Stage 7 · Master
Fieldwork: A Production-Grade Go Backend
A complete, from-scratch backend engineering course for engineers who've finished Go fundamentals and want to build real production systems: a multi-tenant workspace API built module-by-module with Gin, Postgres, Redis, Kafka, Docker, and Kubernetes. Every module is real code with real trade-offs — not interview prep, not a reference doc.
Prerequisite
Programming Foundations (Go). No prior backend experience required.
What this course leaves you with
- Build a real multi-service backend from scratch: Gin, Postgres, Redis, and Kafka wired together
- Design multi-tenant isolation from the schema up through the gateway
- Apply SOLID in Go without a framework, and test the result honestly
- Ship every service as an independent, health-checked Kubernetes Deployment with CI/CD
Why this stage matters — You've finished Go fundamentals — this is where you build a real production backend, from scratch, end to end.
Progress
0 of 58 lessons complete. Progress is stored locally in your browser so you can pick the path back up later.
course completion
Kicking Off Fieldwork
The premise for this course: one real backend, built and documented as it's built, decisions and dead ends included.
Project Foundations & Workspace Layout
Fieldwork starts as the smallest thing that can run: one module, one binary, one file. Every folder that shows up after this module has to earn its place.
- 01One Module, One BinaryWhy Fieldwork starts as a single go.mod and a single main.go on stdlib net/http — and exactly what would have to be true before we'd reach for go.work.11 min
- 02cmd/ and internal/ Conventionsmain.go starts accumulating real logic, so we extract the first internal/ package. Why now, and why only one package, not a whole layout.12 min
- 0312-Factor Config & Structured LoggingReading config from the environment and adding Zap request logging to the one service that exists — no multi-service log envelope yet, because there's only one service.14 min
Designing the Data Layer
The concrete multi-tenant Postgres schema, migrations, and a repository layer that makes tenant isolation the default, not an afterthought.
- 01Designing the Multi-Tenant SchemaTenants, workspaces, projects, tasks, and memberships — the schema every Fieldwork service shares.16 min
- 02Schema Migrations & Seed DataVersioned migrations with goose, reversible changes, and seeding a realistic multi-tenant dataset for local dev.13 min
- 03The Repository Pattern with pgxWrapping raw SQL behind small, interface-shaped repositories instead of an ORM.15 min
- 04Transactions & Tenant IsolationEnforcing tenant_id scoping at the query layer so a missing WHERE clause can't leak data across tenants.13 min
Building the HTTP API with Gin
Turning the data layer into a real, contract-driven HTTP API — routing, validation, errors, and pagination done consistently.
- 01Gin Router & Route GroupsWhy net/http's mux stops being enough once nested resource scope and per-group middleware are real requirements — and the exact migration to Gin.16 min
- 02Request/Response Contracts & ValidationDTOs that never leak database structs, and validating input before it touches a repository.15 min
- 03Consistent Error HandlingOne error envelope shape across every endpoint, and mapping domain errors to HTTP status codes without leaking internals.13 min
- 04Pagination, Filtering & SortingCursor-based pagination for tenant-scoped lists, and why offset pagination breaks down under real load.13 min
Authentication & Authorization
Proving who a request is from, and deciding what they're allowed to do once you know.
- 01Password Hashing & Issuing JWTsbcrypt for stored credentials, and short-lived signed access tokens issued at the gateway.15 min
- 02Refresh Token RotationWhy access tokens stay short-lived, and rotating refresh tokens safely without forcing constant re-logins.13 min
- 03Permission Modeling with RBACA service:resource:action permission model designed to stay legible as Fieldwork grows past a handful of roles.13 min
- 04Enforcing RBAC in MiddlewareChecking permissions once, in one place, instead of scattering role checks through handler code.12 min
The API Gateway & Service Boundaries
One public entrypoint, and the internal contract every service behind it agrees to.
- 01The API Gateway PatternWhy Fieldwork exposes one public entrypoint that reverse-proxies to internal services instead of exposing each one directly.12 min
- 02Internal Calls & Context PropagationCarrying tenant ID, request ID, and deadline through every downstream call without reinventing them per service.13 min
Testing Fieldwork
A real testing strategy for a multi-service system: fast unit tests, honest integration tests, and a CI gate that actually blocks bad code.
- 01Unit & Table-Driven TestsTesting handlers and services in isolation with table-driven cases and no live dependencies.13 min
- 02Integration Tests with TestcontainersSpinning up a real disposable Postgres per test run instead of mocking the database layer.15 min
- 03Mocking Interfaces for TestsHand-written fakes over generated mocks, and where each one actually earns its cost.12 min
- 04Coverage & CI GatesWhat coverage percentage is worth enforcing, what it hides, and wiring go test into a CI gate that blocks merges.12 min
Caching & Rate Limiting with Redis
What's worth caching in a multi-tenant API, how it gets invalidated correctly, and protecting the system from its own clients.
