Bob Clarke, Developer in London, United Kingdom
Bob is available for hire
Hire Bob

Bob Clarke

Verified Expert  in Engineering

Platform Engineer, DevOps Engineer, and Developer

London, United Kingdom

Toptal member since March 15, 2021

Expertise
System SecurityUnixLinuxDevOpsDockerTerraformKubernetesWeb DevelopmentAzureDNSGitHubJenkinsAnsiblePython
Bio

Bob is a highly experienced DevOps and platform engineer with a track record of designing and implementing large-scale, production-strength infrastructure for investment banks and other large enterprises. He has particular expertise in Kubernetes, Istio service mesh, Azure Cloud, Infrastructure-as-Code, TCP/IP networking, automation, continuous integration, and performance tuning. Bob has experience working within large digital transformation programs as well as small greenfield projects.

Portfolio

Dentsu International
Kubernetes, Terraform, Helm, Azure, Apache Kafka, CI/CD Pipelines, TCP/IP...
Lloyds Banking Group
Ansible, Splunk, Kubernetes, Linux, Terraform, Helm, TCP/IP, CI/CD Pipelines...
HSBC
Ansible, Docker, TCP/IP, PKI, Linux, CI/CD Pipelines...

Experience

  • TCP/IP - 20 years
  • IT Infrastructure - 20 years
  • Linux - 16 years
  • CI/CD Pipelines - 7 years
  • Azure - 5 years
  • Kubernetes - 5 years
  • Terraform - 5 years
  • Istio - 3 years

Availability

Part-time

Preferred Environment

Linux, Terraform, Kubernetes, Istio, Azure, Envoy Proxy, Python, DevOps, Network Engineering, Web Security

The most amazing...

...solution I've delivered was a large-scale, fully automated production Kubernetes platform in Azure with Istio service mesh.

Work Experience

DevOps Lead

2018 - PRESENT
Dentsu International
  • Implemented a large-scale production Kubernetes platform in Azure (AKS) to host my client's global data analytics platform. Implemented a service mesh on top of this (Istio) to enforce east-west and egress traffic controls.
  • Built a continuous delivery and release management system to support over 25 development teams running over 120 pipelines.
  • Implemented monitoring and telemetry for my client's production Kubernetes estate using Prometheus, Grafana, Loki, and Jaeger. Assisted development teams with a setup of x-b3 header propagation.
  • Established standard Terraform patterns/best practices for environment builds for the global DevOps team (based on env0). Developed a library of modules for common infrastructure components.
  • Implemented automatic TLS certificate renewal on Kubernetes route-to-live using Cert Manager and Let's Encrypt.
  • Developed architecture patterns and engineering standards for migration to the Istio service mesh.
  • Built a Kafka platform on Kubernetes, implemented internet-facing brokers via Istio ingress gateway, and implemented TLS client auth. Defined the pattern for TCP routing via SNI to allow brokers to scale without additional ports being exposed.
  • Developed Open AI (LangChain) tooling to analyze and optimize the Kubernetes configuration.
Technologies: Kubernetes, Terraform, Helm, Azure, Apache Kafka, CI/CD Pipelines, TCP/IP, Linux, DevOps, Grafana, Prometheus, Infrastructure as Code (IaC), Docker, Loki, GitHub, Transport Layer Security (TLS), PKI, Distributed Tracing, Env0, Containers, Container Orchestration, Envoy Proxy, Istio, HashiCorp Vault, Strategic Planning, Python, Wireshark, Tcpdump, Infrastructure, IT Infrastructure, Azure Application Gateway, DNS, F5 Networks, Jenkins, Azure Kubernetes Service (AKS), Network Engineering, Web Security, MongoDB, PostgreSQL, Redis, Strapi, Azure Web Application Firewall, Ansible, MongoDB Atlas, Apache Hive, Azure Databricks, Hadoop, Go, Docker Compose, Bourne Shell, Zsh

Senior DevOps Engineer

2017 - 2018
Lloyds Banking Group
  • Developed Splunk dashboards for platform telemetry.
  • Provided support and training for the IBM UrbanCode platform.
  • Built Jenkins pipeline libraries to provide a common set of functions for development teams.
  • Developed automated build scripts for WebSphere Liberty.
Technologies: Ansible, Splunk, Kubernetes, Linux, Terraform, Helm, TCP/IP, CI/CD Pipelines, Docker, DevOps, Infrastructure as Code (IaC), GitHub, Transport Layer Security (TLS), PKI, Container Orchestration, Containers, Infrastructure, IT Infrastructure, Wireshark, Tcpdump, DNS, Jenkins

