CAIC Summer of Tech | 6-Week Project-Based DevOps Program
Build, ship, and run 7 portfolio projects in 6 weeks β from Linux scripts to a fully observable cloud-native app.
| Week | Guide | Focus |
|---|---|---|
| 1 | week-01-linux-networking-git.md | Linux, shell, networking, Git, nginx, systemd Β· contest (100 pts, submit guide) Β· mini-project |
| 2 | week-02-docker-compose-debugging.md | Docker, Compose, container debugging, image hygiene Β· contest (200 pts, submit guide) Β· mini-project |
| 3 | Week 3 | CI/CD, GitHub Actions, quality gates, GHCR |
| 4 | Week 4 | Kubernetes, Helm, GitOps |
| 5 | Week 5 | Terraform, AWS, Cloudflare, FinOps |
| 6 | Week 6 | Observability, SRE, capstone |
Read the week's guide for teaching material, then follow the global workflow below to submit your work.
Fork it once at the start of the program and do all your work β contest code and mini-projects β in your own fork. Each week's submissions go through two channels:
- Contest β the
csotCLI (uploads directly to the autograder). - Mini-project β submitted on the contest portal (Mini-project submission page β paste your public repo URL).
# 1. Click "Fork" (top-right of this repo) β fork it to your GitHub account.
# You now have: github.com/<your-username>/csot-devops (your fork)
# The original: github.com/DevClub-IITD/csot-devops (upstream)
# 2. Clone YOUR fork to your laptop:
git clone https://github.com/<your-username>/csot-devops.git
cd csot-devops
# 3. Add the original repo as "upstream" so you can pull new weekly content:
git remote add upstream https://github.com/3x3cu73/csot-devops.git
git remote -v # should show: origin = your fork, upstream = the original
# 4. Each Monday, pull the new week's content from upstream into your fork:
git checkout main
git fetch upstream
git merge upstream/main # or: git rebase upstream/main
git push origin main # update your fork on GitHubThe fork is your single workspace for the entire 6-week program β contest attempts, mini-project work-in-progress, scratch scripts, notes. You never push anything back to this upstream repo. Mini-project deliverables are submitted on the contest portal β open the Mini-project submission page and paste your public project repo URL.
csot-devops/ β YOUR fork
βββ content/ β read-only; pulled from upstream
βββ submission/
β βββ week-NN/ β contest code lives here
β βββ 01.sh 02.sh ... β graded by the `csot` CLI
β βββ ...
βββ projects/
βββ week-NN/ β (optional) scratchpad for project drafts
β final project lives in its OWN public repo
β submit that repo URL via the form
Every week you have two deliverables. They are graded independently and have different submit flows.
| Deliverable | Where you write code | How you submit | Where graded | Guide |
|---|---|---|---|---|
| π Contest (autograded) | submission/week-NN/ in your fork |
csot submit ./submission/week-NN |
csot-devops.devclub.in (Docker sandbox) | [/submission/README.md](./submission/README.md) |
| π¦ Mini-project (manual) | your own public GitHub repo | contest portal β Mini-project submission (paste repo URL) | manual mentor review | [/projects/week-NN/README.md](./projects/week-01/README.md) |
- Never commit secrets /
.envfiles to your fork β even if it's private, it's still a GitHub repo. Runtrufflehog git file://. --only-verifiedbefore pushing. - Keep your fork public so mentors can audit your contest attempts and project work-in-progress if needed.
- For each mini-project, also create a separate dedicated public repo for the project itself (better portfolio piece than a folder inside the cohort fork). That dedicated repo's URL is what you put in the form.
