Devops

Running one container is easy. Running hundreds in production, reliably, at scale? That’s where patterns emerge. These aren’t Kubernetes-specific (though that’s where you’ll see them most). They’re fundamental approaches to composing containers into systems that actually work. The Sidecar Pattern A sidecar is a helper container that runs alongside your main application container, sharing the same pod/network namespace. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 apiVersion: v1 kind: Pod metadata: name: web-app spec: containers: # Main application - name: app image: myapp:1.0 ports: - containerPort: 8080 # Sidecar: log shipper - name: log-shipper image: fluentd:latest volumeMounts: - name: logs mountPath: /var/log/app volumes: - name: logs emptyDir: {} Common sidecar use cases: ...

The scariest moment in software delivery used to be clicking “deploy.” Will it work? Will it break? Will you be debugging at 2 AM? Blue-green deployments eliminate most of that fear. Instead of updating your production environment in place, you deploy to an identical standby environment and switch traffic over. If something’s wrong, you switch back. Done. The Core Concept You maintain two identical production environments: Blue: Currently serving live traffic Green: Idle, ready for the next release To deploy: ...

The worst oncall shift I ever had wasn’t the one with the outage. It was the one with 47 alerts, none of which mattered, followed by one that did — which I almost missed because I’d stopped paying attention. Alert fatigue is real, and it’s a systems problem, not a discipline problem. If your alerts are noisy, the fix isn’t “try harder to pay attention.” The fix is better alerts. ...

We’ve all done it. Committed an API key to git. Hardcoded a database password “just for testing.” Posted a screenshot with credentials visible in the corner. The security community has a name for this: Tuesday. But secrets management doesn’t have to be painful. Let’s walk through the progression from “please no” to “actually reasonable” in handling sensitive credentials. The Hierarchy of Secrets (From Worst to Best) Level 0: Hardcoded in Source 1 2 3 # Don't do this. Ever. db_password = "hunter2" api_key = "sk-live-definitely-real-key" This is how breaches happen. Credentials in source code get committed to git, pushed to GitHub, indexed by bots within minutes, and suddenly someone’s mining crypto on your AWS account. ...

