DevOps Essentials
Quick Reference
| Topic | Reference |
|---|
| Docker | docker.md — Best practices, compose, optimization |
| CI/CD | ci-cd.md — GitHub Actions patterns, deployment strategies |
Assets (ready to copy):
assets/Dockerfile.node — Multi-stage Node.js Dockerfileassets/Dockerfile.python — Multi-stage Python Dockerfileassets/github-actions.yaml — Complete CI/CD pipeline template
Decision Trees
Deployment Strategy
Where to deploy?
├─ Single app, simple → Fly.io, Railway, Render
├─ Multiple services → VPS + Docker Compose
├─ Scale needed → Kubernetes (managed: GKE, EKS)
└─ Edge/Serverless → Vercel, Cloudflare Workers
Container Strategy
What to containerize?
├─ Development → Docker Compose (all services)
├─ Production single app → Multi-stage Dockerfile
├─ Production multiple → Compose or K8s
└─ Local tools → Dev containers
Docker
Multi-stage Dockerfile (Node)
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Production stage
FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001
COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist
COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=nodejs:nodejs /app/package.json ./
USER nodejs
EXPOSE 3000
CMD ["node", "dist/main.js"]
Multi-stage Dockerfile (Python)
FROM python:3.12-slim AS builder
WORKDIR /app
RUN pip install uv
COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-dev
COPY . .
FROM python:3.12-slim AS runner
WORKDIR /app
COPY --from=builder /app/.venv /app/.venv
COPY --from=builder /app/src ./src
ENV PATH="/app/.venv/bin:$PATH"
EXPOSE 8000
CMD ["python", "-m", "uvicorn", "src.main:app", "--host", "0.0.0.0"]
Multi-stage Dockerfile (Rust)
FROM rust:1.75-alpine AS builder
RUN apk add --no-cache musl-dev
WORKDIR /app
COPY Cargo.toml Cargo.lock ./
COPY src ./src
RUN cargo build --release
FROM alpine:3.19 AS runner
RUN adduser -D appuser
COPY --from=builder /app/target/release/myapp /usr/local/bin/
USER appuser
EXPOSE 3000
CMD ["myapp"]
Docker Compose
# docker-compose.yml
services:
api:
build: .
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgres://user:pass@db:5432/app
depends_on:
db:
condition: service_healthy
db:
image: postgres:16-alpine
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
POSTGRES_DB: app
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U user -d app"]
interval: 5s
timeout: 5s
retries: 5
redis:
image: redis:7-alpine
volumes:
- redis_data:/data
volumes:
postgres_data:
redis_data:
GitHub Actions
Basic CI Pipeline
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
- run: pnpm install
- run: pnpm lint
- run: pnpm test
- run: pnpm build
With Database
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_USER: test
POSTGRES_PASSWORD: test
POSTGRES_DB: test
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
DATABASE_URL: postgres://test:test@localhost:5432/test
steps:
- uses: actions/checkout@v4
- run: pnpm install
- run: pnpm db:migrate
- run: pnpm test
Deploy to Fly.io
# .github/workflows/deploy.yml
name: Deploy
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: superfly/flyctl-actions/setup-flyctl@master
- run: flyctl deploy --remote-only
env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
Docker Build & Push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
Quick Reference
Docker Commands
# Build
docker build -t myapp .
docker build -t myapp:v1 --target builder .
# Run
docker run -p 3000:3000 myapp
docker run -d --name myapp -p 3000:3000 myapp
docker run --rm -it myapp sh
# Compose
docker compose up -d
docker compose down
docker compose logs -f api
docker compose exec api sh
# Cleanup
docker system prune -af
docker volume prune -f
Fly.io Commands
fly launch # Initialize
fly deploy # Deploy
fly logs # View logs
fly ssh console # SSH into container
fly secrets set KEY=val # Set env vars
fly scale count 2 # Scale instances
Anti-patterns
| Don't | Do Instead |
|---|
latest tag | Specific version tags |
| Root user in container | Non-root user |
| Secrets in Dockerfile | Runtime env vars / secrets |
| Single-stage builds | Multi-stage builds |
npm install in prod | npm ci |
| No health checks | Health check endpoints |
| Manual deploys | CI/CD automation |
