Automate, deploy, and operate at scale.
3 topics
Linux is the operating system that runs the majority of servers, cloud instances, and containers in the world. As a DevOps engineer, you must be proficient in the command line. Master: navigating the filesystem (cd, ls, find, grep), file operations (cp, mv, rm, chmod, chown), text processing (sed, awk, cut, sort, uniq), process management (ps, top, htop, kill, systemctl), package management (apt, yum, dnf), disk and memory usage (df, du, free), shell scripting (variables, loops, conditionals, functions, exit codes), cron jobs for scheduling, and SSH for remote access. Understanding file permissions (rwx, octal notation), environment variables, piping and redirection (|, >, >>), and background processes (&, nohup) is essential for automating infrastructure tasks.
3 resources
Networking knowledge is critical for DevOps because you manage the infrastructure that applications communicate over. Understand the OSI and TCP/IP models, how DNS resolution works (A records, CNAME, MX, TTL), TCP vs UDP protocols, HTTP/HTTPS and TLS certificates, IP addressing and subnetting (CIDR notation), firewalls and security groups, load balancers (Layer 4 vs Layer 7, round-robin, least connections, sticky sessions), reverse proxies (Nginx, Traefik), CDNs (caching static assets at edge locations), and VPNs/VPCs for network isolation. You should be able to debug networking issues using tools like ping, traceroute, dig, nslookup, netstat, ss, tcpdump, and curl. Understanding these concepts helps you configure cloud networking, troubleshoot connectivity issues, and design resilient architectures.
2 resources
Git is the foundation of modern software delivery. For DevOps, Git goes beyond basic version control — it becomes the source of truth for infrastructure. GitOps is a practice where your entire infrastructure and application configuration is stored in Git, and changes are applied automatically through CI/CD pipelines. Learn: branching strategies (trunk-based development for fast delivery, GitFlow for release-oriented teams), pull request workflows with code reviews, conventional commits for automated changelogs, Git hooks for pre-commit checks (linting, secrets scanning), signed commits for security, and Git LFS for large files. Understand how to structure monorepos vs polyrepos, manage Git submodules, and use tools like GitHub CLI for automation.
Docker revolutionized software delivery by packaging applications into lightweight, portable containers. As a DevOps engineer, you need deep Docker knowledge: writing optimized Dockerfiles (multi-stage builds, minimizing layers, using .dockerignore, choosing slim base images), managing images (building, tagging, pushing to registries like Docker Hub, ECR, or GHCR), container networking (bridge, host, overlay networks), persistent storage with volumes and bind mounts, Docker Compose for multi-container local development and testing, and security best practices (non-root users, read-only filesystems, image scanning with Trivy or Snyk). Understand container internals — namespaces for isolation, cgroups for resource limits, and union filesystems for layered images. Docker reduces the gap between development and production to zero.
Kubernetes (K8s) is the industry standard for container orchestration — it automates deployment, scaling, and management of containerized applications. Core concepts: Pods (smallest deployable unit, one or more containers), Deployments (declarative updates, rolling deployments, rollbacks), Services (stable networking for pods — ClusterIP, NodePort, LoadBalancer), Ingress (HTTP routing with TLS termination), ConfigMaps and Secrets (configuration management), PersistentVolumes (storage), Namespaces (multi-tenancy), and RBAC (access control). Advanced topics include: Horizontal Pod Autoscaler (scale based on CPU/memory/custom metrics), DaemonSets (run on every node), StatefulSets (for databases), Jobs and CronJobs, network policies, and resource requests/limits. Use kubectl for cluster management and learn to read and write YAML manifests fluently.
Helm is the package manager for Kubernetes, analogous to npm for Node.js or apt for Linux. It bundles Kubernetes manifests into reusable, versioned charts that can be customized with values files. Instead of managing dozens of YAML files, you install a Helm chart with a single command and override only the values you need to change. Key concepts: charts (packages of K8s resources), releases (installed instances of charts), values.yaml (configuration), templates (Go templating for dynamic YAML), chart repositories (public like Bitnami, or private), and chart dependencies. Helm supports upgrades with rollback capability, hooks for lifecycle events (pre-install, post-upgrade), and chart testing. Use Helm for deploying third-party software (databases, monitoring stacks, ingress controllers) and packaging your own applications for consistent deployments across environments.
