CV/Mission K8s freelance

Aperçu des missions de Miguel,
freelance K8S résidant dans Paris (75)

• SysOps/DevSecOps/GitOps [CI/CD]-Production Support K8s/EKS

  Mission « BPI France » : AWS
  Jan 2022 - aujourd'hui

  Mission of administration, expertise&support (L1 to L3) SysOps/DevSecOps/GitOps using AWS EKS Kubernetes (K8s)/Docker containers deployed in AWS infrastructures. Several K8s clusters [near of 70 nodes for Staging&Prod platforms. Administration, industrialization and deployments using CI/CD Jenkins pipelines in Production environments (Run mode) around GitOps tools (FluxCD/Helm, Atlantis).
  
  SysOps/DevSecOps (CI/CD) using Jenkins + Artifactory + GitLab + Vault + Kubernetes/Docker :
   Automation/Installation/Administration of CI-CD pipelines using Jenkins, GitLab Artifactory,Vault, Kubernetes in order to build/deploy CI-CD platforms for internal BPI project teams (more than 150 CI-CD internal project platforms 𠇎nd-to-end” running in parallel under an unique AWS EKS cluster infrastructure).
   K8s Administration&Supervision&Monitoring of the AWS EKS cluster using docker containers: Fluentd+Prometheus => Grafana & Kibana & Datadog, several applications deployed using Helm : Helm Operator, GitLab, Jenkins, Sonar, Artifactory, Vault, etc.
   Administration and configuration: Jenkins pipelines JenkinsFiles, scripts shell, Phyton, etc
   SAFe Agile methodology and deployments using JIRA & Jenkins stacks CI/CD
   Incidents resolution and deep analysis from clients using EasyVista tools and JIRA (ITIL process).
   Richfull environments using �vSecOps” tools in order to provide a high level of CI-CD tooling for the BPI projects : GitLab, Jenkins, Artifactory, Sonar, Anchore/Grype, Jenkins Agents, Atlantis, Flux, SealedSecrets, etc
  
  GitOps methodology :
   « IaC » using Atlantis/Terraform: deployment of the AWS infra using Git MergeRequest as unique entry point.
   « CI-CD » using Flux(CD)/Helm : the application layer in AWS EKS K8s cluster is done using Flux as unique entry point through Git MergeRequest(s). Any “manifest” K8s file in EKS is under the control of Flux and any “manual (without Git)” change done in the “manifest” EKS file is rectified by Flux (native auto-remediation tooling).
  
  FinOps :
   Optimization using the recommendations of the « CoE Cloud Shared Services » of BPI.
   AWS EKS cluster : spots instances when necessary, cluster nodes (𠇋ottle rocket”), autoscalling optimization etc
   SLA&Costs according to NO Production platforms (Staging/PreProd)
  
  Security:
   Installations & security aspects : AWS SSM , Vault, Sealed Secrets
   Encryption/Decryption : SSL flows, certificates, AWS Certificate Manager (ACM), etc
  
  Knowledge in other technical aspects:
  Linux, Jenkins, GitLab, Artifactory, Sonar,Vault, Nginx, Python, JSON, YAML, VisualStudio, SailPoint, ServiceNow, JIRA , etc

• SysOps/DevOps[CI/CD] Production Support Kubernetes/Docker

  Mission « CIB BNP Paribas »
  Jan 2020 - Jan 2022

  Mission full english spoken of support, expertise (L1 to L3 support) SysOps/DevOps using Kubernetes (K8s)/Docker containers deployed in a private cloud (Marketplace). Several K8s clusters [more than 250 nodes using the Dev, Staging&Prod platforms] hosting a big datalake and Intelligence Artificial (IA) applications. Administration, industrialization and deployments using CI/CD Jenkins in Production environments (Run mode).
  
  SysOps/DevOps (CI/CD) using Jenkins + Artifactory + Bitbucket + Ansible + Kubernetes/Docker :
   Automation/Installation/Administration CI/CD pipeline using Jenkins, Artifactory, Ansible Tower, CyberArk, Kubernetes.
   K8s Administration : K8s DashboarUI & Kibana, Resource Quotas, Namespaces, Users management, Nodes maintenance, Pod Security Policies, Taints&Tolerations, Healthchecks, secrets, volumes, affinity, Helm, etc.
   Administration and configuration: Dockerfile, Playbooks, scripts shell, etc
   Debugging and production support (ITIL process)
   Agile methodology and deployments using JIRA & Jenkins stacks CI/CD
   Incidents resolution and deep analysis from clients using ServiceNow tools and JIRA (ITIL process).
   Richfull environments using 𠇍ockerisation” but other technologies : Apache servers, Nginx, Oracle & Postgree DB’s, LoadBalancing, AVI technologies (VIP’s), https protocols and certificates, NAS shares, S3 buckets, etc
   Supervision&Monitoring : ELK stack  Installation/configuration (log&search patterns platform)
  
  FinOps :
   « Best Practices »: taxonomy/tagging of ressources, tracking of unused resources, tools and scripting.
   Review&optimization shell scripts for launching only the necessary resources in the private cloud.
  
