#Infrastructure
300 posts
AWS Basics #6: Security Basics — MFA, Key Rotation, Least Privilege
Enforcing MFA on root and IAM users, automating access-key rotation, auditing permissions with IAM Access Analyzer, least-privilege patterns, and the incidents you actually see in production.
Docker Intermediate #4: Compose Deep Dive — depends_on, healthcheck, profiles
Adding operational sense to compose.yaml. healthcheck for whether the DB is actually ready, depends_on with conditions for meaningful startup order, and profiles to fork dev/test/prod inside one file. Plus override files and restart policies.
K8s Basics #2: Local Environments — minikube / kind / Docker Desktop k8s
Time to actually meet the control plane / worker picture from [#1](/en/posts/k8s-basics-1). Compare the three ways to run K8s on a laptop (minikube / kind / Docker Desktop k8s), install kubectl, and bring up your first cluster with kind — through to inspecting the nodes and system pods.
RHEL Intermediate #1: Intro to SELinux — Enforcing/Permissive, Labels, Troubleshooting
A beginner-friendly introduction to SELinux, RHEL's last security layer. Covers the three modes Enforcing/Permissive/Disabled, the shape of labels (context) attached to every file and process, viewing them with ls -Z / ps -Z, fixing labels with chcon/restorecon, making permanent changes via semanage fcontext, toggling booleans, and troubleshooting AVC denials with audit2allow and sealert.
AWS Basics #5: CloudShell and IAM Identity Center (SSO)
CloudShell — the in-browser terminal — and IAM Identity Center (SSO), the standard login for multi-account, all the way through to the aws cli sso login flow.
Docker Intermediate #3: docker compose Basics — web + db in One File
A tool for defining several containers in one file and starting them with a single command. The service / network / volume structure of compose.yaml, a real web + postgres setup, and the day-to-day flow of up/down/logs/ps.
K8s Basics #1: What Is Kubernetes — Why Do We Need a Container Orchestrator?
You can run a single container with Docker. But what if you need 100 — and they need to restart on failure, scale with traffic, and survive a node going down? This first post in the series covers the limits of single-container tools, the problem container orchestrators solve, and the big picture of a Kubernetes cluster.
RHEL Basics #7: Basic Security — firewalld, SSH Hardening
RHEL's firewall abstraction firewalld and its zone model, the firewall-cmd command set (permanent vs runtime), the four standard SSH hardening steps — disable password auth, key-based auth, lock down root login, change the port, split sshd_config.d. The final post of the series.
AWS Basics #4: AWS CLI and SDK Setup
Installing aws cli v2, aws configure, profiles and the credentials file, how SDKs like boto3 / aws-sdk-js fit in, and the order in which the credential chain flows.
Docker Intermediate #2: Build Cache — BuildKit and Layer Ordering
BuildKit-era build caching, in earnest. Spotting where layer cache breaks, sharing npm/pip caches across builds with --mount=type=cache, parallelizing builds with COPY --link, and external caches via GHA / registry.
RHEL Basics #6: Filesystem Basics — XFS, mount, /etc/fstab
RHEL 9's default filesystem XFS and how it differs from ext4, viewing disks with lsblk / df / du, the full cycle of partitioning a new disk, formatting with mkfs.xfs, mounting it, registering permanently in /etc/fstab via UUID, and managing swap.
AWS Basics #3: Cost Management — Billing Alerts, Cost Explorer, Free Tier
The limits of the Free Tier, setting up AWS Budgets / billing alerts, analyzing the bill with Cost Explorer, and a tag strategy that holds up in production — the guardrail that prevents first-bill shock.