My Projects

Automated software delivery and cloud migration for hybrid infrastructure (on-prem + GCP). Standardized CI/CD pipelines with OOP-based reusable templates, implemented automated release workflows with security compliance gates (Veracode, Xray, SonarQube), and built one-click deploy & promote-to-production workflows across multiple environments. Configured Istio service mesh for traffic management and observability on GKE clusters. Managed both legacy infrastructure (Jenkins, Ansible) and modern GCP-native workflows, while setting up comprehensive monitoring (Prometheus/Grafana on-prem + GCP Cloud Monitoring).

What I Accomplished

• ▸70% reduction in release cycle time through automated promote-to-production workflows
• ▸60% reduction in deployment code with reusable Helm chart library
• ▸100% automated security compliance checks integrated in CI/CD pipeline
• ▸Zero downtime migration from Jenkins/Ansible on-prem to GitHub Actions + Terraform on GCP
• ▸Configured Istio service mesh for traffic management, canary deployments, and observability on GKE
• ▸Multi-cluster deployment automation across dev, staging, and production environments
• ▸Implemented OOP-based pipeline templates for standardized CI/CD across organization
• ▸Configured multi-layered network security with granular IAM permissions and VPC controls
• ▸Mentored team on GCP DevOps best practices and Infrastructure as Code
• ▸Hackathon winner: Built full CI/CD for Cloud Run banking app (Terraform + GitHub Actions from scratch)

Full-cycle infrastructure modernization for Togo government's Geographic Information System managing land development and urban planning. Initially migrated legacy VM-based deployment (PostgreSQL, MinIO, Keycloak, Frappe ERP) to Infomaniak managed Kubernetes cluster. After client decision for data sovereignty, led second migration to self-hosted bare metal Kubernetes cluster on client's VMs. Built 8-node cluster from scratch with Calico CNI, configured node selectors for PVC management, implemented high-availability PostgreSQL clusters (6 total instances across OLTP and OLAP workloads), HashiCorp Vault with External Secrets Operator, MinIO S3-compatible storage, Redis master-replica caching, and Keycloak OAuth2 authentication. Authored comprehensive 2000+ line technical documentation covering architecture, deployment procedures, migration methodology, and operational runbooks.

Production Kubernetes Platform for Government GIS System

What I Accomplished

• ▸Executed two complete infrastructure migrations: VM → Infomaniak K8s → bare metal K8s with zero data loss
• ▸Built 8-node production Kubernetes cluster from scratch (1 master + 7 workers) with Calico CNI
• ▸Implemented 3-node PostgreSQL HA clusters (6 total instances) with automated failover and continuous WAL archiving
• ▸Configured node selectors and storage management for multi-tenant PVC placement across bare metal nodes
• ▸Zero-trust secrets management: HashiCorp Vault + External Secrets Operator for automatic secret rotation
• ▸Migrated 50+ containerized applications including Frappe ERP, Keycloak, MinIO, Redis across two infrastructure changes
• ▸Authored 2000+ line technical documentation with deployment procedures, migration runbooks, and operational guides
• ▸Fixed critical OAuth2 DNS resolution loop through CoreDNS rewrite rules and manual TLS certificate management
• ▸Designed and implemented continuous backup strategy with daily PostgreSQL base backups to MinIO S3-compatible storage

Fully automated multi-tenant GIS platform for Romanian counties with self-replicating infrastructure. Migrated from on-premise VMs to GCP Cloud Run serverless architecture. Built modular Terraform infrastructure enabling one-click deployment of new client instances with automatic provisioning of Cloud Run services, GCS buckets, Cloud SQL databases, custom DNS domains, and SSL certificates. Designed for infinite horizontal scaling with zero manual configuration per tenant.

Serverless GIS Platform on Google Cloud Run

What I Accomplished

• ▸Migrated legacy VM-based infrastructure to serverless GCP Cloud Run architecture
• ▸Built self-replicating multi-tenant infrastructure: add one entry in Terraform map, get full stack deployed
• ▸Automated provisioning: Cloud Run services (FE + BE), GCS buckets, Cloud SQL, DNS zones, SSL certificates per tenant
• ▸Terraform modular architecture with reusable modules: cloud-run-service, gcs-bucket, cloud-dns-run
• ▸Zero-downtime deployments with GitLab CI/CD: automated terraform plan/apply pipeline with manual approval gates
• ▸Kaniko-based daemonless container builds eliminating Docker-in-Docker security risks
• ▸Multi-region deployment strategy: FE in europe-west4, BE in europe-west3 for optimal latency
• ▸Automated DNS management: Google Site Verification, custom domain mapping, CNAME/A records per tenant
• ▸IAM automation: service accounts with least-privilege permissions, Secret Manager access policies
• ▸Budget monitoring with email alerts at 50%, 80%, 100%, and 110% forecasted spend thresholds
• ▸Single-pipeline deployment: deploy all services or individual service with specific image tag

