Built a company-wide multi-tenant platform consisting of shared Kubernetes clusters with out-of-the-box CI/CD functionality, monitoring solution etc. Enabled internal customers to use Kubernetes without the need for dedicated infrastructure or deep devops knowledge. Used NaaS (Namespace-as-a-Service) model for multi-tenancy.

• based the platform on Openshift (OKD), deployed in AWS and on-premise (ESXi)
• created custom installer utilizing Ansible to allow for unattended (re/un)installation of Openshift clusters
• introduced AppCatalog solution (using Helm and ArgoCD app-of-apps pattern) used to deploy applications and associated resources (NSs, RQs, RBAC etc.) based on YAML definitions in single Git repo
• introduced self-service (using GH Actions) that enabled customers to join the platform by simply filling out an onboarding form
• maintained documentation and several reference "demo" applications
• handled bugs/questions/incidents/feature-requests raised by customers
• introduced Kargo (CI/CD orchestration tool)
• created Kargo CI/CD pipeline used by our infra applications and assisted customers with creating their own custom pipelines
• implemented Grafana Enterprise with multi-tenant support using LBAC and created initial monitoring configuration for clusters and infra applications
• enabled customers to configure Grafana by using Prometheus Operator CRDs
• maintained Kyverno and its ruleset to enforce security requirements and best-practice
• maintained infra applications - argocd, certmanager, externaldns, dex, sealedsecrets etc.
• integrated Orca (vulnerability scans), Apptio (cost monitoring), Splunk (SIEM logs forwarding)
• introduced multi-cluster service-mash based on Istio/Submariner
• worked on cost-saving measures in AWS and Grafana (cluster sleep, spot instances, metrics whitelists etc.)

Joined one of RBI's departments as devops engineer responsible for applications running on department's Kubernetes clusters.

• clusters based on Openshift (OKD) deployed in AWS and on-premise (ESXi)
• took ownership of DataDog and introduced a standardized set of dashboards/monitors focused on control-plane, autoscaler, AWS, ArgoCD, resource-utilization etc.
• resolved control-plane performance issues by removing orphaned K8S resources, fixing reconciliation loops, fixing crash-back loops etc.
• identified and cleaned up orphaned resources in AWS to save costs (EBS volumes, LBs etc.)
• optimized cluster autoscaler configuration by using more appropriate AWS instance-types
• analyzed resource requests of each container and worked with developers on resources config optimalization
• reviewed, optimized and simplified existing Helm charts
• advised developers on how to modify their apps to take advantage of k8s (e.g. how to expose endpoints for probes/metrics)
• worked with developers on security-hardening their containers (e.g. running in read-only, running as non-root)
• implemented all pending security requirements (e.g. introduced netpols, introduced Kyverno etc.) in close cooperation with developers
• maintained Terraform Operator that allowed running TF based on definition in CR
• modified cluster installer to enable installation of Openshift on-premise
• assisted developers with migrating legacy applications and their dependencies (Zookeeper/Postgres/Cassandra/RabbitMQ etc.) to Kubernete

Joined a team responsible for payment-gateway solution still using legacy webserver/appserver model. Deployed first-ever Kubernetes clusters within the company and successfully migrated payment-gateway, greatly improving its availability. Later utilized this experience to create a company-wide multi-tenant platform capable of hosting multiple applications in shared clusters.

• supported payment-gateway solution running in 5 different regions and 10 different datacenters (2 datacenters per region for primary-DR setup)
• used Jenkins/Rundeck to deploy and configure payment-gateway
• used SaltStack to configure underlying VMs and deploy/configure supporting components (Apache, monitoring etc.)
• maintained existing Apache configuration
• maintained existing monitoring setup based on ELK and TICK stacks
• used SaltStack to deploy vanilla Kubernetes clusters on pre-provisioned VMs
• introduced ArgoCD (using app-of-apps concept), Cert-Manager (integrated with Venafi), Monitoring (Prometheus/Thanos integrated with Netcool), Logging (integrated with ELK) etc.
• worked closely with developers on migrating the application to Kubernetes -> building the image, dropping JBoss in favour of SpringBoot2, splitting the monolith to smaller components, switching to stdout logging, making application scalable etc.
• load-tested the new setup using BlazeMeter to identify bottlenecks
• handled payment-gateway migration to Kubernetes using custom weighted reverse proxy config on Apache
• implemented blue/green concept for payment-gateway deployment utilizing Traefik weights
• refactored gateway's network architecture and failover design by improving GSLB/LB/Apache configuration, reducing failover-caused downtime by 99%
• modified our single-purpose clusters to multi-tenant clusters by introducing proper RBAC, namespace-isolation, SSO-integration etc.
• added support for our clusters to be deployed to EKS

Moved to work to RPC to work on a card-processing solution that I have supported in my previous role.

• managed 3rd party card-processing solution from OpenWay used to process card payments from multiple customers (banks)
• worked as 2nd line support for resolving incidents
• managed Zabbix monitoring solution and introduced Grafana
• utilized custom Zabbix monitoring scripts to query Oracle for relevant data from OpenWay

As the first member of our team, my mission was to ensure a smooth takeover of 1st/2nd level support duties from Austria to Slovakia for single customer -> Regional Card Processing Centre