DevOps β 0 dan Expertgacha (o'zbek tilida)¶
Bu kitob bitta ilova yozishni biladigan dasturchini (frontend yoki backend β farqi yo'q) shu ilovani ishonchli, avtomatik va qayta-qayta serverga chiqarib, kuzatib va boshqarib turadigan darajaga olib chiqadi. Linux serverdan boshlab β Docker konteynerlar, GitHub Actions bilan CI/CD, Nginx reverse proxy va HTTPS, systemd, Kubernetes orkestratsiyasi, Prometheus + Grafana monitoringi, Ansible/Terraform (Infrastructure as Code) orqali β yakuniy to'liq DevOps platforma kapstonigacha.
π οΈ Zamonaviy stek (2026). Kitob faqat joriy idiomdan foydalanadi: Docker Compose v2 (
docker compose,compose.yamlβ eskidocker-composevaversion:kaliti emas), GitHub Actions v6 action'lari (actions/checkout@v6), Ubuntu 26.04 LTS, Kubernetes 1.3x, Prometheus 3.x, Grafana 12.x. Internetdagi eski qo'llanmalardagidocker-compose up,version: "3",checkout@v2kabilar eskirgan β kitobda ular faqat β "eski usul" sifatida ko'rsatiladi.β οΈ HALOL eslatma. Kitobdagi konfiguratsiya va kod β Dockerfile'lar,
compose.yamlfayllari, GitHub Actions workflow'lari, Nginx config'lari, Bash skriptlari va Kubernetes manifestlari β lokal mashinada haqiqatan ishga tushirib tekshirilgan: Dockerfile'lardocker build+docker runbilan qurilgan, compose fayllaridocker compose configbilan, Nginx config'laringinx -tbilan, Bashbash -nbilan, YAMLyamllintbilan tasdiqlangan. Ammo jonli infratuzilma β real VPS'daapt/ufw/systemctl, Certbot bilan haqiqiy domenga sertifikat, SSH orqali deploy, jonli Kubernetes klaster, cloud resurslari va Grafana dashboard'lari β server, domen yoki cloud hisobi talab qiladi; bu bloklar to'g'ri, lekin matnda "illustrativ" deb belgilangan. Ularni o'z serveringizda ishga tushiring.βΉοΈ Bu kitob siz bitta dasturlash tilida ilova yoza olasiz (Node.js, Python/Django, PHP/Laravel β bari mos) va terminal hamda Git bilan tanish deb hisoblaydi. Git yangi bo'lsa, avval Git & GitHub β 0 dan Expertgacha kitobini o'qing (CI/CD qismi shunga tayanadi).
Bu kitob nimaga o'rgatadi?¶
Tasavvur qiling: ilovangiz lokalda zo'r ishlaydi, lekin serverga chiqarish β har safar qo'rqinchli marosim. Qo'lda fayl ko'chirish, "menda ishlaydi-ku" muammosi, tushib qolgan sayt, yo'qolgan ma'lumot. DevOps β aynan shu og'riqni yo'qotadi: ishlab chiqish (Dev) va ishlatish (Ops) o'rtasidagi devorni buzib, hamma narsani avtomatik, takrorlanadigan va kuzatiladigan qiladi.
Kitob oxirida siz: ilovani konteynerga joylaysiz, har git push'da avtomatik test+build+deploy qilasiz, uni Nginx + HTTPS ortida ishlatasiz, Kubernetes'da masshtablaysiz, Prometheus/Grafana bilan kuzatasiz va Ansible/Terraform bilan butun serverni koddan tiklaysiz.
Qanday o'qish kerak¶
- Boblarni tartib bilan o'qing (01 β 02 β ...). Har biri oldingisiga tayanadi.
- Har bir buyruq va konfiguratsiyani o'zingiz tering va ishga tushiring β DevOps faqat amaliyot bilan o'rganiladi.
- Bitta arzon VPS (yoki lokal virtual mashina) oling β kitobning yarmidan ko'pi real serverda mashq qilishni talab qiladi. Cloud provayderlar yangi hisob uchun bepul kredit beradi.
- Docker'ni lokal kompyuteringizga o'rnating (Docker Desktop yoki Linux'da Docker Engine) β 06-bobdan boshlab kerak bo'ladi.
