Understand the Linux directory tree, navigate with cd/ls/pwd, and manage files with cp/mv/rm.

Manage users with useradd/usermod, set file permissions with chmod/chown, and understand sudo.

Install and update software with apt, yum/dnf, and snap. Understand package repositories.

Variables, conditionals (if/else), loops (for/while), and functions in Bash.

Use grep, awk, sed, cut, and sort to process and transform text streams.

Schedule recurring tasks using crontab and understand cron syntax.

How IP addressing, subnets, DNS resolution, and routing work.

Request/response lifecycle, status codes, headers, and TLS certificate fundamentals.

Configure iptables/ufw, understand inbound/outbound rules, and common service ports.

Round-robin, least-connections, and health checks at the network layer.

init, clone, add, commit, push, pull, and status commands.

Feature branches, merge vs rebase, resolving merge conflicts.

Gitflow, trunk-based development, and pull request best practices.

Semantic versioning with git tags and using GitHub/GitLab releases.

Images, containers, the Docker daemon, and the Docker Hub registry.

FROM, RUN, COPY, ENV, EXPOSE, CMD, and ENTRYPOINT instructions.

Define and run multi-container applications with docker-compose.yml.

Multi-stage builds, layer caching, .dockerignore, and minimizing image size.

Push and pull public/private images from Docker Hub.

Use AWS ECR, GitHub Container Registry, or self-hosted Harbor.

Scan for vulnerabilities using Trivy or Docker Scout before deploying.

The pipeline stages: build, test, lint, package, deploy, and release.

Define pipelines in YAML (GitHub Actions, GitLab CI) rather than through a UI.

Cache dependencies and pass build artifacts between pipeline stages.

on, jobs, steps, uses, run the building blocks of a GitHub Actions workflow.

DRY your pipelines by sharing logic across repositories.

Manage sensitive values, approval gates, and environment-specific variables.

Stages, jobs, scripts, image, and before_script in GitLab CI.

Register and configure shared and self-hosted runners for job execution.

Track deployments per environment and use dynamic child pipelines.

IaaS vs PaaS vs SaaS understand where you manage what.

How cloud providers distribute infrastructure globally for availability.

What the cloud provider secures vs what you are responsible for.

Users, groups, roles, policies, and the principle of least privilege.

Launch instances, configure AMIs, security groups, and Auto Scaling Groups.

Buckets, objects, versioning, lifecycle policies, and static website hosting.

Subnets, route tables, internet gateways, NAT gateways, and VPC peering.

Managed relational databases, Multi-AZ deployments, and read replicas.

Providers, resources, data sources, variables, and outputs.

Local vs remote state, terraform.tfstate, state locking with S3 + DynamoDB.

Write reusable, composable Terraform modules and use the public registry.

Manage dev/staging/prod environments using workspaces or directory isolation.

Inventories, playbooks, tasks, handlers, roles, and ad-hoc commands.

Structure playbooks with roles and reuse community roles from Ansible Galaxy.

Understand why idempotent tasks are critical for reliable automation.

Control plane (API server, etcd, scheduler, controller-manager) and worker nodes (kubelet, kube-proxy).

The smallest deployable unit, declarative rollouts, and replica management.

ClusterIP, NodePort, LoadBalancer service types, and DNS within the cluster.

Decouple configuration from container images and manage sensitive data.

Run stateful applications with stable network identities and per-node daemons.

PV, PVC, StorageClasses, and dynamic provisioning for stateful data.

Run batch tasks and scheduled workloads inside a cluster.

Set CPU and memory requests/limits to ensure fair scheduling and stability.

Expose HTTP/S routes with NGINX or Traefik ingress controllers and TLS termination.

HPA based on CPU/custom metrics and VPA for right-sizing resource requests.

Role-Based Access Control ClusterRoles, Roles, RoleBindings, and ServiceAccounts.

Restrict pod-to-pod communication using Kubernetes Network Policies.

Chart.yaml, values.yaml, templates, helpers, and the _helpers.tpl file.

Use {{ .Values }}, conditionals, loops, and named templates in Helm.

