DevOps
Vorteile Continuous Integration
+ Frühzeitige Fehlersuche möglich + Ständiges Feedback + Keine Überforderung bei einzelner grosser Integration zum Abschluss (Risiko wird nicht aufgeschoben) + Genaue Aufzeichnung von Änderungen + Stetige Verfügbarkeit einer funktionierenden, aktuellen Version + Fördert granulares Arbeiten
DevOps Vorteile
- schnellere Entwicklung - schnellere Bereitstellung von Updates und Entwicklungsversionen - höhere Sicherheit durch kontinuierliche Prüfung - mehr Neuerungen dank schnellerer Produktionsschritte - größere Zuverlässigkeit durch parallel laufende Tests während der Entwicklung - mehr Sicherheit durch die Integration von DevSecOps - höhere Produktivität durch bessere Team-Arbeit über Teamgrenzen hinweg
Docker Image
A Docker image consists of read-only layers, each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. The image can be instantiated as a container.
Jenkinsfile
A Jenkinsfile is a text file that contains the definition of a Jenkins Pipeline and is checked into source control. A basic continuous delivery would have the the three stages `Build`, `Test` and `Deploy`.
Microservices
A software architecture that is composed of smaller modules that interact through APIs and can be updated without affecting the entire system.
Time series database
A time series database (TSDB) is a software system that is optimized for storing and serving time series through associated pairs of time(s) and value(s). In many cases, the repositories of time-series data will utilize compression algorithms to manage the data efficiently. Although it is possible to store time-series data in many different database types, the design of these systems with time as a key index is distinctly different from relational databases which reduce discrete relationships through referential models.
Time series
A time-ordered sequence of observations taken at regular intervals.
Load Testing
A type of performance testing conducted to evaluate the behavior of a component or system with increasing load, e.g. numbers of parallel users and/or numbers of transactions, to determine what load can be handled by the component or system.
Prometheus
An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach.
Static Code Analysis
Analysis of source code carried out without execution of that software.
Continuous Integration
As soon as the work on a task is complete, it is integrated into the whole system. After any such integration, all the unit tests in the system must pass.
Third Way of DevOps
Continued experimentation, in order to learn from mistakes, and achieve mastery: - Promote experimentation - Learn from success and failure - Constant improvement - Seek to achieve mastery through practice
Continuous Testing
Continuous Testing is the process of executing automated tests as part of the software delivery pipeline in order to obtain feedback on the business risks associated with a software release candidate as rapidly as possible. Types of automated tests: - Unit Tests - Integration Tests - End-to-End Tests
Continuous Monitoring
Continuous monitoring is a process that IT organizations may implement to enable rapid detection of compliance issues and security risks within the IT infrastructure.
Second Way of DevOps
Create, shorten and amplify feedback loops: - Establish an upstream feedback loop - Shorten the feedback loop - Amplify the feedback loop
End-to-End Test
End-to-end testing replicates a user behavior with the software in a complete application environment. It verifies that various user flows work as expected and can be as simple as loading a web page or logging in or much more complex scenarios verifying email notifications, online payments, etc... End-to-end tests are very useful, but they're expensive to perform and can be hard to maintain when they're automated. It is recommended to have a few key end-to-end tests and rely more on lower level types of testing (unit and integration tests) to be able to quickly identify breaking changes.
Quality Gates
In DevOps, used to determine quality checks at strategic points in the build pipeline and ensure that the work is accurate and meets quality standards. If a check fails, the pipeline fails.
Integration Test
Integration tests verify that different modules or services used by your application work well together. For example, it can be testing the interaction with the database or making sure that microservices work together as expected. These types of tests are more expensive to run as they require multiple parts of the application to be up and running.
Manual Tests
Manual testing is done in person, by clicking through the application or interacting with the software and APIs with the appropriate tooling. This is very expensive as it requires someone to set up an environment and execute the tests themselves, and it can be prone to human error as the tester might make typos or omit steps in the test script.
Performance Testing
Performance testing is the general name for tests that check how the system behaves and performs. Performance testing examines responsiveness, stability, scalability, reliability, speed and resource usage of your software and infrastructure.
Docker Container
Runnable instance of a Docker image.
SecDevOps
SecDevOps is the process of integrating secure development best practices and methodologies into development and deployment processes which DevOps makes possible. Implant secure coding deep in the heart of the DevOps development and deployment processes.
Security Testing
Security Testing is a type of Software Testing that uncovers vulnerabilities, threats, risks in a software application and prevents malicious attacks from intruders. The purpose of Security Tests is to identify all possible loopholes and weaknesses of the software system which might result in a loss of information, revenue, repute at the hands of the employees or outsiders of the Organization. Static vs. dynamic Security Tests.
Smoke Testing
Smoke tests are basic tests that check basic functionality of the application. They are meant to be quick to execute, and their goal is to give you the assurance that the major features of your system are working as expected. Smoke tests can be useful right after a new build is made to decide whether or not you can run more expensive tests, or right after a deployment to make sure that they application is running properly in the newly deployed environment.
Build Pipeline
Source Repository --> Commit Checks --> Artefakt Repository Artefakt --> Akzeptanz Tests, Manuelle Tests, Security Tests, Performanz Tests --> Deployment
Unit Test
Test of an individual method, class, or component before it is integrated with other software. Should be tested in isolation, mocking dependencies.
DevOps
The practice of blending the tasks performed by the development and IT operations groups to enable faster and more reliable software releases.
First Way of DevOps
Work always flows in one direction - downstream. No known defect should be passed downstream. Always seek to increase the flow.