book

Fundamentals of DevOps and Software Delivery

Name: Fundamentals of DevOps and Software Delivery
Author: Yevgeniy Brikman
ISBN: 9781098174590

by Yevgeniy Brikman

May 2025

Intermediate to advanced

552 pages

14h 57m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Sandbox

Preface
Why I Wrote This BookThe Impact of World-Class Software DeliveryWhere DevOps Came FromWatch Out for SnakesWho Should Read This BookWhat You’ll Find in This BookWhat You Won’t Find in This BookOpen Source Code ExamplesOpinionated Code ExamplesYou Have to Get Your Hands DirtyUsing Code ExamplesConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1. How to Deploy Your App
Example: Deploy the Sample App LocallyDeploying an App on a ServerOn-Prem and Cloud HostingExample: Deploy an App via PaaS (Render)Example: Deploy an App via IaaS (AWS)Comparing Deployment OptionsOn Prem Versus the CloudIaaS Versus PaaSThe Evolution of DevOpsAdopting DevOps PracticesConclusion
2. How to Manage Your Infrastructure as Code
The Benefits of IaCAd Hoc ScriptsExample: Deploy an EC2 Instance by Using a Bash ScriptHow Ad Hoc Scripts Stack UpConfiguration Management ToolsExample: Deploy an EC2 Instance by Using AnsibleExample: Configure a Server by Using AnsibleHow Configuration Management Tools Stack UpServer Templating ToolsExample: Create a VM Image by Using PackerHow Server Templating Tools Stack UpProvisioning ToolsExample: Deploy an EC2 Instance by Using OpenTofuExample: Update and Destroy Infrastructure by Using OpenTofuExample: Deploy an EC2 Instance by Using an OpenTofu ModuleExample: Deploy an EC2 Instance by Using an OpenTofu Registry ModuleHow Provisioning Tools Stack UpUsing Multiple IaC Tools TogetherProvisioning Plus Configuration ManagementProvisioning Plus Server TemplatingProvisioning Plus Server Templating Plus OrchestrationAdopting IaCConclusion
3. How to Manage Your Apps by Using Orchestration Tools
An Introduction to OrchestrationServer OrchestrationExample: Deploy an App Securely and Reliably by Using AnsibleExample: Deploy a Load Balancer by Using Ansible and nginxExample: Roll Out Updates with AnsibleVM OrchestrationExample: Build a VM Image by Using PackerExample: Deploy a VM Image in an Auto Scaling Group by Using OpenTofuExample: Deploy an Application Load Balancer by Using OpenTofuExample: Roll Out Updates with OpenTofu and Auto Scaling GroupsContainer OrchestrationExample: A Crash Course on DockerExample: Create a Docker Image for a Node.js AppExample: Deploy a Dockerized App with KubernetesExample: Deploy a Load Balancer with KubernetesExample: Roll Out Updates with KubernetesExample: Deploy a Kubernetes Cluster in AWS by Using EKSExample: Push a Docker Image to ECRExample: Deploy a Dockerized App into an EKS ClusterServerless OrchestrationExample: Deploy a Serverless Function with AWS LambdaExample: Create a Lambda Function URLExample: Roll Out Updates with AWS LambdaComparing Orchestration OptionsConclusion
4. How to Version, Build, and Test Your Code
Version ControlExample: Turn Your Code into a Git RepoExample: Store Your Code in GitHubVersion-Control RecommendationsBuild SystemExample: Configure Your Build by Using npmDependency ManagementExample: Add Dependencies in npmAutomated TestingExample: Add Automated Tests for the Node.js AppExample: Add Automated Tests for the OpenTofu CodeTesting RecommendationsConclusion
5. How to Set Up Continuous Integration and Continuous Delivery
Continuous IntegrationDealing with Merge ConflictsPreventing Breakages with Self-Testing BuildsMaking Large ChangesExample: Run Automated Tests for Apps in GitHub ActionsMachine User Credentials and Automatically Provisioned CredentialsExample: Configure OIDC with AWS and GitHub ActionsExample: Run Automated Tests for Infrastructure in GitHub ActionsContinuous DeliveryDeployment StrategiesDeployment PipelinesDeployment Pipeline RecommendationsConclusion
6. How to Work with Multiple Teams and Environments
Breaking Up Your DeploymentsWhy Deploy Across Multiple EnvironmentsHow to Set Up Multiple EnvironmentsChallenges with Multiple EnvironmentsExample: Set Up Multiple AWS AccountsBreaking Up Your CodebaseWhy Break Up Your CodebaseHow to Break Up Your CodebaseChallenges with Breaking Up Your CodebaseExample: Deploy Microservices in KubernetesConclusion
7. How to Set Up Networking
Public NetworkingPublic IP AddressesDomain Name SystemExample: Register and Configure a Domain Name in Amazon Route 53Private NetworkingPhysical Private NetworksVirtual Private NetworksAccessing Private NetworksCastle-and-Moat ModelZero Trust ArchitectureSSHRDPVPNService Communication in Private NetworksService DiscoveryService Communication ProtocolService MeshExample: Istio Service Mesh with Kubernetes MicroservicesConclusion
8. How to Secure Communication and Storage
Cryptography PrimerEncryptionHashingSecure StorageSecrets ManagementEncryption at RestSecure CommunicationTransport Layer SecurityExample: HTTPS with Let’s Encrypt and AWS Secrets ManagerEnd-to-End EncryptionConclusion
9. How to Store Data
Local Storage: Hard DrivesPrimary Data Store: Relational DatabasesReading and Writing DataACID TransactionsSchemas and ConstraintsExample: PostgreSQL, Lambda, and Schema MigrationsCaching: Key-Value Stores and CDNsKey-Value StoresCDNsFile Storage: File Servers and Object StoresFile ServersObject StoresExample: Serving Files with S3 and CloudFrontSemistructured Data and Search: Document StoresReading and Writing DataACID TransactionsSchemas and ConstraintsAnalytics: Columnar DatabasesColumnar Database BasicsAnalytics Use CasesAsynchronous Processing: Queues and StreamsMessage QueuesEvent StreamsScalability and AvailabilityRelational DatabasesNoSQL and NewSQL DatabasesDistributed SystemsBackup and RecoveryBackup StrategiesBackup RecommendationsExample: Backups and Read Replicas with PostgreSQLConclusion

10. How to Monitor Your Systems
LogsLog LevelsLog FormattingStructured LoggingLog Files and RotationLog AggregationMetricsTypes of MetricsUsing MetricsExample: Metrics in CloudWatchEventsObservabilityTracingTesting in ProductionAlertsTriggersNotificationsOn CallIncident ResponseExample: Alerts in CloudWatchConclusion
11. The Future of DevOps and Software Delivery
InfrastructurelessGenerative AISecure by DefaultPlatform EngineeringThe Future of Infrastructure CodeConclusion
Index
About the Author

Content preview from Fundamentals of DevOps and Software Delivery

Chapter 8. How to Secure Communication and Storage

In Chapter 7, you learned about the role networking plays in security, including the importance of private networks, bastion hosts, VPCs, and service meshes. But what happens if a malicious actor finds a way to intercept the data you transmit over the network? Or what if they manage to get access to that data when you write it to a hard drive? Networking provides one important layer of defense, but as you also saw in Chapter 7, you need multiple layers so you’re never one mistake away from disaster (defense in depth). In this chapter, you’ll learn about two more layers of defense:

Secure storage: Protect your data from unauthorized snooping or interference by using encryption at rest, secrets management, password storage, and key management.
Secure communication: Protect your communication over the network from unauthorized snooping or interference by using encryption in transit and secure transport protocols.

As you go through these topics, this chapter will walk you through hands-on examples, including how to encrypt data with AES and RSA; verify file integrity with SHA-256, HMAC, and digital signatures; store secrets in AWS Secrets Manager; and serve traffic over HTTPS by using TLS certificates from Let’s Encrypt. But first, let’s do a quick primer on what makes all of this possible: cryptography.

Cryptography Primer

Cryptography is the study of how to protect data from adversaries so as to provide three key benefits, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098174583Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Fundamentals of DevOps and Software Delivery

by Yevgeniy Brikman

Chapter 8. How to Secure Communication and Storage

Cryptography Primer

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.