Roadmap 2022 Optimized

Download as pdf or txt
Download as pdf or txt
You are on page 1of 27

DevOps

Roadmap
2022 WILL BUTTON
01

Start
Here
Spoiler alert #2: You have to be
comfortable learning every day for the rest
of your career. If that doesn't sound
appealing | fun | enjoyable | tolerable. Stop
right here. I'm going to say you a ton of work
and lost time. This is not the career for you.

For everyone still with me, this guide is a


Choose Your Own Adventure
That means you can look at the sections
and choose whichever one interests you.

Welcome, adventurer.
In each section, you'll find some broad
I'm going to assume that if you've found
goals and objectives to help you guide what
your way to my landing page, filled out your
you should be learning and how to gauge
email address, clicked the link, and
when it's time to move to the next section.
downloaded this guide: you know what
At the end, you'll find some guidelines on
DevOps is.
which section to tackle next, based on how
that section relates to the one you just
So we're skipping that, m-kay?
finished. So no matter where you start,
you'll eventually cover all the sections.
My assumption is you want to know how to
learn it. It's a huge topic. I've treaded these
As your skills grow, put them to the test.
waters for decades and now I want to help
Using virtual machines, cloud services, or
you succeed in them.
old hardware you have access to: make sure
you're getting firsthand experience with the
Spoiler alert: you will never learn it all.
tools you are learning about.
The more you learn, the less you realize you
know.
Let's do this.

4
Table of
Contents

01 START HERE

02 LINUX

03 NETWORKING

04 SECURITY

05 INFRASTRUCTURE AS CODE
06 CI/CD

07 CONTAINERS

08 AMAZON WEB SERVICES

09 KUBERNETES

10 SCRIPTING

11 PROGRAMMING

12 OBSERVABILITY
SECTION 02

Linux

You can use any Linux distribution you like,


though I would recommend CentOS or
Debian as these are the ones you'll
encounter most frequently. If you have
never used Linux before, Ubuntu is very user
friendly.

Skill Objectives:
Install/configure OS
Using BASH
Starting/stopping/creating services
User management
The Linux filesystem
Text manipulation (awk, sed, grep, wc,
The main objective for Linux is to be echo, cat, tail, etc...)
comfortable with the administration, Process monitoring with top, ps, lsof
configuration, and operation of the OS. You Networking and network configuration
will spend a lot of time working with Linux System performance
so any effort spent here will pay dividends Using screen or tmux
later. As an added bonus, learning how Logging in locally and remotely
Linux operates takes a lot of mystery out of Firewall management
"how things work". Install/configure applications using the
OS package manager (apt or yum)
You don't need to become an expert but you POSIX basics
should be comfortable with the tasks here. File permissions
If you need to Google or use the man pages
for syntax help is perfectly acceptable. The
key thing is to know what tool to use.

devopsfordevelopers.io/section-two
5
Where to
next?
Choose from the following related topics for the
next stop on your journey

Infrastructure as Code Scripting


Now that you understand Linux a little There are a lot of tasks to do in Linux
better, you may be ready to learn about IAC. administration. Combine that with multiple
Building and maintaining servers can get servers and you've created a fair amount of
complex. IAC allows you to define those work for yourself. Scripting can make that a
servers as code, then let automation take little easier by automating many of those
care of the dirty work for you. tasks.

AWS Networking
With a better understanding of the OS All of those servers need to talk to each
environment, learning how to build and other right? Networking is the key to making
manage servers in the cloud may be a great that happen. Learning networking gives you
next step. the knowledge to build super-highways
instead of dirt roads for your digital citizens.

6
SECTION 03

Networking

Key concepts to understand for networking:


OSI 7 Layer Model
Network Topology
IP Addressing and subnets
TCP and UDP ports
Well known ports (<1024)
DNS
DHCP
Routing
Firewalls
Network Address Translation (NAT)
Common protocols: TCP/IP, ARP,
HTTP(S), FTP, SMTP, SSH, POP3
Network troubleshooting tools: ping,
No, not the social event where everyone nmap, traceroute, netstat, telnet,
stands around staring at their drink, except iptables
for those few people who actually seem to And while not specifically networking, I
be enjoying themselves. Networking refers think this is the right place to focus on the
to the protocols and models that allow public-facing aspects of your architecture
computers to talk to each other. If you've using DNS:
ever connected to a WiFi router, you've CNAMES
experienced networking. DKIM, SPF, and DMARC records
Website caching using CDN
The main objective for this section is to Domain Keys
understand the layers and models of the
network stack, and how they interoperate
with each other to provide secure
communication where needed and prevent
access where it's not needed.

devopsfordevelopers.io/section-three
7
Where to
next?
Choose from the following related topics for the
next stop on your journey

Security Infrastructure As Code


All of this talk of networking makes it Subnets, and masks, and firewalls... Oh my!
possible for bad actors to get answers to the That is a lot to take care of so let's go learn
wrong questions, right? about Infrastructure as Code to see how
Let's go take a look at security to learn how much of this we can abstract and
to close those security holes. automate.

