Secure Continuous Delivery on Google Cloud : Implement an Automated and Secure Software Delivery Pipeline on Google Cloud Using Native Services / Giovanni Galloro, Nathaniel Avery, David Dorbin.

Format:

Book

Author/Creator:

Galloro, Giovanni, author.

Avery, Nathaniel, author.

Dorbin, David, author.

Language:

English

Subjects (All):

Google (Firm).

Cloud computing.

Business enterprises--Computer networks--Management.

Business enterprises.

Information technology--Management.

Information technology.

Application software--Development.

Application software.

Computer networks--Management.

Computer networks.

Physical Description:

1 online resource (304 pages)

Edition:

First edition.

Place of Publication:

Birmingham, England : Packt Publishing Ltd., [2024]

Biography/History:

Galloro Giovanni: Giovanni Galloro has been working at Google since 2017 as a customer engineer specializing in container-based runtimes, DevOps tools, and application networking. He works with multiple organizations across EMEA, helping them to leverage these capabilities and improve their software delivery practices. Giovanni is a community ambassador for the Continuous Delivery Foundation and is a frequent speaker at developer conferences. Before Google, he worked at Microsoft, Red Hat, VMware, and HP, following the evolution of application platforms over the past 20 years. Avery Nathaniel: Nathaniel Avery works at Google as an outbound product manager for the Google Cloud Application Ecosystem group, specializing in DevOps tools, and has spoken to many Fortune 500 companies about DevOps tooling solutions. Before joining Google, Nate spent more than 20 years in IT designing, planning, and implementing complex systems, integrating custom-built and COTS applications for federal government customers. Currently, he's working on better ways to build and use cloud resources to help customers deliver better products, safely and securely, without sacrificing velocity. Dorbin David: David Dorbin has been a technical writer for more than three decades. He's been with Google for more than a dozen years, documenting payment applications, internal tools, and Google Cloud DevOps products. Before Google, he worked with numerous start-ups and established companies, documenting technologies in payment processing, digital publishing and rights management, consumer electronics, and cryptography for financial institutions. In his free time, Dave enjoys playing bass and banjolele (but never at the same time), or doing more damage to his Achilles' heel on the streets and trails of northern New Jersey.

Summary:

Build an end-to-end continuous delivery pipeline on Google Cloud and secure your software supply chain using GCP tools and services including Cloud Code, Cloud Workstations, Cloud Build, Artifact Registry, and Cloud Deploy Key Features Gain hands-on experience building an end-to-end software delivery pipeline using Google Cloud services Deploy your applications on GKE, Cloud Run, and across hybrid and multi-cloud environments Secure pipelines with artifact scanning, dependency vulnerability checks, signed provenance, and admission control Purchase of the print or Kindle book includes a free PDF eBook Book Description Continuous delivery, a cornerstone of modern software engineering, facilitates quick and secure software delivery using a robust toolkit encompassing automated builds, testing, source code management, artifact storage, and deployment. Whether you integrate tools from different providers or use a set of managed services from a single cloud provider, the goal is to streamline setup, integration, and management. This book focuses on continuous delivery on Google Cloud. Starting with an introduction to continuous delivery and secure software supply chain concepts, this book uses hands-on exercises to demonstrate how to continuously test your application with Skaffold and Cloud Code, leverage AI-assisted code generation with Cloud Code and Cloud Workstations, and automate your continuous integration with Cloud Build. You'll see how to store and scan your software artifacts on Artifact Registry, orchestrate deployments with Cloud Deploy, and release your software on GKE and Cloud Run, configured to admit only trusted code. Using an example application, you'll implement tools for creating an end-to-end delivery pipeline using Google Cloud services. By the end of this book, you'll be able to build a secure software delivery pipeline from development to production using Google Cloud managed services and best practices. What you will learn Create an end-to-end continuous delivery pipeline using Cloud Build, Artifact Registry, and Cloud Deploy Develop, build, and deploy container-based applications with Skaffold and Cloud Code Experiment with AI-assisted code generation in Cloud Code Automate continuous integration with Cloud Build triggers Automate deployment on GKE and Cloud Run through Cloud Deploy Enhance pipeline security with Artifact Analysis, Binary Authorization, and SLSA Apply best practices, including logging and monitoring Who this book is for This book is for DevOps, Platform, and Cloud Engineers tasked with managing application deployment and creating continuous delivery pipelines who want to automate workflows in a fully managed, scalable, and secure platform. Software developers involved in application delivery and interested in harnessing Google Cloud tools to optimize development flow status and feedback loop will also find this book useful. Prior knowledge of Google Cloud fundamentals (including Cloud APIs and IAM), software delivery, containerization, and Kubernetes will enhance the reading experience.

Contents:

Cover

Copyright

Foreword

Contributors

Table of Contents

Preface

Part 1: Introduction and Code Your Application

Chapter 1: Introducing Continuous Delivery and Software Supply Chain Security

Introduction to CD

CD practices

The impact of CD on software delivery performance

Understanding continuous integration

How to implement CI

Understanding continuous testing

Test types

Implementing continuous testing

Understanding deployment automation

Implementing deployment automation

Securing your software delivery pipeline

Source code management threats and remediations

Build threats and remediations

Dependency threats and remediations

Summary

Chapter 2: Using Skaffold for Development, Build, and Deploy

Technical requirements

Understanding Skaffold's capabilities and architecture

Skaffold for building

Skaffold for deploying

Skaffold's architecture

Installing Skaffold

Using Skaffold with your application

Initializing your repository using skaffold init

Testing your application while you code using skaffold dev

Building your application using skaffold build

Testing your application using skaffold test

Deploying your application using skaffold deploy

Deploying and rendering separately using skaffold render and skaffold apply

Running the end-to-end pipeline using skaffold run

Managing deployment in different environments

Cleaning up

Chapter 3: Developing and Testing with Cloud Code

About Cloud Code

Continuously deploying and testing locally while you code

Checking application logs from your editor

Creating a GKE cluster from your editor

Continuously deploying and testing a Kubernetes app remotely while you code

Debugging

Code with AI assistance

Getting help to understand code.

