Di era digital transformation, DevOps dan Cloud Native practices telah menjadi fundamental untuk delivering software dengan cepat, reliable, dan scalable. Organisasi yang mengadopsi Cloud Native dapat mencapai deployment frequency hingga 100x lebih cepat dengan failure rate 60x lebih rendah. Artikel ini akan membahas secara mendalam tentang DevOps best practices dan Cloud Native deployment strategies di tahun 2025.<\/p>\n
Understanding DevOps Culture dan Principles<\/p>\n
1. Core DevOps Principles
\nDevOps bukan hanya tentang tools, melainkan cultural philosophy yang menggabungkan development (Dev) dan operations (Ops):<\/p>\n
\u2022 Collaboration: Break down silos antar teams
\n\u2022 Automation: Automate repetitive tasks dan processes
\n\u2022 Continuous Improvement: Kaizen philosophy untuk incremental improvements
\n\u2022 Customer Centricity: Focus pada delivering value ke customers
\n\u2022 Measurement: Data-driven decision making
\n\u2022 Sharing: Knowledge sharing dan collective ownership<\/p>\n
2. CALMS Framework untuk DevOps Success
\n\u2022 Culture: Shared ownership dan blameless culture
\n\u2022 Automation: Toolchains untuk automating entire lifecycle
\n\u2022 Lean: Optimizing flow dan eliminating waste
\n\u2022 Measurement: Metrics dan monitoring untuk continuous improvement
\n\u2022 Sharing: Collaborative environment dan knowledge sharing<\/p>\n
3. DevOps Evolution Stages
\n“`javascript
\n\/\/ DevOps Maturity Assessment Framework
\nclass DevOpsMaturityAssessment {
\n constructor() {
\n this.stages = {
\n initial: {
\n name: ‘Initial’,
\n characteristics: [‘Manual processes’, ‘Siloed teams’, ‘Ad-hoc deployments’],
\n deploymentFrequency: ‘monthly’,
\n leadTime: ‘months’,
\n mttr: ‘weeks’
\n },
\n managed: {
\n name: ‘Managed’,
\n characteristics: [‘Basic automation’, ‘Defined processes’, ‘Limited visibility’],
\n deploymentFrequency: ‘weekly’,
\n leadTime: ‘weeks’,
\n mttr: ‘days’
\n },
\n defined: {
\n name: ‘Defined’,
\n characteristics: [‘CI\/CD pipelines’, ‘Infrastructure as Code’, ‘Monitoring’],
\n deploymentFrequency: ‘daily’,
\n leadTime: ‘days’,
\n mttr: ‘hours’
\n },
\n optimized: {
\n name: ‘Optimized’,
\n characteristics: [‘Full automation’, ‘GitOps’, ‘Self-healing systems’],
\n deploymentFrequency: ‘multiple daily’,
\n leadTime: ‘hours’,
\n mttr: ‘minutes’
\n }
\n };
\n }<\/p>\n
assessOrganization(organizationData) {
\n const score = this.calculateScore(organizationData);
\n const stage = this.determineStage(score);<\/p>\n
return {
\n currentStage: stage,
\n score,
\n recommendations: this.getRecommendations(stage),
\n roadmap: this.createRoadmap(stage)
\n };
\n }<\/p>\n
calculateScore(data) {
\n let score = 0;<\/p>\n
\/\/ Automation maturity (0-100)
\n score += data.automationLevel * 0.25;<\/p>\n
\/\/ Collaboration maturity (0-100)
\n score += data.collaborationLevel * 0.20;<\/p>\n
\/\/ Monitoring maturity (0-100)
\n score += data.monitoringLevel * 0.20;<\/p>\n
\/\/ Security integration (0-100)
\n score += data.securityLevel * 0.15;<\/p>\n
\/\/ Cloud adoption (0-100)
\n score += data.cloudLevel * 0.20;<\/p>\n
return Math.round(score);
\n }<\/p>\n
determineStage(score) {
\n if (score < 25) return this.stages.initial;
\n if (score < 50) return this.stages.managed;
\n if (score Dockerfile < k8s\/dev-deployment.yaml < k8s\/prod-deployment.yaml <-
\n –health-cmd pg_isready
\n –health-interval 10s
\n –health-timeout 5s
\n –health-retries 5
\n ports:
\n – 5432:5432<\/p>\n
redis:
\n image: redis:7-alpine
\n options: >-
\n –health-cmd “redis-cli ping”
\n –health-interval 10s
\n –health-timeout 5s
\n –health-retries 5
\n ports:
\n – 6379:6379<\/p>\n
steps:
\n – name: Checkout code
\n uses: actions\/checkout@v4<\/p>\n
– name: Setup Node.js
\n uses: actions\/setup-node@v4
\n with:
\n node-version: ’18’
\n cache: ‘npm’<\/p>\n
