#Certification

167 posts

Certified Kubernetes Application Developer (CKAD) #4 Container Images: Dockerfile, Multi-stage, and Building from Scratch on the Exam
10 min read

Certified Kubernetes Application Developer (CKAD) #4 Container Images: Dockerfile, Multi-stage, and Building from Scratch on the Exam

The fourth post in the Certified Kubernetes Application Developer (CKAD) series. Some CKAD tasks require the full flow of building an image yourself, pushing it to a registry, and running it in a Pod. This post walks through the basic Dockerfile instructions and layer cache, how multi-stage builds slim an image down, the build/tag/push procedure with podman and buildah, the imagePullPolicy and the latest-tag trap, and the rules that map command/args onto ENTRYPOINT/CMD — all from a hands-on exam angle.

Certified Kubernetes Security Specialist (CKS) #2: NetworkPolicy in depth — default deny, ingress/egress (Cluster Setup)
10 min read

Certified Kubernetes Security Specialist (CKS) #2: NetworkPolicy in depth — default deny, ingress/egress (Cluster Setup)

The second post in the Certified Kubernetes Security Specialist (CKS) series. We cover network isolation, the heart of the Cluster Setup domain — from the all-allow default behavior when no NetworkPolicy exists, to the default deny pattern that blocks everything with podSelector and policyTypes, restricting ingress and egress separately, the trap where default deny egress breaks DNS and how to allow port 53, and the AND vs OR trap when combining namespaceSelector and podSelector. We build and verify it all firsthand with YAML and kubectl.

Red Hat Certified Engineer (RHCE) #1: Exam Overview — the environment, time management, ansible-navigator vs ansible-playbook
6 min read

Red Hat Certified Engineer (RHCE) #1: Exam Overview — the environment, time management, ansible-navigator vs ansible-playbook

The opening post of the Red Hat Certified Engineer (RHCE) series. Assuming you already hold RHCSA, we lay out the format and domains of the EX294 hands-on exam, the 210/300 passing score and 4-hour testing environment, the nature of the exam as Ansible automation, and the ansible-navigator vs ansible-playbook execution styles. This 19-part series targets an RHCE pass, wrapping up with a full-scale mock exam in #19.

AWS Certified Solutions Architect - Associate (SAA-C03) #10 Domain 3-2 High-Performing Architectures — Caching
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #10 Domain 3-2 High-Performing Architectures — Caching

The second post of the SAA-C03 high-performing domain. It covers the difference between ElastiCache's Redis and Memcached, DAX for accelerating DynamoDB, CloudFront for caching content close to users (edge , OAC , signed URLs), cache strategies (lazy loading , write-through), and storing sessions externally for stateless design.

Certified Kubernetes Administrator (CKA) #8 Certificate Management: PKI, kubeconfig, Certificate Renewal
12 min read

Certified Kubernetes Administrator (CKA) #8 Certificate Management: PKI, kubeconfig, Certificate Renewal

The eighth post in the Certified Kubernetes Administrator (CKA) series. We cover the TLS certificates that underpin every bit of communication in the cluster: the PKI structure under /etc/kubernetes/pki and who trusts whom, the clusters/users/contexts layout of kubeconfig, the procedure for checking expiration with kubeadm certs check-expiration and renewing with kubeadm certs renew all, and the flow for issuing user certificates with a CertificateSigningRequest — all of it drilled into your hands.

Certified Kubernetes Application Developer (CKAD) #3 Multi-container Patterns: Init container, sidecar, ambassador, adapter
8 min read

Certified Kubernetes Application Developer (CKAD) #3 Multi-container Patterns: Init container, sidecar, ambassador, adapter

The third post in the Certified Kubernetes Application Developer (CKAD) series. It covers the collaboration patterns that arise when a single Pod holds multiple containers. We will build, with kubectl commands and YAML examples, the init container that guarantees sequential execution, the sidecar that runs alongside the main container, the ambassador that abstracts outbound connections, and the adapter that standardizes output format. It also covers emptyDir volume sharing and shared process namespace from a hands-on exam perspective.

