Overview
free

Course Setup and the Incremental Ladder
Why "Threads to Clusters"
How to Use This Course
The Incremental Ladder (Step 0 to Step 7)
The Course Lenses

Mental Models: Threads, Processes, Nodes, Clusters
Core Definitions
Scaling Models
Failure Domains

Architectures as Layers
The Layered View
Concern Placement
Why You Don't Skip Rungs

Diagramming and Notation
Canonical Symbols and Legends
Notation Styles
Reading and Writing Architecture Diagrams

Step 0 Architecture: Single-Threaded Systems
Classical Monolith Shape
Event Flow and Blocking I/O
Packaging and Manual Deployment

Step 0 Operations: Local Data, Logging, Configuration
Local Persistence Models
Configuration and Secrets on One Host
Debugging and Local Observability

Step 1 Compute: Threads and Async
Concurrency Primitives: Work Queues, Thread Pools, Async Runtimes
Shared Memory Hazards: Locks, Deadlocks, Contention, False Sharing
Canonical Patterns: Producer/Consumer, Reactor/Event Loop, Futures/Promises

Step 1 Operations: Packaging and Running Concurrent Apps
CPU-bound vs I/O-bound: Choosing Concurrency Strategies
Runtime Tuning: Thread Counts, Pools, and Saturation Behavior
Profiling and Debugging Concurrency: Practical Diagnosis and Anti-Pattern Recognition

Step 2 Architecture: Multi-Process Systems
Process Decomposition: Web Server, Worker, Scheduler as Separate Processes
IPC Patterns: Pipes, Unix Sockets, Shared Memory, Localhost TCP
Supervision and Lifecycle: Init Systems and Supervisors (Systemd-like Patterns)

Step 2 Operations: Distribution, Security, Observability on One Host
Packaging Process Topologies: Bundles, Installers, and Dependency Alignment
Local Perimeter Thinking: Loopback Security and Host Firewall Basics
Structured Logs and Host Metrics: Preparing for the Container Leap

Containers as the New Process
Isolation Mechanics: Namespaces, cgroups, Container Boundaries
Designing Container Cuts: Mapping Multi-Process Apps to Containers
Sidecar vs Single-Container: Trade-offs and Operational Consequences

Image Build, Packaging, Distribution
Dockerfile/OCI Design: Layers, Base Images, Multi-Stage Builds
Registries and Tagging: Immutability, Promotion, Provenance (SBOM as Baseline)
Reproducibility: Dev-to-Prod Workflows and Artifact Discipline

Single-Host Container Networking and Security
Bridge vs Host Networking: Port Mapping and Local Routing
Local Naming/DNS: Service Naming on One Host
Least Privilege Containers: Users, Filesystem Permissions, Minimal Images

Operating Containerized Single-Host Systems
Multi-Container Topologies: Compose-like Orchestration Patterns
Health, Restarts, Failover: Liveness, Readiness, Restart Policies
Container Observability: Logs, Metrics, Tracing Basics Inside Containers

Cluster Primitives
Workload Building Blocks: Pods/Tasks, Deployments, Jobs, DaemonSets
Control Plane and Scheduling: Placement, Resourcing, Node Pools
Requests/Limits and Bin Packing: Performance, Stability, Noisy Neighbors

Cluster Networking and Service Discovery
East-West Traffic: Pod Networks and Service Abstractions
Cluster DNS and Naming: Conventions and Failure Behavior
L4 vs L7 Inside the Cluster: Load Balancing and Routing Decisions

Ingress, Edge, External Access
Ingress Controllers and Gateways: Edge Patterns and Responsibilities
TLS Termination and mTLS: Secure Traffic Inside and Outside the Cluster
Public vs Private Ingress: Allowlists, WAF Integration, Exposure Control

Packaging for Clusters
Manifests and Charts: Helm/Kustomize Mental Models
Versioning and Release Mechanics: Promotion and Rollback Strategy
Config and Secrets at Scale: Operational Models and Drift Control

Data, State, Storage in a Single Cluster
Stateful Workloads: PVCs, Storage Classes, Stateful Sets
DB Inside vs Outside: Trade-offs and Operational Posture
Cache Placement: Cluster-Local vs External Tiers

Observability and Reliability in a Single Cluster
Central Telemetry: Logging, Metrics, Tracing Stacks and Patterns
Probes and Autoscaling: Readiness/Liveness, HPA Patterns, Disruption Budgets
Incident Operations: Canary, Blue/Green, and Recovery Workflows

Why Multi-Cluster
Isolation Models: Per-Tenant, Per-Team, Per-Env Motivations
Trade-offs vs One Mega-Cluster: Complexity, Cost, Failure Isolation
When Multi-Cluster Is Justified: Thresholds and Triggers

Topologies: Cell-Based and Hub-and-Spoke
Cells/Shards vs Shared Control: Design Choices and Consequences
Ingress Models: Per-Cluster Ingress vs Shared Ingress Layers
Regional Segmentation: Network Segmentation Patterns in One Region

Cross-Cluster Networking and Discovery
Private Networking: VPC/VNet Peering and Private Links
Federation and Mesh: DNS, Mesh Federation, and Discovery Patterns
Routing Strategies: Failover, Shadowing, Regional Load Balancing

Data and Caching Across Clusters
Shared vs Per-Cluster Datastores: Governance and Blast Radius
Cache Tiers: Cluster-Local vs Shared Cache Backbones
Event Buses: Messaging as the Cross-Cluster Integration Plane

