Azure Kubernetes Platform Engineer

Role:
Kubernetes Engineer (AKS)

Location:

Mississauga (Hybrid: 3 days onsite)

Must Have Technical/Functional

Skills:

- Define the target reference architecture for greenfield AKS clusters along with engineering team and ensure how bluefield cluster remain undisruptive: control plane choices, private clusters, node pool strategy, upgrade/runway, and regional topology.

- Lead design for NGINX → Azure Managed Gateway API: HTTPRoute/Gateway modeling, TLS/WAF strategy, policy attachments, and weighted/canary traffic for cutover.

- Architect kubenet → Azure CNI (Cilium) migration with new clusters with Engineering team: IP planning, subnet sizing, pod density, surge capacity, cordon/drain and service-by-service move plan.

- Choose/validate dataplane features:
Cilium network policy, kube‑proxy replacement (if enabled), Hubble visibility, and implications on performance/SNAT.

- Standardize identity/secrets:
Azure - Key Vault + CSI; cert lifecycle (Key Vault and/or Gateway API).

- Establish platform guardrails:
Azure Policy, RBAC least‑privilege, multi‑tenancy boundaries (namespace/project isolation).

- Define/Follow the Git Hub standards: reusable workflows, CODEOWNERS, branch protections, environment approvals, and artifact provenance/signing.

- Own non‑functional requirements: SLOs, HA/DR, capacity modeling, performance budgets, and failover patterns for ingress and data plane.

- Govern delivery: roadmap, cutover criteria, readiness gates; mentor Platform/Dev Ops on architectural compliance.

- Own the target platform architecture and cutover from NGINX → Azure Managed Gateway API and kubenet → Azure CNI (Cilium) using new clusters/existing cluster. Closely work with Engineering and operation team.

Roles & Responsibilities :

- Required experience- AKS/Platform, strong Gateway API (prod ops), NGINX → Azure Managed Gateway API migrations, and deep Azure CNI/Cilium networking (IP planning, subnetting, pod density)

- Define the target reference architecture for greenfield AKS clusters along with engineering team and ensure how bluefield cluster remain undisruptive: control plane choices, private clusters, node pool strategy, upgrade/runway, and regional topology.

- Lead design for NGINX → Azure Managed Gateway API: HTTPRoute/Gateway modeling, TLS/WAF strategy, policy attachments, and weighted/canary traffic for cutover.

- Architect kubenet → Azure CNI (Cilium) migration with new clusters with Engineering team: IP planning, subnet sizing, pod density, surge capacity, cordon/drain and service-by-service move plan.

- Choose/validate dataplane features:
Cilium network policy, kube‑proxy replacement (if enabled), Hubble visibility, and implications on performance/SNAT.

- Standardize identity/secrets:
Azure - Key Vault + CSI; cert lifecycle (Key Vault and/or Gateway API).

- Establish platform guardrails:
Azure Policy, RBAC least‑privilege, multi‑tenancy boundaries (namespace/project isolation).

- Define/Follow the Git Hub standards: reusable workflows, CODEOWNERS, branch protections, environment approvals, and artifact provenance/signing.

- Own non‑functional requirements: SLOs, HA/DR, capacity modeling, performance budgets, and failover patterns for ingress and data plane.

- Govern delivery: roadmap, cutover criteria, readiness gates; mentor Platform/Dev Ops on architectural compliance..