book

Fundamentals of DevOps and Software Delivery

by Yevgeniy Brikman

May 2025

Intermediate to advanced

552 pages

14h 57m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Has Sandbox

Why I Wrote This BookThe Impact of World-Class Software DeliveryWhere DevOps Came FromWatch Out for SnakesWho Should Read This BookWhat You’ll Find in This BookWhat You Won’t Find in This BookOpen Source Code ExamplesOpinionated Code ExamplesYou Have to Get Your Hands DirtyUsing Code ExamplesConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
Example: Deploy the Sample App LocallyDeploying an App on a ServerOn-Prem and Cloud HostingExample: Deploy an App via PaaS (Render)Example: Deploy an App via IaaS (AWS)Comparing Deployment OptionsOn Prem Versus the CloudIaaS Versus PaaSThe Evolution of DevOpsAdopting DevOps PracticesConclusion
The Benefits of IaCAd Hoc ScriptsExample: Deploy an EC2 Instance by Using a Bash ScriptHow Ad Hoc Scripts Stack UpConfiguration Management ToolsExample: Deploy an EC2 Instance by Using AnsibleExample: Configure a Server by Using AnsibleHow Configuration Management Tools Stack UpServer Templating ToolsExample: Create a VM Image by Using PackerHow Server Templating Tools Stack UpProvisioning ToolsExample: Deploy an EC2 Instance by Using OpenTofuExample: Update and Destroy Infrastructure by Using OpenTofuExample: Deploy an EC2 Instance by Using an OpenTofu ModuleExample: Deploy an EC2 Instance by Using an OpenTofu Registry ModuleHow Provisioning Tools Stack UpUsing Multiple IaC Tools TogetherProvisioning Plus Configuration ManagementProvisioning Plus Server TemplatingProvisioning Plus Server Templating Plus OrchestrationAdopting IaCConclusion
An Introduction to OrchestrationServer OrchestrationExample: Deploy an App Securely and Reliably by Using AnsibleExample: Deploy a Load Balancer by Using Ansible and nginxExample: Roll Out Updates with AnsibleVM OrchestrationExample: Build a VM Image by Using PackerExample: Deploy a VM Image in an Auto Scaling Group by Using OpenTofuExample: Deploy an Application Load Balancer by Using OpenTofuExample: Roll Out Updates with OpenTofu and Auto Scaling GroupsContainer OrchestrationExample: A Crash Course on DockerExample: Create a Docker Image for a Node.js AppExample: Deploy a Dockerized App with KubernetesExample: Deploy a Load Balancer with KubernetesExample: Roll Out Updates with KubernetesExample: Deploy a Kubernetes Cluster in AWS by Using EKSExample: Push a Docker Image to ECRExample: Deploy a Dockerized App into an EKS ClusterServerless OrchestrationExample: Deploy a Serverless Function with AWS LambdaExample: Create a Lambda Function URLExample: Roll Out Updates with AWS LambdaComparing Orchestration OptionsConclusion
Version ControlExample: Turn Your Code into a Git RepoExample: Store Your Code in GitHubVersion-Control RecommendationsBuild SystemExample: Configure Your Build by Using npmDependency ManagementExample: Add Dependencies in npmAutomated TestingExample: Add Automated Tests for the Node.js AppExample: Add Automated Tests for the OpenTofu CodeTesting RecommendationsConclusion
Continuous IntegrationDealing with Merge ConflictsPreventing Breakages with Self-Testing BuildsMaking Large ChangesExample: Run Automated Tests for Apps in GitHub ActionsMachine User Credentials and Automatically Provisioned CredentialsExample: Configure OIDC with AWS and GitHub ActionsExample: Run Automated Tests for Infrastructure in GitHub ActionsContinuous DeliveryDeployment StrategiesDeployment PipelinesDeployment Pipeline RecommendationsConclusion
Breaking Up Your DeploymentsWhy Deploy Across Multiple EnvironmentsHow to Set Up Multiple EnvironmentsChallenges with Multiple EnvironmentsExample: Set Up Multiple AWS AccountsBreaking Up Your CodebaseWhy Break Up Your CodebaseHow to Break Up Your CodebaseChallenges with Breaking Up Your CodebaseExample: Deploy Microservices in KubernetesConclusion
Public NetworkingPublic IP AddressesDomain Name SystemExample: Register and Configure a Domain Name in Amazon Route 53Private NetworkingPhysical Private NetworksVirtual Private NetworksAccessing Private NetworksCastle-and-Moat ModelZero Trust ArchitectureSSHRDPVPNService Communication in Private NetworksService DiscoveryService Communication ProtocolService MeshExample: Istio Service Mesh with Kubernetes MicroservicesConclusion
Cryptography PrimerEncryptionHashingSecure StorageSecrets ManagementEncryption at RestSecure CommunicationTransport Layer SecurityExample: HTTPS with Let’s Encrypt and AWS Secrets ManagerEnd-to-End EncryptionConclusion
Local Storage: Hard DrivesPrimary Data Store: Relational DatabasesReading and Writing DataACID TransactionsSchemas and ConstraintsExample: PostgreSQL, Lambda, and Schema MigrationsCaching: Key-Value Stores and CDNsKey-Value StoresCDNsFile Storage: File Servers and Object StoresFile ServersObject StoresExample: Serving Files with S3 and CloudFrontSemistructured Data and Search: Document StoresReading and Writing DataACID TransactionsSchemas and ConstraintsAnalytics: Columnar DatabasesColumnar Database BasicsAnalytics Use CasesAsynchronous Processing: Queues and StreamsMessage QueuesEvent StreamsScalability and AvailabilityRelational DatabasesNoSQL and NewSQL DatabasesDistributed SystemsBackup and RecoveryBackup StrategiesBackup RecommendationsExample: Backups and Read Replicas with PostgreSQLConclusion

