book

DevOps Tools for Java Developers

by Stephen Chin, Melissa McKay, Ixchel Ruiz, Baruch Sadogursky

April 2022

Intermediate to advanced

341 pages

9h 37m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
Conventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1. DevOps for (or Possibly Against) Developers
DevOps Is a Concept Invented by the Ops SideExhibit 1: The Phoenix ProjectExhibit 2: The DevOps HandbookGoogle ItWhat Does It Do?State of the IndustryWhat Constitutes Work?If We’re Not About Deployment and Operations, Then Just What Is Our Job?Just What Constitutes “Done”?Rivalry?More Than Ever BeforeVolume and VelocityDone and DoneFloat Like a Butterfly…Integrity, Authentication, and AvailabilityFierce UrgencyThe Software Industry Has Fully Embraced DevOpsMaking It ManifestWe All Got the Message
2. The System of Truth
Three Generations of Source Code ManagementChoosing Your Source ControlMaking Your First Pull RequestGit ToolsGit Command-Line BasicsGit Command-Line TutorialGit ClientsGit IDE IntegrationGit Collaboration Patternsgit-flowGitHub FlowGitLab FlowOneFlowTrunk-Based DevelopmentSummary
3. An Introduction to Containers
Understanding the ProblemThe History of ContainersWhy Containers?Intro to Container AnatomyDocker Architecture and the Container RuntimeDocker on Your MachineBasic Tagging and Image Version ManagementImage and Container LayersBest Image Build Practices and Container GotchasRespect the Docker Context and .dockerignore FileUse Trusted Base ImagesSpecify Package Versions and Keep Up with UpdatesKeep Your Images SmallBeware of External ResourcesProtect Your SecretsKnow Your OutputsSummary
4. Dissecting the Monolith
Cloud ComputingMicroservicesAntipatternsDevOps and MicroservicesMicroservice FrameworksSpring BootMicronautQuarkusHelidonServerlessSetting UpSummary
5. Continuous Integration
Adopt Continuous IntegrationDeclaratively Script Your BuildBuild with Apache AntBuild with Apache MavenBuild with GradleContinuously BuildAutomate TestsMonitor and Maintain TestsSummary
6. Package Management
Why Build-It-and-Ship-It Is Not EnoughIt’s All About MetadataKey Attributes of Insightful MetadataMetadata ConsiderationsDetermining the MetadataCapturing MetadataWriting the MetadataDependency Management Basics for Maven and GradleDependency Management with Apache MavenDependency Management with GradleDependency Management Basics for ContainersArtifact PublicationPublishing to Maven LocalPublishing to Maven CentralPublishing to Sonatype Nexus RepositoryPublishing to JFrog ArtifactorySummary
7. Securing Your Binaries
Supply Chain Security CompromisedSecurity from the Vendor PerspectiveSecurity from the Customer PerspectiveThe Full Impact GraphSecuring Your DevOps InfrastructureThe Rise of DevSecOpsThe Role of SREs in SecurityStatic and Dynamic Security AnalysisStatic Application Security TestingDynamic Application Security TestingComparing SAST and DASTInteractive Application Security TestingRuntime Application Self-ProtectionSAST, DAST, IAST, and RASP SummaryThe Common Vulnerability Scoring SystemCVSS Basic MetricsCVSS Temporal MetricsCVSS Environmental MetricsCVSS in PracticeScoping Security AnalysisTime to MarketMake or BuyOne-Time and Recurring EffortsHow Much Is Enough?Compliance Versus VulnerabilitiesVulnerabilities Can Be Combined into Different Attack VectorsVulnerabilities: Timeline from Inception Through Production FixTest Coverage Is Your Safety BeltQuality Gate MethodologyQuality Gate StrategiesFit with Project Management ProceduresImplementing Security with the Quality Gate MethodRisk Management in Quality GatesPractical Applications of Quality ManagementShift Security LeftNot All Clean Code Is Secure CodeEffects on SchedulingThe Right Contact PersonDealing with Technical DebtAdvanced Training on Secure CodingMilestones for QualityThe Attacker’s Point of ViewMethods of EvaluationBe Aware of ResponsibilitySummary
8. Deploying for Developers
Building and Pushing Container ImagesManaging Container Images by Using JibBuilding Container Images with Eclipse JKubeDeploying to KubernetesLocal Setup for DeploymentGenerate Kubernetes Manifests by Using DekorateGenerate and Deploy Kubernetes Manifests with Eclipse JKubeChoose and Implement a Deployment StrategyManaging Workloads in KubernetesSetting Up Health ChecksAdjusting Resource QuotasWorking with Persistent Data CollectionsBest Practices for Monitoring, Logging, and TracingMonitoringLoggingTracingHigh Availability and Geographic DistributionHybrid and MultiCloud ArchitecturesSummary

9. Mobile Workflows
Fast-Paced DevOps Workflows for MobileAndroid Device FragmentationAndroid OS FragmentationBuilding for Disparate ScreensHardware and 3D SupportContinuous Testing on Parallel DevicesBuilding a Device FarmMobile Pipelines in the CloudPlanning a Device-Testing StrategySummary
10. Continuous Deployment Patterns and Antipatterns
Why Everyone Needs Continuous UpdatesUser Expectations on Continuous UpdatesSecurity Vulnerabilities Are the New Oil SpillsGetting Users to UpdateCase Study: Java Six-Month Release CadenceCase Study: iOS App StoreContinuous UptimeCase Study: CloudflareThe Hidden Cost of Manual UpdatesCase Study: Knight CapitalContinuous Update Best Practices
Index
About the Authors

Overview

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky from JFrog help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

Explore software lifecycle best practices
Use DevSecOps methodologies to facilitate software development and delivery
Understand the business value of DevSecOps best practices
Manage and secure software dependencies
Develop and deploy applications using containers and cloud native technologies
Manage and administrate source control repositories and development processes
Use automation to set up and administer build pipelines
Identify common deployment patterns and antipatterns
Maintain and monitor software after deployment

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hands-On Software Architecture with Java

Publisher Resources

ISBN: 9781492084013Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills