#Certification
167 posts
Certified Kubernetes Application Developer (CKAD) #16 Resource Management: requests/limits, QoS Class, LimitRange
The sixteenth post in the Certified Kubernetes Application Developer (CKAD) series. It nails down requests and limits — which decide how much a Pod asks for and how much it may use — right down to the units, and shows how CPU throttling and memory OOMKilled diverge. We also work through the three QoS classes and eviction priority, plus LimitRange that enforces namespace defaults and ResourceQuota that caps the total, all with YAML examples.
Certified Kubernetes Security Specialist (CKS) #14: Image scan — Trivy, Kubesec, KubeLinter
The fourteenth post in the Certified Kubernetes Security Specialist (CKS) series. We cover image vulnerability scanning, the heart of supply chain security. We compare in a table the role differences between Trivy — its image/filesystem/repo scans that find CVEs embedded in a container image's OS packages and language libraries, plus severity filtering and exit-code-based CI gates — Kubesec, which scores a manifest's securityContext settings, and KubeLinter, which statically analyzes manifests to catch anti-patterns. We also walk through, with command examples, the exam staple of finding and replacing an image that has a vulnerability of a given severity.
Kubernetes and Cloud Native Associate (KCNA) #5: Cloud Native Architecture (16%) — Autoscaling, Serverless, Community, Open Standards
The fifth post in the KCNA series. It walks through cloud native design philosophy (the CNCF definition, self-healing, resilience), autoscaling (HPA, VPA, Cluster Autoscaler, KEDA), serverless (Knative, FaaS), the CNCF community and project maturity levels, open standards (OCI, CRI, CNI, CSI, OpenTelemetry), and finishes with zero-downtime rollouts and immutable infrastructure.
Red Hat Certified Engineer (RHCE) #13: System roles (rhel-system-roles)
The 13th post in the Red Hat Certified Engineer (RHCE) series. We cover how rhel-system-roles — a set of validated roles Red Hat ships — abstracts away RHCSA tasks. We walk through installation (dnf and ansible-galaxy collection), where the docs live (/usr/share/doc/rhel-system-roles) and the example-playbook copy pattern, the timesync/firewall/selinux/storage/network/postfix roles and their variables, and the exam regulars — automating NTP, firewall, and SELinux — with worked examples.
Red Hat Certified System Administrator (RHCSA) #10 Basic Networking: NetworkManager (nmcli), hostname, /etc/hosts
The tenth post in the Red Hat Certified System Administrator (RHCSA) series. We cover how NetworkManager manages networking on RHEL 9, how to create connections and set a static IP permanently with nmcli, how to change the hostname with hostnamectl and resolve names through /etc/hosts, and how to verify the result with the ip command — all typed out by hand. Setting a static IP so it survives a reboot is a perennial RHCSA exam task.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #5 Domain 2-1 Reliability: Multi-AZ, Auto Scaling, and ELB Health Checks
The fifth post of the SOA-C03 series covers availability operations, the first topic of the Reliability domain (22%). It covers redundancy across Availability Zones, Auto Scaling group capacity, policies, and lifecycle hooks, health checks and connection draining per ELB type, and Route 53 health-check-based failover.
AWS Certified Developer - Associate (DVA-C02) #11 Domain 3-3 Deployment — Deployment Strategies
The third post of the DVA-C02 deployment domain. It covers, at the exam level, the difference between in-place and blue/green deployment, traffic-shifting methods like canary,linear,all-at-once, weighted routing using Lambda aliases and versions, gradual deployment through API Gateway stages, and automatic rollback tied to CloudWatch alarms. The key is how to update safely with zero downtime.
Certified Kubernetes Administrator (CKA) #20 Networking 3: CoreDNS, NetworkPolicy
The twentieth post in the Certified Kubernetes Administrator (CKA) series. We cover how CoreDNS lets Pods and Services find each other by name inside the cluster, the Corefile configuration, debugging DNS with nslookup, and the NetworkPolicy podSelector and ingress/egress rules that control which Pod can talk to which Pod — all from an operations point of view. We also work through the default deny pattern and the CNI dependency.
Certified Kubernetes Application Developer (CKAD) #15 SecurityContext and Capabilities: runAsUser, fsGroup, readOnly rootfs
The fifteenth post in the Certified Kubernetes Application Developer (CKAD) series. It covers how securityContext restricts which user and privileges a container runs with. We will get hands-on through YAML examples — runAsUser, runAsNonRoot, and fsGroup; readOnlyRootFilesystem and the emptyDir workaround; allowPrivilegeEscalation; the add and drop of Linux capabilities; and the danger of privileged containers.
Certified Kubernetes Security Specialist (CKS) #13 Minimal images: distroless, scratch (Supply Chain)
The thirteenth post in the Certified Kubernetes Security Specialist (CKS) series. It covers image minimization, the starting point of the Supply Chain Security domain — how a large image widens the attack surface with shells, package managers, and needless CVEs, what distroless and scratch strip away, and how to choose among them versus alpine. With Dockerfile examples, we walk through the multistage build pattern that separates build tools from the runtime, how to debug a shell-less image with an ephemeral container, and how to enforce a non-root user.
Kubernetes and Cloud Native Associate (KCNA) #4: Container Orchestration (22%) — Runtime, Security, Networking, Storage, Service Mesh
A walkthrough of the core of the KCNA Container Orchestration domain — container runtimes and the OCI/CRI standards, RBAC and NetworkPolicy security, CNI networking and CoreDNS, CSI storage, and Service Mesh. We map the boundaries the three CRI/CNI/CSI interfaces draw, the Service types, the default behavior of NetworkPolicy, and other recurring exam points.
Red Hat Certified Engineer (RHCE) #12 Collection: Galaxy, Automation Hub
Part 12 of the Red Hat Certified Engineer (RHCE) series. We cover the concept of an Ansible collection and FQCN (namespace.collection.module), how to install collections and roles with ansible-galaxy, the way to install dependencies in bulk with requirements.yml, the difference between Galaxy and Automation Hub, and the collections_path setting in ansible.cfg — all from a hands-on exam point of view. We work through the exam staple of downloading a collection with requirements.yml and using it via FQCN as a worked example.