Book Image

Learning DevOps - Second Edition

By : Mikael Krief

Book Image

Learning DevOps - Second Edition

By: Mikael Krief

Overview of this book

In the implementation of DevOps processes, the choice of tools is crucial to the sustainability of projects and collaboration between developers and ops. This book presents the different patterns and tools for provisioning and configuring an infrastructure in the cloud, covering mostly open source tools with a large community contribution, such as Terraform, Ansible, and Packer, which are assets for automation. This DevOps book will show you how to containerize your applications with Docker and Kubernetes and walk you through the construction of DevOps pipelines in Jenkins as well as Azure pipelines before covering the tools and importance of testing. You'll find a complete chapter on DevOps practices and tooling for open source projects before getting to grips with security integration in DevOps using Inspec, Hashicorp Vault, and Azure Secure DevOps kit. You'll also learn about the reduction of downtime with blue-green deployment and feature flags techniques before finally covering common DevOps best practices for all your projects. By the end of this book, you'll have built a solid foundation in DevOps and developed the skills necessary to enhance a traditional software delivery process using modern software delivery tools and techniques.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Share Your Thoughts

Section 1: DevOps and Infrastructure as Code

Section 1: DevOps and Infrastructure as Code

Free Chapter

Chapter 1: The DevOps Culture and Infrastructure as Code Practices

Chapter 1: The DevOps Culture and Infrastructure as Code Practices

Getting started with DevOps

Implementing CI/CD and continuous deployment

Understanding IaC practices

Further reading

Chapter 2: Provisioning Cloud Infrastructure with Terraform

Chapter 2: Provisioning Cloud Infrastructure with Terraform

Technical requirements

Installing Terraform

Configuring Terraform for Azure

Writing a Terraform script to deploy an Azure infrastructure

Running Terraform for deployment

Understanding the Terraform life cycle with different command-line options

Protecting the state file with a remote backend

Further reading

Chapter 3: Using Ansible for Configuring IaaS Infrastructure

Chapter 3: Using Ansible for Configuring IaaS Infrastructure

Technical requirements

Installing Ansible

Creating an Ansible inventory

Executing the first playbook

Executing Ansible

Protecting data with Ansible Vault

Using a dynamic inventory for an Azure infrastructure

Further reading

Chapter 4: Optimizing Infrastructure Deployment with Packer

Chapter 4: Optimizing Infrastructure Deployment with Packer

Technical requirements

An overview of Packer

Creating Packer templates for Azure VMs with scripts

Using Ansible in a Packer template

Executing Packer

Writing Packer templates with HCL format

Using a Packer image with Terraform

Further reading

Chapter 5: Authoring the Development Environment with Vagrant

Chapter 5: Authoring the Development Environment with Vagrant

Technical requirements

Installing Vagrant

Writing a Vagrant configuration file

Creating a local VM using the Vagrant CLI

Further reading

Section 2: DevOps CI/CD Pipeline

Section 2: DevOps CI/CD Pipeline

Chapter 6: Managing Your Source Code with Git

Chapter 6: Managing Your Source Code with Git

Technical requirements

Overviewing Git and its principal command lines

Understanding the Git process and Gitflow pattern

Further reading

Chapter 7: Continuous Integration and Continuous Delivery

Chapter 7: Continuous Integration and Continuous Delivery

Technical requirements

CI/CD principles

Using a package manager in the CI/CD process

Using Jenkins for CI/CD implementation

Using Azure Pipelines for CI/CD

Using GitLab CI

Further reading

Chapter 8: Deploying Infrastructure as Code with CI/CD Pipelines

Chapter 8: Deploying Infrastructure as Code with CI/CD Pipelines

Technical requirements

Running Packer in Azure Pipelines

Running Terraform and Ansible in Azure Pipelines

Further reading

Section 3: Containerized Microservices with Docker and Kubernetes

Section 3: Containerized Microservices with Docker and Kubernetes

Chapter 9: Containerizing Your Application with Docker

Chapter 9: Containerizing Your Application with Docker

Technical requirements

Installing Docker

Creating a Dockerfile

Building and running a container on a local machine

Pushing an image to Docker Hub

Pushing a Docker image to a private registry (ACR)

Deploying a container to ACI with a CI/CD pipeline

Using Docker for running command-line tools

Getting started with Docker Compose

Deploying Docker Compose containers in ACI

Further reading

Chapter 10: Managing Containers Effectively with Kubernetes

Chapter 10: Managing Containers Effectively with Kubernetes

Technical requirements

Installing Kubernetes

A first example of Kubernetes application deployment

Using Helm as a package manager

Publishing a Helm chart in a private registry (ACR)

