Feedback

Chat Icon

DevSecOps in Practice

A Hands-On Guide to Operationalizing DevSecOps at Scale

Setting Up the Foundation: The Infrastructure
10%

Context and Prerequisites

To better illustrate the concepts and practices of DevSecOps, we are going to develop a basic application using Flask that we will call "RestQR." RestQR handles online restaurant menus and QR code generation for these menus based on the restaurant ID. It can be used to provide a contactless menu experience for restaurant owners and customers. As a customer, you can scan the QR code sticker on the table to view the restaurant's menu on your phone. As a restaurant owner, you can update the menu online and print the QR code to stick on the table. Our goal is to create a prototype of this application and create the Kubernetes manifests for the different resources.

The application is composed of two microservices:

  • Menu Service (named menu): This service handles restaurant menus. It stores menu items in PostgreSQL and provides an API to save and fetch menus.
  • QR Code Generator Service (named qr): This service creates QR codes that link to a restaurant’s online menu. It returns the QR code image.

In the following steps, we will create the application, Docker images, the infrastructure, and the deployment manifests. Let's start with the infrastructure.

The infrastructure that we are going to use throughout this guide is a requirement to follow along with the examples. We are going to use two components:

  • A workspace server: We are going to use this as a development environment, a place to run our scripts, and a jump server to access our Kubernetes cluster. We will use Ubuntu 24.04 as our operating system.
  • A Kubernetes cluster: This is where we are going to deploy our microservices. We will use version 1.32.1. A cluster with a single node is enough for our examples (in addition to the control plane node).

For both, we are going to use DigitalOcean as our cloud provider. The choice of this cloud provider is based on its simplicity and ease of use. You can use my referral link to get $200 in free credit for 60 days on DigitalOcean. DigitalOcean can be replaced with any other cloud provider, including private providers like OpenStack or VMware, but I strongly recommend using the same setup to avoid any divergence in the examples and the expected results.

After creating the workspace server, you should install kubectl:

# Install kubectl
curl -LO "https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl"
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

# Enable bash completion
echo 'source <(kubectl completion bash)' >>~/.bashrc

# Create an alias for kubectl (k is easier to type than kubectl)
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc

# Load the new configuration
source ~/.bashrc

DevSecOps in Practice

A Hands-On Guide to Operationalizing DevSecOps at Scale

Enroll now to unlock current content and receive all future updates for free. Your purchase supports the author and fuels the creation of more exciting content. Act fast, as the price will rise as the course nears completion!

Unlock now ($29.99) Learn More
Previous Next