Talab¶
| Kerak | Daraja |
|---|---|
| Bitta tilda ilova yoza olish (Node/Python/PHP) | Shart |
| Terminal va Git bilan tanishlik | Shart |
| Linux asoslari (fayl, papka, buyruq) | Foydali (02-bobda qaytariladi) |
| Arzon VPS yoki lokal virtual mashina | Amaliyot uchun shart |
| Cloud hisobi (kapston/IaC uchun) | Foydali |
Mundarija¶
I qism β DevOps va Linux poydevori¶
| # | Bob | Mavzu |
|---|---|---|
| 01 | DevOps nima va nega kerak | DevβOps devori, DevOps madaniyati, CALMS, CI/CD/IaC/monitoring tushunchalari, SRE, kitob xaritasi. |
| 02 | Linux server asoslari | SSH bilan ulanish, fayl tizimi, foydalanuvchi/guruh, ruxsatlar (chmod/chown), paketlar (apt), systemctl asos. |
| 03 | Bash skripting va avtomatlashtirish | O'zgaruvchi/shart/sikl/funksiya, argument, exit code, quvur (pipe), cron bilan rejalashtirilgan vazifa. |
| 04 | Tarmoq va server xavfsizligi | IP/port/DNS/HTTP(S), ufw firewall, SSH kalit autentifikatsiya, root'ni o'chirish, fail2ban, server hardening. |
| 05 | Ilovani qo'lda serverga joylash | Real ilovani VPS'da qo'lda ishga tushirish β va nega bu yo'l og'riqli (keyingi boblar uchun motivatsiya). |
II qism β Konteynerlar: Docker¶
| # | Bob | Mavzu |
|---|---|---|
| 06 | Docker nima: konteynerlar | Konteyner vs virtual mashina, image/container/registry, "menda ishlaydi" muammosini Docker qanday yechadi. |
| 07 | Konteyner bilan ishlash | docker run/ps/logs/exec/stop/rm, port chiqarish (-p), environment (-e), interaktiv rejim. |
| 08 | Dockerfile: o'z image'ingiz | FROM/RUN/COPY/WORKDIR/CMD/ENTRYPOINT, qatlamlar (layers), .dockerignore, build kesh. |
| 09 | Image optimizatsiya va registry | Multi-stage build, kichik base (alpine/distroless), kesh tartibi, tag, Docker Hub va GHCR'ga push. |
| 10 | Volume va Docker tarmog'i | Persistent ma'lumot (named volume / bind mount), docker network, konteynerlararo DNS bilan aloqa. |
| 11 | Docker Compose | Ko'p-servisli ilova (web+db+cache) bitta compose.yaml'da, .env, depends_on, healthcheck, profillar. |
III qism β CI/CD: avtomatlashtirish¶
| # | Bob | Mavzu |
|---|---|---|
| 12 | CI/CD va GitHub Actions asoslari | CI/CD nima, workflow anatomiyasi (on/jobs/steps/uses/run), runner, birinchi pipeline. |
| 13 | Test va build pipeline | Lint+test avtomatlashtirish, matrix (ko'p versiya), kesh (actions/cache@v5), artifact, status badge, branch himoyasi. |
| 14 | Docker image CI va GHCR | Image'ni Actions'da qurib GHCR'ga push, secrets, docker/build-push-action@v7, tag strategiyasi (sha/semver), Trivy bilan zaiflik skani. |
| 15 | Avtomatik deploy | SSH orqali serverga avtomatik deploy, environments, qo'lda tasdiq (approval), rollback, deploy-on-tag. |
IV qism β Nginx, HTTPS va deploy¶
| # | Bob | Mavzu |
|---|---|---|
| 16 | Nginx asoslari | O'rnatish, server block, static fayl, location, log, konfiguratsiya tuzilishi, nginx -t va reload. |
| 17 | Reverse proxy va load balancing | proxy_pass, upstream, ilova oldida Nginx, gzip, kesh, WebSocket, bir nechta instansga yuk taqsimlash. |
| 18 | HTTPS, domen va Let's Encrypt | DNS yo'naltirish, Let's Encrypt/Certbot bilan bepul sertifikat, TLS sozlash, HTTPβHTTPS, avtomatik yangilash. |
| 19 | systemd va process boshqaruvi | systemd service unit, restart siyosati, journald log, ilovani demonlashtirish, konteynersiz xizmat. |
| 20 | To'liq production deploy | Compose + Nginx reverse proxy + HTTPS + domen β real ilovani noldan production'ga chiqarish, zero-downtime asoslari. |
V qism β Kubernetes va orkestratsiya¶
| # | Bob | Mavzu |
|---|---|---|
| 21 | Nega Kubernetes: arxitektura va lokal klaster | Orkestratsiya muammosi, K8s arxitekturasi (control plane, node, kubelet, etcd), kubectl, minikube/kind bilan lokal klaster. |
| 22 | Pod, Deployment, Service | Pod, ReplicaSet, Deployment, Service (ClusterIP/NodePort/LoadBalancer), YAML manifest, ConfigMap/Secret, label/selector. |
| 23 | Production Kubernetes | Rolling update va rollback, liveness/readiness probe, resource requests/limits, namespace, horizontal autoscaling (HPA). |
| 24 | Ingress, storage, Helm va GitOps | Ingress controller (nginx) + TLS, persistent storage (PV/PVC, StatefulSet kirish), Helm chart, GitOps (Argo CD kirish), managed K8s (cloud). |
VI qism β Monitoring, IaC va kapston¶
| # | Bob | Mavzu |
|---|---|---|
| 25 | Monitoring: Prometheus va Grafana | Metrika turlari, Prometheus + node_exporter + cAdvisor, PromQL asoslari, Grafana dashboard, Compose bilan monitoring stek. |
| 26 | Logging, alerting, backup va ishonchlilik | Markazlashtirilgan log (journald/Loki/logrotate), Alertmanager, healthcheck/uptime, SLI/SLO/error budget, DB va volume backup + restore. |
| 27 | Infrastructure as Code: Ansible va Terraform | IaC nima, Ansible bilan server tayyorlash (idempotentlik, playbook), Terraform bilan cloud resurs (plan/apply/state), immutable infratuzilma. |
| 28 | Yakuniy kapston: to'liq DevOps platforma | Boshidan oxirigacha: kod β GitHub Actions CI β image β GHCR β Kubernetes deploy β Ingress+HTTPS β Prometheus/Grafana β backup; runbook va post-mortem. Yo'l yakuni. |
Muallif¶
Oqil Imomnazarov β ioqil.uz Β· Telegram Β· YouTube
Kitob bepul tarqatiladi (CC BY-NC-SA 4.0). Savdo qilish taqiqlanadi.