Purushothaman

Hello. Hi. Uh, my name is. I'm currently based in Bangalore, and I work as a senior software engineer in Commonwealth Bank of Australia. And in my role, uh, I'm responsible for designing, implementing a cloud based solutions using the Microsoft Azure Technologies. And, uh, some of my some of my responsibilities include the collaborating with the stakeholders and the product owners to understand their business needs. So and based on the requirements, uh, so I develop and implement that Azure based solutions like Azure Kubernetes services, uh, like compute and networking storage and security as well. So I ensure these solutions are highly available to Zealand and also applying the security best practices, uh, over the complete development life cycle. And apart from that, I lead a team of 4 members. So not they are not reporting, like, uh, just providing guidance and technical leadership to them. And, uh, they support me in the current company, and I'm working for 1 and a half years. So prior to this, my current company, and, uh, that is coming to the Bank of Australia. So I worked in, uh, Kirkland Technologies, a telecom focused organization. And, uh, in that I have a first and a half years in that role. I deploying, uh, that, uh, telecom product in both cloud and on premises. And, yeah, prior to that, I have worked in SmartShift Technologies. Yeah. The I worked for 2 years as the Oracle database administrators. Apart from that, I worked on, uh, the Postgres, Mongo, and MySQL DB as well. So overall, uh, with that overall, I have 10 years of experience, and I have worked in various tools, uh, and technologies such as Azure Kubernetes, uh, Docker, Terraform, uh, Ansible, Prometheus, Grafana. Uh, so I'm mostly focused on Azure and, uh, like, how AWS experience as well, but it's very limited. Uh, I don't know enough years of experience I got in AWS. Uh, it's about my the quick connect. And yeah. So coming to my the education, uh, I have done my masters in university in the year 2011. And, uh, coming to my personal life, I'm married. I have 2 daughters. Thank you.

Yeah. Uh, so coming to this question yeah. Uh, so the basically, the resources, created, uh, the landing zones we call it in Azure, uh, based on the tenant requirement. So what kind of, uh, uh, the workloads they are going to run-in that Azure landing zones. So based on that, we'll be creating the landing zones. And, uh, it contains all the resources, and it is, uh, it is it's a complete, uh, segmentation, like, uh, it uh, what is required for the tenant. So so so like I said, so understanding that tenant requirements and, uh, creating the creating the infrastructure for the for for the respective tenants. So they can come on once we delivered and once they could they welcome email. So they will, uh, come on top of that. They will, uh, create their application workloads, and they can start using it and, uh, on top of that. So, um, so specific to this question, to optimize Azure resource conception, like, uh, so always, uh, go with that. I I mean, that virtual machine scale set. So based on the load, the business workload, what they have, and they have to create their respective virtual machine scale sets. And instead of, uh, in that trend, uh, uh, allocating that higher resources, that that's not a good, uh, idea. And, also, to the cost level, we need to think. And so this is the this answer to this question, I believe. Thank you.

Okay. So coming to this question, so automatic scaling of AWS resources based on demand using Terraforms. Uh, Yeah. So all we are using the Terraform as infrastructure as code. And, uh, with that, like, we have that, uh, the complete, uh, the life cycle of that, uh, whether it is Azure or AWS landing zone, and we'll be we'll be provisioning those, uh, the resources or the services using the Terraform. And, uh, so the automatic scaling, definitely, yes. Uh, so based on the workload, like, uh, we we we have we have the code in the GitHub repo, uh, as well as in the Azure repos. And, uh, there are there are some events, like so automatically, uh, automatically capture the the the type of, uh, the number of events to that to to that, uh, to the instance. And, uh, based on that, the auto metrics we have configured, uh, for the particular events, like, it can be a CPU or memory, or it can be the custom metrics, like you say, the events. So, uh, based on that, uh, the data, uh, will be updated. I mean, that the code will be updated. So once it is updated, we have automatic push to the to the, uh, that the build pipeline and, um, and the release pipeline. So based on that, uh, that are of form script, uh, we'll try to increase the number of instances. And, uh, so based on the custom metrics, which I mentioned earlier, and it will spin up that new instances on the on the a two d s r Azure.

