Rahul Goplani

Hey there. I'm Rahul Gokplani. I have completed my graduation in 2018. And my branch of specialization was, engineering electronics and dialer communication. Then, normally, I've started my career as a Linux system admin, and, And during the period, I have realized that cloud and DevOps technology is something moving into the market, and I've start I've started learning AWS. And I've got an opportunity in one of the start up that is Scrip2 Technologies. I've joined it as a associate cloud engineer. Unfortunately, after the year, COVID hit us very badly, and that start up got shut down, and I had to look another opportunity in the market. And since I was good in DevOps Technologies and tools I got an opportunity in, BS Intelligence Private Limited, which is one of the company located in Noida. Currently, I'm working here as a senior DevOps engineer. And my tools and technologies I'm working here, is Kubernetes, Terraform, AWS Cloud, we are using. Azure Cloud, so little, we are using. Services in AWS, we we are using, EC2, IIM, CloudWatch, CloudTrak, RDS. And for, department Also, we use, GitHub actions for CICD. So this is all my tool stack I'm having currently.

Well, so far, disaster recovery what we generally practice is we have all of our infrastructure created, with Terraform. And, the Terraform is one of the infrastructure as a as a cloud. And if if something goes wrong in any of the region, within a within a half hour we are able to rep replicate that whole whole infrastructure in another region. So that is that is the practice which we, which we have And, also, in case of, databases, we have databases in different availability zone, and that is that is just for, In case, any of the thing happen on one of the availability zone of that region, So we have some, replicated server in our, another Zoom. Yeah. So that is we can, We can plan for, any kind of disaster recovery. We should have a plan for infrastructure as a goal.

Well, so we have, let's say we have one infrastructure, locally. And we need to, we need to address all of this infrastructure to our AWS Cloud Platform in that case, we have, one service in AWS, I am unable to recall the name right now. But, by using that, service, we can we can use our, local infrastructure, setup into our cloud platform. Like, we have a lot of services for for servers, we can use EC two instances for databases, we can use, RDSS. And for storage, simply, simple storage service, s 3, we can use that. And, we have, for security purpose, our user, access purpose. We have IAM and AWS. That, we can use.

So so if, multiple engineers are working in a, in a code base, Terraform code base, So what we can do is we can, we can put our, TFC state file in one of the, one of the s 3 bucket. And, that way, we can we can log that, state file, where when someone engineer is, trying to running any of the, apply commands, so that block that key with, with that engineer. So that, another engineer will not be perform any of the, Terraform Come on. So that way we can We can

put our, TF straight file. So Better, we use, directory kind of a solution, in case of large scale environment. We can have users, with with this kind of, active directory integration. That way, we will have a more, secure way.

We can use, KMS This is one of the encryption servers offered by AWS. For encrypting data of any of the service in in cloud. In terms of how it differs from s 3, to be honest, I'm I couldn't understood, question, clearly here. Yeah.

There's some problem, uh, with if condition, uh, over here. The reason is the if compliant not in string, and we are appending, uh, we are appending that, uh, string over here.

Problem I can see over here is, uh, CID or IP for both of the protocols. Like, it is open for, uh, everyone. 0.0.0.0/0. So this is, uh, wide open network which can which can lead to a security risks.

So, uh, in this case, if we have a microservice based architecture, we can use, uh, EKS, uh, service offered by AWS, uh, which is elastic Kubernetes, uh, service. So, uh, that way, we won't be have to handle, uh, the servers, and we we won't have to bear a cost of it. Just we'll have to pay $70 of EKS per month cost. And we will be having containers and ports, uh, deployed over there deployments, uh, over there, which would be we can, uh, maintain as a auto scalable whenever, uh, whenever the requirements comes up, like, CPU utilization goes high or something, then, uh, automatically a new port will be, uh, will be rolled out. And, uh, so that is that is how it will it would be, uh, auto scalable. And, uh, yeah, for for maintaining, uh, SOC 2 compliance requirements, we can, uh, we can restrict third party, uh, installments, and we can we can ensure that the third the the the tools which, uh, 3rd party, uh, tools which we are using in our, uh, clusters are, uh, following, uh, soft two guidelines.

So for, uh, maintaining high availability, we can, uh, we can always have a auto scale, uh, for, uh, Kubernetes cluster. Let's say if, uh, CPU utilization is, uh, going high, then, uh, we can we can have a new instance roll, uh, rolled out, and, automatically, the, uh, respected pods will be scheduled on that, uh, note whenever the requirements comes up. Uh, I don't have much idea on automatic failover.

Sorry. So for, uh, having a CICD workflow with, uh, Docker, what we can, uh, do is we can have a GitHub actions, uh, where we can write a a workflow file. We can mention the this the destination where we want to push our, uh, image. We want, uh, and we have we can mention a step of build, and then we can mention a push, uh, location where we want to, uh, push. The it could be data container registry or it could be, uh, AWS Elastic Container Registry or maybe, uh, Azure Container Registry, whatever it is. So prior to that, we can run, uh, we can run some we can, uh, we can run some vulnerabilities, uh, vulnerabilities, uh, scanning. Uh, we can run any of the previous scan, uh, TF scan, or, uh, or we can use Wazoo, uh, for for checking out the vulnerability, uh, on on that, uh, on that code. Uh, also, after that is possible. Uh, after creating image, uh, as well, we can scan the image, as well. That is also option. And then yeah. So that is the way we can we can have our, uh, CICD workflow. CD is mentioned, uh, CD is mentioned here, but, uh, maybe, uh, we can use GitOps, any of the GitOps GitOps technologies like our Argo CD to, uh, to check out if any of the, uh, changes happens on GitHub, uh, on Argo CD code base. And it will automatically, uh, capture that chain, and it will deploy that, uh, new, uh, new image into our, uh, Kubernetes system.