kenpat
ca9e8a7959
Architecture overview, design decisions, Docker/networking/OAuth2/Linux concept deep-dives, cert roadmap for cloud engineering track, interview prep with model answers, and structured learning path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
5.9 KiB
Learning Path — From Where You Are to Cloud Engineer
Your Advantage
You don't have a blank canvas. You have a live production system you built. Most people study networking in a textbook. You configured Cloudflare DNS, set up Tailscale, debugged a Docker networking ufw issue, and traced a distributed systems bug in OAuth2. That's hands-on experience that study alone can't replicate.
The goal now: attach the vocabulary, depth, and theory to things you've already done.
Phase 1 — Complete A+ Core 2 (Now)
Focus areas that directly map to your homelab:
| A+ Core 2 Topic | Your Homelab Connection |
|---|---|
| Linux command line | You've been using it — now learn the theory |
| Security fundamentals | Cloudflare Tunnel, ufw, Tailscale private networking |
| Scripting basics | The bash commands you've run |
| Troubleshooting methodology | The invalid_grant debug process |
| Remote access | SSH, SSH tunnels (you used -L forwarding) |
Study approach:
- Professor Messer's Core 2 videos (free YouTube)
- Jason Dion practice exams on Udemy — aim for 85%+ before scheduling
- For each topic, ask: "Where did I see this in my homelab?"
Phase 2 — CCNA (3–6 Months)
The CCNA will make everything in your homelab make deeper sense. After CCNA, re-read the networking.md file in this repo and you'll see how much more you understand.
Study approach:
- Jeremy's IT Lab (free YouTube + Anki flashcards) — start here
- Packet Tracer labs (free from Cisco) — build networks, don't just watch
- Subnetting practice — do it daily until it's instant. Use subnettingpractice.com
- Week 1-4: OSI model, TCP/IP, subnetting, Ethernet, switching
- Week 5-8: VLANs, Spanning Tree, inter-VLAN routing
- Week 9-16: IPv4 routing (OSPF, EIGRP), IPv6, ACLs, NAT
- Week 17-20: WAN, wireless, security, automation basics, practice exams
Labs to build in Packet Tracer that map to your homelab:
- Build the monk + kscloud1 network topology
- Simulate the Cloudflare Tunnel concept with a router acting as the "edge"
- Set up ACLs that mimic your ufw rules
Phase 3 — AWS SAA-C03 (After CCNA)
Study approach:
- Stephane Maarek's course (Udemy) — the industry standard
- AWS Free Tier — rebuild your homelab services as AWS equivalents:
- Forgejo → CodeCommit
- Custom portal → S3 static website + CloudFront
- Prometheus/Grafana → CloudWatch
- Authentik → Cognito
- Docker Compose → ECS Fargate
- Tailscale → VPC + PrivateLink
- Tutorial Dojo practice exams — Jon Bonso's exams are the most accurate
For each AWS service you study, map it back to your homelab:
| AWS | Your Homelab Equivalent |
|---|---|
| EC2 | Hetzner VPS (kscloud1) |
| S3 | Static file storage |
| VPC | Docker bridge network |
| ALB + CloudFront | Cloudflare Tunnel + edge |
| RDS | Authentik Postgres |
| ElastiCache | Authentik Redis |
| CloudWatch | Prometheus + Grafana |
| Route 53 | Cloudflare DNS |
| IAM | Authentik RBAC / groups |
| Secrets Manager | .env files (what you'd replace) |
| ECS / Fargate | Docker Compose (what you use) |
| VPC Peering | Tailscale overlay |
Phase 4 — Hands-On Learning Between Certs
Don't just study. Build.
Projects to add to your homelab that teach real cloud concepts:
-
Add Terraform — define your kscloud1 server in Terraform so you can destroy and recreate it in minutes. This is Infrastructure as Code, a core cloud skill.
-
Add a CI/CD pipeline — set up Forgejo Actions (Forgejo's built-in CI/CD) so that pushing to a repo automatically tests and deploys changes. This is what DevOps engineers do all day.
-
Add Vault — replace .env files with HashiCorp Vault for secrets management. Real production environments never use .env files.
-
Add Kubernetes — migrate one or two services from Docker Compose to a local k3s cluster. k3s is lightweight Kubernetes — you have enough RAM on monk.
-
Add automated backups — write a script that backs up your Docker volumes to an S3 bucket (or kscloud1) nightly.
Each of these is a cert objective AND a portfolio item.
Daily Practice Habits
15 minutes per day beats 3 hours on weekends.
- Subnetting: Do 10 subnet calculations per day during CCNA study
- Flashcards: Anki for networking concepts, AWS services
- Logs: Check
docker logson a different service each day — understand what it's saying - Break something: Pick one service per week, deliberately misconfigure it, diagnose and fix it. Document what you broke and how you fixed it.
- Read error messages: When something breaks, read the full error before Googling. Form a hypothesis first.
Resources — Free First
| Topic | Resource | Cost |
|---|---|---|
| A+ Core 2 | Professor Messer (YouTube) | Free |
| CCNA | Jeremy's IT Lab (YouTube) | Free |
| CCNA labs | Cisco Packet Tracer | Free |
| AWS SAA | AWS Skill Builder free tier | Free |
| Python | automate the boring stuff (automatetheboringstuff.com) | Free |
| Docker | docs.docker.com "Get Started" | Free |
| Git | git-scm.com/book | Free |
| Linux | linuxcommand.org | Free |
| Networking deeper | tcpdump / Wireshark tutorials | Free |
Worth paying for:
- Stephane Maarek's AWS SAA on Udemy ($15 on sale — never pay full price)
- Tutorial Dojo AWS practice exams ($15)
- Jason Dion A+/CCNA practice exams on Udemy ($15)
How to Know You're Ready to Interview
You're ready when you can:
- Explain the OAuth2 authorization code flow from memory without notes
- Subnet any /24 or /25 network in under 30 seconds
- Describe what happens at each layer of the OSI model when you ping google.com
- Walk someone through what happens when a request hits www.kitestacks.com
- Explain the difference between authentication and authorization
- Describe what a VPC is and why it exists
- Answer "what would you do differently?" with a real answer (not "nothing")