Tech focus
Kubernetes Platform Engineering · Talos Linux · CAPI · GitOps ·
Infrastructure-as-Code · Observability · Secrets Management ·
Identity Federation · Security Hardening · Cloud (AWS · Azure) ·
BSI IT-Grundschutz · IEC 62443 · DSGVO / Schrems II
Projects
self-initiated · platform engineering
Kubernetes Platform Engineering – Foundation
Project 01 · Jan – Apr 2026
Proxmox VE · 3-node cluster · Phases 0–10 complete
Proxmox VE · 3-node cluster · Phases 0–10 complete
A foundation Kubernetes platform built with production engineering practices —
running on a single Proxmox host (32 GB RAM, 500 GB SSD) with a 3-node kubeadm cluster. The platform covers the full engineering stack:
GitOps
ArgoCD App-of-Apps · crane + Trivy image promotion pipeline
Observability
Prometheus · Grafana · Loki · Promtail
Security
Vault + ESO · Falco · NetworkPolicy · cert-manager
Identity
Keycloak SSO
Networking
Cloudflare Tunnel · nginx-ingress · Calico CNI
Storage & Backup
CloudNativePG · WAL archiving · PITR · Longhorn · MinIO · Velero · rclone
Workload
Nextcloud · Redis · Homepage
live
Kubernetes Platform Engineering – Production
Project 02 · May 2026 – present
Talos Linux · CAPI · ArgoCD GitOps · Proxmox VE · Nine Layers · Five Deployment Models
Talos Linux · CAPI · ArgoCD GitOps · Proxmox VE · Nine Layers · Five Deployment Models
A production-grade Kubernetes platform built on an infrastructure-agnostic architecture —
the same platform runs on Proxmox, VMware, bare-metal PXE, or any cloud VM without changing
a single layer above the hypervisor. One management plane serves all five deployment models:
vCluster IDP, mission-critical dedicated clusters, large microservices based platforms, KubeEdge factory sites, and KubeVirt VM migration.
Validated against the Sidero Talos Linux Reference Architecture 2025.
Infrastructure
Talos Linux · CAPI · Proxmox VE · factory.talos.dev extensions · 9-node production layout
High Availability
etcd quorum · kube-vip · MetalLB · KubePrism · PodDisruptionBudgets · ExternalDNS
GitOps
GitLab CE · ArgoCD App-of-Apps · ApplicationSet · Reloader · Git = only interface
Storage
Rook-Ceph (RBD · CephFS · RadosGW) · MinIO · Velero · CNPG WAL · offsite rclone
Secrets & Identity
Vault HA Raft · ESO ClusterSecretStore · Keycloak OIDC · cert-manager · Talos CCM
Observability
OTel Collector · Prometheus / VictoriaMetrics · Loki · Grafana · Hubble · Alertmanager
Security
Kyverno · Harbor · Falco · CiliumNetworkPolicy · Headscale WireGuard · kube-bench · Kubescape · Gitleaks
CI/CD
GitLab Runner · Trivy CVE gate · Cosign image signing · Renovate · Karmada
Deployment Models
vCluster IDP · Mission Critical (IEC 62443) · Large Microservices · KubeEdge · KubeVirt
Planned
POST-CKA
Proposals
proposed architectures prepared for job applications.
GHGA · Research Data Infrastructure
DKFZ Heidelberg · NFDI · Research Data Infrastructure Engineer
Proposed platform engineering roadmap for the German Human Genome-Phenome Archive (GHGA) —
a national genomic data infrastructure handling sensitive patient data under strict
DSGVO and BSI IT-Grundschutz compliance requirements.
submitted
proposal
DKFZ / NFDI
DKFZ / NFDI
IONOS · AI Customer Care Platform
IONOS SE · Karlsruhe · DevOps Engineer · Customer Care AI Platform Team
Proposed platform engineering roadmap for IONOS's next-generation AI customer care platform,
a multimodal ecosystem spanning Speech-to-Speech pipelines, LLM orchestration via MCP,
and an automated QA feedback loop serving 8M contracts across 20+ locations.
in progress
proposal
IONOS SE
IONOS SE