Uh, are you okay? Okay. Sorry. I just accidentally clicked up on record and answered the previous questions. Yeah. So coming to this question, how would you secure sensitive data in Terraform code without committing in, uh, okay, which is which is shouldn't call. Okay. Uh, so, uh, like, uh, to secure the sensitive data, so either in that, um, to the for the first thing is, like, the keeping the secrets, either in the HashiCorp Vault or the Azure Key Vault or KMS in AWS. So sorry. Yeah. Sorry. I I just just I clicked the call. So, uh, like, we just have to always keep that our, uh, secrets in that, uh, either of the Azure keyboard or the ACOP vault. And we need to refer the key walls, uh, always with the Terraform code. And, uh, so it is more important that we should not hard code the hard code the secrets, uh, in the code. Uh, this is the most important one. Uh, let's support this question. Yeah. Thank you.

Sorry. Yeah. How do you manage state in a distributed application using Kubernetes? Yeah. Uh, so coming to these questions, like, how do you manage state image replication? Yeah. Like, it's always important to manage the desired state, like, uh, with with with the configuration, what we have it in the manifest file, so based on that applications. And, uh, so always, like, the the controller manager is important. So our controller manager is one of the important component of the control plan in Kubernetes architecture. So this will always, uh, check for the desired state of the each, whether it is a replication or whether it is at any job or, uh, are you are you are you any other like, uh, it's endpoint. So it can be anything. And so so what the control manager will auto will automatically detect and will will will inform to the a b a API server. And based on that, uh, it will take actions and will make that to the desired state. So always maintaining that, uh, horizontal port artist killer, uh, for that, uh, automatic scaling of, uh, using the custom metrics or, uh, with the CPU, the resource limits and request as well.

Given the state of arms sticking the lenses, let me see some data to explain what's wrong with the variable in translation, how it affect the implicit dependency. So coming to this, like, uh, the variables, like, uh, for the for the tag, which was mentioned in this Terraform, uh, code, so it has to be, like, with the with the with directly, uh, defining the variable, uh, for the names. And, uh, so what means so example for example, we have various types of, uh, so this can be of, uh, SAT or non product or prod. So if we define like this way, it's not a good practice as a reusable code. And if we if you're planning to deploy in multiple, uh, environments so in that case, we need to use the Terraform modules and for for if you're planning to deploy in the very different types of environment. So we have to use module in this case.

So coming to this, uh, coming to this dockerfile snippet, I don't think so. Not much difference, but only thing is, like, when run make dash slash codes, maybe we have we have meant, uh, instead of, like, run make their hyphen p, uh, like, we can add before the slash code and and, uh, yeah. So that that that will that, uh, that is the one thing, like, I I sense, and, uh, it can be resolved if it is if if you include hyphen p. Yeah.

Yeah. Uh, coming to this question as your service principles within a Kubernetes cluster to manage Azure, uh, resources. Like, uh, we have a native service account of with the Kubernetes, and we are always using that service account to interact, uh, whether the Kubernetes cluster if if we are integrating with it any any Azure services, uh, resources like Azure keyboard or any storage or or anything, any kind of services. So that is the native service account can be used, uh, in this case.

Yeah. Uh, then this is one of the important, topic. Like, so always, uh, making the branching strategies when we are working with the different teams and within the team and especially with the Terraform. Like so we had to keep the state file in the remote and to make sure the lock is present and, uh, the same state cannot be, uh, modified by the same I mean, from our team members. Uh, so, uh, the, like, uh, definitely, the reasoning has to be maintained. Definitely, the has to be maintained for this one. Uh, so always, uh, before, uh, that that that should be, like, a number of review and approvals has to be implemented before any code, uh, match to that master. So, uh, always, Larry will be a if it is any security later, that we have to implement the tag with the security approval and before it's going to the final approval. So always, we have to in include the multiple checks before it's getting, uh, approved by the the final. Yeah.

Yeah. Uh, Yeah. I see that that operators is, uh, the Kubernetes operators is the significant, uh, to manage the complex workloads in the in the Kubernetes. And, uh, so though so using that, uh, we always have to keep that, uh, the Kubernetes, uh, I mean, um, the operators, uh, using the Golang or any other language and, uh, for the respective applications for the shift flow applications. Yes. So yeah. So so, basically, like, uh, when we when we provide the when we provide the platform to that application teams, this application team will be taking care of that, uh, so what opportunities is required for their respective workloads, respective workloads to run it in the Kubernetes cluster. So they will decide according to that. Thank you.