Miguel - Consultant EAI

SysOps/DevSecOps/GitOps [CI/CD]-Production Support K8s/EKS

Mission of administration, expertise&support (L1 to L3) SysOps/DevSecOps/GitOps using AWS EKS Kubernetes (K8s)/Docker containers deployed in AWS infrastructures. Several K8s clusters [near of 70 nodes for Staging&Prod platforms. Administration, industrialization and deployments using CI/CD Jenkins pipelines in Production environments (Run mode) around GitOps tools (FluxCD/Helm, Atlantis).

SysOps/DevSecOps (CI/CD) using Jenkins + Artifactory + GitLab + Vault + Kubernetes/Docker :
 Automation/Installation/Administration of CI-CD pipelines using Jenkins, GitLab; Artifactory,Vault, Kubernetes in order to build/deploy CI-CD platforms for internal BPI project teams (more than 150 CI-CD internal project platforms “end-to-end” running in parallel under an unique AWS EKS cluster infrastructure).
 K8s Administration&Supervision&Monitoring of the AWS EKS cluster using docker containers: Fluentd+Prometheus => Grafana & Kibana & Datadog, several applications deployed using Helm : Helm Operator, GitLab, Jenkins, Sonar, Artifactory, Vault, etc.
 Administration and configuration: Jenkins pipelines; JenkinsFiles, scripts shell, Phyton, etc
 SAFe Agile methodology and deployments using JIRA & Jenkins stacks CI/CD
 Incidents resolution and deep analysis from clients using EasyVista tools and JIRA (ITIL process).
 Richfull environments using “DevSecOps” tools in order to provide a high level of CI-CD tooling for the BPI projects : GitLab, Jenkins, Artifactory, Sonar, Anchore/Grype, Jenkins Agents, Atlantis, Flux, SealedSecrets, etc

GitOps methodology :
 « IaC » using Atlantis/Terraform: deployment of the AWS infra using Git MergeRequest as unique entry point.
 « CI-CD » using Flux(CD)/Helm : the application layer in AWS EKS K8s cluster is done using Flux as unique entry point through Git MergeRequest(s). Any “manifest” K8s file in EKS is under the control of Flux and any “manual (without Git)” change done in the “manifest” EKS file is rectified by Flux (native auto-remediation tooling).

FinOps :
 Optimization using the recommendations of the « CoE Cloud Shared Services » of BPI.
 AWS EKS cluster : spots instances when necessary, cluster nodes (“bottle rocket”), autoscalling optimization; etc
 SLA&Costs according to NO Production platforms (Staging/PreProd)

Security:
 Installations & security aspects : AWS SSM , Vault, Sealed Secrets
 Encryption/Decryption : SSL flows, certificates, AWS Certificate Manager (ACM), etc

Knowledge in other technical aspects:
Linux, Jenkins, GitLab, Artifactory, Sonar,Vault, Nginx, Python, JSON, YAML, VisualStudio, SailPoint, ServiceNow, JIRA , etc

SysOps/DevOps[CI/CD] Production Support Kubernetes/Docker

Mission full english spoken of support, expertise (L1 to L3 support) SysOps/DevOps using Kubernetes (K8s)/Docker containers deployed in a private cloud (Marketplace). Several K8s clusters [more than 250 nodes using the Dev, Staging&Prod platforms] hosting a big datalake and Intelligence Artificial (IA) applications. Administration, industrialization and deployments using CI/CD Jenkins in Production environments (Run mode).

SysOps/DevOps (CI/CD) using Jenkins + Artifactory + Bitbucket + Ansible + Kubernetes/Docker :
 Automation/Installation/Administration CI/CD pipeline using Jenkins, Artifactory, Ansible Tower, CyberArk, Kubernetes.
 K8s Administration : K8s DashboarUI & Kibana, Resource Quotas, Namespaces, Users management, Nodes maintenance, Pod Security Policies, Taints&Tolerations, Healthchecks, secrets, volumes, affinity, Helm, etc.
 Administration and configuration: Dockerfile, Playbooks, scripts shell, etc
 Debugging and production support (ITIL process)
 Agile methodology and deployments using JIRA & Jenkins stacks CI/CD
 Incidents resolution and deep analysis from clients using ServiceNow tools and JIRA (ITIL process).
 Richfull environments using “dockerisation” but other technologies : Apache servers, Nginx, Oracle & Postgree DB’s, LoadBalancing, AVI technologies (VIP’s), https protocols and certificates, NAS shares, S3 buckets, etc
 Supervision&Monitoring : ELK stack  Installation/configuration (log&search patterns platform)

FinOps :
 « Best Practices »: taxonomy/tagging of ressources, tracking of unused resources, tools and scripting.
 Review&optimization shell scripts for launching only the necessary resources in the private cloud.

