DevOps Tools for Java Developers

Book description

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky from JFrog help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment

Table of contents

  1. Foreword
  2. Preface
    1. Conventions Used in This Book
    2. Using Code Examples
    3. O’Reilly Online Learning
    4. How to Contact Us
    5. Acknowledgments
  3. 1. DevOps for (or Possibly Against) Developers
    1. DevOps Is a Concept Invented by the Ops Side
      1. Exhibit 1: The Phoenix Project
      2. Exhibit 2: The DevOps Handbook
      3. Google It
      4. What Does It Do?
      5. State of the Industry
      6. What Constitutes Work?
    2. If We’re Not About Deployment and Operations, Then Just What Is Our Job?
      1. Just What Constitutes “Done”?
      2. Rivalry?
    3. More Than Ever Before
      1. Volume and Velocity
      2. Done and Done
      3. Float Like a Butterfly…
      4. Integrity, Authentication, and Availability
      5. Fierce Urgency
    4. The Software Industry Has Fully Embraced DevOps
      1. Making It Manifest
      2. We All Got the Message
  4. 2. The System of Truth
    1. Three Generations of Source Code Management
    2. Choosing Your Source Control
    3. Making Your First Pull Request
    4. Git Tools
      1. Git Command-Line Basics
      2. Git Command-Line Tutorial
      3. Git Clients
      4. Git IDE Integration
    5. Git Collaboration Patterns
      1. git-flow
      2. GitHub Flow
      3. GitLab Flow
      4. OneFlow
      5. Trunk-Based Development
    6. Summary
  5. 3. An Introduction to Containers
    1. Understanding the Problem
      1. The History of Containers
      2. Why Containers?
    2. Intro to Container Anatomy
      1. Docker Architecture and the Container Runtime
      2. Docker on Your Machine
      3. Basic Tagging and Image Version Management
      4. Image and Container Layers
    3. Best Image Build Practices and Container Gotchas
      1. Respect the Docker Context and .dockerignore File
      2. Use Trusted Base Images
      3. Specify Package Versions and Keep Up with Updates
      4. Keep Your Images Small
      5. Beware of External Resources
      6. Protect Your Secrets
      7. Know Your Outputs
    4. Summary
  6. 4. Dissecting the Monolith
    1. Cloud Computing
    2. Microservices
      1. Antipatterns
      2. DevOps and Microservices
      3. Microservice Frameworks
      4. Spring Boot
      5. Micronaut
      6. Quarkus
      7. Helidon
    3. Serverless
      1. Setting Up
    4. Summary
  7. 5. Continuous Integration
    1. Adopt Continuous Integration
    2. Declaratively Script Your Build
      1. Build with Apache Ant
      2. Build with Apache Maven
      3. Build with Gradle
    3. Continuously Build
    4. Automate Tests
    5. Monitor and Maintain Tests
    6. Summary
  8. 6. Package Management
    1. Why Build-It-and-Ship-It Is Not Enough
    2. It’s All About Metadata
      1. Key Attributes of Insightful Metadata
      2. Metadata Considerations
      3. Determining the Metadata
      4. Capturing Metadata
      5. Writing the Metadata
    3. Dependency Management Basics for Maven and Gradle
      1. Dependency Management with Apache Maven
      2. Dependency Management with Gradle
    4. Dependency Management Basics for Containers
    5. Artifact Publication
      1. Publishing to Maven Local
      2. Publishing to Maven Central
      3. Publishing to Sonatype Nexus Repository
      4. Publishing to JFrog Artifactory
    6. Summary
  9. 7. Securing Your Binaries
    1. Supply Chain Security Compromised
      1. Security from the Vendor Perspective
      2. Security from the Customer Perspective
      3. The Full Impact Graph
    2. Securing Your DevOps Infrastructure
      1. The Rise of DevSecOps
      2. The Role of SREs in Security
    3. Static and Dynamic Security Analysis
      1. Static Application Security Testing
      2. Dynamic Application Security Testing
      3. Comparing SAST and DAST
    4. Interactive Application Security Testing
    5. Runtime Application Self-Protection
    6. SAST, DAST, IAST, and RASP Summary
    7. The Common Vulnerability Scoring System
      1. CVSS Basic Metrics
      2. CVSS Temporal Metrics
      3. CVSS Environmental Metrics
      4. CVSS in Practice
    8. Scoping Security Analysis
      1. Time to Market
      2. Make or Buy
      3. One-Time and Recurring Efforts
      4. How Much Is Enough?
      5. Compliance Versus Vulnerabilities
    9. Vulnerabilities Can Be Combined into Different Attack Vectors
      1. Vulnerabilities: Timeline from Inception Through Production Fix
      2. Test Coverage Is Your Safety Belt
    10. Quality Gate Methodology
      1. Quality Gate Strategies
      2. Fit with Project Management Procedures
      3. Implementing Security with the Quality Gate Method
      4. Risk Management in Quality Gates
      5. Practical Applications of Quality Management
    11. Shift Security Left
      1. Not All Clean Code Is Secure Code
      2. Effects on Scheduling
      3. The Right Contact Person
      4. Dealing with Technical Debt
      5. Advanced Training on Secure Coding
      6. Milestones for Quality
      7. The Attacker’s Point of View
      8. Methods of Evaluation
      9. Be Aware of Responsibility
    12. Summary
  10. 8. Deploying for Developers
    1. Building and Pushing Container Images
      1. Managing Container Images by Using Jib
      2. Building Container Images with Eclipse JKube
    2. Deploying to Kubernetes
      1. Local Setup for Deployment
      2. Generate Kubernetes Manifests by Using Dekorate
      3. Generate and Deploy Kubernetes Manifests with Eclipse JKube
      4. Choose and Implement a Deployment Strategy
    3. Managing Workloads in Kubernetes
      1. Setting Up Health Checks
      2. Adjusting Resource Quotas
      3. Working with Persistent Data Collections
    4. Best Practices for Monitoring, Logging, and Tracing
      1. Monitoring
      2. Logging
      3. Tracing
    5. High Availability and Geographic Distribution
    6. Hybrid and MultiCloud Architectures
    7. Summary
  11. 9. Mobile Workflows
    1. Fast-Paced DevOps Workflows for Mobile
    2. Android Device Fragmentation
      1. Android OS Fragmentation
      2. Building for Disparate Screens
      3. Hardware and 3D Support
    3. Continuous Testing on Parallel Devices
      1. Building a Device Farm
      2. Mobile Pipelines in the Cloud
      3. Planning a Device-Testing Strategy
    4. Summary
  12. 10. Continuous Deployment Patterns and Antipatterns
    1. Why Everyone Needs Continuous Updates
      1. User Expectations on Continuous Updates
      2. Security Vulnerabilities Are the New Oil Spills
    2. Getting Users to Update
      1. Case Study: Java Six-Month Release Cadence
      2. Case Study: iOS App Store
    3. Continuous Uptime
      1. Case Study: Cloudflare
    4. The Hidden Cost of Manual Updates
      1. Case Study: Knight Capital
    5. Continuous Update Best Practices
  13. Index
  14. About the Authors

Product information

  • Title: DevOps Tools for Java Developers
  • Author(s): Stephen Chin, Melissa McKay, Ixchel Ruiz, Baruch Sadogursky
  • Release date: April 2022
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492084020