#Certification
167 posts
Certified Kubernetes Application Developer (CKAD) #13 ConfigMap and Secret in Depth: volume vs env, Auto-Refresh
The thirteenth post in the Certified Kubernetes Application Developer (CKAD) series. We create ConfigMaps and Secrets that pull configuration and sensitive data out of code, and cover the three ways to inject them — env (valueFrom , envFrom) and volume mounts — in exam-task format. In particular, we drill the difference that env stays fixed until the Pod restarts while a volume auto-refreshes after a delay.
Certified Kubernetes Security Specialist (CKS) #11: Isolation — gVisor, Kata Containers, RuntimeClass
The eleventh post in the Certified Kubernetes Security Specialist (CKS) series. We pin down the root problem that container isolation is weak because containers share the host kernel, and lay out the sandbox runtimes that make up for it. We compare how gVisor (runsc), which intercepts system calls with a user-space kernel, and Kata Containers, which separates workloads in lightweight VMs, each work; how to declare a handler with RuntimeClass and apply it via a Pod's runtimeClassName; the trade-offs between security and performance/compatibility; and finally the RuntimeClass creation and Pod assignment tasks that show up often on the exam, building them by hand.
Kubernetes and Cloud Native Associate (KCNA) #2: Kubernetes Fundamentals 1 — Architecture and Core Resources
The second post in the KCNA series. The first half of Domain 1, the largest at 46%, covering the components of the control plane and worker nodes (kube-apiserver, etcd, kube-scheduler, controller-manager, kubelet, kube-proxy, container runtime), the declarative model and the reconciliation loop, and the core resources Pod, ReplicaSet, Deployment, Service, and Namespace.
Red Hat Certified Engineer (RHCE) #10 Ansible Vault: Managing Secrets
The tenth post in the Red Hat Certified Engineer (RHCE) series. We encrypt variable files with ansible-vault (create/edit/view/encrypt/decrypt/rekey), put secrets in group_vars/secret.yml and use them from a playbook, supply the password at runtime with --ask-vault-pass and --vault-password-file, and inline-encrypt a single variable with encrypt_string — all laid out command by command.
Red Hat Certified System Administrator (RHCSA) #7 File systems: XFS, ext4, mount/fstab, NFS, AutoFS
The seventh post in the Red Hat Certified System Administrator (RHCSA) series. We create file systems with mkfs.xfs and mkfs.ext4, handle mounts with mount/umount/findmnt, lock down persistent mounts that survive a reboot via UUID/LABEL and fstab, and finally type out NFS client mounts and AutoFS on-demand mounts by hand.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #2 Domain 1-1 Monitoring — CloudWatch Metrics, Alarms, and Dashboards
The second post of the SOA-C03 series covers CloudWatch, the first topic of the largest domain, Monitoring (22%). It covers how metrics are collected along with namespaces and dimensions, the difference between standard and custom metrics, alarm state transitions and evaluation-period design, composite alarms, and dashboard composition.
AWS Certified Developer - Associate (DVA-C02) #8 Domain 2-2 Security — Encryption and Secrets
The second post of the DVA-C02 security domain. It covers KMS key types and envelope encryption, at-rest and in-transit encryption, S3 server-side encryption options (SSE-S3, SSE-KMS, SSE-C) and Lambda environment variable encryption, and the difference between Secrets Manager and Parameter Store (automatic rotation, cost, hierarchy), all at the exam level. Keeping secrets out of code is the core.
Certified Kubernetes Administrator (CKA) #17 Storage 2: StorageClass, Dynamic Provisioning, Reclaim Policy, Expansion
The 17th post in the Certified Kubernetes Administrator (CKA) series. We configure dynamic provisioning with a StorageClass so that creating just a PVC makes a PV appear automatically, and sort out the difference between the default StorageClass and volumeBindingMode. We also confirm with YAML how reclaimPolicy (Delete/Retain) treats data when a PV is removed, and how allowVolumeExpansion grows a volume.
Certified Kubernetes Application Developer (CKAD) #12 Observability: logging, kubectl debug, port-forward, ephemeral container
The twelfth post in the Certified Kubernetes Application Developer (CKAD) series. A hands-on tour of the observability tools you reach for when an app misbehaves. Follow logs with kubectl logs, read state with describe and events, get inside with exec and port-forward, and debug even shell-less containers with the ephemeral container of kubectl debug — building the muscle memory for the whole flow.
Certified Kubernetes Security Specialist (CKS) #10 Secrets Management: etcd Encryption, External Secrets
The tenth post in the Certified Kubernetes Security Specialist (CKS) series. Starting from the fact that a Kubernetes Secret is stored in etcd as base64 only — which is not encryption — we walk through encrypting secrets at rest with an EncryptionConfiguration, wiring it to the apiserver flags, re-encrypting existing Secrets, and checking for plaintext with etcdctl. We then tie in the big picture of integrating an external secret store via the External Secrets Operator and KMS, plus minimizing Secret-access RBAC, so you get hands-on with the exam staple of enabling etcd encryption.
Kubernetes and Cloud Native Associate (KCNA) #1: Exam Introduction — Structure and Study Strategy
The opening post of the Kubernetes and Cloud Native Associate (KCNA) series. The shape of 60 questions, 90 minutes, and a 75% passing line; the weight and meaning of the five domains; registration and the online-proctored testing environment; and the study strategy that turns the intuition built in the [K8s hands-on track](/en/posts/k8s-basics-1) into multiple-choice answers. This series targets a KCNA pass in nine posts, wrapping up with a mock multiple-choice exam in #9.
Red Hat Certified Engineer (RHCE) #9 Tags and conditionals: when, loop, until
The ninth post in the Red Hat Certified Engineer (RHCE) series. We organize the core tools that control the flow of a playbook — conditional execution with when, iteration with loop, retries with until, and partial runs with tags. We learn the exam-staple patterns hands-on: branching by OS, bulk-creating a user list, retrying while waiting for a service to come up, and using tags to run only the tasks you need.