Fundamentals of DevOps and Software Delivery

Fundamentals of DevOps and Software Delivery

By Yevgeniy Brikman

There are many guides out there on how to write software. This book is a guide to software delivery: that is, all the processes, tools, and techniques that are required to run and maintain software in production on an ongoing basis. In particular, this book is a guide to DevOps, a methodology for making software delivery more efficient.

Whereas most books and talks on DevOps focus on culture, values, and organizational structure, I've found that when most people talk about DevOps, what they are really interested in is the mechanics of effective software delivery. That's what this book is all about. It's a hands-on guide that includes dozens of step-by-step examples of how to run production systems. You’ll start with the basics—an app running on a single server—and work your way up to microservices in a Kubernetes cluster with a service mesh, automated deployment pipeline, end-to-end encryption, and more.

By the time you’re done with the book, you will have had hands-on practice with all the core concepts and best practices of modern DevOps and software delivery.

Buy Now

About the book

This book is for individual contributors in operations (e.g., current and aspiring Site Reliability Engineers, DevOps Engineers, Sysadmins, Operations Engineers, and Release Engineers) who want to level up their knowledge of software delivery, individual contributors in dev (e.g., Software Engineers, Software Developers, Web Developers, and Full Stack Engineers) who want to learn more about the operations side of the house, and managers in engineering (e.g., Engineering Managers, Engineering Directors, CTOs, VPEs, and CIOs) who want to learn how to adopt DevOps practices in their organizations.

Chapter 1

  • Personal computers vs servers
  • On-prem vs cloud
  • PaaS vs IaaS

Learn more »

Chapter 2

  • Ad hoc scripts
  • Configuration management tools
  • Server templating tools
  • Provisioning tools

Learn more »

Chapter 3

  • Server orchestration
  • VM orchestration
  • Container orchestration
  • Serverless orchestration

Learn more »

Chapter 4

  • Version control
  • Build systems
  • Dependency management
  • Automated testing

Learn more »

Chapter 5

  • Trunk-based development
  • Feature toggles
  • Deployment strategies and pipelines

Learn more »

Chapter 6

  • Multiple environments
  • Multiple libraries
  • Multiple services

Learn more »

Chapter 7

  • Domain Name System (DNS)
  • Virtual private clouds (VPCs)
  • Network access and hardening
  • Service discovery, service meshes

Learn more »

Chapter 8

  • Cryptography
  • Encryption at rest
  • Encryption in transit

Learn more »

Chapter 9

  • Relational DBs, schemas
  • NoSQL, NewSQL, queues, streams
  • File storage and CDNs
  • Backup and recovery

Learn more »

Chapter 10

  • Logs and log aggregation
  • Metrics, dashboards, alerts
  • Observability and tracing

Learn more »

Chapter 11

  • Infrastructureless
  • Generative AI
  • Shift left, supply chain security
  • Platform engineering

Learn more »

 
Open Source Code Samples

The book includes dozens of code samples for you to try, which you can find here:

https://github.com/brikis98/devops-book

About the author

Yevgeniy Brikman

Yevgeniy (Jim) Brikman is the co-founder of Gruntwork, a company that that offers products & services for setting up world-class DevOps Foundations. He's also the author of two other books published by O'Reilly: Terraform: Up & Running, the definitive book on Terraform and OpenTofu, and Hello, Startup, a hands-on guide to building products, technologies, and teams in a startup.

Previously, Jim spent more than a decade building infrastructure and products that serve hundreds of millions of users at LinkedIn, TripAdvisor, Cisco Systems, and Thomson Financial. For more info, check out ybrikman.com.

