My Work
Platforms, tooling, and AI systems that solve real problems at scale.
ROSA Cloud Platform
Red Hat OpenShift on AWS (HCP) - multi-cluster GitOps with SRE guardrails, secrets management via Vault, and full APRA CPS 230 compliance attestation for a major Australian bank.
Enterprise Kubernetes Platform
Golden-path Kubernetes platform on EKS/AKS/GKE - Kyverno policy-as-code, KRO (Kubernetes Resource Orchestrator) for composable abstractions, multi-tenancy, OPA gatekeeper, and an internal developer portal (Backstage) for full self-service onboarding.
Custom Kubernetes Operator (Go)
Built a production Kubernetes operator with Kubebuilder - defining custom CRDs and reconciliation loops that abstract complex multi-resource deployments into a single developer-facing resource. Handles lifecycle management, status reporting, and automated remediation.
GitOps Pipeline Factory
Built a reusable GitOps pipeline factory using GitHub Actions and Argo CD - enforcing promotion gates, environment parity, drift detection, and automated rollback across 30+ microservices.
RAG Chat Agent Platform
Production-grade RAG system with a multi-agent orchestration layer - ingests documents, websites, and databases into a vector store and exposes a context-aware chat interface with citation support and hallucination guardrails.
Autonomous AI Agent System
Multi-agent system using LangGraph and n8n - agents that browse the web, read emails, execute code, call APIs, and chain decisions across workflows. Handles tasks autonomously end-to-end with minimal human input.
Multi-Cloud Container Mirror
Python CLI tool for mirroring container images simultaneously across AWS ECR, GCP Artifact Registry, Azure ACR, JFrog Artifactory, and DigitalOcean - with parallel sync, dry-run mode, and full CI/CD integration.
Multi-Cloud Mirror (Shell)
Lightweight Bash-based container image mirroring tool - mirrors images across AWS ECR, GCP Artifact Registry, and Azure ACR using shell scripts and crane. Designed for minimal-dependency CI environments where Python is not available.
Repo Radar
CLI dashboard for GitHub repository analytics - stars, forks, language breakdown, top contributors, recent commits, AI-powered health score (0-100), activity metrics, and side-by-side repo comparison with JSON export.
Have a project? Let’s build something excellent.
From GitOps platforms to n8n automations and AI/ML integrations-ship faster with reliability and compliance.
Cloud Platforms, AI Systems & Open-Source Engineering
The projects here represent years of hands-on engineering across cloud infrastructure, AI/ML, and open-source tooling. Each was built to solve a real problem - whether that means spinning up a production-ready Kubernetes platform for a regulated financial institution, wiring an LLM into an enterprise knowledge base, or building a custom Kubernetes operator that manages complex application lifecycle declaratively.
ROSA & EKS Cloud Platforms
Building and operating Red Hat OpenShift Service on AWS (ROSA) and Amazon EKS platforms for enterprise clients is a core strength. These platforms integrate GitOps delivery via Argo CD, policy enforcement via Kyverno, multi-cluster observability with Prometheus and Grafana stacks, and secret management through Vault and AWS Secrets Manager. Compliance with Australian regulatory frameworks including APRA CPS 230 is built in from the start - not retrofitted.
Custom Kubernetes Operators (Kubebuilder & KRO)
Custom operators extend Kubernetes with business-specific automation. Using Kubebuilder and the emerging KRO (Kubernetes Resource Orchestrator) framework, production operators have been built that manage application lifecycle, handle rolling configuration updates across namespaces, and enforce organisational patterns through admission webhooks. These operators reduce manual toil and eliminate configuration drift at scale.
RAG Chat Agent Platform
A production Retrieval-Augmented Generation (RAG) platform that connects enterprise documentation to large language models - delivering accurate, context-grounded answers without hallucination. Built with LangChain, Python, and a vector database backend, this system handles document ingestion, chunking, embedding, retrieval, and LLM response generation with full observability and rate-limit controls.
Open-Source: Multi-Cloud Mirror & Repo Radar
multi-cloud-mirror-python is a tool for mirroring container images across AWS ECR, Azure ACR, and GCP Artifact Registry - solving a common multi-cloud sprawl problem with a clean, declarative configuration model. Repo Radar is a GitHub repository analytics CLI built for developer productivity insights, surfacing contributor patterns, commit frequency, and issue resolution metrics across large engineering organisations.
Read more about the engineering background or get in touch to discuss a project.
AWS Infrastructure Design
Public DNS & Multi-Tier Load Balancing Architecture
One of the most complex and impactful infrastructure designs delivered is a production-grade multi-endpoint AWS networking architecture - purpose-built to route public internet traffic through a layered stack of Route 53, Application Load Balancers, Network Load Balancers, and directly into EKS workloads with precise control over each traffic path.
Route 53 - Public Hosted Zone Design
The architecture starts with AWS Route 53 public hosted zones managing all external DNS for the platform. Rather than a flat DNS model, the design uses a multi-record approach - weighted routing for gradual traffic shifting during deployments, latency-based routing for geo-aware distribution across AWS regions, and failover routing with health checks to automatically reroute traffic when downstream endpoints become unhealthy. Alias records point to ALB and NLB endpoints, keeping TTLs low without incurring additional DNS lookup costs.
ALB, NLB & EKS - Layered Load Balancing
Traffic entering the platform splits at the load balancer tier depending on protocol and workload type. Application Load Balancers (ALB) handle all HTTP/HTTPS traffic - serving as the primary ingress layer for customer-facing APIs and web applications running in EKS. The AWS Load Balancer Controller is deployed inside the cluster to provision and manage ALB target groups dynamically from Kubernetes Ingress and Service resources, enabling fully declarative ingress management through GitOps. For workloads requiring TCP-level routing, TLS passthrough, or low-latency connection handling, Network Load Balancers (NLB) sit alongside the ALBs - used for gRPC services, database proxies, and internal microservice traffic that must bypass the application layer.
EKS Cluster Integration & Security Boundaries
The EKS clusters sit in private subnets behind the load balancer tier, with no direct internet exposure. VPC security groups enforce strict allow-listing between the ALB/NLB security groups and the node groups, ensuring no lateral movement is possible. Pod-level network policies (via Cilium) add an additional micro-segmentation layer inside the cluster. AWS ACM certificates are managed centrally and automatically attached to ALB listeners - providing TLS termination at the edge without manual certificate rotation.
Architecture Outcomes
This architecture has delivered measurable outcomes in production: zero-downtime weighted blue/green deployments across EKS node groups, automated certificate rotation, sub-30-second health-check failover, and full GitOps-driven ingress management with no manual console changes. The design is auditable end-to-end - critical for regulated financial services environments operating under APRA CPS 230.
Interested in how this architecture could apply to your platform? Start a conversation.