– name: Install dependencies
\n run: npm ci<\/p>\n
– name: Run unit tests
\n run: npm run test:unit
\n env:
\n DATABASE_URL: postgresql:\/\/postgres:postgres@localhost:5432\/test_db
\n REDIS_URL: redis:\/\/localhost:6379<\/p>\n
– name: Upload coverage reports
\n uses: codecov\/codecov-action@v3
\n with:
\n file: .\/coverage\/lcov.info<\/p>\n
# Build dan Push
\n build-and-push:
\n needs: [quality-check, security-scan, test]
\n runs-on: ubuntu-latest
\n if: github.event_name == ‘push’
\n outputs:
\n image-digest: ${{ steps.build.outputs.digest }}
\n image-tag: ${{ steps.meta.outputs.tags }}
\n steps:
\n – name: Checkout code
\n uses: actions\/checkout@v4<\/p>\n
– name: Set up Docker Buildx
\n uses: docker\/setup-buildx-action@v3<\/p>\n
– name: Log in to Container Registry
\n uses: docker\/login-action@v3
\n with:
\n registry: ${{ env.REGISTRY }}
\n username: ${{ github.actor }}
\n password: ${{ secrets.GITHUB_TOKEN }}<\/p>\n
– name: Extract metadata
\n id: meta
\n uses: docker\/metadata-action@v5
\n with:
\n images: ${{ env.REGISTRY }}\/${{ env.IMAGE_NAME }}
\n tags: |
\n type=ref,event=branch
\n type=ref,event=pr
\n type=sha,prefix={{branch}}-
\n type=raw,value=latest,enable={{is_default_branch}}<\/p>\n
– name: Build and push Docker image
\n id: build
\n uses: docker\/build-push-action@v5
\n with:
\n context: .
\n platforms: linux\/amd64,linux\/arm64
\n push: true
\n tags: ${{ steps.meta.outputs.tags }}
\n labels: ${{ steps.meta.outputs.labels }}
\n cache-from: type=gha
\n cache-to: type=gha,mode=max<\/p>\n
# Deploy to Development
\n deploy-dev:
\n needs: build-and-push
\n runs-on: ubuntu-latest
\n if: github.ref == ‘refs\/heads\/develop’
\n environment:
\n name: development
\n url: https:\/\/dev.yourapp.com
\n steps:
\n – name: Checkout code
\n uses: actions\/checkout@v4<\/p>\n
– name: Configure kubectl
\n uses: azure\/k8s-set-context@v3
\n with:
\n method: kubeconfig
\n kubeconfig: ${{ secrets.KUBE_CONFIG_DEV }}<\/p>\n
– name: Deploy to development
\n run: |
\n sed -i ‘s|IMAGE_PLACEHOLDER|${{ needs.build-and-push.outputs.image-tag }}|’ k8s\/dev-deployment.yaml
\n kubectl apply -f k8s\/dev-deployment.yaml
\n kubectl rollout status deployment\/yourapp-dev -n development<\/p>\n
– name: Run integration tests
\n run: |
\n npm run test:integration — –baseUrl=https:\/\/dev.yourapp.com<\/p>\n
# Deploy to Production
\n deploy-prod:
\n needs: build-and-push
\n runs-on: ubuntu-latest
\n if: github.ref == ‘refs\/heads\/main’
\n environment:
\n name: production
\n url: https:\/\/yourapp.com
\n steps:
\n – name: Checkout code
\n uses: actions\/checkout@v4<\/p>\n
– name: Configure kubectl
\n uses: azure\/k8s-set-context@v3
\n with:
\n method: kubeconfig
\n kubeconfig: ${{ secrets.KUBE_CONFIG_PROD }}<\/p>\n
– name: Deploy to production
\n run: |
\n # Canary deployment strategy
\n sed -i ‘s|IMAGE_PLACEHOLDER|${{ needs.build-and-push.outputs.image-tag }}|’ k8s\/canary-deployment.yaml
\n kubectl apply -f k8s\/canary-deployment.yaml<\/p>\n
# Wait for canary to be ready
\n kubectl rollout status deployment\/yourapp-canary -n production<\/p>\n
# Run smoke tests
\n npm run test:smoke — –baseUrl=https:\/\/canary.yourapp.com<\/p>\n
# Promote canary to production
\n sed -i ‘s|IMAGE_PLACEHOLDER|${{ needs.build-and-push.outputs.image-tag }}|’ k8s\/prod-deployment.yaml
\n kubectl apply -f k8s\/prod-deployment.yaml
\n kubectl rollout status deployment\/yourapp-prod -n production<\/p>\n
– name: Notify deployment
\n uses: 8398a7\/action-slack@v3
\n with:
\n status: ${{ job.status }}
\n channel: ‘#deployments’
\n webhook_url: ${{ secrets.SLACK_WEBHOOK }}
\n“`<\/p>\n
Kubernetes dan Container Orchestration<\/p>\n
1. Multi-Environment Kubernetes Configuration
\n“`yaml
\n# k8s\/namespace.yaml
\napiVersion: v1
\nkind: Namespace
\nmetadata:
\n name: development
\n labels:
\n environment: development
