All posts

Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling
13 min read

Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling

A rundown of the Kubernetes API object model (apiVersion, kind, metadata, spec, status) and the declarative vs. imperative styles, container images and runtimes, the kube-scheduler scheduling process (nodeSelector, affinity, taint), and how to inject configuration with ConfigMap and Secret. This wraps up the back half of Domain 1, Kubernetes Fundamentals (46%).

Python's JIT Compiler: From the 3.13 Experiment to Realistic Expectations
7 min read

Python's JIT Compiler: From the 3.13 Experiment to Realistic Expectations

A look at the experimental copy-and-patch JIT compiler that landed in CPython 3.13. How it works, how to enable it, what changed in 3.14, and what you can realistically expect from it today.

Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles
9 min read

Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles

Part 11 of the Red Hat Certified Engineer (RHCE) series. We cover the standard role directory structure and ansible-galaxy role init, the difference between the roles key and include_role/import_role, why defaults sits at the lowest role variable precedence, and the dependencies in meta/main.yml plus roles_path. We practice the exam-favorite flow of writing a role and calling it from a playbook with worked examples.

Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream
9 min read

Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream

The eighth post in the Red Hat Certified System Administrator (RHCSA) series. We cover installing, removing, and searching packages with dnf, adding repositories, and working with AppStream module streams and profiles. From RHCSA staples like adding a specific repository and installing from it, all the way to switching module streams — all walked through with command examples.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent
6 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent

The third post in the SOA-C03 series covers the log side of CloudWatch. It covers the structure of log groups and log streams, retention periods and cost, how to collect logs and OS metrics with the CloudWatch Agent, metric filters that extract metrics from logs, Logs Insights queries, and subscription filters that deliver logs in real time.

AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD
4 min read

AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD

The first post of the DVA-C02 deployment domain. It covers the division of roles among the AWS developer tools (CodeCommit,CodeBuild,CodeDeploy,CodePipeline,CodeArtifact), along with CodeBuild's buildspec.yml phases and environment variables, CodeDeploy's appspec.yml with deployment groups and lifecycle hooks, and CodePipeline's stage composition and artifact flow at the exam level. The key is knowing which tool does what.

Build an Online Shop with Next.js #4: Checkout and Payment Simulation
9 min read

Build an Online Shop with Next.js #4: Checkout and Payment Simulation

Create orders with Server Actions and simulate success/failure with a fake payment gateway. We also cover practical patterns for handling form state with useActionState and useFormStatus.

Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)
10 min read

Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)

Part 18 of the Certified Kubernetes Administrator (CKA) series. We follow the flow where a Service uses a selector to pick Pods, builds Endpoints, and kube-proxy turns those into node-level rules. We cover the four types — ClusterIP, NodePort, LoadBalancer, ExternalName — the distinction between port/targetPort/nodePort, headless Services, k expose, and the operational instinct for tracing the cause through Endpoints when a Service stops working.

Certified Kubernetes Application Developer (CKAD) #13 ConfigMap and Secret in Depth: volume vs env, Auto-Refresh
9 min read

Certified Kubernetes Application Developer (CKAD) #13 ConfigMap and Secret in Depth: volume vs env, Auto-Refresh

The thirteenth post in the Certified Kubernetes Application Developer (CKAD) series. We create ConfigMaps and Secrets that pull configuration and sensitive data out of code, and cover the three ways to inject them — env (valueFrom , envFrom) and volume mounts — in exam-task format. In particular, we drill the difference that env stays fixed until the Pod restarts while a volume auto-refreshes after a delay.

Certified Kubernetes Security Specialist (CKS) #11: Isolation — gVisor, Kata Containers, RuntimeClass
10 min read

Certified Kubernetes Security Specialist (CKS) #11: Isolation — gVisor, Kata Containers, RuntimeClass

The eleventh post in the Certified Kubernetes Security Specialist (CKS) series. We pin down the root problem that container isolation is weak because containers share the host kernel, and lay out the sandbox runtimes that make up for it. We compare how gVisor (runsc), which intercepts system calls with a user-space kernel, and Kata Containers, which separates workloads in lightweight VMs, each work; how to declare a handler with RuntimeClass and apply it via a Pod's runtimeClassName; the trade-offs between security and performance/compatibility; and finally the RuntimeClass creation and Pod assignment tasks that show up often on the exam, building them by hand.

How Do Push Notifications Reach My Phone? Push Tokens and the Delivery Flow
4 min read

How Do Push Notifications Reach My Phone? Push Tokens and the Delivery Flow

This post explains, without any code, how a push notification reaches exactly your phone. It covers why the app doesn't send directly but goes through Apple's and Google's push servers, how a push token works as an address, and when permissions and tokens change, at a non-developer's level.

Kubernetes and Cloud Native Associate (KCNA) #2: Kubernetes Fundamentals 1 — Architecture and Core Resources
12 min read

Kubernetes and Cloud Native Associate (KCNA) #2: Kubernetes Fundamentals 1 — Architecture and Core Resources

The second post in the KCNA series. The first half of Domain 1, the largest at 46%, covering the components of the control plane and worker nodes (kube-apiserver, etcd, kube-scheduler, controller-manager, kubelet, kube-proxy, container runtime), the declarative model and the reconciliation loop, and the core resources Pod, ReplicaSet, Deployment, Service, and Namespace.