From 4c09ff43659ea690469743cb60a069ed8387df76 Mon Sep 17 00:00:00 2001 From: Anja Kammer Date: Mon, 11 Mar 2024 15:37:26 +0100 Subject: [PATCH 1/3] add permissions management --- .../01-duration-terms.adoc | 4 +- .../02-learning-goals.adoc | 40 +++++++++++++++---- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/docs/06-Automation-and-Operation/01-duration-terms.adoc b/docs/06-Automation-and-Operation/01-duration-terms.adoc index ce19524..c15aaad 100644 --- a/docs/06-Automation-and-Operation/01-duration-terms.adoc +++ b/docs/06-Automation-and-Operation/01-duration-terms.adoc @@ -4,7 +4,7 @@ |=== === Begriffe und Konzepte -DevOps, DevSecOps, Site Reliability Engineering (SRE), Konfiguration, Provisionierung, Infrastructure as Code, Cloud Provider APIs, Abstraktionsebenen von Container-Managern, Berechnung Verfügbarkeit, Berechnung Cluster Größe +DevOps, DevSecOps, Site Reliability Engineering (SRE), Konfiguration, Provisionierung, Infrastructure as Code, Cloud Provider APIs, Berechtigungsverwaltung, Abstraktionsebenen von Container-Managern, Berechnung Verfügbarkeit, Berechnung Cluster Größe // end::DE[] // tag::EN[] @@ -13,7 +13,7 @@ DevOps, DevSecOps, Site Reliability Engineering (SRE), Konfiguration, Provisioni |=== === Terms and Principles -DevOps, DevSecOps, Site Reliability Engineering (SRE), configuration, provisioning, Infrastructure as Code, Cloud Provider APIs, abstraction levels of container manager, calculate availability, calculate cluster size +DevOps, DevSecOps, Site Reliability Engineering (SRE), configuration, provisioning, Infrastructure as Code, Cloud Provider APIs, Permissions Management, abstraction levels of container manager, calculate availability, calculate cluster size // end::EN[] diff --git a/docs/06-Automation-and-Operation/02-learning-goals.adoc b/docs/06-Automation-and-Operation/02-learning-goals.adoc index b464188..a4e0f02 100644 --- a/docs/06-Automation-and-Operation/02-learning-goals.adoc +++ b/docs/06-Automation-and-Operation/02-learning-goals.adoc @@ -25,16 +25,28 @@ Sie kennen die Möglichkeiten der Automatisierung und verstehen, wie dies mit We Sie kennen den Unterschied zwischen Infrastrukturkonfiguration und -Provisionierung, sowie etablierte Vorgehensweisen der Infrastruktur-Verwaltung. - [[LZ-6-4]] -==== LZ 6-4: Verschiedene Abstraktionsebenen von Container-Managern unterscheiden und verstehen +==== LZ 6-4: Grundprinzipien der Berechtigungsverwaltung verstehen + +Softwarearchitekt:innen verstehen die Bedeutung und Implementierung des Prinzips der minimalen Rechtevergabe (Least Privilege) in der Cloud-Umgebung. +Sie erkennen die Notwendigkeit, jedem Nutzenden und Service-Account nur die minimalen Berechtigungen zu erteilen, die zur Ausführung ihrer spezifischen Aufgaben notwendig sind. + +Dabei können sie folgende Herausforderungen benennen: + +* Automatisiertes Ausrollen von Berechtigungseinstellungen +* Verwaltung von konsistenten Berechtigungen in einem Hybrid/Multi-Cloud Setup +* Balance finden zwischen der minimalen Rechtevergabe (Least Privilege) und autonomen Entwicklungsteams +* Durchsetzung von Compliance Vorgaben bei der Berechtigungsverwaltung z.B. über Policy Enforcement + +[[LZ-6-5]] +==== LZ 6-5: Verschiedene Abstraktionsebenen von Container-Managern unterscheiden und verstehen Softwarearchitekt:innen wissen, dass sich durch Container-Manager die Grundfunktionalität der Container-Orchestrierungswerkzeuge erweitern lassen. Sie kennen die Einsatzmöglichkeiten vom Container-Managern und können ihre Abstraktionsebenen unterscheiden. -[[LZ-6-5]] -==== LZ 6-5: Berechnungsmethoden zur Dimensionierung von Ressourcen kennen +[[LZ-6-6]] +==== LZ 6-6: Berechnungsmethoden zur Dimensionierung von Ressourcen kennen Softwarearchitekt:innen kennen Methoden zur Berechnung des Ressourcenbedarfs für: @@ -51,7 +63,6 @@ Software architects are familiar with the new roles that have become popular in They understand the challenges of adapting these new roles in traditional organizational structures. - [[LG-6-2]] ==== LG 6-2: Understand Ways to Create Scalable and Highly Reliable Systems @@ -69,14 +80,27 @@ They are familiar with the possibilities of automation and understand how this c They understand the difference between infrastructure configuration and provisioning, as well as established practices for infrastructure management. [[LG-6-4]] -==== LG 6-4: Differentiate and Understand Different Abstraction Layers of Container Managers +==== LG 6-4: Understand the Fundamental Principles of Permissions Management + +Software architects understand the importance and implementation of the least privilege principle in cloud environments. +They understand the need to grant each user and service account only the minimum permissions required to perform their specific tasks. + +They can name the following challenges: + +* Automated roll-out of permissions settings +* Managing consistent permissions in a hybrid/multi-cloud setup +* Striking a balance between least-privilege and autonomous development teams +* Enforcement of compliance requirements in permissions management, e.g. via policy enforcement + +[[LG-6-5]] +==== LG 6-5: Differentiate and Understand Different Abstraction