DevOps

SecOps = DevOps + Security

Good Read:

• Is DevOps a Title?
• What is ‘Site Reliability Engineering’?
• SRE Book by Google
• The devops transformation
• https://medium.com/cracking-the-data-science-interview/how-operating-systems-work-10-concepts-you-should-know-as-a-developer-8d63bb38331f

DevOps Overview:

1. Code — code development and review, source code management tools, code merging
2. Build — continuous integration tools, build status
3. Test — continuous testing tools that provide feedback on business risks
4. Package — artifact repository, application pre-deployment staging
5. Release — change management, release approvals, release automation
6. Configure — infrastructure configuration and management, Infrastructure as Code tools
7. Monitor — applications performance monitoring, end–user experience

DevOps Movement Core value –> CAMS:

• Culture
• Automation
• Measurement
• Sharing

Deployment/Release Strategy

• Canary Release: making staged release
• Green Blue Deployment: reduces downtime and risk by running two identical production environments called Blue and Green

Infastructure as Code

• Terraform: create, combine and manage infrastructure across multiple providers
• Chef

CI/CD

• octopus
• gitops
• jenkins
• drone

Virtualization

• Dockers: containerization
• VirtualBox: virtualization/hypervisor
• Vagrant: create and configure portable development environment

Automation

• Rundeck: Self-Service Operations Console
• Sonarqube: Continuous Code Quality
• SumoLogic: machine data analytics platform
• Scalyr: log search and management
• Stackdriver: Monitoring and management for services, containers, applications, and infrastructure
• prometheus

Log Journal

• Logrotate
• Remove journal log and abrt log

IAM

Ref:

• https://github.com/kdeldycke/awesome-iam
• https://wso2.com/whitepapers/identity-architect-ground-rules-ten-iam-design-principles/
• https://github.com/ory/oathkeeper

Access Control Model:

• Attribute-Based Access Control
• Role-Based Access Control

Observability

APM = Application Performance Monitoring

APM Vendor:

• Datadog
• Newrelic

Logging vs Instrumentation

• Logging: actionable logs
• Instrumentation: meaningful number/metrics

RED Method

• (Request) Rate - the number of requests, per second, you services are serving.
• (Request) Errors - the number of failed requests per second.
• (Request) Duration - distributions of the amount of time each request takes.

USE Method

• Utilization: the average time that the resource was busy servicing work
  • as a percent over a time interval. eg, “one disk is running at 90% utilization”.
• Saturation: the degree to which the resource has extra work which it can’t service, often queued
  • as a queue length. eg, “the CPUs have an average run queue length of four”.
• Errors: the count of error events
• resource: all physical server functional components (CPUs, disks, busses, …)

4 Golden Signal

• Latency: The time it takes to service a request.
• Traffic: A measure of how much demand on the system.
• Errors: The rate of failed requests.
• Saturation: A measure of how “full” a service is, often measured by latency.

ELK Stack (now called Elastic Stack)

• Elasticsearch: data
• Logstash
• Kibana: Visualization
• Beat

TIG Stack

• Telegraf
• InfluxDB
• Grafana
• Kapasitor:

statsd

rsyslog to forwarding log messages in an IP network

prometheus

Tracing:

• https://www.jaegertracing.io/
• https://opentracing.io/

Twelve Factor App

12factor.net

1. Codebase: One codebase tracked in revision control, many deploys
2. Dependencies: Explicitly declare and isolate dependencies
3. Config: Store config in the environment
4. Backing services: Treat backing services as attached resources
5. Build, release, run: Strictly separate build and run stages
6. Processes: Execute the app as one or more stateless processes
7. Port binding: Export services via port binding
8. Concurrency: Scale out via the process model
9. Disposability: Maximize robustness with fast startup and graceful shutdown
10. Dev/prod parity: Keep development, staging, and production as similar as possible
11. Logs: Treat logs as event streams
12. Admin processes: Run admin/management tasks as one-off processes