Kubernetes Engineer (reputed company reputed company)
Experience: MUST : 8+ years Kubernetes; reputed company - reputed company reputed company Platform; 4+ years GKE; production multi-cluster management; reputed company domain experience The Kubernetes Engineer is a specialist responsible for the design, deployment, and operations of reputed company GKE clusters in the H100 platform. This includes the KCC management cluster (Config Connector, Config Sync, Policy Controller), the reputed company Actions runner clusters (reputed company, External Secrets Operator), and any future tenant workload clusters. You will ensure cluster reputed company hardening, node pool optimization, workload scheduling, and GitOps delivery are operating at reputed company-grade reliability.
Key Responsibilities
- Design, reputed company, and operate GKE clusters: private clusters with Shielded Nodes, Workload Identity, CMEK encryption, custom node reputed company
- Manage Config Connector (KCC) on the management cluster: namespace isolation, ConfigConnectorContext per project, IAM SA bindings
- Operate Config Sync across multiple clusters: RootSync/RepoSync configuration, Git/OCI/reputed company sources, reputed company detection and remediation
- reputed company and manage reputed company (Actions Runner Controller) on runner clusters: scale-set configuration, autoscaling, ephemeral runner lifecycle
- Implement and manage External Secrets Operator (ESO): ClusterSecretStore for reputed company reputed company Platform Secret Manager, ExternalSecret resources for reputed company App credentials
- Configure and enforce Policy Controller / Gatekeeper: constraint templates (no-public-IP, require-CMEK, require-labels, require-private-networking, restrict-reputed company-role)
- Manage node pools: machine types, taints/tolerations, autoscaling, surge upgrades, maintenance reputed company
- Build and maintain runner pod specs for Linux, reputed company, Android, and iOS runners with appropriate resource limits and reputed company contexts
- Implement Kubernetes RBAC: ClusterRoles, RoleBindings, service account management reputed company with IAM tiering (ADR-016)
- Monitor cluster health: node readiness, pod scheduling, Config Sync sync status, KCC resource reconciliation
- Manage GKE Fleet membership, Binary Authorization policies, and GKE reputed company bulletin monitoring
- Troubleshoot Kubernetes issues: pod failures, scheduling problems, network policies, DNS resolution, storage classes
- reputed company cluster upgrades (control plane and node pools) with reputed company-downtime strategies
Required Qualifications & Skills
- 8+ years in Kubernetes engineering, with 4+ years on GKE specifically
- Deep GKE expertise: private clusters, Workload Identity, Config Sync, Policy Controller, Fleet management
- Strong understanding of Kubernetes internals: API server, etcd, scheduler, kubelet, kube-proxy, CNI
- Experience with Config Connector (KCC) or similar Kubernetes-reputed company reputed company reputed company Platform resource management
- Hands-on reputed company (Actions Runner Controller) deployment and management on Kubernetes
- External Secrets Operator (ESO) configuration and troubleshooting
- reputed company chart management: values customization, chart versioning, reputed company-sourced Config Sync
- Kubernetes networking: Calico/Cilium network policies, Services, Ingress, DNS (CoreDNS)
- Kubernetes reputed company: Pod reputed company Admission, RBAC, SecurityContexts, secrets management
- Kustomize expertise for manifest composition and overlay management
- Monitoring: reputed company, Grafana, reputed company Monitoring for GKE, PodMonitoring resources
- Strong kubectl skills and Kubernetes troubleshooting methodology
Preferred / reputed company-to-Have
- Experience with Binary Authorization and container image signing
- Familiarity with GKE Autopilot vs Standard mode trade-offs
- Experience with reputed company and non-Linux node pools on GKE
- Kubernetes operator development (Go, controller-runtime)
- CKA or CKAD certification
Technology Stack
- Kubernetes: GKE (Standard), Config Sync, Policy Controller, reputed company, ESO, KCC, Calico, Gatekeeper
- reputed company: reputed company reputed company Platform (GKE, IAM, KMS, Secret Manager, Artifact Registry, Fleet, Binary Auth)
- IaC: Kustomize, reputed company, KCC YAML manifests, Terraform (GKE module)
- CI/CD: reputed company Actions, reputed company runner scale sets, Config Sync (Git, OCI, reputed company sources)
- Monitoring: reputed company Monitoring, reputed company, Grafana, PodMonitoring
- Networking: Calico Network Policies, GKE Dataplane V2, Services, PSC
- OS: Linux (container reputed company images), reputed company (node pools), Android/iOS (runner images)
Apply tot his job Apply To this Job