DevOps Engineer Roadmap 2026: From Zero to $150K+ in 18 Months

Morning: Review overnight alerts, check deployment dashboards
Mid-morning: Work on infrastructure-as-code tickets (Terraform, Ansible)
Afternoon: Pair with devs on CI/CD pipeline issues
Late afternoon: Investigate slow query from monitoring alerts
Weekly: Capacity planning review, cost optimization
Monthly: Disaster recovery drill, security patching

# Must-know Linux commands
# File system navigation
ls -la, cd, pwd, find, locate
cat, less, head, tail, grep, awk, sed
cp, mv, rm, mkdir, chmod, chown

# Process management
ps aux, top, htop
kill, killall, nohup, &
systemctl start/stop/enable/status

# Networking
curl, wget, netstat, ss, lsof
ping, traceroute, nslookup, dig
iptables basics, ufw

# Text processing
grep -r "pattern" .
awk '{print $1, $3}'
sed 's/old/new/g' file.txt
sort | uniq -c | sort -rn

# Essential: write Bash scripts
#!/bin/bash
set -euo pipefail  # Error handling

# Beyond basic git:
git log --oneline --graph --all
git rebase -i HEAD~3  # Interactive rebase
git cherry-pick abc123
git bisect start       # Binary search for bugs
git stash push -m "WIP feature"
git reflog             # Recovery tool
git hooks              # Pre-commit automation

# Write production-quality Dockerfiles
FROM node:20-alpine AS base
WORKDIR /app

FROM base AS deps
COPY package*.json .
RUN npm ci --only=production

FROM base AS builder
COPY package*.json .
RUN npm ci
COPY . .
RUN npm run build

FROM base AS runner
COPY --from=deps /app/node_modules ./node_modules
COPY --from=builder /app/dist ./dist
USER node
EXPOSE 3000
CMD ["node", "dist/server.js"]

# Basic pipeline structure
name: CI/CD
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: npm
      - run: npm ci && npm test

  deploy:
    needs: test
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - run: echo "Deploy to production"

# Master these Terraform concepts:
# 1. Providers + resources
# 2. Variables + outputs
# 3. State management (S3 backend)
# 4. Modules (reusable infra)
# 5. Workspaces (environments)
# 6. Import existing resources
# 7. Terraform Cloud or Atlantis

# Certification: HashiCorp Terraform Associate

# Master these K8s concepts:
# 1. Pods, Deployments, Services
# 2. ConfigMaps + Secrets
# 3. Ingress + TLS with cert-manager
# 4. RBAC
# 5. HPA (autoscaling)
# 6. PersistentVolumes
# 7. Namespace isolation
# 8. kubectl debugging

# Certification: CKA (Certified Kubernetes Administrator)
# CKA is performance-based — you solve real cluster problems.
# Study resource: killer.sh practice exams

The Three Pillars of Observability:

1. Metrics (Prometheus + Grafana)
   - What is happening? (request rate, error rate, latency)
   - Set SLOs: 99.9% uptime, P95 < 500ms

2. Logs (Grafana Loki or ELK)
   - Why did it happen?
   - Structured JSON logs with trace IDs

3. Traces (Jaeger or Tempo)
   - Where in the request chain did it slow down?
   - OpenTelemetry for instrumentation

Master: PromQL queries, Grafana dashboards, alert rules

DevSecOps essentials:
- SAST: CodeQL, SonarQube
- Dependency scanning: Snyk, npm audit
- Secrets detection: Gitleaks, TruffleHog
- Container scanning: Trivy, Grype
- IaC scanning: Checkov, tfsec
- Secrets management: HashiCorp Vault or AWS Secrets Manager
- Zero-trust networking: service mesh basics (Istio/Linkerd)

# Focus on:
# 1. Playbooks + roles structure
# 2. Ansible Vault for secrets
# 3. Dynamic inventory from AWS
# 4. Idempotency — run 100x, same result
# 5. Testing with Molecule

# When to use Ansible vs Terraform:
# Terraform: Provision infrastructure (create servers)
# Ansible: Configure infrastructure (install software on servers)

