David Vaught

1619 Haynes Dr. · Murfreesboro, TN 37129 · (615) 663-0733 · [email protected]

Principal Kubernetes Engineer with diverse experiences across multiple languages and systems. I love to design creative solutions to complex problems. I pride myself on being a self-sufficient learner and enjoy being exposed to new technologies/tools.

Experience

Principal Kubernetes Engineer

Senior Kubernetes Engineer II

Publix Supermarkets

  • Spearheaded and configured the deployment of a highly available Hashicorp Vault instance to serve as a centralized secret management platform for Publix's public cloud, private cloud, and over 1400 edge Kubernetes clusters.
  • Handled administration for diverse Kubernetes environments, including public cloud AKS, private cloud OpenShift, and edge Rancher K3s clusters. Assisted with developer onboarding, resolved complex deployment issues, and configured robust infrastructure to ensure seamless operation and scalability.
  • Planned, created, and managed the lifecycle of various Terraform modules which were utilized to manage a variety of Azure cloud resources.
  • Developed Helm charts used by hundreds of developers which simplified the burden of Kubernetes manifest management, ultimately improving code delivery speed and time to production.
  • Created custom Prometheus exporters in Go to expose metrics on various custom resource definitions in OpenShift, enabling visualization of configured items across multiple clusters in Grafana.
  • Developed custom Ansible playbooks to automate the configuration of Kubernetes Auth for each of our 1400 plus retail clusters.
  • Designed and Implemented Helm abstractions for tenants on our clusters to self manage Alerting/Observability configuration via Prometheus Operator CRDs.
  • Implemented Vertical Pod Autoscaler and customized the VPA recommender and Kube State Metrics to emit custom target resource metrics for tenants to use to help right-size deployments.
  • Designed and created Kyverno cluster policies employing generator and mutate rules to create resources for tenants and enforce behaviors for our clusters.

    • September 2023 - Present

    Senior DevOps Engineer

    DevOps Engineer

    Lifeway Christian Resources

  • Managed multiple on-prem and cloud Kubernetes clusters which serve as the infrastructure for hundreds of our front and back end microservices for Lifeway.com and other critical applications.
  • Deployed and configured Hashicorp Vault in order to provide secure secret storage/retrieval for machine users/pipelines. Assisted with the migration of (so far) over 1700 key/value secrets to Vault.
  • Configured multiple auth methods for Vault including Kubernetes, Okta, JWT, and Approle. These auth methods support the various ways a human or a machine may need to retrieve a token from Vault.
  • Automated the build and push of our custom Docker images from a monorepo to DockerHub using Github Actions.
  • Implemented self-hosted Github Actions runners using the Actions Runner Controller project. These runners also use Github webhook driven scaling, provisioning new runners automatically based on workflow runs.
  • Re-imagined our Helm Release process for common tooling on our clusters by moving to a pull driven GitOps model using FluxCD. The Flux Helm controller allowed us to automate chart upgrades, ensure drift was automatically reconciled, and easily configure per-release notifications/alerts.
  • Assisted with the migration from Confluent Cloud Kafka to Amazon's MSK service in order to save roughly $80,000 in yearly Kafka costs.
  • Created custom GitHub Actions and CircleCI orbs to dynamically provision Kubernetes Service Accounts in a temporary nature so that our pipelines could authenticate to our Kubernetes clusters on a just-in-time basis. This approach was constructed using the Vault JWT backend and the Vault Kubernetes Secrets Engine along with some custom Javascript.
  • Implemented Atlantis to automate Terraform changes in a more collaborative manner. Atlantis allows for pull requests to be created for Terraform changes and allows for review/approval of those changes before they are applied to the environment.
  • Spearheaded a Windows DNS -> Route53 migration by building out custom automation to convert BIND formatted zone files from our Windows DNS server to Cloudformation Templates/Stack files. This enabled us to migrate over 500 zones directly into AWS leveraging our IaC tooling.
  • Created and deployed EKS clusters for our eventual migration from self-managed Kubernetes to AWS's managed offering. This included the creation of a custom Terraform module to provision the EKS cluster and all of its supporting infrastructure.
  • Contributed to a Lifeway custom CLI tool created in Typescript using OCLIF to provide a simple interface for some common developer tasks. Examples of functionality include things such as locating services across all Kubernertes clusters, copying secrets across clusters, copying secrets from Kubernetes to Vault, and searching for secrets in Vault.

    • July 2021 - August 2023

    Online Travel Broker

    Self-Employed

  • Identified arbitrage opportunities in the airline markets using various technical and financial tools to secure low cost airline travels for customers.
  • Personally managed tens of millions of miles/points/vouchers and ensured 100% on-time delivery of purchased flights to customers.
  • Partnered with Miles4Migrants to donate hundreds of thousands of miles to ensure safe travel of displaced persons.
  • Frequently used AWS Lambda and Python to scrape and compile airline/hotel pricing data in order to identify market opportunities. Serverless architecture allowed cheap execution and no hassle scaling.

    • June 2016 - July 2021

    Java and PL/SQL Developer

    Caterpillar Financial Services

  • Designed and implemented SOAP web service utilized by global loan origination system for the purposes of retrieving customer credit bureaus.
  • Responsible for the development, deployment, and maintenance of Java based Blaze Advisor rule services.
  • Designed and developed a lightweight web application using JRuby on Rails, Oracle PL/SQL, and Docker to manage application configurations across 20+ UAT and Development application instances.
  • Worked closely with Business Analysts to ensure end-user needs were fully considered through the development life cycle.
  • Supported legacy Java based, customer facing loan origination application with over 800 active users.
  • Led and implemented a major legacy systems upgrade to utilize the latest FICO Scorecard implementation for the organization’s US portfolio.
  • Supported the organization’s financial implementation of Oracle E-Business Suite

    • June 2012 - June 2016

    Network Administrator

    Middle Tennessee Christian School

  • Managed and supported nearly 150 users in an Active Directory and Exchange environment.
  • Conducted a migration from Microsoft Exchange to Google Apps for the organization's e-mail needs.
  • Serviced user hardware, software, and access requests on an ad-hoc basis.
  • Spearheaded a hardware upgrade for all faculty and staff PCs where I purchased, configured, installed, and tested all new PCs for K-12 entirely during the Summer break to ensure no interruption to classroom function.
  • Analyzed organizational bandwidth needs and spearheaded a project to change service providers, both saving the organization money and increasing overall bandwidth substantially.

    • May 2008 - December 2011

    Education

    Middle Tennessee State University

    Bachelor of Business Administration
    Computer Information Systems

    GPA: 3.8

    August 2007 - May 2012

    Skills

    Programming Languages & Tools
    DevOps Mindset
    • Fail fast, fail often, learn quickly
    • Infrastructure as code
    • Least privileged, security minded design
    • Automate everything

    Interests

    Apart from being a Kubernetes Engineer, I enjoy spending time with my wife and 2 dogs at home, constantly tinkering with my smart home setup, and playing video games.