Modern DevOps Practices: Implement, secure, and manage applications on the public cloud by leveraging cutting-edge tools
9781805121824, 9781803231426, 9781803233000
Enhance DevOps workflows by integrating the functionalities of Git, Docker, Kubernetes, Argo CD, Ansible, Terraform, Ist
124
20
22MB
English
Pages 770
Year 2023
Report DMCA / Copyright
DOWNLOAD EPUB FILE
Table of contents :
Modern DevOps Practices
Contributors
About the author
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share your thoughts
Download a free PDF copy of this book
Part 1:Modern DevOps Fundamentals
1
The Modern Way of DevOps
What is DevOps?
Introduction to cloud computing
Understanding modern cloud-native applications
Modern DevOps versus traditional DevOps
The need for containers
The matrix of hell
Virtual machines
Containers
It works on my machine
Container architecture
Container networking
Containers and modern DevOps practices
Migrating from virtual machines to containers
Discovery
Application requirement assessment
Container infrastructure design
Containerizing the application
Testing
Deployment and rollout
What applications should go in containers?
Breaking the applications into smaller pieces
Are we there yet?
Summary
Questions
Answers
2
Source Code Management with Git and GitOps
Technical requirements
What is source code management?
A crash course on Git
Installing Git
Initializing your first Git repository
Staging code changes
Displaying commit history
Amending the last commit
Understanding remote repositories
Creating a remote Git repository
Setting up authentication with the remote Git repository
Connecting the local repository to the remote repository
Pushing changes from the local repository to the remote repository
Pulling and rebasing your code
Git branches
Creating and managing Git branches
Working with pull requests
What is GitOps?
Why GitOps?
The principles of GitOps
Branching strategies and the GitOps workflow
The push model
The pull model
Structuring the Git repository
Git versus GitOps
Summary
Questions
Answers
3
Containerization with Docker
Technical requirements
Installing Docker
Introducing Docker storage drivers and volumes
Docker data storage options
Mounting volumes
Docker storage drivers
Configuring a storage driver
Running your first container
Running containers from versioned images
Running Docker containers in the background
Troubleshooting containers
Putting it all together
Restarting and removing containers
Docker logging and logging drivers
Container log management
Logging drivers
Configuring logging drivers
Typical challenges and best practices to address these challenges with Docker logging
Docker monitoring with Prometheus
Challenges with container monitoring
Installing Prometheus
Configuring cAdvisor and the node exporter to expose metrics
Configuring Prometheus to scrape metrics
Launching a sample container application
Metrics to monitor
Declarative container management with Docker Compose
Deploying a sample application with Docker Compose
Creating the docker-compose file
Docker Compose best practices
Summary
Questions
Answers
4
Creating and Managing Container Images
Technical requirements
Docker architecture
Understanding Docker images
The layered filesystem
Image history
Understanding Dockerfiles, components, and directives
Can we use ENTRYPOINT instead of CMD?
Are RUN and CMD the same?
Building our first container
Building and managing Docker images
Single-stage builds
Multi-stage builds
Managing Docker images
Flattening Docker images
Optimizing containers with distroless images
Performance
Security
Cost
Understanding Docker registries
Hosting your private Docker registry
Other public registries
Summary
Questions
Answers
Part 2:Container Orchestration and Serverless
5
Container Orchestration with Kubernetes
Technical requirements
What is Kubernetes, and why do I need it?
Kubernetes architecture
Installing Kubernetes (Minikube and KinD)
Installing Minikube
Installing KinD
Understanding Kubernetes pods
Running a pod
Using port forwarding
Troubleshooting pods
Ensuring pod reliability
Pod multi-container design patterns
Summary
Questions
Answers
6
Managing Advanced Kubernetes Resources
Technical requirements
Spinning up GKE
The need for advanced Kubernetes resources
Kubernetes Deployments
ReplicaSet resources
Deployment resources
Kubernetes Deployment strategies
Kubernetes Services and Ingresses
ClusterIP Service resources
NodePort Service resources
LoadBalancer Service resources
Ingress resources
Horizontal Pod autoscaling
Managing stateful applications
StatefulSet resources
Managing Persistent Volumes
Kubernetes command-line best practices, tips, and tricks
Using aliases
Using kubectl bash autocompletion
Summary
Questions
Answers
7
Containers as a Service (CaaS) and Serverless Computing for Containers
Technical requirements
The need for serverless offerings
Amazon ECS with EC2 and Fargate
ECS architecture
Installing the AWS and ECS CLIs
Spinning up an ECS cluster
Creating task definitions
Scheduling EC2 tasks on ECS
Scaling tasks
Querying container logs from CloudWatch
Stopping tasks
Scheduling Fargate tasks on ECS
Scheduling services on ECS
Browsing container logs using the ECS CLI
Deleting an ECS service
Load balancing containers running on ECS
Other CaaS services
Open source CaaS with Knative
Knative architecture
Spinning up GKE
Installing Knative
Deploying a Python Flask application on Knative
Load testing your app on Knative
Summary
Questions
Answers
Part 3:Managing Config and Infrastructure
8
Infrastructure as Code (IaC) with Terraform
Technical requirements
Introduction to IaC
Installing Terraform
Terraform providers
Authentication and authorization with Azure
Using the Azure Terraform provider
Terraform variables
Providing variable values
Terraform workflow
terraform init
Creating the first resource – Azure resource group
terraform fmt
terraform validate
