All posts
Certified Kubernetes Application Developer (CKAD) #17 Volumes: emptyDir, PVC, projected, ephemeral
The seventeenth post in the Certified Kubernetes Application Developer (CKAD) series. Starting from the volatility of a container filesystem, it works through emptyDir and hostPath, the dynamic provisioning of PersistentVolumeClaim and StorageClass, the projected volume that bundles secret, configMap, and downwardAPI into one directory, and the generic ephemeral volume — all with hands-on YAML examples.
Certified Kubernetes Security Specialist (CKS) #15 Image signing: cosign, SBOM
The fifteenth post in the Certified Kubernetes Security Specialist (CKS) series. The only way to trust an image entering your cluster is to verify a signature that proves its origin. We walk through creating and verifying both key-based and keyless (OIDC) signatures with sigstore's cosign, generating an SBOM (SPDX/CycloneDX) with syft to track components, and closing the supply chain by blocking unsigned images at admission — all with command examples.
DNS Records Setup in Practice — Connecting a Domain to a Server or the Cloud (A, CNAME, apex, TTL)
A hands-on guide to connecting a domain to an actual server or the cloud. Nameserver delegation, real values for A/AAAA/CNAME/MX/TXT records, the apex domain problem and its fixes, TTL and propagation, how to check with dig, and common mistakes — covering both self-managed Linux and managed cloud side by side.
How Does Home Wi-Fi Work? Routers, Public vs Private IP, 2.4GHz and 5GHz
Your home has one internet line, yet your phone, laptop, and TV are all online at once — the secret is the router. Public vs private IP addresses, how NAT works, the difference between 2.4GHz and 5GHz, and what your Wi-Fi password actually does, explained for non-developers.
Kubernetes and Cloud Native Associate (KCNA) #6: Cloud Native Observability (8%) — Telemetry, Prometheus, Cost Management
The three pillars of telemetry (metrics, logs, traces), Prometheus pull-based metric collection with PromQL, Alertmanager, and Grafana, OpenTelemetry and distributed tracing, SLI/SLO/SLA and the golden signals, and FinOps cost management — a walk through KCNA Domain 4.
Red Hat Certified Engineer (RHCE) #14 RHCSA Automation 1: Users/Groups, Packages/Repositories
The fourteenth post in the Red Hat Certified Engineer (RHCE) series. We automate the user/group creation and package/repository management you did by hand in RHCSA with Ansible modules. We work through the user and group modules, passwords handled safely with password_hash and Vault, the dnf module and module streams, the yum_repository module, and the exam-favorite pattern of creating many users at once with loop.
Red Hat Certified System Administrator (RHCSA) #11 Users/Groups: UID/GID, sudo, ACL, password policy
The eleventh post in the Red Hat Certified System Administrator (RHCSA) series. We organize it around the exact tasks RHCSA puts on the practical exam: creating users with useradd and usermod and assigning UID/GID, groupadd and supplementary groups, granting sudo rights through /etc/sudoers and visudo, setting per-file ACLs with setfacl, and pinning down password expiry policy with chage.
LLM App Development #3: Streaming Responses in Real Time
Instead of waiting for the full response, stream it to the screen as it is generated. With messages.stream and text_stream, you sharply cut the perceived wait for the first characters to appear.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #6 Domain 2-2 Reliability — Backup, Restore, and Disaster Recovery (DR)
The sixth post of the SOA-C03 series covers data protection, the second axis of the reliability domain. It covers EBS snapshots and AMIs, RDS automated backups and snapshots, how to centrally manage backup policies with AWS Backup, the meaning of RPO and RTO, and the DR strategies that progress from backup to pilot light to warm standby to multi-site.
AWS Certified Developer - Associate (DVA-C02) #12 Domain 4-1 Troubleshooting and Optimization — Observability
The first post of the DVA-C02 troubleshooting domain. It covers, at the exam level, CloudWatch Logs (log groups,streams,Logs Insights) and Metrics (standard,custom,high-resolution), Alarms, X-Ray distributed tracing (segments,subsegments,service map,sampling), and how to extract metrics from logs with EMF (Embedded Metric Format). The key is the tools that trace failures and narrow down the cause.
Certified Kubernetes Administrator (CKA) #21 Helm and Kustomize: Managing Manifests
The twenty-first post in the Certified Kubernetes Administrator (CKA) series. We learn the two tools for managing manifests — Helm and Kustomize — with a focus on operational commands. Helm covers repo add/update, install/upgrade/rollback, value injection, and template rendering; Kustomize covers the base/overlays structure, patchesStrategicMerge, configMapGenerator, and kubectl apply -k. We lay out the difference between the two (template vs. overlay) in a table and pin down the CKA exam points.
Certified Kubernetes Application Developer (CKAD) #16 Resource Management: requests/limits, QoS Class, LimitRange
The sixteenth post in the Certified Kubernetes Application Developer (CKAD) series. It nails down requests and limits — which decide how much a Pod asks for and how much it may use — right down to the units, and shows how CPU throttling and memory OOMKilled diverge. We also work through the three QoS classes and eviction priority, plus LimitRange that enforces namespace defaults and ResourceQuota that caps the total, all with YAML examples.