Shartul Kumar

Hi. Uh, my name is Sharco Kumar, and I have close to 15 years of, uh, experience into IT industry now. And, uh, I started off in, uh, 2008, um, you know, with an experience and hands on working assignment in the area of system administration, uh, platform engineering, like Linux and other OS. And I gradually delve into CICD, uh, DevOps, uh, area where I've worked with tools like Jenkins uh, for a couple of years, uh, deployments for different, uh, you know, uh, kind of deployment, like grouping deployment, camera deployment. So I, overall, uh, very good hands on when it comes to using multiple tools in the area of DevOps. The docker, you know, modern containerization of the application, uh, adopted applications of production or or even, uh, an application built on open source tool technologies, and Java and Spring Boot and other latest technologies. Also got experience of handling, uh, database management, uh, working, uh, and producing results in the area of data engineering and data analytics. I've got very good hands on when it comes to, uh, cloud computing, uh, multiple platforms. I've got expertise in the area of Azure, uh, AWS, uh, with respect to landing zone designs, with respect to multiple subscriptions or multiple account based setup where I have experience of setting up, uh, a large, uh, you know, landing, uh, landing zone designs for some of the best customers in the world. Uh, for example, Humana, you know, Microsoft, Cisco Systems, Capgemini. That's exactly for Hitachi. Um, I've been, you know, working very, uh, in a very customer centric role where I've engaged to understand the requirement from customer and then build, uh, a solution which is organically produced, uh, uh, in terms of, you know, designing the high level pseudo codes and then transforming that into, uh, an implementation. We're doing a lot of automation across the platform, a lot of integration when it comes to designing the solutions. Uh, also got pretty good hands on in terms of reliability engineering, setting up monitoring, traceability, you know, checking the logs, setting up centralized or even distributed logs, uh, management systems. Uh, pretty good hands on in terms of managing, uh, the bulk of data ingestions, cleansing the data, and setting up the pipelines with the, uh, both the deployment as well as infrastructure deployment and the data pipelines. Uh, as I said, I've got multiple certifications in Azure, AWS, and GCP, quite hands on with tools like Terraform, Argo CD, Kubernetes, uh, pretty good hands on in terms of managing the clusters and Kubernetes, managing the life cycle of parts, troubleshooting, you know, so and so forth. So this is the kind of gist or you can say a small summary on my experience, and I'm sure that, uh, the kind of experience that I have will match the requirement for this particular position. Thank you.

So, basically, uh, as your function, you know, has certain, uh, you know, you can say limitation in terms of, you know, the app service plan on which it has to be set up, and it has to be set up for Linux or Windows machines and those kind of things. But when it come to AWS Lambda, it is a more most mostly like a pure serverless, uh, you know, offering from AWS, and it does not matter where you run it on an operating system, which is selective, which is on Windows or Linux environment. It can, you know, the same AWS Lambda function solution that you designed with some template and deploy it can run on Linux or with the system. So that's you know, that ability gives it's an upper hand, uh, when compared to Azure function. Uh, Azure function architect is more, uh, you you know, close to setting up, you know, and, you know, a custom based triggers like HTTP triggers or blob storage based triggers or something like that. Uh, AWS Lambda is more of, like, you know, uh, provides a bit cost effective solutions, uh, from the serverless architecture point of view and, uh, cross platform compatibility. So Azure Lambda does have cross platform compatibility even Azure function has, but Azure function has certain limitation in comparison to AWS Lambda. Thank you.

Well, during the off peak hours, uh, what we can do is, you know, if you're looking for, uh, cost optimization, what we can do is, uh, we can, uh, do some, uh, you know, shutting down of servers or, uh, especially on sandbox environments or low environments which you're using for playgrounds can, you know, cut the cost, you know. Dynamically allow allocate cloud resources using Python for cost cost evaluation. That's 1 of the thing that we can do. With the help of Python, we can, you know, uh, instead of running the entire API process, we can run simple Lambda functions and be cost effective, uh, during the off hours across AWS and Azure and other resources as well. For example, the volume storage and processing, you know. So the processing can, uh, instead of setting up an easy to instance or an AWS or an Azure VM, we can set up a serverless configuration with Python, which would provide us a very good cost of creation during our off off off peak hours. Thank you.

So in a multi cloud environment, for example, and, you know, if you're looking to deploy some same services, uh, on a Kubernetes cluster across AWS and Azure, what we can do is we can, you know, uh, work on a strategy where we can set up an Kubernetes cluster, uh, on board of the platforms, and we and we can seamlessly have a same kind of manifest or same kind of pipeline deploy. For example, with GitHub actions or ROCD, where we can define, uh, certain environment variables for respective platforms and then do the similar kind of stuff, similar kind of steps that can be followed. And it could be, you know, in terms of pipeline design, and, uh, it could seamlessly, uh, deploy the same containers, same parts on the 2 different, uh, you know, Kubernetes clusters across AWS and Azure. So that is how we can standardize for multi cloud based environment. We can also tag, uh, the pipeline so that a certain pipeline can deploy it on Azure and certain other 1 on AWS having a similar kind of content in terms of the packaging and the basic structure that that we can design. Thank you.

