General

9 DevOps Best Practices – What You Should Do and NOT Do

DevOps Best Practices (And How Not To Do DevOps)

Utilizing DevOps practices to maximize speed and value creation has been a hot topic in the software industry for the past decade. We have embraced these practices and changed how we work and think about development, operations, project management, code quality, observability, and continuous feedback. 

As organizations started applying these practices, we noticed many anti-patterns emerging. In this article, we will see some DevOps best practices and ways to improve our workflows, but also we will explore some of the typical DevOps anti-patterns and how to avoid them.

What is DevOps, and Why it's Important?

Probably you have seen hundreds of different definitions of DevOps by now. For me, DevOps is a set of best practices around the software development lifecycle and the effort to continually improve and deliver value more efficiently.  

On its basis, DevOps is a culture that spreads equally between developers and operations rather than a specific role. In reality, the term has been used as an umbrella term to characterize the engineering roles of cloud-savvy people who share the pains and responsibilities of devs and ops. At the same time, they strive to enable and promote DevOps practices within organizations. 

So why all this fuss? Implementing these practices has proven to improve software quality. Different software and operations teams collaborate more efficiently, reduce friction and lead time, integrate and test their code continuously, and deploy more often.

It’s all about finding the inefficiencies in our workflows and building a culture of continuous communication and trust. Other aspects of it are handling failures and unplanned work, leveraging automation, and focusing significantly on observability to get meaningful feedback. 

DevOps Best Practices to Follow

Now that we set the foundation let’s explore some DevOps best practices without further ado. The list isn’t supposed to be exhaustive but rather a guide with hints and pointers that will ease your journey towards adopting a healthy DevOps culture. 

1. Foster a Culture of Collaboration and Blameless Communication

First and foremost, for this journey to be successful, we must focus intensely on growing a culture that allows people to collaborate freely and remove the fear of failure. Organizations and teams that promote values like trust and empathy tend to have a heads-up advantage in adopting DevOps practices. Break down the silos between teams and make them work together towards a common goal, bringing value to the company. One of the tools that deliver an enhanced collaboration layer for IaC is Spacelift. At Spacelift, you can invite security and compliance teams to collaborate on and approve workflows and policies.

2. Adopt Continuous Integration and Delivery (CI/CD)

Integrating small batches of code frequently into a central code repository is a practice that allows developers to collaborate efficiently. With this approach, the repository is always kept in a good state since we introduce small changes that are easier to handle. Continuous Integration (CI) enables early error detection and improves code quality since these small batches of changes are validated each time with automated builds and tests. 

The next step after integrating our code is deploying it to our environment. Continuous Delivery (CD) is the practice of getting the code into a deployable state continuously for every small batch of change. This simplifies our deployments and provides our developers with an easy and automated method to push code to production.

3. Set up Automated Testing

A continuation of the previous point and an integral part of DevOps success is setting up and curating meaningful automated tests as part of our CI/CD pipelines. This way, we don’t rely on humans to run manual tests on our code; instead, we set up automated tests that run on every minor change introduced. 

By increasing the testing frequency and the number of tests, we reduce our chances of introducing bugs to production systems. The tests vary depending on the use case but typically could include unit testing, integration testing, end-to-end testing, load testing, smoke testing, etc. 

4. Focus on Observability and Find the Right Metrics

DevOps practices are based on getting feedback and continuously improving our processes. We need to find and track the right metrics to achieve that and measure our results. Figuring out the right metrics is an arduous journey that each organization has to go through. 

These metrics will differ from organization to organization and from team to team, depending on the goals and key results targeted. Still, it’s a crucial exercise for achieving success. Some typical examples of DevOps metrics are deployment time, frequency of deploys, deployment failure rate, availability of critical services, mean time to detect, mean time to restore, cost per unit, code coverage, and change lead time. 

