CS7504 Assignment 2 -Security for DevOps Solution

Assessment Guidelines
 You are required to submit an electronic copy of your short video, source code and assignment documentation.
 Create a project folder called CS7504_Assignment2_FirstName_LastName, where you will place all your files and code. Remember to zip this folder before submitting it to the Assignment 1 submission box in the CS7504 Moodle course page.
Late Work & Extension
 Lecturers reserve the right not to mark work that is handed in late.
Pass Requirements
 All Assignments must be attempted.
 Achieve an average of 50% or above over all assessments.

Assignment 2 Objectives:
This assignment aims to allow the learners to:
 Evaluate the appropriate automation strategy for a selected scenario
 Implement a properly designed and configured Continuous Integration and Continuous Deployment (CI/CD) pipeline.
 Develop a simple software that utilises the DevOps methodology and practices
 Implement a security feature in the DevOps process
Task 1: Developing a simple software, implementing, and configuring the CI/CD Pipeline with an appropriate automation strategy for the Docker and Kubernetes scenario.

1. Using Azure DevOps, Source Code Management System and Azure Services, you should be able to deploy the .NET application on the Azure Kubernetes Services (AKS) through Azure CI/CD.

b. Ensure that you have already configured the required tools with Git/GitHub and Azure Repos before starting the software development.
d. Your main folder should have 2 subfolders – app and manifests.
e. Your app subfolder should have the main application which you have developed and Dockerfile.
f. The manifests subfolder should have the appropriate .yaml files.
g. You should be able to Push the changes to the Azure Repos or any remote repository of your choice.
h. Ensure that you have correct services created in a Resource Group in Azure Portal to build and push the Image to the private registry (ACR) and to deploy the application to Kubernetes cluster.

k. After the build, you should see the deploy stage getting triggered automatically. The development stage should be green indicating that Build is succeeded.
l. You should be able to publish an artifact.
m. The deploy stage should be blue and show that it’s pending for approval.





n. Using Azure Portal, you should integrate the kubectl using the CLI commands.
o. Provide evidence of the commands which were executed. (Hint: use Azure
PowerShell Command Shell instead of Bash shell for all the commands)
p. You should be able to watch the status of the pods and services in Kubernetes cluster using the kubectl commands.
q. You should be able to view your Web Application using the External IP address that was generated by the Deploy stage and the kubectl services command.

r. You should be able to provide evidence when you execute the Web locally as shown below.



s. Another evidence would be when the Web Application is deployed in the Kubernetes Cluster with the EXTERNAL IP address.




t. Perform the SCM collaboration practices and make changes in the code. Make a commit to the code on the local repository and pushes it to the remote repository or you can make a straight change in the remote file and Commit. u. Committing the change in the .NET application should automatically trigger a build, publish an artifact and again ask for approval before deploying. v. Evidence for the number of images getting created with a unique in the Azure Container Registries (ACR) repository.
w. Provide a short video showing that these practices were followed
accordingly. (Please see the Assignment Requirements section for more details.)








Task 2: Discussing and Implementing Security (Research Work)
1. DevSecOps
a) Discuss a five-step process to successfully implement DevSecOps.
b) DevSecOps talks about six best practices. Select one of the best practices and discuss how it can help your organization successfully integrate DevSecOps into its daily operations.
2. Hashicorp’s Vault
a) Managing Secrets and protecting sensitive data. Explain how HashiCorp Vault works.


(2000-3000 words)

Assignment Requirements
Below is your checklist to be completed before you submit your Assignment 2.

Deliverables Completed
 Short Video with your commentary.
- Your video should NOT be more than 30 minutes.
- The video should only contain your voice. It is your choice if you wish to appear in the video.
 Source Code / YAML files / Docker file
 A project documentation containing:
- Description of the scenario where DevOps process can be implemented
- Screenshots to be provided in the documentation wherever it is mentioned that evidence is required.
- Constraints (Limitations / Errors) you came across and strategies applied to solve it.
 DevSecOps documentation (2000 – 3000 words)
Format
 You are required to present your assessment in a report format. Therefore, you will need to include a title page, an executive summary a table of contents, a conclusion and a reference list (use APA referencing).
Assignment 2 Marking Scheme

• Part 1 – Designing CI/CD Pipeline 60
- Software Application, Docker & YAML files. 3+3+4
- Configured the remote repo and link to repo 2
- Building pipeline in Azure DevOps using correct template or tasks. 5
- Successful Build and Deployment 8
- Evidence of image pushed to ACR 5
- Integration of kuebctl in Azure Portal Powershell. 5
- Evidence of the pods and service running from Azure Portal Powershell using the kubectl commands
5
- Evidence of making a commit
- Executed an automatic trigger to the Build and publish of an artifact
- Evidence of the deploy stage in blue before permitting the approval
- Successful Deployment to the EXTERNAL IP address. 5
- Explanation of constraints (Limitations / Errors) you came across and strategies applied to solve it. 5
- Short Video 10
• Part 2 DevSecOps 35
- Discussion of the five-step process in DevSecOps 10
- Integration of one of the practices in DevSecOps 15
- Working of HashiCorp’s Vault
10
• Overall format (including references)
5
Total 100