Cloud Deploy
Koddan bulutgacha sayohatning oxirgi bosqichi - ilovangizni dunyoga taqdim eting.
Cloud Deploy nima?
Cloud Deploy - bu ilovani cloud infrastructure'ga joylash, uni foydalanuvchilarga yetkazib berish jarayoni. Bu "From Code to Cloud" sayohatining oxirgi va eng muhim bosqichi.
Cloud deployment quyidagilarni o'z ichiga oladi:
- Infrastructure provisioning - serverlar, network, storage yaratish
- Application deployment - kod/container'larni serverga joylash
- Configuration - environment variables, secrets, DNS
- Scaling - load'ga qarab resurslarni oshirish/kamaytirish
- Monitoring - sog'liqni kuzatish, alerting
Cloud - bu AWS, Google yoki Microsoft data centerlaridagi serverlar. Siz ularni "ijaraga" olasiz. O'zingiz server sotib olish, joylashtirish, boshqarish shart emas. Faqat ishlatgan resurs uchun to'laysiz.
Nega kerak?
Nima uchun o'z serveringizni emas, cloud'ni ishlatish kerak?
Elasticity
Black Friday'da 100x traffic? 5 daqiqada 100 server qo'shing. Tunda faqat 2 server.
Global reach
Bir necha daqiqada dunyoning istalgan nuqtasida server oching. Edge locations.
Security
Cloud provider'lar security'ga milliardlab dollar sarflaydi. Compliance certificates.
Cost efficiency
CapEx → OpEx. Katta investitsiya shart emas. Pay-as-you-go model.
Cloud arzon emas! Noto'g'ri konfiguratsiya bilan oylik $10,000+ bill kelishi mumkin. Cost monitoring, budget alerts, right-sizing muhim. Doim "reserved instances" va "spot instances" o'ylab ko'ring.
Asosiy tushunchalar
Cloud Service Models
- IaaS (Infrastructure as a Service) - VM, network, storage. EC2, Compute Engine.
- PaaS (Platform as a Service) - runtime environment. Heroku, App Engine, Elastic Beanstalk.
- SaaS (Software as a Service) - tayyor dastur. Gmail, Salesforce.
- FaaS (Function as a Service) - serverless. Lambda, Cloud Functions.
Deployment Strategies
Pod'lar birin-ketin yangilanadi. Downtime yo'q, lekin mixed versions.
Default Kubernetes strategy2 muhit, traffic bir zumda almashadi. Instant rollback.
Xavfsiz, tez rollbackAvval 5% traffic, keyin asta-sekin 100%. Real user testing.
Eng xavfsiz, erta xato aniqlashKod deploy, feature runtime'da yoqiladi/o'chiriladi.
Kod rollback shart emasContainer Orchestration
Containerlarni boshqarish uchun:
- Kubernetes - industry standard, powerful, murakkab
- ECS/Fargate - AWS native, simpler
- Cloud Run - GCP serverless containers
- Azure Container Apps - Azure serverless
Cost Optimization
- Reserved Instances - 1-3 yillik commitment = 30-70% tejash
- Spot/Preemptible - keraksiz capacity = 90% tejash (lekin to'xtatilishi mumkin)
- Right-sizing - ortiqcha katta instance ishlatmang
- Auto-scaling - faqat kerak bo'lganda resurs
- Serverless - idle vaqtda to'lov yo'q
Amaliy jarayon (step-by-step)
Cloud provider tanlash
AWS (eng keng), GCP (Kubernetes, ML), Azure (enterprise). Multi-cloud yoki single? Cost, team expertise, compliance requirements.
Account va organization setup
Root account, IAM, billing alerts, multi-account strategy (dev/staging/prod). AWS Organizations, GCP folders.
Network architecture
VPC, subnets (public/private), NAT Gateway, Security Groups, VPN/Direct Connect. Terraform bilan IaC.
Container registry va build
ECR, GCR, ACR - Docker image'larni saqlash. CI pipeline'dan push. Vulnerability scanning.
Kubernetes yoki managed service
EKS, GKE, AKS - managed Kubernetes. Yoki Fargate, Cloud Run - serverless. Helm charts, GitOps (ArgoCD).
Database va stateful services
RDS, Cloud SQL, DocumentDB - managed databases. Backup, replication, encryption at rest.
CDN va edge
CloudFront, Cloud CDN - static assets. Edge functions - compute at edge. Global latency kamaytirish.
Monitoring va observability
CloudWatch, Stackdriver, Azure Monitor. Yoki third-party: Datadog, New Relic. Dashboards, alerts, on-call.
Eng ko'p uchraydigan xatolar
Oy oxirida $50,000 bill keldi - hech kim kutmagan. Billing alerts, budgets, cost explorer - day 1 dan o'rnating.
S3 bucket public qoldirildi - company data leak. Default: private. "Block public access" setting yoqing.
Bitta availability zone'da deploy - AZ o'chsa, sayt ham o'chadi. Har doim multi-AZ.
Root account bilan kundalik ish - juda xavfli. IAM users, roles, least privilege. MFA majburiy.
AWS Well-Architected Framework yoki GCP Cloud Architecture Framework o'qing. Cost, security, reliability, performance, operational excellence - 5 ustun.
