https://github.com/stevehoober254/devops-portfolio

🚀 Advanced DevOps pipelines, IaC, observability stacks & multi-cloud deployment demos
https://github.com/stevehoober254/devops-portfolio

ansible automation bash-scripting chef ci-cd- devops devops-pipeline docker github-actions grafana infrastructure-as-code jenkins kubernetes prometheus puppet python-script terraform

Last synced: 3 months ago
JSON representation

🚀 Advanced DevOps pipelines, IaC, observability stacks & multi-cloud deployment demos

• Host: GitHub
• URL: https://github.com/stevehoober254/devops-portfolio
• Owner: stevehoober254
• Created: 2025-04-10T13:47:52.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-10T19:49:47.000Z (about 1 year ago)
• Last Synced: 2025-04-10T20:58:49.830Z (about 1 year ago)
• Topics: ansible, automation, bash-scripting, chef, ci-cd-, devops, devops-pipeline, docker, github-actions, grafana, infrastructure-as-code, jenkins, kubernetes, prometheus, puppet, python-script, terraform
• Homepage:
• Size: 8.79 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          
# ☁️ DevOps / Platform Engineer Portfolio — Stephen Gashoka

> Infrastructure-as-Code, CI/CD pipelines, Kubernetes, and multi-cloud automation. Production-grade reliability engineering with a focus on cost efficiency and self-healing systems.

![Terraform](https://img.shields.io/badge/Terraform-7B42BC?style=flat-square&logo=terraform&logoColor=white)

![Kubernetes](https://img.shields.io/badge/Kubernetes-326CE5?style=flat-square&logo=kubernetes&logoColor=white)

![Docker](https://img.shields.io/badge/Docker-2496ED?style=flat-square&logo=docker&logoColor=white)

![GitHub Actions](https://img.shields.io/badge/GitHub_Actions-2088FF?style=flat-square&logo=githubactions&logoColor=white)

![Prometheus](https://img.shields.io/badge/Prometheus-E6522C?style=flat-square&logo=prometheus&logoColor=white)

---

## Projects

### 1. Multi-Cloud CI/CD Pipeline with Secrets Rotation & Policy Compliance

**Problem:** Maintaining deployments, secrets, and compliance across AWS and Azure simultaneously without a unified control plane.

**Architecture:**

- **GitHub Actions** for pipeline orchestration

- **Terraform** modules for AWS (EKS) and Azure (AKS) provisioning

- **HashiCorp Vault** for dynamic secrets with auto-rotation

- **Open Policy Agent (OPA)** for pre-deployment policy enforcement (no public S3 buckets, no privileged containers)

- **LaunchDarkly** for canary/feature-flag releases

- **Slack webhooks** for deployment notifications

**Key decisions:**

- Chose Vault over AWS Secrets Manager to stay cloud-agnostic

- OPA policies run as a GitHub Actions step before `terraform apply` — shift-left compliance

- Canary deployments roll out to 5% traffic via weighted K8s services before full cutover

**Stack:** Terraform · GitHub Actions · Vault · OPA · Kubernetes · Helm · Slack API

---

### 2. Infrastructure Cost Tracker & Optimizer

**Problem:** Cloud spend spiralling due to idle resources and over-provisioned instances.

**Architecture:**

- **Infracost** integrated into GitHub Actions PRs — cost diff shown before merge

- **AWS Lambda** (scheduled) scans for idle EC2, unattached EBS volumes, and unused RDS snapshots

- Results pushed to a **Grafana** dashboard (backed by TimescaleDB)

- **Slack alerts** when weekly spend exceeds defined thresholds

- Auto-generates Terraform `destroy` plans for approved idle resources

**Key decisions:**

- TimescaleDB over plain Postgres for efficient time-series cost queries

- Lambda runs on a cron — no always-on infra cost for the cost tracker itself (irony avoided)

**Stack:** Terraform · Pulumi · Infracost · AWS Lambda · Grafana · TimescaleDB · Slack API

---

### 3. Self-Healing Kubernetes Cluster for Event-Driven Systems

**Problem:** Event-driven microservices fail silently under Kafka lag spikes, causing downstream data loss.

**Architecture:**

- **KEDA** for Kafka-lag-based autoscaling of consumer pods

- **Karpenter** for dynamic node provisioning (scale-in within 2min of idle)

- **Prometheus + Alertmanager** for metrics and alert routing

- **ArgoCD** for GitOps-based continuous deployment

- **Chaos Engineering** with Chaos Monkey for periodic failure injection tests

**Key decisions:**

- KEDA over HPA because HPA can't natively scale on external event sources like Kafka

- ArgoCD's sync waves used to enforce deployment ordering (infra → services → consumers)

**Stack:** Kubernetes · KEDA · Karpenter · ArgoCD · Helm · Prometheus · Grafana · Chaos Monkey

---

## Skills demonstrated

| Area | Technologies |

|---|---|

| IaC | Terraform, Ansible, Pulumi |

| CI/CD | GitHub Actions, Jenkins, ArgoCD |

| Containers | Docker, Kubernetes, Helm, Karpenter |

| Observability | Prometheus, Grafana, Loki, Alertmanager |

| Cloud | AWS (EKS, Lambda, Glue, RDS), GCP (GKE), Azure (AKS) |

| Security | Vault, OPA, SOPS, Trivy |

| Cost | Infracost, AWS Cost Explorer integration |

---

📧 stephengachoka57@gmail.com | 🌐 [stephengachoka.co.ke](https://stephengachoka.co.ke) | 📍 Nairobi, Kenya