Professional Documents
Culture Documents
Full Ebook of Practical Gitops Infrastructure Management Using Terraform Aws and Github Actions 1St Edition Rohit Salecha Online PDF All Chapter
Full Ebook of Practical Gitops Infrastructure Management Using Terraform Aws and Github Actions 1St Edition Rohit Salecha Online PDF All Chapter
https://ebookmeta.com/product/reverse-engineering-with-terraform-
an-introduction-to-infrastructure-automation-integration-and-
scalability-using-terraform-1st-edition-sumit-bhatia/
https://ebookmeta.com/product/hands-on-github-actions-1st-
edition-chaminda-chandrasekara/
https://ebookmeta.com/product/learning-github-actions-automation-
and-integration-of-ci-cd-with-github-1st-edition-brent-laster/
https://ebookmeta.com/product/learning-github-
actions-1-converted-edition-brent-laster/
Architecting AWS with Terraform 1st Edition Erol Kavas
https://ebookmeta.com/product/architecting-aws-with-
terraform-1st-edition-erol-kavas/
https://ebookmeta.com/product/cambridge-igcse-and-o-level-
history-workbook-2c-depth-study-the-united-states-1919-41-2nd-
edition-benjamin-harrison/
https://ebookmeta.com/product/terraform-up-and-running-writing-
infrastructure-as-code-3rd-edition-yevgeniy-brikman/
Practical
GitOps
Infrastructure Management Using
Terraform, AWS, and GitHub Actions
—
Rohit Salecha
Practical GitOps
Infrastructure Management
Using Terraform, AWS,
and GitHub Actions
Rohit Salecha
Practical GitOps: Infrastructure Management Using Terraform, AWS, and
GitHub Actions
Rohit Salecha
Mumbai, India
Preface���������������������������������������������������������������������������������������������xvii
iii
Table of Contents
iv
Table of Contents
v
Table of Contents
vi
Table of Contents
vii
Table of Contents
viii
Table of Contents
7.7 Application��������������������������������������������������������������������������������������������������304
7.7.1 Namespace�����������������������������������������������������������������������������������������305
7.7.2 Deployment����������������������������������������������������������������������������������������306
7.7.3 NodePort Service��������������������������������������������������������������������������������309
7.7.4 Ingress������������������������������������������������������������������������������������������������310
7.7.5 Kubernetes Provider���������������������������������������������������������������������������313
7.7.6 Variables���������������������������������������������������������������������������������������������314
7.7.7 Default Environment���������������������������������������������������������������������������315
7.8 Execution����������������������������������������������������������������������������������������������������316
7.8.1 Setting Up the EKS Cluster�����������������������������������������������������������������316
7.8.2 Accessing the EKS Cluster������������������������������������������������������������������318
7.9 Clean-Up�����������������������������������������������������������������������������������������������������320
7.10 Conclusion������������������������������������������������������������������������������������������������320
ix
Table of Contents
x
Table of Contents
xi
Table of Contents
Index�������������������������������������������������������������������������������������������������519
xii
About the Author
Rohit Salecha is a technology geek who loves
to explore anything that runs and understands
binary. As a security engineer, he is passionate
about learning the length, breadth, and depth
of technology.
Being more on the defensive side, he has
evangelized secure software development at
various organizations for more than a decade.
He is ridiculously driven by the “everything
as code” mantra and strongly believes that
the security team must strive toward making
themselves irrelevant.
In his free time, he is either reading books or watching movies. He is a
fitness freak who loves to jog, swim, and cycle on different terrains.
xiii
About the Technical Reviewers
Gaurav Raje is a Senior Product Manager at Amazon in the Returns,
ReCommerce, and Sustainability group. Previously, he was an Experience
Owner Lead at USAA where he led an Agile team and actively monitored
the backlog by discussing product features with a cross-functional team
including IT, Legal and Compliance, and Leadership. He implemented
features that provided automated solutions and reduced the manual
dependency on USAA’s customer fulfillment centers.