The terminal is where developers live. A few minutes learning shortcuts and tools saves hours over a career. These are the techniques that make the biggest difference. Shell Basics That Pay Off History Navigation 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 # Search history with Ctrl+R # Type partial command, press Ctrl+R repeatedly to cycle # Run last command !! # Run last command with sudo sudo !! # Run last command starting with 'git' !git # Replace text in last command ^typo^fixed # If last command was: git psuh # ^psuh^push runs: git push # Last argument of previous command cd /very/long/path/to/directory ls $_ # $_ = /very/long/path/to/directory Keyboard Shortcuts 1 2 3 4 5 6 7 8 Ctrl+A # Move to beginning of line Ctrl+E # Move to end of line Ctrl+U # Delete from cursor to beginning Ctrl+K # Delete from cursor to end Ctrl+W # Delete word before cursor Alt+B # Move back one word Alt+F # Move forward one word Ctrl+L # Clear screen (keeps current line) Brace Expansion 1 2 3 4 5 6 7 8 9 10 11 # Create multiple directories mkdir -p project/{src,tests,docs} # Create multiple files touch file{1,2,3}.txt # Backup a file cp config.yml{,.bak} # Creates config.yml.bak # Rename with pattern mv file.{txt,md} # Renames file.txt to file.md Essential Tools fzf - Fuzzy Finder 1 2 3 4 5 6 7 8 9 10 11 12 13 # Install brew install fzf # macOS apt install fzf # Debian/Ubuntu # Search files fzf # Pipe anything to fzf cat file.txt | fzf ps aux | fzf # Ctrl+R replacement (add to .bashrc/.zshrc) # Much better history search ripgrep (rg) - Fast Search 1 2 3 4 5 6 7 8 9 10 11 12 13 # Install brew install ripgrep # Search in files (faster than grep) rg "pattern" rg "TODO" --type py rg "function" -g "*.js" # Case insensitive rg -i "error" # Show context rg -C 3 "exception" # 3 lines before and after fd - Better Find 1 2 3 4 5 6 7 8 9 10 # Install brew install fd # Find files fd "pattern" fd -e py # Find .py files fd -t d # Find directories only # Execute on results fd -e log -x rm # Delete all .log files bat - Better Cat 1 2 3 4 5 6 7 8 # Install brew install bat # Syntax highlighting, line numbers, git changes bat file.py # Use as man pager export MANPAGER="sh -c 'col -bx | bat -l man -p'" eza/exa - Better ls 1 2 3 4 5 6 7 8 # Install brew install eza # Tree view with git status eza --tree --level=2 --git # Long format with icons eza -la --icons jq - JSON Processing 1 2 3 4 5 6 7 8 9 10 11 # Pretty print JSON cat data.json | jq . # Extract field curl api.example.com/users | jq '.[0].name' # Filter array jq '.[] | select(.active == true)' # Transform jq '{name: .user.name, email: .user.email}' Tmux Essentials 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 # Start new session tmux new -s project # Detach: Ctrl+B, then D # List sessions tmux ls # Attach to session tmux attach -t project # Split panes Ctrl+B % # Vertical split Ctrl+B " # Horizontal split Ctrl+B o # Switch pane Ctrl+B z # Zoom pane (toggle) # Windows Ctrl+B c # New window Ctrl+B n # Next window Ctrl+B p # Previous window Ctrl+B , # Rename window Git Shortcuts 1 2 3 4 5 6 7 8 9 10 11 # .gitconfig [alias] s = status -sb co = checkout br = branch ci = commit ca = commit --amend lg = log --oneline --graph --decorate -20 unstage = reset HEAD -- last = log -1 HEAD aliases = config --get-regexp alias 1 2 3 4 5 6 # Common workflows git s # Short status git lg # Pretty log git co - # Switch to previous branch git stash -u # Stash including untracked git stash pop # Apply and remove stash Shell Aliases 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 # Add to .bashrc or .zshrc # Navigation alias ..="cd .." alias ...="cd ../.." alias ~="cd ~" # Safety alias rm="rm -i" alias mv="mv -i" alias cp="cp -i" # Shortcuts alias ll="ls -lah" alias la="ls -la" alias g="git" alias k="kubectl" alias d="docker" alias dc="docker compose" # Quick edits alias zshrc="$EDITOR ~/.zshrc" alias reload="source ~/.zshrc" # Common tasks alias ports="netstat -tulanp" alias myip="curl ifconfig.me" alias weather="curl wttr.in" Functions 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 # Make directory and cd into it mkcd() { mkdir -p "$1" && cd "$1" } # Extract any archive extract() { case $1 in *.tar.gz) tar xzf "$1" ;; *.tar.bz2) tar xjf "$1" ;; *.tar.xz) tar xJf "$1" ;; *.zip) unzip "$1" ;; *.gz) gunzip "$1" ;; *) echo "Unknown format: $1" ;; esac } # Find and kill process by name killnamed() { ps aux | grep "$1" | grep -v grep | awk '{print $2}' | xargs kill -9 } # Quick HTTP server serve() { python3 -m http.server ${1:-8000} } # Git clone and cd gclone() { git clone "$1" && cd "$(basename "$1" .git)" } Quick One-Liners 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 # Find large files find . -type f -size +100M # Disk usage by directory du -sh */ | sort -h # Watch command output watch -n 2 'kubectl get pods' # Run command on file change while inotifywait -e modify file.py; do python file.py; done # Parallel execution cat urls.txt | xargs -P 10 -I {} curl -s {} # Quick calculations echo $((2**10)) # 1024 python3 -c "print(2**100)" # Generate password openssl rand -base64 32 # Quick timestamp date +%Y%m%d_%H%M%S Environment Management 1 2 3 4 5 6 # .envrc with direnv # Auto-load environment per directory echo 'export API_KEY=xxx' > .envrc direnv allow # Now API_KEY is set when you cd into this directory SSH Config 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # ~/.ssh/config Host dev HostName dev.example.com User deploy IdentityFile ~/.ssh/dev_key Host prod HostName prod.example.com User deploy ProxyJump bastion Host * AddKeysToAgent yes IdentitiesOnly yes # Now just: ssh dev Prompt Customization 1 2 3 4 5 # Starship - cross-shell prompt brew install starship echo 'eval "$(starship init zsh)"' >> ~/.zshrc # Shows git status, language versions, errors, duration The Power Combo My essential setup: ...

