ClearSpace · Ground Segment — Interview Diagrams

Task 01

DevOps vs SRE vs Platform · Secrets · Config vs Runtime

02 Diagrams

Diagram 01 Role Responsibilities

flowchart LR

flowchart LR DEV[Developers writing services] --> CICD[CI/CD pipelines] CICD --> RUN[Running production] RUN --> OBS[Observability + on-call] subgraph DEVOPS [DevOps Engineer] CICD end subgraph PLATFORM [Platform Engineer] DEV CICD end subgraph SRE [SRE] RUN OBS end classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold

Diagram 02 Secrets Access Pattern

flowchart LR

Task 02

Deployment System for a Stateless Production Service

02 Diagrams

Diagram 03 Full Deployment Architecture

flowchart LR

flowchart LR SRC[Developer
Git]:::primary --> CI[CI
build
test
scan] CI --> ART[Registry
image] ART --> CD[ArgoCD
sync] CD --> PRE[Dev/Test
validation] PRE --> GATE{Prod
gate} GATE --> PROD[Production
canary -> 10% -> 100%] PROD --> OBS[Observability
metrics / logs / traces] OBS -. bad metrics .-> RB[Rollback
previous version]:::accent RB --> CD classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold classDef accent fill:#c84b1c,color:#ffffff,stroke:#c84b1c,font-weight:bold

Diagram 04 Control Flow for One Deploy

flowchart LR

flowchart LR DEV[Dev
git push]:::primary --> CI[CI
build
test
scan] CI --> REG[Registry
image] CI --> GIT[GitOps
update SHA] REG --> CD[CD
sync] GIT --> CD CD --> CANARY[Canary
1%] CANARY --> MON[Monitoring
metrics] MON --> H1{Healthy
5 min?} H1 -->|Yes| STAGE[Scale
10%] STAGE --> H2{Healthy?} H2 -->|Yes| FULL[Scale
100%] H1 -->|No| RB[Rollback
notify dev]:::accent H2 -->|No| RB classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold classDef accent fill:#c84b1c,color:#ffffff,stroke:#c84b1c,font-weight:bold

Task 03

Security Across Containers, Dev, RCE, CI/CD & Service-to-Service

01 Diagram

Diagram 05 Container Security Pipeline

flowchart LR

flowchart LR BASE[Minimal base image
distroless / Alpine] --> APP[App layer] APP --> SCAN[Vuln scan at build time
Trivy / Grype]:::accent SCAN --> SIGN[Sign image
Cosign / Sigstore] SIGN --> REG[Registry with admission policy] REG --> RUN[Run with: non-root
read-only FS · drop ALL caps
seccomp profile]:::primary classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold classDef accent fill:#c84b1c,color:#ffffff,stroke:#c84b1c,font-weight:bold

Task 04

Monitoring vs Alerting

01 Diagram

Diagram 06 Monitoring → Alert Decision

flowchart LR

flowchart LR subgraph MON [Monitoring data] direction TB M1[Metrics] M2[Logs] M3[Traces] end MON --> Q{Actionable?
Symptom of user pain?
Needs human now?} Q -->|Yes| A[Alert: page someone]:::accent Q -->|No| D[Dashboard / debugging context]:::primary classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold classDef accent fill:#c84b1c,color:#ffffff,stroke:#c84b1c,font-weight:bold

Task 05

On-Call Operational Model

02 Diagrams

Diagram 07 On-Call Rotation Model

flowchart LR

flowchart LR subgraph ROTATION [On-call rotation] P[Primary] S[Secondary] M[Manager / IC] end P -->|paged| INC[Incident]:::accent INC --> P P -->|escalates if needed| S S -->|escalates if needed| M INC --> PM[Post-mortem] PM --> ACTIONS[Action items] ACTIONS -->|tracked, prioritised| BACKLOG[Reliability backlog] BACKLOG --> NEXT[Future on-call has fewer pages]:::primary classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold classDef accent fill:#c84b1c,color:#ffffff,stroke:#c84b1c,font-weight:bold

Diagram 08 Learning from Incidents

flowchart LR

flowchart LR INC[Incident]:::accent --> ACK[Acknowledge
within 5 min] ACK --> MIT[Mitigate
restore service] MIT --> RC[Root cause
investigation] RC --> PM[Blameless post-mortem] PM --> ACTIONS[Tracked action items] ACTIONS --> SHARE[Wider team review] SHARE --> SYS[System improvements]:::primary classDef primary fill:#1a1612,color:#f0ebe2,stroke:#1a1612,font-weight:bold classDef accent fill:#c84b1c,color:#ffffff,stroke:#c84b1c,font-weight:bold