All posts
Red Hat Certified Engineer (RHCE) #12 Collection: Galaxy, Automation Hub
Part 12 of the Red Hat Certified Engineer (RHCE) series. We cover the concept of an Ansible collection and FQCN (namespace.collection.module), how to install collections and roles with ansible-galaxy, the way to install dependencies in bulk with requirements.yml, the difference between Galaxy and Automation Hub, and the collections_path setting in ansible.cfg — all from a hands-on exam point of view. We work through the exam staple of downloading a collection with requirements.yml and using it via FQCN as a worked example.
Red Hat Certified System Administrator (RHCSA) #9 System Operations: chronyd, journald, cron, systemd timer, tuned
The ninth post in the Red Hat Certified System Administrator (RHCSA) series. We set system time with timedatectl and chronyd, read and persist logs with journald and rsyslog, schedule jobs with cron and systemd timers, and tune system profiles with tuned — the operational tasks, organized around the commands you actually type on the exam.
What Is a Domain, and Why Do You Need One? Nameservers and DNS Records
What a domain is, why you need a name when you already have an IP address, and what the nameservers and DNS records that make that name actually work are — explained at a concept level, without code. The hands-on setup is covered in a separate practical post.
LLM App Development #1: Your First API Call and Environment Setup
What makes an LLM app different from a typical backend, and a walkthrough from issuing an Anthropic API key to getting your first response with the Python SDK. The starting point of the series.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #4 Domain 1-3 Monitoring — Automated Recovery and Performance Optimization
The fourth post of the SOA-C03 series covers automated responses after detection. It covers how EventBridge reacts to events, how to automate recovery with Systems Manager Automation runbooks, EC2 automated recovery and Auto Scaling self-healing, and the flow of diagnosing performance bottlenecks with Compute Optimizer and CloudWatch while optimizing cost along the way.
AWS Certified Developer - Associate (DVA-C02) #10 Domain 3-2 Deployment — IaC and Serverless Deployment
The second post of the DVA-C02 deployment domain. It covers, at the exam level, CloudFormation's template structure (Resources,Parameters,Mappings,Outputs), stacks,change sets,drift, nested stacks, SAM's template and sam deploy,sam local that simplify serverless deployment, and Elastic Beanstalk's deployment policies (All at once,Rolling,Immutable) along with .ebextensions.
Build an Online Shop with Next.js #5: Order Confirmation and Deployment
Close the user flow with an order confirmation page and deploy to Vercel to put the shop on the real internet. We wrap up by examining the limits of in-memory storage and exactly what needs fixing before this could become a production service.
Certified Kubernetes Administrator (CKA) #19 Networking 2: Ingress, IngressClass, TLS
The nineteenth post in the Certified Kubernetes Administrator (CKA) series. We cover how to consolidate host- and path-based routing and TLS termination — things Service alone cannot solve — into Ingress. From an operations angle, we work through Ingress rules (pathType Prefix/Exact, rules/backend, defaultBackend), IngressClass that separates multiple controllers, the Ingress Controller that must exist for Ingress to do anything, and the TLS section that references a Secret.
Certified Kubernetes Application Developer (CKAD) #14 ServiceAccount and RBAC (App Perspective)
Part 14 of the Certified Kubernetes Application Developer (CKAD) series. When an app running inside a Pod calls the Kubernetes API, what identity does it authenticate as and what permissions does it get authorized for — this post lays that out from the ServiceAccount and RBAC angle. You will get hands-on with automatic SA token mounting and turning it off, granting permissions with Role and RoleBinding, and verifying with kubectl auth can-i.
Certified Kubernetes Security Specialist (CKS) #12 Pod-to-Pod mTLS: Cilium
The twelfth post of the Certified Kubernetes Security Specialist (CKS) series. As the final topic of the Minimize Microservice Vulnerabilities domain, it covers the problem that Pod-to-Pod traffic is plaintext by default and the need for encryption in transit. We organize, concept-first, the sidecar mTLS model of Service Mesh (Istio/Linkerd), Cilium's transparent encryption (WireGuard/IPsec) and its mTLS direction, the difference between NetworkPolicy (L3/L4) and mTLS (encryption/identity), and why in-transit encryption matters from a CKS perspective.
How Are Online Payments Processed? Payment Gateways, Authorization, and Settlement Made Simple
This post explains, without any code, what happens in the few seconds after you press the pay button in online shopping. It covers what a payment gateway does, the difference between authorization and settlement, and who actually holds your card information, all at a non-developer's level.
How Does "Sign in with Google" Work? OAuth Made Simple
This post explains, without any code, whether a service learns your password when you log in with Google, and how social login works. It covers the principle of not handing over your password, OAuth and the consent screen, and the information received via a token, at a non-developer's level.