Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOps-Next-Gen.pdf

Serkan Bingöl
December 01, 2022
12

 DevOps-Next-Gen.pdf

Serkan Bingöl

December 01, 2022
Tweet

Transcript

  1. DevOps is a culture and a way of working whereby

    developers and operations engineers work as one team to achieve a common goal. DevOps is set of best practices that enable substantially faster, more ef f icient, and more agile delivery of high-quality software. Keys : Plan , Code , Build , Test , Release , Deploy , Operate , Monitor
  2. WTF is SRE? Site reliability engineering (SRE) is a set

    of principles and practices that incorporates aspects of software engineering and applies them to infrastructure and operations problems. Toils SLI/SLO/SLA On-call Postmortem Incident Response
  3. Skills needed in DevOps Roles The questions always comes up

    , “Where do I start ?” , “ What skills do I need ? ” , “What skills are sufficient to start applying for jobs ? ” , “What skills are nice to have ? ” etc. Foundational Knowledge Linux fundamentals Basic Programming Skills Git Networking Fundamentals Cloud Platform Fundamentals Technical Skills Continuous Integration Continuous Delivery & Deployment Containers Container Orchestration Everything as Code (EaC) SRE Security Non-Technical Skills DevOps Culture & Organization Communication Agile Lean
  4. Security Patterns : Old Path Vs. New Path •Embrace Secrecy

    •Just Pass Audit! •Enforce Stability •Build a Wall •Slow Validation •Certainly Testing •Test When DONE ! •Process Driven •Create Feedback Loops •Compliance adds Value •Create Chaos •Zero Trust Networks •Fast and Non-Blocking •Adversity Testing •Shift Left •The Paved Road
  5. Patterns: Infrastructure Planning ✘Subscription per environment ✘Apply policies to control

    transparently and proactively ✘ Security Center ON from day 1 ✘Infrastructure as code. Period ✘ Production ONLY for CI/CD pipelines ✘ CI/CD pipeline is a heart of security
  6. Patterns: Watch Every Step • Threat modeling • IDE Security

    plugins • Pre-commit hooks • Peer review • Static code analysis • Security unit tests • Container Security • Dependency management • IaC • Security scanning • Cloud configuration • Security acceptance tests • Security smoke tests • Security Configuration • Secret Management • Server Hardening • Continuous monitoring • Threat intelligence • Penetration Testing • Blameless postmortems
  7. SRE Trends & Challenges SRE approach di ff ers in

    being more proactive and working closely with developer teams, in order to guide them to take the necessary architectural decisions for the software stack. 
 SRE team will analyze the toils and proactively seek ways, either to eliminate or automate them. Besides, creating blameless Port-Mortems, which is a part of an SRE approach, is a must to continuously improve the production environment and take necessary lessons.