DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams. Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky from JFrog help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered. • Explore software lifecycle best practices • Use DevSecOps methodologies to facilitate software development and delivery • Understand the business value of DevSecOps best practices • Manage and secure software dependencies • Develop and deploy applications using containers and cloud native technologies • Manage and administrate source control repositories and development processes • Use automation to set up and administer build pipelines • Identify common deployment patterns and antipatterns • Maintain and monitor software after deployment

Author(s): Stephen Chin, Melissa McKay, Ixchel Ruiz, Baruch Sadogursky
Edition: 1
Publisher: O'Reilly Media
Year: 2022

Language: English
Commentary: Vector PDF
Pages: 342
City: Sebastopol, CA
Tags: DevOps; Cloud Computing; Security; Java; Mobile Development; Monitoring; Logging; Microservices; Docker; Deployment; Android; GitHub; Kubernetes; Continuous Integration; Containerization; Git; Site Reliability Engineering; Continuous Deployment; GitLab; Package Management; Maven; Dependency Management

Cover
Copyright
Table of Contents
Foreword
Preface
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Chapter 1. DevOps for (or Possibly Against) Developers
DevOps Is a Concept Invented by the Ops Side
Exhibit 1: The Phoenix Project
Exhibit 2: The DevOps Handbook
Google It
What Does It Do?
State of the Industry
What Constitutes Work?
If We’re Not About Deployment and Operations, Then Just What Is Our Job?
Just What Constitutes “Done”?
Rivalry?
More Than Ever Before
Volume and Velocity
Done and Done
Float Like a Butterfly…
Integrity, Authentication, and Availability
Fierce Urgency
The Software Industry Has Fully Embraced DevOps
Making It Manifest
We All Got the Message
Chapter 2. The System of Truth
Three Generations of Source Code Management
Choosing Your Source Control
Making Your First Pull Request
Git Tools
Git Command-Line Basics
Git Command-Line Tutorial
Git Clients
Git IDE Integration
Git Collaboration Patterns
git-flow
GitHub Flow
GitLab Flow
OneFlow
Trunk-Based Development
Summary
Chapter 3. An Introduction to Containers
Understanding the Problem
The History of Containers
Why Containers?
Intro to Container Anatomy
Docker Architecture and the Container Runtime
Docker on Your Machine
Basic Tagging and Image Version Management
Image and Container Layers
Best Image Build Practices and Container Gotchas
Respect the Docker Context and .dockerignore File
Use Trusted Base Images
Specify Package Versions and Keep Up with Updates
Keep Your Images Small
Beware of External Resources
Protect Your Secrets
Know Your Outputs
Summary
Chapter 4. Dissecting the Monolith
Cloud Computing
Microservices
Antipatterns
DevOps and Microservices
Microservice Frameworks
Spring Boot
Micronaut
Quarkus
Helidon
Serverless
Setting Up
Summary
Chapter 5. Continuous Integration
Adopt Continuous Integration
Declaratively Script Your Build
Build with Apache Ant
Build with Apache Maven
Build with Gradle
Continuously Build
Automate Tests
Monitor and Maintain Tests
Summary
Chapter 6. Package Management
Why Build-It-and-Ship-It Is Not Enough
It’s All About Metadata
Key Attributes of Insightful Metadata
Metadata Considerations
Determining the Metadata
Capturing Metadata
Writing the Metadata
Dependency Management Basics for Maven and Gradle
Dependency Management with Apache Maven
Dependency Management with Gradle
Dependency Management Basics for Containers
Artifact Publication
Publishing to Maven Local
Publishing to Maven Central
Publishing to Sonatype Nexus Repository
Publishing to JFrog Artifactory
Summary
Chapter 7. Securing Your Binaries
Supply Chain Security Compromised
Security from the Vendor Perspective
Security from the Customer Perspective
The Full Impact Graph
Securing Your DevOps Infrastructure
The Rise of DevSecOps
The Role of SREs in Security
Static and Dynamic Security Analysis
Static Application Security Testing
Dynamic Application Security Testing
Comparing SAST and DAST
Interactive Application Security Testing
Runtime Application Self-Protection
SAST, DAST, IAST, and RASP Summary
The Common Vulnerability Scoring System
CVSS Basic Metrics
CVSS Temporal Metrics
CVSS Environmental Metrics
CVSS in Practice
Scoping Security Analysis
Time to Market
Make or Buy
One-Time and Recurring Efforts
How Much Is Enough?
Compliance Versus Vulnerabilities
Vulnerabilities Can Be Combined into Different Attack Vectors
Vulnerabilities: Timeline from Inception Through Production Fix
Test Coverage Is Your Safety Belt
Quality Gate Methodology
Quality Gate Strategies
Fit with Project Management Procedures
Implementing Security with the Quality Gate Method
Risk Management in Quality Gates
Practical Applications of Quality Management
Shift Security Left
Not All Clean Code Is Secure Code
Effects on Scheduling
The Right Contact Person
Dealing with Technical Debt
Advanced Training on Secure Coding
Milestones for Quality
The Attacker’s Point of View
Methods of Evaluation
Be Aware of Responsibility
Summary
Chapter 8. Deploying for Developers
Building and Pushing Container Images
Managing Container Images by Using Jib
Building Container Images with Eclipse JKube
Deploying to Kubernetes
Local Setup for Deployment
Generate Kubernetes Manifests by Using Dekorate
Generate and Deploy Kubernetes Manifests with Eclipse JKube
Choose and Implement a Deployment Strategy
Managing Workloads in Kubernetes
Setting Up Health Checks
Adjusting Resource Quotas
Working with Persistent Data Collections
Best Practices for Monitoring, Logging, and Tracing
Monitoring
Logging
Tracing
High Availability and Geographic Distribution
Hybrid and MultiCloud Architectures
Summary
Chapter 9. Mobile Workflows
Fast-Paced DevOps Workflows for Mobile
Android Device Fragmentation
Android OS Fragmentation
Building for Disparate Screens
Hardware and 3D Support
Continuous Testing on Parallel Devices
Building a Device Farm
Mobile Pipelines in the Cloud
Planning a Device-Testing Strategy
Summary
Chapter 10. Continuous Deployment Patterns and Antipatterns
Why Everyone Needs Continuous Updates
User Expectations on Continuous Updates
Security Vulnerabilities Are the New Oil Spills
Getting Users to Update
Case Study: Java Six-Month Release Cadence
Case Study: iOS App Store
Continuous Uptime
Case Study: Cloudflare
The Hidden Cost of Manual Updates
Case Study: Knight Capital
Continuous Update Best Practices
Index
About the Authors
Colophon