Senior DevOps Engineer · Azure · Kubernetes · GitOps · Infrastructure-as-Code
I'm the person product teams quietly rely on between deploys. I build and operate the delivery platform that ships everything else — Azure DevOps pipelines, AKS clusters running Argo CD, Terraform-managed Azure footprints, and a steady layer of PowerShell glue that turns manual toil into self-service.
My bias: strong defaults, small composable modules, and failures that point at the fix instead of the person.
- Platform engineering — self-service pipeline templates, shared Helm charts, and golden paths so product teams stop re-inventing CI/CD every sprint.
- GitOps on AKS — Argo CD app-of-apps across dev/staging/prod, progressive delivery, OPA Gatekeeper guardrails, and KEDA for event-driven autoscaling.
- Infrastructure-as-Code — reusable Terraform modules for the Azure services I reach for most (AKS, VNet, Key Vault, Storage, ACR), multi-environment stacks with remote state and locking.
- Day-2 operations — PowerShell and Python tooling for pipeline health, cost reporting, compliance auditing, and right-sizing workloads.
- Security & compliance — network policies, workload identity, Gatekeeper constraint templates, signed images, branch and pipeline policy-as-code.
| Cloud | Azure (AKS, Key Vault, ACR, Storage, Monitor, Log Analytics, Application Gateway, Private Endpoints) |
| CI / CD | Azure DevOps Pipelines · GitHub Actions · Argo CD · Argo Rollouts |
| Containers & orchestration | Kubernetes · Helm · Kustomize · Docker · KEDA · Cert-manager · NGINX Ingress |
| Infrastructure-as-Code | Terraform · Terragrunt · Bicep (read-only) |
| Policy & security | OPA Gatekeeper · Azure Policy · Workload Identity · Trivy · Checkov · tfsec |
| Observability | Prometheus · Grafana · Loki · Azure Monitor · Application Insights |
| Scripting & automation | PowerShell (primary) · Python · Bash · Go (small CLIs) |
| Source & registries | Azure Repos · GitHub · Azure Container Registry · Artifactory |
| Repo | What's in it |
|---|---|
| azure-devops-utilites | Pipeline templates (build / deploy / test), security scanning, k6 load tests, PowerShell + Python tooling (pipeline health reports, cost reporting, compliance checker, webhook server), Helm chart for self-hosted agents on AKS, branch & pipeline policies. |
| kubernetes-utilities | AKS base manifests (RBAC, network policies, quotas, PDBs, HPA/VPA, ingress, cert-manager), in-house Helm charts (microservice-base, api-gateway), Argo CD app-of-apps for dev / staging / prod, OPA Gatekeeper constraints, KEDA scalers for Service Bus / Event Hub, Workload Identity configs. |
| terraform-utilities | Azure Terraform modules (AKS with Workload Identity, VNet with subnets + NSGs, Key Vault with RBAC, Storage with lifecycle rules, ACR with private endpoint and geo-replication), multi-environment stacks with remote state, plan-summary tooling for PR gates. |
- AZ-400 — Microsoft Certified: DevOps Engineer Expert
- AZ-104 — Microsoft Certified: Azure Administrator Associate
- Reliability — error budgets that drive real decisions, not dashboards no one reads.
- Cost engineering — right-sizing before scaling out, spot pools for non-prod, tagging discipline that finally makes chargeback work.
- Developer experience — if a teammate has to read a wiki to deploy, the platform failed them. Pipelines should explain themselves.
- Blast-radius control — environment isolation, progressive rollouts, policy-as-code, and pre-merge plan review as defaults — not add-ons.
- Small, composable modules over sprawling monorepos
- Strong defaults with clear escape hatches
- Pipeline failures should point at the fix, not the person
- Right-size before you scale out
- Document the why; the what is in the code
- eBPF-based network observability (Cilium Hubble)
- Signed images end-to-end with Notation + ORAS
- Backstage as an internal developer portal on top of existing Argo CD / ADO flows
📧 mtarun523@gmail.com 🐙 github.com/TharunMakala
Open to conversations about platform engineering, GitOps at scale, and Azure landing zones.