DevOps Paradigms and Practices for 2023
What to look for and how Harness can help you get there!
DevOps has seen explosive evolution since its initial variations demonstrated in the late 90s/early 2000s. I entered the DevOps space around 2015 and in just the past few years alone I've seen a large increase in the use of Kubernetes and microservice architectures as well as serverless frameworks like AWS Lambda or Azure Functions. In addition, I've seen a slew of new open-source tools hoping to make the bridge between Development and Operations shorter and more efficient: Jenkins, Ansible, Spinnaker, Argo, and Drone (my favorite 😉) just to name a few.
While these tools have done a lot to help with software operations, they are constantly evolving and forming new architectures and frameworks as new technology is introduced.
I was lucky to join Harness, the Modern Software Delivery Platform, in 2022. At Harness, we are laser-focused not just on enabling customers to eloquently and efficiently tackle all aspects of the Software Delivery Lifecycle (SDLC), but we are thinking ahead to the future and identifying the paradigms and practices that are going to revolutionize how our customers conduct their software operations and developer experiences.
These are the top new DevOps paradigms and practices to look out for in 2023, as well as what we’re doing at Harness to enable our customers to adopt and excel at them!
Putting the Sec into DevSecOps
DevSecOps is a relatively new concept that has been gaining traction since the mid-2010s. It is a response to the movement of DevOps, which began in 2009. Short for "Development, Security, Operations," DevSecOps is an approach to software development and security that seeks to bring security earlier into the software development cycle. This is achieved by integrating development and security practices into the DevOps culture. The goal is to create applications that are secure by design and are managed, monitored, and tested in an automated and continuous way.
Initially, Security was siloed from DevOps, with various scans and security tests performed by a distinct security team after code was built and/or software was deployed. As DevSecOps has evolved and gained adoption, this approach is no longer feasible. To stay ahead of the curve, organizations will need to begin to shift their focus "left” to embedding security into the DevOps culture.
Shift left security is an approach to security that focuses on embedding security earlier in the development process rather than waiting until the end of the process. It also emphasizes the need for collaboration among teams such as developers, operations, and security to detect and manage security risks throughout the entire software development life cycle. By taking a shift left approach, organizations can implement comprehensive and automated security measures that are tailored to the specific needs of their organization, applications, and environment. This helps them to identify and address security vulnerabilities promptly, reducing the risk of a costly security breach or data loss.
Harness is leading the charge in DevSecOps with our Security Test Orchestration (STO) module, by providing customers with automated vulnerability assessment and patching solutions integrated directly into their software delivery pipelines. By leveraging machine learning and continuous discovery, customers can ensure that the security policies they defined are continuously enforced, and patches are automatically deployed without affecting operations.
Separate Releases from Deployments
While the SDLC has improved immensely since the days that software was distributed primarily by floppy disks, releasing features is still a major point of contention and friction between Developers, Product Managers, and IT Operations staff since the release of features is tied to the deployment of software.
First, the release process can be slow and fragmented. This can be due to a manual approval process, lack of automation, or simply legacy tools that are not built for speed and agility.
Second, the lack of control over the release process often leads to frustration among feature stakeholders, as they have no insight into what is happening and can't control when the release will be live.
The inability to decouple releases from deployments can also have implications for the software itself. For example, if multiple changes are released all at once, it can be difficult to isolate a regression bug or identify which release/deployment caused an issue.
A better approach to releasing software is to separate the release process from the deployment process. This is done today primarily using feature flags.
A feature flag (also referred to as a feature toggle, feature switch, feature bit, feature control, dark launch, mode flag, or feature flipper) is a technique in software development that attempts to provide an alternative to maintaining multiple code branches for features that are under development. Feature flags allow developers to modify system behavior without making hard code or configuration changes. Feature flags can be used to control the release of features to selected users, or to enable the gradual rollout of features over time. This can be used to test the impact that a new feature might have in production
Feature flags also allow for quicker and more comprehensive testing on the release side before the deployment is executed. This also allows for more granular releases, giving stakeholders more control over the process. Furthermore, it gives developers the ability to roll back a release without needing to redeploy the software.
With Harness, customers can separate releases from deployments by doing feature flagging and A/B testing directly in their DevOps pipelines using our Feature Flags (FF) module. This ensures that teams can deploy and test software without interrupting operations and without any extra complexity.
This also allows developers and product managers to take advantage of many of the other innovative paradigms that Harness provides for their feature flag strategies, such as having policy-enforced, pipelined rollout strategies and responding to the results of Continuous Verification through our Site Reliability Management (SRM) module.
Agile software development methodologies have done fantastic things for the SDLC by helping take software deployment frequency from months down to the size of a single “sprint,” often one or two weeks. Releasing on sprint-based Agile cycles has been a standard for over a decade, and has made sense, as code changes usually had to go through hours of unit testing and regression testing, hours of security tests, and hours of strenuous deployment execution and monitoring to be considered successful.
