Infrastructure
AWS in Practice #1: Deploying FastAPI/Django to ECS Fargate
Push a container image to ECR, write a Task Definition, and stand it up as an ECS Fargate Service behind an ALB — the full flow of putting a small blog API into production, in a single post.
K8s Advanced #4: CRD and the Operator Pattern — controller-runtime
One reason K8s is powerful is that you can extend its API itself. Defining new object kinds with CustomResourceDefinition and writing a reconcile loop for those objects with controller-runtime makes domain objects live as standard resources on top of K8s. Objects with names like PostgresCluster, RedisFailover, KafkaBroker are the result. This post organizes the CRD model, an Operator skeleton based on controller-runtime, and ownerReference / finalizer / status subresource — all in one cycle.
RHEL Advanced #7: Cockpit for GUI Management and Web Console — Series Wrap
The RHEL Advanced series so far has been all CLI, but Cockpit is the standard tool that adds a lightweight web GUI on top. The web console covers systemd, services, users, networking, storage, Podman, kdump, and SELinux on one screen, lets you manage multiple machines from a dashboard, integrates sosreport and diagnostic tools, and handles the kinds of work better done in Cockpit than by SSHing in to edit with vi — as we wrap the series.
AWS Advanced #7: Step Functions
Where state machines fit, the four states (Task / Choice / Parallel / Map), Standard vs Express, Lambda / ECS / SDK integrations, error handling with retry / catch, common patterns — the AWS workflow service.
AWS Certified Cloud Practitioner (CLF-C02) #1: Exam Introduction — Structure and Study Strategy
The opening post of the AWS Certified Cloud Practitioner (CLF-C02) series. The shape of 65 questions, 90 minutes, and a 700 passing score; the weight and meaning of the four domains; registration and the testing environment; and the study strategy that turns the hands-on feel from the [AWS track](/en/posts/aws-basics-1) into exam answers. This 10-part series targets a CLF-C02 pass, wrapping up with a full-scale mock exam in #10.
K8s Advanced #3: Admission Controller — OPA Gatekeeper / Kyverno
The K8s API server has a stage that can inspect and mutate manifests right before they're stored in etcd. This stage, called Admission Controller, is the entry point for the operational cluster's policy engine. Policies like "reject containers without limits," "force specific labels," "restrict image origins" are blocked at the manifest level without changing a line of code. This post organizes the position of the admission stage, built-in controllers, ValidatingWebhook and MutatingWebhook, and the models of two policy engines OPA Gatekeeper and Kyverno — all in one cycle.
RHEL Advanced #6: Subscription, Satellite, Insights — Operations Infrastructure
Three Red Hat operations tools you meet not when running one machine, but when running tens or hundreds. subscription-manager ties a machine to a Red Hat subscription, Satellite is the on-prem unified ops platform for lifecycle, content views, and patch automation, and Insights is the SaaS analytics service for vulnerability, stability, and performance recommendations — all in one cycle.
AWS Advanced #6: Secrets Manager / Parameter Store
How Secrets Manager and SSM Parameter Store differ, automatic rotation, fetching from code (boto3 / caching / Powertools), ECS and Lambda integration, IaC wiring, cost comparison — AWS secret / configuration management.
Docker in Practice #6 Cloud Deployment — Fly.io / Railway / ECS — Wrapping the Track
The final step — taking the images you built and pushed and putting them on real production. Three options (Fly.io , Railway , ECS Fargate), the fork between them, deployment flows, secret management, healthchecks and zero-downtime, and a recap of all 24 posts in the track.
K8s Advanced #2: RBAC / ServiceAccount in Depth — Aggregated ClusterRole / Impersonation / IRSA / Workload Identity
[Intermediate #7](/en/posts/k8s-intermediate-7) covered the four RBAC objects and the ServiceAccount model. On top of that, there's more depth encountered in operational clusters. Aggregated ClusterRole that makes ClusterRoles extensible by composing them via labels, Impersonation that temporarily acts as another user's permission, the flow where ServiceAccount tokens shifted from legacy secrets to projected tokens, and EKS's IRSA and GKE's Workload Identity that tie K8s ServiceAccounts to cloud IAM — one more layer of the permission model in depth.
RHEL Advanced #5: Security Hardening — auditd, OpenSCAP, FIPS
The three pillars of operational security stacked on top of SELinux. auditd for recording every change to the system with ausearch/aureport, OpenSCAP for automated checking and remediation against CIS, STIG, PCI-DSS, and FIPS mode required by government and financial certifications — all in one cycle.
AWS Advanced #5: EventBridge / SQS / SNS
The three side by side, SNS topic / SQS queue / EventBridge bus,rule, fan-out patterns, FIFO vs Standard, DLQ and idempotency, how it all wires up to Lambda / ECS — AWS messaging infrastructure.