A Senior DevOps Engineer
I've spent the last 13 years learning to build websites & run servers; worked in e-Commerce since 2013, and focused on Cloud Computing, Containers, Automation, and Monitoring since starting full-time DevOps in 2018.
Cloud Computing 🌩
Computers! Computers! Computers! 👏
I've worked with Amazon Web Services intensively between 2018 and 2021 and was a AWS Certified Developer from May 2019 to May 2022.
Between 2018 and 2021 I was involved in planning and provisioning infrastructure for a microservice-based product called Konekti. During this time I gained extensive knowledge of:
- Elastic Container Services (ECS)
- Elastic Compute Cloud (EC2)
- Auto-scaling Groups
- Intensive, automatic resource tagging to monitor budgets
- Security Groups and Ingress Control
- AWS Load Balancers and Traefik Edge Proxy
- VPC and subnet management
Keeping tabs on everything
Proper monitoring is incredibly helpful in debugging. Seeing exactly what amount of RAM and CPU a docker container consumed when it got stuck 3 weeks ago? Neat.
Some monitoring tools I've maintained in production:
- AWS CloudWatch metrics
- AWS CloudWatch alarms
"It's no use Mr., it's virtualization all the way down" 🐢
Before doing DevOps full-time at Synoa GmbH, I drove the initial adoption of Docker for local development in 2017.
At the time we used Docker for Magento 2 development as well as for running Logstash, Elasticsearch, and some Java Apps on local machines.
Some areas I've gained knowledge in over the years include:
- Running CI/CD in Docker containers
- Multi-stage docker builds
- Running Traefik in Production for 4 years
- Distributing CLI tools via Docker containers
- Deploying docker with Docker Remote API
- Monitoring with cAdvisor
Predictability and reliability through automation and scripting
Setting up infrastructure in the cloud is lot of work and the more manual steps are involved, the more likely errors will be introduced.
Over the past years I've gained a lot of experience building, managing, and upgrading infrastructure with terraform and Ansible. I've also build internal tooling to help Developers interact with the infrastructure we build.
- Terraform module creation and maintenance
- Ansible role creation and maintenance
- Terraform integration with CI/CD pipelines
- Handling of breaking infrastructure changes
- Integrating build tools with Docker Remote API
- Monitoring with cAdvisor
Terraform is a speciality of myself, I've experience with the creation and maintenance of complex modules that integrate various different services, including the following technologies
- AWS VPC and subnets
- AWS VPC networking & routing
- AWS EC2 servers
- AWS EC2 Auto-scaling groups
- AWS Security Groups and ingress rules between servers, including ingress across AWS accounts
- AWS Route 53 domains and sub-domains
- AWS ECS clusters and services
- AWS S3 buckets and access policies
- AWS IAM users for S3 access
- MongoDB Atlas Cloud
- MongoDB Atlas Cloud and AWS VPC peering connections
- Hetzner Cloud
◼︎◼︎◼︎◼︎◼︎ ◼︎◼︎ ◼︎◼︎◼︎◼︎◼︎ ◼︎◼︎◼︎◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎◼︎◼︎◼︎◼︎
Security must be considered from the start. Period.
Don't give all-access to a entity because it's easy. Don't open all ports because it's easy. Don't run your code as root because it's easy.
Some rules I've established:
- HTTPS-only traffic between systems
- Restrictive AWS IAM users and roles
- Automatic generation of AWS IAM users and automated S3 access management via Terraform
- Auto-generated Passwords wherever possible
- Password management with self-hosted Password manager
- SSL certificate management with Let's Encrypt and AWS Certificate Manager
Well, well, well, ... you've reached the end of this very lovely and pretty ✨cool✨ website.
If you want to connect with me, hit me up on:
If you write me on LinkedIn or request to connect please be patient: I get a lot of messages and catch up only once a week!
Still not read enough? Well, there's the about page left!