Devops

Our CI pipeline was embarrassing. Every PR took 8+ minutes to build a Docker image for a Next.js app. Developers complained. I ignored them for two months because “it’s just CI, ship faster code.” Then we hit 50+ PRs per day and our CI bill jumped $400/month. Time to actually fix it. The original Dockerfile (the bad one) FROM node:18 WORKDIR /app COPY . . RUN npm install RUN npm run build CMD ["npm", "start"] Looks innocent. Builds every time though. Every. Single. Time. ...

Everyone tells you to avoid git rebase. “It’s dangerous!” “You’ll lose commits!” “Just merge!” I used to think that too. Then I joined a team that rebases everything and our git history is actually readable. Here’s what changed my mind. The merge commit mess This was our git log before rebasing: * Merge branch 'feature/user-auth' |\ | * Fix typo in button text | * Update tests | * Merge main into feature/user-auth | |\ | |/ |/| * | Merge branch 'fix/header-spacing' |\ \ | * | Adjust header margin * | | Merge branch 'feature/notifications' |\| | | |/ |/| See those merge commits? They add zero value. Just noise. Finding where a feature was added means clicking through 5 merge commits. ...

Found our AWS access keys in a public GitHub repo last month. Fun times. Here’s how it happened and what we actually did to prevent it. How we leaked them Developer needed to add an API key to a Kubernetes service. Did this: # deployment.yaml - DON'T DO THIS apiVersion: apps/v1 kind: Deployment metadata: name: api-service spec: template: spec: containers: - name: api env: - name: AWS_ACCESS_KEY value: "AKIAIOSFODNN7EXAMPLE" # 🚨 Plaintext in git! - name: AWS_SECRET_KEY value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" Committed it. Pushed it. Public repo. Keys were active for 6 hours before AWS alerted us to unusual activity. ...

Docker has become the standard for containerization, but running containers in production requires following best practices for security, performance, and reliability. This guide covers essential practices for production Docker deployments. Image optimization Use multi-stage builds Reduce final image size by using multi-stage builds: # Stage 1: Build FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build # Stage 2: Runtime FROM node:18-alpine WORKDIR /app RUN addgroup -g 1001 -S nodejs && \ adduser -S nodejs -u 1001 COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules COPY --chown=nodejs:nodejs package*.json ./ USER nodejs EXPOSE 3000 CMD ["node", "dist/index.js"] Use minimal base images Prefer Alpine or distroless images: ...

Kubernetes is powerful, but it’s also complex. This is my journey of trying to build a “simple” Kubernetes stack and the lessons learned along the way. The Goal I wanted to create a simple, maintainable Kubernetes setup for a small to medium-sized application. The requirements were: Easy to understand and maintain Cost-effective Scalable when needed Developer-friendly What I Started With Initial Stack Kubernetes: EKS (AWS) Ingress: NGINX Ingress Controller Database: Managed PostgreSQL (RDS) Monitoring: Prometheus + Grafana Logging: ELK Stack CI/CD: GitLab CI The Reality Check Complexity Crept In What started as “simple” quickly became complex: ...

Deploying FastAPI applications to production on a VPS requires careful configuration. This step-by-step guide will walk you through the entire process. Prerequisites A VPS with Ubuntu 20.04 or later Domain name (optional but recommended) Basic knowledge of Linux commands Step 1: Server Setup Update System sudo apt update sudo apt upgrade -y Install Python and Dependencies sudo apt install python3.9 python3-pip python3-venv nginx supervisor -y Step 2: Create Application Directory mkdir -p /var/www/myapp cd /var/www/myapp Create Virtual Environment python3 -m venv venv source venv/bin/activate Step 3: Deploy Your Application Install Dependencies pip install fastapi uvicorn[standard] gunicorn Create Application File # main.py from fastapi import FastAPI app = FastAPI() @app.get("/") def read_root(): return {"Hello": "World"} @app.get("/health") def health_check(): return {"status": "healthy"} Step 4: Configure Gunicorn Create gunicorn_config.py: ...

Metrics Lead time, MTTR, change failure rate, deploy frequency. Stage timing (queue, build, test, deploy); flake rate; retry counts. Tracing & logs Trace pipeline executions with build SHA, branch, trigger source; annotate stage spans. Structured logs with status, duration, infra node; keep artifacts linked. Guardrails Quality gates (tests, lint, security scans) per PR; fail fast on criticals. Retry budget per job to avoid infinite flake loops. Rollback hooks + auto-stop on repeated failures. Ops Parallelize where safe; cache dependencies; pin tool versions. Alert on SLA breaches (queue time, total duration) and rising flake rates. Keep dashboards per repo/team; trend regressions release to release.

During incident Roles: incident commander, comms lead, ops/feature SMEs, scribe. Declare severity quickly; open shared channel/bridge; timestamp actions. Stabilize first: roll back, feature-flag off, scale up, or shed load. Runbooks & tooling Prebuilt runbooks per service: restart/rollback steps, dashboards, logs, feature flags. One-click access to dashboards (metrics, traces, logs), recent deploys, and toggles. Paging rules with escalation; avoid noisy alerts. Comms Single source of truth: incident doc; external status page if needed. Regular updates with impact, scope, mitigation, ETA. After incident Blameless postmortem; timeline, root causes, contributing factors. Action items with owners/deadlines; track to completion. Add tests/alerts/runbook updates; reduce time-to-detect and time-to-recover.

Elasticsearch is a powerful search and analytics engine, but optimizing it for production requires understanding indexing strategies, query patterns, and cluster configuration. This guide covers essential optimization techniques. Cluster architecture Node roles Configure nodes with specific roles: # Master node node.roles: [master] # Data node node.roles: [data] # Ingest node node.roles: [ingest] # Coordinating node (default) node.roles: [] # No specific role Shard strategy Primary shards: Set at index creation (cannot be changed) ...

Kubernetes provides several deployment strategies to ensure zero-downtime updates and safe rollouts of new application versions. Understanding these strategies is crucial for maintaining reliable production systems. Deployment strategy overview Kubernetes deployment strategies determine how new versions of your application replace old ones. The choice depends on: Risk tolerance: How critical is zero downtime? Traffic patterns: Can you route traffic to multiple versions? Rollback speed: How quickly can you revert if issues occur? Resource constraints: Can you run multiple versions simultaneously? Rolling update (default) The default Kubernetes deployment strategy gradually replaces old pods with new ones. ...