Foggy Cloud Architect2018 - 2019Virgin Australia
Technologies: VMWare, AWS, Windows Containers, Kubernetes, Java, Node.js, Nix, SonarQube, Ansible
- Chose Node.js to the primary language choice for cloud architected services.
- Built a cloud-agnostic starter kit (Github.com/sotekton/agnostic) enabling 100% code coverage and a 250% increase in development speed.
- Enabled zero-impact deployments via a microservice-optimized internal and external service backward compatibility.
- Upgraded the system to a more container-aware security type of technology.
- Ensured PII and PCI compliance against practices.
- Developed secure containers via a just-enough-operating system (JeOS) for development and production environments.
- Implemented centralized logging via the establishment of a common log format.
- Established autonomic environments for developers and continuous integration and production lines via Nix.
- Implemented Kubernetes as an orchestrator.
- Reduced cluster operating costs by 20% and container image download time by 90% via a graph-based popularity contest for Nix container layers.
Foggy Cloud Architect2018 - 2019Cyvive
Technologies: LinuxKit, Kubernetes, Nix, AWS, GCP, Bare Metal, CSI, CNI, Continuous Delivery, Governance, Prioritized Graph, Node.js, Go, LFS, Alpine, VMWare, KataContainers, Zero Trust, HashiCorp, Consul, Nomad
- Managed microservice dependency so that any part of an organization dependency tree could be extracted and developed against in development (private or shared).
- Implemented a just-enough-Linux (JeOS) approach for a host operating system via LinuxKit.
- Isolated the Kubernetes and system workloads.
- Removed TTY and SSH removed from modes as it was unnecessary in IaaC.
- Used KataContainers for VM Isolation capabilities between containers.
- Implemented multi-cluster and namespace networking isolation.
- Migrated from transparent node to node encryption so that developers could safely use HTTP for microservices.
- Enforced policy that without a mesh network, fallback to (legacy) ISTIO would be supported.
- Implemented shadow traffic replication for production-like environments following the process from production to its resulting performance. This enabled defect detection prior to a true production release.
- Provided on-demand AZ or instance-type upgrade options; companies also chose when to upgrade their cloud.
- Handled the automatic healing and resizing of the control plane.
- Performed ETCD persistence and recovery.
- Constructed an infrastructure on demand for all environments (namespaces) as a per-hour-billing solution.
- Developed multiple Kubernetes clusters in a way so that it could be managed by one person per cloud provider.
- Built microservices to be able to move between geographically dispersed data centers seamlessly.
Foggy Cloud Architect2017 - 2018Max Gaming (Tatts Australia)
Technologies: Node.js, Kubernetes, CNI, CSI, Terraform, Linux (All), LinuxKit, AWS, GCP, MongoDB, Go, Cyvive, Istio, Cilium
- Built disposable developer environments on-demand with sample data and microservice dependency management via Cyvive.
- Uplifted to container-aware security technology.
- Conducted education sessions where we deep dove into Kubernetes and containerization vulnerabilities and how to secure them.
- Replaced HashiCorp Vault with GitOps friendly secret encryption for public repositories via a provider key management system.
- Handled a hybrid multi-cloud implementation of Kubernetes spanning multiple on-premises data centers and AWS regions. As disaster recovery and business continuity were a critical concern of Max Gaming, it was necessary to prove applications are capable of continued operation despite cloud provider or region failure.
- Lessened in-cluster data redundancy with S3 incremental synchronization.
- Implemented IaaC via Terraform controlled provision for AWS and GCP with all security hardening, networking, and network optimizations enabled.
- Replaced Istio with Cilium, a more secure IPv6 compatible hybrid-cloud alternative.
Foggy Cloud Architect2017 - 2017Cook Medical
Technologies: Azure, GCP, AWS, Bare Metal, Kubernetes, Consul
- Fulfilled the needs of globally distributed manufacturing facilities (which were operating on various clouds) by transparently stitching them together—ensuring microservice reallocation and service discovery.
- Chose and integrated HashiCrop's Consul along with technology from eBay which ensured a global datacenter-aware service discovery approach with dynamic bridging tunnels automatically established between Kubernetes clusters.
Foggy Cloud Architect2017 - 2017Flight Centre
Technologies: Java, AWS, Kubernetes, Bash, Linux (All), Go, Infinispan
- Developed stateful services that were available in-cluster 12 months ahead of any kind of official Kubernetes support.
- Established disposable developer environments on-demand with sample data and microservice-dependency management via Cyvive.
- Upgraded to more container-aware security technology type.
- Approved CoreOS as a suitable container host operating system.
- Implemented GitOps friendly secret encryption for public repositories via a provider key management System.
- Created an SM, PCI, & PII compliance-directed design, enabling a reduction in external audit frequency.
- Installed clusters and all applications started within 60 minutes, enabling for the first time a fixed cost for disaster recovery.
- Implemented IaaC via a Terraform controlled provision for AWS & GCP with all security hardening, networking, and network optimizations enabled.
- Pioneered the concept of production and everything else via namespace isolation which reduced the infrastructure operating costs by 50% without sacrificing security or compliance.
Foggy Cloud Architect2016 - 2016Vodafone Hutchinson, ING Direct, and National Australia Bank
Technologies: Bare Metal, AWS
- Implemented operating system and application level automation without rooting mobile devices.
- Integrated CI/CD with existing toolsets.
- Incorporated co-located data-centers with the telecommunication equipment and bank-level security.
- Implemented VPN capabilities as required on mobile devices.
- Constructed on-demand tunnels between the cloud providers and a device data center.
Foggy Cloud Architect2014 - 2016Containerized WordPress Hosting
Technologies: Docker, Bare Metal, AWS, Linux (All), Kubernetes, WordPress, PHP, SQLite, MySQL, Consul, GlusterFS
- Rearchitected WordPress from its legacy status to be 12-factor compliant—enabling native container adoption and the core performance necessary to run as the platforms scale.
- Automated the detection of real users vs spambots for registration, which increased the business value of clients websites and reduced overhead costs of contacting many false users.
- Prevented zero-day exploits—which are frequent and of strong concern in WordPress—by having a fully automatic daily production release testing and deployment system for all client websites so that the client brand's reputation was maintained.
- Secure websites against hacking, including actively attacked client websites.
- Advocated early on for the adoption of containerization, entire infrastructure from CI to CD-used containers.
- Empowered individual websites on the cluster to be able to handle 1 billion hits per month without caching; the most complex running up to 160,000 lines of PHP code on 512 MB servers.