DevOps
266 items tagged with "devops"
Best Practices19
CNCF Cloud-Native Definition & Principles
The CNCF’s formal definition of cloud-native computing and core principles for micro-services, containers, and dynamic orchestration.
Twelve-Factor App Methodology
Twelve practical guidelines for building modern, portable, cloud-ready web applications.
DORA Four Key Metrics
Research-backed metrics (deployment frequency, lead time, MTTR, change failure rate) for high-performing software teams.
CALMS DevOps Principles
Framework emphasising Culture, Automation, Lean, Measurement, and Sharing as pillars of DevOps success.
GitOps Principles v1
Declarative, verifiable and automated operations — using Git as the single source of truth for infra and apps.
Trunk-Based Development Guidelines
Branching strategy promoting short-lived branches, frequent commits to trunk, and feature flags.
Shift-Left Testing Manifesto
Encourages earlier testing (unit, security, performance) in the SDLC to catch defects sooner.
IBM Garage Methodology
End-to-end practices merging agile, DevOps, and design thinking for cloud transformation.
Terraform Module Design Patterns
Guidelines for writing reusable, versioned, and documented Terraform modules.
Immutable Infrastructure
An operations model where servers and components are never modified after deployment; changes ship as freshly built, versioned replacements rather than in-place edits.
Artifact Repository Management
The practice of storing, versioning, and governing build artifacts and dependencies in a dedicated repository so the same trusted binary is promoted from build to production.
Configuration as Code
Managing application and system configuration in version-controlled, machine-readable files instead of manual settings, making configuration reviewable, auditable, and reproducible.
Incident Management Best Practices
A structured process for detecting, coordinating, and resolving outages with clear roles, communication, and severity levels to restore service quickly.
On-Call Best Practices
Sustainable on-call practices covering rotation design, escalation, actionable alerts, runbooks, and workload limits to keep services reliable without burning out engineers.
Runbook Automation
Codifying operational procedures as automated, repeatable workflows so common incident responses and maintenance tasks run reliably with less manual toil.
Toil Reduction
Systematically identifying and eliminating repetitive, manual, automatable operational work so engineers can spend time on durable engineering instead.
InnerSource
InnerSource applies open source development practices inside an organization, letting teams share, contribute to, and reuse internal code through transparent, contribution-friendly repositories.
Platform Engineering
Platform engineering builds and runs internal self-service platforms and paved roads that let product teams ship software faster with lower cognitive load and consistent guardrails.
Internal Developer Platform
An Internal Developer Platform (IDP) is the self-service product built by platform teams that gives developers golden paths to provision, build, deploy, and operate software with built-in guardrails.
Patterns5
Feature Flags
Toggle functionality on or off without deploying new code
Externalized Configuration
Stores configuration outside the application artifact so the same build runs unchanged across environments.
External Configuration Store
Move configuration out of deployment packages into a central external store shared and updated across application instances.
Health Endpoint Monitoring
Expose health-check endpoints that monitoring tools and load balancers probe to verify an application is functioning correctly.
Secrets Rotation
Regularly replacing credentials, keys, and tokens, ideally automatically, to limit the time window in which a leaked or compromised secret is useful.
Anti-Patterns21
Hardcoding
Embedding values that should be configurable, such as URLs, paths, credentials, and limits, directly in source, forcing code changes to adapt.
Snowflake Server
A server hand-configured over time into a unique, irreproducible state that no one can recreate, document, or safely replace.
Configuration Drift
Environments that should be identical gradually diverge as undocumented manual changes accumulate, breaking reproducibility and causing inconsistent behavior.
Manual Deployment
Releasing software through hand-run steps and checklists instead of automation, producing slow, error-prone, irreproducible deploys that depend on individuals.
Works on My Machine
Code that runs only in a developer's local setup because of undeclared dependencies and environment assumptions, then fails everywhere else.
Environment Parity Gap
Development, staging, and production environments differ enough that testing in one gives little confidence about behavior in another.
ClickOps
Provisioning and changing cloud infrastructure by hand through web consoles, producing undocumented, irreproducible, and unauditable configuration.
No Infrastructure as Code
Running infrastructure without any code-based definition, so it cannot be versioned, reviewed, reproduced, or recovered systematically.
Pets vs Cattle (Pet Servers)
Treating individual servers as irreplaceable pets that are named, nurtured, and manually healed, instead of disposable cattle that are replaced on failure.