However, in today’s increasingly competitive business landscape, deploying once every week can be far too slow. As far back as 2015, Amazon was conducting over 130,000 deployments every day. (The Phoenix Project)
Businesses need to operate at the speed of the cloud. To stay competitive, organizations must be able to move faster than their competitors. This is especially true in markets that experience rapid change, such as the world of e-commerce or SaaS. As a result, organizations must look for ways to reduce the time it takes to develop and release products.
The Harness Continuous Integration and Continuous Delivery include features like:
CI Test Intelligence that reduces your unit testing from hours to minutes using Machine Learning and code analysis.
Automated security testing orchestration.
Intelligent pipeline stopping and deployment rollbacks based on:
Unit test results
Security test results
Site Reliability thresholds
Many more options
By automating the release management process and eliminating manual activities, organizations can deploy as rapidly as hourly, ensuring faster delivery of features and fixes.
In current DevOps operations, everyone involved does absolutely everything they can to avoid the dreaded rollback. CI/CD rollbacks can be painful for teams due to the complexity and time involved in manually reverting code to an earlier version. This can be especially difficult if the code includes a lot of changes that have been made over a long period (see “Deploy Hourly” to see how to mitigate this). Additionally, the process of reverting to an earlier version can be difficult to track and document and can lead to unexpected results. Reverting to an earlier version can sometimes cause issues with the application, such as conflicts in libraries or configuration settings.
With Harness CD we provide templated and easy approaches for industry-standard rollout methods for modern deployment targets, including Canary and Blue/Green. For each of these deployments, we also include a templated rollback that provably works every time, giving your team the confidence to deploy more frequently without fear of the dreaded rollback.
With Harness, teams can set up automation to the point where CI/CD pipelines can seamlessly roll back deployments in the event of an issue or regression. Additionally, there are several safety catches built in that will ensure that a rollback will only happen if the necessary conditions are met. This can be particularly beneficial for organizations that need to move quickly and avoid manual intervention and delays in the deployment process.
Harness also allows for a detailed audit trail of every release, including snapshots of what code was deployed and when.
At this point, you’re probably saying, “all of this stuff sounds like it will be great… if I can get developers to actually use it!”
Governance for DevSecOps is always a challenge, usually defaulting to two approaches:
Wild West - everyone on the DevOps team can create new pipelines, register connectors, write and use secrets, etc. This may lend to some great velocity, but quality, security, and governance all degrade as new organizational requirements emerge for these pipelines.
Lockdown - A few people in the organization hold the “keys to the kingdom.” This might lead to better quality and security for CI/CD pipelines, but organizations take a major hit to velocity as these individuals are single points of failure and chokepoints for modifications.
Harness provides DevOps teams with the ability to adopt the best of both approaches without tradeoffs: teams can maintain great velocity while proactively addressing security and governance requirements.
Harness provides role-based access control (RBAC) to ensure that teams have granular access to the right components. RBAC allows teams to grant or deny access to individual resources, such as pipelines, secrets, and connectors, as needed. Additionally, it allows for pre-defined templates for pipelines, secrets, and more that can be shared.
All of this can be governed with our first-class implementation of the Open Policy Agent (OPA), integrated into Harness as a policy enforcement engine. This engine allows AppSec and SecOps teams to define and enforce policies that control how applications and services are deployed. The OPA is a powerful addition to the Harness platform, allowing teams to assert an even greater level of control over their CI/CD pipelines and deployment strategies.
Underlying Harness pipelines is GitOps. The GitOps workflow is based on the idea that your Git repository is the source of truth for the state of the pipeline your organization is deploying. Every time any change is made to the pipeline state, it is pushed to the repository. This combination of version control and automation ensures that no change is ever made outside of the Git repository, allowing for total visibility into the state of the pipeline at any point in time. Updating pipelines is as simple as updating the original templates repositories they were branched from.
Harness also provides comprehensive change management and audit control. This allows teams to better control changes to pipelines, as well as perform post-deployment analysis to ensure that the desired outcome is reached. By tracking changes made to pipelines, release cycles, and configurations, it becomes easier to identify issues promptly and reduce the impact of any issues that do arise.
There are a lot of exciting DevOps paradigms to consider and adopt within your organization in 2023. With Harness, we are always looking to the feature to stay one step ahead of the needs of our customers and we look forward to seeing these paradigms play out.
This article reflects my personal excitement for products I happen to sell and does not necessarily reflect the opinions of my employers. In other words: my opinions are my own.
Did you find this article valuable?
Support Nic Acton by becoming a sponsor. Any amount is appreciated!