All posts

Certified Kubernetes Application Developer (CKAD) #17 Volumes: emptyDir, PVC, projected, ephemeral
9 min read

Certified Kubernetes Application Developer (CKAD) #17 Volumes: emptyDir, PVC, projected, ephemeral

The seventeenth post in the Certified Kubernetes Application Developer (CKAD) series. Starting from the volatility of a container filesystem, it works through emptyDir and hostPath, the dynamic provisioning of PersistentVolumeClaim and StorageClass, the projected volume that bundles secret, configMap, and downwardAPI into one directory, and the generic ephemeral volume — all with hands-on YAML examples.

Certified Kubernetes Security Specialist (CKS) #15 Image signing: cosign, SBOM
11 min read

Certified Kubernetes Security Specialist (CKS) #15 Image signing: cosign, SBOM

The fifteenth post in the Certified Kubernetes Security Specialist (CKS) series. The only way to trust an image entering your cluster is to verify a signature that proves its origin. We walk through creating and verifying both key-based and keyless (OIDC) signatures with sigstore's cosign, generating an SBOM (SPDX/CycloneDX) with syft to track components, and closing the supply chain by blocking unsigned images at admission — all with command examples.

DNS Records Setup in Practice — Connecting a Domain to a Server or the Cloud (A, CNAME, apex, TTL)
8 min read

DNS Records Setup in Practice — Connecting a Domain to a Server or the Cloud (A, CNAME, apex, TTL)

A hands-on guide to connecting a domain to an actual server or the cloud. Nameserver delegation, real values for A/AAAA/CNAME/MX/TXT records, the apex domain problem and its fixes, TTL and propagation, how to check with dig, and common mistakes — covering both self-managed Linux and managed cloud side by side.

How Does Home Wi-Fi Work? Routers, Public vs Private IP, 2.4GHz and 5GHz
6 min read

How Does Home Wi-Fi Work? Routers, Public vs Private IP, 2.4GHz and 5GHz

Your home has one internet line, yet your phone, laptop, and TV are all online at once — the secret is the router. Public vs private IP addresses, how NAT works, the difference between 2.4GHz and 5GHz, and what your Wi-Fi password actually does, explained for non-developers.

Kubernetes and Cloud Native Associate (KCNA) #6: Cloud Native Observability (8%) — Telemetry, Prometheus, Cost Management
11 min read

Kubernetes and Cloud Native Associate (KCNA) #6: Cloud Native Observability (8%) — Telemetry, Prometheus, Cost Management

The three pillars of telemetry (metrics, logs, traces), Prometheus pull-based metric collection with PromQL, Alertmanager, and Grafana, OpenTelemetry and distributed tracing, SLI/SLO/SLA and the golden signals, and FinOps cost management — a walk through KCNA Domain 4.

Red Hat Certified Engineer (RHCE) #14 RHCSA Automation 1: Users/Groups, Packages/Repositories
9 min read

Red Hat Certified Engineer (RHCE) #14 RHCSA Automation 1: Users/Groups, Packages/Repositories

The fourteenth post in the Red Hat Certified Engineer (RHCE) series. We automate the user/group creation and package/repository management you did by hand in RHCSA with Ansible modules. We work through the user and group modules, passwords handled safely with password_hash and Vault, the dnf module and module streams, the yum_repository module, and the exam-favorite pattern of creating many users at once with loop.

Red Hat Certified System Administrator (RHCSA) #11 Users/Groups: UID/GID, sudo, ACL, password policy
11 min read

Red Hat Certified System Administrator (RHCSA) #11 Users/Groups: UID/GID, sudo, ACL, password policy

The eleventh post in the Red Hat Certified System Administrator (RHCSA) series. We organize it around the exact tasks RHCSA puts on the practical exam: creating users with useradd and usermod and assigning UID/GID, groupadd and supplementary groups, granting sudo rights through /etc/sudoers and visudo, setting per-file ACLs with setfacl, and pinning down password expiry policy with chage.

LLM App Development #3: Streaming Responses in Real Time
6 min read

LLM App Development #3: Streaming Responses in Real Time

Instead of waiting for the full response, stream it to the screen as it is generated. With messages.stream and text_stream, you sharply cut the perceived wait for the first characters to appear.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #6 Domain 2-2 Reliability — Backup, Restore, and Disaster Recovery (DR)
6 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #6 Domain 2-2 Reliability — Backup, Restore, and Disaster Recovery (DR)

The sixth post of the SOA-C03 series covers data protection, the second axis of the reliability domain. It covers EBS snapshots and AMIs, RDS automated backups and snapshots, how to centrally manage backup policies with AWS Backup, the meaning of RPO and RTO, and the DR strategies that progress from backup to pilot light to warm standby to multi-site.

AWS Certified Developer - Associate (DVA-C02) #12 Domain 4-1 Troubleshooting and Optimization — Observability
4 min read

AWS Certified Developer - Associate (DVA-C02) #12 Domain 4-1 Troubleshooting and Optimization — Observability

The first post of the DVA-C02 troubleshooting domain. It covers, at the exam level, CloudWatch Logs (log groups,streams,Logs Insights) and Metrics (standard,custom,high-resolution), Alarms, X-Ray distributed tracing (segments,subsegments,service map,sampling), and how to extract metrics from logs with EMF (Embedded Metric Format). The key is the tools that trace failures and narrow down the cause.

Certified Kubernetes Administrator (CKA) #21 Helm and Kustomize: Managing Manifests
9 min read

Certified Kubernetes Administrator (CKA) #21 Helm and Kustomize: Managing Manifests

The twenty-first post in the Certified Kubernetes Administrator (CKA) series. We learn the two tools for managing manifests — Helm and Kustomize — with a focus on operational commands. Helm covers repo add/update, install/upgrade/rollback, value injection, and template rendering; Kustomize covers the base/overlays structure, patchesStrategicMerge, configMapGenerator, and kubectl apply -k. We lay out the difference between the two (template vs. overlay) in a table and pin down the CKA exam points.

Certified Kubernetes Application Developer (CKAD) #16 Resource Management: requests/limits, QoS Class, LimitRange
8 min read

Certified Kubernetes Application Developer (CKAD) #16 Resource Management: requests/limits, QoS Class, LimitRange

The sixteenth post in the Certified Kubernetes Application Developer (CKAD) series. It nails down requests and limits — which decide how much a Pod asks for and how much it may use — right down to the units, and shows how CPU throttling and memory OOMKilled diverge. We also work through the three QoS classes and eviction priority, plus LimitRange that enforces namespace defaults and ResourceQuota that caps the total, all with YAML examples.