<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CI/CD and Release Engineering on DevOps Engineer &amp; CloudAdmin</title><link>https://ru-admin.github.io/posts/cicd/</link><description>Recent content in CI/CD and Release Engineering on DevOps Engineer &amp; CloudAdmin</description><generator>Hugo -- gohugo.io</generator><language>en-US</language><atom:link href="https://ru-admin.github.io/posts/cicd/index.xml" rel="self" type="application/rss+xml"/><item><title>CI/CD &amp; Production Infrastructure for a Social App</title><link>https://ru-admin.github.io/posts/cicd/ci-cd-dating/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://ru-admin.github.io/posts/cicd/ci-cd-dating/</guid><description>&lt;h2 id="production-infrastructure--cicd-for-a-social-app-launch"&gt;Production Infrastructure &amp;amp; CI/CD for a Social App Launch&lt;/h2&gt;
&lt;hr&gt;
&lt;h4 id="client"&gt;Client&lt;/h4&gt;
&lt;p&gt;Puzzle Master — a social matching platform&lt;/p&gt;
&lt;hr&gt;
&lt;h4 id="challenge"&gt;Challenge&lt;/h4&gt;
&lt;p&gt;The startup had a production-ready Nest.js backend and Angular frontend, but zero infrastructure: deployments were manual, there was no CI/CD, no monitoring, no backups, and no separation between dev and prod environments. The goal was to build a complete DevOps stack from scratch before the public launch.&lt;/p&gt;
&lt;hr&gt;
&lt;h4 id="solution"&gt;Solution&lt;/h4&gt;
&lt;h6 id="1-application-containerization"&gt;1. Application Containerization&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Multi-stage Dockerfile for backend (Nest.js + Prisma, non-root user)&lt;/li&gt;
&lt;li&gt;Multi-stage Dockerfile for frontend (Angular 12, legacy OpenSSL, Nginx for static assets)&lt;/li&gt;
&lt;li&gt;Docker Compose full stack: PostgreSQL 15, Redis 7, imgproxy, Nginx&lt;/li&gt;
&lt;li&gt;Healthchecks and &lt;code&gt;depends_on&lt;/code&gt; for correct startup ordering&lt;/li&gt;
&lt;li&gt;Isolated dev and prod environments in &lt;code&gt;/opt/dev&lt;/code&gt; and &lt;code&gt;/opt/prod&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="2-gitlab-cicd"&gt;2. GitLab CI/CD&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Migration of repository from Bitbucket to GitLab&lt;/li&gt;
&lt;li&gt;Pipeline for backend and frontend: build → push → deploy&lt;/li&gt;
&lt;li&gt;GitLab Container Registry for Docker image storage&lt;/li&gt;
&lt;li&gt;Automatic deploy to dev on every push; manual trigger for prod&lt;/li&gt;
&lt;li&gt;SSH deployment to VPS via &lt;code&gt;SSH_PRIVATE_KEY&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="3-nginx-reverse-proxy"&gt;3. Nginx Reverse Proxy&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Environment-agnostic config via &lt;code&gt;envsubst&lt;/code&gt; for dev/prod parity&lt;/li&gt;
&lt;li&gt;SSL/TLS (TLSv1.2, TLSv1.3) with Cloudflare certificates&lt;/li&gt;
&lt;li&gt;Routing: &lt;code&gt;/api/*&lt;/code&gt; → backend:4000, &lt;code&gt;/*&lt;/code&gt; → frontend:80&lt;/li&gt;
&lt;li&gt;www → root domain redirect (301)&lt;/li&gt;
&lt;li&gt;Separate imgproxy stack with SSL termination&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="4-security-ansible"&gt;4. Security (Ansible)&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Server hardening via Ansible: SSH key-only auth, root login disabled&lt;/li&gt;
&lt;li&gt;UFW Firewall: only ports 80, 443, and custom SSH open&lt;/li&gt;
&lt;li&gt;Database accessible only via SSH tunnel&lt;/li&gt;
&lt;li&gt;All secrets stored in GitLab CI/CD variables&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="5-monitoring"&gt;5. Monitoring&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Prometheus + Grafana with automated dashboard provisioning&lt;/li&gt;
&lt;li&gt;Exporters: Node, cAdvisor, Postgres, Redis, Nginx, Blackbox&lt;/li&gt;
&lt;li&gt;5 Grafana dashboards: server, Docker containers, PostgreSQL, Redis, Nginx&lt;/li&gt;
&lt;li&gt;Alertmanager with Slack/webhook integration; alerts on CPU/RAM/Disk/API/SSL&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="6-database-backups"&gt;6. Database Backups&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Automated &lt;code&gt;pg_dump&lt;/code&gt; every hour&lt;/li&gt;
&lt;li&gt;gzip compression and upload to S3-compatible object storage (Cloudflare R2)&lt;/li&gt;
&lt;li&gt;Prometheus backup metrics: success status, size, timestamp&lt;/li&gt;
&lt;li&gt;Alerts: &lt;code&gt;DatabaseBackupMissing&lt;/code&gt;, &lt;code&gt;DatabaseBackupFailed&lt;/code&gt;, &lt;code&gt;DatabaseBackupSizeAnomaly&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;hr&gt;
&lt;h4 id="technologies"&gt;Technologies&lt;/h4&gt;
&lt;div class="row"&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/gitlab-original.svg" alt="GitLab"&gt;&lt;div&gt;GitLab CI&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/docker-original.svg" alt="Docker"&gt;&lt;div&gt;Docker&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/ansible-original.svg" alt="Ansible"&gt;&lt;div&gt;Ansible&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/prometheus-original.svg" alt="Prometheus"&gt;&lt;div&gt;Prometheus&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/nginx.svg" alt="Nginx"&gt;&lt;div&gt;Nginx&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/postgresql.svg" alt="PostgreSQL"&gt;&lt;div&gt;PostgreSQL&lt;/div&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;hr&gt;
&lt;h4 id="results"&gt;Results&lt;/h4&gt;
&lt;p&gt;✅ &lt;strong&gt;Deploy:&lt;/strong&gt; git push to main → automatic build and deploy to server&lt;br&gt;
✅ &lt;strong&gt;Environments:&lt;/strong&gt; full dev/prod isolation on a single VPS&lt;br&gt;
✅ &lt;strong&gt;Monitoring:&lt;/strong&gt; 5 dashboards, alerts across 6 categories&lt;br&gt;
✅ &lt;strong&gt;Backups:&lt;/strong&gt; automated hourly &lt;code&gt;pg_dump&lt;/code&gt; to Cloudflare R2&lt;br&gt;
✅ &lt;strong&gt;Security:&lt;/strong&gt; UFW, key-based SSH, database inaccessible from outside&lt;br&gt;
✅ &lt;strong&gt;Scalability:&lt;/strong&gt; architecture ready for database extraction to a dedicated server&lt;/p&gt;</description></item><item><title>CI/CD with GitLab + Kubernetes: deploy in 10 minutes</title><link>https://ru-admin.github.io/posts/cicd/ci-cd-gitlab/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://ru-admin.github.io/posts/cicd/ci-cd-gitlab/</guid><description>&lt;h2 id="cicd-automation-from-2-hours-to-10-minutes-per-deploy"&gt;CI/CD automation: from 2 hours to 10 minutes per deploy&lt;/h2&gt;
&lt;hr&gt;
&lt;h4 id="client"&gt;Client&lt;/h4&gt;
&lt;p&gt;E-commerce startup, 5-person engineering team&lt;/p&gt;
&lt;hr&gt;
&lt;h4 id="challenge"&gt;Challenge&lt;/h4&gt;
&lt;ul&gt;
&lt;li&gt;Manual deployment took 2 hours&lt;/li&gt;
&lt;li&gt;Frequent release errors&lt;/li&gt;
&lt;li&gt;No fast rollback path&lt;/li&gt;
&lt;li&gt;Required: CI/CD automation, GitOps, fast rollback&lt;/li&gt;
&lt;/ul&gt;
&lt;hr&gt;
&lt;h4 id="solution"&gt;Solution&lt;/h4&gt;
&lt;ol&gt;
&lt;li&gt;Self-hosted GitLab&lt;/li&gt;
&lt;li&gt;GitLab CI pipeline (Build → Test → Deploy)&lt;/li&gt;
&lt;li&gt;Managed Kubernetes in Yandex Cloud&lt;/li&gt;
&lt;li&gt;Flux CD for GitOps&lt;/li&gt;
&lt;/ol&gt;
&lt;hr&gt;
&lt;h4 id="technologies"&gt;Technologies&lt;/h4&gt;
&lt;div class="row"&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/gitlab-original.svg" alt="GitLab"&gt;&lt;div&gt;GitLab&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/docker-original.svg" alt="Docker"&gt;&lt;div&gt;Docker&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/kubernetes-plain.svg" alt="Kubernetes"&gt;&lt;div&gt;Kubernetes&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/helm-original.svg" alt="Helm"&gt;&lt;div&gt;Helm&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/flux-cd.svg" alt="Flux CD"&gt;&lt;div&gt;Flux CD&lt;/div&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;hr&gt;
&lt;h4 id="results"&gt;Results&lt;/h4&gt;
&lt;p&gt;✅ &lt;strong&gt;Deploy time:&lt;/strong&gt; from 2 hours to 10 minutes (12x)&lt;br&gt;
✅ &lt;strong&gt;Errors:&lt;/strong&gt; −90%&lt;br&gt;
✅ &lt;strong&gt;Deploy frequency:&lt;/strong&gt; from 1/week to 10+/day&lt;br&gt;
✅ &lt;strong&gt;Rollback time:&lt;/strong&gt; from 1 hour to 2 minutes&lt;/p&gt;</description></item></channel></rss>