product iamge

Modern DevOps Practices: Implement and secure DevOps in the public cloud with cutting-edge tools, tips, tricks, and techniques

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Enhance DevOps workflows by integrating the functionalities of Docker, Kubernetes, Spinnaker, Ansible, Terraform, Flux CD, CaaS, and more with the help of practical examples and expert tips

Key Features

  • Get up and running with containerization-as-a-service and infrastructure automation in the public cloud
  • Learn container security techniques and secret management with Cloud KMS, Anchore Grype, and Grafeas Kritis
  • Leverage the combination of DevOps, GitOps, and automation to continuously ship a package of software

Book Description

Containers have entirely changed how developers and end-users see applications as a whole. With this book, you'll learn all about containers, their architecture and benefits, and how to implement them within your development lifecycle.

You'll discover how you can transition from the traditional world of virtual machines and adopt modern ways of using DevOps to ship a package of software continuously. Starting with a quick refresher on the core concepts of containers, you'll move on to study the architectural concepts to implement modern ways of application development. You'll cover topics around Docker, Kubernetes, Ansible, Terraform, Packer, and other similar tools that will help you to build a base. As you advance, the book covers the core elements of cloud integration (AWS ECS, GKE, and other CaaS services), continuous integration, and continuous delivery (GitHub actions, Jenkins, and Spinnaker) to help you understand the essence of container management and delivery. The later sections of the book will take you through container pipeline security and GitOps (Flux CD and Terraform).

By the end of this DevOps book, you'll have learned best practices for automating your development lifecycle and making the most of containers, infrastructure automation, and CaaS, and be ready to develop applications using modern tools and techniques.

What you will learn

  • Become well-versed with AWS ECS, Google Cloud Run, and Knative
  • Discover how to build and manage secure Docker images efficiently
  • Understand continuous integration with Jenkins on Kubernetes and GitHub actions
  • Get to grips with using Spinnaker for continuous deployment/delivery
  • Manage immutable infrastructure on the cloud with Packer, Terraform, and Ansible
  • Explore the world of GitOps with GitHub actions, Terraform, and Flux CD

Who this book is for

If you are a software engineer, system administrator, or operations engineer looking to step into the world of DevOps within public cloud platforms, this book is for you. Existing DevOps engineers will also find this book useful as it covers best practices, tips, and tricks to implement DevOps with a cloud-native mindset. Although no containerization experience is necessary, a basic understanding of the software development life cycle and delivery will help you get the most out of the book.

Table of Contents

  1. The Move to Containers
  2. Containerization with Docker
  3. Creating and Managing Container Images
  4. Container Orchestration with Kubernetes – Part I
  5. Container Orchestration with Kubernetes – Part II
  6. Infrastructure as Code (IaC) with Terraform
  7. Configuration Management with Ansible
  8. IaC and Config Management in Action
  9. Serverless - Container as a Service
  10. Continuous Integration
  11. Continuous Deployment/Delivery with Spinnaker
  12. Securing the Deployment Pipeline
  13. Understanding DevOps with GitOps
  14. CI/CD Pipeline with GitOps

Author(s): Gaurav Agarwal
Publisher: Packt Publishing
Year: 2021

Language: English
Commentary: True PDF
Pages: 530

Cover
Title Page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Section 1: Container Fundamentals and Best Practices
Chapter 1: The Move to Containers
The need for containers
The matrix of hell
Virtual machines
Containers
It works on my machine
Container architecture
Container networking
Modern DevOps versus traditional DevOps
Containers and modern DevOps practices
Migrating from virtual machines to containers
Discovery
Application requirement assessment
Container infrastructure design
Containerizing the application
Testing
Deployment and rollout
What applications should go in containers?
Breaking the applications into smaller pieces
Are we there yet?
Summary
Questions
Answers
Chapter 2: Containerization with Docker
Technical requirements
Installing tools
Installing Git
Installing vim
Installing Docker
Introducing Docker storage drivers and volumes
Docker data storage options
Mounting volumes
Docker storage drivers
Configuring a storage driver
Running your first container
Running containers from versioned images
Running Docker containers in the background
Troubleshooting containers
Putting it all together
Restarting and removing containers
Docker logging and logging drivers
Container log management
Logging drivers
Configuring logging drivers
Typical challenges and best practices with Docker logging
Docker monitoring with Prometheus
Challenges with container monitoring
Installing Prometheus
Configuring cAdvisor and the node exporter to expose metrics
Configuring Prometheus to scrape metrics
Launching a sample container application
Metrics to monitor
Declarative container management with Docker Compose
Installing Docker Compose
Deploying a sample application with Docker Compose
Creating the docker-compose file
Docker Compose best practices
Summary
Questions
Answers
Chapter 3: Creating and Managing Container Images
Technical requirements
Docker architecture
Understanding Docker images
The layered filesystem
Image history
Understanding Dockerfiles, components, and directives
Can we use ENTRYPOINT instead of CMD?
Are RUN and CMD the same?
Building our first container
Building and managing Docker images
Single-stage builds
Multi-stage builds
Managing Docker images
Flattening Docker images
Optimizing containers with distroless images
Performance
Security
Cost
Understanding Docker registries
Hosting your private Docker registry
Other public registries
Summary
Questions
Answers
Chapter 4: Container Orchestration with Kubernetes – Part I
Technical requirements
What is Kubernetes and why do I need it?
Kubernetes architecture
Installing Kubernetes (Minikube and KinD)
Installing Minikube
Installing KinD
Understanding Kubernetes pods
Using port forwarding
Troubleshooting pods
Ensuring pod reliability
Pod multi-container design patterns
Summary
Questions
Answers
Chapter 5: Container Orchestration with Kubernetes – Part II
Technical requirements
Spinning up Google Kubernetes Engine
Kubernetes Deployments
ReplicaSet resource
Deployment resource
Kubernetes Deployment strategies
Kubernetes Services and Ingresses
ClusterIP Services
NodePort services
LoadBalancer services
Ingress resources
Horizontal Pod autoscaling
Managing stateful applications
StatefulSet resource
Managing persistent volumes
Kubernetes command-line best practices
Using alias
Using kubectl bash autocompletion
Summary
Questions
Answers
Section 2: Delivering Containers
Chapter 6: Infrastructure as Code (IaC) with Terraform
Technical requirements
Introduction to IaC
Installing Terraform
Terraform providers
Authentication and authorization with Azure
Using the Azure Terraform provider
Terraform variables
Providing variable values
Terraform workflow
terraform init
Creating the first resource – Azure resource group
terraform fmt
terraform validate
terraform plan
terraform apply
terraform destroy
terraform state
Using the Azure Storage backend
Terraform workspaces
Inspecting resources
Inspecting state files
Cleaning up
Terraform output, state, console, and graphs
terraform output
Managing Terraform state
terraform console
Terraform dependencies and graph
Cleaning up resources
Summary
Questions
Answers
Chapter 7: Configuration Management with Ansible
Technical requirements
Introduction to config management
Setting up Ansible
Setting up inventory
Installing Ansible in the control node
Connecting the Ansible control node with inventory servers
Setting up an inventory file
Setting up the Ansible configuration file
Ansible tasks and modules
Introduction to Ansible playbooks
Checking playbook syntax
Applying the first playbook
Ansible playbooks in action
Updating packages and repositories
Installing application packages and services
Configuring applications
Combining the playbooks
Executing the playbooks
Designing for reusability
Ansible variables
Sourcing variable values
Jinja2 templates
Ansible roles
Summary
Questions
Answers
Chapter 8: IaC and Config Management in Action
Technical requirements
Immutable infrastructure with Hashicorp's Packer
When to use immutable infrastructure
Installing Packer
Creating the Apache and MySQL playbooks
Building the Apache and MySQL images using Packer and Ansible provisioners
Prerequisites
Defining the Packer configuration
Creating the required infrastructure with Terraform
Summary
Questions
Answers
Chapter 9: Containers as a Service (CaaS) and Serverless Computing for Containers
Technical requirements
The need for serverless offerings
Amazon ECS with EC2 and Fargate
ECS architecture
Installing the AWS and ECS CLIs
Spinning up an ECS cluster
Creating task definitions
Scheduling EC2 tasks on ECS
Scaling tasks
Querying container logs from CloudWatch
Stopping tasks
Scheduling Fargate tasks on ECS
Scheduling services on ECS
Browsing container logs using the ECS CLI
Deleting an ECS service
Load balancing containers running on ECS
Other CaaS products
Open source CaaS with Knative
Knative architecture
Spinning up Google Kubernetes Engine
Installing Knative
Deploying a Python Flask app on Knative
Load testing your app on Knative
Summary
Questions
Answers
Chapter 10: Continuous Integration
Technical requirements
The importance of automation
Building a CI pipeline with GitHub Actions
Creating a GitHub repository
Creating a GitHub Actions workflow
Scalable Jenkins on Kubernetes with Kaniko
Spinning up Google Kubernetes Engine
Installing Jenkins
Connecting Jenkins with the cluster
Running our first Jenkins job
Automating a build with triggers
CI with AWS Code Commit and Code Build
Creating an AWS Code Commit repository
Creating an AWS Code Build job
Build performance best practices
Aim for faster builds
Always use post-commit triggers
Configure build reporting
Customize the build server size
Ensure that your builds only contain what you need
Summary
Questions
Answers
Chapter 11: Continuous Deployment/Delivery with Spinnaker
Technical requirements
Importance of Continuous Deployment and automation
Continuous deployment models and tools
Simple deployment model
Complex deployment models
Introduction to Spinnaker
Setting up Spinnaker
Spinning up Google Kubernetes Engine
Setting up service accounts and permissions
Creating a halyard host VM
Installing halyard
Setting up the required credentials
Setting up the Spinnaker configuration
Deploying Spinnaker
Deploying a sample application using a Spinnaker pipeline
Creating a deployment manifest
Creating a Spinnaker application
Creating a Spinnaker pipeline
Testing the pipeline
Summary
Questions
Answers
Chapter 12: Securing the Deployment Pipeline
Technical requirements
Securing CI/CD pipelines
Managing secrets
Sample application
Creating a Secret manifest
Creating a Cloud KMS secret
Accessing the secret and deploying the application
Container vulnerability scanning
Installing Anchore Grype
Scanning images
Binary authorization
Setting up binary authorization
Creating a default binary authorization policy
Attesting images
Security of modern DevOps pipelines
Adopt a DevSecOps culture
Establish access control
Implement shift left
Manage security risks consistently
Implement vulnerability scanning
Automate security
Summary
Questions
Answers
Section 3: Modern DevOps with GitOps
Chapter 13: Understanding DevOps with GitOps
Technical requirements
What is GitOps?
The principles of GitOps
Why GitOps?
The branching strategy and GitOps workflow
The push model
The pull model
Structuring the Git repository
Declarative infrastructure and config management
Summary
Questions
Answers
Chapter 14: CI/CD Pipelines with GitOps
Technical requirements
Continuous integration with GitHub Actions
Creating an application repository on GitHub
Creating a GitHub Actions workflow
Release gating with pull requests
Continuous deployment with Flux CD
Introduction to Flux CD
Installing Flux CD
Managing sensitive configuration and Secrets
Installing the Sealed Secrets operator
Installing kubeseal
Creating Sealed Secrets
Summary
Questions
Answers
About PACKT
Other Books You May Enjoy
Index