Infrastructure
Certified Kubernetes Security Specialist (CKS) #7: seccomp Profiles
The seventh post in the Certified Kubernetes Security Specialist (CKS) series. We cover how to use seccomp to filter the system calls a container can make. We work directly through the three profile types — RuntimeDefault, Localhost, and Unconfined — the securityContext.seccompProfile setting, and writing and verifying a custom profile JSON loaded onto the node.
Red Hat Certified Engineer (RHCE) #6: Variables and facts — precedence, magic vars, custom facts
The sixth post in the Red Hat Certified Engineer (RHCE) series. From a hands-on angle, we cover where variables are defined (play vars, vars_files, group_vars/host_vars, extra-vars, register) and their reference syntax, the precedence rules where extra-vars always wins, the facts gathered by gather_facts and how to reach them through ansible_facts, how register stores a task result, magic variables like hostvars and groups, and finally custom facts you build under /etc/ansible/facts.d.
Red Hat Certified System Administrator (RHCSA) #3 Shell scripting: conditionals, loops, arguments, exit codes
The third post in the Red Hat Certified System Administrator (RHCSA) series. To write the simple bash scripts that show up regularly on the RHCSA exam, we type our way through shebang and variable quoting, positional arguments and exit codes, test/if/case conditionals and for/while/until loops, command substitution and arithmetic, read input and functions. At the end we write a real-world script that validates arguments and processes multiple targets in a loop.
AWS Certified Developer - Associate (DVA-C02) #4 Domain 1-3 Development with AWS Services — DynamoDB Development
The third post of the DVA-C02 development domain. It covers DynamoDB key design (partition key, sort key), the difference between LSI and GSI, read consistency (eventually consistent vs strongly consistent), capacity modes (on-demand vs provisioned) and throttling, optimistic locking implemented with conditional writes, atomic counters, DynamoDB Streams, TTL, and DAX caching, all at the exam level.
AWS Certified Solutions Architect - Associate (SAA-C03) #15 Exam Tips and Frequently Missed Patterns
After finishing SAA-C03 domain study, here is the practical strategy for protecting your score in the exam room. It lays out time management across 130 minutes and Mark for Review, how to filter options by constraint keywords, the elimination strategy, and the concept pairs most often confused on the exam (Multi-AZ vs. read replica, SG vs. NACL, Gateway vs. Interface Endpoint, and more) in a single table.
Certified Kubernetes Administrator (CKA) #13 Scheduling 1: nodeSelector, nodeAffinity, podAffinity/antiAffinity
The thirteenth post in the Certified Kubernetes Administrator (CKA) series. We lay out the four tools that control which node the scheduler places a Pod on. nodeSelector does simple label matching, nodeAffinity expresses node conditions with required and preferred, and podAffinity/podAntiAffinity use topologyKey to place a Pod on the same node as — or a different node from — other Pods. We also look at manual placement that bypasses the scheduler with nodeName.
Certified Kubernetes Application Developer (CKAD) #8 Deployment Strategies: Blue-green, Canary
The eighth post in the Certified Kubernetes Application Developer (CKAD) series. Implement zero-downtime deployment strategies by hand with nothing but Deployment, Service, and labels — no managed deployment tooling. We review rolling update and recreate, build instant cutover and rollback with blue-green, and implement traffic splitting through replicas ratios with canary.
Certified Kubernetes Security Specialist (CKS) #6: AppArmor profiles (System Hardening)
The sixth post in the Certified Kubernetes Security Specialist (CKS) series. We cover how to restrict a container's file and capability access at the kernel level with AppArmor, the Linux MAC. We work through the difference between enforce and complain modes, writing a profile with deny rules, loading it onto a node with apparmor_parser and confirming with aa-status, the two ways of attaching it to a Pod (1.30+ securityContext.appArmorProfile and the older annotation), and verifying with exec that the profile actually blocks.
Red Hat Certified Engineer (RHCE) #5: Playbook Basics — task, handler, idempotency
The fifth post in the Red Hat Certified Engineer (RHCE) series. We work through the YAML structure of a playbook and the play/task relationship, writing module tasks and the recommendation to name them, the handler-and-notify pattern that runs once at the end only when something changed, the idempotency that surfaces through changed and ok, the idempotency stopgaps for command/shell (creates/removes), and ansible-playbook versus ansible-navigator run plus --check/--diff/--syntax-check — all from a hands-on exam point of view.
Red Hat Certified System Administrator (RHCSA) #2 Essential Tools: bash, vi, redirection, find/grep, archive, ssh
The second post in the Red Hat Certified System Administrator (RHCSA) series. We cover the shell fundamentals that everything else is built on — input/output redirection and pipes, finding and processing matching files with find and grep, text processing with less,sort,sed,awk, the modes and search-and-replace of the vi editor, tar,gzip archiving, remote work with ssh and scp, and how to wield man pages as a weapon in an exam room with no internet — all with command examples.
AWS Certified Developer - Associate (DVA-C02) #3 Domain 1-2 Development with AWS Services — API Gateway
The second post of the DVA-C02 development domain. It covers the difference between API Gateway's REST API and HTTP API, Lambda proxy integration, the three authentication methods (IAM, Cognito authorizer, Lambda authorizer), throttling and usage plans/API keys, caching, stages and stage variables, and CORS, all at the exam level. API Gateway is the gateway to serverless APIs and appears in the development domain second only to Lambda.
AWS Certified Solutions Architect - Associate (SAA-C03) #14 Domain 4-2 Cost Optimization — Cost Monitoring
The final post of the SAA-C03 cost optimization domain. It covers Cost Explorer for analyzing and forecasting cost, AWS Budgets for alerting on budget overruns, CUR as the most detailed billing data, Trusted Advisor for checking cost , security , performance, Compute Optimizer for right-sizing recommendations, and how to manage multi-account cost with consolidated billing and cost allocation tags.