#Certification

167 posts

Certified Kubernetes Administrator (CKA) #11 Workloads 2: DaemonSet, StatefulSet, Job, CronJob
11 min read

Certified Kubernetes Administrator (CKA) #11 Workloads 2: DaemonSet, StatefulSet, Job, CronJob

The eleventh post in the Certified Kubernetes Administrator (CKA) series. We organize the four workloads that Deployment can't cover: the DaemonSet that runs exactly one Pod per node, the StatefulSet with stable IDs, ordering, a headless Service, and volumeClaimTemplates, the Job that runs toward completion, and the CronJob that stamps out Jobs on a schedule — all drilled hands-on with YAML and kubectl.

Certified Kubernetes Application Developer (CKAD) #6 Workloads 2: DaemonSet, StatefulSet
9 min read

Certified Kubernetes Application Developer (CKAD) #6 Workloads 2: DaemonSet, StatefulSet

The sixth post in the Certified Kubernetes Application Developer (CKAD) series. It covers the workload controllers beyond Deployment — DaemonSet and StatefulSet — from a hands-on perspective. We will build the DaemonSet that places one Pod on every node, and the StatefulSet that needs a stable network ID and ordering guarantees, in YAML all the way down to the headless Service and volumeClaimTemplates.

Certified Kubernetes Security Specialist (CKS) #4: RBAC least privilege in depth (Cluster Hardening)
10 min read

Certified Kubernetes Security Specialist (CKS) #4: RBAC least privilege in depth (Cluster Hardening)

The fourth post in the Certified Kubernetes Security Specialist (CKS) series. On top of the RBAC you learned in CKA, we layer the principle of least privilege and go deep, from a security angle, on how to find and narrow Roles that are too broad. We cover the danger of wildcard verb/resource, removing default ServiceAccount permissions, cutting ClusterRoleBinding overuse down with RoleBinding, the gotchas of aggregated ClusterRole, identifying dangerous permissions like secrets get, pods/exec, escalate, bind, and impersonate, and the flow of verifying narrowed permissions with kubectl auth can-i --as.

Red Hat Certified Engineer (RHCE) #3: Config Files and Connectivity — ansible.cfg, ssh, become
10 min read

Red Hat Certified Engineer (RHCE) #3: Config Files and Connectivity — ansible.cfg, ssh, become

The third post in the Red Hat Certified Engineer (RHCE) series. We lay out the lookup precedence and key settings of ansible.cfg, which governs how Ansible behaves, the procedure for setting up SSH key-based connections with ssh-copy-id, and how to escalate privileges with become. We build a per-project ansible.cfg and become configuration by hand — a perennial exam favorite — and check the connection.

AWS Certified Developer - Associate (DVA-C02) #1 Exam Introduction — Exam Structure and Study Roadmap
5 min read

AWS Certified Developer - Associate (DVA-C02) #1 Exam Introduction — Exam Structure and Study Roadmap

The first post of the AWS Certified Developer - Associate (DVA-C02) series. It covers the exam structure (65 questions, 130 minutes, a 720 passing line), the weight and meaning of the four domains (Development 32% , Security 26% , Deployment 24% , Troubleshooting and Optimization 18%), how it differs from the Solutions Architect Associate (SAA-C03), and a study strategy that turns the hands-on feel built on the [AWS practical track](/en/posts/aws-basics-1-account-region-az) into exam questions from a developer's point of view. This 15-part series aims to help you pass DVA-C02, ending with a full-scale mock exam in #15.

AWS Certified Solutions Architect - Associate (SAA-C03) #12 Domain 3-4 High-Performing Architectures — Choosing a DB
4 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #12 Domain 3-4 High-Performing Architectures — Choosing a DB

The final post of the SAA-C03 high-performing domain. It covers the decisive difference between RDS's Multi-AZ (high availability) and read replicas (read scaling), cloud-native Aurora (auto storage scaling , Global , Serverless), NoSQL DynamoDB (capacity modes , global tables , DAX), Redshift for analytics, and the criteria for choosing a database by workload.

