sergelogvinov.github.io
About me.
Programming languages
- golang
- python
- ruby
- php
- asm
- c/c++
- pascal
- bash/sh
Infrastructure as code
- terraform
- ansible
- pupper
Kubernetes world
I have been using the Kubernetes since 0.3 version. Kubeadm was unstable and I made my tools to bootstrap the cluster. The first edition was based on a puppet. When I replaced it by ansible role.
Average bootstrap time on bare metal:
- control plane with etcd cluster - 15min
- worker nodes - 5min with + 2 reboots (for testing purpose)
Control plane installation types:
- systemd configs
- staticpod (kubelet yaml configs)
- deployments (kubernetes deploytments/daemonsets)
All Kubernetes certificates are generated by ansible with ABAC/RBAC policy. Creating a host firewall depends on CNI plugin (I prefer cilium as a CNI plugin now).
- hybrid/multi cluster, bare metal + cloud - Create a big cluster with one distributed Kubernetes control plane in different datacenters/cloud providers. Hybrid nodes - virtual machines and bare metal servers.
- kubernetes from scratch (ansible/puppet roles)
- cni - cilium, wavenet, kube-router, kilo
- fluent-bit/fluentd + plugin, loki, clickhouse
- grafana, prometheus, custom exporters (golang, python)
- ingress-nginx, gloo, haproxy, traefic, skipper, ddos protection based on lua/modsec
- helm + sops, fluxcd, ansible roles
- external services exporter - Developers can route requests inside the Kubernetes cluster to the local machine.
Linux world
Unattended installation system by CDROM-templates (pressets), pxe boot, prepared system images. Puppet roles + hiera. Auto servers discovery/inventory system. Linux kernel optimization. Numa balancing, IRQ affinity. XEN/KVM host virtualization. Device pass-through VT-d and VNFs. Lxc-container deployment system (like docker). Prebuild containers and lanch them in dev/prod environments. Privet cloud on Openstack. Openstack custom network plugins.
- linux auto install (automated installation)
- puppet + hiera + activemq (~60 modules + 2 ruby libs)
- ansible (~40 roles)
- PRs to foreman project
- virtualisation xen,kvm with vt-d and numa optimization.
- lxc with pre-built templates. Like the docker but only one layer. (deploy system)
- openstack from scratch using puppet + one network plugin.
- AWS, Azure, GCP, Oracle, Digitalocean, Hetzner, Ovh, Scaleway, Upcloud and ~10 other clouds
- terraform + plugins
OS
- talos
- debian + build deb packages
- ubuntu
- coreos for jenkins workers
- sles as VM hypervisor
- centos
- openbsd
- freebsd
- openwrt (custom firmware)
Network
Distributed DNS clusters in different datacenters. L3 cisco switches with an access policy to protect production environments against dev-clusters. Port mirroring for analytics. Make load tests based on real requests. BGP uses inside data centers for load balancing.
- l7 ddos protection
- firewalls - iptables + ipsets, pf
- cisco switces - acls, vlans, port channels
- bgp - bird for load balancing
- bind9, powerdns - primary/secondary/geo view
- soft gateways - linux/openbsd/openwrt, multi wan lb
- openvpn, ipsec, wireguard
Database
- postgres + walg/barman
- clickhouse
- redis, keyDB + walg
- mongodb + walg
- rabbitmq
- influx
- memcache
CI/CD
Self-hosted github actions in Kubernetes. Workers have docker cache registry and distributed docker build cluster. A free version of TeamCity in Kubernetes (3 agents). All builds run in docker. Teamcity agents have limited utils and docker/nerdctl.
To reach CI/CD agnostic solution I use Makefile on top of the repository. CI/CD runs only make commands with parameters. It allows me to change CI/CD solutions very easily.
Most popular tools:
- teamcity (optional deploy prepared containers)
- github actions (build and test code)
- jenkins (distributed cluster with matrix tests)
- makefile
- dockerfile + buildkit
Blockchain
Our own testnets for bitcoin/ethereum/waves. It helps to make a integration tests in ci/cd piplelines. I launched a distributed cryptocurrency network in different countries (production env). Based on kubernetes and helm deployments + prometheus exporters/grafana dashboards/alerts. It looks like infura does.
Create a smart contract on ethereum network.
Experience in production env:
- ethereum
- bitcoin
- waves
- ergo
Solutions for offices (SAS)
- work time accounting system
- Network gateways, nat, web proxy with filtering, website blocker
- openbsd as router (read only root fs)
- primary/secondary dns (bind9)
- squid + filtering
- mail server (sendmail + sasl, sendmail filters m4) + pop3/imap server (dovecot)
- tftp/dhcp boot + unattended windows install (it takes about 30 minute to full preparation windows workstation, no system administrator required)
- office workstations (based on ubuntu)
- automation external management for linux like puppet/chef but uses track (python) and python daemons on the workstations. Daemons receive the jobs from the Track system, launch it and put the result to the issue.
University time
- microchip PIC (16 bit) home automatisation (asm)
- network hardware 10Mbit bandwidth, error rate, packet collisions (windows application uses libpcap)
- home ISP, gateways, firewalls, traffic billing, pptp/pppoe server (for windows clients)
- high performed file server (samba with optimisation) + journal file system (samba virtual file system) and business logic around it. (freebsd)
School time
- dos game like arkanoid (pascal + asm injections)