EN

KUBICAST #187 - DevX, DevREL and AI in reality at iFood!

How a Food Tech can create an ecosystem that streamlines the onboarding and daily routine of developers!

mansplainer

João Brito

In Kubicast #187, we welcomed Luiz Henrique and Larissa Vitoriano for a straight-to-the-point conversation on how iFood has been structuring Developer Experience (DevX), Developer Relations (DevRel), and Artificial Intelligence in a pragmatic way — with a serious impact on productivity, quality, and security. This blog post distills the learnings from the episode into an actionable guide for platform and engineering teams who want to speed up delivery without giving up governance.


Executive summary

  • DevX is a product: treat developer experience as a backlog with an owner, metrics, and a roadmap. Golden paths, templates, and automations reduce idea-to-prod time (lead time) and cognitive effort.

  • DevRel is a bridge: continuous feedback between the internal/external community and the platform product. No vanity: prioritization guided by data and real problems.

  • AI is already practical: responsible use in code generation, testing, documentation, SRE/observability support, and cost insights, with clear security and privacy guardrails.

  • Right metrics: combine DORA/SPACE with platform metrics (adoption of happy paths, provisioning time, MTTR, and cost per change).

  • Lightweight governance: "shift-left" policies, component catalogs, and automated guardrails so as not to restrict the autonomy of squads.


Why DevX matters (and how to measure it)

Signs that the experience is hurting: long onboarding, queues in platform teams, high pipeline variation between squads, and repeated configuration incidents. The antidote begins with intentional defaults:

  • Golden paths: pre-approved pipelines, configs, and toolchains that solve 80% of cases.

  • Starter kits: seed repositories with example apps, testing, observability, and security already plugged in.

  • Self-service: developer portals to provision environments, secrets, and integrations.

Measuring what matters:

  • DORA (deployment frequency, lead time, change failure rate, MTTR) to look at delivery flow.

  • SPACE (satisfaction, performance, activity, communication, efficiency) for the human experience.

  • Platform KPIs: service bootstrap time, template adoption, success rate of the first deploy, cost per environment.

The rules of thumb: if the indicator doesn't change behavior, it's noise. If it changes backlog and architecture decisions, it's a signal.


Internal platform at iFood: standards that accelerate

The iFood case highlights three pillars:

  1. Standardization without rigidity: evolutionary standards, reviewed by lightweight technical committees. The happy path exists — but the "off-track" exit is conscious and reviewable.

  2. Journey-oriented automation: from git init to deployment with embedded observability, feature flags, and security policies.

  3. Service catalog: easy discovery of components, clear owners, and visible SLOs. Less "who takes care of this?" and more ownership.

Observed effects:

  • Onboarding of new squads in days (not weeks).

  • Reduction in incidents caused by diverging configurations.

  • Reduction of cognitive load for product teams: focus on the domain, not on boilerplate.


DevRel that moves the needle

DevRel is not just talks or social media. It is about technical relationship management to close the loop between product, community, and platform:

  • Structured feedback collection: quick interviews, office hours, and internal forums yield a qualified backlog.

  • Champions program: engineers in squads become focal points, spreading standards and bringing back pain points.

  • Content with purpose: live docs, reproducible examples, and migration guides. Less PDF, more executable repository.

  • Anti-vanity metrics: measuring standards adoption, time to first success, and avoided tickets, instead of likes.

When DevRel operates as a product, the platform stops "pushing" tools and starts solving real development problems.


AI in the development cycle (hype-free)

The iFood has been applying AI in areas with immediate gains and controlled risks:

  • Assisted coding: contextual suggestions to speed up refactors and unit tests, with code review and data retention policies.

  • Quality and testing: generation of test cases and contract testing; prioritizing scenarios based on risk.

  • Observability and SRE: log summarization, query suggestions, and remediation tips for recurring incidents.

  • Live docs: generation and maintenance of technical documentation from code, ADRs, and executable examples.

  • AI FinOps: cost visibility per call/model and limits per environment — AI is a product feature, not an uncontrolled toy.

Essential guardrails:

  • Data classification (PII/PHI) and leak prevention policies.

  • Prompt security reviews and model assessment.

  • Approval tracks for sensitive cases (legal, privacy, risk).


Security and governance without friction

  • Security shift-left: scanners and checks in templates and pipelines, with reviewable exceptions and clear mitigation deadlines.

  • Secrets and identity: vaults integrated into the developer portal and automatic rotation.

  • Compliance as code: versioned policies; evidence generated by pipelines themselves.

Result: fewer "manual gates," more automated guardrails that protect without blocking.



Practical checklist to start tomorrow

  1. Map the dev journey: from "create service" to "run in production." Find the friction points.

  2. Define a golden path: template + pipeline + observability + security.

  3. Self-service portal: catalogs of components, owners, and SLOs.

  4. Install guardrails: policies as code and controlled escape hatches.

  5. Create a DevRel loop: office hours, champions, and measurable feedback.

  6. Live metrics: DORA/SPACE + platform KPIs. Review monthly.

  7. Pilot AI responsibly: high ROI and low risk use cases, measuring cost/benefit.


Questions to bring to your team

  • What is the average time of the first deploy with active observability and security?

  • How many services follow the happy path and why don't the others?

  • What incidents stem from diverging configurations that a template would solve?

  • Where does AI save time today and where does it only add complexity?


🎧 Listen also to the Kubicast on Spotify, and share it with everyone who has free time because they are waiting for some kind soul to review their PR.

Newsletter Getup.

Atualizações sobre Kubernetes e Software Supply Chain Security todos os meses.

Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.