01 / 18
K8s Multi-Tenant Platform
Self-service Kubernetes platform with namespace-as-a-tenant, RBAC automation, and per-team cost allocation.
↗
I m a k e i n f r a s t r u c t u r e t h a t s t a y s u p .
Five years of platform work, mostly inside service-based companies — which is to say I've seen a lot of stacks. The ones below are the tools I reach for without thinking.
Most of the systems I've inherited were a slow accumulation of "we'll fix it next sprint." My job is usually to either fix that — or build the thing that doesn't become it.
I care about boring deployments, blameless postmortems, and runbooks that someone on call at 3am can actually follow. I'm equally happy writing a Terraform module, drawing an architecture diagram, or pairing with a backend engineer on a memory leak.
Outside of work I run a small homelab (Proxmox + Talos), tinker with vim configs (this site has a hint), and read more SRE postmortems than is strictly healthy.
The roles that shaped how I think about systems, on-call rotations, and the difference between "running" and "production-ready". Click any role for the long version.
Leading platform engineering for a fintech client — designed multi-tenant Kubernetes platform on EKS, migrated 40+ microservices, cut deploy time from 38 min to 4 min.
Built CI/CD pipelines and observability stack across 6 client engagements. Standardized Helm chart library, introduced GitOps workflow that reduced production incidents by 62%.
Migrated legacy on-prem workloads to AWS for healthcare and retail clients. Wrote Terraform modules now used company-wide; maintained PCI-DSS compliant landing zones.
On-call rotation for a 24/7 SaaS platform serving 2M users. Wrote SLO definitions, error-budget policies, and a chaos-testing framework using Litmus.
First role out of school. Owned Jenkins build infrastructure and Docker registry. Migrated CI from shell scripts to declarative pipelines.
Formal credentials and the certifications I keep current — most recently re-upping CKA in 2024.
A mix of platform work, internal tooling, and weekend tinkering. Filter by category, expand the rest.
Self-service Kubernetes platform with namespace-as-a-tenant, RBAC automation, and per-team cost allocation.
Single-command CLI that scaffolds an ArgoCD-driven cluster with sealed-secrets and policy guardrails.
Terraform module that drops a full Prom + Loki + Tempo + Grafana stack in 90 seconds.
Scheduled fault injection framework with automatic SLO blast-radius checks.
Bastion-less SSH access via short-lived certs issued from Vault by SSO identity.
Detects cloud spend anomalies using EWMA + Slack alerts; saved $11k/mo on first deploy.
Internal OCI-based chart registry with linting CI, security scanning, and signed releases.
PgBouncer-based proxy with predictive scaling tied to app-layer queue depth.
Scans live AWS accounts against SOC2 controls; generates evidence artifacts nightly.
Bazel-compatible remote cache running on spot nodes; cut CI build times 4×.
Self-tuning bot that learns workload patterns and adjusts node group min/max.
PR-triggered isolated namespaces with auto-DNS, auto-tear-down, GitHub status checks.
PagerDuty + Grafana mashup that surfaces alert fatigue and noisy neighbors.
K8s operator that rotates DB and API secrets on a schedule with zero-downtime handoff.
Quarterly automated DR drill — flips traffic, validates data, rolls back in <8min.
CI step that analyzes layers and proposes Dockerfile edits — average 71% size reduction.
Backstage plugin set: golden paths, scaffolder templates, env catalog with TechDocs.
Vector-based log fan-in at the edge with PII redaction before shipping to central store.
Notes from the field. Mostly things I wished someone had told me a year earlier. Full archive on the blog subdomain.
Most charts I review have the same five anti-patterns. Here's a refactor playbook with before/after diffs.
A walk-through of `terraform plan -out` output and what to actually look for in a code review.
Symptom-based SLOs with concrete examples — error budget burn rates, multi-window alerts.
Generous things people I've worked with have said. They probably had to be nice; I included them anyway.
Ankur rebuilt our deploy pipeline from the inside out. What used to take an afternoon takes four minutes — and we trust it more.
Calm under fire and disturbingly thorough. He left us with runbooks even our junior engineers can follow at 3am.
He pushes back when something is wrong, in the best way. The kind of engineer you want owning your platform.
Documented every decision, paired generously, and shipped it. We'd hire him again in a heartbeat.
Honestly his on-call instincts are sharper than half my staff. We've passed on him five times for headcount reasons we keep forgetting. Strong hire if we ever figure out budget.
Resume Match Score 72%. Required: 8 years AWS Lambda. Candidate: 7. Returning to candidate pool with high intent to never contact again. Tracking ID APPL-447921.
At this point we just keep him in the system. Every rejection email turns into a thoughtful conversation about engineering culture and now he's friends with three of our directors. Nobody knows how to stop the loop.
I read every message. Best for project briefs, contract DevOps work, and the occasional architecture review.