Security:
 Installations & security aspects using secrets and CyberArk
 Encryption/Decryption of flows using the transfert of data for AI applications (PGP tools)

SysOps/DevOps [CI/CD]

Mission full english spoken of support, expertise (L1 to L3 support) SysOps/DevOps Kubernetes (K8s) deployed in a private
cloud. Several K8s clusters [more than 250 nodes using the Dev, Staging&Prod platforms] hosting a big datalake and AI
applications. Administration, industrialization and deployments using CI/CD Jenkins in Production environments (Run
mode).

SysOps/DevOps (CI/CD) using Jenkins + Git + Ansible + Dockerhub + Kubernetes :
Automation/Installation/Administration CI/CD pipeline using Jenkins, Git, Ansible Tower, Dockerhub,
Kubernetes.
K8s Administration : K8s DashboarUI & Kibana, Resource Quotas, Namespaces, Users management, Nodes
maintenance, Pod Security Policies, Taints&Tolerations, Healthchecks, Liveness&readiness probes, secrets,
volumes, affinity, Helm, etc.
Administration and configuration: Dockerfile, Playbooks, scripts shell, etc
Debugging and production support (ITIL process)
Agile methodology and deployments using JIRA & Jenkins stacks CI/CD
Incidents resolution and deep analysis from clients using ServiceNow tools and JIRA (ITIL process).
Richfull environments using “dockerisation” but other technologies : Apache servers, Nginx, Oracle & Postgree
DB’s, LoadBalancing, AVI technologies (VIP’s), https protocols and certificates, NAS shares, S3 buckets, etc
Supervision&Monitoring : ELK stack Installation/configuration (log&search patterns platform)

FinOps :
« Best Practices »: taxonomy/tagging of ressources, tracking of unused resources, tools and scripting.
Review&optimization shell scripts for launching only the necessary resources in the private cloud.

Security:
Installations & security aspects using secrets and CyberArk
Encryption/Decryption of flows using the transfert of data for AI applications (PGP tools)

SysOps/DevOps Cloud AWS Infrastructure Terraform&Kubernetes

Mission « SysOps/expertise Cloud » for NOAE consulting: technical support (N1 to N3) in cloud infrastructure with AWS. “Best
Practices » in installation&administration infrastructure with AWS, industrialization on deployments (Infrastructure as Code /
IaC) using Terraform. Administration of Kubernetes/Docker (DevOps) and deployments charts.

SysOps/DevOps (CI/CD) using Jenkins + Maven + Git + Ansible + Dockerhub + Kubernetes :
Automation/Installation/Administration CI/CD pipeline using Jenkins, Git, Ansible, Dockerhub, Kubernetes.
Installations & security aspects: full “On-premises”, “Hybrid”; full “cloud”.
Administration and configuration: Dockerfile, Playbooks, scripts shells, etc

SysOps Kubernetes(K8s) / Docker expert using “Kops” & EKS :
« Best Practices” in administration, deployment of Kubernetes clusters with AWS.
Installations & security aspects of K8s : full “On-premises”, “Hybrid”; full “cloud”.
“Installation Manual” using “kops” & “kubectl” & “eksctl”: prerequisites ELB LoadBalancer (Route 53 and the “onpremise” DNS).
K8s Administration : K8s Dashboard UI, Resource Quotas, Namespaces, Users management, Nodes maintenance, Pod
Security Policies, Healthchecks, Liveness&readiness probes, secrets, volumes, affinity, Helm, etc.
Installing Kubernetes using EKS (Elastic Kubernetes Service of AWS): IAM roles for Service Accounts.

« IaC » using Terraform:
« Best Practices » & security using Terraform.
Scripting with Terraform and AWS & GCP providers (some examples also with Azure Provider ).
"Standard patterns": scripts for deploying VPCs, subnets, security groups , NACL’s, internet Gateways, Routing Tables,
EC2, S3, ELB Classic, Elastic Load Balancing v2 (ALB/NLB), EBS, Autoscaling, EFS, Kubernetes clusters, etc
Very good skills developing under Terraform

FinOps :
« Best Practices »: taxonomy/tagging of cloud resources, tracking of unused resources, tools and scripting.
Review&optimization in the Terraform scripts for launching only the necessary resources on the cloud.
Study/review of cloud compute services (EC2): "On-Demand Instances"vs" Reserved Instances"vs"Scheduled
Instances"vs"Spot Instances"vs"Dedicated Hosts"
Worshops with operational teams: accountability of the teams on costs.

Security:
Installation and configuration : VPC Flow Logs, CloudTrail, AWS Config , Trusted Advisor, Inspector , Macie.
Best practices using and configuring AW SIAM Roles & Access

Supervision& Logging & Monitoring:
ELK stack : Installation/configuration (log&search patterns platform)
Prometheus + Grafana : supervision
DataNet : installation/configuration on a Kubernetes cluster.

AWS Serveless : Lambda & Auto-remediation
Integration in the cloud : installation and configuration of “serverless” tools
Documentation & security baselines to deploy and configure Lambda.
Uses cases : auto-recovery/auto-remediation in incident response/monitoring (Cloudwatch & SNS & AWS Config)
Knowledge in other technical aspects:
Linux, Serverless, Jenkins, Git, Ansible, Tomcat, Python, nodejs, JSON, YAML, CloudFormation, CloudWatch,
CloudTrail, VisualStudio, Powershell, Hyper-V, Vagrant, Lambda, S3, Dynamo DB, API Gateway, Route 53, CloudFront
, Organizations, Kinesis Data Streams, Cloud Trail, Amazon Elastic Container Service (ECS), etc

Architect IT/Cloud and technical expert

Mission of support, architecture, expertise (N3 support). Participation to the Cloud feasibility study (IaaS & PaaS focus) on
«private» and «hybrid» migration of non-sensitive project environments (Sandbox, DEV, INT,…) on the cloud.

Cloud Feasibility Study:
« State of the art » on cloud solutions.
Three cloud «patterns» to migrate on the cloud:
Webservices hosting architecture (focus API Management)
3-tiers architecture (DMZ+App+DB)
A2B architecture (Application to Business on REST)
FinOps approach according to the different patterns with AWS vs AZURE vs GCP.
POC’s taking into account security, access and authentication aspects : IAM/ Acces Policy types / Directory Service
(ADFS).

FinOps perimeter :
Study/review of cloud compute services: "On-Demand Instances"vs" Reserved Instances"vs"Spot
Instances"vs"Dedicated Hosts"
Study on costs: choice of regions/zones & main services for administration/supervision/compute vs Serveless.
Cost-optimized storage: Storage Classes / Requests / Data Transfer / IOPS / Volume Type&Size.


POC implementation with AWS and AZURE:
Multi-tier architecture and monitoring: AWS EC2 + AMI + CloudWatch +Cloud Formation vs Azure VM + Resource
Manager + Advisor + Monitor To choose the appropriate EC2 and VM.
Reliable/resilient storage : AWS EBS + EFS /FSx + S3 + RDS vs Azure Cloud Storage + SQL DB) To define the best
storage to improve the target performances.
Decoupling mechanisms : AWS ELB + SQS vs Azure Load Balancing To prepare the targets.
Design HA and/or fault tolerant solutions: Load Balancing and Autoscalling Production environment.
Access and authentication: AWS IAM + AWS Directory Service + Microsoft AD vs Azure Security Center + Azure AD
[DC] To fill up security aspects.
Encryption data “In transit” and/or “At rest” : AWS AWS KMS + Cloud HSM vs Azure Security Center To fill up
security aspects.
Scripting with Terraform

Architect IT / Middleware-ESB expert / Technical project manager

Architect and technical expertTechnical lead/architect in

charge of the implementation from “scratch” of the new exchange platform (webMethods) for this
government agency.

Consultant Axway/Middleware support Level

Support and
service manager of the platform under Axway technology. Mission of migration from the old exchange
platform to the new platform in a B2B context with more than 100 partners and flows.

Architect and technical expert

architect and expert
webMethods (wM) in the maintenance and support for upgrading the version of the wM platform.

Architect and technical expert: architect and expert webMethods (wM).

I participated with the team which implemented from scratch the newest
middleware platform for ENGIE (called INES).