Read Week 1 content Β· π Week 1 contest (12 tasks, 100 pts, autograded β contest submit guide) Β· π¦ Mini-project (50 pts, submitted on the portal)
Master the OS and the network β the bedrock everything else stacks on. Topics covered:
- DevOps & System Design Primer β CALMS framework, DevOps lifecycle, monolith vs microservices, CAP theorem, scalability, load balancing (L4 vs L7), reverse proxy vs API gateway
- Linux Essentials β filesystem hierarchy, permissions (
chmod,chown), processes (ps,top,htop), package managers (apt/dnf/brew), text manipulation (grep,awk,sed,cut,sort,uniq), environment &PATH - Shell Scripting & Automation β bash basics, defensive scripting (
set -euo pipefail),getopts,trap, cron jobs, 12-Factor Config - Long-Lived Services β
tmux(windows, panes, detach/attach), background jobs (&,nohup,disown),systemdservices + timers,journalctl - Networking Fundamentals β TCP vs UDP, ports, SSH + key auth, diagnostic tools (
ping,curl,dig,nslookup,ss,traceroute), DNS records (A, CNAME, MX, TXT, NS), firewalls, HTTP basics - Web Servers, Proxies & TLS β forward vs reverse proxy, nginx (server / location blocks,
proxy_pass, upstream / load balancing), Apache comparison, Caddy mention, Let's Encrypt + Certbot - Git & GitHub Mastery β branching, merge vs rebase, conflict resolution,
git stash/reflog/bisect, GitHub Flow vs Git Flow vs Trunk-Based, conventional commits - Secrets Hygiene β
.envpattern, pre-commit hooks, TruffleHog secret scanning, leak response (rotate, revoke)
Read Week 2 content Β· π Week 2 contest (12 tasks, 200 pts, autograded β contest submit guide) Β· π¦ Mini-project (50 pts, submitted on the portal)
Package once, run anywhere β securely and slim, then debug it when it breaks. Topics covered:
- Container Fundamentals β Linux namespaces, cgroups, containers vs VMs, Docker architecture (daemon, containerd, runc), images vs containers, OCI standard
- Writing Dockerfiles β layer caching + instruction ordering, multi-stage builds,
.dockerignore, base image choices (slim / alpine / distroless),HEALTHCHECK, image-digest pinning - Container Runtime β Docker networking (bridge, host, custom), volumes (bind, named, tmpfs), environment vars, debugging (
logs,exec,inspect,dive) - Multi-Service with
docker composeβ services, networks, volumes,depends_on+ healthcheck conditions, override files, dev vs prod compose - Incident Response & Debugging β reproducing flaky stacks, startup-order races, permission/volume bugs, fixing live containers via
exec(the contest's "2 AM page" scenarios) - Image Security & Supply Chain β Trivy vulnerability scanning, Syft for SBOM, cosign image signing, multi-arch builds with
buildx - Registries β GHCR (primary), Docker Hub, ECR, Quay, Harbor
- 12-Factor App Recap (Container Edition) β config via env, log to stdout, stateless processes, dev/prod parity
- Cloudflare Tunnels β public HTTPS for local containers with
cloudflared, quick vs named tunnels
Automate everything from commit to artifact, and never let a broken or insecure build ship. Topics covered:
- Why CI/CD β pipeline stages, Continuous Integration vs Delivery vs Deployment, tool landscape (Actions, Jenkins, GitLab CI, CircleCI)
- GitHub Actions Anatomy β workflows, jobs, steps, runners, triggers (
push,pull_request,schedule,workflow_dispatch), the Action marketplace + SHA pinning - Workflow Patterns β matrix builds, dependency caching, secrets + environments, composite actions, reusable workflows (
workflow_call),needs:, conditionals - Quality Gates β linting (ESLint / Flake8 / golangci-lint), unit + coverage tests, JSON-schema contract testing, TruffleHog secret scan, dependency auditing (
npm audit,pip-audit,govulncheck), Dependabot, branch protection - Continuous Delivery: GHCR β registry comparison, GitHub Container Registry setup,