Monolithic Pipeline
A single, all-or-nothing CI/CD pipeline that builds, tests, and deploys everything together, making it slow, fragile, and hard to change safely.
Flaky Pipeline
A CI/CD pipeline that fails intermittently for reasons unrelated to the code change, eroding trust and training teams to ignore red builds.
No Rollback Plan
Deploying with no tested, fast way to revert, so a bad release means scrambling under pressure while the outage drags on.
Deploy and Pray
Pushing releases to production with no automated verification, monitoring, or rollback, then hoping nothing breaks instead of knowing it works.
No Monitoring (Flying Blind)
Running production systems with no metrics, logs, or alerts, so problems are invisible until users complain and incidents cannot be diagnosed.
Alert Fatigue
So many low-value or noisy alerts fire that responders become desensitized and start ignoring them, including the ones that actually matter.
Log Everything (Logging Noise)
Logging indiscriminately at high verbosity, burying useful signal in a flood of low-value messages while driving up storage cost and slowing search.
Latest Tag in Production
Deploying container images by the mutable :latest tag, so production runs an unknown, changing version that cannot be reliably reproduced or rolled back.
Hardcoded Secrets
Embedding API keys, passwords, or tokens directly in source code, where they leak through version control, logs, and shared binaries.
Default Credentials
Shipping or deploying systems with vendor default usernames and passwords left unchanged, an instantly exploitable and heavily automated attack vector.
Hero Culture
A team that depends on a few individuals heroically saving the day, rewarding firefighting over the boring, systemic work that prevents fires.
Water-Scrum-Fall
A hybrid where agile ceremonies are bolted onto a waterfall lifecycle, with up-front planning and big-bang release bookending a thin layer of Scrum.
Tutorials38
Containerizing a Node.js Application
Learn to create optimized Docker containers for Node.js applications
Infrastructure as Code with Terraform on AWS
Define and provision AWS infrastructure using Terraform
CI/CD Pipeline with GitHub Actions
Set up a complete CI/CD pipeline using GitHub Actions
Setting Up a Monorepo with Turborepo
Create and manage a monorepo using Turborepo for efficient builds
Local Development with Docker Compose
Set up a complete development environment with Docker Compose
How to build and optimize Docker images for smaller, faster builds
Reduce Docker image size and build time with layer ordering, .dockerignore, and build cache strategies.
How to use multi-stage Docker builds to shrink production images
Separate build and runtime stages so compilers and dev dependencies stay out of the final image.
How to run a multi-container app with Docker Compose
Define an app, a database, and a cache as services in one Compose file with networks, volumes, and health checks.
How to deploy an application to Kubernetes with Deployment and Service
Package an image into a Kubernetes Deployment and expose it with a Service, then scale and roll out updates.
How to package a Kubernetes app with a Helm chart
Create a reusable Helm chart with templated manifests and values so one app deploys cleanly across environments.
How to configure liveness, readiness, and startup probes in Kubernetes
Add health probes so Kubernetes restarts unhealthy pods and only routes traffic to ready ones.
How to set up GitOps continuous delivery with Argo CD
Deploy and sync Kubernetes manifests from Git using Argo CD Applications with automated, self-healing syncs.
How to manage Kubernetes manifests across environments with Kustomize
Use a base plus overlays to customize Kubernetes manifests per environment without templating or duplication.
How to build a GitHub Actions pipeline for a web app
Create a complete GitHub Actions workflow that lints, tests, and builds an application on every push and pull request.
How to set up a GitLab CI/CD pipeline
Configure a .gitlab-ci.yml pipeline with stages for testing, building, and deploying using GitLab runners.
How to create a reusable GitHub Actions workflow
Build a callable workflow with inputs and secrets so multiple repositories share one tested CI definition.
How to run matrix builds in CI
Use a build matrix to test your code across multiple language versions and operating systems in parallel.
How to provision an AWS VPC with Terraform
Write Terraform configuration to create a VPC, subnets, and routing, then apply and destroy it safely.
How to write a reusable Terraform module
Package infrastructure into a Terraform module with variables and outputs so it can be reused across environments.
How to configure Terraform remote state with locking
Store Terraform state in a remote backend with state locking so a team can collaborate without corrupting state.
How to manage infrastructure with OpenTofu
Install OpenTofu and run the init, plan, and apply workflow as a drop-in, open-source alternative to Terraform.
How to provision cloud infrastructure with Pulumi
Define cloud resources in a general-purpose programming language using Pulumi and deploy them with up and destroy.
