Cloud-Native DevOps. Building Scalable and Reliable Applications 2024 (Mohammed Ilyas Ahmed) (z-library.sk, 1lib.sk, z-lib.sk)

Cloud-Native DevOps Building Scalable and Reliable Applications Mohammed Ilyas Ahmed Apress*

Cloud-Native DevOps Building Scalable and Reliable Applications Mohammed Ilyas Ahmed Apress'

Cloud-Native DevOps: Building Scalable and Reliable ApplicationsMohammed Ilyas AhmedBoston, MA, USAISBN-13 (pbk): 979-8-8688-0406-9 ISBN-13 (electronic): 979-8-8688-0407-6https://doi.org/10.1007/979-8-8688-0407-6 Copyright © 2024 by Mohammed Ilyas AhmedThis work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically, the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.While the advice and information in this book are believed to be true and accurate at the date of publication, neither die authors nor die editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, widi respect to die material contained herein.Managing Director, Apress Media LLC: Welmoed SpahrAcquisitions Editor: Celestin Suresh JohnDevelopment Editor: Laura BerendsonCoordinating Editor: Gryffln WinklerCover designed by eStudioCalamarCover image by Enrique from Pixabay (www.pixabay.com)Distributed to the book trade worldwide by Apress Media, LLC, 1 New York Plaza, New York, NY 10004, U.S.A. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.For information on translations, please e-mail booktranslations@springernature.com; for reprint, paperback, or audio rights, please e-mail bookpermissions@springemature.com.Apress tides may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales web page at http://www.apress.com/bulk-sales.Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub (https://www.apress.com/gp/services/source-code). For more detailed information, please visit https://www.apress.com/gp/services/source-code.If disposing of titis product, please recycle the paper

To my beloved parents, Fareeda Tabassum and Mohammed AltafAhmed, Your unwavering love, guidance, and sacrifices have shaped every step of my journey. Your endless support and belief in my abilities have been a constant source of strength. I am forever grateful for the values you have instilled in me and the lessons you have taught me. Thank you for being my steadfast pillars of strength, for teaching me resilience, and for shaping the person I am today. This achievement is as much yours as it is mine. With heartfelt gratitude and endless love, —Mohammed Ilyas Ahmed

Table of Contents About the Author.......................................................................................... xv About the Technical Reviewer................. xvii Chapter 1: Unveiling the Cloud-Native Paradigm.....................................1 Pre-cloud Era..............................................................................................................2 Evolution of Cloud Native...........................................................................................3 Shift from Mainframe Computing to a Cloud-Native Approach........................ 4 Advantages of Cloud-Native Computing over Mainframe................................. 5 Disadvantages of Cloud-Native Computing over Mainframe............................ 6 The Twelve-Factor App........................................................................................ 8 Introduction and Understanding of Cloud Native...................................................14 What Is CNCF?....................................................................................................15 Core Pillars of Cloud Native...............................................................................15 Containerization..................................................................................................16 Continuous Integration and Delivery................................................................ 17 Serverless Computing....................................................................................... 17 Advantages of Serverless Cloud Computing.....................................................18 Popular Serverless Computing Platforms.........................................................18 Disadvantages of Serverless Cloud Computing............................................... 19 Cloud Concept....................................................................................................20 Key Features of a Public Cloud..........................................................................21 Downside of Public Cloud..................................................................................22 Key Features of a Private Cloud.........................................................................23 v

TABLE OF CONTENTS Downside of Private Cloud.................................................................................24 Key Features of Hybrid Cloud............................................................................26 Downside of Hybrid Cloud.................................................................................27 Differences Between laaS, PaaS, and SaaS......................................................27 Cloud Native Maturity Model (CNMM)...............................................................35 Layers of Cloud-Native Landscape................................................................... 37 Provisioning Layer..............................................................................................38 Runtime Layer....................................................................................................38 Orchestration and Management Layer.............................................................40 Application Definition and Development Layer................................................ 42 Summary...................................................................................................................43 Chapter 2: Cloud-Native DevOps Architectural Overview.....................45 Introduction to DevOps in Cloud-Native Environment...........................................46 What Is DevOps?.................................................................................................47 Principles of DevOps...........................................................................................48 7C’s of DevOps Life Cycle..................................................................................48 Continuous Development...................................................................................49 Continuous Integration...................................................................................... 49 Continuous Testing.............................................................................................49 Continuous Deployment.....................................................................................50 Benefits of Infrastructure Automation..............................................................51 Continuous Feedback........................................................................................ 52 Continuous Monitoring...................................................................................... 53 Continuous Operations...................................................................................... 53 Kubernetes Scalability.............................................................................................53 What Is Kubernetes?......................................................................................... 54 Fundamental Architecture of Kubernetes Cluster............................................54 vi

TABLE OF CONTENTS Master Node.......................................................................................................55 Worker Node.......................................................................................................56 Hardened Installation of Kubernetes...................................................................... 57 Perform the Following Steps on Master Node.......................................................58 Perform the Following Steps on the Worker Node...........................................62 Kube-bench for Security of Kubernetes Cluster.............................................. 62 Steps to Set Kube-bench on Your Nodes..........................................................63 Scaling of Kubernetes....................................................................................... 64 Recommended Practices for Kubernetes Scaling...........................................64 Manual Scaling...................................................................................................66 What Is Autoscaling?......................................................................................... 68 Kubernetes Autoscaling.....................................................................................68 Horizontal Pod Autoscaling (HPA)..................................................................... 68 Description of Each Attribute Described in the Preceding YAML File............72 Vertical Pod Autoscaling (VPA)...........................................................................74 Comparison of Monolithic and Public Managed Kubernetes Cluster...................76 Summary...................................................................................................................79 Chapter 3: Security in Cloud-Native Applications with a Shift-Left Approach...... ...............................................................................81 Introduction to Shift-Left Security in Cloud Native............................................... 82 Shift-Left Secure Right...................................................................................... 84 Risk from Third-Party Components.................................................................. 86 Embracing Technologies to Shift Left...............................................................87 Security Testing with Shift-Left Approach........................................................94 Benefits of Shift-Left Strategy...........................................................................99 Infrastructure as Code (laC) and Security............................................................101 Role of laC in Cloud Native..............................................................................101 Security Strategy Using laC for Organizations............................................... 103 vii

TABLE OF CONTENTS Tools for laC Security....................................................................................... 104 laC with Terraform............................................................................................105 Terraform Working............................................................................................106 Terraform Architecture....................................................................................108 laC Tools............................................................................................................109 Value Proposition of laC Tools..........................................................................112 Best Practices for laC...................................................................................... 114 Securing API in Early Stages.................................................................................116 Common API Risk Factors...............................................................................118 What Is API Security Testing?..........................................................................123 Securing API Using Pynt..................................................................................124 Working of Pynt................................................................................................124 Pynt Setup........................................................................................................ 126 Pynt Security Testing.....................................................................................127 Summary.................................................................................................................133 Chapter 4: CI/CD Pipeline in Cloud-Native DevOps............................ 135 Overview of CI/CD..................................................................................................136 C1/CD Principles...............................................................................................137 Principles of Continuous Integration..............................................................138 Principles of Continuous Delivery................................................................... 139 CI/CD Pipeline Stages...................................................................................... 141 Source Stage....................................................................................................142 Build Stage.......................................................................................................144 Test Stage......................................................................................................... 146 Deploy Stage....................................................................................................148 CI/CD Best Practices in Cloud Native..............................................................150 Benefits of CI/CD in Cloud-Native DevOps......................................................155 viii

TABLE OF CONTENTS Integration of Version Control................................................................................158 Version Control Overview................................................................................158 CI/CD Build Tool Implementation.................................................................... 160 Cloud-Agnostic in CI/CD Pipeline..........................................................................161 CI/CD Pipeline Using Jenkins...........................................................................162 Security in CI/CD....................................................................................................167 Threats in CI/CD................................................................................................168 Automated Tools for Securing CI/CD Pipeline................................................ 170 Securing a CI/CD Pipeline: Recommended Approaches................................173 Summary.................................................................................................................177 Chapter 5: Open-Source Tools for Cloud-Native DevOps..................179 Overview of Open-Source Tools in Cloud Native................................................180 Argo Streamlining Workflows................................................................................190 Getting Started with Argo................................................................................191 Concepts of Argo CD.........................................................................................192 Implementation of Argo Workflows Using Custom Kubernetes Resources.................................................................................... 193 Implementation of CI/CD Through Argo Workflows........................................194 Integration of Argo CD and Kubernetes..........................................................195 Kubeflow Pipelines................................................................................................201 Kubeflow Overview...........................................................................................202 Kubeflow Principles......................................................................................... 206 Kubeflow Pipelines...........................................................................................207 Kubeflow in Cloud Native Applications...........................................................208 Future Trends in Cloud-Native DevOps Tools.......................................................211 DataOps............................................................................................................ 212 AIOps (Artificial Intelligence for IT Operations).............................................. 212 Hyperautomation..............................................................................................212 ix

