Browsing by Subject "DevOps"

Agile software development and DevOps are both well studied methodologies in the field of computer science. Agile software development is an iterative development approach that focuses on collaboration, customer feedback and fast deliveries. DevOps on the other hand highlights the co-operation between the developers and IT operations personnel, in addition to describing how to continuously deploy working software with usage of tools and automation. Even though these two methodologies share similarities and DevOps as a concept can even be seen as a descendant of agile software development, the relationship between the two is not yet as explored as the effects of individual practices. In this thesis, a systematic literature review is conducted to examine the relationship between agile software development and DevOps. The aim was to find benefits and drawbacks of the combined implementation agile software development and DevOps in the field of software development, the key similarities and differences between the two and how the adoption of one methodology influences the implementation of the other. A systematic literature review was conducted to find information on how agile software development and DevOps are related and perform in combination. Results showed that agile software development and DevOps share a complex yet symbiotic relationship. The complementary role of each methodology enhances each other and in unison these methodologies address wider variety of aspects in software development lifecycle. This combination shows a wide array of promising benefits such as improvements in productivity, delivery speed and collaboration. It however presents challenges related to required culture shift and lack of knowledge, for example, that organizations need to be wary of and acknowledge.

DevOps software development methodologies have steadily gained ground over the past 15 years. Properly implemented DevOps enables the software to be integrated and deployed at a rapid pace. The implementation of DevOps practices create pressure for software testing. In the world of fast-paced integrations and deployments, software testing must perform its quality assurance function quickly and efficiently. The goal of this thesis was to identify the most relevant DevOps software testing practices and their impact on software testing. Software testing in general is a widely studied topic. This thesis looks into the recent develop- ments of software testing in DevOps. The primary sources of this study consist of 15 academic papers, which were collected with the systematic literature review source collection methodolo- gies. The study combines both systematic literature review and rapid review methodologies. The DevOps software testing practices associated with high level of automation, continuous testing and DevOps culture adoption stood out in the results. These were followed by the practices highlighting the need for flexible and versatile test tooling and test infrastructures. DevOps adoption requires the team composition and responsibilities to be carefully planned. The selected testing practices should be carefully chosen. Software testing should be primarily organized in highly automated DevOps pipelines. Manual testing should be utilized to validate the results of the automatic tests. Continuous testing, multiple testing levels and versatile test tooling should be utilized. Integration and regression testing should be run on all code changes. Application monitoring and the collection of telemetry data should be utilized to improve the tests.

Tutkielmassa käydään yleisellä tasolla läpi DevOps- ja SRE (Site Reliability Engineering)-menetelmät ja tutkitaan miten niitä voidaan hyödyntää nykyaikaisessa ohjelmistokehityksessä erityisesti automatisoinnin ja mittaamisen osalta. Tutkielmassa käydään myös läpi erilaisia teknologioita, kuten kontit, virtuaalikoneet, serverless, Docker, konttien orkestrointi ja Kubernetes. Lisäksi tutkielmassa selvitetään infrastruktuuri koodina (engl. "Infrastructure as Code") lähestymistapaa infrastruktuurin automatisointiin ja GitOps-menetelmää toteuttaa jatkuvaa toimitusta (engl. "Continuous Deployment") pilvisovelluksille. Tutkielman aikana kehitettiin selvitettyjä menetelmiä ja teknologioita hyödyntäen Kubernetes-klusterin automatisoitu käyttöönotto Google Cloud Platform -alustan tarjoaman Google Kubernetes Enginen päälle. Tutkielmassa toteutettiin myös esimerkkiluontoinen web-palvelu, johon kuuluu asiakassovellus, REST-rajapinta, GraphQL-palvelin, Redis-välimuistipalvelu ja PostgreSQL-tietokanta. Web-palvelun kehittämistä varten toteutettiin paikallinen Kubernetes-kehitysympäristö. Tutkielmassa toteutettiin myös web-palvelun jatkuva toimitus Google Kubernetes Enginen päällä toimivaan Kubernetes-klusteriin käyttämällä GitOps-menetelmää. Lisäksi tutkielmassa toteutettiin web-palvelun REST-rajapintaa ja GraphQL-palvelinta varten luodut kuvitteelliset mittarit ja palvelutasotavoitteet. Tutkielman aikana toteutetuilla Kubernetes-klusterin automatisoidulla käyttöönotolla infrastruktuuri koodina menetelmällä ja esimerkkiluontoisen web-palvelun jatkuvalla toimituksella Kubernetes-klusteriin GitOps-menetelmää hyödyntämällä luotiin pohjaa työkaluille ja menetelmille, joita voisi tulevaisuudessa hyödyntää myös muillekin Kuberneteksessa toimiville sovelluksille.

Software development industry has been revolutionized through adoption of software develop- ment methods such as DevOps. While adopting DevOps can speed up development through collaborative culture between development and operations teams, speed-driven adoption can have an adverse impact on security aspects. DevSecOps is a concept that focuses on embed- ding security culture and activities into DevOps. Another contributing factor to the more agile development landscape is the widespread adoption of open source components. However, the risk of putting too much trust into the open source ecosystem has resulted in a whole new set of security issues that have not yet been adequately addressed by the industry. This thesis is commissioned by Neste Corporation. The company has set an initiative to in- corporate methods that enable better transparency, agility, and security into their software development projects. This thesis collects research data on secure software development prac- tices by combining findings of a literature review with a case study. The qualitative case study is done by interviewing eight stakeholders from four different software development teams. The literature review shows that securing software is very much an ongoing effort, especially in the open source ecosystem. Therefore, it might be not surprising that the results from the case study revealed multiple shortcomings on the subject matter despite obvious efforts from the participating teams. As a result, this thesis presents potential ideas for the case company to consider integrating into their software development projects in order to kickstart their secure software development journey.