How to write an Ansible playbook to configure servers
Build an inventory and an idempotent Ansible playbook to install and configure software across multiple servers.
How to set up GitOps with Argo CD
Deploy applications to Kubernetes declaratively by syncing manifests from Git using Argo CD.
How to implement GitOps with Flux
Bootstrap Flux into a Kubernetes cluster and reconcile workloads from Git using GitRepository and Kustomization resources.
How to speed up CI builds with caching
Cache dependencies and build outputs in CI to cut pipeline time, with correct cache keys and invalidation.
How to publish a Docker image to a registry from CI
Build a Docker image in CI and push it to a container registry with proper tags and authentication.
How to adopt a trunk-based development workflow
Move to short-lived branches and continuous integration into a single trunk, using feature flags to ship safely.
How to build an environment promotion pipeline
Promote a single build artifact through dev, staging, and production with gated approvals instead of rebuilding per stage.
How to manage secrets securely in CI pipelines
Store, inject, and mask secrets in CI without leaking them, using scoped credentials and short-lived tokens.
How to generate an SBOM in your CI pipeline
Produce a software bill of materials for every build in CI and attach it as an artifact for compliance and security.
How to sign container images with Cosign
Sign and verify container images with Cosign keyless signing to secure your software supply chain.
How to set up self-hosted CI runners
Register and harden self-hosted runners to run CI jobs on your own hardware for performance and network access.
How to deploy Helm charts to Kubernetes from CI
Package an application as a Helm chart and deploy it to Kubernetes from a CI pipeline with per-environment values.
How to scan infrastructure-as-code for misconfigurations in CI
Add automated IaC security scanning to CI to catch insecure Terraform and Kubernetes configuration before it ships.
How to set up a CircleCI pipeline with workflows
Configure a CircleCI pipeline using jobs, workflows, and orbs to test and deploy an application.
How to manage versioned database migrations with Flyway
Set up Flyway, write versioned SQL migrations, and apply them repeatably across environments with validation and history tracking.
How to manage database migrations with Liquibase changelogs
Define schema changes in declarative Liquibase changesets, apply and roll them back, and track state across environments.
Blueprints19
On-Premises to Kubernetes Blueprint
Complete guide for migrating on-premises workloads to Kubernetes
VM to Containers Blueprint
Step-by-step guide for containerizing VM-based applications
Heroku to Kubernetes Blueprint
Migration from Heroku PaaS to self-managed Kubernetes
Jenkins to GitHub Actions Blueprint
CI/CD migration from Jenkins to GitHub Actions
Webpack to Vite Blueprint
Build tool migration from Webpack to Vite
Create React App to Vite Blueprint
Migration from Create React App to Vite
ESLint to Biome Blueprint
Linting migration from ESLint/Prettier to Biome
Physical Servers to Kubernetes Blueprint
Modernize applications running on bare-metal physical servers into containers orchestrated by Kubernetes, with phased discovery and re-platforming.
Jenkins to GitLab CI/CD Blueprint
Migrate Jenkins freestyle and pipeline jobs to GitLab CI/CD with pipeline-as-code, runners, and merge request pipelines.
Manual Deployments to Argo CD GitOps Blueprint
Replace manual kubectl and script-based deploys with Argo CD GitOps so Git is the single source of truth for Kubernetes state.
Manual Deployments to Flux GitOps Blueprint
Adopt Flux CD to reconcile Kubernetes clusters from Git, replacing manual deploys with declarative, pull-based GitOps and automated image updates.
ClickOps to Terraform Blueprint
Codify manually provisioned cloud resources into Terraform infrastructure-as-code with import, modules, remote state, and CI-driven plans.
Terraform to OpenTofu Blueprint
Migrate Terraform projects to OpenTofu, the open-source fork, with version pinning, state compatibility checks, and CI updates.
VM Monitoring to Prometheus and Grafana Blueprint
Replace legacy agent-based VM monitoring with Prometheus metrics, exporters, and Grafana dashboards using the RED and USE methodologies.
Ad-hoc Logging to OpenTelemetry Blueprint
Unify scattered logs, metrics, and traces under OpenTelemetry with the Collector, semantic conventions, and vendor-neutral export.
Self-Managed CI to Internal Developer Platform Blueprint
Evolve fragmented self-managed CI/CD into an internal developer platform with golden paths, self-service, and a service catalog.
Snowflake Servers to Immutable Infrastructure Blueprint
Replace hand-tuned snowflake servers with immutable infrastructure built from versioned images and replaced, never patched, in place.