Full-stack infrastructure management for CityZen platform on GCP VMs. Optimized GitLab CI/CD pipelines for multi-environment deployments (dev, staging, production), implemented multi-stage Docker builds for Next.js applications, configured Nginx reverse proxy with Let's Encrypt SSL automation, built WordPress bridge application for mobile deep linking, and executed comprehensive infrastructure optimization through automated disk cleanup and deployment process improvements.

Multi-Environment Platform on GCP

What I Accomplished

• ▸Docker image size reduction through multi-stage Dockerfile optimization for Next.js builds
• ▸Automated disk exhaustion prevention through CI/CD integrated cleanup pipelines
• ▸Multi-environment CI/CD: GitLab pipelines supporting dev, staging, production with environment-specific build args
• ▸Built cityzen-wordpress-bridge: Next.js app for mobile deep linking (iOS/Android detection + app store redirects)
• ▸Automated SSL certificate management: Certbot with auto-renewal for 4 domains (Let's Encrypt)
• ▸Nginx reverse proxy configuration: 4 domains routing to 2 Docker containers on single VM
• ▸Fixed critical DNS CNAME loop: changed administratie.cityzen.ro from CNAME to A record resolving incorrect routing
• ▸30% infrastructure cost reduction through disk cleanup automation and resource right-sizing analysis
• ▸GitLab CI/CD optimization: manual deployment triggers with tag-based versioning for controlled releases
• ▸Infrastructure documentation: 400+ line technical docs covering deployment procedures, troubleshooting, cost analysis

Built complete end-to-end AI application in 24-hour TDI Global Hackathon. Led DevOps automation deploying full-stack application to GCP Cloud Run with GitHub Actions CI/CD, Terraform infrastructure-as-code, Cloud SQL PostgreSQL, and Artifact Registry. Contributed to Python backend implementing Google Vertex AI integration for agricultural legislation analysis. Delivered production-ready infrastructure and working AI demo within hackathon timeframe.

24-Hour Hackathon: AI-Powered Legislation Assistant

What I Accomplished

• ▸Complete GitHub Actions CI/CD automation: build, push, deploy workflows with workload identity federation
• ▸Terraform infrastructure-as-code: Cloud Run services, Cloud SQL PostgreSQL, Artifact Registry provisioning
• ▸Multi-stage deployment pipeline: automated PR previews and auto-apply on main branch
• ▸Workload Identity Federation for secure GCP authentication without service account keys
• ▸Google Vertex AI integration for agricultural legislation analysis and summaries
• ▸Full infrastructure automation and working AI demo delivered within 24-hour hackathon timeline
• ▸Multi-cloud architecture coordination (GCP + Azure + OpenShift)

DevOps and infrastructure management for Romanian national GNSS reference station network. Implemented RINEX3 data processing pipeline with advanced filtering, quality control, and multi-tenant API management. Built containerized accounting module with dual-VM architecture, automated GitLab CI/CD pipelines, and comprehensive infrastructure monitoring. Managed legacy PHP application maintenance with automated cleanup mechanisms and infrastructure optimization.

National GNSS Infrastructure Platform

What I Accomplished

• ▸Built dual-VM containerized architecture for accounting module: separate API (FastAPI + PostgreSQL) and UI (React + Nginx) infrastructure
• ▸Implemented rootless Podman deployment with systemd user services for automatic recovery and linger-enabled persistence
• ▸GitLab CI/CD pipelines with manual-triggered deployments, automated Alembic migrations (upgrade/downgrade), and image retention policies
• ▸RINEX3 data processing pipeline: advanced DOY filtering, multi-station commands, sampling rate configuration, automated quality visualization
• ▸Extended command system with decimation, hourly periods, API-based archive generation, and fallback mechanisms
• ▸Infrastructure monitoring automation: automated disk cleanup with systemd timers, PostgreSQL backup with 7-day retention, NFS storage monitoring
• ▸API key management dashboard with backend synchronization, role-based permissions, and expiration control
• ▸Legacy PHP application maintenance: systematic refund tracking for failed orders, infrastructure cost analysis, service health monitoring
• ▸Multi-environment deployment strategy with separated runners (api/ui tags) and sudo-restricted command execution for security

End-to-end infrastructure setup and CI/CD automation for Romanian national GIS platform across dev, staging, and production environments. Built complete containerized architecture with Podman rootless, HAProxy load balancing, Consul service discovery, and automated GitLab pipelines. Configured multi-VM infrastructure with comprehensive monitoring, firewall management, and zero-downtime deployment strategies.