Prior to joining USAA, Gaurav was a Manager at PwC Consulting,
where his main projects consisted of performing gap assessments of small
Asian banks by reviewing their procedures, resources, and technology and
facilitating workshops with client stakeholders as necessary; subsequently,
he produced recommendations (procedural enhancements and a
technology implementation) to address the gaps; these recommendations
resulted in future sales opportunities.
Gaurav holds an MBA from Georgetown University and a BS in
electrical and computer engineering from the University of Colorado at
Boulder.
xv
Preface
In 2018, I heard the term “Kubernetes” for the first time, and the only
understanding I had of AWS was that we can run machines in the cloud
that can be accessed from anywhere. Being in the security domain, hearing
new technology terms and learning about these technologies has been an
undying passion of mine.
It took me two years to understand DevOps, and I created a small
hobby project called Practical DevOps lab (www.rohitsalecha.com/
project/practical_devops/) to help people understand the core
underlying technologies that make up the umbrella term.
After completing this, I asked myself what’s next?
So I decided to level up, and the result is this book. I wanted to explore
cloud and cloud-native technologies like AWS and Kubernetes and how
they can be set up using Infrastructure as Code like Terraform.
I wouldn’t say that I am an expert at any of these technologies
because that was never my aim. My aim was to have a basic hands-
on understanding of them, and in this book, I am sharing that limited
knowledge that I have because being from the security domain, it’s my
job to help organizations secure their assets, but if I don’t have a basic
understanding of what they are, then I wouldn’t be doing my job well.
Since this is a totally practical and hands-on book, it would be
recommended to use it as an ebook as it’ll help in working faster. We’ll
be dealing with technologies like AWS Route53, AWS EKS (Kubernetes),
and AWS ELB, which do not fall under the free tier categories, and hence,
there’ll be charges (>$15) associated when you execute the code provided
in this book.
xvii
CHAPTER 1
What Is GitOps?
1.1 The Era of DevOps
Businesses today have expanded into different horizons and industries
with the enablement of technology. Today, we have folks delivering food at
home by simply placing an order on an application in a hand-held device
and streaming your favorite movie/sitcom on whatever device you wish to
see. All these have been possible because people are exploring different
ways to solve real-world problems with the help of technology.
An interesting question to ask at this juncture is who is pushing whom?
Is it that new ways to do business are pushing technology to the edge or is
it because we have high-end technology that businesses are thriving? This
is a typical chicken-and-egg question as to which came first: the egg or the
chicken?
Frankly speaking, it doesn’t matter who is pushing whom, but one
thing purely common between the two is “agility”; everyone wants things
to be done faster. But then going fast can be risky, and hence, people
also look for stability. Gone are the days when system administrators
would cut-short their holidays to support the festive surges. Thanks to
technology platforms like AWS (Amazon Web Services) and the like, which
are also popularly known as cloud computing platforms, businesses and
technology can achieve speed with resilience and reliability.
This culture of being able to deliver software with agility and reliability
gave rise to the term which we call “DevOps.” The influence that the
DevOps methodology has had on the people, process, and technology,
the three pillars of success for any organization, is tremendous and
revolutionary. DevOps brings about a change in which businesses
operate. The IT (information technology) team has sort of broken out
of the shackles of being boring, slow, and always taking the blame for
failures. Many blogs/personas describe DevOps as a methodology that
brings Dev and Ops together, which is certainly true from a technology
perspective. However, I believe that DevOps has brought business and
technology to become equal stakeholders in the success of organizations.
Peter Sondergaard in the Gartner Symposium, 2013, declared that “Every
company is a technology company,” which implies that the success of
every business is tied to the success of your technological processes
and tools.
2
Chapter 1 What Is GitOps?
3
Chapter 1 What Is GitOps?
4
Chapter 1 What Is GitOps?