Generating code

Chapter 4: Securing Your Code with Cloud Workstations

Introduction to Cloud Workstations

Cloud Workstations architecture

Configuring workstations for developers

Creating a workstation cluster

Creating a workstation configuration for the base editor

Creating a workstation configuration for the IntelliJ IDEA Ultimate IDE

Creating workstations and assigning them to developers

Customizing Cloud Workstations

Creating a custom image and workstation configuration

Updating Cloud workstations

Coding on Cloud Workstations

Accessing a Cloud workstation configured with the base editor

Accessing a Cloud workstation configured with a JetBrains IDE

Part 2: Build and Package Your Application

Chapter 5: Automating Continuous Integration with Cloud Build

Cloud Build architecture and capabilities

Building your application manually

Running a simple build from the command line

Adding automated tests to your build

Building your application using Skaffold

Using substitutions

Customizing your build workers

Custom machine types

Private worker pools

Generating security information for your build

Producing digitally signed provenance

Viewing vulnerability reports and provenance

Automating builds

Creating your source code repository

Connecting your source code repository to Cloud Build

Creating a trigger for your build

Running an automated build after a code commit

Chapter 6: Securely Store Your Software on Artifact Registry

Managing container images with Artifact Registry

Creating an Artifact Registry repository to store your image

Viewing role-based access control on a repository.

Listing the Artifact Registry repositories available in a project

Uploading a Docker container to Artifact Registry

Listing container images in the repository

Pulling a container image/package

Managing language package distribution with Artifact Registry

Creating a repository for a Python package from the demo app

Uploading a Python package to the repository

Viewing packages in the standard Python repository

Creating a repo for Go packages from the demo app

Using virtual and remote repositories

Creating a remote repository for Python

Listing the packages in the remote Python repo

Creating a virtual repository from two different Python repositories

Using vulnerability scanning to detect threats

Running an on-demand scan of your container image

Seeing the results of the on-demand scan

Viewing scan results in the Google Cloud Console

References

Part 3: Deploy and Run Your Application

Chapter 7: Exploring Runtimes - GKE, GKE Enterprise, and Cloud Run

Understanding containers

Understanding Google Kubernetes Engine

What's the big deal about GKE?

GKE limitations

GKE cluster modes

GKE components

Autoscaling

Understanding GKE Enterprise

Identity management

GKE Enterprise on on-premises clusters

Limitations of GKE Enterprise on bare metal

GKE Enterprise clusters on AWS and Azure

Understanding Cloud Run

Cloud Run services

Cloud Run jobs

Cloud Run integrations

Cloud Run limitations

Cloud Run pricing

Choosing between GKE and Cloud Run

Chapter 8: Automating Software Delivery Using Cloud Deploy

Exploring the Cloud Deploy architecture

Cloud Deploy among software delivery tools

The Cloud Deploy resource model

The Cloud Deploy execution environment.

What happens when a delivery pipeline executes?

Understanding Cloud Deploy target types

Using the Kubernetes manifest and Kustomization

Using a Skaffold configuration

Preparing your project

Enabling the API

Creating the GKE clusters

Granting the necessary permissions

Creating a delivery pipeline

Understanding the progression

Understanding targets

Registering the delivery pipeline and targets

Creating a release

Examining a release

Verifying your deployment

Using a deployment strategy

Configuring the deliver pipeline for a canary deployment

Running the canary deployment

Chapter 9: Securing Your Runtimes with Binary Authorization

Understanding Binary Authorization concepts

Setting up Binary Authorization

Creating a CMEK

Setting up Binary Authorization on GKE

Setting up Binary Authorization on Cloud Run

Using Binary Authorization on GKE on other public clouds

Setting up attestations

Creating an attestation

Configuring Binary Authorization policies

Creating the policy

Applying an attestation to the image

Part 4: Hands-On Secure Pipeline Delivery and Looking Forward

Chapter 10: Demonstrating an End-to-End Software Delivery Pipeline

Software delivery pipeline overview

Building your software delivery pipeline

Configuring the required IAM roles

Creating two GKE clusters

Creating GKE gateway resources

Creating your Cloud Deploy delivery pipeline

Configuring security policies for your pipeline

Creating two Cloud Build triggers for your repository

Creating your initial release

Running your pipeline

Updating your code as a developer.

Running an automatic build and scan of your artifact

Merging your code and deploying your application to production

Chapter 11: Integrating with Your Organization's Workflows

Connecting a Cloud Build trigger to a third-party repository

Creating a host connection to GitLab

Creating a link to the GitLab repository

Creating a trigger

Integrating Cloud Deploy with automated testing

Integrating Cloud Deploy approval with third-party workflow management tools

Using a third-party workflow management system with Cloud Deploy approvals

Chapter 12: Diving into Best Practices and Trends in Continuous Delivery

Best practices for deploying secure delivery pipelines

Using a host project for CI/CD infrastructure

Consider using VPC-SC

Using private pools with Cloud Build and Cloud Deploy

Using Cloud Logging and Cloud Monitoring

Enabling recommended alerts

Using GitOps

Anticipating the future

AI infusion

Index

Other Books You May Enjoy.

Notes:

Includes bibliographical references and index.

Description based on publisher supplied metadata and other sources.

Description based on print version record.

ISBN:

9781805127642

1805127640

OCLC:

1428526771