Discover how to manage high availability with Docker Swarm and Kubernetes
Learn how Docker can manage the security in images and containers
Discover how Docker can be integrated into development workflows in applications
Discover vulnerabilities in the Docker containers and images with practical examples to secure your container-based applications
Discover tools for monitoring and administration Docker and Kubernetes applications
Description Through this book, we will introduce the DevOps tools ecosystem and the main containers orchestration tools through an introduction to some platforms such as Kubernetes, Docker Swarm, and OpenShift.Among other topics, both good practices will be addressed when constructing the Docker images as well as best security practices to be applied at the level of the host in which those containers are executed, from Docker's own daemon to the rest of the components that make up its technological stack.We will review the topics such as static analysis of vulnerabilities on Docker images, the signing of images with Docker Content Trust and their subsequent publication in a Docker Registry will be addressed. Also, we will review the security state in Kubernetes.In the last section, we will review container management and administration open source tools for IT organizations that need to manage and monitor container-based applications, reviewing topics such as monitoring, administration, and networking in Docker. What will you learn
Learn fundamental DevOps skills and tools, starting with the basic components and concepts of Docker.
Learn about Docker as a platform for the deployment of containers and Docker images taking into account the security of applications.
Learn about tools that allow us to audit the security of the machine where we execute Docker images, finding out how to secure your Docker host.
Learn how to secure your Docker environment and discover vulnerabilities and threats in Docker images.
Learn about creating and deploying containers in a security way with Docker and Kubernetes.
Learn about monitoring and administration in Docker with tools such as cadvisor, sysdig, portainer, and Rancher.
Who this book is for This book covers different techniques to help developers improve DevOps and container security skills and can be useful for people who are involved in software development and want to learn how Docker works from a security point of view. It is recommended that readers have the knowledge about UNIX commands and they work with commands terminal. Table of Contents 1. Getting started with DevOps 2. Container platforms 3. Managing Containers and Docker images 4. Getting started with Docker security 5. Docker host security 6. Docker images security 7. Auditing and analyzing vulnerabilities in Docker containers 8. Kubernetes security 9. Docker container networking 10. Docker container monitoring 11. Docker container administration About the Author José Manuel Ortega is a software engineer and security researcher with a special focus on new technologies, open source, security and testing. In recent years, he is interested in security development, especially with Python and security best practices with Docker and Kubernetes. Conferences and talks related with python, security and docker are available on his personal Your Blog links: http://jmortega.github.io/ Your LinkedIn Profile: https://www.linkedin.com/in/jmortega1/
Trusted by 375,005 students
Access to over 1.5 million titles for a fair monthly price.
In this chapter, we will review the DevOps ecosystem as a new movement that tries to improve the agility in the provision of services. DevOps is more than a technology or a set of tools. It is a mentality that requires cultural evolution. The right people, processes and tools allow the lifecycle of applications to be faster and more predictable.
Structure
What is DevOps?
DevOps methodologies
Continuous integration andcontinuous delivery
DevOps tools
DevOps and security
Objectives
Understanding the concept of DevOps
Understanding DevOps methodologies
Understanding the concepts of continuous integration and continuous delivery and the software delivery pipeline
Knowing about DevOps tools
Understanding the concept of DevSecOps
What is DevOps?
In recent years, the evolution of technology has allowed us to achieve this communication between the development and operations teams, giving us the possibility of working with the infrastructure as a code, which makes it possible to work with processes that were previously manual or not very automated with the advantages of all the work that has been done in the development part to improve quality (test), collaborative work (version management), dependency management and integration with third-party products. These practices are oriented to reduce the time and effort in each of the development phases, managing to deliver code in production with greater speed and quality, reducing errors and limiting manual tasks that do not add value to the process.
DevOps is a software development methodology that seeks to optimize the delivery process as well as strengthen collaboration between the software development teams that build the solutions, and the operations teams responsible for these solutions are available in different environments.