\n—
\napiVersion: v1
\nkind: Namespace
\nmetadata:
\n name: staging
\n labels:
\n environment: staging
\n—
\napiVersion: v1
\nkind: Namespace
\nmetadata:
\n name: production
\n labels:
\n environment: production<\/p>\n
—
\n# k8s\/configmap.yaml
\napiVersion: v1
\nkind: ConfigMap
\nmetadata:
\n name: yourapp-config
\n namespace: development
\ndata:
\n NODE_ENV: “development”
\n LOG_LEVEL: “debug”
\n API_BASE_URL: “https:\/\/dev-api.yourapp.com”
\n REDIS_HOST: “redis-service”
\n REDIS_PORT: “6379”
\n—
\napiVersion: v1
\nkind: ConfigMap
\nmetadata:
\n name: yourapp-config
\n namespace: staging
\ndata:
\n NODE_ENV: “staging”
\n LOG_LEVEL: “info”
\n API_BASE_URL: “https:\/\/staging-api.yourapp.com”
\n REDIS_HOST: “redis-service”
\n REDIS_PORT: “6379”
\n—
\napiVersion: v1
\nkind: ConfigMap
\nmetadata:
\n name: yourapp-config
\n namespace: production
\ndata:
\n NODE_ENV: “production”
\n LOG_LEVEL: “warn”
\n API_BASE_URL: “https:\/\/api.yourapp.com”
\n REDIS_HOST: “redis-service”
\n REDIS_PORT: “6379”<\/p>\n
—
\n# k8s\/secrets.yaml
\napiVersion: v1
\nkind: Secret
\nmetadata:
\n name: yourapp-secrets
\n namespace: development
\ntype: Opaque
\ndata:
\n DATABASE_URL:
\n JWT_SECRET:
\n REDIS_PASSWORD:
\n—
\napiVersion: v1
\nkind: Secret
\nmetadata:
\n name: yourapp-secrets
\n namespace: production
\ntype: Opaque
\ndata:
\n DATABASE_URL:
\n JWT_SECRET:
\n REDIS_PASSWORD: <\/p>\n
—
\n# k8s\/hpa.yaml – Horizontal Pod Autoscaler
\napiVersion: autoscaling\/v2
\nkind: HorizontalPodAutoscaler
\nmetadata:
\n name: yourapp-hpa
\n namespace: production
\nspec:
\n scaleTargetRef:
\n apiVersion: apps\/v1
\n kind: Deployment
\n name: yourapp-prod
\n minReplicas: 3
\n maxReplicas: 50
\n metrics:
\n – type: Resource
\n resource:
\n name: cpu
\n target:
\n type: Utilization
\n averageUtilization: 70
\n – type: Resource
\n resource:
\n name: memory
\n target:
\n type: Utilization
\n averageUtilization: 80
\n – type: Pods
\n pods:
\n metric:
\n name: http_requests_per_second
\n target:
\n type: AverageValue
\n averageValue: “100”
\n behavior:
\n scaleDown:
\n stabilizationWindowSeconds: 300
\n policies:
\n – type: Percent
\n value: 10
\n periodSeconds: 60
\n scaleUp:
\n stabilizationWindowSeconds: 60
\n policies:
\n – type: Percent
\n value: 50
\n periodSeconds: 60
\n – type: Pods
\n value: 5
\n periodSeconds: 60
\n selectPolicy: Max<\/p>\n
—
\n# k8s\/network-policy.yaml
\napiVersion: networking.k8s.io\/v1
\nkind: NetworkPolicy
\nmetadata:
\n name: yourapp-network-policy
\n namespace: production
\nspec:
\n podSelector:
\n matchLabels:
\n app: yourapp
\n policyTypes:
\n – Ingress
\n – Egress
\n ingress:
\n – from:
\n – namespaceSelector:
\n matchLabels:
\n name: ingress-nginx
\n ports:
\n – protocol: TCP
\n port: 3000
\n egress:
\n – to:
\n – namespaceSelector:
\n matchLabels:
\n name: database
\n ports:
\n – protocol: TCP
\n port: 5432
\n – to:
\n – namespaceSelector:
\n matchLabels:
\n name: cache
\n ports:
\n – protocol: TCP
\n port: 6379
\n – to: []
\n ports:
\n – protocol: TCP
\n port: 53
\n – protocol: UDP
\n port: 53<\/p>\n
—
\n# k8s\/pod-disruption-budget.yaml
\napiVersion: policy\/v1
\nkind: PodDisruptionBudget
\nmetadata:
\n name: yourapp-pdb
\n namespace: production
\nspec:
\n minAvailable: 2
\n selector:
\n matchLabels:
\n app: yourapp
\n environment: production
\n“`<\/p>\n
2. Helm Charts untuk Template Management
\n“`yaml
\n# helm\/yourapp\/Chart.yaml
\napiVersion: v2
\nname: yourapp
\ndescription: A Helm chart for YourApp
\ntype: application
\nversion: 0.1.0
\nappVersion: “1.0.0”
\nkeywords:
\n – web
\n – application
\n – nodejs
\nhome: https:\/\/github.com\/yourorg\/yourapp
\nsources:
\n – https:\/\/github.com\/yourorg\/yourapp
\nmaintainers:
\n – name: YourTeam
\n email: team@yourapp.com<\/p>\n
—
\n# helm\/yourapp\/values.yaml
\n# Default values for yourapp.
\nreplicaCount: 1<\/p>\n
image:
\n repository: yourapp
\n pullPolicy: IfNotPresent
\n tag: “”<\/p>\n
imagePullSecrets: []
\nnameOverride: “”
\nfullnameOverride: “”<\/p>\n
serviceAccount:
\n create: true
\n annotations: {}
\n name: “”<\/p>\n
podAnnotations: {}<\/p>\n
podSecurityContext:
\n fsGroup: 1001<\/p>\n
securityContext:
\n allowPrivilegeEscalation: false
\n runAsNonRoot: true
\n runAsUser: 1001
\n readOnlyRootFilesystem: true
\n capabilities:
\n drop:
\n – ALL<\/p>\n
service:
\n type: ClusterIP
\n port: 80
\n targetPort: 3000<\/p>\n
ingress:
\n enabled: false
\n className: “”
\n annotations: {}
\n # kubernetes.io\/ingress.class: nginx
\n # cert-manager.io\/cluster-issuer: letsencrypt-prod
\n hosts:
\n – host: yourapp.local
\n paths:
\n – path: \/
\n pathType: Prefix
\n tls: []
\n # – secretName: yourapp-tls
\n # hosts:
\n # – yourapp.local<\/p>\n
resources:
\n limits:
\n cpu: 500m
\n memory: 512Mi
\n requests:
\n cpu: 250m
\n memory: 256Mi<\/p>\n
autoscaling:
\n enabled: false
\n minReplicas: 1
\n maxReplicas: 100
\n targetCPUUtilizationPercentage: 80
\n # targetMemoryUtilizationPercentage: 80<\/p>\n
nodeSelector: {}<\/p>\n
tolerations: []<\/p>\n
affinity: {}<\/p>\n
# Custom configurations
\nconfig:
\n nodeEnv: “production”
\n logLevel: “info”
\n database:
\n host: “”
\n port: 5432
\n name: yourapp
\n ssl: true
\n redis:
\n host: “”
\n port: 6379
\n database: 0<\/p>\n
secrets:
\n databaseUrl: “”
\n jwtSecret: “”
\n redisPassword: “”<\/p>\n
# Health check configurations
\nlivenessProbe:
\n httpGet:
\n path: \/health
\n port: http
\n initialDelaySeconds: 30
\n periodSeconds: 10
\n timeoutSeconds: 5
\n failureThreshold: 3<\/p>\n
readinessProbe:
\n httpGet:
\n path: \/ready
\n port: http
\n initialDelaySeconds: 5
\n periodSeconds: 5
\n timeoutSeconds: 3
\n failureThreshold: 3<\/p>\n
# Monitoring and observability
\nmonitoring:
\n enabled: false
\n serviceMonitor:
\n enabled: false
\n namespace: monitoring
\n labels: {}
\n annotations: {}
\n interval: 30s
\n scrapeTimeout: 10s<\/p>\n
# Logging configuration
\nlogging:
\n enabled: true
\n fluentd:
\n enabled: false
\n config: {}<\/p>\n
# Backup configuration
\nbackup:
\n enabled: false
\n schedule: “0 2 * * *”
\n retention: “7d”<\/p>\n
—
\n# helm\/yourapp\/templates\/deployment.yaml
\napiVersion: apps\/v1
\nkind: Deployment
\nmetadata:
\n name: {{ include “yourapp.fullname” . }}
\n labels:
\n {{- include “yourapp.labels” . | nindent 4 }}
\nspec:
\n {{- if not .Values.autoscaling.enabled }}
\n replicas: {{ .Values.replicaCount }}
\n {{- end }}
\n selector:
\n matchLabels:
\n {{- include “yourapp.selectorLabels” . | nindent 6 }}
\n template:
\n metadata:
\n annotations:
\n checksum\/config: {{ include (print $.Template.BasePath “\/configmap.yaml”) . | sha256sum }}
\n checksum\/secret: {{ include (print $.Template.BasePath “\/secret.yaml”) . | sha256sum }}
\n {{- with .Values.podAnnotations }}
\n {{- toYaml . | nindent 8 }}
\n {{- end }}
\n labels:
\n {{- include “yourapp.selectorLabels” . | nindent 8 }}
\n spec:
\n {{- with .Values.imagePullSecrets }}
\n imagePullSecrets:
\n {{- toYaml . | nindent 8 }}
\n {{- end }}
\n serviceAccountName: {{ include “yourapp.serviceAccountName” . }}
\n securityContext:
\n {{- toYaml .Values.podSecurityContext | nindent 8 }}
\n containers:
\n – name: {{ .Chart.Name }}
\n securityContext:
\n {{- toYaml .Values.securityContext | nindent 12 }}
\n image: “{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}”
\n imagePullPolicy: {{ .Values.image.pullPolicy }}
\n ports:
\n – name: http
\n containerPort: 3000
\n protocol: TCP
\n livenessProbe:
\n {{- toYaml .Values.livenessProbe | nindent 12 }}
\n readinessProbe:
\n {{- toYaml .Values.readinessProbe | nindent 12 }}
\n resources:
\n {{- toYaml .Values.resources | nindent 12 }}
\n env:
\n – name: NODE_ENV
\n value: {{ .Values.config.nodeEnv }}
\n – name: LOG_LEVEL
\n value: {{ .Values.config.logLevel }}
\n – name: DATABASE_URL
\n valueFrom:
\n secretKeyRef:
\n name: {{ include “yourapp.fullname” . }}
\n key: database-url
\n – name: JWT_SECRET
\n valueFrom:
\n secretKeyRef:
\n name: {{ include “yourapp.fullname” . }}
\n key: jwt-secret
\n – name: REDIS_HOST
\n value: {{ .Values.config.redis.host }}
\n – name: REDIS_PORT
\n value: {{ .Values.config.redis.port | quote }}
\n – name: REDIS_PASSWORD
\n valueFrom:
\n secretKeyRef:
\n name: {{ include “yourapp.fullname” . }}
\n key: redis-password
\n volumeMounts:
\n – name: tmp
\n mountPath: \/tmp
\n volumes:
\n – name: tmp
\n emptyDir: {}
\n {{- with .Values.nodeSelector }}
\n nodeSelector:
\n {{- toYaml . | nindent 8 }}
\n {{- end }}
\n {{- with .Values.affinity }}
\n affinity:
\n {{- toYaml . | nindent 8 }}
\n {{- end }}
\n {{- with .Values.tolerations }}
\n tolerations:
\n {{- toYaml . | nindent 8 }}
\n {{- end }}
\n“`<\/p>\n
Infrastructure as Code (IaC) dengan Terraform<\/p>\n
1. Multi-Cloud Infrastructure Setup
\n“`hcl
\n# terraform\/main.tf
\nterraform {
\n required_version = “>= 1.0”
\n required_providers {
\n aws = {
\n source = “hashicorp\/aws”
\n version = “~> 5.0”
\n }
\n kubernetes = {
\n source = “hashicorp\/kubernetes”
\n version = “~> 2.20”
\n }
\n helm = {
\n source = “hashicorp\/helm”
\n version = “~> 2.10”
\n }
\n random = {
\n source = “hashicorp\/random”
\n version = “~> 3.5”
\n }
\n }<\/p>\n
backend “s3” {
\n bucket = “yourapp-terraform-state”
\n key = “production\/terraform.tfstate”
\n region = “ap-southeast-1”
\n encrypt = true
\n dynamodb_table = “terraform-locks”
\n }
\n}<\/p>\n
# terraform\/provider.tf
\nprovider “aws” {
\n region = var.aws_region<\/p>\n
default_tags {
\n tags = {
\n Environment = var.environment
\n Project = “yourapp”
\n ManagedBy = “terraform”
\n }
\n }
\n}<\/p>\n
provider “kubernetes” {
\n host = module.eks.cluster_endpoint
\n cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
\n exec {
\n api_version = “client.authentication.k8s.io\/v1beta1”
\n command = “aws”
\n args = [“eks”, “get-token”, “–cluster-name”, module.eks.cluster_name]
\n }
\n}<\/p>\n
provider “helm” {
\n kubernetes {
\n host = module.eks.cluster_endpoint
\n cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
\n exec {
\n api_version = “client.authentication.k8s.io\/v1beta1”
\n command = “aws”
\n args = [“eks”, “get-token”, “–cluster-name”, module.eks.cluster_name]
\n }
\n }
\n}<\/p>\n
# terraform\/variables.tf
\nvariable “environment” {
\n description = “Environment name”
\n type = string
\n default = “production”
\n}<\/p>\n
variable “aws_region” {
\n description = “AWS region”
\n type = string
\n default = “ap-southeast-1”
\n}<\/p>\n
variable “project_name” {
\n description = “Project name”
\n type = string
\n default = “yourapp”
\n}<\/p>\n
variable “domain_name” {
\n description = “Root domain name”
\n type = string
\n default = “yourapp.com”
\n}<\/p>\n
# terraform\/eks.tf
\nmodule “eks” {
