All posts

Python Data Analysis #1: Getting Started with pandas — Notebooks and the DataFrame
6 min read

Python Data Analysis #1: Getting Started with pandas — Notebooks and the DataFrame

pandas is the Python library for working with tabular data. We set up a notebook environment with uv, build Series and DataFrame objects by hand, and kick off this seven-part data analysis series.

Red Hat Certified Engineer (RHCE) #3: Config Files and Connectivity — ansible.cfg, ssh, become
10 min read

Red Hat Certified Engineer (RHCE) #3: Config Files and Connectivity — ansible.cfg, ssh, become

The third post in the Red Hat Certified Engineer (RHCE) series. We lay out the lookup precedence and key settings of ansible.cfg, which governs how Ansible behaves, the procedure for setting up SSH key-based connections with ssh-copy-id, and how to escalate privileges with become. We build a per-project ansible.cfg and become configuration by hand — a perennial exam favorite — and check the connection.

AWS Certified Developer - Associate (DVA-C02) #1 Exam Introduction — Exam Structure and Study Roadmap
5 min read

AWS Certified Developer - Associate (DVA-C02) #1 Exam Introduction — Exam Structure and Study Roadmap

The first post of the AWS Certified Developer - Associate (DVA-C02) series. It covers the exam structure (65 questions, 130 minutes, a 720 passing line), the weight and meaning of the four domains (Development 32% , Security 26% , Deployment 24% , Troubleshooting and Optimization 18%), how it differs from the Solutions Architect Associate (SAA-C03), and a study strategy that turns the hands-on feel built on the [AWS practical track](/en/posts/aws-basics-1-account-region-az) into exam questions from a developer's point of view. This 15-part series aims to help you pass DVA-C02, ending with a full-scale mock exam in #15.

AWS Certified Solutions Architect - Associate (SAA-C03) #12 Domain 3-4 High-Performing Architectures — Choosing a DB
4 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #12 Domain 3-4 High-Performing Architectures — Choosing a DB

The final post of the SAA-C03 high-performing domain. It covers the decisive difference between RDS's Multi-AZ (high availability) and read replicas (read scaling), cloud-native Aurora (auto storage scaling , Global , Serverless), NoSQL DynamoDB (capacity modes , global tables , DAX), Redshift for analytics, and the criteria for choosing a database by workload.

Certified Kubernetes Administrator (CKA) #10 Workloads 1: Deployment in Depth, ReplicaSet, Rolling Update and Rollback
10 min read

Certified Kubernetes Administrator (CKA) #10 Workloads 1: Deployment in Depth, ReplicaSet, Rolling Update and Rollback

The tenth post in the Certified Kubernetes Administrator (CKA) series. We look deep into the Deployment, the workload an operator handles most often. We walk through the Deployment→ReplicaSet→Pod hierarchy and the label selector that binds them, how to create and scale with kubectl, the conditions under which the rollingUpdate strategy (maxSurge/maxUnavailable) guarantees a zero-downtime update, and the rollback that lets you track versions and revert with kubectl rollout — all drilled until they are second nature.

Certified Kubernetes Application Developer (CKAD) #5 Workloads 1: Deployment, ReplicaSet, Rolling Update, and Rollback
10 min read

Certified Kubernetes Application Developer (CKAD) #5 Workloads 1: Deployment, ReplicaSet, Rolling Update, and Rollback

The fifth post in the Certified Kubernetes Application Developer (CKAD) series. We create a Deployment imperatively—the heart of app delivery—and lay out the relationship and scaling of Deployment, ReplicaSet, and Pod. We will get hands-on with the meaning of rollingUpdate's maxSurge and maxUnavailable, the flow of shipping a new version with kubectl set image, and the rollback scenario of tracking state with kubectl rollout and reverting a failed version with undo.

Certified Kubernetes Security Specialist (CKS) #3: CIS benchmark (kube-bench), component security, Ingress TLS, binary verification
11 min read

Certified Kubernetes Security Specialist (CKS) #3: CIS benchmark (kube-bench), component security, Ingress TLS, binary verification

The third post in the Certified Kubernetes Security Specialist (CKS) series. It covers the remaining half of the Cluster Setup domain — hardening the cluster itself. We get hands-on, with commands and manifests, on what the CIS Kubernetes benchmark is, how to inspect the control plane and nodes with kube-bench and read the PASS/FAIL/WARN results and apply remediation, the procedure for changing dangerous apiserver and kubelet flags to safe values, how to attach TLS to an Ingress, and the flow for verifying a downloaded binary with sha256sum.

How Are Domain Names Bought and Sold? Registration, WHOIS, and Renewal
4 min read

How Are Domain Names Bought and Sold? Registration, WHOIS, and Renewal

This post explains, without any code, how you buy, own, and keep a domain name, from a transactional angle. It covers why a domain is closer to a lease, what a registrar and WHOIS are, and what happens when you miss a renewal, at a non-developer's level.

Python Automation #7: Building Your Own Command — Packaging a CLI with typer and rich
5 min read

Python Automation #7: Building Your Own Command — Packaging a CLI with typer and rich

Closing out the series by bundling the automation scripts into a single CLI with typer, polishing the output with rich, and installing it with uv tool install as a command you can call from anywhere.

Red Hat Certified Engineer (RHCE) #2 Inventory: static, dynamic, group/host_vars
10 min read

Red Hat Certified Engineer (RHCE) #2 Inventory: static, dynamic, group/host_vars

The second post in the Red Hat Certified Engineer (RHCE) series. We work through the inventory that defines what Ansible operates on — static inventory in both INI and YAML form, groups and groups of groups (children), range notation, and the directory layout that splits variables into group_vars and host_vars. We also cover how to verify with ansible-inventory, the concept of dynamic inventory, and the task patterns that show up again and again on the exam.

AI, Machine Learning, and LLMs — The Big Picture for Non-Developers
4 min read

AI, Machine Learning, and LLMs — The Big Picture for Non-Developers

This post sorts out, without any code, how AI, machine learning, and LLMs differ and fit together. It covers what today's tools do well and poorly, and why they hallucinate, at a non-developer's level.

AWS Certified Solutions Architect - Associate (SAA-C03) #11 Domain 3-3 High-Performing Architectures — Choosing Storage
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #11 Domain 3-3 High-Performing Architectures — Choosing Storage

The third post of the SAA-C03 high-performing domain. It covers the distinction between block (EBS) , file (EFS , FSx) , object (S3) storage, EBS volume types (gp3 , io2 , st1 , sc1) and selection criteria, the use cases for EFS and FSx (Windows File Server , Lustre), and how to optimize cost with S3 storage classes (Standard , Intelligent-Tiering , IA , Glacier family) and lifecycle policies.