Skip to main content

Docker Kubernetes MasterClass: DevOps from Scratch

 If you’ve ever shipped code that worked on your laptop but exploded in production, welcome—this guide is your fast-track from confusion to confidence. We’ll start at zero, containerize an app with Docker, run it locally, then scale it on Kubernetes with modern DevOps practices like CI/CD, GitOps, and observability. You’ll get clear mental models, copy-paste-ready snippets, and a battle-tested workflow you can reuse at work.

Why DevOps, Why Now

DevOps is not a tool—it's a culture backed by automation. The goal: deliver value faster, safer, and more reliably. Docker standardizes “how we run,” Kubernetes standardizes “where we run,” and CI/CD glues everything together.

The Dev + Ops Gap (and How to Bridge It)

  • Developers want speed; Ops wants stability.

  • Bridge the gap with versioned infrastructure, immutable images, automated testing, and continuous delivery.

  • Outcome: repeatable releases, smaller blast radius, happier teams.

CI/CD at a Glance

  • Continuous Integration: merge small changes often, run tests, build artifacts.

  • Continuous Delivery/Deployment: push artifacts to environments automatically, with safety checks and approvals.

Containers 101 with Docker

Containers package your app + dependencies into a portable unit. Think: a tiny, reproducible machine image that starts in milliseconds.

Images, Layers, and Containers

  • Image: read-only template built from a Dockerfile.

  • Layers: each instruction adds a cached layer—order matters for speed.

  • Container: a running instance of an image—ephemeral, replaceable.

Writing Your First Dockerfile

Here’s a clean Node.js example that scales to production:

# Stage 1: build
FROM node:20-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

# Stage 2: run (slim)
FROM node:20-alpine
ENV NODE_ENV=production
WORKDIR /app
COPY --from=build /app/dist ./dist
COPY --from=build /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/server.js"]

Multi-Stage Builds for Tiny, Secure Images

  • Build tools stay in the first stage; the runtime stays slim.

  • Smaller images mean faster pulls, quicker deploys, fewer CVEs.

Caching Strategies to Speed Up Builds

  • Copy package*.json first, run npm ci, then copy source—keeps dependency layer cached.

  • Pin versions and avoid wildcard base images for deterministic builds.

Local Orchestration with Docker Compose

Compose describes multi-container apps for local dev:

version: "3.9"
services:
  api:
    build: .
    ports: ["3000:3000"]
    environment:
      - DATABASE_URL=postgres://postgres:postgres@db:5432/app
    depends_on: [db]
  db:
    image: postgres:16-alpine
    environment:
      - POSTGRES_PASSWORD=postgres
    volumes:
      - pgdata:/var/lib/postgresql/data
volumes:
  pgdata:

Run docker compose up --build and you’ve got an API + DB talking to each other.

Kubernetes Fundamentals

Kubernetes (K8s) is a cluster orchestrator. It schedules containers, heals them when they crash, and scales them when traffic spikes.

Control Plane vs. Worker Nodes

  • Control Plane: API server, scheduler, controller manager, etcd (state store).

  • Workers: run your app containers (via kubelet + container runtime).

  • You interact via kubectl against the API server.

Pods, ReplicaSets, Deployments

  • Pod: the smallest deployable unit—1+ containers sharing a network namespace.

  • ReplicaSet: guarantees a desired number of pod replicas.

  • Deployment: versioned, declarative updates that manage ReplicaSets and rollbacks.

Services (ClusterIP, NodePort, LoadBalancer)

  • ClusterIP: internal only.

  • NodePort: exposes on every node’s port (handy for labs).

  • LoadBalancer: asks the cloud for a public load balancer (production staple).

Ingress for Friendly URLs

Ingress routes external HTTP(S) traffic to Services with host/path rules. Pair with an Ingress controller (e.g., NGINX, Traefik) to get TLS and routing in one place.

ConfigMaps, Secrets, and Environment Variables

  • ConfigMap: non-sensitive config (feature flags, JSON).

  • Secret: base64-encoded sensitive values (use external managers for strong security).

  • Inject via env vars or mounted files.

Volumes, PVCs, and StorageClasses

  • Volume: storage attached to a pod.

  • PVC: a claim for storage; StorageClass decides how it’s provisioned.

  • Use PVCs for databases and anything that must persist.

StatefulSets, DaemonSets, Jobs, and CronJobs

  • StatefulSet: stable network identities and persistent storage per replica (databases, queues).

  • DaemonSet: one pod per node (log agents, node exporters).

Labels:

Comments

Post a Comment