Certified Kubernetes Administrator (CKA) #10 Workloads 1: Deployment in Depth, ReplicaSet, Rolling Update and Rollback
10 min read

Certified Kubernetes Administrator (CKA) #10 Workloads 1: Deployment in Depth, ReplicaSet, Rolling Update and Rollback

The tenth post in the Certified Kubernetes Administrator (CKA) series. We look deep into the Deployment, the workload an operator handles most often. We walk through the Deployment→ReplicaSet→Pod hierarchy and the label selector that binds them, how to create and scale with kubectl, the conditions under which the rollingUpdate strategy (maxSurge/maxUnavailable) guarantees a zero-downtime update, and the rollback that lets you track versions and revert with kubectl rollout — all drilled until they are second nature.

Certified Kubernetes Application Developer (CKAD) #5 Workloads 1: Deployment, ReplicaSet, Rolling Update, and Rollback
10 min read

Certified Kubernetes Application Developer (CKAD) #5 Workloads 1: Deployment, ReplicaSet, Rolling Update, and Rollback

The fifth post in the Certified Kubernetes Application Developer (CKAD) series. We create a Deployment imperatively—the heart of app delivery—and lay out the relationship and scaling of Deployment, ReplicaSet, and Pod. We will get hands-on with the meaning of rollingUpdate's maxSurge and maxUnavailable, the flow of shipping a new version with kubectl set image, and the rollback scenario of tracking state with kubectl rollout and reverting a failed version with undo.

Certified Kubernetes Security Specialist (CKS) #3: CIS benchmark (kube-bench), component security, Ingress TLS, binary verification
11 min read

Certified Kubernetes Security Specialist (CKS) #3: CIS benchmark (kube-bench), component security, Ingress TLS, binary verification

The third post in the Certified Kubernetes Security Specialist (CKS) series. It covers the remaining half of the Cluster Setup domain — hardening the cluster itself. We get hands-on, with commands and manifests, on what the CIS Kubernetes benchmark is, how to inspect the control plane and nodes with kube-bench and read the PASS/FAIL/WARN results and apply remediation, the procedure for changing dangerous apiserver and kubelet flags to safe values, how to attach TLS to an Ingress, and the flow for verifying a downloaded binary with sha256sum.

Red Hat Certified Engineer (RHCE) #2 Inventory: static, dynamic, group/host_vars
10 min read

Red Hat Certified Engineer (RHCE) #2 Inventory: static, dynamic, group/host_vars

The second post in the Red Hat Certified Engineer (RHCE) series. We work through the inventory that defines what Ansible operates on — static inventory in both INI and YAML form, groups and groups of groups (children), range notation, and the directory layout that splits variables into group_vars and host_vars. We also cover how to verify with ansible-inventory, the concept of dynamic inventory, and the task patterns that show up again and again on the exam.

AWS Certified Solutions Architect - Associate (SAA-C03) #11 Domain 3-3 High-Performing Architectures — Choosing Storage
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #11 Domain 3-3 High-Performing Architectures — Choosing Storage

The third post of the SAA-C03 high-performing domain. It covers the distinction between block (EBS) , file (EFS , FSx) , object (S3) storage, EBS volume types (gp3 , io2 , st1 , sc1) and selection criteria, the use cases for EFS and FSx (Windows File Server , Lustre), and how to optimize cost with S3 storage classes (Standard , Intelligent-Tiering , IA , Glacier family) and lifecycle policies.

Certified Kubernetes Administrator (CKA) #9 RBAC: Role/ClusterRole, RoleBinding, ServiceAccount, kubectl auth can-i
12 min read

Certified Kubernetes Administrator (CKA) #9 RBAC: Role/ClusterRole, RoleBinding, ServiceAccount, kubectl auth can-i

The ninth post in the Certified Kubernetes Administrator (CKA) series. We dig deep into RBAC — what decides who can do what — from an operator's perspective. We'll cover the combination rules of Role and ClusterRole, RoleBinding and ClusterRoleBinding, the structure of subjects (User/Group/ServiceAccount) and rules (apiGroups/resources/verbs), how to build them fast with kubectl create, how to verify permissions with kubectl auth can-i and --as, and the flow of wiring the user we created in [#8](/en/posts/cka-8) into RBAC.