DevOps Best Practices: From Deployment to Production Excellence

## Introduction Over 15+ years in software engineering, I've learned that great code means nothing if you can't deploy it reliably. This guide shares battle-tested DevOps practices from my experience at Walmart, Bridgestone, and other Fortune 1 companies. ## The DevOps Philosophy DevOps isn't just tools—it's a culture: > "DevOps is the union of people, process, and products to enable continuous delivery of value to our end users." - Donovan Brown, Microsoft ### Core Principles 1. **Automation First**: If you do it twice, automate it 2. **Infrastructure as Code**: Everything should be versioned 3. **Continuous Everything**: Build, test, deploy, monitor 4. **Fail Fast, Recover Faster**: Embrace failure as learning 5. **Security from Start**: DevSecOps is not optional ## CI/CD Pipeline ### Our Pipeline Architecture ```yaml # .github/workflows/deploy.yml name: Deploy to Production on: push: branches: [main] jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run tests run: | yarn install yarn test yarn lint yarn build deploy: needs: test runs-on: ubuntu-latest steps: - name: Deploy to Kubernetes run: kubectl apply -f k8s/ ``` ### Key Components 1. **Source Control**: Git with branch protection 2. **Build Automation**: Automatic on commit 3. **Testing**: Unit, integration, E2E 4. **Security Scanning**: SAST, DAST, dependency checks 5. **Deployment**: Blue-green or canary 6. **Monitoring**: Real-time metrics and alerts ## Containerization with Docker ### Multi-stage Dockerfile ```dockerfile # Build stage FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN yarn install --frozen-lockfile COPY . . RUN yarn build # Production stage FROM node:18-alpine WORKDIR /app COPY --from=builder /app/dist ./dist COPY --from=builder /app/node_modules ./node_modules EXPOSE 3000 CMD ["node", "dist/server.js"] ``` ### Best Practices - **Small base images**: Use Alpine Linux - **Multi-stage builds**: Reduce final image size - **Layer caching**: Order commands for optimal caching - **Security scanning**: Use tools like Trivy - **.dockerignore**: Exclude unnecessary files ## Kubernetes Orchestration ### Deployment Strategy ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: spec: containers: - name: app image: myapp:latest resources: requests: memory: "128Mi" cpu: "250m" limits: memory: "256Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 3000 initialDelaySeconds: 30 periodSeconds: 10 ``` ### Production Lessons 1. **Resource Limits**: Always set requests and limits 2. **Health Checks**: Implement liveness and readiness probes 3. **Rolling Updates**: Zero-downtime deployments 4. **Horizontal Pod Autoscaling**: Scale based on metrics 5. **Network Policies**: Secure pod communication ## Infrastructure as Code ### Terraform Example ```hcl # main.tf resource "kubernetes_deployment" "app" { metadata { name = "my-app" } spec { replicas = var.replica_count template { spec { container { name = "app" image = var.app_image resources { limits = { cpu = "500m" memory = "512Mi" } } } } } } } ``` ### Benefits - **Version Control**: Track infrastructure changes - **Reproducibility**: Deploy identical environments - **Documentation**: Code is documentation - **Collaboration**: Review infrastructure like code ## Monitoring & Observability ### The Three Pillars 1. **Logs**: What happened? 2. **Metrics**: How is it performing? 3. **Traces**: Where is the bottleneck? ### Implementation ```javascript // Prometheus metrics const httpRequestDuration = new Histogram({ name: 'http_request_duration_seconds', help: 'Duration of HTTP requests in seconds', labelNames: ['method', 'route', 'status_code'] }) app.use((req, res, next) => { const start = Date.now() res.on('finish', () => { const duration = (Date.now() - start) / 1000 httpRequestDuration .labels(req.method, req.route.path, res.statusCode) .observe(duration) }) next() }) ``` ## Security Best Practices ### DevSecOps Checklist - ✅ **Secrets Management**: Use Vault or cloud KMS - ✅ **Image Scanning**: Scan for vulnerabilities - ✅ **RBAC**: Implement Role-Based Access Control - ✅ **Network Policies**: Restrict pod communication - ✅ **Security Contexts**: Run containers as non-root - ✅ **Supply Chain Security**: Sign and verify images ### Example: Secrets with Kubernetes ```yaml apiVersion: v1 kind: Secret metadata: name: app-secrets type: Opaque data: DATABASE_URL: API_KEY: ``` ## Real-World Results Implementing these practices at Walmart: - **60% faster** deployment times - **99.9% uptime** achieved - **Zero** production incidents from bad deployments - **70% reduction** in infrastructure costs - **5x faster** recovery from failures ## Conclusion DevOps excellence requires: 1. **Automation** everywhere possible 2. **Monitoring** from the start 3. **Security** baked in, not bolted on 4. **Culture** of continuous improvement 5. **Learning** from failures ## Tools I Recommend - **CI/CD**: GitHub Actions, GitLab CI, Jenkins - **Containers**: Docker, Podman - **Orchestration**: Kubernetes, Docker Swarm - **IaC**: Terraform, Pulumi - **Monitoring**: Prometheus, Grafana, ELK - **Security**: Trivy, Snyk, Vault --- **Questions about DevOps or want to discuss your challenges?** [Get in touch](/contact) or connect on [LinkedIn](https://linkedin.com/in/vinayrajput).