So for managing to see, uh, using Jira from across multiple environments in the CICD pipeline, What we can do is if we have multiple environments like dev, um, you know, broad stage, we can tag, uh, the Terraform state file Terraform or TF state file that we can save in an s 2 bucket along with DynamoDB for unique resources to be stored over there with the help of tags. And these tags will be exactly aligned with the name of environments like dev, stage, and QA. Something similar can be doing on Azure where we can, you know, save this data from state files, uh, with the name of different environment names, uh, in a container inside the block storage. So that's how we can manage, uh, the multiple environment across CICD pipeline. We can also manage different, uh, environment variables or service variables. Uh, you know, at a tier 1 level, we can manage the tier 1 dot TFR files. We can manage the service variables and environment variables also in the pipeline level by creating your variable libraries or libraries of variables where we can tag them with the name of environment. So these are the multiple ways through which we can, um, uh, you know, manage, take consistency and the resources and resource sign inside them using Terraform across multiple environments in a CICD pipeline.

See, for managing and, you know, marketing solution for AWS and Azure, of course, we can use tools like CloudWatch, which can monitor both AWS and other services. And on the other hand, we can also use something like security center, which is, like, built over Qualys, uh, that is a part of Azure security center, which are Azure monitoring, which can, uh, you know, also log AWS as your, you know, those API that is deployed over there. So it it it you know, there are multiple service from both the side that we can utilize. And we can also have a centralized, uh, uh, you know, monitoring solutions, like, for example, Dynatrace or a Datadog, where we can deploy their agents on the easy to instances or the Kubernetes nodes. We have services are running. Those Kubernetes instances and nodes can be on Azure or AWS. And both can be integrated and the logs from both in terms of performance, security, and monitoring their health and the capacity management, threshold management, footfall management, all of these things across with different matrices can be managed on a central dashboards of Datadog or, uh, for example, Prometheus or for Dynatrace, where we can see that the agent is actually running and, you know, give the results. We can also have an, uh, intermediate, uh, app gateway or you can call as, uh, like a proxy where all of these APIs are deployed on AWS or Azure. The agents can send their health and matrices, uh, from, uh, their respective nodes or EC 2 instance or Azure VM failure, you know, services are deployed on the top of the Kubernetes cluster or something similar. And they can be transferred to that particular app gateway or that particular proxy. And from there, it can be connected to, uh, say, for example, Dynatrace or, for example, Datadog. So this way also we can manage by an intermediate system in between and utilize the the integrated monitoring for a custom marketing solution for AWS and other services.

Uh, 1st and foremost, uh, I believe, uh, the syntax of the s language is wrong. You know? Uh, instead of a, uh, you know, a a backslash, we need to have a curly, uh, you know, what you can say, a double quotes over there, uh, instead of, uh, the backslash and a secret quotation across each of the things. Like, for example, AWS and security and this could grow. And, you know, this should be another double quotation and similarly for the example. And even the name prefix on the and the right on the right hand side assignment is example that should also be in a mutable quotation. So I think that's a fundamental, you know, syntax, but it's wrong. And I think, uh, uh, you know, a statement like that from format is going to pick this up and going to show the error. And, also, it's going to be, uh, pick and choose by there from validate to produce an error. So I think that that is fundamentally wrong. Uh, again, uh, the snippet of code is basically about um, adding a security rule which is ingress from port 80 to port 80, uh, TCP, and for all the, uh, resources, you know, 0.0.0.0. But I think the fundamental, uh, wrong thing over there, the syntax, instead of having backslacks and quotation, you know, it should be the double under under the double code. And, uh, that's why I believe it's going to give, uh, the error. Thank you.

Yes. It will give an error, uh, and the reason is because we have selected host all out, and, uh, uh, perhaps there could be a mix of host like Windows or, you know, Linux systems. And if we give an error certainly, then you're going to deploy it on the Windows machine because YUM is not going to recognize or even the Linux machine, which is, like, Ubuntu, where YUM package won't be utilized. That's first thing. Second thing is even if you are installing on, say, for example, Red Hat, uh, it will surely give an error because HTTPT is again, uh, an inherent services. The state is going to present, which would be which would give an error. You have to install it, uh, yum install STTPD. Right? So that has to be the correct format, the way that we are going to use it. And, also, there's a regular expression that's using in the name, so it will throw an error over there, uh, because it should be simple without backslash. Uh, so I I believe the syntax is wrong as well as, uh, we need to verify the alignment of meme uh, block over there, uh, you know, and have to cover the correct format and correct syntax for the task to install the HTTP, uh, which is basically, like, uh, you know, uh, a package, uh, on the Internet machine. Yeah.

See, 0 trust architecture is basically when, you know, uh, we make sure that whatever the, uh, important things are there, which which could be vulnerable from the security perspective, web application architecture should be absolutely, uh, not utilized or not known to any of the user which is going to use that platform. So we make sure that we have a policy aligned, uh, and, uh, that's why. For example, on an AWS account, we can have a, you know, uh, AWS config to look at into 2 d configurations and logs and all the activity that is happening across various sources, their life cycle when they're changing. Uh, also, um, IA policy where we can set up a rule and when we can monitor those things, you know, where, uh, which particular role was used by which particular EC 2 instance to do certain activity or by certain group of users to do certain activity. So, uh, we need to make sure that the things, like, which are very vulnerable, uh, to security, for example, certificates, secrets, uh, other keys, uh, and important, uh, you know, resources like these are access whenever they're accessed, they're accessed by service principle or security principle and not by any user. Uh, they should have an expiry date associated with it. They should have a regeneration automation script so that once they expire, they it should be able to generate again. So these are certain principle that when we talk about 0 trust architecture, you know, uh, across heterogeneous cloud environment using AWS and Azure. And with, uh, you know, having security practices, I mentioned, I'm roles, uh, enter ID roles at the tenant level. You know? Uh, make sure that, uh, our coordinated access is, you know, raised based on time when it comes to PIM based identity and Azure. You know? So something similar that we can implement on AWS as well. So these are the some of the, uh, things that we have to incorporate when we talk about 0 trust architecture.

So, basically, uh, you know, you need to set up, uh, a Jenkins. And on industry specific level, you basically set up a master and a slave. The slave system receives, uh, you know, the request from master to set up a pipeline, and that pipeline could be, uh, you know, code based pipeline, which we can write in terms of job stages and multiple stage inside them. And and within those stages, we can define certain things. For example, git pull strategy for the from the particular branch, uh, and then certain things like, for example, setting up the environment variables from Navient or Gradle to build a code or in in this case, uh, a PIP that could be, you know, set up for installing the dependency and a Python home, uh, need to be set up in Jenkins environment variables. So all these things to do is set up in environment variables. And then, uh, you know, we can define the stage where we can run the, uh, Python based command for doing the, uh, deployment or running the, uh, code as a part of interpretation. Because Python codes are not compiled, but demos are interpreted. So we can point our, uh, you know, maybe a robot framework or maybe a Python based, uh, command line, uh, to the, uh, you know, Python phone which is set in my variables, and then that can run the, uh, Python based code and can build a code for, for example, Django and all that. And previous to that, we need to also use PIP to install the require install the dependency from a file called requirement.txt, which could be part of your packaging for your Python based application. Now, uh, once it runs, we can also need to have a rollback capability. So we need to include a a stage where we need to rollback if it is giving certain number of failure for unit test cases, for example, more than 90% or something like that. And then in that case, we can have a rollback strategy where we do not go ahead and deploy, uh, the Python application, uh, but we deploy the previous version of the code from the artifact. So, again, we have to include certain aspect like connecting to the artifact where we we can have the revision of artifact of, uh, the code being built and stored. Python maybe, you know, whatever the code could be. It could be, like, 1.2. And for example, if you're, like, you know, uh, receiving a failure by deploying a 1.3, then we can, you know within the Jenkins stage, we can, you know, uh, allow that to, uh, you know, overlap and connect to the artifact and then deploy the, uh, version 1.2 as a part of your rollback status. So this is how I will define the stages in the Jenkins, and this is how I will debug, uh, the pipeline. And I will check that and make sure that the pipeline is running dream. And, uh, we have a rollback strategy working, uh, seamlessly.

So, uh, I have used Ansible advanced features, like, for example, vaults where, uh, for example, when when we are deploying a Python application, uh, Django, we also have the requirement of, uh, allowing their application to connect to the database. For example, on MySQL database. And in order to connect to MySQL database, we need to make sure that when the authentication happen, authentication takes place using the password, which is accessed through Vault. So we have used the advanced features of, uh, Vault in Ansible and to combine with our pipeline, uh, to access to allow the, uh, you know, the service principal to access the password on behalf of the Python code that we have deployed. So this is 1 of the advanced features that we have used I have used with the help of Vault. There are other advanced features in, uh, Ansible as well, uh, that I've utilized. Uh, for examples, setting up the window RM, uh, as a part of initialization to set up and configure Windows. Uh, so, yeah, these are the 2 things that I've, uh, utilized. Thank you.