Terraform by HashiCorp is the leading Infrastructure as Code (IaC) tool. It lets you define cloud infrastructure in declarative HCL (HashiCorp Configuration Language) files and manage it through a consistent workflow: write, plan, apply. Terraform supports every major cloud provider (AWS, GCP, Azure) and hundreds of other services through providers. Key concepts: resources (individual infrastructure components), data sources (read existing infrastructure), variables and outputs, modules (reusable infrastructure components), state management (tracking what Terraform manages — use remote backends like S3 + DynamoDB for team collaboration), workspaces for environment separation, and the plan/apply workflow that shows changes before applying them. Terraform enables reproducible infrastructure, version-controlled changes, code review for infrastructure modifications, and disaster recovery through infrastructure recreation.
Ansible is an agentless configuration management and automation tool. While Terraform provisions infrastructure (creating servers, databases, networks), Ansible configures what is on those servers (installing packages, configuring services, deploying applications). Ansible uses YAML playbooks to define desired state, connects to servers via SSH (no agent needed), and is idempotent (running a playbook twice produces the same result). Key concepts: inventory (list of managed servers), playbooks (ordered lists of tasks), roles (reusable collections of tasks, handlers, templates, and variables), modules (built-in actions for packages, files, services, users), templates (Jinja2 for dynamic configuration files), handlers (triggered actions like restarting a service), and Ansible Vault (encrypting secrets). Ansible is ideal for server setup, application deployment, and enforcing compliance.
GitHub Actions is the most popular CI/CD platform, deeply integrated with GitHub repositories. It uses YAML workflow files (.github/workflows/) triggered by events: push, pull request, schedule, manual dispatch, or external webhooks. A workflow contains jobs that run on runners (GitHub-hosted or self-hosted), and jobs contain steps that execute shell commands or reusable actions from the marketplace. Key features: matrix builds (test across multiple OS/language versions), caching (npm, Docker layers), secrets management, environment protection rules, reusable workflows, composite actions, and artifact storage. For DevOps, GitHub Actions automates: infrastructure validation (terraform plan on PR, apply on merge), container building and pushing, Kubernetes deployments, security scanning, and compliance checks. The vast marketplace of community actions accelerates pipeline development.
Cloud computing is the backbone of modern infrastructure. Pick one cloud provider and master it deeply before broadening. AWS dominates with ~32% market share and the broadest service catalog. Core services to master: Compute (EC2 instances, Lambda serverless, ECS/EKS for containers), Storage (S3 for objects, EBS for block storage, EFS for shared file systems), Networking (VPC, subnets, security groups, Route 53 for DNS, CloudFront for CDN, ALB/NLB for load balancing), Databases (RDS for relational, DynamoDB for NoSQL, ElastiCache for Redis), and Management (IAM for access control, CloudWatch for monitoring, CloudFormation/Terraform for IaC). Understand the shared responsibility model, pricing models (on-demand, reserved, spot instances), and the Well-Architected Framework (operational excellence, security, reliability, performance efficiency, cost optimization).
Prometheus is the leading open-source monitoring system for cloud-native environments. It collects metrics by scraping HTTP endpoints at regular intervals, stores them in a time-series database, and provides PromQL for querying. Key concepts: metrics types (counters, gauges, histograms, summaries), labels for dimensional data, recording rules for precomputed queries, and alerting rules with Alertmanager for notifications (Slack, PagerDuty, email). Grafana is the visualization layer — it creates beautiful, interactive dashboards from Prometheus data (and many other data sources). Build dashboards for: request rate and latency (RED method), resource utilization (USE method), SLA/SLO tracking, and business metrics. Together, Prometheus and Grafana give you real-time visibility into your infrastructure and applications, enabling data-driven decisions and rapid incident response.
OpenTelemetry (OTel) is the vendor-neutral, open-source observability framework that is becoming the industry standard. It provides a single set of APIs, libraries, and tools to instrument your applications and infrastructure for collecting traces, metrics, and logs. Traces follow a request through your distributed system, showing exactly which services were called, how long each took, and where failures occurred. OTel auto-instrumentation can add tracing to HTTP clients, database drivers, and message queues with minimal code changes. The OTel Collector receives, processes, and exports telemetry data to any backend (Jaeger, Zipkin, Grafana Tempo for traces; Prometheus for metrics; Loki for logs). Adopting OTel means you are not locked into any specific observability vendor and can switch backends without re-instrumenting your code.