Shafi Ulla

Shafi Ulla

Sr Staff Platform Engineer at Zscaler | Zkube - One Platform

San Jose, California, United States

Actions

Shafi Ulla is a Sr. Staff Software Development Engineer at Zscaler's Government Cloud division, where he leads infrastructure and platform engineering initiatives for mission-critical cloud-native workloads. With 10+ years of experience in DevOps and Kubernetes operations, Shafi specializes in architecting and executing large-scale infrastructure transformations & had done public cloud transformation other enterprise organization such as Salesforce, Bleacher Report and Here Maps/Nokia.

Area of Expertise

  • Government, Social Sector & Education
  • Information & Communications Technology
  • Travel & Tourism

Topics

  • Istio
  • Kubernetes
  • kubeflow
  • Networking
  • network security
  • Network Engineering
  • Ingress NGINX
  • Service Mesh (Istio/Linkerd)
  • Azure Kubernetes Services (AKS)
  • aws

Observable Infrastructure: Debugging Crossplane Reconciliation with OpenTelemetry & Prometheus

Crossplane has revolutionized infrastructure-as-code by abstracting cloud resources into Kubernetes-native objects. However, this abstraction introduces a critical challenge: invisible reconciliation loops.

Unlike traditional infrastructure tools, Crossplane controllers manage resources through continuous reconciliation. When reconciliation fails silently or with cryptic error messages diagnosing root causes requires deep observability. Managing 1000+ resources across 200+ clusters makes this challenge exponential.

This talk shares production-grade patterns for observing and debugging Crossplane reconciliation using industry-standard, vendor-neutral observability tools: OpenTelemetry, Prometheus, Grafana.

Key topics that would be covered are :

Reconciliation Invisibility
Instrumenting Crossplane with OpenTelemetry
Signal Correlation & Root Cause Analysis
Building Observable Dashboards & Alerts
Common Reconciliation Failure Patterns

Migrating 200 Clusters, 600 Endpoints: How We Replaced NGINX Ingress at Enterprise Scale

Migrating ingress controllers across 200+ Kubernetes clusters and 600+ service endpoints is a daunting undertaking that most organizations avoid. This talk shares real-world strategies, tools, and lessons learned from a large-scale NGINX Ingress migration at Zscaler One platform engineer team

We'll cover the complete migration lifecycle: pre-migration planning (inventory, dependency mapping, risk assessment), solution evaluation (comparing Istio, Traefik, Cilium, and cloud-native solutions), phased rollout strategies (canary deployments, traffic validation), and operational challenges (DNS TTL handling, service discovery, configuration drift detection).

You'll learn how we achieved zero-downtime migrations, reduced operational overhead, and optimized costs through careful planning and automation. Whether you're managing tens or hundreds of clusters & critical active production workloads, this talk provides a playbook for executing large-scale ingress migrations safely and efficiently

Crossplane Circuit Breaker — The Right Way to Fix It

A 10-minute lightning talk targeting Crossplane operators and platform engineers on the most common circuit breaker implementation mistakes in distributed reconciliation loops, and the principles for fixing them correctly. Focus on shared state, observable transitions, and time-aware backoff logic.

Most teams implement circuit breakers reactively—trying to "fix" failures—but end up creating worse problems by resetting state too aggressively, storing state in-memory only, or not coordinating across multiple controller instances. The right fix requires: persistent shared state, time-aware transitions, and observable metrics.

Beyond Ingress: Mastering Istio Gateway for Modern Service Mesh Architecture"

Istio Gateway is the next-generation traffic ingress solution built on the Kubernetes Gateway API standard. In this lightning talk, we'll explore why Istio Gateway surpasses traditional Ingress controllers, dive into its core capabilities for advanced traffic management, and discover how it simplifies multi-cluster networking and security policies in production environments.

The Problem:
Kubernetes Ingress is limited: no weighted routing, no advanced traffic policies, poor multi-cluster support
Service mesh users struggle with duplicated routing logic between Ingress and Istio
Organizations need standardized, vendor-neutral gateway patterns

The Solution — Istio Gateway:
Native integration with Istio's power (traffic shifting, retries, timeouts, circuit breakers, authorization policies)
Aligns with CNCF Kubernetes Gateway API standard
Unified routing for North-South AND East-West traffic
Perfect for Government Cloud: fine-grained security, audit trails, multi-tenancy

Shafi Ulla

Sr Staff Platform Engineer at Zscaler | Zkube - One Platform

San Jose, California, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top