CircleCI to GitHub Actions Blueprint
Migrate CircleCI pipelines to GitHub Actions with reusable workflows, matrix builds, OIDC cloud auth, and self-hosted runners.
Manual VM Configuration to Ansible Blueprint
Replace manual SSH server configuration with idempotent Ansible playbooks, roles, and inventory for repeatable configuration management.
Migrations4
CircleCI to GitHub Actions Migration
Migrate CircleCI configs to GitHub Actions workflows with caching and secrets mapping
CloudFormation to Terraform Migration
Convert AWS CloudFormation templates to Terraform HCL
GitLab CI to GitHub Actions Migration
Migrate `.gitlab-ci.yml` pipelines to GitHub Actions workflows with runner and secret strategy
Jenkins to GitHub Actions Migration
Migrate CI/CD pipelines from Jenkins to GitHub Actions workflows with secrets and runner strategy
Products11
Docker
Platform for developing, shipping, and running containerized applications
Kubernetes
Container orchestration platform for automating deployment
Helm
Package manager for Kubernetes
Pulumi
Infrastructure as Code using real programming languages
Argo CD
Declarative GitOps continuous delivery for Kubernetes
Jenkins
Open source automation server for CI/CD
GitHub Actions
CI/CD platform integrated with GitHub
GitLab CI/CD
Built-in CI/CD for GitLab
CircleCI
Cloud-based CI/CD platform
AWS Lambda
Serverless compute service from Amazon Web Services
Caddy
Fast, multi-platform web server with automatic HTTPS
Reference Architectures4
ECS Fargate Microservices Platform
A serverless container microservices platform on AWS ECS Fargate with service discovery, autoscaling, and no servers to manage.
Batch Jobs Platform on Kubernetes
A Kubernetes-native batch platform using job queues and Argo Workflows to run scheduled and on-demand container jobs at scale.
Observability and SLO Platform on Kubernetes
Unified metrics, logs, and traces platform with OpenTelemetry, Prometheus, and SLO-based alerting on Kubernetes.
Chaos Engineering and Resilience Platform on AWS
Controlled fault-injection platform that validates resilience hypotheses against production-like systems safely.
Playbooks16
Microservices Migration Playbook
Complete operational guide for decomposing a monolith into microservices
DevOps Adoption Playbook
Organization-wide DevOps transformation playbook
Kubernetes Platform Adoption Playbook
A phased program to stand up a production-grade internal Kubernetes platform and onboard application teams onto golden paths.
Hybrid Cloud Operating Model Playbook
A phased program to run on-premises and public cloud as one operating model with consistent identity, networking, governance, and delivery.
Container Platform Migration Playbook
A phased program to migrate workloads from VMs and Docker Compose onto a managed container platform with standardized build and deploy.
Infrastructure as Code Adoption Playbook
A phased program to bring an ad-hoc cloud estate under infrastructure as code with modules, pipelines, and policy enforcement.
Platform Engineering Program Playbook
A phased program to build an internal developer platform with golden paths and self-service that reduce cognitive load across product teams.
Framework Upgrade Program Playbook
A repeatable program for keeping backend frameworks current through routine, low-risk major-version upgrades across a portfolio.
CI/CD Modernization Playbook
A phased program to move from manual or brittle pipelines to fast, secure, pipeline-as-code delivery with automated gates.
GitOps Adoption Playbook
A program to make Git the single source of truth for infrastructure and deployments using declarative, continuously reconciled delivery.
Terraform and IaC Rollout Playbook
A program to introduce Terraform-based infrastructure as code across teams with reusable modules, secure state, and policy guardrails.
Platform Engineering and Internal Developer Platform Playbook
A program to build an internal developer platform with golden paths, self-service infrastructure, and a service catalog that reduces cognitive load.
Secrets Management Program Playbook
A program to eliminate hardcoded secrets and adopt centralized, rotated, least-privilege secret storage with dynamic and short-lived credentials.
Container Migration Program Playbook
A program to migrate VM-based and legacy applications into containers with hardened images, registries, and orchestrated deployment.
Cloud Cost and FinOps Program Playbook
A program to bring financial accountability to cloud spend through cost visibility, allocation, optimization, and continuous governance.
MLOps Platform Build Playbook
A phased program to stand up an end-to-end MLOps platform covering feature stores, training pipelines, model registry, and automated deployment.
Checklists16
Kubernetes Production Readiness Checklist
Confirm a Kubernetes cluster and its workloads are secure, observable, and resilient before serving production traffic.
