Desde conceptos básicos hasta técnicas avanzadas de contenedores y orquestación
DevOps es una cultura, filosofía y conjunto de prácticas que busca unificar el desarrollo de software (Dev) y las operaciones de TI (Ops) para acortar el ciclo de vida del desarrollo de sistemas y proporcionar entrega continua con alta calidad.
| Categoría | Herramientas |
|---|---|
| Contenedores | Docker, Podman, containerd |
| Orquestación | Kubernetes, Docker Swarm, Nomad |
| CI/CD | Jenkins, GitLab CI, GitHub Actions, ArgoCD |
| Infraestructura como Código | Terraform, Ansible, Puppet, Chef |
| Monitoreo | Prometheus, Grafana, ELK Stack |
# Gestionar contenedores
docker ps # Listar contenedores en ejecución
docker ps -a # Listar todos los contenedores
docker run -d nginx # Ejecutar contenedor en segundo plano
docker stop CONTAINER # Detener contenedor
docker rm CONTAINER # Eliminar contenedor
docker logs CONTAINER # Ver logs
# Gestionar imágenes
docker images # Listar imágenes locales
docker pull nginx # Descargar imagen
docker rmi IMAGE # Eliminar imagen
# Ejecutar comandos
docker exec -it CONTAINER bash # Ejecutar bash en contenedor
# Redes
docker network ls # Listar redes
docker network create mynet # Crear red
docker run --network=mynet nginx # Usar red específica
# Volúmenes
docker volume ls # Listar volúmenes
docker volume create myvol # Crear volumen
docker run -v myvol:/data nginx # Montar volumen
docker run -v /host/path:/container/path nginx # Montar directorio host
# Sintaxis recomendada para Dockerfile
FROM ubuntu:20.04 # Imagen base
# Metadatos
LABEL maintainer="devops@example.com"
LABEL version="1.0"
# Variables de entorno
ENV APP_HOME=/app \
NODE_ENV=production
# Instalar dependencias
RUN apt-get update && \
apt-get install -y \
python3 \
python3-pip && \
rm -rf /var/lib/apt/lists/*
# Directorio de trabajo
WORKDIR $APP_HOME
# Copiar archivos
COPY requirements.txt .
COPY src/ .
# Instalar dependencias de aplicación
RUN pip install -r requirements.txt
# Exponer puerto
EXPOSE 8000
# Comando de inicio
CMD ["python3", "app.py"]
# Build stage
FROM golang:1.16 AS builder
WORKDIR /src
COPY . .
RUN go build -o /app
# Runtime stage
FROM alpine:latest
WORKDIR /
COPY --from=builder /app /app
CMD ["/app"]
# docker-compose.yml
version: '3.8'
services:
web:
image: nginx:alpine
ports:
- "80:80"
volumes:
- ./html:/usr/share/nginx/html
networks:
- app-net
db:
image: postgres:13
environment:
POSTGRES_PASSWORD: example
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- app-net
volumes:
postgres_data:
networks:
app-net:
# docker-compose.prod.yml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile.prod
args:
NODE_ENV: production
environment:
- DATABASE_URL=postgres://user:pass@db:5432/app
ports:
- "5000:5000"
depends_on:
- db
- redis
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
interval: 30s
timeout: 10s
retries: 3
db:
image: postgres:13
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
POSTGRES_DB: app
redis:
image: redis:6
command: redis-server --requirepass yourpassword
volumes:
- redis_data:/data
volumes:
postgres_data:
redis_data:
Podman es una herramienta alternativa a Docker que no requiere un daemon y puede ejecutar contenedores sin privilegios de root (rootless). Es compatible con la mayoría de los comandos de Docker.
# Comandos básicos (similares a Docker)
podman ps
podman run -d nginx
podman exec -it container bash
# Comandos específicos de Podman
podman pod create --name mypod # Crear un pod
podman pod ls # Listar pods
podman generate systemd --name container # Generar unidad systemd
Docker Swarm es la solución nativa de Docker para orquestación de contenedores en clusters.
# En el nodo manager
docker swarm init --advertise-addr MANAGER_IP
# En los nodos workers
docker swarm join --token SWARM_TOKEN MANAGER_IP:2377
# Servicio básico
docker service create --name web --replicas 3 -p 80:80 nginx
# Actualizar servicio
docker service update --image nginx:alpine web
# Escalar servicio
docker service scale web=5
# Inspeccionar servicio
docker service inspect web
docker service ps web
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
# statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
# hpa.yaml
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
kubectl get pods # Listar pods
kubectl get pods -o wide # Listar con más detalles
kubectl get pods --all-namespaces # Listar en todos los namespaces
kubectl describe pod POD_NAME # Detalles de un pod
kubectl logs POD_NAME # Ver logs de un pod
kubectl exec -it POD_NAME bash # Ejecutar comando en pod
# .github/workflows/ci.yml
name: CI/CD Pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
push: ${{ github.ref == 'refs/heads/main' }}
tags: user/app:${{ github.sha }}
- name: Run tests
run: |
docker run user/app:${{ github.sha }} npm test
deploy:
needs: build
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install kubectl
uses: azure/setup-kubectl@v1
- name: Deploy to Kubernetes
run: |
echo "${{ secrets.KUBE_CONFIG }}" > kubeconfig.yaml
export KUBECONFIG=kubeconfig.yaml
kubectl set image deployment/app app=user/app:${{ github.sha }}
# prometheus-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus
args:
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus"
ports:
- containerPort: 9090
volumeMounts:
- name: prometheus-config
mountPath: /etc/prometheus
- name: prometheus-storage
mountPath: /prometheus
volumes:
- name: prometheus-config
configMap:
name: prometheus-config
- name: prometheus-storage
emptyDir: {}
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
add: ["NET_BIND_SERVICE"]
readOnlyRootFilesystem: true