AWS DevOps Architect (with On-Prem Experience)
Experience: 7+ Years
Work Location: Delhi (Onsite)
1. Security Enhancements: VPN Setup: We require the implementation of a VPN to secure our internal networks and prevent unauthorized access. Publicly Accessible RDS: The current exposure of our database to the public poses a security risk. We need to secure this database to mitigate potential vulnerabilities. Public Jenkins Server: Our Jenkins CI server is currently accessible publicly. We need to restrict access to ensure only authorized users can interact with it. Code Quality Checks: Integration of code quality tools, such as SonarQube, is necessary for ensuring high-quality code. Hardcoded Credentials: Tools like TruffleHog or GitLeaks are required to scan our codebase for hardcoded credentials and other security vulnerabilities. Docker Running with Root Privileges: We need to address the security risk associated with Docker containers running with root privileges. Web Application Firewall (WAF) and Network Policies: Implementation of a WAF and network policies to enhance our network security posture. Certificate Management: Transition from in-pod certificate management to a more secure external solution like ACM.
2. Continuous Integration and Deployment: CI Notifications in Jenkins: We seek enhanced error tracking and notification mechanisms within Jenkins. Docker Practices: Standardization of Docker practices, including naming conventions and efficient layering, is required. Docker Configuration: Optimization of Docker files with variable-based declarations and appropriate timezone settings. Docker Build Times: Reduction of Docker build times by optimizing base images and other build practices. Build Status Notifications: Detailed build status notifications should be integrated with Slack. Manual Deployment Processes: We need to automate our continuous deployment processes to improve efficiency.
3. Kubernetes and Container Orchestration: Kubernetes Version: Upgrade our Kubernetes setup from version 1.25 to the latest version, 1.29. Default Namespace Usage: Avoid using default namespaces and adopt best practices in Kubernetes deployments. Secrets Management: Enhance secrets management by moving beyond Kubernetes’ default secrets. Horizontal Pod Autoscaling (HPA) and Vertical Pod Autoscaler (VPA): Implement HPA and VPA to enable dynamic scaling of resources. Ingress and Load Balancing: Update ingress controllers and optimize our load balancing setup. Readiness and Liveness Probes: Integrate readiness and liveness probes in Kubernetes to ensure application health. Node Labeling: Implement node labeling to improve resource management and allocation. Pre/Post Hooks in Deployments: Introduce pre/post deployment hooks for automation of deployment processes. Deployment Strategies: Expand deployment strategies to include Blue/Green and Canary deployments in addition to RollingUpdate.
4. Monitoring and Performance: Centralized Monitoring: Develop a centralized log management system to monitor logs across environments. Tracing: Implement OpenTelemetry or similar tools for comprehensive tracing of requests and performance. Profiling: Introduce performance profiling tools to monitor and optimize system performance.
5. Infrastructure Management: Infrastructure as Code (IaC): Adoption of IaC practices to improve disaster recovery capabilities and overall infrastructure management. Uptime Alerts for APIs: Establish monitoring and alerting mechanisms for API availability. Role-Based Access Control (RBAC) in Kubernetes: Implement RBAC to enforce access control policies in Kubernetes. Resource Naming Standards: Enforce consistent naming conventions for resources to improve manageability. Node Utilization: Address issues related to over or underutilization of nodes. Branching Strategy: Define and adopt a standardized branching strategy for better code management. Multicloud and Multi-Architecture Support: Explore and support multicloud and multi-architecture environments to enhance flexibility. Kubernetes Manifest Validation: Use tools like kubevalidator to ensure the integrity and correctness of Kubernetes manifests.