Healthcare Infrastructure Setup / DevSecOps
In ProgressInfrastructure Engineer (Team Project)Team Project03/2026 - Present
Designed and deployed a hybrid-cloud infrastructure (AWS + OpenStack private cloud) for a digital healthcare platform, integrating full DevSecOps practices including CI/CD security gates, GitOps, SIEM, and comprehensive observability.
Responsibilities
- Provisioned K3s Kubernetes cluster on OpenStack (3 nodes) and managed AWS resources (ALB, EC2, S3, CloudFront) using Terraform with daily drift detection
- Built DevSecOps CI/CD pipelines (GitHub Actions) with Trivy; reduced 47 Trivy vulnerabilities through pipeline-enforced remediation; deployed observability stack (Prometheus, Grafana, Loki) and Wazuh SIEM with Telegram alerting across hybrid nodes.
- Implemented ArgoCD GitOps with manual sync policy and enforced immutable image tags in production overlays
- Bridged AWS and OpenStack networks via WireGuard VPN tunnel; exposed internal services through Cloudflare Tunnel without public IPs
- Deployed kube-prometheus-stack (Prometheus, Grafana, Alertmanager) with hybrid node scraping across K3s and AWS; Loki + Promtail for centralized log aggregation; Telegram alerting for critical and warning events
- Deployed Wazuh SIEM with 6 agents across all nodes, integrated AWS CloudTrail S3 logs, and wrote custom Telegram alert integration
- Automated infrastructure auditing with Ansible and dynamic inventory from Terraform outputs; configured double ProxyJump SSH for private AWS nodes
Architecture
Frontend: User → Cloudflare DNS → CloudFront → S3 (static)
API: User → ALB → EC2 Backend (HA x2) → WireGuard VPN
→ OpenStack K3s → Database / OCR Service
Internal: User → Cloudflare Tunnel → K3s Ingress (OpenStack)
→ Grafana / Prometheus / ArgoCD / WazuhAWS (ALB, EC2, S3, CloudFront, SSM, CloudTrail)OpenStackK3s / KubernetesDockerWireGuardCloudflare TunnelGitHub ActionsArgoCDTerraformAnsiblePrometheus / Grafana / Loki / Promtail / AlertmanagerWazuh SIEM - Trivy / SonarQube