Bob Clarke
Verified Expert in Engineering
Platform Engineer, DevOps Engineer, and Developer
London, United Kingdom
Toptal member since March 15, 2021
Bob is a highly experienced DevOps and platform engineer with a track record of designing and implementing large-scale, production-strength infrastructure for investment banks and other large enterprises. He has particular expertise in Kubernetes, Istio service mesh, Azure Cloud, Infrastructure-as-Code, TCP/IP networking, automation, continuous integration, and performance tuning. Bob has experience working within large digital transformation programs as well as small greenfield projects.
Portfolio
Experience
- TCP/IP - 20 years
- IT Infrastructure - 20 years
- Linux - 16 years
- CI/CD Pipelines - 7 years
- Azure - 5 years
- Kubernetes - 5 years
- Terraform - 5 years
- Istio - 3 years
Availability
Preferred Environment
Linux, Terraform, Kubernetes, Istio, Azure, Envoy Proxy, Python, DevOps, Network Engineering, Web Security
The most amazing...
...solution I've delivered was a large-scale, fully automated production Kubernetes platform in Azure with Istio service mesh.
Work Experience
DevOps Lead
Dentsu International
- Implemented a large-scale production Kubernetes platform in Azure (AKS) to host my client's global data analytics platform. Implemented a service mesh on top of this (Istio) to enforce east-west and egress traffic controls.
- Built a continuous delivery and release management system to support over 25 development teams running over 120 pipelines.
- Implemented monitoring and telemetry for my client's production Kubernetes estate using Prometheus, Grafana, Loki, and Jaeger. Assisted development teams with a setup of x-b3 header propagation.
- Established standard Terraform patterns/best practices for environment builds for the global DevOps team (based on env0). Developed a library of modules for common infrastructure components.
- Implemented automatic TLS certificate renewal on Kubernetes route-to-live using Cert Manager and Let's Encrypt.
- Developed architecture patterns and engineering standards for migration to the Istio service mesh.
- Built a Kafka platform on Kubernetes, implemented internet-facing brokers via Istio ingress gateway, and implemented TLS client auth. Defined the pattern for TCP routing via SNI to allow brokers to scale without additional ports being exposed.
- Developed Open AI (LangChain) tooling to analyze and optimize the Kubernetes configuration.
Senior DevOps Engineer
Lloyds Banking Group
- Developed Splunk dashboards for platform telemetry.
- Provided support and training for the IBM UrbanCode platform.
- Built Jenkins pipeline libraries to provide a common set of functions for development teams.
- Developed automated build scripts for WebSphere Liberty.
DevOps Lead
HSBC
- Established a DevOps practice and a new team for HSBC's DTC program.
- Developed an on-demand runtime to provide each team with dedicated VM environments and CI/CD machinery.
- Established reference AWS implementation for HSBC's new UI platform.
Engineering Lead
Lloyds Banking Group
- Served as the engineering lead for LBG's UrbanCode automation program. Delivered an automation platform to provide deployment and config management for my client's retail online banking platform.
- Developed automated builds for WebSphere Application Server, DataPower, and F5 BigIP.
- Defined engineering standards (network, security, HA) for the production of the WebSphere infrastructure.
Engineering Consultant
Deutsche Bank
- Designed and built Deutsche's strategic business process management (BPM) platform for the DB Palace project.
- Developed automated builds for the BPM platform and rolled them out across route-to-live and production.
- Created an automation framework to test and release BPM workflows.
- Built a custom web-based monitoring and inventory system.
- Worked closely with development teams post-implementation to iron out operational issues.
- Produced system documentation and a runbook, carried out handovers and system sign-offs, and provided technical training for Deutsche Bank's in-house support teams.
Lead Technical Architect
PwC UK
- Designed and built a BPM platform based on IBM's business process management suite.
- Developed automated build scripts and rolled out test and production environments.
- Provided training for in-house teams and produced system runbooks for support teams.
Senior Technical Consultant
Fidelity International
- Served as the tech lead for the migration of the Fidelity FundsNetwork platform from WebSphere version 4.0 to 6.1.
- Developed an automation framework for WebSphere Application Server builds.
- Designed and developed a browser-based inventory tool that provided a dynamic view of server utilization, configuration, and software inventory across the server estate.
- Carried out day-to-day systems administration, support, and monitoring.
Market Data Specialist
Tullett Prebon
- Implemented the Reuters Market Data System (RMDS) platform and migrated 400 trading floor positions from the legacy system.
- Created automated build and configuration management scripts for the platform.