A hands-on guide

Table of Contents

Preface
1. How to Deploy Your App
1.1 Example: Deploy the Sample App Locally
1.2 Deploying an App on a Server
1.2.1 On-Prem and Cloud Hosting
1.2.2 Example: Deploy an App Using PaaS (Render)
1.2.3 Example: Deploy an App Using IaaS (AWS)
1.3 Comparing Deployment Options
1.3.1 On-Prem Versus Cloud
When to go with the cloud
When to go with on-prem
When to go with hybrid
1.3.2 IaaS Versus PaaS
When to go with PaaS
When to go with IaaS
1.4 The Evolution of DevOps
1.5 Adopting DevOps Practices
1.6 Conclusion
2. How to Manage Your Infrastructure as Code
2.1 The Benefits of IaC
2.2 Ad Hoc Scripts
2.2.1 Example: Deploy an EC2 Instance Using a Bash Script
2.2.2 How Ad Hoc Scripts Stack Up
2.3 Configuration Management Tools
2.3.1 Example: Deploy an EC2 Instance Using Ansible
2.3.2 Example: Configure a Server Using Ansible
2.3.3 How Configuration Management Tools Stack Up
2.4 Server Templating Tools
2.4.1 Example: Create a VM Image Using Packer
2.4.2 How Server Templating Tools Stack Up
2.5 Provisioning Tools
2.5.1 Example: Deploy an EC2 Instance Using OpenTofu
2.5.2 Example: Update and Destroy Infrastructure Using OpenTofu
2.5.3 Example: Deploy an EC2 Instance Using an OpenTofu Module
2.5.4 Example: Deploy an EC2 Instance Using an OpenTofu Registry Module
2.5.5 How Provisioning Tools Stack Up
2.6 Using Multiple IaC Tools Together
2.6.1 Provisioning Plus Configuration Management
2.6.2 Provisioning Plus Server Templating
2.6.3 Provisioning Plus Server Templating Plus Orchestration
2.7 Adopting IaC
2.8 Conclusion
3. How to Manage Your Apps Using Orchestration Tools
3.1 An Introduction to Orchestration
3.2 Server Orchestration
3.2.1 Example: Deploy an App Securely and Reliably Using Ansible
3.2.2 Example: Deploy a Load Balancer Using Ansible and Nginx
3.2.3 Example: Roll Out Updates with Ansible
3.3 VM Orchestration
3.3.1 Example: Build a VM Image Using Packer
3.3.2 Example: Deploy a VM Image in an Auto Scaling Group Using OpenTofu
3.3.3 Example: Deploy an Application Load Balancer Using OpenTofu
3.3.4 Example: Roll Out Updates with OpenTofu and Auto Scaling Groups
3.4 Container Orchestration
3.4.1 Example: A Crash Course on Docker
3.4.2 Example: Create a Docker Image for a Node.js app
3.4.3 Example: Deploy a Dockerized App with Kubernetes
3.4.4 Example: Deploy a Load Balancer with Kubernetes
3.4.5 Example: Roll Out Updates with Kubernetes
3.4.6 Example: Deploy a Kubernetes Cluster in AWS Using EKS
3.4.7 Example: Push a Docker Image to ECR
3.4.8 Example: Deploy a Dockerized App into an EKS Cluster
3.5 Serverless Orchestration
3.5.1 Example: Deploy a Serverless Function with AWS Lambda
3.5.2 Example: Create a Lambda Function URL
3.5.3 Example: Roll Out Updates with AWS Lambda
3.6 Comparing Orchestration Options
3.7 Conclusion
4. How to Version, Build, and Test Your Code
4.1 Version Control
4.1.1 Example: Turn your Code into a Git Repo
4.1.2 Example: Store your Code in GitHub
4.1.3 Version Control Recommendations
Always use version control
Write good commit messages
Commit early and often
Use a code review process
Protect your code
4.2 Build System
4.2.1 Example: Configure your Build Using NPM
4.2.2 Dependency Management
4.2.3 Example: Add Dependencies in NPM
4.3 Automated Testing
4.3.1 Example: Add Automated Tests for the Node.js App
4.3.2 Example: Add Automated Tests for the OpenTofu Code
4.3.3 Testing Recommendations
The test pyramid
What to test
Test-Driven Development (TDD)
4.4 Conclusion
5. How to Set Up Continuous Integration (CI) and Continuous Delivery (CD)
5.1 Continuous Integration (CI)
5.1.1 Dealing with Merge Conflicts
5.1.2 Preventing Breakages with Self-Testing Builds
5.1.3 Making Large Changes
Branch by abstraction
Feature toggles
5.1.4 Example: Run Automated Tests for Apps in GitHub Actions
5.1.5 Machine User Credentials and Automatically-Provisioned Credentials
Machine user credentials
Automatically-provisioned credentials
5.1.6 Example: Configure OIDC with AWS and GitHub Actions
5.1.7 Example: Run Automated Tests for Infrastructure in GitHub Actions
5.2 Continuous Delivery (CD)
5.2.1 Deployment Strategies
Core deployment strategies
Comparing core deployment strategies
Add-on deployment strategies
Comparing add-on deployment strategies
5.2.2 Deployment Pipelines
Example: configure an automated GitOps pipeline in GitHub Actions
Example: use a backend for OpenTofu state
Example: add IAM roles for infrastructure deployments in GitHub Actions
Example: define a pipeline for infrastructure deployments
5.2.3 Deployment Pipeline Recommendations
Automate all the steps that can be automated
Deploy only from a deployment server
Protect the deployment server
5.3 Conclusion
6. How to Work with Multiple Teams and Environments
6.1 Breaking Up Your Deployments
6.1.1 Why Deploy Across Multiple Environments
Isolating tests
Isolating products and teams
Reducing latency
Complying with local laws and regulations
Increasing resiliency
6.1.2 How to Set Up Multiple Environments
6.1.3 Challenges with Multiple Environments
Increased operational overhead
Increased data storage complexity
Increased application configuration complexity
6.1.4 Example: Set Up Multiple AWS Accounts
Create child accounts
