#Infrastructure

300 posts

AWS Certified Cloud Practitioner (CLF-C02) #8 Domain 4 Billing and Support — Pricing Models, Support Plans, TCO
8 min read

AWS Certified Cloud Practitioner (CLF-C02) #8 Domain 4 Billing and Support — Pricing Models, Support Plans, TCO

The final CLF-C02 domain — Billing, Pricing, and Support (12%). The weight is small, but the question patterns are formulaic, so this is a domain you can take near-full marks on. We cover the four EC2 pricing models (On-Demand, Reserved, Savings Plans, Spot), the free tier, AWS Pricing Calculator and TCO Calculator, Cost Explorer, AWS Budgets, Cost and Usage Report, Consolidated Billing, the four Support Plan tiers (Basic, Developer, Business, Enterprise), and the check coverage of Trusted Advisor.

K8s Practice #4: CI/CD Pipeline — GitHub Actions / ECR / ArgoCD
10 min read

K8s Practice #4: CI/CD Pipeline — GitHub Actions / ECR / ArgoCD

The `myshop-api` built in [#3](/en/posts/k8s-practice-3) still relies on manual steps whenever a new version is released. This post automates that process. GitHub Actions pushes container images to AWS ECR via OIDC without static keys, auto-commits Helm values in the manifest repo so the ArgoCD covered in [Advanced #6](/en/posts/k8s-advanced-6) can detect the change and sync to the cluster, and keeps PR approval gates, dev/prod branching, and canary deployment in one flow.

RHEL in Practice #6 Wrapping Up the Track: A Reference Architecture
8 min read

RHEL in Practice #6 Wrapping Up the Track: A Reference Architecture

The final post of the RHEL in Practice track. We tie together the nginx web server, PostgreSQL, Podman containers, Cockpit/PCP monitoring, and Ansible automation covered across posts #1 through #5 into a single reference architecture, drawing the full picture of running one small web service on a single box. We also walk through an operations checklist covering persistence, SELinux, firewalld, backups, logging, permissions, and time sync, plus the learning path that leads on to the RHCSA and RHCE certifications.

AWS Certified Cloud Practitioner (CLF-C02) #7 Domain 3-2 Core Services — Networking and Databases
10 min read

AWS Certified Cloud Practitioner (CLF-C02) #7 Domain 3-2 Core Services — Networking and Databases

The second half of Domain 3. Networking (VPC, subnets, Route 53, CloudFront, the four ELB types, VPN, Direct Connect, Global Accelerator), databases (RDS, Aurora, DynamoDB, ElastiCache, Redshift, DocumentDB, Neptune), and ops/management services (CloudWatch, CloudTrail, Trusted Advisor, Systems Manager, CloudFormation). The volume looks heavy, but it compresses into a single workload-to-service mapping table. #8 picks up with Domain 4, Billing and Support.

AWS in Practice #6: Cost Optimization and Dashboards — Wrapping Up the Track
11 min read

AWS in Practice #6: Cost Optimization and Dashboards — Wrapping Up the Track

Cost Explorer analysis, Savings Plans / Spot / Graviton, Right Sizing, tag enforcement and cost classification, the FinOps angle — and the wrap-up of 27 posts of AWS track converging into one system.

K8s Practice #3: DB Integration — RDS / Secrets Manager / External Secrets / Connection Pool
10 min read

K8s Practice #3: DB Integration — RDS / Secrets Manager / External Secrets / Connection Pool

The `myshop-api` exposed in [#2](/en/posts/k8s-practice-2) is still an empty shell with no data store. This post organizes the flow of bringing up RDS PostgreSQL with Terraform, storing the master secret in AWS Secrets Manager, auto-syncing it into a K8s Secret with External Secrets Operator, accessing AWS without static credentials via IRSA, and adding PgBouncer as a connection pool. It also covers automating schema migration as a Job.

RHEL in Practice #5: Automating RHEL with Ansible — Bridging to the RHCE Track
8 min read

RHEL in Practice #5: Automating RHEL with Ansible — Bridging to the RHCE Track

The fifth post in the RHEL in Practice track. We take the hand-driven work from #1〜#4 — nginx, PostgreSQL, Podman, and monitoring — and tie it back together with Ansible, organizing the big picture of reproducing the same result from a single set of code. We cover ansible-core installation, a minimal inventory and ansible.cfg, the idempotency concept, examples of moving hand work into a playbook, and the path to abstraction with rhel-system-roles — leaving the deep syntax to the RHCE track.

AWS Certified Cloud Practitioner (CLF-C02) #6 Domain 3-1 Core Services — Compute and Storage
10 min read

AWS Certified Cloud Practitioner (CLF-C02) #6 Domain 3-1 Core Services — Compute and Storage

The front half of Domain 3 (34%), the widest-surface domain on the CLF-C02 exam. We classify the compute services (EC2, Lambda, ECS, Fargate, Elastic Beanstalk, Lightsail, Batch) by the kind of workload they fit, and lay out the storage services (S3 storage classes, EBS, EFS, FSx, Storage Gateway, Snow Family) by category and use case. The volume looks large, but it collapses into workload → service mappings. #7 continues with networking and databases.

AWS in Practice #5: Monitoring — CloudWatch Alarms and X-Ray
10 min read

AWS in Practice #5: Monitoring — CloudWatch Alarms and X-Ray

CloudWatch Logs Insights operational queries, ECS / RDS / ALB core metrics and alarm thresholds, SNS → Slack notifications, X-Ray distributed tracing for catching slow requests in one line — turning on the operational eye.

K8s Practice #2: App Deployment Skeleton — Deployment / Service / Ingress / Helm
10 min read

K8s Practice #2: App Deployment Skeleton — Deployment / Service / Ingress / Helm

The stage of putting `myshop-api` on the empty EKS cluster brought up in [#1](/en/posts/k8s-practice-1). We organize Deployment / Service / Ingress / ConfigMap / Secret / ServiceAccount / HPA as one bundle, auto-provision an ALB with AWS Load Balancer Controller, and package the bundle as a Helm chart so the same chart deploys to dev and prod with different values.

RHEL in Practice #4 Monitoring: Cockpit, PCP
11 min read

RHEL in Practice #4 Monitoring: Cockpit, PCP

The fourth post in the RHEL in Practice track. Once you have web, DB, and containers running, it is time to look at what is actually happening on top of them. This post walks through one full cycle: standing up the Cockpit web console for browser-based server management and Performance Co-Pilot (PCP) for collecting and recording performance metrics on RHEL, then wiring the two together to view performance graphs. It also covers when to reach for the basic commands like top, ss, journalctl, and sar.

AWS Certified Cloud Practitioner (CLF-C02) #5 Domain 2-2 Compliance — Governance, AWS Artifact, GDPR/HIPAA
9 min read

AWS Certified Cloud Practitioner (CLF-C02) #5 Domain 2-2 Compliance — Governance, AWS Artifact, GDPR/HIPAA

The second half of Domain 2. What AWS compliance certifications (SOC, ISO, PCI DSS, HIPAA, FedRAMP, GDPR) actually mean, how to pull certification documents through AWS Artifact, where governance tools (CloudTrail, Config, Organizations SCP) and security operations tools (GuardDuty, Inspector, Macie, Security Hub) sit, and finally data encryption (at rest and in transit) together with KMS and CloudHSM. In #6 we head into Domain 3 — Compute and Storage at 34% of the exam weight.