jouni.rosenlof@jrcomplex.fi

Kubernetes

"Complex World Needs Simple Solutions"

Kubernetes and I

I have over 22 years of experience with production level Linux and opensource systems. I have worked with many virtualization technologies, all major Linux variants, high availability clustering, cluster filesystems, security and hardening and many more. I’m infrastructure and security specialist, not application developer but I have also developed many infrastructure related applications (bash, expect, python, perl, go etc.).

In my project 2018 – 2020 I made whole transformation from old virtualhost based monolithic infrastructure to new K8s DevOps CI/CD container infrastructure. I personally designed the whole new architecture, at that time that company did not have any other ICT resources than me.

I was also CIO, so I had invite tenders for new service provider, created selection criteria, selected service provider and negotiated all service and SLA agreements with them. After that I started to create new automated infrastructure as code to Vmware private cloud. I created multiple K8s clusters, also K8s high availability versions and automated all installations with Terraform and Ansible. I created production container Pods K8s yaml files and designed K8s storage solutions.

I created DevOps pipeline between GitHub and K8s with Argo CD, but I also tested Jenkins CI/CD. Instead of having K8s integrated CI with Jenkins I chose external cloud CI service. After having all DevOps components in place I created K8s monitoring systems with Prometheus, Alertmanager, Grafana and Nagios. In March 2020 I was responsible person in datacenter switchover project where customer production systems were transferred to new datacenter.

After switchover I was administering all K8s clusters, I deployed and tested external Ceph storage and K8s internal Rook Ceph storage and designed advaced Pod yaml configurations. I tested Helm charts, StorageOS, Rancher Labs tools, Aqua Security K8s tools and many more. I automated system installation (droplet) to Digitalocean cloud with Ansible.

I did K8s docker, Kubelet and kernel parameter tuning and I have deep understanding of different K8s runtime options, advanced configuration and security. I created custom made Haproxy K8s container for my client for finnish goverment healthcare professional client certificate authentication, created Fluentd Pod logs collection solution, ssh 2fa solutions for tunneling Dashboards from K8s and many more. I created custom gpg solution for delivering secrets and configmaps to K8s.

I automated installation of every K8s component I mentioned in this article with Ansible: in 30 minutes you could have fully operational production cluster with every K8s component and configuration in place.

I’m interested about infrastructure, Kubernetes, DevOps, container etc. projects, so please don’t hesitate to contact me 🙂 For more information, please checkout my LinkedIn profile. You can read my articles about Kubernetes from my blog.

Vuosikymmenten kokemus it-infrastruktuureista

Minulla on vuosikymmenten kokemus it-infrastruktuurien suunnittelusta, rakentamisesta, operoinnista ja tietoturvasta hyödyntäen avoimen lähdekoodin teknologioita.

Olen asentanut ja ylläpitänyt useita korkean käytettävyyden klusteri- ja pilviratkaisuita, virtuaaliratkaisuita olen migroinut täysin eri teknologia-alustalta toiseen ja olen toimittanut useita tietoturvallisia palvelinratkaisuita niin B2B-yrityksille kuin valtionhallinnon organisaatioille.

Kubernetes ylläpitoa ja hallintaa olen tehnyt useamman vuoden ajan. Olen vastannut Valuecode Oy:n SaaS-palvelun it-infrastruktuurin modernisoinnista ja Kubernetes-orkestroinnin käyttöönotosta.

Contact: