🚀 DEVOPS & CLOUD MASTERY

From Zero to Hero: Infrastructure, Automation & Scalability

Docker Kubernetes Ansible CI/CD Cloud Security
Nov Hun Phnom Penh, Cambodia 🇰🇭 2025 Edition v2.1.0

📋 Table of Contents

Ubuntu Server
System Hardening
Beginner
Git Workflow
Branching Strategies
Beginner
Docker
Containerization
Intermediate
Docker Compose
Multi-Container
Intermediate
Nginx
Reverse Proxy
Intermediate
Kubernetes
Orchestration
Advanced
Ansible
Infrastructure as Code
Advanced
CI/CD
GitHub Actions, Jenkins
Intermediate
Cloud Storage
S3 / R2
Intermediate
Security
Zero Trust
Critical

1. Ubuntu Server Essentials

The Foundation of Every Production System

System Initialization 

# 🔄 Full system update & upgrade
sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

# 🧰 Install essential toolkit
sudo apt install -y git curl wget unzip htop net-tools vim tmux \
    build-essential software-properties-common

User Management 

# 🆕 Create deployment user
sudo adduser --gecos "" devops
sudo usermod -aG sudo devops
sudo usermod -aG adm devops

# 🔑 SSH key setup
sudo mkdir -p /home/devops/.ssh
sudo touch /home/devops/.ssh/authorized_keys
sudo chmod 700 /home/devops/.ssh
sudo chmod 600 /home/devops/.ssh/authorized_keys
sudo chown -R devops:devops /home/devops/.ssh

SSH Hardening 

# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2

# Restart SSH
sudo systemctl restart sshd

2. Git Workflow Mastery

Version Control Done Right

# 👤 Identity setup
git config --global user.name "Nov Hun"
git config --global user.email "dev@novhun.dev"
git config --global init.defaultBranch main
git config --global pull.rebase true

# 🌿 Feature branch workflow
git checkout -b feature/authentication
git add .
git commit -m "feat(auth): implement JWT authentication

- Add JWT token generation and validation
- Implement login/signup endpoints
- Resolves: #42"
git push -u origin feature/authentication

# 📦 Tagging releases
git tag -a v1.2.0 -m "Release v1.2.0"
git push origin v1.2.0

3. Docker Containerization

Build Once, Run Anywhere

# 📥 Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl enable docker
sudo usermod -aG docker $USER
newgrp docker

🏗️ Production Dockerfile

FROM node:18-alpine
RUN addgroup -g 1001 -S nodejs
RUN adduser -S nextjs -u 1001
WORKDIR /app
COPY --chown=nextjs:nodejs . .
USER nextjs
EXPOSE 3000
CMD ["npm", "start"]
docker ps -a

List containers

docker build -t myapp .

Build image

docker run -d -p 80:3000 myapp

Run container

docker logs -f myapp

View logs

4. Docker Compose Orchestration

Multi-Container Applications Made Simple

version: '3.8'
services:
  frontend:
    build: ./frontend
    ports: ["3000:3000"]
  backend:
    build: ./backend
    ports: ["8000:8000"]
  postgres:
    image: postgres:15-alpine
    volumes: [postgres-data:/var/lib/postgresql/data]
volumes: postgres-data:
docker-compose up -d

Start services

docker-compose down -v

Stop & remove

5. Nginx Reverse Proxy

The Ultimate Web Server & Gateway

upstream backend {
    least_conn;
    server backend1:3000 weight=3;
    server backend2:3000 weight=2;
}

server {
    listen 443 ssl http2;
    server_name api.novhun.dev;
    
    location /api/ {
        proxy_pass http://backend/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

6. Kubernetes Orchestration

Enterprise-Grade Container Orchestration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
spec:
  replicas: 5
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: web-app
  template:
    metadata:
      labels:
        app: web-app
    spec:
      containers:
      - name: app
        image: novhun/web-app:latest
        ports:
        - containerPort: 3000
        resources:
          limits:
            memory: "512Mi"
            cpu: "500m"
kubectl get pods

List pods

kubectl apply -f deploy.yaml

Deploy app

kubectl rollout status deploy/web-app

Check status

7. Ansible Automation

Infrastructure as Code at Scale

- name: Deploy Application
  hosts: webservers
  become: yes
  tasks:
    - name: Install Docker
      apt:
        name: docker.io
        state: present
    - name: Start Docker
      systemd:
        name: docker
        state: started
    - name: Run container
      docker_container:
        name: web-app
        image: novhun/web-app:latest
        ports: "3000:3000"

8. CI/CD Pipelines

Automated Testing & Deployment

name: Deploy
on:
  push:
    branches: [main]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: docker/login-action@v3
    - run: docker build -t myapp .
    - run: docker push myapp

📊 Jenkins Pipeline

pipeline {
    agent any
    stages {
        stage('Build') {
            steps { sh 'docker build -t myapp .' }
        }
        stage('Deploy') {
            steps { sh 'kubectl apply -f deploy.yaml' }
        }
    }
}

9. Cloud Storage Mastery

AWS S3 & Cloudflare R2 Integration

# AWS CLI
aws s3 cp backup.sql s3://production-backups/ --sse AES256
aws s3 sync dist/ s3://myapp-static-bucket/ --delete

# Cloudflare R2
wrangler r2 bucket create production-assets
wrangler r2 object put production-assets/config.json --file ./config.json

10. Security Hardening

Zero Trust Security Architecture

#!/bin/bash
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw --force enable

sudo apt install fail2ban -y
sudo systemctl enable fail2ban

sudo apt install unattended-upgrades -y
echo "✅ System hardened!"

Server Security

  • ✓ Root login disabled
  • ✓ SSH keys only
  • ✓ Firewall enabled

Container Security

  • ✓ Non-root user
  • ✓ Resource limits
  • ✓ Read-only FS

Production Command Cheat Sheet

Category Command Description
Ubuntu sudo journalctl -u docker -f Docker logs
Docker docker system df Disk usage
K8s kubectl top pods Pod metrics
AWS aws s3 ls --human-readable List buckets

Complete DevOps Workflow

Code Git CI/CD Docker K8s Nginx Cloud
👨‍💻

Nov Hun

Full Stack Developer • DevOps Engineer • Cloud Architect

"Empowering teams with cloud-native solutions and automated infrastructure"

🇰🇭 Cambodia 5+ Years Cloud Native
Feb 2025 v2.1.0 Production Ready

"DevOps is culture 🚀"

Keep learning, keep shipping! 💪

⭐ Star this handbook!