Moving one step forward, we also have to focus on the observability of our apps and software running in production. We have to define a strategy for effectively storing, managing, and distributing logs, traces, and metrics of our applications to quickly solve issues, improve the understandability of our systems and enable our teams to operate efficiently. 

5. Avoid Manual Work with Automation

By reducing manual work and automating recurring tasks, we accelerate our processes and provide increased consistency to our results. Automation can allow us to focus on what is essential and avoid human intervention and time spent on chores. It also provides more confidence in our systems and processes, removes human errors and miscommunication, and speeds up the performance of teams. If you need an automation layer for your cloud resources, take a look at Spacelift’s self-service infrastructure (automated workflow management feature especially).

6. Incorporate Security Early in the Development Lifecycle

Security shouldn’t be one of the last things to integrate into software development. The birth of DevSecOps emphasizes thinking about application and infrastructure security early in the development lifecycle, incorporating security into the initial design and integrating it into the CI/CD pipelines. 

Security should be a responsibility shared among different teams and through the entire application lifecycle and be considered an integral part of the process, not an optional add-on. Recently, a strong focus has been given to securing the software supply chain due to increased malicious attacks over the last years.

In the world of infrastructure, even the tiniest of mistakes can cause major outages. That’s why Spacelift adds an extra layer of policy that allows you to control – separately from your infrastructure project – what code can be executed, what changes can be made, when and by whom. This isn’t only useful to protect yourself from the baddies but allows you to implement an automated code review pipeline.

7. Learn from Incidents and Build Processes around Them

Incidents are inevitable in the IT world. It doesn’t matter how well prepared your team is; eventually, there will be an incident that you will have to address. In these cases, it’s essential to focus on blameless communication, understand the issue, communicate effectively with the affected parties, and collaborate to find a solution. 

Equally crucial to fixing the issue is to have a process to log incidents and learn from them. After the incident has been tackled, spend some time with your team to craft a post-incident review, and discuss how the incident was handled. Try to find any possible improvements in the incident handling process that can help you next time. 

8. Focus first on Concepts, then Find the Right Tools

The DevOps landscape is moving extremely fast, with new tools and services emerging daily. Instead of continuously integrating new shiny tools and services, concentrate on understanding the core concepts that allow companies to accelerate their business with DevOps practices. 

Only once you understand the concepts and prioritize the missing pieces accordingly, you will be successful in selecting the right tools for the job. Remember, you won’t be able to build everything within your team. It’s ok to rely on DevOps tooling and managed services when it makes sense. Be smart about how you use your team’s time, try to understand your in-house expertise and needs, put effort into building custom tooling when it makes sense, and rely on external tooling and services for the rest. 

9. Embrace Infrastructure as Code (IaC) and Push for a Self-Service Infra Model

Cloud infrastructure should be considered an integral part of software development and treated equally to application code. By leveraging infrastructure as code, we can incorporate the best practices we use for software development, such as version control and CI/CD, into infrastructure creation. This model removes the need to manually set up and configure resources via UIs and further strengthens our automation efforts across the IT landscape. Changes are always auditable and transparent, and we can quickly roll back infrastructure systems to a previous state when there are issues. 

Thinking one step ahead, instead of adding another bottleneck of waiting for cloud infrastructure engineers to create the necessary resources, push for a self-service infrastructure model. In this model, the developers and anyone who needs infra resources can leverage some tooling to generate the required pieces. This way, we increase productivity and speed while giving autonomy to our developers, all via a single workflow. 

Check out how Spacelift can improve your IaC, assist your team in adopting a collaborative infrastructure model and achieving operational excellence. 

DevOps Anti-Patterns

Along with the rise of DevOps, we have also seen many anti-patterns emerge. During the quest to adopt DevOps practices, people have misinterpreted their scope and made mistakes that lead to common anti-patterns. Let’s look at some common challenges, traps, and misconceptions companies face while implementing DevOps principles.

