All posts
Certified Kubernetes Application Developer (CKAD) #18 Services: ClusterIP, NodePort, LoadBalancer, ExternalName
The eighteenth post in the Certified Kubernetes Application Developer (CKAD) series. It covers the Service, the object that puts a stable entry point in front of a shifting set of Pods. We learn how selectors and labels pick Pods and how Endpoints are managed automatically, the differences between the four types ClusterIP, NodePort, LoadBalancer, and ExternalName, the distinction between port, targetPort, and nodePort, headless Services and cluster DNS, and finally debugging empty endpoints — all through YAML and kubectl.
Certified Kubernetes Security Specialist (CKS) #16 Admission control: OPA/Gatekeeper, Kyverno
The 16th post in the Certified Kubernetes Security Specialist (CKS) series. We start from how an admission controller intercepts API requests to validate and mutate them, then learn the difference between validating and mutating webhooks, OPA/Gatekeeper's ConstraintTemplate and Constraint with Rego policies, and Kyverno's YAML-based validate/mutate/generate policies through examples. We implement "no latest tag" and "trusted-registry only" in both tools, and wrap up the exam-favorite pattern of rejecting a violating manifest.
How Do Messaging Apps Deliver Your Messages? Servers and End-to-End Encryption
Your message doesn't fly straight to the other person's phone. This post explains the store-then-deliver structure behind messaging apps, how read receipts work, the difference between encryption in transit and end-to-end encryption, and why some apps keep a separate secret chat mode, all at a non-developer's level.
How Do You Analyze Product Data and Logs? Tracking Basics for PMs and Marketers
This post explains, without any code, how the data and logs a service leaves behind pile up, and how they turn into metrics and analysis. It covers the difference between logs, events, and metrics, plus funnel analysis and how to spot vanity metrics, at a PM and marketer's level.
HTTPS Certificates in Practice — From Let's Encrypt Issuance to Auto-Renewal (certbot, ACME, managed)
A hands-on guide to actually issuing, installing, and auto-renewing HTTPS certificates. It covers ACME and domain ownership validation, issuing Let's Encrypt with certbot, setting up auto-renewal, wildcards (DNS-01), managed options like AWS ACM and Cloudflare, and diagnosing common errors such as a missing chain or name mismatch.
Kubernetes and Cloud Native Associate (KCNA) #7: Cloud Native Application Delivery (8%) — GitOps, CI/CD
The seventh post in the KCNA series. We cover the whole of Domain 5: the split between CI and CD and the pipeline stages, the four principles of GitOps (ArgoCD, Flux) and pull-based delivery, deployment strategies (rolling, blue-green, canary), manifest management with Helm and Kustomize, and the basics of supply chain security.
Red Hat Certified Engineer (RHCE) #15 RHCSA Automation 2: Services, chronyd, log
The fifteenth post in the Red Hat Certified Engineer (RHCE) series. We automate the manual RHCSA work of service management, time synchronization, and log configuration with Ansible. We lock down daemons through enable and start in one shot with the service/systemd module, configure NTP with the timesync system role or a chrony template plus a handler, schedule jobs with the cron and at modules, and apply journald persistent storage and tuned profiles through playbooks.
Red Hat Certified System Administrator (RHCSA) #12: firewalld and SSH key authentication
The twelfth post in the Red Hat Certified System Administrator (RHCSA) series. We type through firewalld's zone concept and how to permanently allow services and ports with firewall-cmd, rich rules and source-based zone assignment, then how to set up SSH key authentication with ssh-keygen and ssh-copy-id and get the authorized_keys permissions right. We zero in on the RHCSA staples — permanently allowing ports and services and configuring key authentication — and the trap of forgetting --permanent.
LLM App Development #4: Prompt Engineering in Practice
The same question can yield very different answers depending on how you ask. Specific instructions, output formatting, examples, and separating structure with tags — how to write prompts that reliably draw out the result you want.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #7 Domain 3-1 Deployment — CloudFormation in Depth and IaC
The seventh post of the SOA-C03 series covers CloudFormation, the first topic of the deployment and automation domain (22%). It covers the structure of stacks and templates, change sets and drift detection, stack policies and deletion protection, StackSets for deploying across multiple accounts and regions, and the relationship with other IaC tools such as CDK and Terraform.
AWS Certified Developer - Associate (DVA-C02) #13 Domain 4-2 Troubleshooting and Optimization — Optimization and Problem Solving
The second post of the DVA-C02 troubleshooting domain. It covers choosing caching layers (CloudFront,ElastiCache,DAX,API Gateway), Lambda performance tuning (the relationship between memory and CPU,cold starts,concurrency), handling DynamoDB throttling, and the error codes that frequently appear on the exam (429,502,504,ProvisionedThroughputExceededException, etc.) and how to read them. This is the final step of looking at metrics, narrowing down the cause, and fixing it.
Certified Kubernetes Administrator (CKA) #22 Troubleshooting 1: Pods and Apps (Pending, CrashLoop, ImagePull, OOM)
The largest domain on the CKA exam is Troubleshooting (30%). In this post we tackle the four most common Pod-level failures within that domain. We organize Pending, CrashLoopBackOff, ImagePullBackOff/ErrImagePull, and OOMKilled each from symptom to diagnosis to fix in a single flow, and we drill the order in which to read describe, events, and logs so you reach the root cause fast.