Terraform Module Review Checklist
Review a Terraform module for correctness, reusability, security, and maintainability before publishing it for shared use.
GitOps Adoption Readiness Checklist
Verify the prerequisites for declarative, Git-driven Kubernetes delivery are in place before adopting GitOps.
Infrastructure-as-Code Migration Readiness Checklist
Confirm you are ready to bring an existing manually managed cloud estate under infrastructure-as-code without disruption.
Dependency Upgrade Safety Checklist
Safety checks for upgrading application dependencies, covering semver risk, testing, security, and staged rollout.
Production Go-Live Readiness Checklist
End-to-end verification that a service is ready to serve real users in production, covering scaling, monitoring, security, and rollback.
CI/CD Pipeline Review Checklist
A structured review of a continuous integration and delivery pipeline for correctness, speed, security, and reproducibility.
GitOps Readiness Checklist
Verify that infrastructure and application delivery follow GitOps principles with Git as the single source of truth and automated reconciliation.
Release & Deployment Cutover Checklist
Coordinate a controlled cutover from an old release or system to a new one, with sequencing, validation, and an explicit abort path.
Rollback Readiness Checklist
Confirm a service can be reverted to a known-good state quickly and safely, covering artifacts, data, configuration, and traffic.
Incident Response Readiness Checklist
Verify the people, processes, and tooling needed to detect, respond to, and learn from production incidents are in place.
On-Call Handover Checklist
Ensure a clean transfer of on-call responsibility with full context on ongoing issues, risks, and operational state.
Observability & SLO Review Checklist
Assess whether a service is observable enough to operate, with meaningful SLOs, golden-signal metrics, tracing, and actionable alerts.
Infrastructure as Code Review Checklist
Review Terraform or equivalent IaC for security, modularity, state safety, and reproducibility before it provisions production.
Disaster Recovery Readiness Checklist
Confirm an organization can recover critical services and data within defined objectives after a major failure.
Platform Engineering & Internal Developer Platform Readiness Checklist
Assess readiness to build an internal developer platform that provides self-service, paved-path delivery for product teams.
Stacks4
GitOps Stack (ArgoCD + Terraform)
GitOps delivery: Terraform provisions infrastructure declaratively while ArgoCD continuously syncs Kubernetes application state from Git as the source of truth.
Spinnaker Continuous Delivery
An open-source, multi-cloud continuous delivery platform for managing complex deployment pipelines with advanced strategies like canary, blue-green, and rollback.
Jenkins + Nexus
A self-hosted CI and artifact-management stack pairing Jenkins automation pipelines with Sonatype Nexus as a binary repository for builds and dependencies.
Tekton + Argo CD
A Kubernetes-native CI/CD stack pairing Tekton pipelines for in-cluster continuous integration with Argo CD for GitOps-based continuous delivery.
Comparisons26
EKS vs GKE
Amazon EKS and Google GKE are the leading managed Kubernetes services. GKE is more automated and mature; EKS offers deepest AWS integration.
Terraform vs Pulumi
Terraform uses a declarative DSL (HCL) for infrastructure as code; Pulumi lets you define infrastructure in general-purpose languages like TypeScript, Python, or Go.
Terraform vs CloudFormation
Terraform is a multi-cloud IaC tool; AWS CloudFormation is AWS's native infrastructure-as-code service. Terraform wins on portability; CloudFormation on AWS depth.
OpenTofu vs Terraform
OpenTofu is the open-source fork of Terraform created after HashiCorp's BSL license change. The two are largely compatible but differ on licensing and governance.
Docker vs Podman
Docker is the original container engine with a central daemon; Podman is a daemonless, rootless-friendly, drop-in alternative with strong Kubernetes affinity.
Kubernetes vs Nomad
Kubernetes is the dominant, feature-rich container orchestrator; HashiCorp Nomad is a simpler, lightweight scheduler for containers and non-containerized workloads.
Helm vs Kustomize
Helm packages Kubernetes apps as templated, versioned charts; Kustomize overlays plain YAML without templates. Helm suits distribution; Kustomize suits simple in-house config.
ArgoCD vs Flux
Argo CD and Flux are the two leading GitOps continuous delivery tools for Kubernetes. Argo CD offers a rich UI; Flux is lightweight and Kubernetes-native by design.
Ansible vs Terraform
Ansible is a configuration-management and automation tool; Terraform is a declarative infrastructure-provisioning tool. They overlap but solve different core problems.
