book

Modern DevOps Practices

by Gaurav Agarwal

September 2021

Intermediate to advanced

530 pages

10h 30m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewer
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touch
The need for containersThe matrix of hellVirtual machinesContainersIt works on my machineContainer architectureContainer networkingModern DevOps versus traditional DevOpsContainers and modern DevOps practicesMigrating from virtual machines to containersDiscoveryApplication requirement assessment Container infrastructure designContainerizing the applicationTesting Deployment and rolloutWhat applications should go in containers?Breaking the applications into smaller piecesAre we there yet?SummaryQuestionsAnswers
Technical requirementsInstalling toolsInstalling GitInstalling vimInstalling DockerIntroducing Docker storage drivers and volumesDocker data storage optionsMounting volumesDocker storage driversConfiguring a storage driverRunning your first containerRunning containers from versioned images Running Docker containers in the backgroundTroubleshooting containersPutting it all togetherRestarting and removing containersDocker logging and logging driversContainer log managementLogging driversConfiguring logging driversTypical challenges and best practices with Docker loggingDocker monitoring with PrometheusChallenges with container monitoringInstalling PrometheusConfiguring cAdvisor and the node exporter to expose metricsConfiguring Prometheus to scrape metricsLaunching a sample container applicationMetrics to monitorDeclarative container management with Docker ComposeInstalling Docker ComposeDeploying a sample application with Docker ComposeCreating the docker-compose fileDocker Compose best practicesSummaryQuestionsAnswers
Technical requirementsDocker architectureUnderstanding Docker imagesThe layered filesystemImage historyUnderstanding Dockerfiles, components, and directivesCan we use ENTRYPOINT instead of CMD?Are RUN and CMD the same?Building our first containerBuilding and managing Docker imagesSingle-stage buildsMulti-stage buildsManaging Docker imagesFlattening Docker imagesOptimizing containers with distroless images PerformanceSecurityCostUnderstanding Docker registriesHosting your private Docker registryOther public registriesSummaryQuestionsAnswers
Technical requirementsWhat is Kubernetes and why do I need it?Kubernetes architectureInstalling Kubernetes (Minikube and KinD)Installing MinikubeInstalling KinDUnderstanding Kubernetes podsUsing port forwardingTroubleshooting podsEnsuring pod reliabilityPod multi-container design patternsSummaryQuestions Answers
Technical requirementsSpinning up Google Kubernetes EngineKubernetes DeploymentsReplicaSet resourceDeployment resourceKubernetes Deployment strategiesKubernetes Services and IngressesClusterIP ServicesNodePort servicesLoadBalancer servicesIngress resourcesHorizontal Pod autoscalingManaging stateful applicationsStatefulSet resourceManaging persistent volumesKubernetes command-line best practicesUsing aliasUsing kubectl bash autocompletionSummaryQuestions Answers
Technical requirementsIntroduction to IaCInstalling TerraformTerraform providersAuthentication and authorization with AzureUsing the Azure Terraform providerTerraform variablesProviding variable valuesTerraform workflowterraform initCreating the first resource – Azure resource groupterraform fmtterraform validateterraform planterraform applyterraform destroyterraform stateUsing the Azure Storage backendTerraform workspacesInspecting resourcesInspecting state filesCleaning upTerraform output, state, console, and graphsterraform outputManaging Terraform stateterraform consoleTerraform dependencies and graphCleaning up resourcesSummaryQuestionsAnswers

