DevSecOps and Platform Engineer RoadMap
There is no perfect roadmap - priorities vary according to the specific needs of each project. This guide serves as general guidance, not as a mandatory list. Remember: nobody needs to master everything, but knowing these concepts will bring progressive technical maturity.
Linuxβ
Master basic administration in the main families: Debian and Red Hat. I suggest using the preparatory content for the LPI-1 certification as a study base (the certification itself is optional).
Gitβ
Create accounts on GitHub and GitLab to host your repositories. Learn essential workflows (commit, branch, merge) and version control best practices.
Shell Scriptβ
DevOps is a culture of fast delivery, and automation is essential. Shell Script will be your first contact with this automation. For this, it's necessary to know shell commands studied during Linux learning. This knowledge will also be the foundation for learning Ansible later.
TCP IPβ
Understanding networks and communication is fundamental for using cloud resources and understanding security. Working with servers without this knowledge will be practically unfeasible.
Yaml and Jsonβ
In the DevOps world, most tools use YAML and JSON for configurations. Knowing how they work is essential, as many resources, especially in Kubernetes, use these syntaxes.
Nginxβ
Since most applications run on web servers, it's important to know Nginx, one of the most used. Create a simple web application in Python and use Nginx as a reverse proxy to manage traffic.
Databaseβ
Practically all applications use databases. It's not necessary to be a DBA, but understanding the main types and knowing how to configure caching to optimize performance is important.
Install a relational database and a non-relational one and learn to use basic SQL commands. Focusing on CRUD operations and caching with Redis can be a differentiator.
Ansibleβ
Ansible will be your first Infrastructure as Code (IaC) tool. Automate the installation of Nginx and the database created previously. Practice by creating playbooks to configure your machine.
Learning a bit of Vagrant can be useful here. Although it's more used in personal projects than in companies, it's a good introduction to the IaC concept.
This knowledge will be leveraged later with Terraform and Packer to create your own images, configuration bootstrap, etc.
Ansible is a true Swiss Army knife and can be used in various scenarios.
Pythonβ
Learn an initial language, but you don't need to be an expert. Understanding how a code build works is extremely necessary to run applications. Python is the most used language in the DevOps world. This is the second contact with programming logic after Shell Script. Many scripts today are being replaced by Python code.
Develop basic scripts for automation. Focus on:
- File manipulation
- API calls
- Integration with DevOps tools
CI/CD Pipelinesβ
Pipelines are the automations we create based on events that happen in a code repository.
There are many tools for executing pipelines, but for a first moment, I believe it's necessary to learn GitHub Actions, as GitHub is the most used repository followed by GitLab-CI from GitLab. I see Jenkins falling into disuse by companies more and more, especially with the arrival of GitOps and improvements in market tools. If where you work uses Jenkins then you'll have to learn it sooner. Start small Python code already using one of these tools to become familiar with CI/CD stages.
It's worth remembering that Jenkins is much more than just CI/CD, so I kept it in the Roadmap but with a later priority. We can do many automations with Jenkins based on events that have nothing to do with CI/CD.
Tekton is growing a lot for those who use Kubernetes and has a different concept.
Containersβ
At this point, we'll need to study how a container works, how to isolate processes, create an image, etc. It's the foundation for microservices. You can't continue the roadmap without this knowledge. Spend as much time as necessary to learn once and for all how this type of virtualization works.
Understand the difference between these 3 tools, although they are very similar.
Tip: Don't waste too much time with Docker Swarm, just know how it works. At this point, reinstall all servers running on Linux to their Container mode, it will be excellent learning.
Container Registryβ
Having your images on a managed server is important instead of having everything on DockerHub, that's why Harbor is here. Of course, we have cloud services for this, but they are much more limited and don't do image analysis like Harbor can do.
AWSβ
With a solid Linux foundation, networks, knowledge in some services, it's time to learn how to run all this in the cloud. Study AWS in an advanced way. Take advantage of the free tier account and learn all about VPC, EC2, IAM, Load Balancer, S3, ROUTE53, COGNITO, CLOUDWATCH, ECR, etc. Focus on the main resources initially and leave learning Software as a Service for later. At this moment, just focus on the 10% of AWS services that are the foundation of everything.
Obviously, another cloud may be a priority if your company doesn't use AWS, but generally AWS is the most used and with the greatest chances of jobs in the market, so it's good to learn it too.
Securityβ
-
Hardening: Taking advantage of Linux and Ansible knowledge, learn to configure a Linux that's extremely hard to hack. This study will be good for learning to create a bastion host for your cloud network. There are many OS hardening repositories scattered around. Packer can be a very useful tool at this moment.
-
Network: Deepen your network knowledge. Knowing how a VPN, CDN, Firewall, TLS, and all possible security layers work is necessary to have at least a foundation to mitigate possible future attacks. It's the ideal moment to learn how cloud services also need security and create a more professional environment. Knowing other operating systems like Bottlerocket and distroless concepts is very welcome here.
Terraformβ
If you already know how to use the cloud in the console, then it's time to put this as code. Spend good time learning about Terraform, because from now on, nothing will be done directly in the cloud anymore, everything by code.
