#Infrastructure
300 posts
Certified Kubernetes Security Specialist (CKS) #19: Exam tips, time management, and patterns people get wrong
A condensed read to go through one more time right before you sit the CKS hands-on exam. We cover the time management of running roughly 15–20 tasks in 2 hours, prioritizing tasks by tool, re-running the setup right after the exam starts, switching context across multiple clusters, making use of kubernetes.io/docs and the Falco, Trivy, AppArmor, and gVisor official docs, the recurring patterns that leak points on a security hands-on exam and how to avoid them, easily confused concept pairs, and a per-domain pre-exam checklist across all six domains. Next up, #20 is a full-scale hands-on mock exam.
Hardware Intermediate #3: Memory Deep Dive — available, Dirty Pages, Container Limits
The one column that matters in free output, the dirty-page behavior behind sudden write bursts, what swappiness really means, and cgroup memory limits with container OOMKilled — memory as you meet it in operations.
Red Hat Certified Engineer (RHCE) #18: Exam Tips and Time Management
A condensed cheat sheet to read once more right before walking into the RHCE (EX294) hands-on exam. We cover the operating strategy for auto-configuring systems with playbooks over four hours and the habit of piling up tasks, running `--syntax-check` and `--check` often, solving unknown modules with ansible-doc and the system roles example docs in an offline environment, verifying idempotency with two runs, the recurring patterns that bleed points and the easily confused concept pairs, and a per-domain checklist for the moment before you sit. The next post, #19, is a full-scale mock exam.
Red Hat Certified System Administrator (RHCSA) #15: Exam tips, time management, and patterns people get wrong
A compressed read for the moment right before you walk into the RHCSA hands-on exam. We cover the time management that runs your 2.5 hours from the easy tasks outward in dependency order, how to solve unfamiliar tasks with man pages when there is no internet, the habit of verifying tasks with a reboot, the recurring patterns that bleed points across the whole series (fstab typos, missing service enable, missing firewall reload, missing persistent SELinux settings) and how to avoid them, easily confused concept pairs, and a domain-by-domain checklist to run right before you sit. The next post, #16, is a full-scale mock exam.
AWS Certified CloudOps Engineer - Associate (SOA-C03) #10 Domain 4-1 Networking — VPC Operations and Connectivity Troubleshooting
The tenth post of the SOA-C03 series covers VPC operations, the first topic in the networking domain (18%). It covers route tables and gateways, the difference between security groups and NACLs, NAT and VPC endpoints, peering and Transit Gateway, and where to check and in what order when connectivity fails.
Certified Kubernetes Administrator (CKA) #25 Troubleshooting 4: Networking, DNS, RBAC, Certificate Expiry
The 25th post in the Certified Kubernetes Administrator (CKA) series. We lay out the diagnostic order to walk when service communication fails — from Endpoints all the way to NetworkPolicy — how to narrow down name-resolution failures with CoreDNS and nslookup, how to read RBAC Forbidden errors with auth can-i, and how to find and fix expired certificates with kubeadm certs check-expiration.
Certified Kubernetes Application Developer (CKAD) #20: Exam Tips, Time Management, and the Patterns People Miss
A compressed read-through to take with you right before the CKAD hands-on exam. We cover the time management for running roughly 15–20 tasks in 2 hours, a refresher on the kubectl speed setup, using imperative generators and the official docs, eight recurring patterns that leak points on the practical and how to avoid them, confusing concept pairs, and a per-domain pre-exam checklist. The next post, #21, is a full-scale hands-on mock exam.
Certified Kubernetes Security Specialist (CKS) #18: Container immutability, forensics
The eighteenth post in the Certified Kubernetes Security Specialist (CKS) series. We cover the final pieces of runtime security — container immutability and incident response. We work through YAML examples for the pattern of hardening the filesystem to read-only with readOnlyRootFilesystem and opening only the paths that need writes via emptyDir, the immutable operating model that forbids in-place changes and only swaps via redeploy, and the forensics procedure of isolating a compromised Pod with a NetworkPolicy and a node cordon, preserving evidence, and then investigating with kubectl debug.
Hardware Intermediate #2: CPU Deep Dive — Turbo, Throttling, Steal Time
The clock on the spec sheet is not a promise. Why turbo boost and thermal throttling make the clock swing, the steal time that eats away a VM's CPU, the cost of context switching, and CPU pinning — the CPU as it behaves in operations.
Kubernetes and Cloud Native Associate (KCNA) #9: Full-Length Practice Exam — 50 Questions with Explanations
The final post of the KCNA series. Fifty questions sized to match the real exam domain weights (Kubernetes Fundamentals 46%, Container Orchestration 22%, Cloud Native Architecture 16%, Observability 8%, Application Delivery 8%), each followed by its answer and an explanation. Score 38 out of 50 (75%) or better and you are in passing territory — go book the exam.
Red Hat Certified Engineer (RHCE) #17 RHCSA Automation 4: firewall, SELinux, SSH keys
Part 17 of the Red Hat Certified Engineer (RHCE) series. This is the final post on automating RHCSA security tasks with Ansible — permanently allowing ports and services with ansible.posix.firewalld, handling SELinux with ansible.posix.seboolean and community.general.sefcontext, and deploying SSH public keys with authorized_key. We also cover the firewall and selinux system role alternatives, along with the persistent-apply options that show up again and again on the exam.
Red Hat Certified System Administrator (RHCSA) #14 Managing containers: Podman, systemd integration (quadlet)
The fourteenth post in the Red Hat Certified System Administrator (RHCSA) series. We search for and pull images with Podman, run containers, map ports, volumes, and environment variables, and run rootless containers as a regular user. Then we register a container as a systemd service with quadlet and use loginctl enable-linger to start it automatically at boot — a staple RHCSA task.