Cross-Domain Lessons¶

109 standalone lessons that follow real problems across multiple domains. Designed for ADHD learners: constantly changing texture, immediate relevance, concrete before abstract, dopamine hits from etymology and trivia, short sections with clear payoff.

Pick any lesson. There's no required order.

End-to-End Traces¶

Follow a single action through every layer it touches.

What Happens When You Click a Link — DNS → ARP → TCP → TLS → HTTP → load balancing → app → response
What Happens When You Press Power — Firmware → GRUB → kernel → initramfs → systemd → login
What Happens When You docker build — Context → Dockerfile → layers → cache → OverlayFS → registry
What Happens When You kubectl apply — YAML → API server → etcd → scheduler → kubelet → running pod
What Happens When You helm install — Chart → template rendering → value merging → hooks → release record
What Happens When You git push to CI — Git hooks → webhook → CI runner → build → test → deploy
PXE Boot: From Network to Running Server — PXE ROM → DHCP → TFTP → iPXE → autoinstall → Ansible
SSH Is More Than You Think — Key exchange → authentication → tunneling → ProxyJump → certificates
strace: Reading the Matrix — Syscalls, file I/O, network, process lifecycle through strace
What Happens When You Type a Regex — NFA/DFA engines, backtracking, catastrophic regex, grep vs PCRE
eBPF: The Linux Superpower — BPF history → bpftrace → bcc tools → Cilium → Tetragon
What Happens Inside a Linux Pipe — Pipe buffers, backpressure, SIGPIPE, parallel execution
The /proc Filesystem: Linux's Hidden API — Per-process inspection, memory maps, network state
How to Read a Flame Graph — CPU profiling, perf, stack traces, bottleneck patterns
iptables: Following a Packet — Netfilter chains, NAT, conntrack, Docker/K8s rules
The Subnet Calculator in Your Head — CIDR math, subnet boundaries, RFC 1918, VPC design
What Happens When Kubernetes Evicts Your Pod — Node pressure, QoS classes, eviction order, ephemeral storage
tmux and the Terminal — PTY, SIGHUP, session persistence, multiplexing
OpenTelemetry: Following a Request Across Services — Traces, spans, collector pipelines, sampling strategies
Kubernetes Services: How Traffic Finds Your Pod — ClusterIP → NodePort → LoadBalancer → Ingress, kube-proxy iptables, CoreDNS
Log Pipelines: From printf to Dashboard — Application → journald → shipper → aggregator → dashboard
Container Registries: Where Your Images Actually Live — OCI spec, docker pull trace, tags vs digests, promotion pipelines
Envoy: The Proxy That's Everywhere — Listeners, filters, clusters, xDS API, Istio sidecar, circuit breaking
Kubernetes Node Lifecycle: From Provision to Decommission — Cordon, drain, PDBs, cert rotation, bare-metal replacement, node resources
Kubernetes: From Scratch to Production Upgrade — kubeadm bootstrap, cluster upgrades, EKS, CNI selection, certificates, DR

Incident-Driven¶

Start with something broken. The domains emerge from the investigation.

