Practical DevOps Commands and Tools: From Terraform to Incident Automation

Q: What are the essential DevOps commands I should memorize?

Memorize a small set: Terraform init/fmt/validate/plan/apply, kubectl apply/status/get/logs/exec, Docker build/run/image prune, plus your CI runner steps. Store a cheatsheet in a versioned repo.

Q: How can I optimize Docker images for CI/CD?

Use multi-stage builds, minimal base images, cache-friendly layer ordering, and container scanning in CI. Push immutable tags to a registry and reference those tags in deployments.

Q: What does an automated incident runbook look like?

A scriptable checklist that collects diagnostics, runs health checks, captures resource state, and optionally executes rollback or mitigation steps. It should be idempotent, logged, and accessible via chatops or a runbook platform.

DevOps Commands & Tools Guide: Terraform, Kubernetes, CI/CD, Docker

This article collects the commands, tools, and workflows you need to design, provision, secure, and operate cloud-native systems. It’s a practical reference that ties CLI patterns to automation, focusing on Terraform scaffolding, Kubernetes manifests, CI/CD pipelines, Docker optimization, DevSecOps practices, and incident runbook automation.

Where appropriate, I link to concise examples and a public repo with curated commands and snippets to bootstrap your environment: DevOps commands & snippets repository. Use the repo as a copyable starter set and adapt it to your CI/CD and cloud provider of choice.

This guide is aimed at SREs, platform engineers, and senior devs who want concrete commands and patterns, not theory. Expect clear CLI examples, recommended tooling, and quick-action runbook templates suitable for voice-search answers and featured snippets.

Core DevOps Commands and Quick Reference

Commands are shortcuts to predictable outcomes. Start by standardizing a small set of commands for provisioning, inspecting, and rolling back. For cloud resources that are managed in Terraform, a minimal workflow looks like: write, plan, apply, and version-control your modules. That sequence becomes a mental model for every change.

Here are the exact commands you’ll use repeatedly. Keep them as aliases or in a CLI helper script so that execution is identical across teammates and CI agents. Consistent commands reduce incident toil and make runbooks reliable.

# Terraform
terraform init
terraform fmt
terraform validate
terraform plan -out=plan.tfplan
terraform apply "plan.tfplan"

# Kubernetes (kubectl)
kubectl apply -f k8s/deployment.yaml
kubectl rollout status deployment/my-app
kubectl get pods -o wide

# Docker
docker build -t my-app:latest .
docker image prune -f
docker run --rm -p 8080:8080 my-app:latest

Store these CLI snippets in a repo (see DevOps commands repo) and integrate them into your pipeline steps so CI logs show the same commands as your local runs.

Cloud Infrastructure Tools and Terraform Scaffolding

Terraform is the most widely used IAC tool for multi-cloud teams because its state model and module ecosystem scale. Build a scaffolding pattern that separates environments, modules, and secrets: modules for reusable resources, env folders for workspace state, and a CI job that performs plan + gated apply. This reduces drift and provides a single source of truth for cloud topology.

A recommended filesystem layout: modules/, live//{main.tf,backend.tf,vars.tf}, and a CI job that uses terraform fmt/validate and stores plan artifacts. Use remote state locking (S3 + DynamoDB or remote backend) to avoid concurrent apply issues. For public examples and a starter layout, check the repo’s Terraform scaffolding section: Terraform scaffolding.

Security: keep provider credentials out of code. Use IAM roles for CI runners and secrets engines (Vault, Secrets Manager) to inject runtime credentials. Implement policy-as-code (e.g., Sentinel, Open Policy Agent) to prevent insecure resources (public S3 buckets, permissive IAM policies) from being applied.

Kubernetes Manifests and Docker Optimization

Kubernetes manifests should be small, composable, and templatized. Use a templating/overlay tool (Kustomize, Helm, or Jsonnet) for environment differences rather than hand-editing YAML. Always validate manifests with kubectl apply –dry-run=client and structural linters (kube-score, kube-linter) before CI deployment.

Docker images are often the easiest place to cut cost and latency. Optimize images by using small base images (distroless or scratch where possible), multi-stage builds to remove build-time artifacts, and explicit layer ordering to maximize cache hits in CI. Example Dockerfile pattern: build stage (compile), runtime stage (minimal base), and healthcheck instructions to give Kubernetes meaningful probes.