The integration and collaboration of application developers (Dev) and those in charge of keeping them in production (Ops) offering important benefits:
Technical benefits:
Allows the implementation of continuous deployment strategies
Reduces risk and complexity
Cultural benefits:
Better communication, cohesion and motivation
Orientation to results, efficiency and quality of work
Professional development of team members
Creating a culture of shared responsibility, transparency and faster feedback is the basis of high-performance DevOps teams.
Business benefits:
Best time-to-market
More robust and stable operating environments
More resources to innovate (instead of correcting and maintaining)
Minimizes problem resolution time
Behind a simple definition, with an ambitious goal, we find some challenges:
DevOps is not an end itself, but a change in the culture of the organization, the tools used and the work procedures and methodologies.
It is necessary to know the strengths and weaknesses of the current software development cycle in order to define the best implementation strategy. This allows us to prioritize actions such as the implementation of tools and methodological changes.
It is very important to define the indicators that allow evaluating the effectiveness of the different actions: on the one hand to correct those that are not giving the expected result, and on the other to consolidate the cultural change in the organization.
With the advent of agile development methodologies and the needs of continuous integration and delivery (CI, continuous integration and CD, continuous delivery) there is a new organizational trend called DevOps, which, in short, aims to combine profiles into a single team very separated in more traditional organizations such as developers and operations teams, all with the final goal of deploying in productive environments more regularly.
Making new deliveries of the software on a regular basis (weekly, daily or even several times a day) is achieved to provide the process of the production step of more security or stability and more efficiency.
According to the DevOps state study, it is proven that organizations that use agile development methodologies and DevOps philosophy in their organization deploy up to 46 times more frequently than more traditional organizations, with failure recovery times 96 times faster and with a failure rate changes 5 times less than more traditional organizations, not so focused on performance. Deployments are made in production much more often (on-demand, several times a day) with a lead time for changes of less than one hour.
The term DevOps (Development + Operations) postulates that in business software, the line that divided the development of operations has been deleted. When new development methodologies (such as agile software development) are adopted in a traditional organization with separate departments for Development, Operations, Quality Control and Implementation, where before there was no deep need for integration between these IT departments, they now require close a multi-departmental collaboration.
DevOps involves the tasks automation of creating a job for development, but also the systematization of tests, deployment and configuration tasks related to it, all in an environment of agile development. Specifically, DevOps comprises the following 7 aspects:
Automation of tasks related to development: You do not have to remember commands to do all kinds of things (installation of libraries or configuration of a machine), but there are scripts that homogenize and automate specific tasks in development phase.
Virtualization: use of virtual resources for storage, publication and, in general, all the steps of software development and deployment.
Servers provisioning: the virtual servers to which they are deployed must be prepared with all the necessary tools to publish the application.
Management of configurations: the management of the configurations of the servers and the orders for provisioning must be controlled by a version management system that allows testing and control the environment in which the software is running.
Deployment in the Cloud: publication of applications in virtual servers. The Cloud is a key environment that facilitates the development of DevOps since it provides this methodology with the speed and automation capacity necessary to make innovation and model change possible.
Software life cycle: the life cycle of an application includes the definition of the different phases in the life of an application, from design phase to support phase, going through the development phase.
Continuous deployment: the life cycle of an application must be linked to agile development cycles in which each new feature is introduced as soon as it is ready and tested; Continuous deployment implies continuous integration of new features and fixes, both in software and hardware.
DevOps proposes an agile and collaborative interaction between developers and operations team, from the traditional perspective with marked segregation of functions, through the inclusion of mechanisms that give greater dynamism to the delivery of services without neglecting control from the beginning of the project until production control. To achieve its objective, DevOps is based on principles such as Continuous Integration, Continuous Delivery and Continuous Deployment.
Figure 1.1: DevOps as an intersection between development, operations and QA
DevOps establishes an intersection between development, operations and Quality, but is not governed by a standard framework of practices and allows a much more flexible interpretation to the extent that each organization wants to put it into practice, according to its structure and circumstances.
The term DevOps refers more than just implementations of software: is a set of processes and methods to think about communication and collaboration between the departments mentioned above. Companies that have very frequent software deliveries may require a DevOps awareness or orientation. The adoption of DevOps is being driven by factors such as:
The use of agile development processes and other methodologies.