Monorepo vs Polyrepo
A monorepo stores many projects in one repository; a polyrepo splits them across many. The choice shapes code sharing, tooling, and team autonomy.
Traefik vs NGINX
Traefik is a cloud-native reverse proxy with automatic service discovery; NGINX is a mature, high-performance web server and proxy with manual configuration.
AWS CDK vs Terraform
The AWS CDK defines infrastructure in real programming languages that compile to CloudFormation; Terraform uses declarative HCL across many clouds. Code power versus multi-cloud reach.
containerd vs CRI-O
containerd and CRI-O are the two main Kubernetes container runtimes. containerd is general-purpose and widely adopted; CRI-O is minimal and Kubernetes-only by design.
Vault vs AWS Secrets Manager
HashiCorp Vault is a powerful, cloud-agnostic secrets and identity platform; AWS Secrets Manager is a managed, AWS-native secrets store. Power and portability versus simplicity.
Crossplane vs Terraform
Crossplane manages cloud infrastructure through the Kubernetes API with continuous reconciliation; Terraform uses a standalone CLI and declarative HCL with explicit plan/apply.
GitHub Actions vs GitLab CI/CD
Both run pipelines defined in YAML next to your code. GitHub Actions centers on a marketplace of reusable actions; GitLab CI/CD ships an integrated DevOps platform.
GitHub Actions vs Jenkins
GitHub Actions is a managed, YAML-driven CI/CD service tied to GitHub; Jenkins is a self-hosted, plugin-rich automation server with maximum flexibility.
CircleCI vs GitHub Actions
CircleCI is a dedicated cloud CI/CD platform known for speed and orbs; GitHub Actions is GitHub's native automation with a huge action marketplace.
Prometheus vs Datadog
Prometheus is an open-source, self-hosted metrics and alerting system; Datadog is a hosted, all-in-one observability SaaS spanning metrics, logs, and traces.
OpenTelemetry vs Vendor Agents
OpenTelemetry is an open, vendor-neutral standard for collecting telemetry; proprietary vendor agents are tightly integrated SDKs from a single observability provider.
HashiCorp Vault vs Cloud Secrets Manager
Vault is a powerful, cloud-agnostic secrets and identity platform; cloud-native secrets managers are simpler, fully managed services tied to one cloud.
npm vs pnpm
npm is Node's default package manager; pnpm is a faster, disk-efficient alternative using a content-addressable store and strict dependency isolation.
pnpm vs Yarn
Both are alternative Node package managers. pnpm focuses on a strict, disk-efficient store; Yarn (Berry) offers Plug'n'Play and a flexible plugin architecture.
Webpack vs Vite
Webpack is a mature, highly configurable bundler; Vite is a faster modern build tool using native ESM in dev and Rollup for production builds.
ESLint vs Biome
ESLint is the established, plugin-rich JavaScript linter; Biome is a fast, Rust-based all-in-one linter and formatter with minimal configuration.
Terraform vs Ansible
Terraform is a declarative infrastructure-provisioning tool; Ansible is a procedural configuration-management and automation tool. They solve different DevOps problems.
Benchmarks5
Terminal-Bench
An agentic benchmark evaluating models on completing real command-line tasks inside a sandboxed terminal, verified by automated checks.
Build-Time Benchmark
Measures how long it takes to compile and package software, a key developer-productivity and CI-cost metric across clean, incremental, and cached builds.
DORA Metrics Benchmark
Measures software delivery and operational performance via four key metrics: deployment frequency, lead time, change failure rate, and time to restore.
CI Build Time (p95) Benchmark
Measures continuous-integration pipeline duration, focusing on the p95 build time and its phases, to quantify developer feedback latency.
CI/CD Pipeline Reliability Benchmark
Measures how dependably a delivery pipeline succeeds, reporting pass rate, infrastructure-failure share, and mean time to recover a broken pipeline.
FAQs15
What is a container?
A container is a lightweight, standalone unit that packages an application together with its dependencies, libraries, and configuration so it runs con...
What is Kubernetes?
Kubernetes is an open-source platform for automating the deployment, scaling, and operation of containerized applications. It groups containers into l...
What is a container image?
A container image is a read-only template that contains everything needed to run an application: code, runtime, libraries, environment variables, and ...
What is a container registry?
A container registry is a storage and distribution system for container images, allowing them to be pushed after a build and pulled at deployment time...
What is infrastructure as code?