Best practices
- Multi-AZ va multi-region deployment - high availability
- Infrastructure as Code - Terraform, Pulumi. ClickOps yo'q
- Immutable deployments - server'ni patch qilmang, almashtiring
- Auto-scaling - CPU/memory/custom metrics asosida
- Cost tagging - har bir resursga tag (team, environment, project)
- Backup va disaster recovery - RTO/RPO aniqlang, test qiling
- Least privilege IAM - faqat kerakli permissionlar
- Encryption everywhere - at rest va in transit
- GitOps - ArgoCD, Flux bilan declarative deployment
- FinOps practice - cloud cost management culture
Asboblar va texnologiyalar
EKS/GKE/AKS
Managed Kubernetes. Control plane managed, siz worker nodes. Production-ready.
ArgoCD
GitOps operator. Git = source of truth. Declarative, auditable deployments.
Kubecost
Kubernetes cost monitoring. Pod, namespace, label bo'yicha xarajatlar.
Mini misol
AWS EKS ga Kubernetes deployment:
apiVersion: apps/v1 kind: Deployment metadata: name: my-app namespace: production labels: app: my-app version: v1.2.0 spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: my-app template: metadata: labels: app: my-app version: v1.2.0 spec: containers: - name: my-app image: 123456789.dkr.ecr.us-east-1.amazonaws.com/my-app:v1.2.0 ports: - containerPort: 3000 resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 3000 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 3000 initialDelaySeconds: 5 periodSeconds: 5 env: - name: NODE_ENV value: "production" - name: DATABASE_URL valueFrom: secretKeyRef: name: app-secrets key: database-url affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app: my-app topologyKey: "topology.kubernetes.io/zone" --- apiVersion: v1 kind: Service metadata: name: my-app namespace: production spec: type: ClusterIP ports: - port: 80 targetPort: 3000 selector: app: my-app --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: my-app-hpa namespace: production spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: my-app minReplicas: 3 maxReplicas: 20 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70
ArgoCD Application (GitOps):
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: my-app namespace: argocd spec: project: default source: repoURL: https://github.com/company/k8s-manifests targetRevision: main path: apps/my-app/production destination: server: https://kubernetes.default.svc namespace: production syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true
Xavfsizlik va ishonchlilik
- IAM least privilege - faqat kerakli permissionlar. Root account faqat emergency.
- MFA everywhere - console va CLI access uchun multi-factor authentication.
- Encryption at rest va in transit - EBS, S3, RDS encryption. TLS everywhere.
- VPC security - private subnets, security groups, NACLs. Public access minimal.
- Secrets management - AWS Secrets Manager, Vault. Env variables'da plaintext yo'q.
- Compliance - SOC 2, HIPAA, GDPR. Cloud provider certifications leverage qiling.
Ko'p so'raladigan savollar (FAQ)
AWS - eng keng servislar, eng katta bozor, ko'p dokumentatsiya. GCP - Kubernetes native (GKE eng yaxshi), BigQuery, ML. Azure - Microsoft stack, enterprise, hybrid cloud. Team expertise va existing tools ham muhim. Kichik loyiha - GCP/AWS. Enterprise - Azure/AWS.
Kubernetes: murakkab apps, full control, consistent environment, portability. Serverless (Lambda, Cloud Run): oddiy workloads, event-driven, pay-per-use, tez scaling. Hybrid ham bo'lishi mumkin. Kichik jamoa + oddiy app = serverless. Katta app + team expertise = Kubernetes.
1) Reserved Instances (30-70% tejash). 2) Spot/Preemptible (90% tejash, stateless workloads). 3) Right-sizing - ortiqcha katta instance ishlatmang. 4) Auto-scaling - tunda kam server. 5) S3 lifecycle policies. 6) Unused resources o'chirish. Kubecost, AWS Cost Explorer ishlating.
Single cloud: sodda, optimal integration, vendor expertise. Multi-cloud: vendor lock-in yo'q, best-of-breed, lekin murakkab. Ko'p kompaniyalar aslida "multi-cloud by accident" - turli acquisitions natijasida. Bilgan holda multi-cloud = katta overhead. Lekin DR uchun ikkinchi cloud bo'lishi mumkin.
Git = single source of truth. Auditable - kim, qachon, nima o'zgartirdi (git log). Rollback oson (git revert). Declarative - desired state, reconciliation loop. ArgoCD, Flux. Security - cluster'ga to'g'ridan-to'g'ri access shart emas, faqat Git'ga push.
RTO (Recovery Time Objective) va RPO (Recovery Point Objective) aniqlang. Multi-AZ = AZ failure. Multi-region = region failure. Database replication, backup'lar, IaC (tez recreate). Chaos testing - muntazam DR drill o'tkazing. Runbooks tayyor bo'lsin.
Containers (Docker) - portable. Kubernetes - har qayerda ishlaydi. Terraform - multi-cloud IaC. Standard protocols (SQL, REST, gRPC). Lekin: 100% portable bo'lish qimmat va murakkab. Cloud-native servislar (Lambda, DynamoDB) afzalliklarini yo'qotasiz. Balance toping.
Ish vaqtida - jamoa tayyor bo'lganda. Juma kechqurun yoki bayram oldidan - HECH QACHON. Feature flags bilan xavfni kamaytiring. Canary deploy - avval 5% traffic. Monitoring va rollback tayyor. "Deploy early, deploy often" - kichik o'zgarishlar xavfsizroq.
Glossary (Atamalar lug'ati)
Sayohat yakunlandi!
Siz "From Code to Cloud" yo'lining barcha 8 bosqichini o'rgandingiz. Endi siz professional tarzda kod yozish, deploy qilish va cloud infrastructure boshqarishni bilasiz.
Bosh sahifaga qaytish