DevOps Lead

2016 - 2017
HSBC
  • Established a DevOps practice and a new team for HSBC's DTC program.
  • Developed an on-demand runtime to provide each team with dedicated VM environments and CI/CD machinery.
  • Established reference AWS implementation for HSBC's new UI platform.
Technologies: Ansible, Docker, TCP/IP, PKI, Linux, CI/CD Pipelines, Transport Layer Security (TLS), Shell Scripting, DevOps, Infrastructure as Code (IaC), GitHub, Strategic Planning, Wireshark, Tcpdump, Infrastructure, IT Infrastructure, DNS, Jenkins, Network Engineering

Engineering Lead

2014 - 2016
Lloyds Banking Group
  • Served as the engineering lead for LBG's UrbanCode automation program. Delivered an automation platform to provide deployment and config management for my client's retail online banking platform.
  • Developed automated builds for WebSphere Application Server, DataPower, and F5 BigIP.
  • Defined engineering standards (network, security, HA) for the production of the WebSphere infrastructure.
Technologies: Linux, TCP/IP, CI/CD Pipelines, Transport Layer Security (TLS), Shell Scripting, PKI, DevOps, Infrastructure as Code (IaC), GitHub, Unix, UNIX Utilities, Strategic Planning, IT Infrastructure, Infrastructure, F5 Networks, DNS, Wireshark, Tcpdump, Network Engineering

Engineering Consultant

2012 - 2013
Deutsche Bank
  • Designed and built Deutsche's strategic business process management (BPM) platform for the DB Palace project.
  • Developed automated builds for the BPM platform and rolled them out across route-to-live and production.
  • Created an automation framework to test and release BPM workflows.
  • Built a custom web-based monitoring and inventory system.
  • Worked closely with development teams post-implementation to iron out operational issues.
  • Produced system documentation and a runbook, carried out handovers and system sign-offs, and provided technical training for Deutsche Bank's in-house support teams.
Technologies: PKI, Linux, TCP/IP, Transport Layer Security (TLS), Shell Scripting, Unix, UNIX Utilities, IBM Business Process Definitions (BPD), IT Infrastructure, Infrastructure, Tcpdump, IBM WebSphere, Java, Network Engineering

Lead Technical Architect

2010 - 2012
PwC UK
  • Designed and built a BPM platform based on IBM's business process management suite.
  • Developed automated build scripts and rolled out test and production environments.
  • Provided training for in-house teams and produced system runbooks for support teams.
Technologies: TCP/IP, IBM Business Process Definitions (BPD), IT Infrastructure, Infrastructure, DNS, Java

Senior Technical Consultant

2004 - 2010
Fidelity International
  • Served as the tech lead for the migration of the Fidelity FundsNetwork platform from WebSphere version 4.0 to 6.1.
  • Developed an automation framework for WebSphere Application Server builds.
  • Designed and developed a browser-based inventory tool that provided a dynamic view of server utilization, configuration, and software inventory across the server estate.
  • Carried out day-to-day systems administration, support, and monitoring.
Technologies: Linux, TCP/IP, Shell Scripting, Unix, UNIX Utilities, DNS, IT Infrastructure, Infrastructure, IBM WebSphere, JBoss, Apache Tomcat, Network Engineering

Market Data Specialist

2004 - 2004
Tullett Prebon
  • Implemented the Reuters Market Data System (RMDS) platform and migrated 400 trading floor positions from the legacy system.
  • Created automated build and configuration management scripts for the platform.
  • Developed tooling for monitoring key systems metrics and usage data.
Technologies: TCP/IP, Shell Scripting, Unix, IT Infrastructure, Infrastructure

Market Data Specialist

1998 - 2004
Dresdner Kleinwort Wasserstein
  • Provided design and engineering services for in-house development teams to interface with the Reuters platform.
  • Provided operational support, monitoring, tuning, and upgrades for the Reuters platform.
  • Developed tooling for market data usage and cost reporting.
Technologies: Shell Scripting, Unix, TCP/IP, Solaris, IT Infrastructure, Infrastructure

Market Data Specialist

1996 - 1998
NatWest Markets
  • Migrated the existing Reuters platform infrastructure from a standalone network to my client's corporate LAN.
  • Co-designed and developed a browser-based monitoring and management tooling using Perl/CGI.
  • Provided day-to-day support for trading floor users.
Technologies: Solaris, Infrastructure, Unix, TCP/IP, UNIX Utilities, DNS

