Serhii Ivanov
Senior Software Engineer | Golang | Kubernetes | SRE | DevOps
About
Proactive software engineer with Golang as language of choice. I am used to wearing many hats and generally very flexible when investigating new roles.
Work Experience
Freelance SRE and DevOps role focused on build system maintenance, software packaging for Linux distributions, and CI/CD workflow management using GitHub Actions.
- Maintenance of build systems that utilize Autotools, Make, CMake.
- Packaging software for Debian and Redhat based Linux distributions (DEB, RPM).
- Maintenance of CI/CD workflows using GitHub Actions.
- Facilitation of migration from Bamboo to GitHub Actions.
Contract role focused on migrating security products from Python to Golang and researching WAF integration solutions.
- Migration of Python based AV product, Imunify360, to Golang code base
- Research project about using Coraza/Modsecurity WAF with NGINX
Senior Software Developer role focused on Kubernetes operator development, BareMetal server provisioning, and performance optimization in large-scale cluster environments. Contributed to open source projects and developed custom solutions for Kubernetes and OpenStack integration.
- Developed and managed Kubernetes operators and ClusterAPI providers for BareMetal server provisioning and life-cycle management.
- Developed iPXE edge controller bridging Kubernetes and OpenStack Ironic integration.
- Created a DHCPv4 Relay in pure Golang for dynamic Kubernetes cluster environments.
- Improved BareMetal servers provisioning performance in large Kubernetes clusters by up to 10x.
- Collaborated with system engineers and developers on complex system requirements.
- Contributed to open source projects including Metal3.io and OpenStack.
Led development of various infrastructure and container management solutions using Golang, with a focus on security, monitoring, and performance optimization.
- Led team, coordinated projects, and mentored junior staff.
- Developed back-end infrastructure-related services using Golang.
- Created fanotify-based file modification monitoring for Linux containers.
- Implemented custom L7 and L2/L3 DDoS protection using Nginx.
- Developed distributed TLS certificate storage using Golang FUSE filesystem.
- Created WebUI for container backup solution using Gin, Semantic UI, and PostgreSQL.
- Implemented network hooks for LXC/LXD and Libvirt for advanced networking setups.
- Developed API, WebUI, and CLI for website screenshots using CDP and headless Chromium.
- Created custom Cgroups monitoring agent for Linux containers with Clickhouse and Grafana.
Responsible for server and container provisioning and maintenance, leveraging SaltStack and in-house solutions to manage infrastructure efficiently.
- Managed BareMetal server and Linux Containers provisioning (in-house solution | SaltStack) and maintenance.
- SaltStack leveraging Salt-SSH for container maintenance.
- Maintained Salt in Master-Minion mode for BareMetal servers.
- Worked with various datacenter (hardware) and web-hosting (software) related technologies.
Responsible for infrastructure administration, server monitoring, and providing tailored hosting solutions and technical support to customers.
- Administered and provisioned network infrastructure and equipment.
- Monitored BareMetal servers, services, and data transport channels using Zabbix and Nagios.
- Provided customer consultation and extensive technical support.
- Tailored Linux Containers based hosting solutions to meet various customer requirements.
- Managed software including Nginx, Apache, PHP, MariaDB/MySQL, Redis, Memcached, Sphinx, Elasticsearch, and Varnish.
Education
Projects
The Mirantis DHCPv4 Relay is a lightweight, containerized DHCPv4 relay agent designed for use in container environments.
- Implements DHCPv4 relay functionality for containerized environments
- Open-source project
nginx-js-challenge is a security addon for NGINX that implements a JavaScript-based challenge-response mechanism.
- Implements JavaScript-based challenge-response mechanism for NGINX
- Provides protection against DDoS attacks and bot traffic
- Uses browser's JavaScript execution capabilities for verification
- Integrates with NGINX using the njs module
- Open-source project with MIT license
go-fanotify is a Go library that provides bindings for the Linux fanotify API.
- Provides Go bindings for the Linux fanotify API
- Enables file system monitoring and notification in Go programs
- Supports various fanotify events and flags
- Includes examples for basic usage and advanced features
- Allows for efficient file system auditing and access control
- Open-source project with MIT license
A Python-based IPMI Baseboard Management Controller (BMC) implementation for managing Libvirt virtual machine domains, designed for CI and development environments.
- IPMI v2.0 protocol implementation for Libvirt virtual machines
- Multi-domain management with concurrent access control
- EFI/BIOS boot mode detection and configurable fallback boot order
- Supports standard IPMI commands via ipmitool
- Python 3.10+ compatible with stateless configuration
- Open-source project with Apache-2.0 license
Certificates
Publications
Tutorial demonstrates how to use k0rdent's MultiClusterService template to simplify the deployment and management of Valkey across multiple Kubernetes clusters in a multi-cloud environment.
Guide shows how to deploy Debian-based OCI container images directly to bare metal using a custom Metal3 hardware manager that supports EFI boot, LVM storage, and optional RAID1 redundancy.