1.2 Introduction to DevOps
DevOps is a methodology that brings together three practices that work
in tandem:
• Continuous integration
• Continuous delivery/deployment
• Continuous monitoring
1.2.1 Continuous Integration
Continuous integration as described by Martin Fowler (https://
martinfowler.com/articles/continuousIntegration.html) is a software
development practice where different members of the team integrate
changes frequently from at least a one to multiple changes in a day.
There are various tools that can be used for this purpose, namely, Git,
CVS, Mercurial, SVN, etc.
The primary purpose of all these tools is to
5
Chapter 1 What Is GitOps?
6
Chapter 1 What Is GitOps?
1.2.2 Continuous Delivery/Deployment
Deployment is the practice of pulling the source code from a repository
and performing actions that are necessary to package and run the
application on a desired system.
7
Chapter 1 What Is GitOps?
8
Chapter 1 What Is GitOps?
The preceding image illustrates the complete process where the docker
image building is automated as described in the following:
1. Developers push their application code and
Kubernetes administrators their Kubernetes
manifests into their respective repositories once
development and testing are complete.
9
Chapter 1 What Is GitOps?
10
Chapter 1 What Is GitOps?
1.2.3 Continuous Monitoring
Feedback is one of the most important parts of any process and is
certainly a big deal in DevOps. As we deploy faster, we are able to see the
new features quickly and rapidly; however, what to do when things go
wrong? In the case of an application running in a pod in a Kubernetes
environment, there are many things that can go wrong like no taint
matching, no node available for scheduling, etc. How do we debug this real
time without having to actually SSH into the cluster? How do we know if a
node is exhausting its memory, or the CPU is spiking? How can we get all
those details real time?
This is where the practice of continuous monitoring becomes an
extremely important part of DevOps as it gives real-time feedback on how
our infrastructure is behaving.
11
Chapter 1 What Is GitOps?
These are only a few examples of the stages that organizations employ
to automate their deployment pipeline. Other possible stages that can
occur between continuous integration and continuous monitoring are as
follows:
12
Chapter 1 What Is GitOps?
All in all DevOps tries to answer all the issues that we’ve observed in
the waterfall model of software development. DevOps is a methodology to
13
Chapter 1 What Is GitOps?
14
Chapter 1 What Is GitOps?
In the past decade, people started realizing that it’s quite futile to
spin up a full-blown server with its own memory, disk, CPU, etc., just for
serving a few HTML pages even if it’s virtualized. Hence, they started using
containerization technology to quickly spin up and tear down containers.
15
Chapter 1 What Is GitOps?
2015–Present
File: chapter1\Dockerfile
1: FROM ubuntu
2: RUN apt-get update
3: RUN apt-get install -y apache2
4: RUN apt-get install -y apache2-utils
5: RUN apt-get clean
6: EXPOSE 80 CMD ["apache2ctl", "-D", "FOREGROUND"]
16
Chapter 1 What Is GitOps?
File: chapter1\ec2.tf
17
Chapter 1 What Is GitOps?
18
Chapter 1 What Is GitOps?
Immutable Infrastructure
19
Chapter 1 What Is GitOps?
1.3.4 State in IaC
State in computer systems is a collection of information about a program or
an object stored either in a file or memory. The information represents the
current state of the program/object and helps in identifying what future state
would look like by diffing between the current and the desired information.
If we are spinning up infrastructure resources using IaC technologies,
then it’s extremely important to store their state as without that
information, we won’t know how resources were created and how they
would handle changes.
Let’s take a simple example of how Terraform manages its state when
creating a simple EC2 instance on AWS. (We’ll explore Terraform in much
more detail in chapters ahead).
A sample terraform.state file where Terraform state is stored is
shown here.
{
"version": 4,
"terraform_version": "1.0.7",
20
Chapter 1 What Is GitOps?