Access your child accounts
Deploy into your child accounts
Use different configurations for different environments
Close your child accounts
6.2 Breaking Up Your Codebase
6.2.1 Why Break Up Your Codebase
Managing complexity
Isolating products and teams
Handling different scaling requirements
Using different programming languages
6.2.2 How to Break Up Your Codebase
Breaking a codebase into multiple libraries
Breaking a codebase into multiple services
6.2.3 Challenges with Breaking Up Your Codebase
Challenges with managing multiple code bases
Challenges with integration
Challenges with managing multiple services
6.2.4 Example: Deploy Microservices in Kubernetes
Creating a backend sample app
Creating a frontend sample app
6.3 Conclusion
7. How to Set Up Networking
7.1 Public Networking
7.1.1 Public IP Addresses
7.1.2 Domain Name System (DNS)
7.1.3 Example: Register and Configure a Domain Name in Amazon Route 53
Register a domain name
Deploy EC2 instances
Configure DNS records
7.2 Private Networking
7.2.1 Physical Private Networks
Only authorized devices may connect to the private network
The private network uses private IP address ranges
The private network defines connectivity rules
Most devices in a private network access the public Internet through a gateway
7.2.2 Virtual Private Networks
Virtual networks in the cloud
Virtual networks in orchestration tools
Example: Create a VPC in AWS
7.3 Accessing Private Networks
7.3.1 Castle-and-Moat Model
7.3.2 Zero-Trust Model
7.3.3 SSH
How to use SSH
Example: SSH bastion host in AWS
7.3.4 RDP
How to use RDP
7.3.5 VPN
How to use VPN
7.4 Service Communication in Private Networks
7.4.1 Service Discovery
Service discovery tools
Service discovery tool comparison
7.4.2 Service Communication Protocol
Common protocols
Key factors to consider
7.4.3 Service Mesh
7.4.4 Example: Istio Service Mesh with Kubernetes Microservices
7.5 Conclusion
8. How to Secure Communication and Storage
8.1 Cryptography Primer
8.1.1 Encryption
Symmetric-key encryption
Asymmetric-key encryption
Hybrid encryption
Example: encryption and decryption with OpenSSL
8.1.2 Hashing
Verifying the integrity of messages and files
Message authentication codes (MAC)
Authenticated encryption
Digital signatures
Example: file integrity, HMAC, and signatures with OpenSSL
8.2 Secure Storage
8.2.1 Secrets Management
Personal secrets
Infrastructure secrets
Customer secrets and password storage
8.2.2 Encryption at Rest
Full-disk encryption
Data store encryption
Application-level encryption
8.3 Secure Communication
8.3.1 Transport Layer Security (TLS)
8.3.2 Example: HTTPS with LetsEncrypt and AWS Secrets Manager
Get a TLS certificate from LetsEncrypt
Store the TLS certificate in AWS Secrets Manager
Deploy EC2 instances that use the TLS certificate
8.3.3 End-to-End Encryption
What encryption key do you use for E2E encryption?
What data needs to be E2E encrypted and what doesn’t?
How do you establish trust with E2E-encrypted software?
8.4 Conclusion
9. How to Store Data
9.1 Local Storage: Hard Drives
9.2 Primary Data Store: Relational Databases
9.2.1 Reading and Writing Data
9.2.2 ACID Transactions
9.2.3 Schemas and Constraints
9.2.4 Example: PostgreSQL, Lambda, and Schema Migrations
Create an OpenTofu module
Create schema migrations
Create the Lambda function
9.3 Caching: Key-Value Stores and CDNs
9.3.1 Key-Value Stores
9.3.2 CDNs
9.4 File Storage: File Servers and Object Stores
9.4.1 File Servers
9.4.2 Object Stores
9.4.3 Example: Serving Files With S3 and CloudFront
Create an S3 bucket configured for website hosting
Upload static content to the S3 bucket
Deploy CloudFront as a CDN in front of the S3 bucket
9.5 Semi-Structured Data and Search: Document Stores
9.5.1 Reading and Writing Data
9.5.2 ACID Transactions
9.5.3 Schemas and Constraints
9.6 Analytics: Columnar Databases
9.6.1 Columnar Database Basics
9.6.2 Analytics Use Cases
9.7 Asynchronous Processing: Queues and Streams
9.7.1 Message Queues
9.7.2 Event Streams
9.8 Scalability and Availability
9.8.1 Relational Databases
Replication
Partitioning
9.8.2 NoSQL and NewSQL Databases
9.8.3 Distributed Systems
9.9 Backup and Recovery
9.9.1 Backup Strategies
Scheduled disk backups
Scheduled data store backups
Continuous data store backups
Data store replication
9.9.2 Backup Recommendations
9.9.3 Example: Backups and Read Replicas with PostgreSQL
9.10 Conclusion
10. How to Monitor Your Systems
10.1 Logs
10.1.1 Log Levels
10.1.2 Log Formatting
10.1.3 Structured Logging
10.1.4 Log Files and Rotation
10.1.5 Log Aggregation
10.2 Metrics
10.2.1 Types of Metrics
Availability metrics
Business metrics
Application metrics
Server metrics
Team metrics
10.2.2 Using Metrics
Collect metrics (instrumentation)
Store metrics
Visualize and analyze metrics
10.2.3 Example: Metrics in CloudWatch
10.3 Events
10.3.1 Observability
10.3.2 Tracing
10.3.3 Testing in Production (TIP)
10.4 Alerts
10.4.1 Triggers
10.4.2 Notifications
10.4.3 On-Call
10.4.4 Incident Response
10.4.5 Example: Alerts in CloudWatch
10.5 Conclusion
11. The Future of DevOps and Software Delivery
11.1 Infrastructureless
11.2 Generative AI
11.3 Secure by Default
11.4 Platform Engineering
11.5 The Future of Infrastructure Code
11.6 Conclusion