Layers of Container Managers Software architects are aware that container managers can extend the basic functionality of container orchestration tools. They are familiar with the use cases for container managers and can differentiate their abstraction layers. -[[LG-6-5]] -==== LG 6-5: Understand Resource Sizing Calculation Methods +[[LG-6-6]] +==== LG 6-6: Understand Resource Sizing Calculation Methods Software architects are familiar with methods for calculating resource requirements for: From 9f64926dd15aced2facc6d8b42494a71b8ce2378 Mon Sep 17 00:00:00 2001 From: Anja Kammer Date: Mon, 11 Mar 2024 15:55:13 +0100 Subject: [PATCH 2/3] adjust changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f50644c..c4a251d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - definition, methods, and challenges of Site Reliability Engineering - DevOps, DevSecOps, and SRE - Abstraction Layers of Container Managers +- Permissions Management ## Added/Changed wording From 78e8e12275863766a43ace7545b82ed99a78f2c7 Mon Sep 17 00:00:00 2001 From: Anja Kammer Date: Thu, 4 Apr 2024 13:53:14 +0200 Subject: [PATCH 3/3] bring back observability in chapter 6 --- .../01-duration-terms.adoc | 4 +-- .../02-learning-goals.adoc | 30 +++++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/docs/06-Automation-and-Operation/01-duration-terms.adoc b/docs/06-Automation-and-Operation/01-duration-terms.adoc index c15aaad..51f5f80 100644 --- a/docs/06-Automation-and-Operation/01-duration-terms.adoc +++ b/docs/06-Automation-and-Operation/01-duration-terms.adoc @@ -4,7 +4,7 @@ |=== === Begriffe und Konzepte -DevOps, DevSecOps, Site Reliability Engineering (SRE), Konfiguration, Provisionierung, Infrastructure as Code, Cloud Provider APIs, Berechtigungsverwaltung, Abstraktionsebenen von Container-Managern, Berechnung Verfügbarkeit, Berechnung Cluster Größe +DevOps, DevSecOps, Site Reliability Engineering (SRE), Konfiguration, Provisionierung, Infrastructure as Code, Cloud Provider APIs, Berechtigungsverwaltung, Abstraktionsebenen von Container-Managern, Berechnung Verfügbarkeit, Logging, Monitoring, Metriken, Distributed Tracing, Time Series Queries, Alerting, Berechnung Cluster Größe // end::DE[] // tag::EN[] @@ -13,7 +13,7 @@ DevOps, DevSecOps, Site Reliability Engineering (SRE), Konfiguration, Provisioni |=== === Terms and Principles -DevOps, DevSecOps, Site Reliability Engineering (SRE), configuration, provisioning, Infrastructure as Code, Cloud Provider APIs, Permissions Management, abstraction levels of container manager, calculate availability, calculate cluster size +DevOps, DevSecOps, Site Reliability Engineering (SRE), configuration, provisioning, Infrastructure as Code, Cloud Provider APIs, Permissions Management, abstraction levels of container manager, calculate availability, logging, monitoring, metrics, distributed tracing, time series queries, alerting, calculate cluster size // end::EN[] diff --git a/docs/06-Automation-and-Operation/02-learning-goals.adoc b/docs/06-Automation-and-Operation/02-learning-goals.adoc index a4e0f02..aa10432 100644 --- a/docs/06-Automation-and-Operation/02-learning-goals.adoc +++ b/docs/06-Automation-and-Operation/02-learning-goals.adoc @@ -46,7 +46,20 @@ Softwarearchitekt:innen wissen, dass sich durch Container-Manager die Grundfunkt Sie kennen die Einsatzmöglichkeiten vom Container-Managern und können ihre Abstraktionsebenen unterscheiden. [[LZ-6-6]] -==== LZ 6-6: Berechnungsmethoden zur Dimensionierung von Ressourcen kennen +==== LZ 6-6: Wege der Beobachtbarkeit von verteilten Applikationen kennen + +Softwarearchitekt:innen wissen, dass es durch die verteilte Ausführung von Prozessen neue Herausforderungen an die Beobachtbarkeit verteilter Applikationen gibt. + +Sie kennen die besonderen Rahmenbedingungen verteilter Anwendung und den Einfluss auf die Beobachtbarkeit mittels: + +* Monitoring/Metriken und Alerting +* Logging +* Distributed Tracing + +Sie kennen Wege und Verantwortlichkeiten zur Erstellung möglichst fehlervorhersagenden Time Series Queries für Alerts. + +[[LZ-6-7]] +==== LZ 6-7: Berechnungsmethoden zur Dimensionierung von Ressourcen kennen Softwarearchitekt:innen kennen Methoden zur Berechnung des Ressourcenbedarfs für: @@ -100,7 +113,20 @@ Software architects are aware that container managers can extend the basic funct They are familiar with the use cases for container managers and can differentiate their abstraction layers. [[LG-6-6]] -==== LG 6-6: Understand Resource Sizing Calculation Methods +==== LG 6-6: Understanding approaches for observability of distributed applications + +Software architects know that the distributed execution of processes presents new challenges for observability of distributed applications. + +They understand the unique conditions of distributed applications and their impact on observability through: + +* Monitoring/metrics and alerting +* Logging +* Distributed tracing + +They are familiar with approaches and responsibilities for creating predictive time series queries for alerts. + +[[LG-6-7]] +==== LG 6-7: Understand Resource Sizing Calculation Methods Software architects are familiar with methods for calculating resource requirements for: