DevOps / DevSecOps Culture

"Breaking silos, automating flows, and securing from day zero."

Scroll to explore

Core DevOps Responsibilities

CI/CD

Dev Flow

Deploy Flow

Environment

Security

Observability

Cloud

Network

Current CI/CD Workflow

TEST BUILD DEPLOY

Backend

  • CI (Continuous Integration)
    Test & Build powered by GitLab Runner
  • CD (Continuous Deployment)
    Deployment to Kubernetes (k8s) via ArgoCD

Frontend

  • CI (Continuous Integration)
    Test & Build powered by GitLab Runner
  • CD (Continuous Deployment)
    Deployment to Storage Bucket via GitLab Runner

Environment Landscape

Development dev
Quality Assurance qa(1/2/3)
Staging stg
User Acceptance uat
Demonstration demo(1/2)
Pre-Production pp01/02
Production prod(vd0xx)

Git Versioning Strategy

Branching & Tagging Standards

  • DEV: branch or tag dev-0.0.1
  • QA:
    branch (JIRA ticket or feat/xxxx)
    or tag qa-0.0.1
  • STG/UAT/PROD: tag release-0.0.1

HOTFIX Protocol

A HOTFIX must strictly increment the current release version by 1.

release-0.0.1 release-0.0.2

NEVER DELETE A TAG!

Once created, versions can only be incremented. Modifying or deleting existing tags is strictly prohibited.

Continuous Deployment Rules

Environment Trigger / Target Action & Tool
dev Code Push / Merge Auto-deploy to dev env
qa1/2/3 Manual trigger Triggered manually by QA via opstool or similar tool
stg tag release-0.0.1 Auto-triggered by release tag
uat tag release-0.0.1 Triggered manually via opstool
prod tag release-0.0.1 Triggered manually via opstool

Cloud Infrastructure

AWS + K8s

Primarily built on AWS k8s (EKS).

Prerequisite

A solid understanding of docker and dockerfile is mandatory to ensure consistent containerization practices.

Network Management

Network Configuration

All network configurations are fully managed and provisioned by the DevOps team.

Security (DevSecOps)

Fundamental Guidelines

Secret Key Exposure

Secret keys must NEVER be exposed in application logs! Sensitive information must be strictly masked or filtered.

Future Roadmap

We will implement comprehensive DevSecOps policies and integrate AI-assisted tooling to support developers securely.

Observability Pillars

Logs

Centralized application logging.

Standard Format: Must implement strict Log Levels (INFO, WARN, ERROR, DEBUG).

Traces

Distributed request tracing across microservices.

OpenTelemetry (OTEL): Mandatory integration for every backend service.

Metrics

System and application performance data.

Performance Tracking: Expose standard metrics alongside OTEL traces for Prometheus/Grafana.