All posts
Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling
A rundown of the Kubernetes API object model (apiVersion, kind, metadata, spec, status) and the declarative vs. imperative styles, container images and runtimes, the kube-scheduler scheduling process (nodeSelector, affinity, taint), and how to inject configuration with ConfigMap and Secret. This wraps up the back half of Domain 1, Kubernetes Fundamentals (46%).
Python's JIT Compiler: From the 3.13 Experiment to Realistic Expectations
A look at the experimental copy-and-patch JIT compiler that landed in CPython 3.13. How it works, how to enable it, what changed in 3.14, and what you can realistically expect from it today.
Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles
Part 11 of the Red Hat Certified Engineer (RHCE) series. We cover the standard role directory structure and ansible-galaxy role init, the difference between the roles key and include_role/import_role, why defaults sits at the lowest role variable precedence, and the dependencies in meta/main.yml plus roles_path. We practice the exam-favorite flow of writing a role and calling it from a playbook with worked examples.
Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream
The eighth post in the Red Hat Certified System Administrator (RHCSA) series. We cover installing, removing, and searching packages with dnf, adding repositories, and working with AppStream module streams and profiles. From RHCSA staples like adding a specific repository and installing from it, all the way to switching module streams — all walked through with command examples.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent
The third post in the SOA-C03 series covers the log side of CloudWatch. It covers the structure of log groups and log streams, retention periods and cost, how to collect logs and OS metrics with the CloudWatch Agent, metric filters that extract metrics from logs, Logs Insights queries, and subscription filters that deliver logs in real time.
AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD
The first post of the DVA-C02 deployment domain. It covers the division of roles among the AWS developer tools (CodeCommit,CodeBuild,CodeDeploy,CodePipeline,CodeArtifact), along with CodeBuild's buildspec.yml phases and environment variables, CodeDeploy's appspec.yml with deployment groups and lifecycle hooks, and CodePipeline's stage composition and artifact flow at the exam level. The key is knowing which tool does what.
Build an Online Shop with Next.js #4: Checkout and Payment Simulation
Create orders with Server Actions and simulate success/failure with a fake payment gateway. We also cover practical patterns for handling form state with useActionState and useFormStatus.
Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)
Part 18 of the Certified Kubernetes Administrator (CKA) series. We follow the flow where a Service uses a selector to pick Pods, builds Endpoints, and kube-proxy turns those into node-level rules. We cover the four types — ClusterIP, NodePort, LoadBalancer, ExternalName — the distinction between port/targetPort/nodePort, headless Services, k expose, and the operational instinct for tracing the cause through Endpoints when a Service stops working.
Certified Kubernetes Application Developer (CKAD) #13 ConfigMap and Secret in Depth: volume vs env, Auto-Refresh
The thirteenth post in the Certified Kubernetes Application Developer (CKAD) series. We create ConfigMaps and Secrets that pull configuration and sensitive data out of code, and cover the three ways to inject them — env (valueFrom , envFrom) and volume mounts — in exam-task format. In particular, we drill the difference that env stays fixed until the Pod restarts while a volume auto-refreshes after a delay.
Certified Kubernetes Security Specialist (CKS) #11: Isolation — gVisor, Kata Containers, RuntimeClass
The eleventh post in the Certified Kubernetes Security Specialist (CKS) series. We pin down the root problem that container isolation is weak because containers share the host kernel, and lay out the sandbox runtimes that make up for it. We compare how gVisor (runsc), which intercepts system calls with a user-space kernel, and Kata Containers, which separates workloads in lightweight VMs, each work; how to declare a handler with RuntimeClass and apply it via a Pod's runtimeClassName; the trade-offs between security and performance/compatibility; and finally the RuntimeClass creation and Pod assignment tasks that show up often on the exam, building them by hand.
How Do Push Notifications Reach My Phone? Push Tokens and the Delivery Flow
This post explains, without any code, how a push notification reaches exactly your phone. It covers why the app doesn't send directly but goes through Apple's and Google's push servers, how a push token works as an address, and when permissions and tokens change, at a non-developer's level.
Kubernetes and Cloud Native Associate (KCNA) #2: Kubernetes Fundamentals 1 — Architecture and Core Resources
The second post in the KCNA series. The first half of Domain 1, the largest at 46%, covering the components of the control plane and worker nodes (kube-apiserver, etcd, kube-scheduler, controller-manager, kubelet, kube-proxy, container runtime), the declarative model and the reconciliation loop, and the core resources Pod, ReplicaSet, Deployment, Service, and Namespace.