Understanding DevOps

The apartment complex analogy. Containers, docker ps, docker run, docker exec.

FROM, WORKDIR, COPY, RUN, CMD. Why reproducibility matters.

The blueprint is not the apartment. One image → many containers. Image layers explained simply.

Ephemeral containers, the persistent data problem. Bind mounts vs named volumes.

CMD vs ENTRYPOINT, COPY vs ADD, ENV vs ARG, EXPOSE. The stuff Post 2 didn't cover 👀

Layer caching, why build order matters, multi-stage builds, .dockerignore. Keeping images lean.

Write a simple API, write the Dockerfile, build the image, run it. End-to-end from zero.

Port conflicts, missing env vars, container exits immediately, can't connect to DB. Live diagnosis.

Bridge, host, and none. What actually happens on the network when a container starts.

Why you use the service name not localhost. How Docker's internal DNS actually works.

Why you'd put your DB on a separate network from your API. Security through isolation.

Can't reach the other container, wrong network, exposed vs published ports confusion.

docker-compose.yml walkthrough. Spinning up multiple services at once. Why it exists.

Controlling startup order properly. What depends_on actually does (and doesn't). Restart strategies.

Managing config across environments. .env files, secrets, docker-compose.override.yml.

Wire up three services, shared network, volumes for DB persistence. The whole thing locally.

Service won't start, wrong startup order, env not loading, volume data disappearing.

What you'd never do in prod. Non-root users, image scanning, resource limits, registry basics.

What Nginx/Caddy/Traefik actually do. Traffic routing, SSL termination, why you need one.

Writing real Nginx config. Location matching, proxy_pass, upstream blocks. Not just copy-paste.

Certificates, Let's Encrypt, certbot. Why HTTP is not fine for production. Ever.

Round robin, least connections, ip_hash. Spreading traffic before it even hits your app.

Nginx as a reverse proxy in front of your Node app via Compose. Real config, real domain.

The most common proxy failures. Reading Nginx error logs. Debugging SSL certificate problems.

The pipeline metaphor. What CI does vs what CD does. The human error problem.

Writing YAML workflows properly. on: push, pull_request. Matrix builds for multiple environments.

Building your image inside the pipeline. Pushing to Docker Hub or GHCR on merge to main.

Dev → staging → prod. How promotion works. Approval gates. What a deploy actually triggers.

GitHub Actions secrets, env variables in CI, what never goes in your YAML. Ever.

A complete GitHub Actions workflow from commit to production. Every stage wired up.

Secrets missing, tests fail, image won't push, deploy step times out. Reading CI logs properly.

Self-healing, rolling deploys, scaling. The problems K8s solves that Compose simply can't.

Apartment complex → city. Pods = apartments. Deployment = management company. Service = address.

How K8s separates config from code. When to use ConfigMap vs Secret and why it matters.

How requests reach your pods from the internet. Ingress controllers, rules, TLS termination.

PV, PVC, StorageClass. How K8s handles storage differently from Docker volumes.

Running multiple environments on one cluster. How namespaces separate teams and workloads.

Write Deployment + Service YAML. Apply it. kubectl get pods. Watch it actually run.

ServiceAccounts, Roles, ClusterRoles, RoleBindings. Least privilege in Kubernetes.

Why raw YAML doesn't scale. Charts, values, templating. Installing and writing your own chart.

How K8s updates pods without downtime. kubectl rollout. How to roll back when something breaks.

CPU and memory requests vs limits. What happens when a pod goes over. OOMKilled explained.

HPA, metrics-server, target CPU utilisation. Pods spinning up automatically under load.

Deployment, Service, Ingress, ConfigMap, Secret, HPA. A real app. Everything wired together.

The most common K8s errors. kubectl describe, kubectl logs, reading events.

Metrics vs logs vs traces. The three pillars of observability. Why each one exists.

Counters, gauges, histograms. How Prometheus pulls data. Writing your first PromQL query.

Panels, data sources, variables. A dashboard you'd actually open during an incident.

Alertmanager, alert rules, routing. The difference between a noisy alert and a useful one.

JSON logs, log levels, correlation IDs. Why unstructured logs are a nightmare at scale.

Collecting logs from many services centrally. Searching, filtering, querying at scale.

Traces, spans, Jaeger/Tempo. Following a request across 5 services when something goes wrong.

Instrument your Node app. Scrape metrics. Build a real dashboard. Fire a real alert.

Missing metrics, wrong labels, alert firing on nothing. Debugging the observability layer itself.

Why distributed is fundamentally different. The problems that only appear at scale.

Consistency, availability, partition tolerance. Why you can only pick two. Real examples.

What eventual consistency actually means in practice. When it's fine and when it absolutely isn't.

Decoupling services with queues. Producers, consumers, topics. When synchronous calls break down.

Why hardcoded IPs don't work. DNS-based discovery, service registries, K8s DNS.

Token bucket, sliding window. Protecting services from being overwhelmed.

The patterns that keep distributed systems alive when parts of them fail.

The 8 assumptions every developer makes that are wrong. A humbling read.

Why Netflix invented chaos engineering. Game days, failure injection, building confidence.

How every piece connects. Docker → K8s → CI/CD → observability → distributed. What's next.