#Certification
167 posts
Red Hat Certified System Administrator (RHCSA) #6: Local Storage 2 — LVM Expansion and LUKS Encryption
The sixth post in the Red Hat Certified System Administrator (RHCSA) series. We add a PV to a volume group and grow it with vgextend, enlarge the logical volume with lvextend, then extend the file system itself with xfs_growfs and resize2fs — and we build a LUKS-encrypted volume with cryptsetup, setting it up to unlock automatically at boot through crypttab and fstab. We also cover exam staples like XFS being impossible to shrink.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #1 Exam Introduction — Exam Structure and Study Roadmap
The first post in the AWS Certified CloudOps Engineer - Associate (SOA-C03) series. It covers the rename from SysOps Administrator to CloudOps Engineer, the 65-question / 130-minute / 720-point structure, the weight of the five domains (Monitoring 22% , Reliability 22% , Deployment Automation 22% , Networking 18% , Security 16%), and a study strategy that turns the hands-on experience from the [AWS practical track](/en/posts/aws-basics-1-account-region-az), [SAA-C03](/en/posts/aws-saa-1), and [DVA-C02](/en/posts/aws-dva-1) into operational judgment. This 15-part series is designed to help you pass SOA-C03, and it ends with a full-scale mock exam in #15.
AWS Certified Developer - Associate (DVA-C02) #7 Domain 2-1 Security — Authentication and Authorization
The first post of the DVA-C02 security domain. From a developer's perspective, it revisits IAM Roles (instance profile, ECS task role, Lambda execution role), STS temporary credentials and AssumeRole/federation, and the division of roles between a Cognito User Pool (authentication) and an Identity Pool (temporary AWS credentials), all at the exam level. The security domain is the second-largest at 26%.
Certified Kubernetes Administrator (CKA) #16 Storage 1: Volume Types, PV, PVC, and Static Provisioning
The sixteenth post in the Certified Kubernetes Administrator (CKA) series. From Volume types (emptyDir, hostPath, configMap/secret, PVC) to a PersistentVolume's capacity and accessModes, persistentVolumeReclaimPolicy, the request and binding rules of a PersistentVolumeClaim, and the static provisioning where an admin creates PVs ahead of time — all walked through with YAML examples.
Certified Kubernetes Application Developer (CKAD) #11 Probes: liveness, readiness, startup (exec/HTTP/TCP)
Part 11 of the Certified Kubernetes Application Developer (CKAD) series. Learn the three probes (liveness, readiness, startup) and the three handlers (exec, httpGet, tcpSocket) that Kubernetes uses to check whether a container is alive and ready to take traffic — through YAML examples — and nail down the liveness-vs-readiness distinction that trips people up most often on the exam.
Certified Kubernetes Security Specialist (CKS) #9: Pod Security Admission (PSA, Pod Security Standards)
The ninth post in the Certified Kubernetes Security Specialist (CKS) series. It covers how Pod Security Admission — the replacement for the retired PodSecurityPolicy — rejects dangerous Pods at the namespace level. We work through the three levels of the Pod Security Standards (privileged, baseline, restricted) and the three modes (enforce, audit, warn), applying them with namespace labels, the security settings restricted demands, and how to write a Pod that passes — all from an exam point of view.
Red Hat Certified Engineer (RHCE) #8 Error handling: block/rescue/always, failed_when, ignore_errors
The eighth post of the Red Hat Certified Engineer (RHCE) series. We cover the error handling that controls the flow when a playbook fails mid-run. From the exam point of view, we work through structuring exceptions with block/rescue/always, letting failures slide with ignore_errors, defining your own failure conditions with failed_when, and shoring up the idempotency of the command module with changed_when.
Red Hat Certified System Administrator (RHCSA) #5: Local Storage 1 — Partitions, swap, LVM basics
The fifth post in the Red Hat Certified System Administrator (RHCSA) series. We check disks with lsblk and fdisk, create partitions with fdisk,parted, add swap with mkswap,swapon, build LVM with pvcreate,vgcreate,lvcreate, then mount it permanently with mkfs and fstab (UUID) — all typed out by hand. We carry RHCSA's most common task, "create an LVM and mount it," all the way through so it survives a reboot.
AWS Certified Developer - Associate (DVA-C02) #6 Domain 1-5 Development with AWS Services — SDK Development Patterns
The fifth post of the DVA-C02 development domain. It covers the common patterns that recur when calling services with the AWS SDK: pagination, exponential backoff and jitter for handling throttling and transient errors, idempotency implementation, S3 multipart upload and presigned URLs, and the SDK credential provider chain along with region and retry configuration, all at the exam level.
Certified Kubernetes Administrator (CKA) #15 Resource Management: requests/limits, QoS, LimitRange, ResourceQuota
The 15th post in the Certified Kubernetes Administrator (CKA) series. We lay out how requests and limits reserve and cap cpu and memory, the difference between CPU throttling and memory OOMKilled, and how the three QoS classes — Guaranteed, Burstable, BestEffort — decide eviction order. Then we work through the operational policies that enforce container defaults with LimitRange and namespace totals with ResourceQuota, all in YAML.
Certified Kubernetes Application Developer (CKAD) #10 Kustomize: The Overlay Pattern and Per-Environment Manifests
The tenth post in the Certified Kubernetes Application Developer (CKAD) series. It covers Kustomize, which transforms manifests per environment without templates. From the core fields of kustomization.yaml to the base/overlays structure, patchesStrategicMerge and JSON6902 patches, the hash-based rolling of configMapGenerator and secretGenerator, and the build-and-apply flow via the -k flag — organized from a hands-on exam perspective.
Certified Kubernetes Security Specialist (CKS) #8: kernel hardening, capabilities, /proc protection
The eighth post of the Certified Kubernetes Security Specialist (CKS) series. We cover how to strip privileges from containers with securityContext to shrink the attack surface. From the drop-ALL-then-add-only-what-you-need pattern for Linux capabilities, to the dangers of privileged and allowPrivilegeEscalation, runAsNonRoot and readOnlyRootFilesystem, /proc masking via procMount, and blocking hostPID/hostNetwork/hostIPC and host path mounts — all pulled together into a hardened YAML example.