CI/CD, Packaging, Governance
Artifact Promotion: Images and Configuration Across Clusters
GitOps and Pipelines: Multi-Cluster Deployment Mechanics
Policy as Code: Admission Control, Scanning, and Compliance

Regions and Failure Domains
Regions/AZs as Boundaries: What Can Fail Together
Active-Active vs Active-Passive: Availability Models
RTO/RPO: Defining Recovery Objectives and Constraints

Global Traffic Management and DNS
Global DNS Policies: Latency, Geo, and Failover Strategies
Anycast and CDN Edges: Routing Implications and Trade-offs
Health-Based Failover: Combining DNS and L7 Routing

Data Replication and Consistency
Strong vs Eventual: What You Can Promise Globally
Topologies: Leader-Follower, Multi-Leader, Conflict Resolution
Replication Failure Modes: Lag, Split-Brain, Reconciliation

Caching and Performance at Global Scale
Edge vs Regional Caches: Placement and Coherence
Invalidation Strategies: TTLs, Hints, Stampede Mitigation
Read-Mostly vs Write-Heavy: Performance Posture and Constraints

Security, Identity, Compliance Across Regions
Data Residency: Region-Specific Compliance Impacts
Federated Identity: Region-Aware AuthZ and Policy
Key Management: KMS/HSM Patterns and Secure Distribution

Operating Multi-Region Systems
Failover Playbooks: Drains, Failback, Cutovers
Game Days and DR Rehearsals: Operational Validation
Global Observability: SLOs per Region, Aggregation, Incident Coordination

Why Multi-Cloud
Real Motivations vs Myths: Risk, Locality, Negotiation, Capability Gaps
When Multi-Region Is Enough: Avoiding Unnecessary Complexity
Anti-Goals: What Multi-Cloud Should Not Be Used to Solve

Abstraction Layers and Control Planes
Cloud-Agnostic vs Cloud-Native: The Portability Trade Space
Common Control Planes: Orchestration and Policy Patterns
Contracts and APIs: Minimizing Lock-In Through Explicit Interfaces

Networking Across Clouds
Connectivity Options: VPN, Direct Connect, Overlays
Routing and DNS: Naming and Traffic Management Across Providers
Cost and Latency: Egress, Bottlenecks, and Optimization Posture

Identity, Access, Policy Federation
Cross-Cloud SSO: Federated Identity Fundamentals
Consistent Authorization: RBAC/ABAC Across Providers
Policy as Code at Multi-Cloud Scope: Enforcement and Auditing

Data Portability and Gravity
Data Gravity: why data dominates architecture decisions
Replication and DR: cross-cloud backup and recovery models
Portability Boundaries: what must be portable vs what can be per-cloud

Packaging and Distribution for Multi-Cloud
Portable Artifacts: images, manifests, infra-as-code discipline
Multi-Cloud Pipelines: promotion and verification
Extensions: provider-specific vs provider-neutral patterns

Compute and Concurrency Patterns
Thread Pools, Work Queues, and Saturation Boundaries
Async I/O, Event Loops, and Backpressure
Actors, Green Threads, and Isolation-by-Mailbox
Request/Response vs Event-Driven vs Batch: Choosing the Work Model
Scaling Patterns Across the Ladder: When "More Instances" Fails

Integration, Messaging, Event-Driven Architectures
Integration Boundaries: App Layer vs Data Layer vs Infra Layer
Queues, Topics, Streams: Semantics and Operational Trade-offs
Change Data Capture and the Event Backbone
The Outbox Pattern: Making Side Effects Durable
Sagas and Distributed Workflows: Coordinating Without a Global Transaction

Caching and Performance Patterns
Cache-Aside, Read-Through, Write-Through, Write-Behind: What You Promise
Hot Keys, Hot Partitions, and Load Skew
Cache Stampede and Thundering Herd: Prevention and Mitigation
Local -> Cluster -> Global: How Cache Boundaries Evolve Up the Ladder
Consistency Hints: TTLs, Invalidation, and "Good Enough" Correctness

Load Balancing and Traffic Shaping Patterns
L4 vs L7 Load Balancing: Connection vs Request Semantics
Blue/Green and Canary: Release Safety as a Boundary Design
Shadow Traffic and A/B Testing: Measurement Without Breaking Users
Rate Limiting and Quotas: Protecting Shared Systems
Backpressure, Circuit Breakers, and Overload Control

Security Architecture and Zero Trust
Authentication vs Authorization: What Each Boundary Enforces
RBAC, ABAC, and Policy Evaluation: Consistency Across Steps
Perimeter to Microsegmentation: Network Segmentation Patterns
Secrets Distribution and Rotation: Secure Bootstrapping Over Time
Service Mesh and Zero Trust: When It Helps, When It Hurts

Observability, SLOs, Operational Maturity
Metrics, Logs, Traces: Signals and Failure Boundaries
SLIs and SLOs: Turning "Reliability" Into a Contract
Error Budgets and Release Policy: Governing Change with Data
Alerting and On-Call Design: Avoiding Paging as a Monitoring Strategy
Operational Maturity by Step: Readiness Criteria Across the Ladder

Diagram Templates by Step
Diagram Templates by Step

Technology Mapping Guide
Technology Mapping Guide

Readiness Assessments: Moving from Step N to Step N+1
Readiness Assessments: Moving from Step N to Step N+1

Glossary: Canonical Definitions (and the Boundaries They Imply)
Glossary: Canonical Definitions (and the Boundaries They Imply)

/threads-to-clusters/threads-to-clusters

Isolation Mechanics: Namespaces, cgroups, Container Boundaries

Sign in to access this lesson.

Sign in Create account