All posts

AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB

The first post of the SAA-C03 resilience domain. It covers high-availability design using Availability Zones (AZ), the makeup of Auto Scaling groups and their scaling policies (target tracking , step , scheduled , predictive), the three types of ELB (ALB , NLB , GLB) and how to choose between them, the structure that automatically replaces failed instances via health checks, and cross-zone load balancing.

Certified Kubernetes Administrator (CKA) #4 Installing a Cluster with kubeadm: Bootstrapping a Single Control Plane
10 min read

Certified Kubernetes Administrator (CKA) #4 Installing a Cluster with kubeadm: Bootstrapping a Single Control Plane

Part 4 of the Certified Kubernetes Administrator (CKA) series. We stand up a Kubernetes cluster from scratch on a bare Linux machine with kubeadm. From the prerequisites — disabling swap, loading kernel modules, installing containerd — through bootstrapping the control plane with kubeadm init, installing a CNI to bring the node to Ready, and attaching workers with kubeadm join, we walk the whole path command by command.

Python Automation #1: Ending Repetitive Work — First Scripts and File Organizing
6 min read

Python Automation #1: Ending Repetitive Work — First Scripts and File Organizing

Learn the basic shape of an automation script by building a downloads-folder organizer in Python. We sort and move files with pathlib, add a dry-run safety net, and wire up argparse arguments — one full cycle from start to finish.

AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager

The final post of the SAA-C03 security domain. It covers application-layer protection and credential management: WAF web ACLs and rules (SQLi , XSS , rate , geo), the difference between Shield Standard and Advanced, the role distinction between Cognito User Pool (authentication) and Identity Pool (temporary AWS credentials), and a comparison of Secrets Manager and Parameter Store.

Certified Kubernetes Administrator (CKA) #3 Cluster Architecture 2: Node (kubelet/kube-proxy/CRI), the Pod Networking Model
12 min read

Certified Kubernetes Administrator (CKA) #3 Cluster Architecture 2: Node (kubelet/kube-proxy/CRI), the Pod Networking Model

The third post in the Certified Kubernetes Administrator (CKA) series. Once the control plane makes a decision, the actual containers run on the nodes. We lay out the roles of the three node components — kubelet, kube-proxy, and the container runtime — and the CRI interface, then look from an operations angle at the Kubernetes Pod networking model where every Pod communicates without NAT, and at where the CNI plugin fits in.

Python Testing #7: Running Tests in CI — People Forget, Machines Don't
5 min read

Python Testing #7: Running Tests in CI — People Forget, Machines Don't

Build a CI workflow that runs pytest automatically with GitHub Actions. Covers uv caching, a Python version matrix, coverage comments on PRs, pre-commit, and separating slow tests to wrap up the series.

AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security

The third post of the SAA-C03 security domain. It covers network-boundary security: the difference between security groups and network ACLs (stateful vs. stateless) and how rules are evaluated, the two kinds of VPC Endpoint (Gateway , Interface) and how to choose between them, the structure for exposing a service privately with PrivateLink, bastion hosts and Systems Manager Session Manager, and VPC Flow Logs.

Certified Kubernetes Administrator (CKA) #2 Cluster Architecture 1: Control plane (apiserver/etcd/scheduler/controller-manager)
12 min read

Certified Kubernetes Administrator (CKA) #2 Cluster Architecture 1: Control plane (apiserver/etcd/scheduler/controller-manager)

The second post in the Certified Kubernetes Administrator (CKA) series. We look at how a cluster actually runs, starting from the control plane. We cover what kube-apiserver (the gateway for all communication), etcd (the cluster state store), kube-scheduler (the Pod placement decision), and kube-controller-manager (the reconciliation loop) each do, how the control plane runs as static Pods, and what happens to the cluster when a component dies — all from an operator's point of view.

How Development Teams Work — Agile, Sprints, and MVP
4 min read

How Development Teams Work — Agile, Sprints, and MVP

This post explains, without any code, what agile, sprints, and MVP mean. It unpacks why building in short, repeated cycles rather than all at once took hold, at a non-developer's level.

Python Testing #6: Test Design — Good Tests and How to Read Coverage
6 min read

Python Testing #6: Test Design — Good Tests and How to Read Coverage

Test design fundamentals from the AAA pattern and behavior-driven tests to test double terminology, dealing with flaky tests, and reading pytest-cov coverage numbers the right way.

AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption
7 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption

The second post of the SAA-C03 security domain. It covers KMS key types (AWS managed, customer managed, customer provided), how envelope encryption works, the difference between at-rest and in-transit encryption, the encryption options for S3, EBS, and RDS and how to encrypt resources that already exist, key policies and cross-account key sharing, and the difference from CloudHSM.

Certified Kubernetes Administrator (CKA) #1: The Exam Environment — alias and dry-run, vim/yq setup, time management
8 min read

Certified Kubernetes Administrator (CKA) #1: The Exam Environment — alias and dry-run, vim/yq setup, time management

The opening post of the Certified Kubernetes Administrator (CKA) series. We lay out the structure of the 2-hour hands-on exam, the weight of the five domains (Troubleshooting at 30% is the crux), the passing line, and the testing environment — then drill the setup (alias, dry-run, vim/yq, etcdctl, systemctl) that decides how your exam time runs. This 27-part series targets a CKA pass, wrapping up with a hands-on mock exam in #27.