Creating a CI/CD pipeline for Kubernetes with Azure Pipelines

Monitoring applications and metrics in Kubernetes

Further reading

Section 4: Testing Your Application

Section 4: Testing Your Application

Chapter 11: Testing APIs with Postman

Chapter 11: Testing APIs with Postman

Technical requirements

Creating a Postman collection with requests

Using environments and variables to dynamize requests

Writing Postman tests

Executing Postman request tests locally

Understanding the Newman concept

Preparing Postman collections for Newman

Running the Newman command line

Integration of Newman in the CI/CD pipeline process

Further reading

Chapter 12: Static Code Analysis with SonarQube

Chapter 12: Static Code Analysis with SonarQube

Technical requirements

Exploring SonarQube

Installing SonarQube

Real-time analysis with SonarLint

Executing SonarQube in a CI process

Further reading

Chapter 13: Security and Performance Tests

Chapter 13: Security and Performance Tests

Technical requirements

Applying web security and penetration testing with ZAP

Running performance tests with Postman

Further reading

Section 5: Taking DevOps Further/More on DevOps

Section 5: Taking DevOps Further/More on DevOps

Chapter 14: Security in the DevOps Process with DevSecOps

Chapter 14: Security in the DevOps Process with DevSecOps

Technical requirements

Testing Azure infrastructure compliance with Chef InSpec

Keeping sensitive data safe with HashiCorp Vault

Further reading

Chapter 15: Reducing Deployment Downtime

Chapter 15: Reducing Deployment Downtime

Technical requirements

Reducing deployment downtime with Terraform

Understanding blue-green deployment concepts and patterns

Applying blue-green deployments on Azure

Introducing feature flags

Using an open source framework for feature flags

Using the LaunchDarkly solution

Further reading

Chapter 16: DevOps for Open Source Projects

Chapter 16: DevOps for Open Source Projects

Technical requirements

Storing source code in GitHub

Contributing to open source projects using pull requests

Managing the changelog file and release notes

Sharing binaries in GitHub releases

Getting started with GitHub Actions

Analyzing code with SonarCloud

Detecting security vulnerabilities with WhiteSource Bolt

Further reading

Chapter 17: DevOps Best Practices

Chapter 17: DevOps Best Practices

Automating everything

Choosing the right tool

Writing all your configuration in code

Designing the system architecture

Building a good CI/CD pipeline

Integrating tests

Shifting security left with DevSecOps

Monitoring your system

Evolving project management

Further reading

Assessments

Chapter 1: The DevOps Culture and Infrastructure as Code Practices

Chapter 2: Provisioning Cloud Infrastructure with Terraform

Chapter 3: Using Ansible for Configuring IaaS Infrastructure

Chapter 4: Optimizing Infrastructure Deployment with Packer

Chapter 5: Authoring the Development Environment with Vagrant

Chapter 6: Managing Your Source Code with Git

Chapter 7: Continuous Integration and Continuous Delivery

Chapter 8: Deploying Infrastructure as Code with CI/CD Pipelines

Chapter 9: Containerizing Your Application with Docker

Chapter 10: Managing Containers Effectively with Kubernetes

Chapter 11: Testing APIs with Postman

Chapter 12: Static Code Analysis with SonarQube

Chapter 13: Security and Performance Tests

Chapter 14: Security in the DevOps Process with DevSecOps

Chapter 15: Reducing Deployment Downtime

Chapter 16: DevOps for Open Source Projects

Chapter 17: DevOps Best Practices

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 14: Security in the DevOps Process with DevSecOps

So far in this book, we have discussed in detail the development-operations (DevOps) culture as well as the DevOps tools that will facilitate communication and collaboration between developers and operations people (information technology-operations, or ITOps).

However, in this union, we have noticed that a very important aspect is often missing, which is security. Indeed, continuous integration/continuous deployment (CI/CD) pipelines and infrastructure as code (IaC) allow faster deployment of infrastructure and applications, but the problem is that to deploy faster, we do not include security teams, which causes the following:

Security teams block or slow down deployments and therefore lead to longer deployment cycles.
Security problems are detected very late in the infrastructure and in applications.

This is why, for some time now, security has been included in the DevOps culture by becoming a development...