Certified Kubernetes Security Specialist (CKS) #1: The Exam Environment — CKA prerequisite, tools, time management
8 min read

Certified Kubernetes Security Specialist (CKS) #1: The Exam Environment — CKA prerequisite, tools, time management

The opening post of the Certified Kubernetes Security Specialist (CKS) series. We lay out the structure of the 2-hour hands-on security exam that assumes you already hold CKA, the weight of the six domains, the 67% passing line, and the testing environment — then map out the big picture of the security tools the exam covers (kube-bench, AppArmor, seccomp, OPA/Gatekeeper, Falco, Trivy, cosign) and a strategy for using the docs. This 20-part series targets a CKS pass, wrapping up with a hands-on mock exam in #20.

AWS Certified Solutions Architect - Associate (SAA-C03) #9 Domain 3-1 High-Performing Architectures — Choosing Compute
4 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #9 Domain 3-1 High-Performing Architectures — Choosing Compute

The first post of the SAA-C03 high-performing domain. It covers how to choose the compute that fits a workload: EC2 instance families (general , compute , memory , storage , accelerated) and selection criteria, the performance and cost trade-offs of purchasing options (On-Demand , Reserved , Savings Plans , Spot , Dedicated), and when to pick serverless compute (Lambda , Fargate).

Certified Kubernetes Administrator (CKA) #7: etcd Backup and Restore — etcdctl snapshot save/restore
9 min read

Certified Kubernetes Administrator (CKA) #7: etcd Backup and Restore — etcdctl snapshot save/restore

The seventh post of the Certified Kubernetes Administrator (CKA) series. It lays out the procedure for backing up and restoring etcd — which holds the entire state of your cluster — with etcdctl. You will get the flow into your hands: find the data-dir and certificate paths in the static Pod manifest, take a snapshot with snapshot save, restore it to a new data-dir with snapshot restore, and then bring etcd back up.

Certified Kubernetes Application Developer (CKAD) #2 Pod and Container Lifecycle — Restart Policy and Container States
5 min read

Certified Kubernetes Application Developer (CKAD) #2 Pod and Container Lifecycle — Restart Policy and Container States

The second post in the Certified Kubernetes Application Developer (CKAD) series. We build it all by hand: the Pod lifecycle (Pending, Running, Succeeded, Failed, Unknown) and how restartPolicy (Always, OnFailure, Never) shapes workload behavior, container states (Waiting, Running, Terminated) and reasons like CrashLoopBackOff, ImagePullBackOff, and OOMKilled, how to read exit codes, and the troubleshooting sequence the exam loves to test.

AWS Certified Solutions Architect - Associate (SAA-C03) #8 Domain 2-3 Resilient Architectures — Backup Strategy
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #8 Domain 2-3 Resilient Architectures — Backup Strategy

The final post of the SAA-C03 resilience domain. It covers incremental storage of EBS snapshots and cross-Region , cross-account copy, snapshot automation with Data Lifecycle Manager, the difference between RDS automated backups and manual snapshots plus point-in-time recovery (PITR), AWS Backup and backup plans for centrally managing multiple services, and immutable backups (Vault Lock).

Certified Kubernetes Administrator (CKA) #6 Cluster Upgrade: kubeadm upgrade plan/apply, Per-node drain
9 min read

Certified Kubernetes Administrator (CKA) #6 Cluster Upgrade: kubeadm upgrade plan/apply, Per-node drain

The sixth post in the Certified Kubernetes Administrator (CKA) series. We lay out the standard procedure for bumping a kubeadm cluster up one minor version, in order from the control plane to the worker nodes. We drill kubeadm upgrade plan/apply, swapping the kubelet and kubectl packages, per-node drain and uncordon, and the traps people miss most often in the exam.