#Certification

167 posts

Certified Kubernetes Application Developer (CKAD) #8 Deployment Strategies: Blue-green, Canary
9 min read

Certified Kubernetes Application Developer (CKAD) #8 Deployment Strategies: Blue-green, Canary

The eighth post in the Certified Kubernetes Application Developer (CKAD) series. Implement zero-downtime deployment strategies by hand with nothing but Deployment, Service, and labels — no managed deployment tooling. We review rolling update and recreate, build instant cutover and rollback with blue-green, and implement traffic splitting through replicas ratios with canary.

Certified Kubernetes Security Specialist (CKS) #6: AppArmor profiles (System Hardening)
11 min read

Certified Kubernetes Security Specialist (CKS) #6: AppArmor profiles (System Hardening)

The sixth post in the Certified Kubernetes Security Specialist (CKS) series. We cover how to restrict a container's file and capability access at the kernel level with AppArmor, the Linux MAC. We work through the difference between enforce and complain modes, writing a profile with deny rules, loading it onto a node with apparmor_parser and confirming with aa-status, the two ways of attaching it to a Pod (1.30+ securityContext.appArmorProfile and the older annotation), and verifying with exec that the profile actually blocks.

Red Hat Certified Engineer (RHCE) #5: Playbook Basics — task, handler, idempotency
11 min read

Red Hat Certified Engineer (RHCE) #5: Playbook Basics — task, handler, idempotency

The fifth post in the Red Hat Certified Engineer (RHCE) series. We work through the YAML structure of a playbook and the play/task relationship, writing module tasks and the recommendation to name them, the handler-and-notify pattern that runs once at the end only when something changed, the idempotency that surfaces through changed and ok, the idempotency stopgaps for command/shell (creates/removes), and ansible-playbook versus ansible-navigator run plus --check/--diff/--syntax-check — all from a hands-on exam point of view.

Red Hat Certified System Administrator (RHCSA) #2 Essential Tools: bash, vi, redirection, find/grep, archive, ssh
14 min read

Red Hat Certified System Administrator (RHCSA) #2 Essential Tools: bash, vi, redirection, find/grep, archive, ssh

The second post in the Red Hat Certified System Administrator (RHCSA) series. We cover the shell fundamentals that everything else is built on — input/output redirection and pipes, finding and processing matching files with find and grep, text processing with less,sort,sed,awk, the modes and search-and-replace of the vi editor, tar,gzip archiving, remote work with ssh and scp, and how to wield man pages as a weapon in an exam room with no internet — all with command examples.

AWS Certified Developer - Associate (DVA-C02) #3 Domain 1-2 Development with AWS Services — API Gateway
5 min read

AWS Certified Developer - Associate (DVA-C02) #3 Domain 1-2 Development with AWS Services — API Gateway

The second post of the DVA-C02 development domain. It covers the difference between API Gateway's REST API and HTTP API, Lambda proxy integration, the three authentication methods (IAM, Cognito authorizer, Lambda authorizer), throttling and usage plans/API keys, caching, stages and stage variables, and CORS, all at the exam level. API Gateway is the gateway to serverless APIs and appears in the development domain second only to Lambda.

AWS Certified Solutions Architect - Associate (SAA-C03) #14 Domain 4-2 Cost Optimization — Cost Monitoring
4 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #14 Domain 4-2 Cost Optimization — Cost Monitoring

The final post of the SAA-C03 cost optimization domain. It covers Cost Explorer for analyzing and forecasting cost, AWS Budgets for alerting on budget overruns, CUR as the most detailed billing data, Trusted Advisor for checking cost , security , performance, Compute Optimizer for right-sizing recommendations, and how to manage multi-account cost with consolidated billing and cost allocation tags.

Certified Kubernetes Application Developer (CKAD) #7 Workloads 3: Job, CronJob (Backoff, Concurrency)
10 min read

Certified Kubernetes Application Developer (CKAD) #7 Workloads 3: Job, CronJob (Backoff, Concurrency)

The seventh post in the Certified Kubernetes Application Developer (CKAD) series. It covers Job, which handles run-once batch work, and CronJob, which runs that work on a schedule, from a hands-on exam perspective. We will build completions, parallelism, backoffLimit, activeDeadlineSeconds, restartPolicy, and ttlSecondsAfterFinished, along with CronJob's schedule, concurrencyPolicy, startingDeadlineSeconds, and suspend, directly with YAML and kubectl.

Certified Kubernetes Security Specialist (CKS) #5: ServiceAccount token management, restricting API access, cluster upgrades
11 min read

Certified Kubernetes Security Specialist (CKS) #5: ServiceAccount token management, restricting API access, cluster upgrades

The fifth post in the Certified Kubernetes Security Specialist (CKS) series. It covers ServiceAccount token management, a frequent topic in the Cluster Hardening domain. We work through setting automountServiceAccountToken to false to block unnecessary token mounts, the expiration and audience of bound ServiceAccount tokens, and the difference between legacy Secret tokens and projected tokens. Then we shrink the API access surface by disabling anonymous-auth and protecting the kubelet API, and finish with cluster upgrades for applying security patches.

Red Hat Certified Engineer (RHCE) #4 Ad-hoc commands: running modules on the spot
8 min read

Red Hat Certified Engineer (RHCE) #4 Ad-hoc commands: running modules on the spot

The fourth post in the Red Hat Certified Engineer (RHCE) series. We lay out the ad-hoc structure for running modules on the spot with the ansible command, the frequently used modules such as ping, command, shell, copy, file, dnf, service, user, and lineinfile, host patterns, become, and how to look up options with ansible-doc — all worked through with examples.

Red Hat Certified System Administrator (RHCSA) #1: The Exam — EX200 format, environment, study strategy
6 min read

Red Hat Certified System Administrator (RHCSA) #1: The Exam — EX200 format, environment, study strategy

The opening post of the Red Hat Certified System Administrator (RHCSA) series. We lay out the format and domains of the EX200 hands-on exam, the 210/300 passing line, the testing environment where you work with man pages only and no internet, and the study strategy that turns the feel you built on the [RHEL operations track](/en/posts/rhel-basics-1) into hands-on exam results. This 16-part series targets an RHCSA pass, wrapping up with a full-scale mock exam in #16.

AWS Certified Developer - Associate (DVA-C02) #2 Domain 1-1 Development with AWS Services — Lambda Deep Dive
7 min read

AWS Certified Developer - Associate (DVA-C02) #2 Domain 1-1 Development with AWS Services — Lambda Deep Dive

The first post of the DVA-C02 development domain. It covers Lambda's execution model across three invocation types — synchronous, asynchronous, and stream polling — along with concurrency (reserved concurrency, provisioned concurrency) and throttling, environment variables and layers, cold starts, idempotency, and failure handling via destinations and DLQs, all at the exam level. The development domain carries the largest weight at 32%, and Lambda sits at its center.

AWS Certified Solutions Architect - Associate (SAA-C03) #13 Domain 4-1 Cost Optimization — Pricing Models
4 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #13 Domain 4-1 Cost Optimization — Pricing Models

The first post of the SAA-C03 cost optimization domain. It reorganizes EC2 purchasing options from a cost perspective (Reserved Standard/Convertible, Compute/EC2 Instance Savings Plans, Spot), the cost structure of S3, data transfer costs (inbound , outbound , cross-AZ/region) and how to reduce them, and architecture choices that lower cost.