Small example of a multi-stage Dockerfile snippet:

FROM golang:1.20 AS builder
WORKDIR /src
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /out/app ./cmd

FROM gcr.io/distroless/static
COPY --from=builder /out/app /app
ENTRYPOINT ["/app"]

CI/CD Pipelines and DevSecOps Workflows

CI pipelines should be atomic: build, test, scan, and publish artifacts. CD pipelines should be environment-aware, promote artifacts through a staging channel, and require approvals for production. Implement trunk-based development with short-lived feature branches and pipeline gates that include automated security scans and integration tests.

DevSecOps means shifting left: integrate SAST (e.g., semgrep), dependency scanning (e.g., Dependabot, Snyk), container scanning (Clair, Trivy), and IaC linting into PR checks. Failure at PR time is faster to fix and cheaper than post-deploy incidents. Make scan results actionable by surfacing them in the MR/PR interface and linking to remediation guidance.

When automating promotion between environments, rely on immutable artifacts (containers, Terraform plan artifacts). This ensures what you tested is exactly what you deploy. Add a changelog step and automated rollback markers (tags or release notes) so incident responses can quickly identify and revert problematic versions.

Incident Runbook Automation and Observability

Incident runbooks should be executable scripts or actionable checklists. Convert manual troubleshooting steps into automated runbooks that collect diagnostics, run health checks, and create an incident ticket with context. Automation reduces cognitive load when latency rises and teams are under pressure.

Example runbook tasks to automate: reproduce error with curl, capture current deployment/version, gather logs for a time window, capture pod and node diagnostics, and run a canary rollback. Each step should output a short, parsable report and a suggested next action. Keep runbook code under version control to track improvements.

Observability is the feedback loop: metrics for alerting, traces for performance root cause, and logs for forensic detail. Correlate trace IDs through your pipeline and include tracing headers in your instrumentation so a single click from an alert opens the exact trace and logs necessary to act. Tie alerts to runbook automation so on-call engineers begin with rich context.

Semantic Core (Primary, Secondary, Clarifying Keywords)

Primary:

DevOps commands
CI/CD pipelines
Terraform scaffolding
Kubernetes manifests
Docker optimization

Secondary:

incident runbook automation
DevSecOps workflows
infrastructure as code
kubectl quick reference
multi-stage Dockerfile

Clarifying / LSI / Related phrases:

CI jobs for terraform plan
immutable artifacts deployment
policy-as-code OPA Sentinel
container image scanning Trivy
observability metrics traces logs

5–10 Popular User Questions on This Topic

What are the essential DevOps commands I should memorize?
How do I scaffold Terraform for multiple environments?
What are best practices for Kubernetes manifests and templating?
How can I optimize Docker images for CI/CD speed?
How to design a CI/CD pipeline that includes security scans?
What does an automated incident runbook look like?
How to integrate policy-as-code in Terraform workflows?
Which observability signals should I prioritize for on-call?

FAQ

Q: What are the essential DevOps commands I should memorize?

A: Memorize a small, repeatable set for each domain: Terraform (init, fmt, validate, plan, apply), Kubernetes (kubectl apply/status/get/logs/exec), Docker (build, run, image prune), and your CI runner commands (checkout, build, test, publish). Keep a versioned cheatsheet in your repo—see the DevOps commands repository—to ensure team consistency.

Q: How can I optimize Docker images for CI/CD?

A: Use multi-stage builds to separate build and runtime artifacts, choose small base images (distroless or alpine where appropriate), order Dockerfile layers for cacheability (rarely changing steps first), and run automated image scans (Trivy/Clair) in CI. Also push images to a private registry and use immutable tags in deployments to guarantee reproducibility.

Q: What does an automated incident runbook look like?

A: An automated runbook is a scriptable set of actions: collect diagnostics (logs, metrics, traces), run health checks, gather resource state (k8s describe, terraform state list), and optionally perform a safe rollback or scale operation. Each run is idempotent, logged, and creates a ticket with context. Embed these scripts in your repo and expose them via a chatops or runbook tool for one-click execution.

Suggested Micro-markup

Included above: JSON-LD FAQ for the three selected questions. For article-level markup, add Article schema (headline, description, author, datePublished) if you publish on a CMS that supports custom head tags. For code snippets, use <pre> blocks and add language identifiers where the CMS supports highlighter plugins.

Backlinks and Further Reading

Starter repo with curated commands and templates: r10-wshobson-commands-devops.

Official Kubernetes docs for manifests and best practices: Kubernetes manifests. Terraform documentation and examples: Terraform scaffolding.