In the beginning, the cloud itself was used to store the terraform state file (It still is), but nowadays I see a massive migration to Terraform Cloud (HCP Terraform) which I believe is the best way to work with Terraform, so it's worth learning. With this, we already replace the use of Terragrunt or Atlantis and bring the GitOps concept to light.
Kubernetesβ
Kubernetes is our container orchestrator and everything you've learned is to get here. It's vitally important to learn Kubernetes in depth. All other tools from here on will be installed in some Kubernetes cluster. Study this tool carefully. Also learn to use Kubernetes' package manager Helm.
If you're following the roadmap and using AWS, it's the right time to learn how to create an EKS on AWS. Nowadays, deploying a bare metal Kubernetes cluster, unless in an on-premise environment, is not interesting.
One of the few certifications worth getting in the market today is CKA from Kubernetes. This certification will help you enter the market quickly.
ArgoCDβ
This will be your first contact with GitOps. It's the best way to manage what we have in the repository with what we have running in our cluster. Learning ArgoCD at this moment will bring a new perspective on working with Kubernetes, being a great shortcut.
Main Kubernetes Servicesβ
Many tools were born for Kubernetes, and it's important to know some of them: Istio (Service Mesh), Cert Manager, External DNS, and others that are not on the roadmap and you'll discover along the way.
A bit further ahead we put services like Kong (API Gateway) and Knative (Serverless on Kubernetes).
We could list several here, but it's important to follow the flow. If you're going to learn everything there is to learn, you won't move to the next step.
Access Controlβ
There will come a time when it's important to create access control to resources and some important tools like Open Policy Agent (OPA) and Vault (For Secrets) are very important on this journey.
We could also put Kyverno here. OPA was chosen for being more generic than Kyverno, which is focused on Kubernetes.
Many companies prefer to use SaaS solutions (like Okta, Azure AD, Cognito on AWS) for authentication with SSO, avoiding managing internal tools. Keycloak, although powerful, is less common in these scenarios, but it's worth knowing for specific cases.
Observabilityβ
The set of tools to monitor your cluster should be learned in the following sequence to facilitate.
- Prometheus
- Grafana
- OpenTelemetry
- Jaeger (traces)
- Grafana Tempo would be our Jaeger within Grafana Cloud, but the idea is the same.
- Grafana Loki (logs)
Crossplaneβ
Before diving into Platform Engineering, it's crucial to understand how Crossplane can help us extend the Kubernetes API, leveraging its power to optimize the use of tools like Backstage or other Internal Developer Platforms (IDP). Crossplane has gained great adoption in the community, replacing much of Terraform code by enabling the management not only of infrastructure but also application resources and workflows, all integrated into Kubernetes. By creating custom abstractions for self-service provisioning, we can simplify and automate the development process, reducing complexity and increasing efficiency.
Platform Engineeringβ
Learning Backstage allows you to create an internal developer portal that centralizes information, standardizes processes, and improves the self-service experience for teams. This reduces the need for support, facilitates access to tools and documentation, and increases development efficiency.
Platform Engineer is one of the highest-paid IT specializations.
Since Backstage is built on a NodeJS Framework, it will be necessary to familiarize yourself with it and better understand this language.
Messagingβ
Kafka is the most robust Pub Sub server (message queue) we have on the market. Learn how it works in its basic mode. Leave deepening this knowledge for when necessary. Today, most microservices in a large company work with some type of message queue. At some point in your career, already knowing the basics, it will be necessary to learn everything about it.
RabbitMQ was also included as a second messaging tool, as it's widely demanded in the market, but already as a lower priority.
Packerβ
Packer could be at the top of the list, but currently it's not essential - it's more of a "plus". With the increased use of containers and other tools, Packer has been used less and less. However, for creating VMs, I still consider the tool very useful.
After learning to launch an EC2 on AWS, you can start creating your own AMIs (Images), already configured with all the servers and packages you know. By combining Packer with Ansible, it's possible to automate the creation of custom AMIs prepared for production.
Other Clouds, Other Pipelinesβ
I don't know which cloud was chosen to start, but it's time to expand. The concepts are very similar and you already have the foundation, so everything will be easier from now on. Many services you should know at this point, some you probably decided to outsource, others you took on yourself.
Other Languagesβ
-
Golang: If possible, learn Golang, as it's a language widely used in modern projects, especially in high-performance systems and infrastructure. Additionally, it's essential to contribute to many open-source projects. You don't need to be an expert, the basics will already be of great help for your development. Knowing the main market languages always adds value to your career.
-
Rust: Rust has been gaining more and more prominence, with the promise of replacing C in various areas, especially in low-level systems and security. It's worth learning, as the demand for Rust is growing rapidly in the market.
Other IDPsβ
Backstage is an excellent gateway to IDPs, but I believe we should explore other solutions, and one of them is Port. Although it's a paid tool, I see that large companies are adopting Port due to its ease of use, as Backstage has a steeper learning curve and requires a dedicated team for implementation and maintenance.