#Certification
167 posts
Certified Kubernetes Application Developer (CKAD) #1: The Exam Environment — Mastering kubectl, dry-run, and generators
The opening post of the Certified Kubernetes Application Developer (CKAD) series. We map out the structure of the 2-hour hands-on exam, the weight of the five domains, the passing line, and the testing environment — then drill the kubectl setup (alias, dry-run, generators, vim config) that decides how your exam time runs. This 21-part series targets a CKAD pass, wrapping up with a full-scale mock exam in #21.
AWS Certified Solutions Architect - Associate (SAA-C03) #7 Domain 2-2 Resilient Architectures — DR Patterns
The second post of the SAA-C03 resilience domain. It covers the precise meaning of RTO and RPO, the cost and recovery-time trade-offs of the four disaster recovery (DR) strategies (Backup & Restore , Pilot Light , Warm Standby , Multi-Site Active/Active), and how to implement them with Route 53 failover routing and cross-Region replication (RDS , Aurora Global , DynamoDB global tables , S3 CRR).
Certified Kubernetes Administrator (CKA) #5 HA Clusters: Multiple Control Planes and an External etcd Cluster
The fifth post in the Certified Kubernetes Administrator (CKA) series. We tackle the high-availability (HA) cluster that removes the single point of failure of a lone control plane. This is a concept-first walkthrough of the trade-offs between the stacked etcd and external etcd topologies, the load balancer in front of the apiservers and --control-plane-endpoint, etcd quorum and fault tolerance, joining control plane nodes, and verifying membership.
AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB
The first post of the SAA-C03 resilience domain. It covers high-availability design using Availability Zones (AZ), the makeup of Auto Scaling groups and their scaling policies (target tracking , step , scheduled , predictive), the three types of ELB (ALB , NLB , GLB) and how to choose between them, the structure that automatically replaces failed instances via health checks, and cross-zone load balancing.
Certified Kubernetes Administrator (CKA) #4 Installing a Cluster with kubeadm: Bootstrapping a Single Control Plane
Part 4 of the Certified Kubernetes Administrator (CKA) series. We stand up a Kubernetes cluster from scratch on a bare Linux machine with kubeadm. From the prerequisites — disabling swap, loading kernel modules, installing containerd — through bootstrapping the control plane with kubeadm init, installing a CNI to bring the node to Ready, and attaching workers with kubeadm join, we walk the whole path command by command.
AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager
The final post of the SAA-C03 security domain. It covers application-layer protection and credential management: WAF web ACLs and rules (SQLi , XSS , rate , geo), the difference between Shield Standard and Advanced, the role distinction between Cognito User Pool (authentication) and Identity Pool (temporary AWS credentials), and a comparison of Secrets Manager and Parameter Store.
Certified Kubernetes Administrator (CKA) #3 Cluster Architecture 2: Node (kubelet/kube-proxy/CRI), the Pod Networking Model
The third post in the Certified Kubernetes Administrator (CKA) series. Once the control plane makes a decision, the actual containers run on the nodes. We lay out the roles of the three node components — kubelet, kube-proxy, and the container runtime — and the CRI interface, then look from an operations angle at the Kubernetes Pod networking model where every Pod communicates without NAT, and at where the CNI plugin fits in.
AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security
The third post of the SAA-C03 security domain. It covers network-boundary security: the difference between security groups and network ACLs (stateful vs. stateless) and how rules are evaluated, the two kinds of VPC Endpoint (Gateway , Interface) and how to choose between them, the structure for exposing a service privately with PrivateLink, bastion hosts and Systems Manager Session Manager, and VPC Flow Logs.
Certified Kubernetes Administrator (CKA) #2 Cluster Architecture 1: Control plane (apiserver/etcd/scheduler/controller-manager)
The second post in the Certified Kubernetes Administrator (CKA) series. We look at how a cluster actually runs, starting from the control plane. We cover what kube-apiserver (the gateway for all communication), etcd (the cluster state store), kube-scheduler (the Pod placement decision), and kube-controller-manager (the reconciliation loop) each do, how the control plane runs as static Pods, and what happens to the cluster when a component dies — all from an operator's point of view.
AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption
The second post of the SAA-C03 security domain. It covers KMS key types (AWS managed, customer managed, customer provided), how envelope encryption works, the difference between at-rest and in-transit encryption, the encryption options for S3, EBS, and RDS and how to encrypt resources that already exist, key policies and cross-account key sharing, and the difference from CloudHSM.
Certified Kubernetes Administrator (CKA) #1: The Exam Environment — alias and dry-run, vim/yq setup, time management
The opening post of the Certified Kubernetes Administrator (CKA) series. We lay out the structure of the 2-hour hands-on exam, the weight of the five domains (Troubleshooting at 30% is the crux), the passing line, and the testing environment — then drill the setup (alias, dry-run, vim/yq, etcdctl, systemctl) that decides how your exam time runs. This 27-part series targets a CKA pass, wrapping up with a hands-on mock exam in #27.
AWS Certified Cloud Practitioner (CLF-C02) #10: Full-Scale Mock Exam — 50 Questions with Explanations
The final post of the CLF-C02 series. Fifty questions sized to match the real exam domain weights (24/30/34/12%). Domain 1 (Cloud Concepts) 12 questions, Domain 2 (Security) 15 questions, Domain 3 (Cloud Technology) 17 questions, Domain 4 (Billing) 6 questions. The real exam is 65 questions in 90 minutes; this mock is scored over 50 questions, target 60–75 minutes, and 36+ correct (72%) puts you in safe passing territory. Each question is followed by the answer and an explanation.