Make is 47 years old and still useful. Not for building C programs (though it does that), but as a simple task runner. Every Unix system has it. No installation required. One file defines all your project commands. Basic Structure 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 # Makefile .PHONY: help build test clean help: @echo "Available targets:" @echo " build - Build the application" @echo " test - Run tests" @echo " clean - Clean build artifacts" build: npm run build test: npm test clean: rm -rf dist/ node_modules/ 1 2 3 make build make test make clean .PHONY Explained Without .PHONY, make checks if a file named “build” exists: ...

DNS is invisible until it breaks. Then everything breaks. Understanding how DNS works helps you debug issues faster and configure services correctly. The Basics DNS translates human-readable names to IP addresses: e x a m p l e . c o m → 9 3 . 1 8 4 . 2 1 6 . 3 4 The resolution process: 1 2 3 4 5 . . . . . B O Q R A r S u e n o e s s w c r o w s h y l e e e v r r c g e k o r c c s e a h s q c e i u h c t t e e k s o r d s i c c e a l a o s t o c n c h f r e a e i o a l g o c u t h c r a e s l c d e e h r v e r v e e e l s r o s b l a v → s e e r T d L ( D o e n . s g e T . r T , v L e 8 r . s 8 . → 8 . a 8 u ) t h o r i t a t i v e s e r v e r s Record Types A Record (IPv4 Address) e x a m p l e . c o m . 3 0 0 I N A 9 3 . 1 8 4 . 2 1 6 . 3 4 Maps a name to an IPv4 address. ...

The twelve-factor app methodology emerged from Heroku’s experience deploying thousands of applications. These principles create applications that work well in modern cloud environments — containerized, horizontally scalable, and continuously deployed. They’re not arbitrary rules. Each factor solves a real problem. I. Codebase One codebase tracked in version control, many deploys. ✅ m ├ ├ └ ❌ m m m y ─ ─ ─ y y y G a ─ ─ ─ B a a a o p a p p p o p . s d d p p p d g r e : - - - : i c p p s d t l r t e o o a v y d g e u i l t c n o o t g p : i m e s n n t / t a / g i n g , p r o d u c t i o n , f e a t u r e - b r a n c h e s Different environments come from the same codebase. Configuration, not code, varies between deploys. ...

Deployment and release are different things. Deployment puts code on servers. Release makes features available to users. Feature flags separate these concerns. With feature flags, you can deploy daily but release weekly. Ship risky changes but only enable them for 1% of users. Roll back a broken feature in seconds without touching infrastructure. Basic Implementation 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 class FeatureFlags: def __init__(self): self.flags = {} def is_enabled(self, flag_name: str, user_id: str = None) -> bool: flag = self.flags.get(flag_name) if not flag: return False # Global kill switch if not flag.get("enabled", False): return False # Check user allowlist if user_id and user_id in flag.get("allowed_users", []): return True # Check percentage rollout if user_id and flag.get("percentage", 0) > 0: # Consistent hashing: same user always gets same result hash_val = hash(f"{flag_name}:{user_id}") % 100 return hash_val < flag["percentage"] return flag.get("enabled", False) flags = FeatureFlags() flags.flags = { "new_checkout": { "enabled": True, "percentage": 10, # 10% of users "allowed_users": ["user_123"] # Plus specific users } } # Usage if flags.is_enabled("new_checkout", user_id=current_user.id): return new_checkout_flow() else: return old_checkout_flow() Configuration-Based Flags Store flags in config, not code: ...

Git hooks are scripts that run at specific points in the Git workflow. They’re the first line of defense against bad commits — catching issues before they pollute your repository history. Set them up once, forget about them, and let automation enforce quality. Hook Types Client-side hooks (your machine): pre-commit — Before commit is created prepare-commit-msg — Before commit message editor opens commit-msg — After commit message is entered pre-push — Before push to remote Server-side hooks (repository server): ...