#Certification

167 posts

Red Hat Certified System Administrator (RHCSA) #12: firewalld and SSH key authentication
11 min read

Red Hat Certified System Administrator (RHCSA) #12: firewalld and SSH key authentication

The twelfth post in the Red Hat Certified System Administrator (RHCSA) series. We type through firewalld's zone concept and how to permanently allow services and ports with firewall-cmd, rich rules and source-based zone assignment, then how to set up SSH key authentication with ssh-keygen and ssh-copy-id and get the authorized_keys permissions right. We zero in on the RHCSA staples — permanently allowing ports and services and configuring key authentication — and the trap of forgetting --permanent.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #7 Domain 3-1 Deployment — CloudFormation in Depth and IaC
5 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #7 Domain 3-1 Deployment — CloudFormation in Depth and IaC

The seventh post of the SOA-C03 series covers CloudFormation, the first topic of the deployment and automation domain (22%). It covers the structure of stacks and templates, change sets and drift detection, stack policies and deletion protection, StackSets for deploying across multiple accounts and regions, and the relationship with other IaC tools such as CDK and Terraform.

AWS Certified Developer - Associate (DVA-C02) #13 Domain 4-2 Troubleshooting and Optimization — Optimization and Problem Solving
4 min read

AWS Certified Developer - Associate (DVA-C02) #13 Domain 4-2 Troubleshooting and Optimization — Optimization and Problem Solving

The second post of the DVA-C02 troubleshooting domain. It covers choosing caching layers (CloudFront,ElastiCache,DAX,API Gateway), Lambda performance tuning (the relationship between memory and CPU,cold starts,concurrency), handling DynamoDB throttling, and the error codes that frequently appear on the exam (429,502,504,ProvisionedThroughputExceededException, etc.) and how to read them. This is the final step of looking at metrics, narrowing down the cause, and fixing it.

Certified Kubernetes Administrator (CKA) #22 Troubleshooting 1: Pods and Apps (Pending, CrashLoop, ImagePull, OOM)
11 min read

Certified Kubernetes Administrator (CKA) #22 Troubleshooting 1: Pods and Apps (Pending, CrashLoop, ImagePull, OOM)

The largest domain on the CKA exam is Troubleshooting (30%). In this post we tackle the four most common Pod-level failures within that domain. We organize Pending, CrashLoopBackOff, ImagePullBackOff/ErrImagePull, and OOMKilled each from symptom to diagnosis to fix in a single flow, and we drill the order in which to read describe, events, and logs so you reach the root cause fast.

Certified Kubernetes Application Developer (CKAD) #17 Volumes: emptyDir, PVC, projected, ephemeral
9 min read

Certified Kubernetes Application Developer (CKAD) #17 Volumes: emptyDir, PVC, projected, ephemeral

The seventeenth post in the Certified Kubernetes Application Developer (CKAD) series. Starting from the volatility of a container filesystem, it works through emptyDir and hostPath, the dynamic provisioning of PersistentVolumeClaim and StorageClass, the projected volume that bundles secret, configMap, and downwardAPI into one directory, and the generic ephemeral volume — all with hands-on YAML examples.

Certified Kubernetes Security Specialist (CKS) #15 Image signing: cosign, SBOM
11 min read

Certified Kubernetes Security Specialist (CKS) #15 Image signing: cosign, SBOM

The fifteenth post in the Certified Kubernetes Security Specialist (CKS) series. The only way to trust an image entering your cluster is to verify a signature that proves its origin. We walk through creating and verifying both key-based and keyless (OIDC) signatures with sigstore's cosign, generating an SBOM (SPDX/CycloneDX) with syft to track components, and closing the supply chain by blocking unsigned images at admission — all with command examples.

Kubernetes and Cloud Native Associate (KCNA) #6: Cloud Native Observability (8%) — Telemetry, Prometheus, Cost Management
11 min read

Kubernetes and Cloud Native Associate (KCNA) #6: Cloud Native Observability (8%) — Telemetry, Prometheus, Cost Management

The three pillars of telemetry (metrics, logs, traces), Prometheus pull-based metric collection with PromQL, Alertmanager, and Grafana, OpenTelemetry and distributed tracing, SLI/SLO/SLA and the golden signals, and FinOps cost management — a walk through KCNA Domain 4.

Red Hat Certified Engineer (RHCE) #14 RHCSA Automation 1: Users/Groups, Packages/Repositories
9 min read

Red Hat Certified Engineer (RHCE) #14 RHCSA Automation 1: Users/Groups, Packages/Repositories

The fourteenth post in the Red Hat Certified Engineer (RHCE) series. We automate the user/group creation and package/repository management you did by hand in RHCSA with Ansible modules. We work through the user and group modules, passwords handled safely with password_hash and Vault, the dnf module and module streams, the yum_repository module, and the exam-favorite pattern of creating many users at once with loop.

Red Hat Certified System Administrator (RHCSA) #11 Users/Groups: UID/GID, sudo, ACL, password policy
11 min read

Red Hat Certified System Administrator (RHCSA) #11 Users/Groups: UID/GID, sudo, ACL, password policy

The eleventh post in the Red Hat Certified System Administrator (RHCSA) series. We organize it around the exact tasks RHCSA puts on the practical exam: creating users with useradd and usermod and assigning UID/GID, groupadd and supplementary groups, granting sudo rights through /etc/sudoers and visudo, setting per-file ACLs with setfacl, and pinning down password expiry policy with chage.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #6 Domain 2-2 Reliability — Backup, Restore, and Disaster Recovery (DR)
6 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #6 Domain 2-2 Reliability — Backup, Restore, and Disaster Recovery (DR)

The sixth post of the SOA-C03 series covers data protection, the second axis of the reliability domain. It covers EBS snapshots and AMIs, RDS automated backups and snapshots, how to centrally manage backup policies with AWS Backup, the meaning of RPO and RTO, and the DR strategies that progress from backup to pilot light to warm standby to multi-site.

AWS Certified Developer - Associate (DVA-C02) #12 Domain 4-1 Troubleshooting and Optimization — Observability
4 min read

AWS Certified Developer - Associate (DVA-C02) #12 Domain 4-1 Troubleshooting and Optimization — Observability

The first post of the DVA-C02 troubleshooting domain. It covers, at the exam level, CloudWatch Logs (log groups,streams,Logs Insights) and Metrics (standard,custom,high-resolution), Alarms, X-Ray distributed tracing (segments,subsegments,service map,sampling), and how to extract metrics from logs with EMF (Embedded Metric Format). The key is the tools that trace failures and narrow down the cause.

Certified Kubernetes Administrator (CKA) #21 Helm and Kustomize: Managing Manifests
9 min read

Certified Kubernetes Administrator (CKA) #21 Helm and Kustomize: Managing Manifests

The twenty-first post in the Certified Kubernetes Administrator (CKA) series. We learn the two tools for managing manifests — Helm and Kustomize — with a focus on operational commands. Helm covers repo add/update, install/upgrade/rollback, value injection, and template rendering; Kustomize covers the base/overlays structure, patchesStrategicMerge, configMapGenerator, and kubectl apply -k. We lay out the difference between the two (template vs. overlay) in a table and pin down the CKA exam points.