DevOps, From First Principles
A first-principles guide to DevOps. We build understanding in dependency order — each topic only uses ideas already covered. For every tool and practice, keep asking one question: what manual, error-prone step does this remove — and how does it make production safer? That single thread runs through the whole book. Read in order, and after each page answer the Check your understanding questions in your own words. Depth over speed.
Part 0 · Foundations — Why DevOps Exists
- Overview — Why DevOps Exists
- The Wall Between Dev and Ops
- Feedback Loops & Why Speed Matters
- The Four Key Metrics (DORA)
- CALMS: DevOps Is Culture First
- Speed vs Stability: The False Tradeoff
Part 1 · Linux, Processes & the Shell
- Overview
- The Process Model
- The Filesystem & Permissions
- The Shell
- Package Management
- systemd & Services
- Logs & Troubleshooting
Part 2 · Networking for DevOps
- Overview
- The Network Stack (TCP/IP)
- DNS
- HTTP & TLS
- Ports & Firewalls
- Load Balancing & Proxies
- Service Discovery
Part 3 · Containers
- Overview
- Why Containers
- Namespaces & cgroups: What a Container Really Is
- Images & Layers
- Dockerfiles
- Registries
- Container Networking & Volumes
Part 4 · Orchestration with Kubernetes
- Overview
- Why Orchestration
- Kubernetes Architecture
- Pods & Workloads
- The Reconciliation Loop
- Services & Networking
- Ingress & Controllers
- Config & Secrets
- Storage & Stateful Workloads
- Scaling & Scheduling
- Helm & Packaging
Part 4½ · Kubernetes in Depth
The senior track for Kubernetes — the internals beneath the intro: how the API, scheduler, kubelet, networking, storage, security, and autoscaling actually work, and how to operate and debug a cluster.
- Overview — Kubernetes in Depth
- The API Machinery
- Controllers & Informers
- The Scheduler in Depth
- The Kubelet & Container Runtime
- Cluster Networking Internals
- Admission Control & Policy
- Security in Depth
- Storage Internals (CSI)
- Autoscaling Internals
- Resource Management & Node Pressure
- Cluster Lifecycle & Operations
- Debugging & Troubleshooting Kubernetes
Part 5 · CI/CD
- Overview
- What CI/CD Actually Is
- Continuous Integration
- Pipelines & Stages
- Jenkins: Architecture & the Controller/Agent Model
- The Jenkinsfile: Pipelines in Depth
- Artifacts & Registries
- Deployment Strategies
- GitOps
- GitOps with Argo CD
- Jenkins → Argo CD: Push-CI, Pull-CD
Part 6 · Infrastructure as Code
- Overview
- Why Infrastructure as Code
- Declarative vs Imperative
- Terraform
- State & Drift
- Configuration Management (Ansible)
- Immutable Infrastructure
Part 7 · Observability & SRE
- Overview
- The Three Pillars
- Logging
- Metrics
- Tracing
- SLOs & Error Budgets
- Incident Response & Postmortems
Part 8 · Security (DevSecOps)
- Overview
- Shift-Left Security
- Secrets Management
- Supply-Chain Security
- Image & Dependency Scanning
- Identity, RBAC & Network Policy
- Compliance as Code
Part 9 · Cloud & Scaling
- Overview
- Cloud Models (IaaS/PaaS/SaaS)
- Core Primitives
- Autoscaling
- Managed Services
- Cost & FinOps
- Multi-Region & Disaster Recovery
Part 10 · Advanced & Rare Concepts
The senior-level track — the patterns and failure modes most engineers learn the hard way.
- Overview — Advanced & Rare
- The Control Loop Is Everywhere
- Service Meshes & mTLS
- eBPF
- Progressive Delivery & Feature Flags
- Chaos Engineering
- Kubernetes Operators & CRDs
- Platform Engineering
- Supply-Chain Attacks
Part 11 · Hands-On — Ship It
The capstone — take a real service (“Snip,” from the System Design book) and ship it commit → production: containerize, CI/CD pipeline, observability, and a canary deploy.
- Overview — The Capstone
- The Plan: Commit → Production
- Containerize the App
- The CI Pipeline (GitHub Actions)
- The Observability Stack
- Canary Deploy
- Where to Go Next
Part 12 · Frontier & Field Notes
Where DevOps is heading as of 2024–2025 — platform engineering, FinOps, AIOps/LLMOps, WASM at the edge — paired with field notes from the decade’s real outages, read as missing-guardrail lessons.