Foggy Cloud Architect2018 - 2019Virgin Australia
Technologies: Amazon Web Services (AWS), Ansible, SonarQube, Unix, Node.js, Java, Kubernetes, Containers, Windows, AWS, VMware
- Chose Node.js to the primary language choice for cloud architected services.
- Built a cloud-agnostic starter kit (Github.com/sotekton/agnostic) enabling 100% code coverage and a 250% increase in development speed.
- Enabled zero-impact deployments via a microservice-optimized internal and external service backward compatibility.
- Upgraded the system to a more container-aware security type of technology.
- Ensured PII and PCI compliance against practices.
- Developed secure containers via a just-enough-operating system (JeOS) for development and production environments.
- Implemented centralized logging via the establishment of a common log format.
- Established autonomic environments for developers and continuous integration and production lines via Nix.
- Implemented Kubernetes as an orchestrator.
- Reduced cluster operating costs by 20% and container image download time by 90% via a graph-based popularity contest for Nix container layers.
Foggy Cloud Architect2018 - 2019Cyvive
Technologies: Amazon Web Services (AWS), Nomad, Consul, HashiCorp, VMware, Alpine Linux, Go, Node.js, GRAPH, Governance, Continuous Delivery (CD), Metal, Google Cloud Platform (GCP), AWS, Unix, Kubernetes
- Managed microservice dependency so that any part of an organization dependency tree could be extracted and developed against in development (private or shared).
- Implemented a just-enough-Linux (JeOS) approach for a host operating system via LinuxKit.
- Isolated the Kubernetes and system workloads.
- Removed TTY and SSH removed from modes as it was unnecessary in IaaC.
- Used KataContainers for VM Isolation capabilities between containers.
- Implemented multi-cluster and namespace networking isolation.
- Migrated from transparent node to node encryption so that developers could safely use HTTP for microservices.
- Enforced policy that without a mesh network, fallback to (legacy) ISTIO would be supported.
- Implemented shadow traffic replication for production-like environments following the process from production to its resulting performance. This enabled defect detection prior to a true production release.
- Provided on-demand AZ or instance-type upgrade options; companies also chose when to upgrade their cloud.
- Handled the automatic healing and resizing of the control plane.
- Performed ETCD persistence and recovery.
- Constructed an infrastructure on demand for all environments (namespaces) as a per-hour-billing solution.
- Developed multiple Kubernetes clusters in a way so that it could be managed by one person per cloud provider.
- Built microservices to be able to move between geographically dispersed data centers seamlessly.
Foggy Cloud Architect2017 - 2018Max Gaming (Tatts Australia)
Technologies: Amazon Web Services (AWS), Istio, Go, MongoDB, Google Cloud Platform (GCP), AWS, Linux, Terraform, Kubernetes, Node.js
- Built disposable developer environments on-demand with sample data and microservice dependency management via Cyvive.
- Uplifted to container-aware security technology.
- Conducted education sessions where we deep dove into Kubernetes and containerization vulnerabilities and how to secure them.
- Replaced HashiCorp Vault with GitOps friendly secret encryption for public repositories via a provider key management system.
- Handled a hybrid multi-cloud implementation of Kubernetes spanning multiple on-premises data centers and AWS regions. As disaster recovery and business continuity were a critical concern of Max Gaming, it was necessary to prove applications are capable of continued operation despite cloud provider or region failure.
- Lessened in-cluster data redundancy with S3 incremental synchronization.
- Implemented IaaC via Terraform controlled provision for AWS and GCP with all security hardening, networking, and network optimizations enabled.
- Replaced Istio with Cilium, a more secure IPv6 compatible hybrid-cloud alternative.
Foggy Cloud Architect2017 - 2017Cook Medical
Technologies: Amazon Web Services (AWS), Consul, Kubernetes, Metal, AWS, Google Cloud Platform (GCP), Azure
- Fulfilled the needs of globally distributed manufacturing facilities (which were operating on various clouds) by transparently stitching them together—ensuring microservice reallocation and service discovery.
- Chose and integrated HashiCrop's Consul along with technology from eBay which ensured a global datacenter-aware service discovery approach with dynamic bridging tunnels automatically established between Kubernetes clusters.
Foggy Cloud Architect2017 - 2017Flight Centre
Technologies: Amazon Web Services (AWS), JBoss Infinispan, Go, Linux, Bash, Kubernetes, AWS, Java
- Developed stateful services that were available in-cluster 12 months ahead of any kind of official Kubernetes support.
- Established disposable developer environments on-demand with sample data and microservice-dependency management via Cyvive.
- Upgraded to more container-aware security technology type.
- Approved CoreOS as a suitable container host operating system.
- Implemented GitOps friendly secret encryption for public repositories via a provider key management System.
- Created an SM, PCI, & PII compliance-directed design, enabling a reduction in external audit frequency.
- Installed clusters and all applications started within 60 minutes, enabling for the first time a fixed cost for disaster recovery.
- Implemented IaaC via a Terraform controlled provision for AWS & GCP with all security hardening, networking, and network optimizations enabled.
- Pioneered the concept of production and everything else via namespace isolation which reduced the infrastructure operating costs by 50% without sacrificing security or compliance.
Foggy Cloud Architect2016 - 2016Vodafone Hutchinson, ING Direct, and National Australia Bank
Technologies: Amazon Web Services (AWS), AWS, Metal
- Implemented operating system and application level automation without rooting mobile devices.
- Integrated CI/CD with existing toolsets.
- Incorporated co-located data-centers with the telecommunication equipment and bank-level security.
- Implemented VPN capabilities as required on mobile devices.
- Constructed on-demand tunnels between the cloud providers and a device data center.
Foggy Cloud Architect2014 - 2016Containerized WordPress Hosting
Technologies: Amazon Web Services (AWS), GlusterFS, Consul, MySQL, SQLite, PHP, WordPress, Kubernetes, Linux, AWS, Metal, Docker
- Rearchitected WordPress from its legacy status to be 12-factor compliant—enabling native container adoption and the core performance necessary to run as the platforms scale.
- Automated the detection of real users vs spambots for registration, which increased the business value of clients websites and reduced overhead costs of contacting many false users.
- Prevented zero-day exploits—which are frequent and of strong concern in WordPress—by having a fully automatic daily production release testing and deployment system for all client websites so that the client brand's reputation was maintained.
- Secure websites against hacking, including actively attacked client websites.
- Advocated early on for the adoption of containerization, entire infrastructure from CI to CD-used containers.
- Empowered individual websites on the cluster to be able to handle 1 billion hits per month without caching; the most complex running up to 160,000 lines of PHP code on 512 MB servers.