1. Don’t Create Separate DevOps Team

Common mistake companies make when adopting DevOps practices is creating a separate team to handle the DevOps transformation. Unfortunately, this adds one more silo to the process and breaks the central promise of DevOps, which is increased collaboration and shared ownership between the existing teams. 

Similarly, we see operations teams rebranding into DevOps teams without actual changes in organizations’ culture, communication, and collaboration. DevOps is about bringing the different groups closer, not creating a new one. 

2. Avoid Having the DevOps Hero

At times, specific team members are more involved in the DevOps practices than others. That could be due to accumulated knowledge, a higher level of experience, or increased effort by a person. When this pattern emerges, it could lead quickly to the DevOps hero anti-pattern where a specific team member becomes indispensable to the team. 

This situation is highly problematic since the team’s performance and velocity depend on a single person. At the same time, this person may face an extremely high amount of work that eventually leads to burnout and potentially leaving the company. To avoid this anti-pattern, ensure the knowledge is spread across teams and team members. Divide the work equally and don’t rely on heroes but on teamwork and rigid processes to achieve results. 

3. Don’t Attempt to Automate and Change Everything at Once

Starting from scratch to apply DevOps practices in an organization could be daunting at first. As with most things, attempting to tackle everything at once is not the way to go. First, analyze the current situation and processes within your company. People usually don’t happily accept many changes, so you need to think strategically. Prioritize the tasks accordingly, find quick wins, automate the stuff that will have a higher impact, and focus on one thing at a time.

4. Avoid Chasing New Tools

As new services and tools pop up almost every day, adopting and using these new shiny toys is always tempting. It’s common for engineers to fall into this trap of introducing a new tool just because it’s trending without proper analysis of whether it’s needed or the best choice. 

Picking the right tools for the job is critical but is a process that should be reviewed meticulously. For every new service or tool we add, we should also consider its maintainability and the operational overhead, dependencies, complexity, and new cognitive load that we introduce in the process.

5. Don’t Sacrifice Quality for Speed

Since one of the main factors of DevOps success is velocity, many teams try to speed up their processes at the cost of quality and usually security. Many of the typical DevOps metrics are based on how fast we deliver, deploy and provide value, but they are not enough by themselves as they only tell half the story. Due to this disproportionate focus on speed, it’s easy to lose perspective of what is important; delivering quality software. Treat speed and quality equally, add meaningful automated tests and avoid cutting corners just to ship faster.

6. Don’t Give up on Continuous Improvement

Applying effective DevOps practices is a dynamic process that should be curated continuously. It might be tempting to rest and relax after implementing all the DevOps best practices in the roadmap, but unfortunately, this process never stops. 

Every step of the way, we should focus on reviewing our workflows and continuously improving our systems, processes, and products. We have to set up flows of constant feedback that allow us to review and reflect on our choices and ultimately improve. New paradigms, best practices, and improved models always appear, and we should be restless if we want our teams to survive, perform, and succeed. 

7. Don’t Neglect Documentation and Information Sharing

By definition, successful adoption of DevOps practices relies on sharing information efficiently within an organization and creating a workplace where collaboration thrives organically. Unfortunately, neglecting documentation and efficient information sharing is an anti-pattern that occurs too often in software teams. Documentation, when done right, could be a handy tool for developers. 

Try to integrate documentation tasks on team backlogs and treat docs as first-class citizens within your organization. Docs aren’t static and should be kept up to date, created consistently, and accessible to anyone who needs them. 

Key Points

We have explored different DevOps best practices and paradigms and analyzed how we can incorporate them to accelerate team performance and value creation. We also saw some hidden traps and anti-patterns to be aware of and avoid while pursuing DevOps excellence.

Thank you for reading, and I hope you enjoyed this article as much as I did.

Automation and Collaboration Layer for Infrastructure as Code

Spacelift is a sophisticated SaaS product for Infrastructure as Code that helps DevOps develop and deploy new infrastructures or changes quickly and with confidence

Start free trial