Host charts on GitHub Pages, Artifact Hub, or push to OCI-compatible registries.

Run pre/post-install jobs and validate deployments with helm test.

Declarative config, versioned history, automated reconciliation, and self-healing.

Deploy and sync Kubernetes manifests automatically from a Git repository with ArgoCD.

CNCF-graduated GitOps toolkit for continuous delivery to Kubernetes.

JSON log formats, log levels, correlation IDs, and log context best practices.

Collect with Fluentd/Filebeat, store in Elasticsearch, visualize in Kibana.

Lightweight log aggregation with Loki, queried via LogQL in Grafana.

Scrape metrics with Prometheus, write PromQL queries, and configure alerting rules.

Build dashboards, panels, and variables to visualize Prometheus metrics.

node_exporter, kube-state-metrics, blackbox_exporter for infra and app metrics.

Route, deduplicate, and silence alerts; integrate with PagerDuty, Slack, and email.

Traces, spans, context propagation, and the OpenTelemetry data model.

Deploy Jaeger or Grafana Tempo as a tracing backend and query trace data.

Add OpenTelemetry SDKs to Node.js, Python, and Go services.

Scan source code for vulnerabilities using Semgrep, SonarQube, or Bandit.

Detect vulnerable third-party packages using Dependabot, Snyk, or OWASP Dependency-Check.

Scan Docker images for CVEs with Trivy or Grype in your CI pipeline.

Prevent credentials from reaching Git with detect-secrets, GitGuardian, or gitleaks.

Apply CIS benchmarks for Linux, Docker, and Kubernetes to harden configurations.

Enforce privileged, baseline, and restricted pod policies using PSA/PSP.

Define and enforce admission policies in Kubernetes with Open Policy Agent or Kyverno.

Store and inject secrets using HashiCorp Vault or AWS Secrets Manager.

Sidecar proxy pattern, control plane vs data plane, and mTLS between services.

Traffic management, circuit breaking, retries, and observability with Istio.

Lightweight CNCF service mesh focused on simplicity and low resource overhead.

Use Terratest or terraform test to write unit and integration tests for modules.

Policy-as-code compliance scanning for Terraform with Checkov or tfsec.

Lint and validate manifests with kubeval, kubeconform, and Polaris.

AWS Cost Explorer, tagging strategies, and budget alerts.

Match instance types to workload needs and use Savings Plans or Reserved Instances.

Run fault-tolerant workloads on Spot/Preemptible instances for up to 90% savings.

Cross-team cost accountability, showback/chargeback models, and FinOps Foundation principles.

Define Recovery Time Objective and Recovery Point Objective for each service.

Automated backups for databases, volumes, and object storage with retention policies.

Design for availability zone and region failure using active-active or active-passive patterns.

Define measurable reliability targets and track them with error budgets.

Use error budgets to make data-driven decisions about feature releases vs reliability work.

Runbooks, on-call rotations, post-mortems, and blameless culture.

Proactively test system resilience with tools like Chaos Monkey, LitmusChaos, or AWS FIS.

Concepts behind IDPs: golden paths, self-service infrastructure, and platform teams.

Deploy Spotify Backstage as a developer portal with a software catalog and TechDocs.

Provision cloud resources from Kubernetes using Crossplane Compositions and XRDs.

Extend the Kubernetes API with your own resource types.

Encode operational knowledge as Kubernetes controllers using Operator SDK or Kubebuilder.

Mutating and validating admission webhooks for policy enforcement and injection.

Node affinity, taints/tolerations, topology spread constraints, and priority classes.

Evaluate use cases for multi-cloud vs single-cloud: portability, vendor lock-in, and compliance.

Manage AWS, GCP, and Azure resources within a single Terraform configuration.

Manage workloads across multiple clusters with Cluster API or Google Anthos.

CI/CD for ML models, experiment tracking, model registries, and feature stores.

Orchestrate ML workflows on Kubernetes using Kubeflow.

Configure NVIDIA device plugins and resource limits for GPU-accelerated pods.