terraform plan
terraform apply
terraform destroy
Terraform modules
Managing Terraform state
Using the Azure Storage backend
Terraform workspaces
Inspecting resources
Inspecting state files
Cleaning up
Terraform output, state, console, and graphs
terraform output
Managing Terraform state
terraform console
Terraform dependencies and graphs
Cleaning up resources
Summary
Questions
Answers
9
Configuration Management with Ansible
Technical requirements
Introduction to configuration management
Setting up Ansible
Setting up inventory
Connecting the Ansible control node with inventory servers
Installing Ansible in the control node
Setting up an inventory file
Setting up the Ansible configuration file
Ansible tasks and modules
Introduction to Ansible playbooks
Checking playbook syntax
Applying the first playbook
Ansible playbooks in action
Updating packages and repositories
Installing application packages and services
Configuring applications
Combining playbooks
Executing playbooks
Designing for reusability
Ansible variables
Sourcing variable values
Jinja2 templates
Ansible roles
Summary
Questions
Answers
10
Immutable Infrastructure with Packer
Technical requirements
Immutable infrastructure with HashiCorp’s Packer
When to use immutable infrastructure
Installing Packer
Creating the Apache and MySQL playbooks
Building the Apache and MySQL images using Packer and Ansible provisioners
Prerequisites
Defining the Packer configuration
The Packer workflow for building images
Creating the required infrastructure with Terraform
Summary
Questions
Answers
Part 4:Delivering Applications with GitOps
11
Continuous Integration with GitHub Actions and Jenkins
Technical requirements
The importance of automation
Introduction to the sample microservices-based blogging application – Blog App
Building a CI pipeline with GitHub Actions
Creating a GitHub repository
Creating a GitHub Actions workflow
Scalable Jenkins on Kubernetes with Kaniko
Spinning up Google Kubernetes Engine
Creating the Jenkins CaC (JCasC) file
Installing Jenkins
Running our first Jenkins job
Automating a build with triggers
Building performance best practices
Aim for faster builds
Always use post-commit triggers
Configure build reporting
Customize the build server size
Ensure that your builds only contain what you need
Parallelize your builds
Make use of caching
Use incremental building
Optimize testing
Use artifact management
Manage application dependencies
Utilize Infrastructure as Code
Use containerization to manage build and test environments
Utilize cloud-based CI/CD
Monitor and profile your CI/CD pipelines
Pipeline optimization
Implement automated cleanup
Documentation and training
Summary
Questions
Answers
12
Continuous Deployment/Delivery with Argo CD
Technical requirements
The importance of CD and automation
CD models and tools
Simple deployment model
Complex deployment models
The Blog App and its deployment configuration
Continuous declarative IaC using an Environment repository
Creating and setting up our Environment repository
Introduction to Argo CD
Installing and setting up Argo CD
Terraform changes
The Kubernetes manifests
Argo CD Application and ApplicationSet
Accessing the Argo CD Web UI
Managing sensitive configurations and Secrets
Installing the Sealed Secrets operator
Installing kubeseal
Creating Sealed Secrets
Deploying the sample Blog App
Summary
Questions
Answers
13
Securing and Testing Your CI/CD Pipeline
Technical requirements
Securing and testing CI/CD pipelines
Revisiting the Blog Application
Container vulnerability scanning
Installing Anchore Grype
Scanning images
Managing secrets
Creating a Secret in Google Cloud Secret Manager
Accessing external secrets using External Secrets Operator
Setting up the baseline
Installing external secrets with Terraform
Testing your application within the CD pipeline
CD workflow changes
Binary authorization
Setting up binary authorization
Release gating with pull requests and deployment to production
Merging code and deploying to prod
Security and testing best practices for modern DevOps pipelines
Adopt a DevSecOps culture
Establish access control
Implement shift left
Manage security risks consistently
Implement vulnerability scanning
Automate security
Test automation within your CI/CD pipelines
Manage your test data effectively
Test all aspects of your application
Implement chaos engineering
Monitor and observe your application when it is being tested
Effective testing in production
Documentation and knowledge sharing
Summary
Questions
Answers
Part 5:Operating Applications in Production
14
Understanding Key Performance Indicators (KPIs) for Your Production Service
Understanding the importance of reliability
Understanding SLIs, SLOs, and SLAs
SLIs
SLOs
SLAs
Error budgets
Disaster recovery, RTO, and RPO
Running distributed applications in production
Summary
Questions
Answers
15
Implementing Traffic Management, Security, and Observability with Istio
Technical requirements
Setting up the baseline
Revisiting the Blog App
Introduction to service mesh
Introduction to Istio
Traffic management
Security
Observability
Developer-friendly
Understanding the Istio architecture
The control plane architecture
The data plane architecture
Installing Istio
Enabling automatic sidecar injection
Using Istio ingress to allow traffic
Securing your microservices using Istio
Creating secure ingress gateways
Enforcing TLS within your service mesh
Managing traffic with Istio
Traffic shifting and canary rollouts
Traffic mirroring
Observing traffic and alerting with Istio
Accessing the Kiali dashboard
Monitoring and alerting with Grafana
Summary
Questions
Answers
Appendix: The Role of AI in DevOps
What is AI?
The role of AI in the DevOps infinity loop
Code development
Software testing and quality assurance
Continuous integration and delivery
Software operations
Summary
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book