Serhii Ivanov
Senior Software Engineer | Golang | Kubernetes | SRE | DevOps
About
Proactive software engineer with Golang as language of choice. I am used to wearing many hats and generally very flexible when investigating new roles.
Work Experience
Contributing to multiple open-source infrastructure projects with focus on Kubernetes cluster management, bare-metal provisioning, and network virtualization.
- Open-source contribution to various projects, most prominently CAPA, ProjectSveltos, Metal3, Tinkerbell, k0s, k0rdent.
- Created a DHCPv4 server that integrates with Metal3 in pure Golang for dynamic Kubernetes cluster environments.
- Created a dedicated controller for Metal3 that enables advanced noDHCP provisioning by injecting networking config and arbitrary files into initramfs.
- Pioneered early KubeVirt integration with NVIDIA DOCA and conducted deep research on DOCA/DPU implementation.
- Author of the k0rdent out-of-tree templates feature and maintainer of the out-of-tree templates repository.
- Conducted constant research and development for useful features from different OSS projects.
Freelance SRE and DevOps role focused on build system maintenance, software packaging for Linux distributions, and CI/CD workflow management using GitHub Actions.
- Maintenance of build systems that utilize Autotools, Make, CMake.
- Packaging software for Debian and Redhat based Linux distributions (DEB, RPM).
- Maintenance of CI/CD workflows using GitHub Actions.
- Facilitation of migration from Bamboo to GitHub Actions.
Contract role focused on migrating security products from Python to Golang and researching WAF integration solutions.
- Migration of Python based AV product, Imunify360, to Golang code base
- Research project about using Coraza/Modsecurity WAF with NGINX
Senior Software Developer role focused on Kubernetes operator development, BareMetal server provisioning, and performance optimization in large-scale cluster environments. Contributed to open source projects and developed custom solutions for Kubernetes and OpenStack integration.
- Developed and managed Kubernetes operators and ClusterAPI providers for BareMetal server provisioning and life-cycle management.
- Developed iPXE edge controller bridging Kubernetes and OpenStack Ironic integration.
- Created a DHCPv4 Relay in pure Golang for dynamic Kubernetes cluster environments.
- Improved BareMetal servers provisioning performance in large Kubernetes clusters by up to 10x.
- Collaborated with system engineers and developers on complex system requirements.
- Contributed to open source projects including Metal3.io and OpenStack.
Led development of various infrastructure and container management solutions using Golang, with a focus on security, monitoring, and performance optimization.
- Led team, coordinated projects, and mentored junior staff.
- Developed back-end infrastructure-related services using Golang.
- Created fanotify-based file modification monitoring for Linux containers.
- Implemented custom L7 and L2/L3 DDoS protection using Nginx.
- Developed distributed TLS certificate storage using Golang FUSE filesystem.
- Created WebUI for container backup solution using Gin, Semantic UI, and PostgreSQL.
- Implemented network hooks for LXC/LXD and Libvirt for advanced networking setups.
- Developed API, WebUI, and CLI for website screenshots using CDP and headless Chromium.
- Created custom Cgroups monitoring agent for Linux containers with Clickhouse and Grafana.
Responsible for server and container provisioning and maintenance, leveraging SaltStack and in-house solutions to manage infrastructure efficiently.
- Managed BareMetal server and Linux Containers provisioning (in-house solution | SaltStack) and maintenance.
- SaltStack leveraging Salt-SSH for container maintenance.
- Maintained Salt in Master-Minion mode for BareMetal servers.
- Worked with various datacenter (hardware) and web-hosting (software) related technologies.
Responsible for infrastructure administration, server monitoring, and providing tailored hosting solutions and technical support to customers.
- Administered and provisioned network infrastructure and equipment.
- Monitored BareMetal servers, services, and data transport channels using Zabbix and Nagios.
- Provided customer consultation and extensive technical support.
- Tailored Linux Containers based hosting solutions to meet various customer requirements.
- Managed software including Nginx, Apache, PHP, MariaDB/MySQL, Redis, Memcached, Sphinx, Elasticsearch, and Varnish.
Education
Projects
The Mirantis DHCPv4 Relay is a lightweight, containerized DHCPv4 relay agent designed for use in container environments.
- Implements DHCPv4 relay functionality for containerized environments
- Open-source project
nginx-js-challenge is a security addon for NGINX that implements a JavaScript-based challenge-response mechanism.
- Implements JavaScript-based challenge-response mechanism for NGINX
- Provides protection against DDoS attacks and bot traffic
- Uses browser's JavaScript execution capabilities for verification
- Integrates with NGINX using the njs module
- Open-source project with MIT license
go-fanotify is a Go library that provides bindings for the Linux fanotify API.
- Provides Go bindings for the Linux fanotify API
- Enables file system monitoring and notification in Go programs
- Supports various fanotify events and flags
- Includes examples for basic usage and advanced features
- Allows for efficient file system auditing and access control
- Open-source project with MIT license
A Python-based IPMI Baseboard Management Controller (BMC) implementation for managing Libvirt virtual machine domains, designed for CI and development environments.
- IPMI v2.0 protocol implementation for Libvirt virtual machines
- Multi-domain management with concurrent access control
- EFI/BIOS boot mode detection and configurable fallback boot order
- Supports standard IPMI commands via ipmitool
- Python 3.10+ compatible with stateless configuration
- Open-source project with Apache-2.0 license
Certificates
Publications
Tutorial demonstrates how to use k0rdent's MultiClusterService template to simplify the deployment and management of Valkey across multiple Kubernetes clusters in a multi-cloud environment.
Guide shows how to deploy Debian-based OCI container images directly to bare metal using a custom Metal3 hardware manager that supports EFI boot, LVM storage, and optional RAID1 redundancy.