# GitOps: Git is the single source of truth
# ArgoCD watches Git, applies changes to Kubernetes automatically

# Application definition
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp
  namespace: argocd
spec:
  source:
    repoURL: https://github.com/webcoderspeed/app
    targetRevision: HEAD
    path: k8s/production
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

# Istio basics for production
# 1. mTLS between services (zero-trust)
# 2. Traffic management (canary, A/B)
# 3. Circuit breaking
# 4. Distributed tracing injection
# 5. Observability dashboards (Kiali)

IDP Components:
- Service catalog (Backstage)
- Self-service infrastructure templates
- Golden path templates (scaffolded repos with best practices)
- Automated onboarding
- Cost visibility per team

SRE Toolkit:
- SLIs/SLOs/SLAs: Define and measure reliability
- Error budgets: "We can be down 43.8 minutes/month at 99.99%"
- Incident response: Runbooks, blameless postmortems
- Chaos engineering: Chaos Monkey, Litmus Chaos
- Capacity planning: Load testing with k6 or Locust
- On-call rotation: PagerDuty, OpsGenie

Tier 1 (Best ROI — Get these first):
1. AWS Solutions Architect Associate — $300, most recognized
2. CKA (Certified Kubernetes Administrator) — $395, hands-on
3. HashiCorp Terraform Associate — $70.50, practical

Tier 2 (Valuable additions):
4. AWS DevOps Engineer Professional — $300, advanced
5. CKS (Certified Kubernetes Security Specialist) — $395
6. Google Professional Cloud DevOps Engineer — $200

Skip for now:
- CKAD (useful for app devs, not DevOps focus)
- Generic cloud practitioner (use as stepping stone only)

Study resources:
- AWS: Stephane Maarek courses (Udemy)
- Kubernetes: Mumshad Mannambeth KodeKloud + killer.sh
- Terraform: HashiCorp official tutorials + TFC

Source Control:     GitHub / GitLab
CI/CD:              GitHub Actions / GitLab CI / ArgoCD
Containers:         Docker + Podman
Orchestration:      Kubernetes (EKS / GKE / AKS)
IaC:                Terraform + Pulumi (TypeScript IaC)
Config Mgmt:        Ansible
Cloud:              AWS (primary) + GCP or Azure
Monitoring:         Prometheus + Grafana
Logging:            Grafana Loki
Tracing:            Jaeger / Grafana Tempo
Security:           Vault + Trivy + Gitleaks
Service Mesh:       Istio / Linkerd
GitOps:             ArgoCD / Flux
Developer Portal:   Backstage
Cost Visibility:    AWS Cost Explorer + Kubecost

India (Remote International):
Junior (0–2 yrs):   ₹8–15 LPA
Mid (2–5 yrs):      ₹18–35 LPA
Senior (5–8 yrs):   ₹35–60 LPA
Staff/Architect:    ₹60–100+ LPA

India (Local):
Junior:    ₹6–12 LPA
Mid:       ₹14–28 LPA
Senior:    ₹28–50 LPA

United States:
Junior:    $75K–$100K
Mid:       $110K–$140K
Senior:    $140K–$180K
Staff/Principal: $180K–$250K+

Highest paying companies: FAANG, fintech, crypto, defense tech

Month 1-2:   Linux, Bash, Git, Docker fundamentals
Month 3-4:   GitHub Actions CI/CD, AWS basics, Cloud Practitioner cert
Month 5-6:   Terraform, AWS Solutions Architect Associate cert
Month 7-8:   Kubernetes core, CKA exam prep
Month 9:     CKA certification, monitoring with Prometheus+Grafana
Month 10:    Ansible, logging with Loki, security scanning
Month 11-12: GitOps (ArgoCD), Vault, DevSecOps pipeline
Month 13-14: Advanced Kubernetes (service mesh, operators)
Month 15-16: SRE practices, chaos engineering, incident response
Month 17-18: Platform engineering, Backstage, AWS DevOps Pro cert

Build while you learn:
- Month 2: Dockerize a personal project
- Month 4: Full CI/CD pipeline with tests + deploy
- Month 6: Entire AWS infra in Terraform (VPC + EC2 + RDS)
- Month 8: App running on self-managed Kubernetes
- Month 12: Production-grade stack with full observability
- Month 18: Internal developer platform (portfolio piece)