GITHUB_TOKEN,docker/build-push-action, image tagging (latest+ commit SHA), making images public - Repo Hygiene & Release Automation β semantic versioning, conventional commits,
semantic-release,release-please, auto-CHANGELOG, required status checks - Jenkins Awareness β architecture (master/agent), Jenkinsfile (declarative pipeline), when companies still use Jenkins
- Other CI Tools (Brief) β GitLab CI, CircleCI, Travis, Drone CI
Run containers at scale, reliably, declaratively. Topics covered:
- Why Orchestration β limitations of compose, Kubernetes architecture (control plane: API server, etcd, scheduler, controller manager; nodes: kubelet, kube-proxy), the reconciliation loop
- Local Cluster Setup β Kind vs Minikube vs k3s, multi-node
kind-config.yaml, nginx-ingress controller install - Core Workload Objects β Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet, Job, CronJob, Namespace
- kubectl Fluency β
get/describe/apply/logs/exec/port-forward,kubectl explain, useful aliases + completion - Configuration & State β ConfigMaps, Secrets (and why they aren't encryption), resource requests vs limits, PersistentVolumes + PVCs, when to use StatefulSets
- Networking & Reliability β Service types (ClusterIP / NodePort / LoadBalancer / ExternalName), Ingress (nginx-ingress), liveness / readiness / startup probes, PodDisruptionBudgets, Network Policies (brief)
- Helm β charts, releases, templating,
values.yaml, sub-charts,helm install/upgrade/rollback/template/lint - GitOps with ArgoCD β philosophy,
ApplicationCRD, sync policies (auto-sync, prune, self-heal), drift detection, sync waves + hooks, Flux comparison - Debugging Kubernetes β the big four (CrashLoopBackOff, ImagePullBackOff, OOMKilled, Pending), reading events,
kubectl debugfor distroless
Real infrastructure, declaratively managed, cost-aware. Topics covered:
- Cloud Safety Briefing β billing alerts, MFA, IAM users (never root),
terraform destroydiscipline, free-tier limits + surprise-cost services (NAT, EKS control plane) - IaC Principles β declarative vs imperative, idempotency, drift detection, tool comparison (Terraform, Pulumi, CloudFormation, CDK)
- Terraform Basics β providers, resources, variables, outputs, locals, data sources, the workflow (
init/plan/apply/destroy), state file - Terraform at Scale β modules (writing + consuming), workspaces,
for_each/count/ dynamic blocks, remote state (Terraform Cloud free tier OR S3 + DynamoDB lock) - AWS Fundamentals β IAM (least privilege), VPC (subnets, route tables, IGW, NAT), EC2, S3, RDS, Security Groups, EKS overview
- GCP Awareness (Short) β GKE / Cloud Run / Cloud Storage equivalents, when to pick GCP
- Cloudflare Deep Dive β DNS records, proxy modes, Tunnels (
cloudflared), Access (Zero Trust), Pages, Email Routing, R2 (S3-compatible), Workers - Multi-Provider Terraform β combining
aws+cloudflareproviders in one repo, cross-provider dependencies - FinOps Basics β Cost Explorer, AWS Budgets with alerts, Spot vs On-Demand vs Reserved, right-sizing, cost allocation tags, Lambda vs Fargate vs EC2 cost lens,
infracost - Ansible Awareness β config management vs provisioning, playbook anatomy, when to use alongside Terraform
Make it visible, keep it alive, ship it safely β then deliver the final project. Topics covered:
- The 3 Pillars of Observability β metrics vs logs vs traces, monitoring vs observability
- Prometheus β pull architecture, exporters, Alertmanager, metric types (Counter / Gauge / Histogram / Summary), instrumenting Python/Node/Go apps with
/metrics - PromQL β instant vectors, range vectors,
rate(),sum by(),histogram_quantile(), common recipes - Grafana β data sources, dashboards, panels, variables, importing community dashboards, dashboard-as-code (JSON export), alerting