Kubernetes Observability
So you want to build a network inside a Someone should probably keep an eye on
network? Me too! K8S has some interesting this networking stuff, right? Seems pretty
ways to scale your applications without important so maybe implementing some
using your physical network. It could be an monitoring, logging, and alerting is a good
interesting next-stop on your journey. place to focus next.

8
SECTION 04

Security

User Security:
User management
Password policies
File permissions
Sudo access

Application Security:
Dependency updates
Secrets management
Vulnerability scanning
Docker container security

Network Security:
Open ports
Security doesn't really need an introduction. Firewalls
You know you have to be secure, but what Logging
does that really mean? What are the things Pen-testing
you do to be secure?
Despite the fact that there are only a few
That's what you'll focus on in this section. bullet points there, this topic is huge. One
Security is everyone's problem and while good way to approach this is after learning
you won't know how to address every about the objectives above, come back and
security gap, you'll know how to see one re-address this topic after each of the other
when it exists. sections.
Bonus objective: Disaster Recovery.
I break security down into 3 areas: user You will be hacked. How will you recover
security, application security, and network and keep your company operating when
security. The following objectives should that happens?
help you wrap your head around them.

devopsfordevelopers.io/section-four
9
Where to
next?
Choose from the following related topics for the
next stop on your journey

Linux Networking
Now that you have a better idea on what to If we're making things secure, controlling
secure, consider focusing on where to access seems like a good first step, right?
secure it by building your Linux skills and An attacker can't hack it if they can't get to
learning not only how to build and manage it.
Linux, but how to harden it for security.

CI/CD Observability
Managing security can get pretty complex. Logging, monitoring, and alerting are
This may be a good time to introduce CI/CD critical components to security. After all,
and see if there is a way we can have our how else are you going to know when a
security policies applied and verified with security incident happens?
every deployment.

10
SECTION 05

Infrastructure
as Code
The objective for this section is simple but
not easy, Think of every application,
network, server, or other device you built,
managed, and configured in this guide. IaC
allows you to reproduce it automatically,
with no chance for human error. It also
allows you to do it an infinite number of
times with the exact same results.
Pick a tool, really any tool: Ansible, Puppet,
SaltStack, CloudFormation, or Terraform. I
like Ansible personally, YMMV.

Learn about the tool, then apply that


knowledge to the tasks you are doing in this
Giggity. guide. Every file you've edited, server you've
That's the best way to summarize built, firewall you've configured: do it all
Infrastructure as Code (IaC). If you've been again with nothing but your IaC tool.
following along in the other sections, you've
realized there are a lot of moving pieces While you are at it, make sure your IaC lives
here. in a Github repo. This sets the stage for you
So how do you ensure that the firewall to use CI/CD to manage your infrastructure.
settings you applied to that Linux server 2 Remember though: no secrets or passwords
years ago are still there? can be stored in your git repo.
How do you verify that any new Linux
servers get the same firewall policy?

You don't. You let code do the work for you,


happily making changes to anything that
doesn't meet your specifications. If only
raising kids were that easy...

devopsfordevelopers.io/section-five
11
Where to
next?
Choose from the following related topics for the
next stop on your journey

Linux Networking
A significant portion of your infrastructure In today's world, a lot of our networking is
will be Linux servers. This is a good time to virtualized in the cloud. That means we can
brush up on those Linux skills with a focus define our networks as code and allow our
on identifying what parts we can implement IAC to manage them for us.
via IAC.

Security CI/CD
An important component to IaC is "who It's Infrastructure as Code, right? If it's code,
needs access to what", so maybe a quick that means we can automate the
study of security can help answer that deployment. And if it's deployed, we can
question and provide some guidelines on use CI/CD. That makes CI/CD a great topic
how to implement it. to study next.

