← Back to Blog

DevOps Without the Headcount: Modern Deployment for Small Teams

May 11, 2026 DevOps

When we started shipping web apps for clients, the gap between "works on my laptop" and "running reliably in production" felt enormous. Big companies solve it with dedicated platform teams. The rest of us? We have to be the platform team and the developers and sometimes the support desk too. The good news: the tooling has caught up. A solo developer in 2026 can run a deployment pipeline that would have required a team of five a decade ago.

Here's how we approach DevOps at TCCB Solutions when the team is small and the stakes are still high.

Start with Git as the source of truth

Every deployment we run begins and ends with a Git commit. No SSHing into servers to edit config files. No "quick fixes" that live only in production. If it isn't in the repo, it doesn't exist.

This sounds obvious, but it's the foundation everything else stands on. When your infrastructure, application code, and deployment scripts all live in version control, rolling back becomes a git revert instead of a panic.

Containerize early, even for small projects

We containerize almost everything we ship now. Docker (or Podman, if you prefer) removes an entire class of "it worked in staging" problems. A minimal Dockerfile for a Node app might look like this:

FROM node:22-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:22-alpine
WORKDIR /app
COPY --from=build /app/dist ./dist
COPY --from=build /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/server.js"]

Multi-stage builds keep the final image small and free of build tooling. Smaller images mean faster deploys and a smaller attack surface.

Automate with GitHub Actions (or your CI of choice)

We lean on GitHub Actions because it's already where our code lives, but the principles apply to GitLab CI, Forgejo Actions, or anything else. A typical workflow for us runs tests on every push, builds a container image on merges to main, and pushes it to a registry:

name: build-and-deploy
on:
  push:
    branches: [main]

jobs:
  ship:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/build-push-action@v5
        with:
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}

The key is keeping it boring. Fancy pipelines rot. Simple pipelines keep working.

Pick deployment targets that match the team size

For most small-team projects, we recommend one of three approaches:

Managed platforms like Fly.io, Railway, or Render — zero infrastructure work, predictable pricing, perfect for MVPs and side projects.
A single VPS with Docker Compose — cheap, transparent, and surprisingly resilient. Great for internal tools and low-traffic production sites.
A small Kubernetes cluster (k3s is our go-to) — overkill for one app, but pays off the moment you're running five or ten.

The mistake we see most often is teams reaching for Kubernetes when a $12 VPS would serve them better for the next two years.

Treat secrets like the liability they are

We never bake secrets into images or commit them to Git, even private repos. A small team can get a long way with the secret manager built into their hosting platform, or a self-hosted option like Infisical or Bitwarden's secrets manager. The rule is simple: if a credential leaks, you should be able to rotate it from one place, not chase it through six config files.

Observability isn't optional

You can't fix what you can't see. We deploy Uptime Kuma for synthetic monitoring on every project — it takes ten minutes to set up and tells you when your site goes down before your client does. For logs and metrics, a lightweight stack like Grafana plus Loki gets you most of the value of enterprise observability tools without the bill.

Backups, tested

An untested backup is a wish. We schedule restores into a scratch environment on a recurring basis, even if it's monthly. Knowing your backup works is worth more than having ten backups you've never verified.

Wrapping up

Modern DevOps for small teams isn't about replicating what Google does — it's about picking the handful of practices that give you 80% of the safety net for 5% of the effort. Git everything, containerize, automate the boring parts, monitor what matters, and resist the urge to over-engineer.

If you'd like help setting up a deployment pipeline that fits your team's size and budget, get in touch with us — we'd love to talk through what would work for you.