Technical requirementsIntroduction to config managementSetting up AnsibleSetting up inventoryInstalling Ansible in the control nodeConnecting the Ansible control node with inventory serversSetting up an inventory fileSetting up the Ansible configuration fileAnsible tasks and modulesIntroduction to Ansible playbooksChecking playbook syntaxApplying the first playbookAnsible playbooks in actionUpdating packages and repositoriesInstalling application packages and servicesConfiguring applicationsCombining the playbooksExecuting the playbooksDesigning for reusabilityAnsible variablesSourcing variable valuesJinja2 templatesAnsible rolesSummaryQuestionsAnswers
Technical requirementsImmutable infrastructure with Hashicorp's PackerWhen to use immutable infrastructureInstalling PackerCreating the Apache and MySQL playbooksBuilding the Apache and MySQL images using Packer and Ansible provisionersPrerequisitesDefining the Packer configurationCreating the required infrastructure with TerraformSummaryQuestionsAnswers
Technical requirementsThe need for serverless offeringsAmazon ECS with EC2 and FargateECS architectureInstalling the AWS and ECS CLIsSpinning up an ECS clusterCreating task definitionsScheduling EC2 tasks on ECSScaling tasksQuerying container logs from CloudWatchStopping tasksScheduling Fargate tasks on ECSScheduling services on ECSBrowsing container logs using the ECS CLIDeleting an ECS serviceLoad balancing containers running on ECSOther CaaS productsOpen source CaaS with KnativeKnative architectureSpinning up Google Kubernetes EngineInstalling KnativeDeploying a Python Flask app on KnativeLoad testing your app on KnativeSummaryQuestions Answers
Technical requirementsThe importance of automationBuilding a CI pipeline with GitHub ActionsCreating a GitHub repositoryCreating a GitHub Actions workflowScalable Jenkins on Kubernetes with KanikoSpinning up Google Kubernetes EngineInstalling JenkinsConnecting Jenkins with the clusterRunning our first Jenkins jobAutomating a build with triggersCI with AWS Code Commit and Code BuildCreating an AWS Code Commit repositoryCreating an AWS Code Build jobBuild performance best practicesAim for faster buildsAlways use post-commit triggersConfigure build reportingCustomize the build server sizeEnsure that your builds only contain what you needSummaryQuestions Answers
Technical requirementsImportance of Continuous Deployment and automationContinuous deployment models and toolsSimple deployment modelComplex deployment modelsIntroduction to SpinnakerSetting up SpinnakerSpinning up Google Kubernetes EngineSetting up service accounts and permissionsCreating a halyard host VMInstalling halyardSetting up the required credentialsSetting up the Spinnaker configurationDeploying SpinnakerDeploying a sample application using a Spinnaker pipelineCreating a deployment manifestCreating a Spinnaker applicationCreating a Spinnaker pipelineTesting the pipelineSummaryQuestions Answers
Technical requirementsSecuring CI/CD pipelinesManaging secretsSample applicationCreating a Secret manifestCreating a Cloud KMS secretAccessing the secret and deploying the applicationContainer vulnerability scanningInstalling Anchore GrypeScanning imagesBinary authorizationSetting up binary authorizationCreating a default binary authorization policyAttesting imagesSecurity of modern DevOps pipelinesAdopt a DevSecOps cultureEstablish access controlImplement shift leftManage security risks consistentlyImplement vulnerability scanningAutomate securitySummaryQuestionsAnswers
Technical requirementsWhat is GitOps?The principles of GitOpsWhy GitOps?The branching strategy and GitOps workflowThe push modelThe pull modelStructuring the Git repositoryDeclarative infrastructure and config managementSummaryQuestions Answers
Technical requirementsContinuous integration with GitHub ActionsCreating an application repository on GitHubCreating a GitHub Actions workflowRelease gating with pull requestsContinuous deployment with Flux CD Introduction to Flux CDInstalling Flux CDManaging sensitive configuration and SecretsInstalling the Sealed Secrets operatorInstalling kubesealCreating Sealed SecretsSummaryQuestions Answers
Other Books You May EnjoyPackt is searching for authors like youShare your thoughts

Content preview from Modern DevOps Practices

Chapter 12: Securing the Deployment Pipeline

In the previous chapters, we've looked at continuous integration (CI) and continuous deployment/delivery (CD). Both concepts, and the tooling surrounding them, help us deliver better software faster. However, one of the most critical aspects of technology is security. Though security was not considered in DevOps' initial days, with the advent of DevSecOps, modern DevOps now places a great emphasis on security. In this chapter, we'll try to understand concepts surrounding container applications' security and how we can apply them within the realms of CI and CD.

In this chapter, we're going to cover the following main topics: