← В ленту
senior
Регистрация: 21.08.2023

Pavel Gural

Специализация: Lead DevOps
I have 7+ years of experience in security and outsourcing areas. For the past 3 years, I have held a Team/Tech Lead position in DevOps projects. I have developed expertise in building,migrating, and supporting Microservices environments on-premises and in the cloud, primarily using Kubernetes and implementing DevOps practices. Clouds: AWS: VPC, EC2, ECR, EKS, RDS, EFS, EBS, S3, Route53, Lambda, CloudWatch, Cloudfront, Signed Cookies, Signed URL, Global Accelerator, MSK, Secret/Certificate Manager. Azure: VNET, ACR, AKS, PostgreSQL flexible server, Storage Account, DNS zones, Function App, Traffic Manager, HDInsight, Kafka Event Hubs, Private Link/Endpoint. Team/Tech Lead activities: - lead the interview process; - distribute tasks between the team; - participate in code reviews.
I have 7+ years of experience in security and outsourcing areas. For the past 3 years, I have held a Team/Tech Lead position in DevOps projects. I have developed expertise in building,migrating, and supporting Microservices environments on-premises and in the cloud, primarily using Kubernetes and implementing DevOps practices. Clouds: AWS: VPC, EC2, ECR, EKS, RDS, EFS, EBS, S3, Route53, Lambda, CloudWatch, Cloudfront, Signed Cookies, Signed URL, Global Accelerator, MSK, Secret/Certificate Manager. Azure: VNET, ACR, AKS, PostgreSQL flexible server, Storage Account, DNS zones, Function App, Traffic Manager, HDInsight, Kafka Event Hubs, Private Link/Endpoint. Team/Tech Lead activities: - lead the interview process; - distribute tasks between the team; - participate in code reviews.

Портфолио

EPAM Systems

1. Implemented high-available hybrid (Linux and Windows) AKS (k8s) cluster via ARM template in Azure. Achieved reproducible AKS deployments across multiple envs. 2. Deployed the following services via ARM template in Azure: VNET, HDInsight, EventHub, Storage Account, Private Link, and Private Endpoint. 3. Implemented ElasticSearch deployment/update in Elastic Cloud via ecctl. 4. Implemented KEDA as an autoscaling tool to be able to scale up and down apps based on the Prometheus metrics and CPU. 5. Created CI/CD pipeline for infrastructure deployment for multiple envs via GitHub Actions. 6. Created CD pipeline for application deployment for multiple envs via GitHub Actions. Applications are packed into helm charts. 7. Implemented cloud-cost optimization: • Saved $44k/year by implementing Spot Node Pool for 5 non-prod envs. • Saved $35k/year by implementing Cert-manager. Moreover, it saved 100+ staff hours due to automatic cert renewal. • Deployed application features in a separate k8s namespace. A k8s ns is removed automatically once the PR is merged or a PR is older than 8 hours. • Created a separate DB in the PostgreSQL instance instead of creating the PostgreSQL instance itself for every application PR. A DB is removed automatically once the PR is merged or a PR is older than 8 hours. 8. Migrated the pipeline from Azure DevOps to GitHub Actions for Azure infrastructure. 9. Temporarily assumed project management duties in the absence of the assigned project manager.

EPAM Systems

1. Deployed the following AWS infrastructure in multiple envs via Terraform: VPC, EKS (k8s), and RDS (PostgreSQL). 2. Deployed cluster autoscaler for the EKS cluster. 3. Created CI/CD pipeline for the infrastructure deployment via GitLab.

SoftClub

1. Deployed and administrated centralized anti-virus ESET. 2. Developed an anti-virus protection policy. 3. Developed a method for finding spyware using Open Source software. 4. Administrated the Kerio Control Firewall. 5. Set up virtual machines on hypervisors: VMWare Workstation, VMWare Player, Oracle VirtualBox. 6. Troubleshot issues on Windows-based VMs. 7. Set up the switch Aruba 2920.

Скиллы

Python
Bash
Docker
Kubernetes
OpenShift
Helm
Istio
Cert-manager
KEDA
GitHub Actions
GitLab
Azure DevOps
Jenkins
Maven
Gradle
Ansible
Terraform
Cloudformation
AWS CDK
ARM templates
Prometheus
Grafana
Alertmanager
EFK stack
PostgreSQL
ElasticSearch
Kafka
Vault
CoreDNS
VNET
ACR
AKS
AWS
Azure

Опыт работы

DevOps Tech/Team Lead
04.2023 - 04.2023 |EPAM Systems, NDA, E-commerce
Terraform: VPC, EKS (k8s), RDS (PostgreSQL), GitLab
1. Deployed the following AWS infrastructure in multiple envs via Terraform: VPC, EKS (k8s), and RDS (PostgreSQL). 2. Deployed cluster autoscaler for the EKS cluster. 3. Created CI/CD pipeline for the infrastructure deployment via GitLab.
DevOps Tech/Team Lead
10.2021 - 04.2023 |EPAM Systems, NDA, Cloud Computing
Azure DevOps, GitHub Actions, VNET, HDInsight, EventHub, Storage Account
1. Implemented high-available hybrid (Linux and Windows) AKS (k8s) cluster via ARM template in Azure. Achieved reproducible AKS deployments across multiple envs. 2. Deployed the following services via ARM template in Azure: VNET, HDInsight, EventHub, Storage Account, Private Link, and Private Endpoint. 3. Implemented ElasticSearch deployment/update in Elastic Cloud via ecctl. 4. Implemented KEDA as an autoscaling tool to be able to scale up and down apps based on the Prometheus metrics and CPU. 5. Created CI/CD pipeline for infrastructure deployment for multiple envs via GitHub Actions. 6. Created CD pipeline for application deployment for multiple envs via GitHub Actions. Applications are packed into helm charts. 7. Implemented cloud-cost optimization: • Saved $44k/year by implementing Spot Node Pool for 5 non-prod envs. • Saved $35k/year by implementing Cert-manager. Moreover, it saved 100+ staff hours due to automatic cert renewal. • Deployed application features in a separate k8s namespace. A k8s ns is removed automatically once the PR is merged or a PR is older than 8 hours. • Created a separate DB in the PostgreSQL instance instead of creating the PostgreSQL instance itself for every application PR. A DB is removed automatically once the PR is merged or a PR is older than 8 hours. 8. Migrated the pipeline from Azure DevOps to GitHub Actions for Azure infrastructure. 9. Temporarily assumed project management duties in the absence of the assigned project manager.
DevOps Tech/Team Lead
11.2020 - 09.2021 |EPAM Systems, NDA, Cloud Computing
VPC, RDS, EFS, MSK (Kafka), EKS (k8s), and Global Accelerator via CloudFormation(CFN) template
1. Created AWS infrastructure such as VPC, RDS, EFS, MSK (Kafka), EKS (k8s), and Global Accelerator via CloudFormation(CFN) template. 2. Infrastructure deployment was implemented via a declarative multi-branch pipeline Jenkins. 3. Autoscaling of apps was implemented via KEDA based on Prometheus metrics, CPU, and memory. 4. Delivered a highly available application with fast failover for multi-Region EKS clusters via Global Accelerator. 5. Created AWS infrastructure such as VPC and EKS (k8s) via AWS CDK as a PoC.
Senior DevOps Engineer
11.2019 - 10.2020 |EPAM Systems, NDA, Cloud Computing
Zookeeper, Kafka, PostgreSQL, ElasticSearch, Vault
1. Deployed OpenShift cluster via OKD 3.11 for stateless services. 2. Deployed the following stateful services (Zookeeper, Kafka, PostgreSQL, ElasticSearch, Vault), and stateless CoreDNS (for DNS resolution) in docker containers via Ansible. 3. Created k8s manifest files for deploying on top of the OpenShift cluster. 4. Implemented EFK (ElasticSearch, Fluentd, Kibana) as a logging solution. 5. Created a Python script to implement an ES indices retention policy and creation of Kibana index pattern. 6. Implemented Prometheus, Grafana, and AlertManager as a PoC.
DevOps Engineer
10.2018 - 10.2019 |EPAM Systems, NDA, Cloud Computing
VPC, RDS, EFS, EC2
1. Migrated monolithic Java apps to the docker containers. 2. Created AWS infrastructure such as VPC, RDS, EFS, EC2, and Lambda functions via CloudFormation(CFN) template. • The Java app was running on the EC2 VM in the docker container. Docker logs sent to Cloud Watch. • EFS is used as a storage for Java heap dumps. • Created Python wrapper to deploy/update/delete CFN stacks. • Wrote the Lambda functions on Python using boto3 and cfnresponse libraries for different purposes: - delete record sets in Amazon Route 53 DNS service when a CloudFormation stack is deleted; - detach and remove network interfaces associated with a specific VPC when a CloudFormation stack is deleted.
DevOps Engineer
05.2018 - 09.2018 |EPAM Systems, NDA, FinTech
AKS (k8s), Python, Azure Storage Accounts
1. Deployed a hybrid AKS (k8s) cluster with both Linux and Windows nodes through an ARM template. 2. Implemented a declarative multi-branch CI pipeline for a Java application. 3. Developed a Python-based file server that connects Artifactory and Azure Storage Accounts, resulting in annual cost savings of $14,000 by eliminating the need for an Enterprise license.
System Engineer
11.2016 - 01.2018 |SoftClub, FinTech
VMWare Workstation, VMWare Player, Oracle VirtualBox
1. Deployed and administrated centralized anti-virus ESET. 2. Developed an anti-virus protection policy. 3. Developed a method for finding spyware using Open Source software. 4. Administrated the Kerio Control Firewall. 5. Set up virtual machines on hypervisors: VMWare Workstation, VMWare Player, Oracle VirtualBox. 6. Troubleshot issues on Windows-based VMs. 7. Set up the switch Aruba 2920.

Образование

Management Information Systems and Services, Management of the Security Production Process
2017 - 2018
BSUIR
Information Security in Telecommunication Systems
2012 - 2017
BSUIR

Языки

АнглийскийВыше среднего