Skip to content

Where to Go Next

We did it. One commit to Snip — a change to a small URL shortener — travelled all the way to production without a single human touching prod. This is the last page of the book, so we’ll do three things: recap the journey honestly, be clear about what we left out and why, and point at where to go deeper.

Trace the path one more time, now that every box is a file you’ve seen:

edit + git push + PR
└─► CI: lint · test · build · Trivy scan · cosign sign · push
└─► immutable image ghcr.io/acme/snip:<git-sha>
└─► bump tag in the snip-config git repo
└─► Argo CD reconciles cluster ← git
└─► Argo Rollouts canary
10% ─ analyze SLOs ─ 50% ─ analyze ─ 100%
├─ healthy? promote
└─ bad? auto-rollback
└─► users

Every arrow used to be a manual, error-prone human step. Reading them off — and naming the safety each one bought — is the recurring thread of the whole book, now concrete:

StepManual step it removedSafety it bought
ContainerizeAssembling a runtime by hand per serverSame bytes everywhere; minimal, non-root attack surface
CI pipeline”Build it, run the tests I remember”Gated, identical-every-time proof; nothing broken ships
ObservabilityGuessing health by tailing logsReal signals to alert on — and to decide on
CanaryBig-bang cut-over watched by a humanTiny blast radius; automatic, metric-driven rollback

None of it was new in this Part. It was Containers, CI/CD, Observability, and Orchestration wired together around one boring service. That’s the lesson worth keeping: the magic isn’t any single tool — it’s the composition, every link removing a manual step and adding a safety property, until the whole path from keyboard to user is deterministic, gated, and reversible.

A capstone that pretended to cover everything would be lying. Snip is one small service shipped by one small team to one cluster, and that simplicity let every idea stay legible. Real organizations carry weight we set aside on purpose. Naming it is part of being honest about where you are:

  • Multi-team and org scale. One repo, one pipeline, one on-call. At scale you hit shared platforms, golden paths, internal developer portals, and the politics of who owns what — the subject of platform engineering.
  • Multi-cluster and multi-region. We shipped to one cluster. Real availability means several, across regions, with failover, data replication, and traffic steering — the world of multi-region & DR.
  • Cost. We never once asked what Snip costs to run. At scale, cost and FinOps becomes a first-class constraint, not an afterthought.
  • Stateful complexity. Snip leans on Postgres and Redis but we treated them as given. Running stateful systems well — backups, migrations, failover — is its own deep discipline (storage & stateful).
  • The human layer. Incident command, on-call rotations, blameless postmortems, the CALMS culture that makes any of this stick. Tools don’t run themselves; people do.

Three directions, each a natural continuation of a thread this book started. Pick the one that matches the problem in front of you.

SRE depth — run it, don’t just ship it

Section titled “SRE depth — run it, don’t just ship it”

This book got the change to production. Keeping it healthy at scale is Site Reliability Engineering. Go deeper on SLOs and error budgets as a way to budget risk, on incident response and postmortems as a discipline, and on chaos engineering — deliberately breaking things to prove your recovery actually works before an outage proves it doesn’t. The canary you built is one control loop; SRE is the practice of building and trusting many of them. The Google SRE books are the canonical text.

Platform engineering — make this path the default for everyone

Section titled “Platform engineering — make this path the default for everyone”

You built one golden path for one service. The next problem is: how does every team get this, without each reinventing the pipeline? That’s platform engineering — turning the pipeline you just built into a paved road, a self-service internal platform with sane defaults, guardrails, and a great developer experience. The shift is from “I can ship Snip safely” to “any engineer here can ship anything safely, by default.”

Security depth — trust the whole chain, not just the code

Section titled “Security depth — trust the whole chain, not just the code”

We scanned and signed Snip’s image, but supply-chain security goes much deeper. Study supply-chain attacks and the full supply-chain security picture — SBOMs, provenance attestations, verifying signatures at admission so the cluster refuses unsigned images, and identity, RBAC, and network policy to contain what runs. The principle generalizes the whole book: don’t trust, verify — at every link in the chain.

If you remember one thing, remember the question this book asked on every page: what manual, error-prone step does this remove, and how does it make production safer? It is not a slogan; it is a tool. Point it at any new technology you meet — a service mesh, a new deployment controller, some acronym that doesn’t exist yet — and ask it those two questions. What toil does this kill? What does it make safe that wasn’t? If a tool can’t answer both, be suspicious. If it answers both clearly, you’ll understand it faster than any tutorial could teach you, because you’ll understand why it exists.

That’s the whole game. Speed and stability are not opposites; the same automation that removes manual steps removes both delay and mistakes. You started this book with a release as a terrifying manual event. You end it with a release as a boring, automatic, reversible non-event — which is exactly what a release should be. Now go build the boring, safe machine for something real.

  1. The recap table pairs each capstone step with a manual step removed and a safety bought. Pick any two steps and explain both halves in your own words.
  2. The page argues “the magic isn’t any single tool — it’s the composition.” What does that mean, and why would adopting just one of these tools in isolation deliver less safety?
  3. Four things were deliberately left out (multi-team, multi-cluster/region, cost, the human layer). Pick one and explain why Snip’s simplicity let us set it aside without the lesson being wrong.
  4. The book’s recurring question is offered as a reusable tool, not a slogan. Apply it to a technology not covered in this Part and answer both halves.
  5. The closing claim is that speed and stability are not opposites. Restate the mechanism by which the same automation improves both at once.
Show answers
  1. Example: CI pipeline removed “build it and run the tests I remember” (a manual, inconsistent step) and bought identical-every-time, gated proof so nothing broken ships. Canary removed the big-bang cut-over watched by a human and bought a tiny blast radius with automatic, metric-driven rollback. (Any two rows are acceptable if both halves are explained.)
  2. It means the safety comes from the links being wired together — an immutable image is only valuable because CI tests it, GitOps deploys it unchanged, and the canary judges it on real metrics. One tool alone (say, a great Dockerfile) still leaves every other manual step in place, so the path as a whole is neither deterministic nor reversible.
  3. Example (multi-region): shipping to one cluster let the pipeline be the lesson without the distraction of failover and replication. It’s not wrong because multi-region is a generalization of single-region — you understand one region deeply, then ask “now N of them, and what fails between them?” The single-cluster understanding is the prerequisite, not a contradiction.
  4. Open-ended. A good answer names a real technology and answers both halves — e.g. a service mesh removes hand-rolled retry/mTLS/routing logic scattered across every service (manual, inconsistent) and makes traffic encrypted and observable by default (safety). The point is asking both questions.
  5. Removing manual steps removes both delay (so you’re faster) and mistakes (so you’re safer) at the same time; and small, frequent, automated changes are simultaneously quicker to ship and easier to review, test, and pinpoint — so the same machinery raises speed and stability together rather than trading one for the other.