The book's table of contents, with hands-on examples highlighted.

A book on weight lifting can teach you principles, routines, and exercises, but it's only after you spend hours in the gym practicing, sweating, and applying what you learned that you'll be able to lift serious weight. Likewise, this book will teach you principles, techniques, and tools of DevOps and software delivery, but it's only after you spend hours writing code, debugging systems, and applying what you learned that you'll be able to achieve serious results.

That's what the dozens of hands-on code examples in this book are for. Instead of only reading, you get to learn by doing, following the step-by-step instructions to write and run a lot of code. You can find the sample code for the book in this GitHub repo.

Buy now

Fundamentals of DevOps and Software Delivery Early Release

The Early Release of Fundamentals of DevOps and Software Delivery is now available at O'Reilly! Grab a copy of the ebook before the final version is done, so you can start learning today, receive new chapters as they are written, and provide feedback directly to the author to help shape the book:

Buy Fundamentals of DevOps and Software Delivery on O'Reilly

Not an O'Reilly subscriber? Get a 30-day trial free with this link!

If you prefer to wait for the print version, you can pre-order the book now at the following stores:

Buy Fundamentals of DevOps and Software Delivery on Amazon
Buy Fundamentals of DevOps and Software Delivery on Barnes & Noble
Buy Fundamentals of DevOps and Software Delivery on Target
Buy Fundamentals of DevOps and Software Delivery on Adlibris

Learning resources and tools

Learning resources (books, talks, articles, courses) and tools related to each chapter of the book:

Chapter 1: How to Deploy Your App
Chapter 2: How to Manage Your Infrastructure as Code
Chapter 3: How to Manage Your Apps Using Orchestration Tools
Chapter 4: How to Version, Build, and Test Your Code
Chapter 5: How to Set Up CI and CD
Chapter 6: How to Work with Multiple Teams and Environments
Chapter 7: How to Set Up Networking
Chapter 8: How to Secure Communication and Storage
Chapter 9: How to Store Data
Chapter 10: How to Monitor Your Systems
Chapter 11: The Future of DevOps and Software Delivery

Blog posts

Blog posts, appendices, and other useful information related to the book.

How to manage state and environments with OpenTofu

How to manage state and environments with OpenTofu

· 18 min read

Learn about OpenTofu's powerful features for managing state, and how they differ from Terraform, including how to store state, encrypt state, and how to manage state across multiple environments.

How to authenticate to AWS with IAM Identity Center

How to authenticate to AWS with IAM Identity Center

· 11 min read

Learn the modern and secure way to authenticate to AWS, both on the web and the command line, using IAM Identity Center.

Learn Git and GitHub in 15 Minutes

Learn Git and GitHub in 15 Minutes

· 15 min read

Learn the basics of Git and GitHub in 15 minutes with this hands-on tutorial. Topics include version control, repositories, branches, commits, merges, pull requests, and more.

News

Subscribe to the Foundations of DevOps Newsletter! Get the latest news, blog posts, and talks on DevOps and software delivery. No spam, ever.

The early release and pre-orders are now available!

The early release and pre-orders are now available!

The early release is now available at O'Reilly Media! Grab a copy of the ebook before the final version is done so you can start learning today, and receive new chapters and updates as they are written, plus the final ebook bundle when the book is released. If you prefer to wait for the final version, you can preorder the book at online stores now!

Get the early release or pre-order now! »