\n source = “terraform-aws-modules\/eks\/aws”
\n version = “~> 19.15”<\/p>\n
cluster_name = “${var.project_name}-${var.environment}”
\n cluster_version = “1.28”<\/p>\n
vpc_id = module.vpc.vpc_id
\n subnet_ids = module.vpc.private_subnets<\/p>\n
cluster_endpoint_private_access = true
\n cluster_endpoint_public_access = true<\/p>\n
cluster_addons = {
\n coredns = {
\n most_recent = true
\n }
\n kube-proxy = {
\n most_recent = true
\n }
\n vpc-cni = {
\n most_recent = true
\n }
\n aws-ebs-csi-driver = {
\n most_recent = true
\n }
\n }<\/p>\n
cluster_security_group_id = module.eks.cluster_security_group_id
\n node_security_group_id = module.eks.node_security_group_id<\/p>\n
self_managed_node_groups = {
\n app_nodes = {
\n instance_type = “m5.large”
\n min_size = 3
\n max_size = 10
\n desired_size = 3<\/p>\n
k8s_labels = {
\n Environment = var.environment
\n Application = var.project_name
\n }<\/p>\n
additional_tags = {
\n Name = “${var.project_name}-app-nodes”
\n Environment = var.environment
\n }
\n }
\n }<\/p>\n
manage_aws_auth_configmap = true
\n aws_auth_roles = [
\n {
\n rolearn = “arn:aws:iam::${data.aws_caller_identity.current.account_id}:role\/yourapp-admin-role”
\n username = “yourapp-admin”
\n groups = [“system:masters”]
\n }
\n ]
\n}<\/p>\n
# terraform\/vpc.tf
\nmodule “vpc” {
\n source = “terraform-aws-modules\/vpc\/aws”
\n version = “~> 5.0”<\/p>\n
name = “${var.project_name}-${var.environment}-vpc”
\n cidr = “10.0.0.0\/16”<\/p>\n
azs = [“ap-southeast-1a”, “ap-southeast-1b”, “ap-southeast-1c”]
\n private_subnets = [“10.0.1.0\/24”, “10.0.2.0\/24”, “10.0.3.0\/24”]
\n public_subnets = [“10.0.101.0\/24”, “10.0.102.0\/24”, “10.0.103.0\/24”]<\/p>\n
enable_nat_gateway = true
\n single_nat_gateway = true<\/p>\n
tags = {
\n Name = “${var.project_name}-${var.environment}-vpc”
\n Environment = var.environment
\n }
\n}<\/p>\n
# terraform\/rds.tf
\nmodule “rds” {
\n source = “terraform-aws-modules\/rds\/aws”
\n version = “~> 6.0”<\/p>\n
identifier = “${var.project_name}-${var.environment}-db”<\/p>\n
engine = “postgres”
\n engine_version = “15.3”
\n instance_class = “db.t3.medium”<\/p>\n
allocated_storage = 100
\n max_allocated_storage = 1000
\n storage_encrypted = true
\n storage_type = “gp2”<\/p>\n
db_name = “yourapp”
\n username = “yourapp_user”
\n port = 5432<\/p>\n
vpc_security_group_ids = [module.eks.node_security_group_id]<\/p>\n
create_db_subnet_group = true
\n subnet_ids = module.vpc.private_subnets<\/p>\n
maintenance_window = “Mon:00:00-Mon:03:00”
\n backup_window = “03:00-06:00”
\n backup_retention_period = 7<\/p>\n
skip_final_snapshot = false
\n final_snapshot_identifier = “${var.project_name}-${var.environment}-final-snapshot”<\/p>\n
tags = {
\n Name = “${var.project_name}-${var.environment}-rds”
\n Environment = var.environment
\n }
\n}<\/p>\n
# terraform\/redis.tf
\nmodule “elasticache” {
\n source = “terraform-aws-modules\/elasticache\/aws”
\n version = “~> 1.0”<\/p>\n
create_replication_group = true
\n replication_group_id = “${var.project_name}-${var.environment}-redis”
\n replication_group_description = “Redis cluster for ${var.project_name}”<\/p>\n
node_type = “cache.t3.micro”<\/p>\n
port = 6379
\n parameter_group_name = “default.redis7”<\/p>\n
subnet_ids = module.vpc.private_subnets
\n vpc_id = module.vpc.vpc_id<\/p>\n
at_rest_encryption_enabled = true
\n transit_encryption_enabled = true
\n auth_token = random_password.redis_auth_token.result<\/p>\n