- 01What to Cache & Invalidation StrategyCache-aside for hot tenant reads, key versioning, and the data Fieldwork deliberately never caches.13 min
- 02Rate Limiting with RedisA token-bucket limiter scoped per tenant so one noisy client can't degrade the platform for everyone else.12 min
- 03Session Storage in RedisStoring refresh-token sessions outside the request path so revocation doesn't require redeploying anything.12 min
Background Jobs & Async Work
Moving slow or unreliable work off the request path without losing track of it.
- 01Worker Pools in GoBounded concurrency with channels and goroutines for processing background work without unbounded memory growth.13 min
- 02Job Queues, Retries & SchedulingA Postgres-backed job queue, exponential backoff on failure, and scheduling recurring work reliably.13 min
- 03Graceful Worker ShutdownDraining in-flight jobs on SIGTERM instead of dropping them mid-execution during a deploy.12 min
File Uploads & Object Storage
Getting files in and out of Fieldwork without loading them entirely into memory or trusting client-supplied metadata.
Event-Driven Architecture with Kafka
Decoupling services with an event bus, and designing consumers that survive the delivery guarantees Kafka actually makes.
- 01Decoupling Services with EventsWhy Fieldwork's cross-service side effects go through Kafka instead of direct service-to-service calls.12 min
- 02Producing & Consuming Events IdempotentlyDesigning consumers that tolerate at-least-once delivery instead of chasing exactly-once semantics.15 min
- 03The Outbox PatternPublishing events reliably from the same transaction that writes the state change, without a distributed transaction.13 min
Resilience Patterns
Making failure survivable by default: deadlines, retries, and stopping cascades before they take down the whole system.
SOLID in Go, No Framework
Applying SOLID idiomatically — small interfaces and constructor injection, with no DI container anywhere in sight.
- 01Interfaces & Dependency InversionDefining interfaces at the consumer, not the implementation, and why that flips the usual dependency direction.12 min
- 02Constructor Injection & TestabilityWiring dependencies explicitly in main() so every dependency is visible, swappable, and testable without magic.11 min
Observability
Turning the logging and config foundations into real signal — metrics, health, and traces you'd actually look at during an incident.
- 01Structured Logs & Error TaxonomiesTreating logs as a queryable event stream, and a consistent error taxonomy that makes filtering by severity actually useful.12 min
- 02Prometheus Metrics & Health ChecksRequest, latency, and error metrics per service, plus liveness/readiness checks wired to real dependency state.13 min
- 03Distributed Tracing BasicsFollowing one tenant's request across the gateway and three internal services with a single trace ID.13 min
Advanced Postgres for Backend Engineers
The database problems that only show up once Fieldwork has real data and real traffic.
- 01Indexing for Multi-Tenant QueriesComposite indexes that lead with tenant_id, and reading an EXPLAIN plan to confirm the index is actually used.13 min
- 02Connection Pooling & N+1 QueriesPgBouncer between every service and Postgres, and batching queries instead of looping one-row-at-a-time.13 min
- 03Backups & Point-in-Time RecoveryWAL-based continuous backup and rehearsing a restore before you ever need one under pressure.12 min
API Versioning & Contracts
Changing the API under real clients without breaking the ones you can't redeploy on demand.
Shipping It — Docker & Kubernetes
Containerizing every service and deploying them to Kubernetes as independent, health-checked, horizontally scalable Deployments.
- 01Multi-Stage Docker BuildsLean, minimal images per service using multi-stage builds — build stage versus distroless runtime.13 min
- 02Kubernetes Deployments, Services & IngressOne Deployment per service, readiness/liveness probes wired to real app state, and routing through Ingress.15 min
- 03ConfigMaps, Secrets & Resource LimitsInjecting config and credentials without baking them into images, and setting requests/limits that actually reflect load.12 min
- 04Zero-Downtime DeploysRolling updates, readiness gates, and connection draining so a deploy is invisible to Fieldwork's clients.13 min
CI/CD for Fieldwork
Automating the path from a merged commit to a running service, across a multi-module repository.
- 01CI Pipeline for a Multi-Module RepoBuilding, linting, and testing only the services a change actually touches instead of everything, every time.12 min
- 02Continuous Deployment to KubernetesShipping a merged commit to a running Deployment automatically, with a rollback path that's actually been tested.12 min
Security Hardening
Closing the gaps that don't show up until an audit, a pen test, or an incident finds them first.
- 01Securing Secrets & Sanitizing InputGetting credentials out of source control and environment dumps, and the injection risks that survive parameterized queries.12 min
- 02Dependency & Image ScanningCatching known-vulnerable modules and base images in CI, before they ship, not after a report comes in.11 min
Capstone — Assembling Fieldwork End-to-End
Every prior module wired together into one running system, then tested and operated the way a real on-call engineer would.
Retrospective & What's Next
Written last, after the system has stabilized — what changed, what broke, and what comes after Fieldwork.