Infrastructure as code (IaC) is the practice of defining and provisioning infrastructure, such as servers, networks, and databases, through machine-re...
What is container orchestration?
Container orchestration is the automated management of the lifecycle of containers across a cluster of machines, including scheduling, scaling, networ...
What is software supply-chain security?
Software supply-chain security protects the integrity of everything that goes into building and delivering software: source code, third-party dependen...
What is a secret manager?
A secret manager is a dedicated service that securely stores, controls access to, and audits sensitive credentials such as API keys, database password...
What is MLOps?
MLOps is a set of practices for reliably building, deploying, monitoring, and maintaining machine learning systems in production, applying DevOps prin...
What is CI/CD?
CI/CD stands for Continuous Integration and Continuous Delivery (or Deployment). Continuous Integration means developers merge code into a shared bran...
What is GitOps?
GitOps is an operational model where the desired state of infrastructure and applications is declared in a Git repository, and an automated controller...
What is the difference between blue-green and canary deployments?
Both are strategies for releasing new versions with minimal risk. In a blue-green deployment you run two identical environments—one live (blue) and on...
What is the difference between observability and monitoring?
Monitoring is collecting and alerting on predefined metrics and checks—it answers known questions like 'is CPU above 90%?' Observability is the broade...
What is a feature flag?
A feature flag (or feature toggle) is a configuration switch that turns functionality on or off at runtime without deploying new code. It lets teams d...
What is chaos engineering?
Chaos engineering is the practice of deliberately injecting failures into a system to test its resilience before real incidents expose weaknesses. Tea...
Glossaries62
Microservices
An architectural style structuring an application as a collection of loosely coupled, independently deployable services
CI/CD
Continuous Integration and Continuous Deployment - practices for automating code integration and delivery
Infrastructure as Code
Managing and provisioning infrastructure through machine-readable configuration files
Rollback
Reverting a system to a previous version after a failed deployment or migration
CloudFormation
AWS service that provides infrastructure as code capabilities for provisioning and managing AWS resources using templates
Disaster Recovery
A set of policies, tools, and procedures to enable the recovery of vital technology infrastructure after a natural or human-induced disaster
Docker
A platform for developing, shipping, and running applications in containers, providing consistent environments across development and production
Envoy
A high-performance open-source edge and service proxy designed for cloud-native applications, commonly used in service mesh architectures
Flyway
An open-source database migration tool that uses SQL scripts to version control and apply database schema changes
Istio
An open-source service mesh platform that provides traffic management, security, and observability for microservices architectures
Kubernetes
An open-source container orchestration platform for automating deployment, scaling, and management of containerized applications
Liquibase
An open-source database schema change management tool that tracks, versions, and deploys database changes
Maintenance
Ongoing activities to keep software systems operational, including bug fixes, updates, and performance improvements
Pulumi
An infrastructure as code platform that allows defining cloud infrastructure using general-purpose programming languages
Restore
The process of recovering data, systems, or applications from backups after data loss, corruption, or disaster
Terraform
An open-source infrastructure as code tool that enables defining and provisioning infrastructure across multiple cloud providers
Backup
A copy of data or system configurations stored separately to enable recovery in case of data loss, corruption, or disaster
Business Continuity
Planning and preparation to ensure that critical business functions can continue during and after a disaster or disruption
Patching
The process of applying updates to software to fix bugs, address security vulnerabilities, or add minor improvements
Support
Ongoing assistance provided to users and systems to ensure proper operation, troubleshoot issues, and maintain service levels
Data Protection
Practices and technologies to safeguard data from unauthorized access, corruption, or loss
Git
A distributed version control system for tracking changes in source code during software development
Helpdesk
A resource for users to get technical support, troubleshoot issues, and receive assistance with software or systems
MongoDB
A popular open-source document-oriented NoSQL database designed for scalability and flexibility
Monitoring
The practice of observing and tracking system performance, health, and behavior in real-time
Security
Measures and practices to protect systems, networks, and data from unauthorized access and threats
Updates
Changes or improvements applied to software to fix issues, add features, or enhance security
Platform as a Service (PaaS)
Platform as a service is a cloud model that provides a managed application platform, handling servers, runtimes, and scaling so developers focus on code rather than infrastructure.
Autoscaling
Autoscaling is the automatic adjustment of the number of running compute instances or resources based on demand, metrics, or schedules, without manual intervention.
Container
A container is a lightweight, isolated unit that packages an application together with its dependencies and runs as an isolated process on a shared host operating system kernel.