12
SECTION 06

CI/CD

The objective of this system is to build


something. A tangible artifact, using CI/CD
such that the artifact is built, configured,
and delivered automatically.
The best way to learn the concepts involved
is to simply do it. You'll need to pick a tool:
Jenkins, Gitlab, Circle CI, Github Actions, or
any one of the hundreds more to choose
from. I recommend Circle CI or Github
Actions unless you have a specific reason
for choosing otherwise.
For the sake of efficiency, you may want to
build and deploy a server as described in
Section 05, and use CI/CD in this section to
CI/CD or Continuous Integration / automate that process. Or you can deploy
Continuous Deployment is most commonly one of the many To-Do style apps available
what people think of when they think of from Github.
DevOps. That perception isn't unjustified: Objectives:
it's usually the "thing" that produces a Create a Github repo
visible artifact of the DevOps process. Run linting when code is committed
As you are learning in this guide though, it's Run tests when a pull request is opened
only one piece of many under the DevOps Build the artifact when a pull request is
umbrella. merged (i.e. Docker image, compile,
Think of a vending machine: you may think bundle)
of the spiral arm that drops your candy bar Deploy code changes from main or
as the CI/CD component but there are many master branch when a release tag is
other pieces that will prevent delivering the created
expected experience in addition to the arm. Send notifications if any pipeline stage
Hopefully, this guide is helping you fails
understand that.

devopsfordevelopers.io/section-six
13
Where to
next?
Choose from the following related topics for the
next stop on your journey

AWS Kubernetes
Now that you have a better understanding Just like AWS, at some point Kubernetes
of deploying software, it's a good time to may be part of your environment. Learning
learn about where that software will be the fundamentals of K8S will give you a
deployed. AWS is likely going to be part of better understanding of where you deploy
that equation. your applications.

Infrastructure as Code Observability


One of the really cool implementations of An important part of deploying software is
CI/CD is you can use it to build, manage, tracking the status of deployments and
and maintain your infrastructure using the performance. Observability provides that
same CI/CD concepts you use to deploy framework and makes it an excellent choice
applications. for you next study topic.

14
SECTION 07

Containers

manage an Operating System, hardware,


networking, configuration, and updates
across every single app we support. We can
do that at the host OS level and allow our
containers to leverage that work as needed.

Your primary goal for learning containers


should revolve around the following:
Building efficient, secure images
Tagging images to clearly convey what
each image does (for example, what is
the difference between myimage:latest
and myimage:v0.0.1
Implement best practices in your Docker
If you haven't figured it out yet, containers images (see the Docker docs)
are an integral part of modern software Mounting volumes to persist data across
engineering. Fortunately, you don't have to restarts
reach expert-level knowledge to apply this Exposing ports & communication
in your day to day DevOps activities. between containers
One container: one process
The reason containerization is so popular is
it allows us to consolidate and isolate the A great road-test for your Docker
resources needed by our application, scale knowledge is to use one of the many repos
faster and easier, and take advantage of on Github as the source application for your
compute resources across our environment. container. I.e.- build a working image using
the code in the repo. Then deploy it using
To state it another way, containers allow us what you learn in the CI/CD section.
to run our apps, focusing only on the app
and its dependencies without having to

devopsfordevelopers.io/section-seven
15
Where to
next?
Choose from the following related topics for the
next stop on your journey

Linux Kubernetes
Your containers rely on the container host Learning K8S is a great way to learn how
for operation, which is likely Linux. That containers operate in concert at scale. K8S
makes Linux an excellent choice to study is fully implemented using containers, not
next if you haven't already covered that only for the applications you deploy on it,
topic. but for core K8S functions as well. A worthy
next topic.

Programming Language Scripting


Many of your container use cases involve It's fairly common to implement some
executing the code written by your scripts in the creation and maintaining of
development team. Time spent learning containers. That makes scripting an
how to write, build, and run applications excellent choice for your next area of study.
can further boost your container knowledge.

16
SECTION 08

AWS

AWS (and all cloud providers) have


hundreds of features and services. You can
drive yourself crazy trying to learn them all.
Fortunately, we're going to focus on the
fundamentals. By doing so, you'll be
productive on the platform and armed with
the skills to evaluate the pros and cons of
the other services on an as-needed basis.

