relevant?

Does the training prepare participants for CNCF certifications (CKAD/CKA)?

How do we migrate from Pod Security Policies, removed in v1.25?

When does a service mesh (Istio / Linkerd) make sense vs over-engineering?

How does the module teach supply-chain security?

Is GitOps (ArgoCD) required or optional?

How do we manage K8s cluster cost (Kubernetes FinOps)?

Can the material adapt to specific distributions (EKS / AKS / GKE / on-prem)?

How does this program measure impact on delivery & production?

What's the ideal program duration and effective batch size?

Discuss your team's Kubernetes adoption plan

Related Topics

Discuss your team's Kubernetes adoption plan