LogsLog LevelsLog FormattingStructured LoggingLog Files and RotationLog AggregationMetricsTypes of MetricsUsing MetricsExample: Metrics in CloudWatchEventsObservabilityTracingTesting in ProductionAlertsTriggersNotificationsOn CallIncident ResponseExample: Alerts in CloudWatchConclusion
InfrastructurelessGenerative AISecure by DefaultPlatform EngineeringThe Future of Infrastructure CodeConclusion

Content preview from Fundamentals of DevOps and Software Delivery

Chapter 8. How to Secure Communication and Storage

In Chapter 7, you learned about the role networking plays in security, including the importance of private networks, bastion hosts, VPCs, and service meshes. But what happens if a malicious actor finds a way to intercept the data you transmit over the network? Or what if they manage to get access to that data when you write it to a hard drive? Networking provides one important layer of defense, but as you also saw in Chapter 7, you need multiple layers so you’re never one mistake away from disaster (defense in depth). In this chapter, you’ll learn about two more layers of defense:

Secure storage: Protect your data from unauthorized snooping or interference by using encryption at rest, secrets management, password storage, and key management.
Secure communication: Protect your communication over the network from unauthorized snooping or interference by using encryption in transit and secure transport protocols.

As you go through these topics, this chapter will walk you through hands-on examples, including how to encrypt data with AES and RSA; verify file integrity with SHA-256, HMAC, and digital signatures; store secrets in AWS Secrets Manager; and serve traffic over HTTPS by using TLS certificates from Let’s Encrypt. But first, let’s do a quick primer on what makes all of this possible: cryptography.

Cryptography Primer

Cryptography is the study of how to protect data from adversaries so as to provide three key benefits, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781098174583Errata Page Supplemental Content

Fundamentals of DevOps and Software Delivery

by Yevgeniy Brikman

Chapter 8. How to Secure Communication and Storage

Cryptography Primer

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Kubernetes: Up and Running, 3rd Edition

Engineering AI Systems: Architecture and DevOps Essentials

The DevOps Handbook

Terraform: Up and Running, 3rd Edition

Publisher Resources

Chapter 8. How to Secure Communication and Storage

Cryptography Primer

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Kubernetes: Up and Running, 3rd Edition

Engineering AI Systems: Architecture and DevOps Essentials

The DevOps Handbook

Terraform: Up and Running, 3rd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.