Objectives:
VPC - absolutely mission critical
IAM - access to everything is governed
by IAM
Security Groups - used to control access
While there are many cloud providers to at a network level
choose from, I recommend starting with EC2 - running virtual machines in AWS
AWS. It's the industry beast and the most Load balancers - the key to successful
widely used of all the cloud providers. If you highly available, fault tolerant
have a strong preference for a different applications
provider, by all means: go learn it. RDS - managed database services
Lambda - Serverless applications in
In any case, many of the skills you learn for AWS
AWS directly transfer to Azure and GCP so Fargate - A great way to start using
it's not like you will have to start from containerized applications
scratch when you learn AWS but then land a S3 - storage, not to be confused with:
job working in Azure. EBS - volumes for your EC2 instances
KMS - a place to keep secrets like API
Learn the fundamentals, and build from keys, passwords, etc...
there. Cloudwatch - monitoring for all things
AWS
Billing - this stuff can get expensive

devopsfordevelopers.io/section-eight
17
Where to
next?
Choose from the following related topics for the
next stop on your journey

Linux Scripting
Your AWS infrastructure will likely consist of With so many tasks, dependencies, and
many Linux servers, so why not get a head interactions in AWS, learning scripting will
start on that and make Linux your next area be time well spent to automate many of the
of study? routine tasks needed.

Infrastructure as Code Observability


Oh man, there are a lot of components in With so many moving pieces, you are going
AWS, right? IaC is a great way to keep track to need a way to view things from a 10,000
of them all in a predictable, consistent way. foot view and drill in as needed.
Observability provides the framework to
allow you to do just that.

18
SECTION 09

Kubernetes

Oh... still reading, eh? Ok- here's what you


should focus on:
Pods - what are they and how to use
them
Services - what role do they play in k8s
PV & PVC - making data storage
available to your pods
Deployments - a specific k8s construct
(differing from the "d" in CI/CD)
Managing secrets in k8s
Building your own k8s cluster
Monitoring with Prometheus and
Grafana
Using ingress controllers
Who doesn't love Kubernetes? Evidently no Managing apps using helm
one according to #techtwitter! 🤣
Seriously though, if you jumped to this You don't need to go deep on these initially,
section first: you may want to rethink that but you do need to know what they are:
strategy. K8s is a beast of a topic and CoreDNS, k8s networking, k8s API,
makes more sense after you have a grasp control plane, nodes, kubelet, etcd
on the other topics in this guide.

One key objective for learning Kubernetes is


learning when you shouldn't use
Kubernetes. It's cool and flashy and
popular, but can become an unwieldy beast
that may not be needed at all for a lot of
environments.
With great power comes great responsibility

devopsfordevelopers.io/section-nine
19
Where to
next?
Choose from the following related topics for the
next stop on your journey

Networking Containers
Properly implemented networking is critical One hundred percent of K8S is implemented
to managing a secure K8S implementation. via containers. If you're not comfortable
That makes networking an excellent topic building and managing containers, it's an
to study next. excellent topic to dive into next.

Infrastructure as Code Observability


There are a lot of pieces to K8S, right? IaC With so many moving pieces in K8S,
provides a framework for managing those observability is critical for understanding
pieces. Study this next to learn how to build what's going on inside and where your
and deploy K8S as code, not mouse clicks. bottlenecks are. Plus, K8S has some
common integrations just for this task.

20
SECTION 10

Scripting

You can choose from a few different options


for scripting: BASH, Python, Javascript, or
Ruby.
I personally recommend BASH: it's
guaranteed to be on every system you ever
touch. Python is a great choice also, and
can double as your programming language
when you reach that point. I advise against
Javascript. Its asynchronous nature is not
suited for our use case. Ruby is fine but not
common. I'd only recommend it if you knew
you were going to be working in a Ruby
shop.
Scripting is a must-have skill for DevOps
and sysadmins alike. Scripting is your go-to Objectives:
resource when you need to make repetitive Making scripts executable
changes across multiple systems. Think Capturing input from keyboards and
about tasks like: computers
applying a security patch to 1000 Reading/writing to filesystems,
servers to close a security hole networks, and (in some cases)
copying millions of files from one databases
storage location to another Providing script feedback (output
digging through log files to identify a status) and reacting accordingly
specific scenario Executing scripts on remote computers
It also sets the stage for you to learn Using conditionals, variables, logic,
programming, which you will eventually do. functions, and proper syntax
Even after you know a coding language,
you'll still use scripting for those quick and
dirty tasks.

devopsfordevelopers.io/section-ten
21
Where to
next?
Choose from the following related topics for the
next stop on your journey

CI/CD Infrastructure as Code


Almost all CI/CD pipelines have some Managing IaC requires a lot of moving
scripts in them. That makes CI/CD an pieces. Put your scripting skills to the test by
excellent choice of study next, to learn tackling this section next and using your
where all these scripting skills come into scripts as the glue for your IaC.
play.

Containers Programming Language


It's common to see some scripts used in the If you enjoyed the power scripting gives you,
creation of containers, so it's an excellent you may want to dig further into this topic
place to study next and learn how to use by learning a programming language to see
your scripting skills to build fast, reliable, exactly how deep this rabbit hole goes.
secure containers.

22
SECTION 11

Programming

When choosing a language, I think there are


three top candidates:
Javascript (Node.js): It's 100% guaranteed
you will work with JS developers. It's in use
in every company.
Python: The tried and true old-timer in
sysadmin circles. It's also commonly used in
server applications as well.
Go: Unlike the other two, Go is a compiled
language and is gaining much adoption in
the DevOps space. A lot of the tools you will
work with on a daily basis are written in Go.

Objectives:
Since DevOps is a collaborative role Language syntax
between Development and Operations, it Workflow (i.e. git workflow)
makes sense that you will need at least a Variables, types, flow control, and logic
fundamental understanding of Reading and writing data to file objects
programming. and storage objects like databases,
In your career it will not be uncommon to message queues
debug code, contribute to code to help your Packaging and deploying your code
Development teams implement DevOps Debugging
practices, review code, and even create Handling errors
your own applications. Writing tests
Many aspiring DevOps engineers get
nervous when it comes to coding. In this
section, you'll learn the basics, giving you
the confidence to take on more challenges
and responsibilities.

devopsfordevelopers.io/section-eleven
23
Where to
next?
Choose from the following related topics for the
next stop on your journey

Infrastructure as Code CI/CD


If you're learning to code, you may as well The code you've learned to write has to be
apply it to your own job, right? IaC does just deployed somewhere to do anything, right?
that, allowing you to define and build your That makes CI/CD an excellent choice to
infrastructure using the coding skills study next to learn how to build and deploy
learned in this section. applications at scale.

AWS Observability
One of the interesting uses for programming You've built that killer app, but what's it
is in your AWS environment. AWS has a doing? That's a critical question. One that
complete SDK for many languages, studying observability will help you answer.
allowing you to leverage those
programming skills for your own good (or
evil, I'm not judging).

24
SECTION 12

Observability

Again, there is a bit of flexibility in the exact


tools you learn here, but the concepts are
the same. There are three areas to focus on:

Logging: applications create logs, which are


useful in understanding how the system is
performing. It's important to get the logs
into a centralized server so your team can
view them without needing to log into each
server. Logstash and Cloudwatch Logs are
great starting points for this.

Monitoring: We need a way to visualize and


track performance metrics to identify
If a tree falls in the forest when no one is capacity, load, and trends. Check out tools
around, does it make a sound? If a server like Prometheus, Grafana, and Datadog.
crashes when no one is around, does it Don't forget application-specific
make a sound? monitoring tools like Jaeger, Scout APM, and
I don't know about the former but I can say New Relic.
conclusively that latter will never happen.
Not due to some strange laws of nature, but Alerting: Using the data from the other two
because in this section you will learn how to categories, we can create alerts to let our
implement logging, monitoring, and team know when things have gone horribly
alerting to ensure no server crashes without wrong. That's a great thing. Your monitoring
an alert being raised and the proper on-call tools probably have this capability so be
resources notified. sure to use it. Also familiarize yourself with
Observability is in fact, the eyes and ears of PagerDuty.
your team for your applications.

devopsfordevelopers.io/section-twelve
25
Where to
next?
Choose from the following related topics for the
next stop on your journey

CI/CD Infrastructure as Code


CI/CD is one of those things that benefit With all of this monitoring in place, learning
from great observability. Knowing when how to respond to it in an automated
deploys happen and when they failed is fashion can dramatically improve your
good to know, so learning the ins and outs reliability and uptime. That involves IaC,
of CI/CD can be a great topic for your next which can make it a great topic to study
study session. next.

AWS Kubernetes
There are many places in AWS to put your Much like AWS, your K8S environment can
Observability skills to the test. Head on over put your Observability skills to the test.
to this section to learn more about AWS and Learning how to build, maintain, and
how to leverage the skills learned here. monitor K8S can be a great follow up to this
section.

26
Reach out!

PO Box 18733 Fountain Hills AZ 85268


devopsfordevelopers.io
[email protected]
@devopsfordevelopers

You might also like