automatic_failover_enabled = true
\n multi_az_enabled = true
\n num_cache_clusters = 2<\/p>\n
tags = {
\n Name = “${var.project_name}-${var.environment}-redis”
\n Environment = var.environment
\n }
\n}<\/p>\n
# terraform\/outputs.tf
\noutput “cluster_endpoint” {
\n description = “EKS cluster endpoint”
\n value = module.eks.cluster_endpoint
\n}<\/p>\n
output “cluster_name” {
\n description = “EKS cluster name”
\n value = module.eks.cluster_name
\n}<\/p>\n
output “database_endpoint” {
\n description = “RDS endpoint”
\n value = module.rds.db_instance_endpoint
\n}<\/p>\n
output “redis_endpoint” {
\n description = “Redis endpoint”
\n value = module.elasticache.replication_group_primary_endpoint_address
\n}<\/p>\n
output “vpc_id” {
\n description = “VPC ID”
\n value = module.vpc.vpc_id
\n}<\/p>\n
output “private_subnets” {
\n description = “Private subnet IDs”
\n value = module.vpc.private_subnets
\n}
\n“`<\/p>\n
Monitoring dan Observability<\/p>\n
1. Prometheus dan Grafana Stack
\n“`yaml
\n# monitoring\/prometheus-operator.yaml
\napiVersion: source.toolkit.fluxcd.io\/v1beta2
\nkind: HelmRepository
\nmetadata:
\n name: prometheus-community
\n namespace: monitoring
\nspec:
\n interval: 1h
\n url: https:\/\/prometheus-community.github.io\/helm-charts<\/p>\n
—
\napiVersion: helm.toolkit.fluxcd.io\/v2beta1
\nkind: HelmRelease
\nmetadata:
\n name: kube-prometheus-stack
\n namespace: monitoring
\nspec:
\n interval: 5m
\n chart:
\n spec:
\n chart: kube-prometheus-stack
\n version: “48.0.0”
\n sourceRef:
\n kind: HelmRepository
\n name: prometheus-community
\n namespace: monitoring
\n releaseName: prometheus
\n values:
\n prometheus:
\n prometheusSpec:
\n storageSpec:
\n volumeClaimTemplate:
\n spec:
\n storageClassName: gp3
\n accessModes: [“ReadWriteOnce”]
\n resources:
\n requests:
\n storage: 100Gi
\n resources:
\n requests:
\n cpu: 1000m
\n memory: 4Gi
\n limits:
\n cpu: 2000m
\n memory: 8Gi<\/p>\n
grafana:
\n adminPassword: “secure-password”
\n persistence:
\n enabled: true
\n storageClassName: gp3
\n size: 20Gi
\n resources:
\n requests:
\n cpu: 500m
\n memory: 2Gi
\n limits:
\n cpu: 1000m
\n memory: 4Gi
\n dashboardProviders:
\n dashboardproviders.yaml:
\n apiVersion: 1
\n providers:
\n – name: ‘default’
\n orgId: 1
\n folder: ”
\n type: file
\n disableDeletion: false
\n editable: true
\n options:
\n path: \/var\/lib\/grafana\/dashboards\/default<\/p>\n
alertmanager:
\n alertmanagerSpec:
\n storage:
\n volumeClaimTemplate:
\n spec:
\n storageClassName: gp3
\n accessModes: [“ReadWriteOnce”]
\n resources:
\n requests:
\n storage: 20Gi<\/p>\n
defaultRules:
\n rules:
\n etcd: true
\n k8s: true
\n kubeScheduler: true
\n kubeControllerManager: true
\n node: true
\n prometheusOperator: true
\n prometheus: true
\n general: true<\/p>\n
additionalPrometheusRulesMap:
\n – name: yourapp-rules
\n rules:
\n – alert: YourAppHighErrorRate
\n expr: rate(http_requests_total{status=~”5..”}[5m]) \/ rate(http_requests_total[5m]) > 0.05
\n for: 10m
\n labels:
\n severity: critical
\n annotations:
\n summary: “High error rate detected”
\n description: “Error rate is {{ $value | humanizePercentage }} for {{ $labels.job }}”<\/p>\n
– alert: YourAppHighResponseTime
\n expr: histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m])) > 1
\n for: 10m
\n labels:
\n severity: warning
\n annotations:
\n summary: “High response time detected”
