kitestacks-homelab/homelab-mastery/learning-path/README.md

# Learning Path — From Where You Are to Cloud Engineer

## Your Advantage

You don't have a blank canvas. You have a live production system you built — eleven services running across two hosts with SSO, active-active failover, and shared databases. Most people study networking in a textbook. You configured Cloudflare DNS, set up Tailscale, debugged a Docker networking ufw issue, and traced a distributed systems bug in OAuth2. That's hands-on experience that study alone can't replicate.

The goal now: attach the vocabulary, depth, and theory to things you've already done.

---

## Phase 1 — CCNA (3–6 Months)

The CCNA will make everything in your homelab make deeper sense. After CCNA, re-read the networking.md file in this repo and you'll see how much more you understand.

**Study approach:**
1. **Jeremy's IT Lab** (free YouTube + Anki flashcards) — start here
2. **Packet Tracer labs** (free from Cisco) — build networks, don't just watch
3. **Subnetting practice** — do it daily until it's instant. Use subnettingpractice.com
4. **Week 1-4:** OSI model, TCP/IP, subnetting, Ethernet, switching
5. **Week 5-8:** VLANs, Spanning Tree, inter-VLAN routing
6. **Week 9-16:** IPv4 routing (OSPF, EIGRP), IPv6, ACLs, NAT
7. **Week 17-20:** WAN, wireless, security, automation basics, practice exams

**Labs to build in Packet Tracer that map to your homelab:**
- Build the monk + kscloud1 network topology
- Simulate the Cloudflare Tunnel concept with a router acting as the "edge"
- Set up ACLs that mimic your ufw rules

---

## Phase 2 — AWS SAA-C03 (After CCNA)

**Study approach:**
1. **Stephane Maarek's course** (Udemy) — the industry standard
2. **AWS Free Tier** — rebuild your homelab services as AWS equivalents:
   - Forgejo → CodeCommit
   - Custom portal → S3 static website + CloudFront
   - Prometheus/Grafana → CloudWatch
   - Authentik → Cognito
   - Docker Compose → ECS Fargate
   - Tailscale → VPC + PrivateLink
3. **Tutorial Dojo practice exams** — Jon Bonso's exams are the most accurate

**For each AWS service you study, map it back to your homelab:**

| AWS | Your Homelab Equivalent |
|-----|------------------------|
| EC2 | Hetzner VPS (kscloud1) |
| S3 | Static file storage |
| VPC | Docker bridge network (kitestacks) |
| ALB + CloudFront | Cloudflare Tunnel + edge |
| RDS | Shared Postgres on kscloud1 (Authentik + Forgejo) |
| ElastiCache | Shared Redis on kscloud1 |
| CloudWatch | Prometheus + Grafana |
| Route 53 | Cloudflare DNS |
| IAM | Authentik RBAC / groups (homelab-admin) |
| Secrets Manager | .env files (what you'd replace) |
| ECS / Fargate | Docker Compose (what you use) |
| VPC Peering | Tailscale overlay |
| Confluence/SharePoint | BookStack |
| ServiceNow | OSTicket |

---

## Phase 3 — Hands-On Learning Between Certs

Don't just study. Build.

**Projects to add to your homelab that teach real cloud concepts:**

1. **Add Terraform** — define your kscloud1 server in Terraform so you can destroy and recreate it in minutes. This is Infrastructure as Code, a core cloud skill.

2. **Add a CI/CD pipeline** — set up Forgejo Actions (Forgejo's built-in CI/CD) so that pushing to a repo automatically tests and deploys changes. This is what DevOps engineers do all day.

3. **Add Vault** — replace .env files with HashiCorp Vault for secrets management. Real production environments never use .env files.

4. **Add Kubernetes** — migrate one or two services from Docker Compose to a local k3s cluster. k3s is lightweight Kubernetes — you have enough RAM on monk.

5. **Add automated backups** — write a script that backs up your Docker volumes to an S3 bucket (or kscloud1) nightly.

Each of these is a cert objective AND a portfolio item.

---

## Daily Practice Habits

**15 minutes per day beats 3 hours on weekends.**

- **Subnetting:** Do 10 subnet calculations per day during CCNA study
- **Flashcards:** Anki for networking concepts, AWS services
- **Logs:** Check `docker logs` on a different service each day — understand what it's saying
- **Break something:** Pick one service per week, deliberately misconfigure it, diagnose and fix it. Document what you broke and how you fixed it.
- **Read error messages:** When something breaks, read the full error before Googling. Form a hypothesis first.

---

## Resources — Free First

| Topic | Resource | Cost |
|-------|----------|------|
| CCNA | Jeremy's IT Lab (YouTube) | Free |
| CCNA labs | Cisco Packet Tracer | Free |
| AWS SAA | AWS Skill Builder free tier | Free |
| Python | automate the boring stuff (automatetheboringstuff.com) | Free |
| Docker | docs.docker.com "Get Started" | Free |
| Git | git-scm.com/book | Free |
| Linux | linuxcommand.org | Free |
| Networking deeper | tcpdump / Wireshark tutorials | Free |

**Worth paying for:**
- Stephane Maarek's AWS SAA on Udemy ($15 on sale — never pay full price)
- Tutorial Dojo AWS practice exams ($15)
- Jason Dion CCNA practice exams on Udemy ($15)

---

## How to Know You're Ready to Interview

You're ready when you can:
1. Explain the OAuth2 authorization code flow from memory without notes
2. Subnet any /24 or /25 network in under 30 seconds
3. Describe what happens at each layer of the OSI model when you ping google.com
4. Walk someone through what happens when a request hits www.kitestacks.com
5. Explain the difference between authentication and authorization
6. Describe what a VPC is and why it exists
7. Answer "what would you do differently?" with a real answer (not "nothing")