  Security:
   Installations & security aspects using secrets and CyberArk
   Encryption/Decryption of flows using the transfert of data for AI applications (PGP tools)

  Knowledge in other technical aspects: Linux, CyberArk, Jenkins, Git, Ansible, Nginx, Python, JSON, YAML, VisualStudio, SailPoint, ServiceNow, JIRA, Alteryx, etc

• SysOps/DevOps [CI/CD]

  Mission « BNP Paribas »
  Jan 2020 - aujourd'hui

  Mission full english spoken of support, expertise (L1 to L3 support) SysOps/DevOps Kubernetes (K8s) deployed in a private
  cloud. Several K8s clusters [more than 250 nodes using the Dev, Staging&Prod platforms] hosting a big datalake and AI
  applications. Administration, industrialization and deployments using CI/CD Jenkins in Production environments (Run
  mode).
  
  SysOps/DevOps (CI/CD) using Jenkins + Git + Ansible + Dockerhub + Kubernetes :
  Automation/Installation/Administration CI/CD pipeline using Jenkins, Git, Ansible Tower, Dockerhub,
  Kubernetes.
  K8s Administration : K8s DashboarUI & Kibana, Resource Quotas, Namespaces, Users management, Nodes
  maintenance, Pod Security Policies, Taints&Tolerations, Healthchecks, Liveness&readiness probes, secrets,
  volumes, affinity, Helm, etc.
  Administration and configuration: Dockerfile, Playbooks, scripts shell, etc
  Debugging and production support (ITIL process)
  Agile methodology and deployments using JIRA & Jenkins stacks CI/CD
  Incidents resolution and deep analysis from clients using ServiceNow tools and JIRA (ITIL process).
  Richfull environments using 𠇍ockerisation” but other technologies : Apache servers, Nginx, Oracle & Postgree
  DB’s, LoadBalancing, AVI technologies (VIP’s), https protocols and certificates, NAS shares, S3 buckets, etc
  Supervision&Monitoring : ELK stack Installation/configuration (log&search patterns platform)
  
  FinOps :
  « Best Practices »: taxonomy/tagging of ressources, tracking of unused resources, tools and scripting.
  Review&optimization shell scripts for launching only the necessary resources in the private cloud.
  
  Security:
  Installations & security aspects using secrets and CyberArk
  Encryption/Decryption of flows using the transfert of data for AI applications (PGP tools)

  Knowledge in other technical aspects: Linux, CyberArk, Jenkins, Git, Ansible, Nginx, Python, JSON, YAML, VisualStudio, SailPoint, ServiceNow, JIRA, Alteryx, etc

• SysOps/DevOps Cloud AWS Infrastructure Terraform&Kubernetes

  Serveless / Security – DevOps[CI/CD]
  Jan 2019 - Jan 2020

  Mission « SysOps/expertise Cloud » for NOAE consulting: technical support (N1 to N3) in cloud infrastructure with AWS. �st
  Practices » in installation&administration infrastructure with AWS, industrialization on deployments (Infrastructure as Code /
  IaC) using Terraform. Administration of Kubernetes/Docker (DevOps) and deployments charts.
  
  SysOps/DevOps (CI/CD) using Jenkins + Maven + Git + Ansible + Dockerhub + Kubernetes :
  Automation/Installation/Administration CI/CD pipeline using Jenkins, Git, Ansible, Dockerhub, Kubernetes.
  Installations & security aspects: full “On-premises”, “Hybrid” full 𠇌loud”.
  Administration and configuration: Dockerfile, Playbooks, scripts shells, etc
  
  SysOps Kubernetes(K8s) / Docker expert using “Kops” & EKS :
  « Best Practices” in administration, deployment of Kubernetes clusters with AWS.
  Installations & security aspects of K8s : full “On-premises”, “Hybrid” full 𠇌loud”.
  “Installation Manual” using “kops” & “kubectl” & 𠇎ksctl”: prerequisites ELB LoadBalancer (Route 53 and the “onpremise” DNS).
  K8s Administration : K8s Dashboard UI, Resource Quotas, Namespaces, Users management, Nodes maintenance, Pod
  Security Policies, Healthchecks, Liveness&readiness probes, secrets, volumes, affinity, Helm, etc.
  Installing Kubernetes using EKS (Elastic Kubernetes Service of AWS): IAM roles for Service Accounts.
  
  « IaC » using Terraform:
  « Best Practices » & security using Terraform.
  Scripting with Terraform and AWS & GCP providers (some examples also with Azure Provider ).
  "Standard patterns": scripts for deploying VPCs, subnets, security groups , NACL’s, internet Gateways, Routing Tables,
  EC2, S3, ELB Classic, Elastic Load Balancing v2 (ALB/NLB), EBS, Autoscaling, EFS, Kubernetes clusters, etc
  Very good skills developing under Terraform
  
  FinOps :
  « Best Practices »: taxonomy/tagging of cloud resources, tracking of unused resources, tools and scripting.
  Review&optimization in the Terraform scripts for launching only the necessary resources on the cloud.
  Study/review of cloud compute services (EC2): "On-Demand Instances"vs" Reserved Instances"vs"Scheduled
  Instances"vs"Spot Instances"vs"Dedicated Hosts"
  Worshops with operational teams: accountability of the teams on costs.
  
  Security:
  Installation and configuration : VPC Flow Logs, CloudTrail, AWS Config , Trusted Advisor, Inspector , Macie.
  Best practices using and configuring AW SIAM Roles & Access
  
  Supervision& Logging & Monitoring:
  ELK stack : Installation/configuration (log&search patterns platform)
  Prometheus + Grafana : supervision
  DataNet : installation/configuration on a Kubernetes cluster.
  
  AWS Serveless : Lambda & Auto-remediation
  Integration in the cloud : installation and configuration of “serverless” tools
  Documentation & security baselines to deploy and configure Lambda.
  Uses cases : auto-recovery/auto-remediation in incident response/monitoring (Cloudwatch & SNS & AWS Config)
  Knowledge in other technical aspects:
  Linux, Serverless, Jenkins, Git, Ansible, Tomcat, Python, nodejs, JSON, YAML, CloudFormation, CloudWatch,
  CloudTrail, VisualStudio, Powershell, Hyper-V, Vagrant, Lambda, S3, Dynamo DB, API Gateway, Route 53, CloudFront
  , Organizations, Kinesis Data Streams, Cloud Trail, Amazon Elastic Container Service (ECS), etc

• Architect IT/Cloud and technical expert

  Mission « Ministery of Justice »
  Jan 2016 - Jan 2019

  Mission of support, architecture, expertise (N3 support). Participation to the Cloud feasibility study (IaaS & PaaS focus) on
  «private» and «hybrid» migration of non-sensitive project environments (Sandbox, DEV, INT,…) on the cloud.
  
  Cloud Feasibility Study:
  « State of the art » on cloud solutions.
  Three cloud «patterns» to migrate on the cloud:
  Webservices hosting architecture (focus API Management)
  3-tiers architecture (DMZ+App+DB)
  A2B architecture (Application to Business on REST)
  FinOps approach according to the different patterns with AWS vs AZURE vs GCP.
  POC’s taking into account security, access and authentication aspects : IAM/ Acces Policy types / Directory Service
  (ADFS).
  
  FinOps perimeter :
  Study/review of cloud compute services: "On-Demand Instances"vs" Reserved Instances"vs"Spot
  Instances"vs"Dedicated Hosts"
  Study on costs: choice of regions/zones & main services for administration/supervision/compute vs Serveless.
  Cost-optimized storage: Storage Classes / Requests / Data Transfer / IOPS / Volume Type&Size.
  
  
  POC implementation with AWS and AZURE:
  Multi-tier architecture and monitoring: AWS EC2 + AMI + CloudWatch +Cloud Formation vs Azure VM + Resource
  Manager + Advisor + Monitor To choose the appropriate EC2 and VM.
  Reliable/resilient storage : AWS EBS + EFS /FSx + S3 + RDS vs Azure Cloud Storage + SQL DB) To define the best
  storage to improve the target performances.
  Decoupling mechanisms : AWS ELB + SQS vs Azure Load Balancing To prepare the targets.
  Design HA and/or fault tolerant solutions: Load Balancing and Autoscalling Production environment.
  Access and authentication: AWS IAM + AWS Directory Service + Microsoft AD vs Azure Security Center + Azure AD
  [DC] To fill up security aspects.
  Encryption data “In transit” and/or 𠇊t rest” : AWS AWS KMS + Cloud HSM vs Azure Security Center To fill up
  security aspects.
  Scripting with Terraform

• Architect IT / Middleware-ESB expert / Technical project manager

  O T H E R S I G N I F I C A N T E X P E R I E N C E S
  Jan 2013 - aujourd'hui

• Architect and technical expertTechnical lead/architect in

  EAI/Middleware for « OFFI »
  2012 - 2013

  charge of the implementation from “scratch” of the new exchange platform (webMethods) for this
  government agency.

• Consultant Axway/Middleware support Level

  3 for « UP » (Chèque Déjeuner) group
  2011 - aujourd'hui

  Support and
  service manager of the platform under Axway technology. Mission of migration from the old exchange
  platform to the new platform in a B2B context with more than 100 partners and flows.

• Architect and technical expert

  EAI/Middleware for « Generali »
  2010 - 2011

  architect and expert
  webMethods (wM) in the maintenance and support for upgrading the version of the wM platform.

• Architect and technical expert: architect and expert webMethods (wM).

  EAI/Middleware for « ENGIE » (GDF-SUEZ)
  2006 - 2010

  I participated with the team which implemented from scratch the newest
  middleware platform for ENGIE (called INES).