"serial": 1,
"lineage": "2d17ac77-08f2-94d9-e1e5-991fc1e2fe12",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_instance",
"name": "app_server",
"provider": "provider[\"registry.terraform.io/hashicorp/
aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"ami": "ami-00399ec92321828f5",
"arn": "arn:aws:ec2:us-
east-2:871811778330:instance/i-0bc3c235e3991243b",
"associate_public_ip_address": true,
"availability_zone": "us-east-2c",
"capacity_reservation_specification": [
{
XXXXXXXX ---- SNIPPED FOR BREVITY------ XXXXXXXXX
This file is created once “terraform apply” is executed and its operation
of creating an EC2 instance on AWS is completed as illustrated in
Figure 1-5.
The state stores information about the instance ID, network interface
ID, and much more details that are required when modifications are to be
made to this server or to destroy this instance.
21
Chapter 1 What Is GitOps?
22
Chapter 1 What Is GitOps?
We’ll discuss in detail how to manage the terraform state in the best
possible way; however, for now, understanding the importance of state is
extremely necessary from the GitOps perspective.
23
Chapter 1 What Is GitOps?
24
Chapter 1 What Is GitOps?
25
Chapter 1 What Is GitOps?
1.5 Introduction to GitOps
As we saw, DevOps is more of a combination of culture, tools, and
processes to develop and deliver business applications faster. GitOps is
a more technical term that encourages everything to have the “Git” as
the single source of truth. By everything, I mean your application as well
as your infrastructure must be deployed from Git. For teams following
DevOps, their application code is already maintained in Git; however, their
infrastructure is more or less deployed by hand.
Hence, GitOps stresses more on having your infrastructure deployed
directly from Git, providing flexibility to developers to be able to choose
their own deployment strategies and taking the load off the system
administrators to manage and deploy complex environments like staging,
production, backup, and disaster recovery.
GitOps is a process to manage your infrastructure deployments in an
auditable, repeatable, version-controlled, and reliable manner. GitOps will
help you create a “snapshot” of your infrastructure in the form of a “state,”
allowing you to make decisions while designing and deploying changes.
It’ll help you scale up/scale in whenever required and manage almost all
aspects of your cloud infrastructure through a few lines of code.
The following are some mandatory requirements to implement a
GitOps process for the infrastructure that is responsible for running
business applications:
26
Chapter 1 What Is GitOps?
27
Chapter 1 What Is GitOps?
28
Chapter 1 What Is GitOps?
29
Another random document with
no related content on Scribd:
Lábjegyzetek.
1) Kiadja Horváth Döme. Első kötet. Kecskeméten, Szilády
Károlynál, 1850. Ára 1 frt.
2) Ő Pereóval hagy engem? Szörnyű találkozás! Emésztő
kínomat kétszerezve érzem.
3) Nem; íme a nap, melyen nőd leszek. Holnap kidagasztja a szél
vitorláinkat s e partokat örökre magunk után hagyjuk.
4) Úgy akarom, örökre elhagyni s meghalni fájdalmamban
5) Te megvigasztalsz.
6) O Mirra, ez a te utolsó erőlködésed. Bátorság…
7) Pillanatra visszavonulok szobámba, az oltárhoz száraz
szemeket és derült homlokot akarok vinni, hogy tessem az én
méltó vőlegényemnek.
8) Hallgass, oh hallgass.
9) Nem, valóban nem reszketek.
10) Te vagy első, egyedüli és örök oka az én kínaimnak.
11) Igen, te vagy oka az én kínaimnak, te adtál életet nekem –
istentelennek, te vagy istentelen, hogy annyi kérésemre sem
adtál halált.
12) Oh hát akkor miért nem öltél meg?
13) Egyedül én vagyok méltó a halálra. És mégis lélekzem?
14) Én?… szeretni?… Oh ne hidd.
15) Tőled távol halni meg? Mily boldog édes anyám, legalább
neki meg van engedve, hogy oldaladnál haljon meg.
16) Az ékszer nem teszi a királynőt.
17) Azt jól tudom.
18) Anna! mily boldog vagyok. Megaláztam őt Róbert szemei
előtt.
19) Oh ne, már nem sír.
20) Vita Jókai Mórral.
21) Vita Egressy Gáborral.
22) Vita Egressy Gáborral.
23) Vita Jókai Mórral.
24) Thalia Zsebkönyv 1862-re. Kiadták Fésüs György és Toldy
István. – A budai magyar népszinház javára s keletkezésének
emlékére. – Pest, Emich, 1862.
25) Wesen und Geschichte des Lustspiels. Irta Mähly I. Lipcse,
1862. Weber kiadása.
26) Kiadja Toldy István. Nemzeti Szinház. I–II. kötet. Pest 1863.
AZ ELSŐ KÖTET TARTALMA.
1. Alföldi szinműtár.
I. Horváth Cyrill: Vetélytársak
II. Hugo Victor: Borgia Lucretia 7
2. Czakó Zsigmond: Kalmár és tengerész 17
3. Ira Aldridge 20
4. Schiller: Ármány és Szerelem 29
5. Szigligeti Ede: Árgyil és Tündér Ilona 31
6. Corneille: Cid 37
7. Kovács Pál: Három szin 43
8. Ponsard: Pénz és becsület 48
9. Barrière és Thiboust: Márványhölgyek 57
10. Dumas: Lelkiismeret 82
11. Szigligeti Ede: Diocletián 90
12. Dumas fils: Divathölgyek (Le Demi-Monde)
107
13. Ristori 137
14. Még egyszer Ristori I–III. 167
15. A Szinházi Naptár ügyében I–III. 219
16. A Nemzeti Szinház és Drámairodalmunk 236
17. Jókai Mór: Dózsa György I–II. 273
18. Egy kis curiosum (Vita Bulyovszkynéval) 313
19. Egy szinházi zsebkönyvről 329
20. A vigjátékról 344
21. Sribe: A pajtáskodás 359
22. Szigligeti Ede: Az eladó lányok 367
23. Delavigne: XI-ik Lajos 374
24. Az automimikáról 379
25. Egy új szinműtár
I. Szigligeti Ede: Béldi Pál
II. Sardou: Jó barátok 382
26. Molière: Tartuffe 384
27. Kövér Lajos: Kiadó szállás 392
28. Séjour: A kártyavetőnő 395
29. Szigligeti Ede: Gritti 400
30. Conqui Claudina vendégszereplése I–II. 403
31. A szinházi kihívásokról 409
32. Sand és Meurice: A menekültek 413
33. A drámabiráló választmányról 419
34. Bourgeois és Decourcelle: A család öröme
424
35. Bulwer: Richelieu 430
36. Dumas fils: Gauthier Margit (A kaméliás hölgy)
435
37. Scribe és Legouvé: Lecouvreur Adrienne 448
38. Szinházi dolgokról I–IV. 456
39. Shakespeare: Hamlet 494
40. Katona József: Bánk bán 501
41. Obernyik Károly: Brankovics György 509
42. Bulyovszkyné Berlinben 516
43. Szigligeti Ede: Egy bujdosó kurucz 523
44. Szigeti József: Szécsi Mária vagy Murányvár
ostroma 531
45. Egressy levele 539
46. Tóth Kálmán: A király házasodik I–II. 548
47. Szigligeti Ede: A lelencz I–II. 569
Javítások.
Az eredeti szöveg helyesírásán nem változtattunk.
A nyomdai hibákat javítottuk. Ezek listája:
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must, at
no additional cost, fee or expense to the user, provide a copy, a
means of exporting a copy, or a means of obtaining a copy upon
request, of the work in its original “Plain Vanilla ASCII” or other
form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
Most people start at our website which has the main PG search
facility: www.gutenberg.org.