TABLE OF CONTENTS Adoption of Cloud-Native Technologies..........................................................213 Infrastructure as Code (laC) Management......................................................213 Artificial Intelligence (Al) Evolution.................................................................213 Security and Compliance.................................................................................214 Collaboration Between DevOps Teams...........................................................214 Fresh Dimension in Quantum Computing.......................................................214 Adapting to Change......................................................................................... 215 Artificial Intelligence for IT Operations (AIOps)............................................... 215 ChatOps............................................................................................................ 215 GitOps................................................................................................................216 No Operations (NoOps)....................................................................................216 Summary.................................................................................................................216 Chapter 6: Scalability and Autoscaling Strategies............................219 Scaling Principles in Cloud-Native Applications................................................. 220 Utilizing Automation in Cloud-Native Architecture.........................................221 Several Key Areas Within Cloud-Native Architecture Are Ripe for Automation..................................................................................223 Multi-cloud Strategies...........................................................................................231 Reactive and Preemptive Scaling................................................................... 233 Reactive Scaling...............................................................................................234 Preemptive Scaling...........................................................................................235 Cloud Native for Edge Computing................................................................... 236 Autoscaling Implementation in AWS.................................................................... 246 Benefits of Autoscaling....................................................................................249 Steps to Create Autoscaling............................................................................251 Future Trends in Scalability and Autoscaling.......................................................261 Machine Learning-Driven Autoscaling............................................................261 Serverless Architectures and Event-Driven Scaling......................................261 x

TABLE OF CONTENTS Edge Computing and Distributed Scaling.......................................................262 Hybrid and Multi-cloud Scalability.................................................................262 Cost-Efficient Autoscaling Strategies.............................................................263 Summary.................................................................................................................263 Chapter 7: Collaborative Development in the Cloud Native.............265 Enabling Collaboration Between Developers and Operations............................ 266 DevOps Culture.................................................................................................267 Agile and Scrum Methodology in Cloud Native................................................... 271 Benefits of Agile Methodology.........................................................................275 Roles in Scrum.................................................................................................277 Artifacts in Scrum.............................................................................................279 Optimizing Cloud-Based Data Flow...................................................................... 281 Data Pipeline Architecture Factors.................................................................288 Prioritize Compliance in the Initial Stage........................................................290 Best Practices in Data Pipeline Architecture................................................. 291 Consider Future Growth When Planning for Performance and Scalability..................................................................................................292 ETL Processes and Supply Chain Management...................................................294 Transition from on-prem to ETL...................................................................... 295 Securing Cloud-Integrated Logistics Operations...........................................298 Capabilities of Cloud Computing in Supply Chain Management...................300 Summary.................................................................................................................305 Chapter 8:1 AM Security in Cloud-Native Environment....................... 307 IAM Fundamentals in Cloud-Native Environments.............................................. 308 Foundational Elements of Cloud-Native IAM Infrastructure......................... 308 Fundamental Pillars of IAM.............................................................................314 IAM Components..............................................................................................320 xi

TABLE OF CONTENTS Least Privileges Principles..............................................................................322 Implementation of Least Privileges................................................................323 1AM Best Practices for Service Accounts and API Access...................................326 Key Components of User Management in Cloud-Native Applications......... 326 Implementation of User Management in Cloud Native..................................329 Secure Handling of API Keys...........................................................................332 Least Privilege for Service Accounts..............................................................336 Difficulties Associated with Service Accounts............................................... 336 Best Practices for Managing Service Accounts.............................................339 1AM Governance and Policy Management in Cloud Native..................................342 Governance.......................................................................................................342 Risk Management.............................................................................................343 Compliance.......................................................................................................344 1AM Standards..................................................................................................345 Building Concrete 1AM.....................................................................................350 Summary.................................................................................................................353 Chapter 9: Threat Analysis for Cloud-Native Deployments................ 355 Understanding Cloud-Native Security Challenges.............................................. 356 Type of Threats in Cloud Native...................................................................... 360 Challenges in Cloud-Native Security.................................................................... 363 3R’s of Cloud-Native Security..........................................................................366 Security Controls in Cloud Native................................................................... 369 Threat Vectors in Microservices Architectures.....................................................374 Threat Modeling with STRIDE..........................................................................374 Security Testing and Validation.............................................................................377 Red Teaming in Cloud Native...........................................................................377 Implementation Steps.....................................................................................379 xii

TABLE OF CONTENTS Best Practices in Cloud-Native Security..............................................................380 Conduct Due Diligence....................................................................................382 Audit and Improve Configurations..................................................................382 Security Controls and Countermeasures.............................................................382 Key Management in Cloud Native................................................................... 385 Summary.................................................................................................................387 Chapter 10: Future Trends in Cloud Native............................................389 Serverless Computing and Function as a Service (FaaS)...................................390 Benefits of Serverless Computing.................................................................. 391 Function as a Service (FaaS)...........................................................................394 Benefits of FaaS...............................................................................................395 Best Practices for FaaS...................................................................................397 Key Challenges in Serverless Computing............................................................398 Al and Machine Learning Integration Intersection in Cloud Native....................401 Challenges and Considerations Implementing Al in Cloud Native................405 Challenges in Security and Compliance.........................................................405 Complexity in Deployment and Model Training.............................................. 406 Obstacles in Data Integration..........................................................................406 Scalability Management..................................................................................407 Best Practices of Integrating AI/ML in Cloud Native......................................407 Evolution of Containerization Technologies Beyond Docker and Kubernetes.... 410 The Rise of No-Code/Low-Code Platforms in DevOps Workflows......................419 Benefits of No Code and Low Code................................................................. 420 Use of No Code and Low Code.........................................................................423 Summary.................................................................................................................425 Index............................................................................................... 427 xiii

About the Author Mohammed Ilyas Ahmed is an industry professional with extensive expertise in security within the DevSecOps domain, where he diligently works to help organizations bolster their security practices. With a fervent dedication to enhancing security posture, Mohammed's insights and guidance are invaluable to those navigating the complex landscape of DevSecOps. In addition to hisinvolvement in industry events, Mohammedis an active speaker and judge, lending his expertise to technical sessionsat prestigious conferences. His commitment to advancing knowledge is evident through his research contributions at Harvard University, where he contributes to journal publications, enriching the academic discourse surrounding security practices, and, as a distinguished member of the Harvard Business Review Advisory Council, underscores his commitment to advancing knowledge and fostering collaboration between academia and industry.Mohammed Ilyas Ahmed’s influence extends even further as a Member of the Global Advisory Board at VigiTrust Limited, based in Dublin, Ireland. This additional role highlights his international reach and his involvement in shaping global strategies for cybersecurity and dataprotection. xv

ABOUT THE AUTHORMohammed's dedication to excellence is further highlighted by his numerous certifications, which serve as a testament to Iris proficiency and depth of knowledge in the security domain. However, beyond his professional pursuits, Mohammed is a multi-faceted individual with a diverse range of interests, adding richness to his character and perspective. From thought to action: Grow through what you go through. Also add some spacing between my bio and this quote and justify as center xvi

About the Technical Reviewer Shivakumar R. Goniwada is a renowned author, an inventor, and a technology leader with more than 25 years of experience in architecting cutting-edge cloud-native, data analytics, and event-driven systems. He currently holds a position as Chief Enterprise Architect at Accenture, where he leads a team of highly skilled technology enterprise and cloud architects. Throughout his career, Shivakumar has successfully lednumerous complex projects across various industries and geographicallocations. His expertise has earned him ten software patents in areas such as cloud computing, polyglot architecture, software engineering, and loT. He is a sought-after speaker at global conferences and has made significant contributions to the field through his publications. Shivakumar holds a degree in technology architecture and certifications in Google Professional, AWS, and data science. He also completed an Executive MBA at the prestigious MIT Sloan School of Management. His notable books include Cloud-Native Architecture and Design, Introduction to Datafication, and Introduction to One Digital Identity, all published by Apress. xvii

CHAPTER 1 Unveiling the Cloud- Native Paradigm "Unveiling Cloud-Native: Embracing the future with digi­ tal brilliance!"Welcome, fearless explorer. As we embark on our journey into the Cloud-Native DevOps realm, remember our motto: "Go Native, Go Cloud!" It’s not just a saying; it’s a guiding principle for those who dream of taking applications to new heights, much like your caffeine levels during those late-night coding sessions.Cloud-Native DevOps isn’t just the support crew; it’s the star of the tech stage, delivering a performance with the precision of a finely tuned machine. Get ready for an adventure that's not just about adaptation but a fast-paced journey into digital excellence, seamlessly creating, deploying, and scaling applications like a top-tier show on opening night.In the ever-evolving digital landscape, businesses are leveraging cloud-native technologies to develop and deploy applications at unprecedented speeds. It’s like having a powerful toolkit for creating, deploying, and scaling applications efficiently.Containers are our versatile tools, designed to handle every shift and change in the cloud environment. Microservices are the efficient building blocks, fine-tuning our applications with perfect precision. And automation? It's the backbone of our operations, ensuring our code © Mohammed Ilyas Ahmed 2024 [M. I. Ahmed, Cloud-Native DevOps, https://doi.org/10.1007/979-8-8688-0407-6_l

CHAPTER 1 UNVEILING THE CLOUD-NATIVE PARADIGMperforms brilliantly from the start. Whether you're an experienced tech professional or new to the field, this chapter promises an insightful and engaging journey through orchestration, microservices, and tire fast-paced process of continuous integration and continuous delivery (CI/CD). So, prepare your code, because in the Cloud-Native DevOps arena, the only thing more impressive than our applications is the pace of innovation. Get ready to code your way to success in the dynamic world of digital innovation!In this chapter, we will be encompassing the following foundational topics:• Pre-cloud Era• Evolution of Cloud Native• Introduction and Understanding of Cloud Native Pre-cloud EraBefore we dive into the cloud native, ever thought about how computing functioned before the cloud? Let’s turn the clock back. Organizations relied on traditional infrastructure, in other words, on-prem IT infrastructure, where they used to have physical servers installed on their own building called data centers.A number of intricate factors must be taken into account when establishing and managing a conventional data center. It is necessary to safeguard the physical space, either by acquiring new locations or by securing existing data centers. The often-overlooked electric power requirements force large-scale server array planning, make sure power conduits are adequate, and include backup generators for operational resilience. Physical security, which includes key/badged access points, 2

CHAPTER 1 UNVEILING THE CLOUD-NATIVE PARADIGMsurveillance tools, and security personnel, is crucial in enterprise deployments. There are obstacles associated with network connectivity, such as the need for redundant connections and possible infrastructure expansion by Internet service providers, contingent upon governmental approvals.Because of the heat produced by equipment, cooling solutions are essential; some data centers have passive cooling systems. Last but not least, from ordering to testing, the procurement, setup, and utilization of physical hardware including network, computer, and storage components demand a substantial number of resources. The complete data center infrastructure must be designed, ordered, installed, and run simultaneously, requiring a sizable workforce.Businesses now enjoy greater convenience because they don't have to worry about buying and maintaining servers. They can choose to save money by renting resources from cloud providers instead. With this approach, they can readily adapt their resources to meet their demands at any given time, and geographical barriers no longer limit access to data and applications. Evolution of Cloud NativeIn the swiftly changing realm of technology, the rise of cloud-native architecture has transformed the approach to developing, deploying, and managing applications. Leveraging the capabilities of cloud computing services and principles, cloud-native architecture stands as a pivotal driver for augmenting the scalability, reliability, and agility of contemporary applications. Embedded in the fundamental tenets of resilience and adaptability, this architectural paradigm serves as the foundation for pioneering technological advancements in the digital domain. Orchestration tools like Kubernetes further streamlined the deployment 3

CHAPTER 1 UNVEILING THE CLOUD-NATIVE PARADIGMand management of containerized applications, marking a pivotal moment in the cloud-native landscape. As the landscape continues to evolve, organizations are poised to harness the full potential of cloud­native architectures to meet the ever-changing demands of the digital era. Shift from Mainframe Computing to a Cloud-Native ApproachThe transition from mainframe computing to a cloud-native approach is a significant trend in the IT industry, driven by the need for greater agility, scalability, and cost-efficiency. Mainframes have long been the backbone of enterprise computing, providing reliable and secure processing for mission-critical applications. However, their rigid architecture and high cost of ownership have made them less appealing in an increasingly dynamic and cost-conscious IT landscape (Figure 1-1). Cloud Native Physical Servers • Unit of scale. Physical servers • Monolithic Applications 1980s Virtual mach ne Serverless • Unit of scale: Machine • Hardware Virtualization Container Engine • Unit of scale: Application • OS Virtualization Unit of scale: Functions Application Runtime Virtualization 2000s Early 2010s Late 2010s Figure 1-1. From mainframe computing to a cloud-native approach 4