The increase of a higher rate of production versions by the interested application and business units.
Wide availability of virtualization in the cloud infrastructure of internal and external suppliers.
Increased use of data automation and configuration management tools.
The following points could be considered fundamental for adopting a DevOps methodology by an organization.:
Use of agile methodologies -agile methodologies such as Scrum allows developers using iterative and incremental approaches using multidisciplinary teams and try to deliver products with the highest possible value to the client in the shortest possible time. This methodology can be complemented with other tools like Kanban as a tool to manage development tasks oriented for visualizing the tasks workflow, work in progress and completed tasks.
Other methodologies such as Extreme Programming (XP) has the great advantage of organized and planned programming so that there are no errors throughout the process. They are usually used for the execution of short-term projects. It is considered a light methodology and focuses on cost savings, unit tests, integration of the whole system on a frequent basis, pair programming, simple design and frequent deliveries of software that works.
Testing methodologies such as BDD (Behaviour Driven Development), TDD (Test Driven Development) and ATDD (Acceptance Test Driven Development) have acquired great importance in software development to help an organization to test and improve the efficiency of development successfully. These methodologies can be complemented with other techniques like white box and black box tests for test performing.
Using a microservices architecture is one of the best ways to solve the problems inherent in monolithic systems. This type of architecture improves the assignment of responsibilities in the development teams and facilitates the encapsulation in Docker containers, reducing the effort and risk of managing the dependencies of the application, improving the management of updates and providing functionalities such as load balancing, high availability and service discovery. Containers technology has the advantage of sharing operating system and isolates applications by adding a layer of protection between them.
Use of good practices - these good practices include activities aimed at correctly implementing DevOps and refining the problems that may arise in adapting to the organization.
Record all incidents: Each incident must be reflected in a tool for further processing.
Guarantee repeatability: Every operation should be automated as much as possible, providing automatic mechanisms also for the rollback to the previous state of a change.
Test everything: Every change should be tested, if possible, in an automatic way. To automate are the integration / deployment / continuous delivery systems that have already been mentioned.
Monitor and audit what is necessary: Using tools for tracking applications behavior, as well as incidents in the logs, is very useful for the development team to fix problems. In addition, there must always be a person responsible for each change in the system, and generic accounts must be avoided, each user must carry out operations in an identifiable way.
DevOps methodologies
Currently, DevOps can be defined as an infinity symbol or a circle that defines the different areas and phases that comprise it:
Planning
Developing (build phase)
Continuous integration and testing
Deployment
Operation
Monitoring (continuous feedback)
Figure 1.2: DevOps processes
It is important to understand that it is one of the multiple representations, not the definitive canon. Having fully valid simplifications in the form of four main phases, or detailed decompositions of each of them.
Another essential idea to internalize is that it is the definition of an iterative flow so that different processes can be included in different phases in an organic and superimposed way, always adjusting to the fundamental concepts of value and continuous improvement.
Now, I will look at each phase in more detail, allowing me a very usual license in the DevOps processes, which is to use the Scrum framework as a working methodology to make explanations easier.
Management and planning
Every project needs a vision that indicates to the participants the reason and the goal of the work to be done; defining a minimum set of functionalities that allow to provide functional value in each iteration, the acceptance criteria to be met and the definition of done; for each one of the phases and in the whole of the proje...
Table of contents
Cover Page
Title Page
Copyright Page
Dedication
About the Author
About the Reviewers
Acknowledgement
Preface
Errata
Table of Contents
1. Getting Started with DevOps
2. Container Platforms
3. Managing Containers and Docker Images
4. Getting Started with Docker Security
5. Docker Host Security
6. Docker Image Security
7. Auditing and Analyzing Vulnerabilities in Docker Containers
8. Kubernetes Security
9. Docker Container Networking
10. Docker Container Monitoring
11. Docker Container Administration
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go. Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access DevOps and Containers Security by Jose Manuel Ortega Candel in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciberseguridad. We have over 1.5 million books available in our catalogue for you to explore.
