All posts
Certified Kubernetes Security Specialist (CKS) #5: ServiceAccount token management, restricting API access, cluster upgrades
The fifth post in the Certified Kubernetes Security Specialist (CKS) series. It covers ServiceAccount token management, a frequent topic in the Cluster Hardening domain. We work through setting automountServiceAccountToken to false to block unnecessary token mounts, the expiration and audience of bound ServiceAccount tokens, and the difference between legacy Secret tokens and projected tokens. Then we shrink the API access surface by disabling anonymous-auth and protecting the kubelet API, and finish with cluster upgrades for applying security patches.
How Apps and the Web Differ — Native, Web Apps, and App Store Review
A code-free explanation of how native apps, the web, and hybrid apps differ — and why an app requires installation and store review while the web opens with just an address.
How Do Web Fonts Work? Why Fonts Break and Why Licensing Matters
This post explains, without any code, how fonts appear on the screen on the web, why they sometimes break, and why fonts come with licenses too. It covers how web fonts work, loading performance, and font licensing, at a non-developer's level.
Python Data Analysis #2: Loading Data — CSV, Excel, and First Exploration
The encoding, sep, and dtype arguments of read_csv and the legacy-codepage trap, sheet selection in read_excel, and the routine of checking your data with head, info, and describe right after loading.
Red Hat Certified Engineer (RHCE) #4 Ad-hoc commands: running modules on the spot
The fourth post in the Red Hat Certified Engineer (RHCE) series. We lay out the ad-hoc structure for running modules on the spot with the ansible command, the frequently used modules such as ping, command, shell, copy, file, dnf, service, user, and lineinfile, host patterns, become, and how to look up options with ansible-doc — all worked through with examples.
Red Hat Certified System Administrator (RHCSA) #1: The Exam — EX200 format, environment, study strategy
The opening post of the Red Hat Certified System Administrator (RHCSA) series. We lay out the format and domains of the EX200 hands-on exam, the 210/300 passing line, the testing environment where you work with man pages only and no internet, and the study strategy that turns the feel you built on the [RHEL operations track](/en/posts/rhel-basics-1) into hands-on exam results. This 16-part series targets an RHCSA pass, wrapping up with a full-scale mock exam in #16.
AWS Certified Developer - Associate (DVA-C02) #2 Domain 1-1 Development with AWS Services — Lambda Deep Dive
The first post of the DVA-C02 development domain. It covers Lambda's execution model across three invocation types — synchronous, asynchronous, and stream polling — along with concurrency (reserved concurrency, provisioned concurrency) and throttling, environment variables and layers, cold starts, idempotency, and failure handling via destinations and DLQs, all at the exam level. The development domain carries the largest weight at 32%, and Lambda sits at its center.
AWS Certified Solutions Architect - Associate (SAA-C03) #13 Domain 4-1 Cost Optimization — Pricing Models
The first post of the SAA-C03 cost optimization domain. It reorganizes EC2 purchasing options from a cost perspective (Reserved Standard/Convertible, Compute/EC2 Instance Savings Plans, Spot), the cost structure of S3, data transfer costs (inbound , outbound , cross-AZ/region) and how to reduce them, and architecture choices that lower cost.
Certified Kubernetes Administrator (CKA) #11 Workloads 2: DaemonSet, StatefulSet, Job, CronJob
The eleventh post in the Certified Kubernetes Administrator (CKA) series. We organize the four workloads that Deployment can't cover: the DaemonSet that runs exactly one Pod per node, the StatefulSet with stable IDs, ordering, a headless Service, and volumeClaimTemplates, the Job that runs toward completion, and the CronJob that stamps out Jobs on a schedule — all drilled hands-on with YAML and kubectl.
Certified Kubernetes Application Developer (CKAD) #6 Workloads 2: DaemonSet, StatefulSet
The sixth post in the Certified Kubernetes Application Developer (CKAD) series. It covers the workload controllers beyond Deployment — DaemonSet and StatefulSet — from a hands-on perspective. We will build the DaemonSet that places one Pod on every node, and the StatefulSet that needs a stable network ID and ordering guarantees, in YAML all the way down to the headless Service and volumeClaimTemplates.
Certified Kubernetes Security Specialist (CKS) #4: RBAC least privilege in depth (Cluster Hardening)
The fourth post in the Certified Kubernetes Security Specialist (CKS) series. On top of the RBAC you learned in CKA, we layer the principle of least privilege and go deep, from a security angle, on how to find and narrow Roles that are too broad. We cover the danger of wildcard verb/resource, removing default ServiceAccount permissions, cutting ClusterRoleBinding overuse down with RoleBinding, the gotchas of aggregated ClusterRole, identifying dangerous permissions like secrets get, pods/exec, escalate, bind, and impersonate, and the flow of verifying narrowed permissions with kubectl auth can-i --as.
How Does Email Get Delivered? SMTP, Spam Filters, and SPF/DKIM
This post explains, without any code, how email reaches the recipient and why some mail is classified as spam. It covers the relay between mail servers, the SPF and DKIM that verify the sender, and how a spam filter decides, at a non-developer's level.