Multi-Environment Service Mesh Infrastructure

What I Accomplished

• ▸Multi-environment infrastructure setup: complete VM provisioning and configuration for dev, staging, and production (13+ VMs)
• ▸HAProxy load balancer with Consul-template dynamic service discovery: zero-downtime config regeneration and USR2 reload
• ▸Consul service mesh: server setup, agent deployment across all nodes (FE/BE/ArcGIS), automatic health checks and service registration
• ▸Rootless Podman deployment with custom storage configuration (/opt/podman-storage) to prevent disk exhaustion and systemd user services
• ▸GitLab CI/CD pipelines with manual-triggered tag-based deployments, SSH orchestration, and environment-specific .env injection
• ▸RabbitMQ + MinIO infrastructure: containerized message broker and object storage with Nginx reverse proxy and TLS termination
• ▸Comprehensive firewall configuration with nftables: restrictive policies, NAT for rootless containers (80→8080, 443→8443), interface-specific rules
• ▸Multi-region backend deployment: automated rollout to 4 backend nodes with profile-based Podman Compose (dev/staging/production)
• ▸Frontend deployment automation: Buildah image builds, network host mode containers, environment-specific build args for Vite
• ▸Monitoring stack integration: Prometheus scrape configs for haproxy_exporter, consul_exporter, node_exporter, and ASP.NET Core metrics
• ▸TLS certificate management: Nginx configurations with client-provided certificates for production, self-signed for dev/staging
• ▸Persistent container orchestration: linger-enabled systemd user services, automatic recovery, and consul-template.service for config updates

Full-stack e-commerce web application for selling personalized vinyl stickers. Built complete online store with ASP.NET Core, Razor Pages, SQL Server, and Bootstrap. Implemented advanced filtering, favorites system, order management, and automated email notifications. Designed for B2C market with focus on user experience and operational efficiency.

E-Commerce Platform for Custom Stickers

What I Accomplished

• ▸Complete e-commerce platform: product catalog, shopping cart, checkout, order tracking, and review system
• ▸Advanced filtering system: search by name, category, price range, and favorites with dynamic card rendering
• ▸ASP.NET Identity integration: secure authentication, registration, password recovery, and email verification
• ▸Automated email notifications: order confirmation, status updates, account activation with reusable templates
• ▸Admin dashboard: product management (CRUD), order processing, analytics with monthly charts and popular products
• ▸Responsive design: Bootstrap-based UI with card flip animations, mobile-optimized navigation, and clean color palette
• ▸SQL Server database: relational schema with migrations, Entity Framework Core ORM, and optimized queries
• ▸Discount system: percentage-based pricing with visual indicators on product cards and cart

Built highly modular and reusable Helm library chart for streamlined Kubernetes application onboarding. Developed templating system that eliminates repetitive configuration files - applications only need a values file and library import to deploy. Focused on DRY principles and reducing deployment complexity through shared, configurable templates.

Modular Helm Library for Kubernetes Applications

What I Accomplished

• ▸Modular Helm library chart with reusable templates for common Kubernetes resources
• ▸Simplified application onboarding: only values file required, no repetitive YAML configuration
• ▸Templating system for deployments, services, ingress, configmaps, and secrets
• ▸DRY approach reducing configuration overhead and deployment errors

Java backend development project focused on building RESTful APIs and database integration for sports management application. Implemented server-side logic, data persistence layer, and API endpoints for sports-related data management.

Java Backend Development

What I Accomplished

• ▸RESTful API development with Spring Boot
• ▸Database schema design and integration
• ▸Backend business logic implementation
• ▸API endpoint testing and documentation

Android mobile application for tracking COVID-19 statistics and trends. Built native Android app with real-time data visualization, statistics dashboard, and local data caching for offline access.

Android Mobile Application

What I Accomplished

• ▸Native Android application with Material Design UI
• ▸Real-time COVID-19 data integration via REST APIs
• ▸Local data caching for offline functionality
• ▸Statistics visualization and trend analysis