Purushothaman

Hello. Hi. My name is. I'm currently based in Bangalore, and I work as a senior software engineer in the Commonwealth Bank of Australia. And in my role, I'm responsible for designing and implementing cloud-based solutions using Microsoft Azure technologies. And, some of my responsibilities include collaborating with stakeholders and product owners to understand their business needs. So, based on the requirements, I develop and implement Azure-based solutions, such as Azure Kubernetes services, compute and networking, storage, and security as well. I ensure these solutions are highly available and also apply security best practices over the complete development life cycle. And apart from that, I lead a team of four members. They are not reporting to me, but I provide guidance and technical leadership to them. And, they support me in my current company, and I've been working here for one and a half years. Prior to this, my current company, I worked at the Bank of Australia. Before that, I worked in Kirkland Technologies, a telecom-focused organization. In that role, I spent a year and a half deploying telecom products in both cloud and on-premises environments. And, prior to that, I worked in SmartShift Technologies. I worked there for two years as an Oracle database administrator. Apart from that, I worked on Postgres, Mongo, and MySQL DB as well. Overall, I have 10 years of experience, and I've worked with various tools and technologies, such as Azure Kubernetes, Docker, Terraform, Ansible, Prometheus, and Grafana. I'm mostly focused on Azure, and I also have experience with AWS, although it's very limited. I don't have enough years of experience in AWS. It's been a quick connection. And, coming to my education, I have a master's degree from the university in the year 2011. And, coming to my personal life, I'm married, and I have two daughters. Thank you.

Yeah, so coming to this question. So, the resources created the landing zones we call it in Azure, based on the tenant requirement. So, the workloads they are going to run in that Azure landing zone. So based on that, we'll be creating the landing zones. And, it contains all the resources, and it is a complete segmentation, like, it's what is required for the tenant. So, understanding that tenant requirements and creating the infrastructure for the respective tenants. So they can come on board once we deliver and welcome them with an email. So they will come on board, create their application workloads, and start using it. So, specific to this question, to optimize Azure resource conception, I mean, always go with the virtual machine scale set. So based on the load, the business workload they have, and they have to create their respective virtual machine scale sets. Instead of allocating higher resources, that's not a good idea. Also, we need to think about the cost level. And this is the answer to this question, I believe. Thank you.

Okay. So coming to this question, so automatic scaling of AWS resources based on demand using Terraform. Yes. So all we are using Terraform as infrastructure as code. And with that, we have the complete life cycle of whether it is Azure or AWS landing zone, and we'll be provisioning those resources or services using Terraform. And so the automatic scaling, definitely. So based on the workload, we have the code in the GitHub repo, as well as in the Azure repos. And there are some events that automatically capture the type of, the number of events to that instance. And based on that, the auto metrics we have configured for the particular events, like CPU or memory, or custom metrics, like you say, the events. So based on that data, the code will be updated. Once it is updated, we have an automatic push to the build pipeline and the release pipeline. So based on that form script, we'll try to increase the number of instances. And based on the custom metrics, which I mentioned earlier, we'll spin up new instances on Azure.

Are you okay? Okay. Sorry. I just accidentally clicked on record and answered the previous questions. Yes. So coming to this question, how would you secure sensitive data in Terraform code without committing it, which is not recommended. To secure the sensitive data, one of the first things is to keep the secrets in HashiCorp Vault, Azure Key Vault, or KMS in AWS. Sorry. Yes. I just clicked the button. So, we just have to always keep our secrets in either the Azure Key Vault or the HashiCorp Vault. And we need to refer to the key vaults always with the Terraform code. And it's more important that we shouldn't hardcode the secrets in the code. This is the most important one. Let's support this question. Thank you.

Sorry, yeah. How do you manage state in a distributed application using Kubernetes? Yeah, so coming to these questions, like, how do you manage state image replication? Yeah, like, it's always important to manage the desired state, like, with the configuration, what we have in the manifest file, so based on that application. And, like, the controller manager is an important component of the control plane in Kubernetes architecture. So, this will always check for the desired state of each, whether it's a replication or whether it's at any job or endpoint. So, it can be anything. And so, what the controller manager will do is automatically detect and inform the API server. And based on that, it will take actions and make it to the desired state. So, it's always maintaining horizontal pod autoscaling, for automatic scaling using custom metrics or with CPU, resource limits, and requests as well.

Given the state of arms sticking the lenses, let me see some data to explain what's wrong with the variable in translation, how it affects the implicit dependency. So, coming to this, like, the variables for the tag mentioned in this Terraform code have to be directly defining the variable for the names. And so, what this means is that for example, we have various types of, such as SAT or non-production or production. So, if we define it this way, it's not a good practice for reusable code. And if you're planning to deploy in multiple environments, in that case, we need to use Terraform modules, and if you're planning to deploy in very different types of environments. So, we have to use a module in this case.

So coming to this Dockerfile snippet, I don't think so. Not much difference, but one thing is when running make dash slash codes, maybe we have meant instead of running make their hyphen p. We can add hyphen p before the slash code, and that will resolve the issue if you include hyphen p. Yeah.

Our service principles within a Kubernetes cluster to manage Azure resources. Like, we have a native service account with Kubernetes, and we are always using that service account to interact with the Kubernetes cluster when we are integrating with any Azure services, such as Azure Key Vault or any storage or anything, any kind of service. So that native service account can be used in this case.

Yes, then this is one of the important topics. Like, so always, making the branching strategies when we are working with different teams and within the team, especially with Terraform. So, we had to keep the state file in the remote and make sure the lock is present and the same state cannot be modified by the same team members. The reasoning has to be maintained. Definitely, the reasoning has to be maintained for this one. So, always, before that, a number of reviews and approvals have to be implemented before any code matches the master. So, always, Larry will check if it's secure later, and we have to implement the tag with the security approval before it's going to the final approval. So, we have to include multiple checks before it's approved by the final. Yeah.

Yeah. I see that operators is the significant part to manage the complex workloads in the Kubernetes. And so, using that, we always have to keep the Kubernetes operators using Golang or any other language and for the respective applications, such as shift flow applications. Yes. So yeah. So basically, like, when we provide the platform to application teams, this application team will take care of what opportunities are required for their respective workloads to run in the Kubernetes cluster. So they will decide according to that. Thank you.