Deepak Suryaprakash Kowshika

Dynamic Site Reliability Engineer with a proven track record of delivering services in the company. I specialize in cloud infrastructure and automation, focused on smart scaling to be cost-effective. Achieved a 60% cost reduction in certificate management while enhancing usage insights and providing proper recommendations and automation solutions. Skilled in Python and fostering collaboration across teams to drive high-availability solutions and improve performance.

• Certified Kubernetes Administration (CKA)
• https://www.credly.com/badges/b654d9f6-2266-4eea-9f13-21eb239a2c99/linked_in_profile
• Amazon Web Services Training and Certification - AWS Certified Solutions Architect – Associate
• Issue Date: This badge was issued to Deepak Suryaprakash Kowshika on June 29, 2022
• Expires on June 29, 2025
• LinkedIn.com/Skills-assessment: Amazon Web Services (AWS) assessment
• June 2022 LinkedIn Skill Assessment badge

Title: Site Reliability Engineer II

PKI and certificate Lifecycle management

• Inventory and discovery of usage patters and usecases.
• survey and questionnaire for audience to understand the usage requirements better.
• Analyzed and designed the best solution for each usecase using comparison metrics gathered with pocs. the resulting solutions integrate tightly with their clients.
• Developed Best Practices and Usage guides based on internal usage patterns and trends.
• Worked with central technology teams to provide the ability to just in time provisioning of certificates based on dns validation and native support to provide a single way to handle certificates.
• Developed and deployed a homegrown HSM solution for backing internal CA and codesigning requirements in accordance with FIPS 140-2 requirement.
• Worked with Vendors like Venafi (cyberarc), Digicert, Keyfactor, AWS ACM, GCP CA, openssl and more.
• Worked with Teams to setup intermediary trust stores and subCAs to allow mesh services to be secured at instantiation with a short lived validity.
• Reduced wasteful usage by working with teams to adopt best practices and using self signed where possible
• Worked with security to remediate usage of bad domains and to consolidate the internal Certificates and streamline on using 1 main cert chain for internal use everywhere.
• Observability, Reporting, consistently and engaging with teams to setup Chargebacks to teams using the certs. Allowing more visibility into possible savings by changing usage patterns.
• Using cloud provider specific native certificate management services like ACM CA as opportunity to save money for certs used within AWS by migrating and managing it via AWS.
• Saved approx $600k of $1.1m spend on certificate management.

Containerization and Service Migration

• Developed Container Images for bind DNS, SMTP, NTP and LDAP.,
• Developed highly available around these images to be used for deployment on clusters.,
• Identified KPIs, SLI and SLOs for each of the above services.,
• Setup and put in place advanced monitoring and logging for the services using granular metric exporters.,
• Setup alerting, escalations and auto healing (where we can) using event-bridge and Pagerduty.,
• Migrated live traffic for services by re-pointing existing VIP to the new service endpoints on a weighted basis.,
• Developed a Path to productionalize services via single pipeline backed by single source of truth (monorepo). Achieved using .,
• This has enabled our team for the first time to deploy within minutes to any cloud provider/ DC regardless of the underlying infrastructure with access to - endpoint., Further, for the first time, granted ability to monitor the core services from a service reliability stand point rather than system metrics (CPU, Mem).

Kubernetes Cluster Generator

• Designed Architecture for infrastructure based on business requirement - Utilize unused Hardware and build ability to generate Kubernetes clusters on the fly to offer compute capacity to partner teams on premise.,
• Worked on POC testing and validating with multiple Vendors - metal cube, metal k8s, rancher, Talos-, -a, -.,
• Generate a comparison pyramid to drill down on a vendor. Decided Talos- as product, satisfying most of the requirements.,
• Designed a Highly available Architecture with Management plane and Tenant plane.,
• Deployed a dev environment to test working in on-prem.,
• Designed and deployed Higher environments (INT and PROD).,
• Designed and implemented automated -boot sequencing with controller and internal , to provide information.,
• Developed integration between - and Device42 to track inventory and management.,
• Developed python scripts to automate node & inventory lifecycle.,
• Solely responsible for making the resulting clusters production ready. worked on below for the same: Authentication: proxy, Authorization: AWS and internal Permissions management, Monitoring: Prometheus, Logging: Loki, Metrics: , Node metrics: node-exporter, DNS management: external-, states: .,
• Deployed all of the above services to each cluster using a mono repo architecture and multiple override files for .,
• Leveraged to create apps, and smart indirection to automate deployment of all services.,
• This granted ability to our team to spin up Production grade clusters within minutes which took weeks/month prior to this project.

Globe Domination LDAP infrastructure on AWS 

• Developed Architecture design, Implementation plan for Providing LDAP service on Public Cloud Infrastructure.,
• Designed the infrastructure to be placed in AWS to support LDAP.,
• Infrastructure placed on Internal VPC on AWS with IAC.,
• Clone of the same infrastructure deployed on 5 unique regions spanning 3 continents.,
• Direct-connect enabled and VGW added to VPC.,
• Developed Cloud Formation Template to deploy infrastructure.,
• Developed, tested and implemented AMI to configure service for with Master on DC closest to cloud infrastructure.,
• Deployed Cloud Formation Stack with AWSCLI.,
• Created and implemented Routing of traffic via Route53 and using Latency Based Routing.,
• The Project resulted in reducing the latency to get on systems on the other side of the globe from 22 secs to ~2ms for ssh from NA-east to AP-east.

Central Internal Container Base Image Registry

• Designed Architecture and deployed Central Container Registry (Harbor) as a service for entire company.,
• Infrastructure includes internal VPC, NLB, EKS, Core-services for cluster.,
• Developed code for deployment and management of each piece of infrastructure.,
• Infrastructure is end-to-end automated. (One click deploy).,
• Developed containerized scanner application to be used on the cluster (Rapid7).,
• Developed to deploy scanner app.,
• Developed to deploy sync app for querying data from .,
• Developed Process to use service accounts for CI-CD pipeline to pull from.,
• Automated Certificate lifecycle management using Cert-manager and (ACME).,
• Enabled enforcement of MFA for auth into registry via OKTA OIDC.,
• Working with game teams, and other partners to ensure all circulating images have their base image from single source of truth.,
• Resulted in a providing a secure and reliable source for container base images that are regularly monitored and scanned for new vulnerability based on multiple database sources.

Binary Repo manager (Artifactory) for internal use - Phase -2

• Second Phase of the project to expand offering Binary Repo Manager to all DCs and Public cloud.,
• Created Architecture design using .,
• Architecture includes deployment of an internal VPC, Direct-connect, cluster and .,
• Developed modules to deploy DEV, INT and PROD environments for Code lifecycle.,
• Deployed the EKS clusters with generated using in-house templating tool pulling modules.,
• Developed pipelines to deploy using .,
• Deployed core-services needed on cluster to run in company standards.,
• Integrations completed with OKTA for Auth, logging and monitoring (Grafana, Loki and Prometheus).,
• Processes developed for other core-services both on DCs and Cloud to consume artifacts from Artifactory.,
• Developed an automation using python to create Web API in front of the product to offer ability to trigger functions on Artifactory.,
• Project Resulted in Team offering a Highly available, scalable, secure, central Binary Repository Manager for a large number of package types.,
• Further resulted in a self service offering for partners to leverage to self host artifacts reducing the toil, dependencies and delays from a few days for a single operation to a few seconds for multiple operations.