The Hanging Deploy — Processes, signals, systemd, bash job control, cgroups, containers
The Disk That Filled Up — Filesystems, logging, inodes, Docker storage, Kubernetes PVCs
The Database That Wouldn't Start — Lock files, permissions, WAL corruption, connection exhaustion
The Mysterious Latency Spike — CPU throttling, GC, disk I/O, network, noisy neighbors, THP
The Terraform State Disaster — State files, locking, drift, workspaces, import, recovery
The Cascading Timeout — Circuit breakers, retry storms, backpressure, bulkheads
The Rollback That Wasn't — Deploy strategies, database migrations, feature flags
When the Queue Backs Up — Kafka/RabbitMQ consumer lag, poison messages, DLQs
The Split-Brain Nightmare — Distributed consensus, quorum, CAP theorem, Redis Sentinel
The Cloud Bill Surprise — FinOps, cost allocation, forgotten resources, right-sizing
The Backup Nobody Tested — RPO/RTO, pg_dump, PITR, Velero, restore testing
What Happens When Your Certificate Expires — TLS lifecycle, cert-manager, HSTS, clock skew
The Load Balancer Lied — Shallow vs deep health checks, connection draining, cascade
The Monitoring That Lied — Metric lag, counter resets, percentile math, absent metrics
Redis in Production — Persistence, memory management, eviction, slow commands
Elasticsearch Operations — Cluster health, disk watermarks, ILM, mapping explosions
MySQL Operations: The Database You Inherited — InnoDB internals, replication, pt-tools, backup strategies
MongoDB: The Document Database That Surprised Everyone — Replica sets, sharding, oplog, WiredTiger, write concerns
Server Hardware: When the Blinky Lights Matter — IPMI/iDRAC, Redfish API, ECC memory, SMART, NUMA
etcd: The Database That Runs Kubernetes — Raft consensus, compaction, backup/restore, cluster sizing
AWS Lambda: The Function That Runs Itself — Cold starts, VPC attachment, event sources, recursive triggers
AWS RDS: The Managed Database Tradeoff — Multi-AZ failover, Performance Insights, RDS Proxy, Aurora
AWS EC2: The Virtual Server You Never See — Instance types, EBS, IMDSv2, spot instances, auto scaling
Kafka: The Log That Runs Everything — Commit log model, consumer groups, KRaft, Schema Registry

Differential Diagnosis¶

Same symptom, different root causes across layers.

Connection Refused — DNS, networking, processes, bind addresses, firewalls, Docker, K8s
Permission Denied — File permissions, ACLs, sudo, capabilities, SELinux, RBAC, IAM
Out of Memory — Linux OOM killer, cgroups, Kubernetes resources, JVM, swap
Terraform vs Ansible vs Helm — IaC tool selection with clear boundary lines
The Nginx Config That Broke Everything — proxy_pass, DNS caching, location matching
Ansible Playbook Debugging — Variable precedence (22 levels!), check/diff mode, handlers
AWS IAM: The Permissions Puzzle — Policy evaluation, Access Denied debugging, cross-account access, SCPs
Kubernetes Debugging: When Pods Won't Behave — CrashLoopBackOff, ImagePullBackOff, scheduling failures, probes, debug containers
DNS Operations: When nslookup Isn't Enough — dig +trace, Route 53, CoreDNS ndots:5, DNSSEC, split-horizon
API Gateways: The Front Door to Your Microservices — Kong, Traefik, rate limiting algorithms, auth, canary releases

Archaeological¶

Trace how a concept evolved — each generation solves the previous one's problems.

From Init Scripts to systemd — SysV init → Upstart → systemd
Why DNS Is Always the Problem — HOSTS.TXT → DNS → DNSSEC → DoH
Why Everything Uses JSON Now — XML → JSON → Protobuf
Why YAML Keeps Breaking Your Deploys — Norway problem, octal trap, Helm
Prometheus and the Art of Not Alerting — PromQL, alert fatigue, SLOs, error budgets
Understanding Distributed Systems Without a PhD — CAP, consensus, eventual consistency
The Service Mesh Tax — Istio/Envoy overhead, when NOT to use a mesh
Why NTP Matters More Than You Think — Clock skew breaks TLS, Kafka, TOTP, make
RAID: Why Your Disks Will Fail — RAID levels, rebuild danger, SMART monitoring
Make and Makefiles — 1976 origins, dependency graphs, DevOps patterns
The Kubernetes Migration That Took a Year — Iceberg problem, strangler fig, migration mistakes
GitOps: The Repo Is the Truth — Push vs pull deploys, ArgoCD architecture, reconciliation loop
S3: The Object Store That Runs the Internet — Consistency model history, storage classes, the 2017 outage
BGP: How the Internet Routes Your Packets — Path vector protocol, route selection, hijacking, RPKI, Calico
SLOs: When Good Enough Is a Number — Error budgets, burn rate alerting, Prometheus rules
Git Internals: The Content-Addressable Filesystem — Object model, plumbing commands, merge strategies, packfiles, DAG
Prometheus: Under the Hood — TSDB internals, cardinality, PromQL deep dive, Thanos, alerting pipeline

Adversarial¶

Understand a system by breaking it, then learn to defend it.

