#Certification
167 posts
Red Hat Certified System Administrator (RHCSA) #9 System Operations: chronyd, journald, cron, systemd timer, tuned
The ninth post in the Red Hat Certified System Administrator (RHCSA) series. We set system time with timedatectl and chronyd, read and persist logs with journald and rsyslog, schedule jobs with cron and systemd timers, and tune system profiles with tuned — the operational tasks, organized around the commands you actually type on the exam.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #4 Domain 1-3 Monitoring — Automated Recovery and Performance Optimization
The fourth post of the SOA-C03 series covers automated responses after detection. It covers how EventBridge reacts to events, how to automate recovery with Systems Manager Automation runbooks, EC2 automated recovery and Auto Scaling self-healing, and the flow of diagnosing performance bottlenecks with Compute Optimizer and CloudWatch while optimizing cost along the way.
AWS Certified Developer - Associate (DVA-C02) #10 Domain 3-2 Deployment — IaC and Serverless Deployment
The second post of the DVA-C02 deployment domain. It covers, at the exam level, CloudFormation's template structure (Resources,Parameters,Mappings,Outputs), stacks,change sets,drift, nested stacks, SAM's template and sam deploy,sam local that simplify serverless deployment, and Elastic Beanstalk's deployment policies (All at once,Rolling,Immutable) along with .ebextensions.
Certified Kubernetes Administrator (CKA) #19 Networking 2: Ingress, IngressClass, TLS
The nineteenth post in the Certified Kubernetes Administrator (CKA) series. We cover how to consolidate host- and path-based routing and TLS termination — things Service alone cannot solve — into Ingress. From an operations angle, we work through Ingress rules (pathType Prefix/Exact, rules/backend, defaultBackend), IngressClass that separates multiple controllers, the Ingress Controller that must exist for Ingress to do anything, and the TLS section that references a Secret.
Certified Kubernetes Application Developer (CKAD) #14 ServiceAccount and RBAC (App Perspective)
Part 14 of the Certified Kubernetes Application Developer (CKAD) series. When an app running inside a Pod calls the Kubernetes API, what identity does it authenticate as and what permissions does it get authorized for — this post lays that out from the ServiceAccount and RBAC angle. You will get hands-on with automatic SA token mounting and turning it off, granting permissions with Role and RoleBinding, and verifying with kubectl auth can-i.
Certified Kubernetes Security Specialist (CKS) #12 Pod-to-Pod mTLS: Cilium
The twelfth post of the Certified Kubernetes Security Specialist (CKS) series. As the final topic of the Minimize Microservice Vulnerabilities domain, it covers the problem that Pod-to-Pod traffic is plaintext by default and the need for encryption in transit. We organize, concept-first, the sidecar mTLS model of Service Mesh (Istio/Linkerd), Cilium's transparent encryption (WireGuard/IPsec) and its mTLS direction, the difference between NetworkPolicy (L3/L4) and mTLS (encryption/identity), and why in-transit encryption matters from a CKS perspective.
Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling
A rundown of the Kubernetes API object model (apiVersion, kind, metadata, spec, status) and the declarative vs. imperative styles, container images and runtimes, the kube-scheduler scheduling process (nodeSelector, affinity, taint), and how to inject configuration with ConfigMap and Secret. This wraps up the back half of Domain 1, Kubernetes Fundamentals (46%).
Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles
Part 11 of the Red Hat Certified Engineer (RHCE) series. We cover the standard role directory structure and ansible-galaxy role init, the difference between the roles key and include_role/import_role, why defaults sits at the lowest role variable precedence, and the dependencies in meta/main.yml plus roles_path. We practice the exam-favorite flow of writing a role and calling it from a playbook with worked examples.
Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream
The eighth post in the Red Hat Certified System Administrator (RHCSA) series. We cover installing, removing, and searching packages with dnf, adding repositories, and working with AppStream module streams and profiles. From RHCSA staples like adding a specific repository and installing from it, all the way to switching module streams — all walked through with command examples.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent
The third post in the SOA-C03 series covers the log side of CloudWatch. It covers the structure of log groups and log streams, retention periods and cost, how to collect logs and OS metrics with the CloudWatch Agent, metric filters that extract metrics from logs, Logs Insights queries, and subscription filters that deliver logs in real time.
AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD
The first post of the DVA-C02 deployment domain. It covers the division of roles among the AWS developer tools (CodeCommit,CodeBuild,CodeDeploy,CodePipeline,CodeArtifact), along with CodeBuild's buildspec.yml phases and environment variables, CodeDeploy's appspec.yml with deployment groups and lifecycle hooks, and CodePipeline's stage composition and artifact flow at the exam level. The key is knowing which tool does what.
Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)
Part 18 of the Certified Kubernetes Administrator (CKA) series. We follow the flow where a Service uses a selector to pick Pods, builds Endpoints, and kube-proxy turns those into node-level rules. We cover the four types — ClusterIP, NodePort, LoadBalancer, ExternalName — the distinction between port/targetPort/nodePort, headless Services, k expose, and the operational instinct for tracing the cause through Endpoints when a Service stops working.