Container Image
A container image is an immutable, read-only template containing an application and its dependencies, packaged as ordered filesystem layers from which running containers are created.
Container Registry
A container registry is a service that stores, versions, and distributes container images, allowing clients to push built images and pull them for deployment.
Pod
A pod is the smallest deployable unit in Kubernetes, consisting of one or more tightly coupled containers that share a network namespace, storage volumes, and lifecycle.
Deployment (Kubernetes)
A Kubernetes Deployment is a controller that declaratively manages a set of identical pods, handling rollouts, rollbacks, and scaling by maintaining the desired number of replicas.
ReplicaSet
A ReplicaSet is a Kubernetes controller that ensures a specified number of identical pod replicas are running at all times, recreating pods that fail or are deleted.
ConfigMap
A ConfigMap is a Kubernetes object that stores non-confidential configuration data as key-value pairs, decoupling configuration from container images so applications can be configured per environment.
Helm Chart
A Helm chart is a packaged, templated, and versioned collection of Kubernetes manifests that Helm uses to install, upgrade, and manage an application as a single releasable unit.
Operator Pattern
The Operator pattern is a Kubernetes approach that encodes operational knowledge for a specific application into custom controllers and custom resources, automating tasks like deployment, upgrades, backup, and failover.
Software Bill of Materials (SBOM)
A software bill of materials is a formal, machine-readable inventory of all components, libraries, and dependencies that make up a piece of software, along with their versions and relationships.
Software Supply Chain Security
Software supply chain security is the practice of protecting every stage of building and delivering software, from dependencies and build systems to distribution, against tampering and compromise.
Provenance
Provenance is verifiable metadata that records where a software artifact came from and how it was built — its source, build system, and inputs — so consumers can trace and trust it.
DSSE (Dead Simple Signing Envelope)
DSSE is a standard format for wrapping a payload together with its signature so the signed content and its type are bound and tamper-evident.
SLSA (Supply-chain Levels for Software Artifacts)
SLSA is a security framework that defines graduated levels of build integrity and provenance for software artifacts, so teams can measure and improve how trustworthy their builds are.
Continuous Integration (CI)
A practice where developers merge code changes into a shared repository frequently, with each merge automatically built and tested to catch integration problems early.
Continuous Delivery (CD)
A practice where software is kept in a releasable state at all times, with every change automatically built, tested, and prepared for deployment, leaving the final release as a manual decision.
Continuous Deployment
A practice where every change that passes the automated pipeline is released to production automatically, with no manual approval step.
GitOps
An operational model in which the desired state of infrastructure and applications is declared in a Git repository and automatically reconciled into the running environment by an agent.
Canary Deployment
A release strategy in which a new version is rolled out to a small subset of users or servers first, so its behavior can be observed before exposing the whole user base.
Observability
The degree to which the internal state of a system can be understood from the external data it produces, typically its metrics, logs, and traces.
Telemetry
The automated collection and transmission of measurement data from a running system to a remote location for monitoring and analysis.
Distributed Tracing
A technique that follows a single request as it propagates across multiple services, recording timing and context at each step to reveal the end-to-end path.
Span
The basic unit of work in distributed tracing, representing a single named, timed operation with a start, an end, and contextual attributes.
Metric
A numeric measurement of some aspect of a system captured over time, such as request rate, error count, or memory usage, used for monitoring and alerting.
Structured Logging
The practice of emitting log entries as machine-readable structured data, typically key-value pairs or JSON, rather than free-form text strings.
Service Level Objective (SLO)
A target value or range for a service level indicator over a period of time, expressing the desired level of reliability for a service.
Service Level Indicator (SLI)
A quantitative measure of a specific aspect of a service's level of service, such as the proportion of successful requests or requests served within a latency threshold.
Error Budget
The maximum amount of unreliability a service is allowed over a period, calculated as the difference between 100% and its service level objective.
Toil
Manual, repetitive, automatable operational work that scales linearly with service size and provides no lasting value, a key target for reduction in site reliability engineering.
Incident Management
The coordinated process for detecting, responding to, mitigating, and resolving unplanned disruptions to a service, then learning from them.
Postmortem
A written, blameless analysis produced after an incident that documents what happened, the impact, the root causes, and the actions to prevent recurrence.
On-Call
An arrangement in which designated engineers are available to respond to alerts and incidents outside normal working hours, usually on a rotating schedule.
Mean Time to Recovery (MTTR)
The average time taken to restore a service after a failure, measured from the start of an incident to its resolution.