RMDS and Trading Desk Support Engineer

1996 - 1996
Merrill Lynch
  • Provided technical support for traders for their Reuters feeds.
  • Provided operational support for the on-site Reuters Market Data System and its data feeds.
  • Carried our upgrades to the on-site Reuters Market Data System.
Technologies: Unix, UNIX Utilities, Solaris, Shell Scripting, TCP/IP, IT Infrastructure, Infrastructure

Systems Installations Engineer

1994 - 1996
Thomson Reuters
  • Carried out full system installations and rollouts of the Reuters Market Data System to clients' trading floors.
  • Provided post-installation support for RMDS systems.
  • Delivered post-installation training to clients' in-house support teams.
Technologies: Unix, UNIX Utilities, Shell Scripting, SunOS, Solaris, TCP/IP, IT Infrastructure, Infrastructure

Field Service Engineer

1991 - 1994
Dow Jones and Company
  • Provided technical support for Dow Jones Telerate products on client sites.
  • Provided upgrades and maintenance for Dow Jones Telerate products on client sites.
  • Provided training to client teams in relation to Dow Jones Telerate products.
Technologies: PDP-11, X.25, IT Infrastructure, Infrastructure

Experience

Large-scale Production Kubernetes Platform

I was the technical lead for a project to build a large-scale Kubernetes platform (approx 30 clusters) on Azure (AKS).

As part of this project, I designed and automated the build of a new internet landing zone based on Azure Application Gateway and migrated to this from my client's legacy F5-based system.

I automated TLS certificate creation and renewals using Let's Encrypt and implemented system-wide monitoring and logging using Prometheus, Grafana, and Loki.

I also set up a CI/CD toolchain to support a global team of approximately 200 developers, and I automated all builds using Terraform. During the project, I established and documented a set of IaC standards for adoption by other engineering teams.

Production Kafka Platform

The requirement was to implement an automated, scalable, and resilient Kafka platform to be hosted on Kubernetes (AKS). Another requirement was that the Kafka broker endpoints needed to be web-facing.

Automating Kafka and its related components was fairly straightforward. We chose Confluent Kafka and this came with a set of Helm charts. I needed to modify these Helm charts as they did not ship with Ingress resources (which I needed in order to comply with our existing Kubernetes Ingress standards). This being the case, I forked the chart code and hosted the packaged charts on our internal Chart Museum service.

The biggest and most interesting challenge was exposure to the internet via Kubernetes Ingress. Although the patterns were available in the community for exposing Kafka endpoints to the internet via Kubernetes services, there did not appear to be any existing patterns for doing so via Kubernetes Ingress. With this in mind, I set about forming a new pattern that leveraged Nginx TCP services. This worked very well, so I formalized the pattern with our architecture team and automated the build with Terraform.

Istio Rollout to Production

The implementation of Istio provided my client with the following new capabilities:

• Granular, policy-based network controls (east-west and egress)
• JWT validation at Ingress Gateway
• Transport encryption between pods
• Telemetry

I was the technical lead for the project; the key challenges I had to overcome were as follows:

• Migration of Ingress resources to Virtual Services in 200+ existing Helm charts
• Cutover from Ingress controllers to Istio Ingress Gateway
• Auditing services that would be MESH_EXTERNAL and configuring necessary Istio ServiceEntry's
• Developing a Terraform module for Istio deployment
• Updating Helm charts for Kubernetes Jobs to ensure Istio sidecar exit
• Integration of Kiali with existing Prometheus estate

Skills

Tools

Terraform, Helm, Istio, Azure Application Gateway, Envoy Proxy, Azure Kubernetes Service (AKS), Ansible, GitHub, Jenkins, Docker Compose, Grafana, Splunk, HashiCorp Vault, Loki, Tcpdump, Wireshark, SunOS, Apache Tomcat, Azure Web Application Firewall, MongoDB Atlas, Zsh

Paradigms

DevOps

Platforms

Kubernetes, Docker, Linux, Unix, IBM WebSphere, Azure, Apache Kafka, Solaris, JBoss

Languages

Python, Java, Go, Bourne Shell

Frameworks

Hadoop

Storage

MongoDB, PostgreSQL, Redis, Apache Hive

Other

Infrastructure as Code (IaC), TCP/IP, CI/CD Pipelines, Shell Scripting, IT Infrastructure, Transport Layer Security (TLS), PKI, Containers, Container Orchestration, Network Engineering, Strategic Planning, DNS, Web Security, Prometheus, Distributed Tracing, Env0, Infrastructure, UNIX Utilities, PDP-11, X.25, F5 Networks, IBM Business Process Definitions (BPD), Strapi, Azure Databricks

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring