Infrastructure
Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling
A rundown of the Kubernetes API object model (apiVersion, kind, metadata, spec, status) and the declarative vs. imperative styles, container images and runtimes, the kube-scheduler scheduling process (nodeSelector, affinity, taint), and how to inject configuration with ConfigMap and Secret. This wraps up the back half of Domain 1, Kubernetes Fundamentals (46%).
Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles
Part 11 of the Red Hat Certified Engineer (RHCE) series. We cover the standard role directory structure and ansible-galaxy role init, the difference between the roles key and include_role/import_role, why defaults sits at the lowest role variable precedence, and the dependencies in meta/main.yml plus roles_path. We practice the exam-favorite flow of writing a role and calling it from a playbook with worked examples.
Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream
The eighth post in the Red Hat Certified System Administrator (RHCSA) series. We cover installing, removing, and searching packages with dnf, adding repositories, and working with AppStream module streams and profiles. From RHCSA staples like adding a specific repository and installing from it, all the way to switching module streams — all walked through with command examples.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent
The third post in the SOA-C03 series covers the log side of CloudWatch. It covers the structure of log groups and log streams, retention periods and cost, how to collect logs and OS metrics with the CloudWatch Agent, metric filters that extract metrics from logs, Logs Insights queries, and subscription filters that deliver logs in real time.
AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD
The first post of the DVA-C02 deployment domain. It covers the division of roles among the AWS developer tools (CodeCommit,CodeBuild,CodeDeploy,CodePipeline,CodeArtifact), along with CodeBuild's buildspec.yml phases and environment variables, CodeDeploy's appspec.yml with deployment groups and lifecycle hooks, and CodePipeline's stage composition and artifact flow at the exam level. The key is knowing which tool does what.
Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)
Part 18 of the Certified Kubernetes Administrator (CKA) series. We follow the flow where a Service uses a selector to pick Pods, builds Endpoints, and kube-proxy turns those into node-level rules. We cover the four types — ClusterIP, NodePort, LoadBalancer, ExternalName — the distinction between port/targetPort/nodePort, headless Services, k expose, and the operational instinct for tracing the cause through Endpoints when a Service stops working.
Certified Kubernetes Application Developer (CKAD) #13 ConfigMap and Secret in Depth: volume vs env, Auto-Refresh
The thirteenth post in the Certified Kubernetes Application Developer (CKAD) series. We create ConfigMaps and Secrets that pull configuration and sensitive data out of code, and cover the three ways to inject them — env (valueFrom , envFrom) and volume mounts — in exam-task format. In particular, we drill the difference that env stays fixed until the Pod restarts while a volume auto-refreshes after a delay.
Certified Kubernetes Security Specialist (CKS) #11: Isolation — gVisor, Kata Containers, RuntimeClass
The eleventh post in the Certified Kubernetes Security Specialist (CKS) series. We pin down the root problem that container isolation is weak because containers share the host kernel, and lay out the sandbox runtimes that make up for it. We compare how gVisor (runsc), which intercepts system calls with a user-space kernel, and Kata Containers, which separates workloads in lightweight VMs, each work; how to declare a handler with RuntimeClass and apply it via a Pod's runtimeClassName; the trade-offs between security and performance/compatibility; and finally the RuntimeClass creation and Pod assignment tasks that show up often on the exam, building them by hand.
Kubernetes and Cloud Native Associate (KCNA) #2: Kubernetes Fundamentals 1 — Architecture and Core Resources
The second post in the KCNA series. The first half of Domain 1, the largest at 46%, covering the components of the control plane and worker nodes (kube-apiserver, etcd, kube-scheduler, controller-manager, kubelet, kube-proxy, container runtime), the declarative model and the reconciliation loop, and the core resources Pod, ReplicaSet, Deployment, Service, and Namespace.
Red Hat Certified Engineer (RHCE) #10 Ansible Vault: Managing Secrets
The tenth post in the Red Hat Certified Engineer (RHCE) series. We encrypt variable files with ansible-vault (create/edit/view/encrypt/decrypt/rekey), put secrets in group_vars/secret.yml and use them from a playbook, supply the password at runtime with --ask-vault-pass and --vault-password-file, and inline-encrypt a single variable with encrypt_string — all laid out command by command.
Red Hat Certified System Administrator (RHCSA) #7 File systems: XFS, ext4, mount/fstab, NFS, AutoFS
The seventh post in the Red Hat Certified System Administrator (RHCSA) series. We create file systems with mkfs.xfs and mkfs.ext4, handle mounts with mount/umount/findmnt, lock down persistent mounts that survive a reboot via UUID/LABEL and fstab, and finally type out NFS client mounts and AutoFS on-demand mounts by hand.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #2 Domain 1-1 Monitoring — CloudWatch Metrics, Alarms, and Dashboards
The second post of the SOA-C03 series covers CloudWatch, the first topic of the largest domain, Monitoring (22%). It covers how metrics are collected along with namespaces and dimensions, the difference between standard and custom metrics, alarm state transitions and evaluation-period design, composite alarms, and dashboard composition.