\n description: “95th percentile response time is {{ $value }}s for {{ $labels.job }}”<\/p>\n
– alert: YourAppPodRestart
\n expr: rate(kube_pod_container_status_restarts_total[15m]) > 0
\n for: 5m
\n labels:
\n severity: warning
\n annotations:
\n summary: “Pod restarting frequently”
\n description: “Pod {{ $labels.pod }} is restarting frequently”<\/p>\n
—
\n# monitoring\/servicemonitor.yaml
\napiVersion: monitoring.coreos.com\/v1
\nkind: ServiceMonitor
\nmetadata:
\n name: yourapp-metrics
\n namespace: production
\n labels:
\n app: yourapp
\nspec:
\n selector:
\n matchLabels:
\n app: yourapp
\n endpoints:
\n – port: metrics
\n path: \/metrics
\n interval: 30s
\n scrapeTimeout: 10s<\/p>\n
—
\n# monitoring\/grafana-dashboards.yaml
\napiVersion: v1
\nkind: ConfigMap
\nmetadata:
\n name: yourapp-dashboards
\n namespace: monitoring
\n labels:
\n grafana_dashboard: “1”
\ndata:
\n yourapp-overview.json: |
\n {
\n “dashboard”: {
\n “id”: null,
\n “title”: “YourApp Overview”,
\n “tags”: [“yourapp”, “overview”],
\n “timezone”: “browser”,
\n “panels”: [
\n {
\n “title”: “Request Rate”,
\n “type”: “graph”,
\n “targets”: [
\n {
\n “expr”: “rate(http_requests_total[5m])”,
\n “legendFormat”: “{{ method }} {{ status }}”
\n }
\n ],
\n “gridPos”: {“h”: 8, “w”: 12, “x”: 0, “y”: 0}
\n },
\n {
\n “title”: “Response Time”,
\n “type”: “graph”,
\n “targets”: [
\n {
\n “expr”: “histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))”,
\n “legendFormat”: “95th percentile”
\n },
\n {
\n “expr”: “histogram_quantile(0.50, rate(http_request_duration_seconds_bucket[5m]))”,
\n “legendFormat”: “50th percentile”
\n }
\n ],
\n “gridPos”: {“h”: 8, “w”: 12, “x”: 12, “y”: 0}
\n }
\n ],
\n “time”: {“from”: “now-1h”, “to”: “now”},
\n “refresh”: “30s”
\n }
\n }
\n“`<\/p>\n
Kesimpulan<\/p>\n
DevOps dan Cloud Native deployment telah menjadi essential untuk modern software development. Dengan proper implementation dari CI\/CD pipelines, container orchestration, infrastructure as code, dan comprehensive monitoring, organizations dapat achieve unprecedented deployment velocity dan reliability.<\/p>\n
Key success factors:
\n\u2022 Cultural Transformation: Adopt DevOps culture sebelum tools
\n\u2022 Automation: Automate everything yang bisa di-automate
\n\u2022 Measurement: Measure everything untuk continuous improvement
\n\u2022 Security Integrate: Shift security left (DevSecOps)
\n\u2022 Observability: Implement comprehensive monitoring dan logging<\/p>\n
Investasi dalam DevOps capabilities akan memberikan ROI yang signifikan melalui:
\n– Faster time to market
\n– Higher deployment success rates
\n– Reduced failure recovery time
\n– Improved team productivity
\n– Better customer satisfaction<\/p>\n
Start small, iterate continuously, dan focus pada delivering value ke customers. DevOps journey adalah marathon, bukan sprint.<\/p>\n","protected":false},"excerpt":{"rendered":"
Di era digital transformation, DevOps dan Cloud Native practices telah menjadi fundamental untuk delivering software dengan cepat, reliable, dan scalable. Organisasi yang mengadopsi Cloud Native dapat mencapai deployment frequency hingga 100x lebih cepat dengan failure rate 60x lebih rendah. Artikel ini akan membahas secara mendalam tentang DevOps best practices dan Cloud Native deployment strategies di […]<\/p>\n","protected":false},"author":6,"featured_media":4420,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"\n