- Developed tooling for monitoring key systems metrics and usage data.
Market Data Specialist
Dresdner Kleinwort Wasserstein
- Provided design and engineering services for in-house development teams to interface with the Reuters platform.
- Provided operational support, monitoring, tuning, and upgrades for the Reuters platform.
- Developed tooling for market data usage and cost reporting.
Market Data Specialist
NatWest Markets
- Migrated the existing Reuters platform infrastructure from a standalone network to my client's corporate LAN.
- Co-designed and developed a browser-based monitoring and management tooling using Perl/CGI.
- Provided day-to-day support for trading floor users.
RMDS and Trading Desk Support Engineer
Merrill Lynch
- Provided technical support for traders for their Reuters feeds.
- Provided operational support for the on-site Reuters Market Data System and its data feeds.
- Carried our upgrades to the on-site Reuters Market Data System.
Systems Installations Engineer
Thomson Reuters
- Carried out full system installations and rollouts of the Reuters Market Data System to clients' trading floors.
- Provided post-installation support for RMDS systems.
- Delivered post-installation training to clients' in-house support teams.
Field Service Engineer
Dow Jones and Company
- Provided technical support for Dow Jones Telerate products on client sites.
- Provided upgrades and maintenance for Dow Jones Telerate products on client sites.
- Provided training to client teams in relation to Dow Jones Telerate products.
Experience
Large-scale Production Kubernetes Platform
As part of this project, I designed and automated the build of a new internet landing zone based on Azure Application Gateway and migrated to this from my client's legacy F5-based system.
I automated TLS certificate creation and renewals using Let's Encrypt and implemented system-wide monitoring and logging using Prometheus, Grafana, and Loki.
I also set up a CI/CD toolchain to support a global team of approximately 200 developers, and I automated all builds using Terraform. During the project, I established and documented a set of IaC standards for adoption by other engineering teams.
Production Kafka Platform
Automating Kafka and its related components was fairly straightforward. We chose Confluent Kafka and this came with a set of Helm charts. I needed to modify these Helm charts as they did not ship with Ingress resources (which I needed in order to comply with our existing Kubernetes Ingress standards). This being the case, I forked the chart code and hosted the packaged charts on our internal Chart Museum service.
The biggest and most interesting challenge was exposure to the internet via Kubernetes Ingress. Although the patterns were available in the community for exposing Kafka endpoints to the internet via Kubernetes services, there did not appear to be any existing patterns for doing so via Kubernetes Ingress. With this in mind, I set about forming a new pattern that leveraged Nginx TCP services. This worked very well, so I formalized the pattern with our architecture team and automated the build with Terraform.
Istio Rollout to Production
• Granular, policy-based network controls (east-west and egress)
• JWT validation at Ingress Gateway
• Transport encryption between pods
• Telemetry
I was the technical lead for the project; the key challenges I had to overcome were as follows:
• Migration of Ingress resources to Virtual Services in 200+ existing Helm charts
• Cutover from Ingress controllers to Istio Ingress Gateway
• Auditing services that would be MESH_EXTERNAL and configuring necessary Istio ServiceEntry's
• Developing a Terraform module for Istio deployment
• Updating Helm charts for Kubernetes Jobs to ensure Istio sidecar exit
• Integration of Kiali with existing Prometheus estate
Skills
Tools
Terraform, Helm, Istio, Azure Application Gateway, Envoy Proxy, Azure Kubernetes Service (AKS), Ansible, GitHub, Jenkins, Docker Compose, Grafana, Splunk, HashiCorp Vault, Loki, Tcpdump, Wireshark, SunOS, Apache Tomcat, Azure Web Application Firewall, MongoDB Atlas, Zsh
Paradigms
DevOps
Platforms
Kubernetes, Docker, Linux, Unix, IBM WebSphere, Azure, Apache Kafka, Solaris, JBoss
Languages
Python, Java, Go, Bourne Shell
Frameworks
Hadoop
Storage
MongoDB, PostgreSQL, Redis, Apache Hive
Other
Infrastructure as Code (IaC), TCP/IP, CI/CD Pipelines, Shell Scripting, IT Infrastructure, Transport Layer Security (TLS), PKI, Containers, Container Orchestration, Network Engineering, Strategic Planning, DNS, Web Security, Prometheus, Distributed Tracing, Env0, Infrastructure, UNIX Utilities, PDP-11, X.25, F5 Networks, IBM Business Process Definitions (BPD), Strapi, Azure Databricks
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring