All posts
Certified Kubernetes Administrator (CKA) #9 RBAC: Role/ClusterRole, RoleBinding, ServiceAccount, kubectl auth can-i
The ninth post in the Certified Kubernetes Administrator (CKA) series. We dig deep into RBAC — what decides who can do what — from an operator's perspective. We'll cover the combination rules of Role and ClusterRole, RoleBinding and ClusterRoleBinding, the structure of subjects (User/Group/ServiceAccount) and rules (apiGroups/resources/verbs), how to build them fast with kubectl create, how to verify permissions with kubectl auth can-i and --as, and the flow of wiring the user we created in [#8](/en/posts/cka-8) into RBAC.
Certified Kubernetes Application Developer (CKAD) #4 Container Images: Dockerfile, Multi-stage, and Building from Scratch on the Exam
The fourth post in the Certified Kubernetes Application Developer (CKAD) series. Some CKAD tasks require the full flow of building an image yourself, pushing it to a registry, and running it in a Pod. This post walks through the basic Dockerfile instructions and layer cache, how multi-stage builds slim an image down, the build/tag/push procedure with podman and buildah, the imagePullPolicy and the latest-tag trap, and the rules that map command/args onto ENTRYPOINT/CMD — all from a hands-on exam angle.
Certified Kubernetes Security Specialist (CKS) #2: NetworkPolicy in depth — default deny, ingress/egress (Cluster Setup)
The second post in the Certified Kubernetes Security Specialist (CKS) series. We cover network isolation, the heart of the Cluster Setup domain — from the all-allow default behavior when no NetworkPolicy exists, to the default deny pattern that blocks everything with podSelector and policyTypes, restricting ingress and egress separately, the trap where default deny egress breaks DNS and how to allow port 53, and the AND vs OR trap when combining namespaceSelector and podSelector. We build and verify it all firsthand with YAML and kubectl.
Python Automation #6: Scheduling — Making Scripts Run While You Sleep
How to make a finished automation script run on its own at a fixed time. We compare cron, launchd, Windows Task Scheduler, and APScheduler, keep run records with logging, get notified on failures, and cover GitHub Actions schedules.
Red Hat Certified Engineer (RHCE) #1: Exam Overview — the environment, time management, ansible-navigator vs ansible-playbook
The opening post of the Red Hat Certified Engineer (RHCE) series. Assuming you already hold RHCSA, we lay out the format and domains of the EX294 hands-on exam, the 210/300 passing score and 4-hour testing environment, the nature of the exam as Ansible automation, and the ansible-navigator vs ansible-playbook execution styles. This 19-part series targets an RHCE pass, wrapping up with a full-scale mock exam in #19.
What Is Web Accessibility? Building Services Everyone Can Use
This post explains, without any code, that web accessibility means building services anyone can use, whether or not they have a disability. It covers screen readers and alt text, keyboard navigation, and color contrast, through to why accessibility is a matter of quality, at a non-developer's level.
AWS Certified Solutions Architect - Associate (SAA-C03) #10 Domain 3-2 High-Performing Architectures — Caching
The second post of the SAA-C03 high-performing domain. It covers the difference between ElastiCache's Redis and Memcached, DAX for accelerating DynamoDB, CloudFront for caching content close to users (edge , OAC , signed URLs), cache strategies (lazy loading , write-through), and storing sessions externally for stateless design.
Certified Kubernetes Administrator (CKA) #8 Certificate Management: PKI, kubeconfig, Certificate Renewal
The eighth post in the Certified Kubernetes Administrator (CKA) series. We cover the TLS certificates that underpin every bit of communication in the cluster: the PKI structure under /etc/kubernetes/pki and who trusts whom, the clusters/users/contexts layout of kubeconfig, the procedure for checking expiration with kubeadm certs check-expiration and renewing with kubeadm certs renew all, and the flow for issuing user certificates with a CertificateSigningRequest — all of it drilled into your hands.
Certified Kubernetes Application Developer (CKAD) #3 Multi-container Patterns: Init container, sidecar, ambassador, adapter
The third post in the Certified Kubernetes Application Developer (CKAD) series. It covers the collaboration patterns that arise when a single Pod holds multiple containers. We will build, with kubectl commands and YAML examples, the init container that guarantees sequential execution, the sidecar that runs alongside the main container, the ambassador that abstracts outbound connections, and the adapter that standardizes output format. It also covers emptyDir volume sharing and shared process namespace from a hands-on exam perspective.
Certified Kubernetes Security Specialist (CKS) #1: The Exam Environment — CKA prerequisite, tools, time management
The opening post of the Certified Kubernetes Security Specialist (CKS) series. We lay out the structure of the 2-hour hands-on security exam that assumes you already hold CKA, the weight of the six domains, the 67% passing line, and the testing environment — then map out the big picture of the security tools the exam covers (kube-bench, AppArmor, seccomp, OPA/Gatekeeper, Falco, Trivy, cosign) and a strategy for using the docs. This 20-part series targets a CKS pass, wrapping up with a hands-on mock exam in #20.
MIT vs. GPL vs. Apache: Open-Source Licenses Made Simple
This post explains, without any code, that "free" in open source comes with conditions. It covers how the leading licenses — MIT, Apache, and GPL — differ on commercial use and the duty to publish your source, and what to check when you bring one into a product, at a non-developer's level.
Python Automation #5: Reporting Results — Email, Slack, and Discord Notifications
The last piece of automation is reporting. Send Slack and Discord notifications with a single httpx POST, email Excel attachments with smtplib, and keep tokens out of your code with a .env file.