#Infrastructure
300 posts
Certified Kubernetes Administrator (CKA) #12 ConfigMap and Secret in Depth
The twelfth post in the Certified Kubernetes Administrator (CKA) series. We dig into ConfigMap and Secret from an operator's point of view: the three sources of kubectl create (--from-literal, --from-file, --from-env-file), Secret types (generic/docker-registry/tls) and the fact that base64 is not encryption, the injection methods of env valueFrom, envFrom, volume mount, and subPath, the difference in auto-refresh between env and volume, and how immutable buys you both performance and safety — all laid out with YAML and kubectl.
Certified Kubernetes Application Developer (CKAD) #7 Workloads 3: Job, CronJob (Backoff, Concurrency)
The seventh post in the Certified Kubernetes Application Developer (CKAD) series. It covers Job, which handles run-once batch work, and CronJob, which runs that work on a schedule, from a hands-on exam perspective. We will build completions, parallelism, backoffLimit, activeDeadlineSeconds, restartPolicy, and ttlSecondsAfterFinished, along with CronJob's schedule, concurrencyPolicy, startingDeadlineSeconds, and suspend, directly with YAML and kubectl.
Certified Kubernetes Security Specialist (CKS) #5: ServiceAccount token management, restricting API access, cluster upgrades
The fifth post in the Certified Kubernetes Security Specialist (CKS) series. It covers ServiceAccount token management, a frequent topic in the Cluster Hardening domain. We work through setting automountServiceAccountToken to false to block unnecessary token mounts, the expiration and audience of bound ServiceAccount tokens, and the difference between legacy Secret tokens and projected tokens. Then we shrink the API access surface by disabling anonymous-auth and protecting the kubelet API, and finish with cluster upgrades for applying security patches.
Red Hat Certified Engineer (RHCE) #4 Ad-hoc commands: running modules on the spot
The fourth post in the Red Hat Certified Engineer (RHCE) series. We lay out the ad-hoc structure for running modules on the spot with the ansible command, the frequently used modules such as ping, command, shell, copy, file, dnf, service, user, and lineinfile, host patterns, become, and how to look up options with ansible-doc — all worked through with examples.
Red Hat Certified System Administrator (RHCSA) #1: The Exam — EX200 format, environment, study strategy
The opening post of the Red Hat Certified System Administrator (RHCSA) series. We lay out the format and domains of the EX200 hands-on exam, the 210/300 passing line, the testing environment where you work with man pages only and no internet, and the study strategy that turns the feel you built on the [RHEL operations track](/en/posts/rhel-basics-1) into hands-on exam results. This 16-part series targets an RHCSA pass, wrapping up with a full-scale mock exam in #16.
AWS Certified Developer - Associate (DVA-C02) #2 Domain 1-1 Development with AWS Services — Lambda Deep Dive
The first post of the DVA-C02 development domain. It covers Lambda's execution model across three invocation types — synchronous, asynchronous, and stream polling — along with concurrency (reserved concurrency, provisioned concurrency) and throttling, environment variables and layers, cold starts, idempotency, and failure handling via destinations and DLQs, all at the exam level. The development domain carries the largest weight at 32%, and Lambda sits at its center.
AWS Certified Solutions Architect - Associate (SAA-C03) #13 Domain 4-1 Cost Optimization — Pricing Models
The first post of the SAA-C03 cost optimization domain. It reorganizes EC2 purchasing options from a cost perspective (Reserved Standard/Convertible, Compute/EC2 Instance Savings Plans, Spot), the cost structure of S3, data transfer costs (inbound , outbound , cross-AZ/region) and how to reduce them, and architecture choices that lower cost.
Certified Kubernetes Administrator (CKA) #11 Workloads 2: DaemonSet, StatefulSet, Job, CronJob
The eleventh post in the Certified Kubernetes Administrator (CKA) series. We organize the four workloads that Deployment can't cover: the DaemonSet that runs exactly one Pod per node, the StatefulSet with stable IDs, ordering, a headless Service, and volumeClaimTemplates, the Job that runs toward completion, and the CronJob that stamps out Jobs on a schedule — all drilled hands-on with YAML and kubectl.
Certified Kubernetes Application Developer (CKAD) #6 Workloads 2: DaemonSet, StatefulSet
The sixth post in the Certified Kubernetes Application Developer (CKAD) series. It covers the workload controllers beyond Deployment — DaemonSet and StatefulSet — from a hands-on perspective. We will build the DaemonSet that places one Pod on every node, and the StatefulSet that needs a stable network ID and ordering guarantees, in YAML all the way down to the headless Service and volumeClaimTemplates.
Certified Kubernetes Security Specialist (CKS) #4: RBAC least privilege in depth (Cluster Hardening)
The fourth post in the Certified Kubernetes Security Specialist (CKS) series. On top of the RBAC you learned in CKA, we layer the principle of least privilege and go deep, from a security angle, on how to find and narrow Roles that are too broad. We cover the danger of wildcard verb/resource, removing default ServiceAccount permissions, cutting ClusterRoleBinding overuse down with RoleBinding, the gotchas of aggregated ClusterRole, identifying dangerous permissions like secrets get, pods/exec, escalate, bind, and impersonate, and the flow of verifying narrowed permissions with kubectl auth can-i --as.
Red Hat Certified Engineer (RHCE) #3: Config Files and Connectivity — ansible.cfg, ssh, become
The third post in the Red Hat Certified Engineer (RHCE) series. We lay out the lookup precedence and key settings of ansible.cfg, which governs how Ansible behaves, the procedure for setting up SSH key-based connections with ssh-copy-id, and how to escalate privileges with become. We build a per-project ansible.cfg and become configuration by hand — a perennial exam favorite — and check the connection.
AWS Certified Developer - Associate (DVA-C02) #1 Exam Introduction — Exam Structure and Study Roadmap
The first post of the AWS Certified Developer - Associate (DVA-C02) series. It covers the exam structure (65 questions, 130 minutes, a 720 passing line), the weight and meaning of the four domains (Development 32% , Security 26% , Deployment 24% , Troubleshooting and Optimization 18%), how it differs from the Solutions Architect Associate (SAA-C03), and a study strategy that turns the hands-on feel built on the [AWS practical track](/en/posts/aws-basics-1-account-region-az) into exam questions from a developer's point of view. This 15-part series aims to help you pass DVA-C02, ending with a full-scale mock exam in #15.