Building Periscope · Open Source· Bangalore, India

Platform engineer
building the boring
that holds it up.

I build platforms, Kubernetes control planes, and orchestration tooling in Go, with a bias toward identity-based access, per-user governance, and auditability. Every privileged action ties back to a human; the platform itself holds as little standing privilege as possible.

Get in touch GitHub Résumé
Impact at a glance
measurable_outcomes.tsv
0K+logs/sec
sustained throughput on a Go traffic monitoring service
0%
AWS cost reduction across the Kubernetes fleet
0
static credentials in Periscope: keyless cluster access via Pod Identity / IRSA
0%
AWS CIS compliance (Tenable), up from 65% across three production accounts, sustained over a quarter
0yrs
shipping production platforms in Go
Selected work

Featured project

/case-studies/periscope
Personal · Open source · v1.1.6 released · v1.2 (GPU observability) in active development

Periscope

A multi-cluster Kubernetes console with impersonation-based isolation and keyless cluster access.

Go 1.26ReactTypeScriptSQLiteOIDCEKS / IRSA / Pod IdentitySSMSTSTerraformHelmSSEcosign / SLSA
View on GitHub periscopehq.dev
FEATURE / 01

Per-user isolation via impersonation

Every Kubernetes call carries the user's OIDC identity through impersonation, so the audit row shows alice@corp, never periscope-bot. Per-cluster RBAC, no shared service account.

FEATURE / 02

Keyless cluster access

Connects via EKS Pod Identity / IRSA, kubeconfig, or in-cluster service account. Nothing static lives on the console pod; OIDC sessions (Auth0 / Okta) are held in memory only.

FEATURE / 03

Multi-cluster over the agent tunnel

A periscope-agent pod on each cluster dials out over a long-lived mTLS WebSocket. Outbound HTTPS only, no inbound, no per-cluster IAM. Works on EKS, GKE, AKS, k3s, and kind.

FEATURE / 04

In-browser cluster shell

A per-session ephemeral pod gives a kubectl + helm REPL on the target cluster, running under the operator's tier-narrow impersonation. Every command joins the same audit log via a shared session id, on both in-cluster and agent backends.

FEATURE / 05

SSM node shell

A terminal onto a node's EC2 host (kubelet, journald, containerd) over AWS SSM, with no SSH key, no bastion, no inbound ports. The session uses the operator's own short-lived STS credentials, minted from their OIDC id_token, so the console pod holds no SSM permissions and CloudTrail attributes every session to the user by their IdP subject.

FEATURE / 06

Searchable audit log

Every privileged action lands in a SQLite-backed audit store with a first-class in-app view, time-filterable and retention-bounded. Structured JSON streams to stdout; no external logging system required.

FEATURE / 07

Live resource streaming

21+ resource pages stream over Server-Sent Events with reconnect resumption and per-user concurrency caps, so one user cannot overload a large cluster. Tested polling fallback for restrictive proxies.

FEATURE / 08

EKS-native operations

Schema-aware Monaco YAML editor with server-side apply and drift detection, Helm release browser with atomic rollback, EKS managed add-ons and upgrade readiness, a Karpenter dashboard, and Inspector v2 CVE surfacing.

// why I built it

Existing Kubernetes dashboards either share one service account, so the audit log shows a bot instead of a person, or need kubeconfigs sitting on disk. Periscope attributes every action to a real user through their IdP identity via Kubernetes impersonation, and holds zero static cloud credentials.

Experience

Where I've shipped

2019 → present
Jun 2023 - PresentBangalore

Pure Storage

Member of Technical Staff 4 (MTS-4)
AI Platform Engineering
  • Designed and built an internal platform for no-code agent creation and execution of LLM agents, with horizontally scalable, stateless services.
  • Built an AI-powered observability agent for natural-language incident debugging across logs, Kubernetes, and metrics via Model Context Protocol (MCP) servers, including a Datadog MCP server I wrote to feed it; shipped to production with the team reporting an estimated 10-15% reduction in MTTR.
Kubernetes & Cloud Infrastructure
  • Own continuous Kubernetes fleet upgrades across five minor versions (EKS 1.24 to 1.33, 1.34 in planning), modernizing EC2 instance types and consolidating infrastructure; earlier phases delivered a 25% AWS cost reduction.
  • Drove AWS CIS compliance from 65% to 96% across three production accounts (tracked in Tenable, CIS benchmarks v3.0.0 to v6.0.0), sustained over a quarter, by remediating findings and automating preventive guardrails.
  • Migrated production monitoring and alerting from a self-managed Prometheus / Grafana / Alertmanager stack to Datadog, rebuilding dashboards and PagerDuty alert routing and enabling metric ingestion across the AWS accounts.
  • Operated production Kafka, Elasticsearch, and Cassandra clusters; led the Cassandra v3-to-v4 migration on production using K8ssandra with Medusa backup integration.
Distributed Systems & Performance
  • Designed a high-throughput traffic monitoring service in Go using goroutine-based concurrency, sustaining 100,000+ logs/second at low latency.
  • Built a rule-evaluation engine in Go that tokenizes queries into AST trees with parallel multi-level parsing, holding 30-50ms latency across 1,000+ rules.
  • Built a Salesforce auth-token pooling wrapper over jsforce in the platform library, adopted org-wide; eliminated redundant re-authentication calls flagged by Salesforce and reduced auth-overhead latency.
Aug 2021 - May 2023Pune

Velotio (Client: Pure Storage)

Senior Software Engineer
  • Re-architected a serverless application to a server-based design, introducing Snowflake connection pooling for a measured 20% improvement in application performance.
  • Replaced heavy multi-join Snowflake queries on hot API paths (5+ tables, up to an 11-table join) with parallel data pulls joined in application code, cutting latency on those paths by roughly 70%.
Jun 2019 - Jul 2021Pune

Tata Consultancy Services

Systems Engineer
  • Worked on migrating on-premises infrastructure to a serverless architecture for the London Stock Exchange Group, part of an effort that reduced operational costs by 15%.
Open source

Packages & extensions

~5 published
npm · @gnana997
npmjs.com/~gnana997
mcp-dev-kit
v0.2.0

Testing and debugging toolkit for MCP servers.

@gnana997/node-jsonrpc
v1.0.0

Transport-agnostic JSON-RPC 2.0 client and server for TypeScript and Node.js.

node-ipc-jsonrpc
v0.2.1

TypeScript JSON-RPC client over IPC (Unix sockets and named pipes) for Go servers.

node-stdio-jsonrpc
v0.1.0

TypeScript JSON-RPC 2.0 client over stdio for child processes.

VS Code extensions
Ollama Copilot
Released

Local-LLM-powered code completion and chat in VS Code, with zero code leaving the machine.

Writing

Notes from the build

5 posts
periscopehq.dev/blog
periscopehq.dev/blog
Every audit row says `alice@corp`, not `periscope-bot` — here's how

How Periscope makes every K8s call carry the human's identity: per-user impersonation, the SAR pre-flight pattern, the three authorization modes, and how the same shape survives the agent-backed cluster path.

`whoami` says `ssm-user`, CloudTrail says you: browser shells into EKS nodes, no SSH

Periscope v1.1.6 opens a terminal onto an EKS node's EC2 host from the dashboard, with no SSH key, no bastion, and no inbound ports. The session runs under the operator's own short-lived AWS credentials, minted from their OIDC id_token.

What can this pod do in AWS? A surprisingly hard question in EKS.

Which pods use this IAM role? What does this pod actually grant in AWS? Periscope v1.1's three new EKS identity surfaces answer the questions you get paged for — in seconds.

Four tenants, one GPU, one number: where attribution breaks under MPS

Once an NVIDIA GPU is shared across multiple pods via MPS, the standard Kubernetes GPU telemetry stack stops telling the truth about who is using it. Lab notes on the misattribution and the mechanism behind it.

Five subsystems, one GPU: the join Periscope Milestone 2 has to make

GPU visibility in Kubernetes is not one metric — it's a join across allocation, telemetry, node description, workload identity, and operator intent. Lab notes from prepping Periscope Milestone 2.

Toolkit

Skills & stack

battle-tested · production

Languages

GoTypeScriptJavaScriptJavaPython

Infrastructure & Orchestration

KubernetesAWS (EKS, IRSA / Pod Identity, IAM)DockerHelmTerraformGitOps

Observability & Security

DatadogPrometheusGrafanaAlertmanagerPagerDutyCloudWatchCIS / TenablePer-user impersonationAudit logging

Distributed Data & Messaging

CassandraKafkaElasticsearchRedisPostgreSQLSnowflake

Frameworks & Protocols

Node.jsReactSpring BootMCP (Model Context Protocol)Vercel AI SDK
Certifications
Certified Kubernetes Administrator (CKA)
Cloud Native Computing Foundation · 2022
AWS Certified Developer - Associate
Amazon Web Services · 2020
Education
BTech, Vellore Institute of Technology
2015 - 2019
Get in touch

Find me
in the open.

Always glad to trade notes on distributed systems, Kubernetes, or the guts of Periscope. Async-friendly, based in Bangalore, India.

Fastest reply: email · usually within 24h on weekdays.
emailgnana097@gmail.comgithubgithub.com/gnana997linkedinlinkedin.com/in/gnanavaradarajunpmnpmjs.com/~gnana997