- Putting It on Kubernetes β
kube-prometheus-stackHelm chart,ServiceMonitorCRD, RED method, USE method, 4 Golden Signals - Logging & Tracing β Loki + Promtail (LogQL), ELK mention, OpenTelemetry standard, Jaeger trace UI, structured (JSON) logging
- SRE Deep Dive β SLI / SLO / SLA, error budgets + burn rate math, toil reduction, multi-window multi-burn-rate alerts, free Google SRE book chapters
- Incident Response β severity levels (Sev1βSev4), on-call rotation basics, runbook writing, postmortem culture (blameless), action items
- DevSecOps β SAST (Semgrep, Bandit, gosec), DAST (OWASP ZAP), dependency scanning (Snyk, Dependabot), container scanning (Trivy recap), supply chain (SBOM with Syft, signing with cosign), OWASP Top 10
- Chaos Engineering (Intro) β the Netflix story, Litmus / Chaos Mesh, a first chaos experiment
- Capstone Project β final week dedicated to polishing and submitting the natural conclusion of everything you've built since Week 1
- Linux β shell, processes, permissions, networking, nginx, systemd, tmux
- Git β branching, merging, rebasing, GitHub Flow, secrets hygiene
- CI/CD β GitHub Actions, Jenkins (awareness), reusable workflows, quality gates
- Quality β lint, test, JSON-schema contracts, TruffleHog, dependency audits
- Containers β Docker, multi-stage builds, compose, Trivy, Syft (SBOM)
- Orchestration β Kubernetes (Kind), Helm, ArgoCD GitOps
- IaC β Terraform (Docker + Cloudflare + AWS providers), Ansible (awareness)
- Cloud β AWS (awareness/bonus), Cloudflare (DNS, Tunnels, Access, Pages)
- Observability β Prometheus, Grafana, Loki, OpenTelemetry, Jaeger
- SRE β SLI/SLO/SLA, error budgets, runbooks, postmortems, on-call
- DevSecOps β SAST, DAST, dependency scanning, image signing, supply chain
- FinOps β Cost Explorer, Budgets, Spot, right-sizing
- System Design β load balancing, scalability, proxies, microservices
- Every week is built around one buildable mini-project + several alternative project ideas you can pick from
- Each project has a π’ Local Track and a π‘ Cloud Track (optional bonus)
- Capstone in Week 6 ties everything together into one polished, deployable system
- 7 portfolio pieces by the end β each with a public URL or demoable GitHub repo
Zero credit card required for the local track of every week. The full program runs on:
- Your laptop (Linux / WSL / Mac)
- Free GitHub account (with free Actions runners + GHCR)
- Free Cloudflare account (DNS + Tunnels + Pages + Access)
- Free Terraform Cloud account (remote state)
Cloud bonuses (AWS / GCP / managed Kubernetes) are optional for students who have credits (AWS Educate, GitHub Student Pack, Oracle Free Tier, etc.).
- ~7β9 hours/week, self-paced
- Async via the content repo; live sessions only for the kickoff, mid-program AMA, capstone kickoff, and demo day
For each week (Week 1 first):
- Monday β sync your fork with upstream (
git fetch upstream && git merge upstream/main && git push) to pull the new week's content. - MonβWed β read the matching
content/week-0N-*.mdguide; complete the modules and builds. - WedβSat β contest: solve the 12 tasks in
submission/week-NN/of your fork; submit incrementally withcsot submit . -t NNas you go. (Guide:[/submission/README.md](./submission/README.md)) - ThuβSun β mini-project: build your DevOps Toolkit / weekly project in its own public GitHub repo, then submit the repo URL on the contest portal (Mini-project submission page). (Guide:
[/projects/week-01/README.md](./projects/week-01/README.md)) - Sunday 11:59 PM IST β deadline for both deliverables.
First-time setup (fork + clone + add upstream): see How to Participate above.
Organized by CSOT (CAIC Summer of Tech) β DevOps Vertical, 2026 cohort.