The Container Escape — Namespaces, capabilities, seccomp, Docker socket
The Git Disaster Recovery Guide — Reflog, reset, bisect, committed secrets
Chaos Engineering: Breaking Things on Purpose — Fault injection, game days, Chaos Monkey
Supply Chain Security: Trusting Your Dependencies — SolarWinds to xz, Trivy scanning, cosign signing, SLSA framework
cgroups and Namespaces: Containers Are a Lie — Build a container from scratch, namespace types, cgroups v2, escapes
Linux Hardening: Closing the Doors — SSH, SELinux/AppArmor, CIS benchmarks, auditd, sysctl tuning
Bash: The Patterns That Matter — set -euo pipefail, traps, arrays, parameter expansion, flock, anti-patterns

Build-Up¶

Construct something from scratch, adding domains as complexity demands.

Deploy a Web App From Nothing — Process → systemd → Nginx → Docker → Compose → K8s
Secrets Management Without Tears — Hardcoded → env vars → files → Vault → External Secrets
How Incident Response Actually Works — AAVCE, roles, severity, 3Rs, cognitive biases
The Art of the Postmortem — Blameless culture, timelines, action item tracking
The Art of the Runbook — 3am test, copy-paste commands, decision trees
AWS VPC: The Network You Can't See — VPC from scratch, packet trace through IGW/NACLs/SGs, peering, endpoints
Load Testing: Finding the Breaking Point — Little's Law, k6, coordinated omission, bottleneck diagnosis
Packer: Building Machine Images That Don't Lie — Golden images, HCL2 templates, parallel builds, immutable infrastructure
Linux Networking: Bridges, Bonds, and VLANs — Namespaces, veth, bridges, LACP, 802.1Q, Docker internals
Kustomize: Kubernetes Config Without Templates — Bases, overlays, strategic merge patches, vs Helm comparison
Vault: Secrets That Expire on Purpose — Dynamic secrets, seal/unseal, Kubernetes integration, HA with Raft
GitHub Actions: CI/CD That Lives in Your Repo — OIDC auth, matrix builds, reusable workflows, security hardening
Grafana: Dashboards That Don't Lie — USE/RED methods, PromQL, alerting, dashboard-as-code, Loki
Compliance as Code: Automating the Auditor — OPA/Rego, InSpec, CIS benchmarks, audit log pipelines
Terraform Modules: Building Infrastructure LEGOs — Composition, versioning, testing, anti-patterns, governance
Docker Compose: The Local Cluster — Networking DNS, health checks, profiles, watch mode, vs K8s
systemd: The Init System You Can't Avoid — Unit files, socket activation, timers, security hardening, journald
Nginx: The Swiss Army Server — Location matching, proxy_pass, rate limiting, TLS, caching
Ansible: From Playbook to Production — Roles, dynamic inventory, Vault, Molecule, rolling updates
Capacity Planning: Math Before Midnight — Little's Law, USE method, queueing theory, right-sizing
Linux Storage: LVM, Filesystems, and Beyond — LVM deep dive, XFS/ZFS/ext4, NFS, iSCSI, SMART, Portworx

Parallel¶

Same task, different tools — when the contrast reveals different computational models.

Text Processing: jq, awk, and sed in the Trenches — Same log problem three ways, real pipeline composition
Python for Ops: The Bash Expert's Bridge — Bash → Python mental model mapping, subprocess, pathlib, requests, side-by-side rewrites

Python Learning Path¶

Progressive Python lessons for ops engineers — from zero to automating infrastructure.

Python: Zero to Script for the Terminal Native — Variables, types, dicts, file I/O, error handling — every concept mapped to its Bash equivalent
Python for Ops: The Bash Expert's Bridge — subprocess, pathlib, argparse, requests — the Bash-to-Python mental model shift
Python: Data Wrangling for Ops — Counter, regex, datetime, generators, CSV — replacing awk/sed for log analysis at scale
Python: Automating Everything — APIs and Infrastructure — requests, boto3, kubernetes client, Prometheus API, CLI tools, Slack webhooks