#Certification

167 posts

Red Hat Certified System Administrator (RHCSA) #9 System Operations: chronyd, journald, cron, systemd timer, tuned
9 min read

Red Hat Certified System Administrator (RHCSA) #9 System Operations: chronyd, journald, cron, systemd timer, tuned

The ninth post in the Red Hat Certified System Administrator (RHCSA) series. We set system time with timedatectl and chronyd, read and persist logs with journald and rsyslog, schedule jobs with cron and systemd timers, and tune system profiles with tuned — the operational tasks, organized around the commands you actually type on the exam.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #4 Domain 1-3 Monitoring — Automated Recovery and Performance Optimization
6 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #4 Domain 1-3 Monitoring — Automated Recovery and Performance Optimization

The fourth post of the SOA-C03 series covers automated responses after detection. It covers how EventBridge reacts to events, how to automate recovery with Systems Manager Automation runbooks, EC2 automated recovery and Auto Scaling self-healing, and the flow of diagnosing performance bottlenecks with Compute Optimizer and CloudWatch while optimizing cost along the way.

AWS Certified Developer - Associate (DVA-C02) #10 Domain 3-2 Deployment — IaC and Serverless Deployment
4 min read

AWS Certified Developer - Associate (DVA-C02) #10 Domain 3-2 Deployment — IaC and Serverless Deployment

The second post of the DVA-C02 deployment domain. It covers, at the exam level, CloudFormation's template structure (Resources,Parameters,Mappings,Outputs), stacks,change sets,drift, nested stacks, SAM's template and sam deploy,sam local that simplify serverless deployment, and Elastic Beanstalk's deployment policies (All at once,Rolling,Immutable) along with .ebextensions.

Certified Kubernetes Administrator (CKA) #19 Networking 2: Ingress, IngressClass, TLS
8 min read

Certified Kubernetes Administrator (CKA) #19 Networking 2: Ingress, IngressClass, TLS

The nineteenth post in the Certified Kubernetes Administrator (CKA) series. We cover how to consolidate host- and path-based routing and TLS termination — things Service alone cannot solve — into Ingress. From an operations angle, we work through Ingress rules (pathType Prefix/Exact, rules/backend, defaultBackend), IngressClass that separates multiple controllers, the Ingress Controller that must exist for Ingress to do anything, and the TLS section that references a Secret.

Certified Kubernetes Application Developer (CKAD) #14 ServiceAccount and RBAC (App Perspective)
10 min read

Certified Kubernetes Application Developer (CKAD) #14 ServiceAccount and RBAC (App Perspective)

Part 14 of the Certified Kubernetes Application Developer (CKAD) series. When an app running inside a Pod calls the Kubernetes API, what identity does it authenticate as and what permissions does it get authorized for — this post lays that out from the ServiceAccount and RBAC angle. You will get hands-on with automatic SA token mounting and turning it off, granting permissions with Role and RoleBinding, and verifying with kubectl auth can-i.

Certified Kubernetes Security Specialist (CKS) #12 Pod-to-Pod mTLS: Cilium
9 min read

Certified Kubernetes Security Specialist (CKS) #12 Pod-to-Pod mTLS: Cilium

The twelfth post of the Certified Kubernetes Security Specialist (CKS) series. As the final topic of the Minimize Microservice Vulnerabilities domain, it covers the problem that Pod-to-Pod traffic is plaintext by default and the need for encryption in transit. We organize, concept-first, the sidecar mTLS model of Service Mesh (Istio/Linkerd), Cilium's transparent encryption (WireGuard/IPsec) and its mTLS direction, the difference between NetworkPolicy (L3/L4) and mTLS (encryption/identity), and why in-transit encryption matters from a CKS perspective.

Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling
13 min read

Kubernetes and Cloud Native Associate (KCNA) #3: Kubernetes Fundamentals 2 — API, Containers, Scheduling

A rundown of the Kubernetes API object model (apiVersion, kind, metadata, spec, status) and the declarative vs. imperative styles, container images and runtimes, the kube-scheduler scheduling process (nodeSelector, affinity, taint), and how to inject configuration with ConfigMap and Secret. This wraps up the back half of Domain 1, Kubernetes Fundamentals (46%).

Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles
9 min read

Red Hat Certified Engineer (RHCE) #11: Writing and Using Roles

Part 11 of the Red Hat Certified Engineer (RHCE) series. We cover the standard role directory structure and ansible-galaxy role init, the difference between the roles key and include_role/import_role, why defaults sits at the lowest role variable precedence, and the dependencies in meta/main.yml plus roles_path. We practice the exam-favorite flow of writing a role and calling it from a playbook with worked examples.

Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream
9 min read

Red Hat Certified System Administrator (RHCSA) #8 Packages and repositories: dnf, modules, AppStream

The eighth post in the Red Hat Certified System Administrator (RHCSA) series. We cover installing, removing, and searching packages with dnf, adding repositories, and working with AppStream module streams and profiles. From RHCSA staples like adding a specific repository and installing from it, all the way to switching module streams — all walked through with command examples.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent
6 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #3 Domain 1-2 Monitoring — CloudWatch Logs, Logs Insights, Agent

The third post in the SOA-C03 series covers the log side of CloudWatch. It covers the structure of log groups and log streams, retention periods and cost, how to collect logs and OS metrics with the CloudWatch Agent, metric filters that extract metrics from logs, Logs Insights queries, and subscription filters that deliver logs in real time.

AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD
4 min read

AWS Certified Developer - Associate (DVA-C02) #9 Domain 3-1 Deployment — CI/CD

The first post of the DVA-C02 deployment domain. It covers the division of roles among the AWS developer tools (CodeCommit,CodeBuild,CodeDeploy,CodePipeline,CodeArtifact), along with CodeBuild's buildspec.yml phases and environment variables, CodeDeploy's appspec.yml with deployment groups and lifecycle hooks, and CodePipeline's stage composition and artifact flow at the exam level. The key is knowing which tool does what.

Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)
10 min read

Certified Kubernetes Administrator (CKA) #18 Networking 1: Service (ClusterIP/NodePort/LoadBalancer/ExternalName)

Part 18 of the Certified Kubernetes Administrator (CKA) series. We follow the flow where a Service uses a selector to pick Pods, builds Endpoints, and kube-proxy turns those into node-level rules. We cover the four types — ClusterIP, NodePort, LoadBalancer, ExternalName — the distinction between port/targetPort/nodePort, headless Services, k expose, and the operational instinct for tracing the cause through Endpoints when a Service stops working.