Designing, automating, and operating production infrastructure - from serverless AWS to national-scale government platforms.

Architected and deployed a 5-node distributed platform spanning AWS, GCP, and physical edge (Jetson Nano), connected via WireGuard/VXLAN mesh overlay. Built SR-MPLS transport fabric using FRRouting with IS-IS adjacency and BGP AS65001, assigning segment routing labels for deterministic path selection.

Configured ONOS SDN controller with OpenFlow 1.3 managing 4 virtual devices and 12 bidirectional links. Integrated autonomous DQN + LSTM decision engine executing 20,820+ decision cycles with 1,015+ autonomous placement actions at 2ms latency and 84.5% average confidence.

Built heterogeneous inference pipeline across three GPU tiers - T4 (PyTorch, 150ms), L4 (ONNX-GPU, 90ms), Jetson Nano (TensorRT FP16, 24ms). Built Grafana observability stack with 29 real-time panels covering system metrics, network health, AI engine telemetry, and ONOS topology.

Leading DevOps implementation across three Ethiopian government entities - the Agricultural Transformation Institute, Ministry of Women and Social Affairs, and Ethiopian Disaster Risk Management Commission. Deployed production-grade RKE2 clusters with Rancher management, Istio service mesh with mTLS, and Keycloak SSO federation across all entities.

Architected dual-infrastructure deployments spanning Ethio Telecom cloud and on-premises environments with HA infrastructure including Hardware RAID 1+0, XCP-ng hypervisor, and WireGuard VPN tunnels. Currently implementing large-scale beneficiary data migration from ODK to OpenG2P for national social protection programs.

Designed AWS Lambda (Python 3.12) architecture serving REST APIs via FastAPI + Mangum, handling synchronous HTTP traffic and asynchronous job processing across dev/prod environments. Built containerized Lambda deployments using ECR with automated Docker builds and semantic version tagging.

Built end-to-end GitHub Actions pipeline with OIDC federation to AWS - zero long-lived credentials - automated testing, Docker build/push to ECR, Lambda deployment, and post-deploy migration triggers. Managed PostgreSQL (RDS) with PostGIS for geospatial queries, Alembic migrations with advisory locking.

Implemented SQS-driven async job processing with batch item failure reporting. Integrated OpenTelemetry distributed tracing with OTLP HTTP exporter and AWS X-Ray propagation. Implemented JWT authentication, role-based access control, and security headers middleware.

Deployed Docker and Kubernetes clusters with resource limits, HPA, and load balancing for mobile banking, USSD, and REST microservices on WildFly and Nginx. Implemented Jenkins pipelines automating the full lifecycle for Maven-based Java applications.

Managed Proxmox clusters for HA virtualization and AWS infrastructure. Configured ActiveMQ message brokering and MySQL tuning for banking workloads. Integrated ELK stack for centralized logging and Prometheus/Grafana for resource monitoring. Implemented Keycloak SSO, Heartbeat HA failover, and comprehensive security policies across production banking environments.

Architected and deployed for NDIT Solutions (US IT consulting firm) as an internal code review system replacing SaaS alternatives like CodeRabbit, Greptile, and Cursor. The system reduces external SaaS spend by an order of magnitude while keeping all source code inside NDIT's network, critical for serving regulated clients across cybersecurity, government, and financial services engagements where data sovereignty is a hard requirement.

Five specialized review agents - security, performance, code quality, architecture, and testing - run in parallel through an n8n orchestration layer. The system pulls merge requests from GitLab via webhook, splits diffs by file, dispatches them to the agents simultaneously, and aggregates findings into a single ranked review comment posted back to the MR with file-line-level annotations. Inference is served via Groq with Kimi K2 and Llama 3.3 70B models for sub-second per-agent latency.

End-to-end latency for a 64-file merge request is 39 seconds from webhook to posted review. Total infrastructure cost is approximately $50/month for 1,000+ reviews, compared to $5,000-$15,000/month for equivalent SaaS tooling at the same volume. Architecture is model-agnostic, allowing NDIT to swap inference providers (Groq, OpenAI, Anthropic, or fully self-hosted Llama/Mistral) without rewriting the orchestration layer.

Designed and deployed dual GitLab CI/CD pipelines for the Umoja Booking platform - a 10-service Docker Compose application requiring distinct deployment workflows for application services and AI services. Each pipeline runs on self-hosted GitLab runners with isolated execution environments and full audit logging.

The main 6-stage pipeline orchestrates: cleanup, supply-chain audit, parallel Docker builds across 5 services, Trivy vulnerability scanning at the container layer, staging deploy, production deploy. The AI service pipeline runs a 4-stage variant tailored for AI-specific build artifacts and inference dependencies.

Built-in disk cleanup automation prevents runner exhaustion. Dependency auditing catches transitive vulnerabilities before they reach production. Trivy scans every container image against known CVE databases with configurable severity thresholds. The result is a pipeline that developers actually trust - verified, audited, and reproducible from a clean state every time.

Deployed and operated the Kubernetes-orchestrated infrastructure for Ethiopia's Integrated Tax Administration System (ITAS) at the Ministry of Revenue. The platform processes national tax payment workflows with strict regulatory and uptime requirements typical of government revenue systems.

The deployment uses Ansible-driven configuration management for reproducible cluster provisioning, GitLab CI for pipeline automation across staging and production environments, and HashiCorp Vault for secrets management - keeping API keys, database credentials, and Keycloak client secrets out of code. Keycloak provides SSO across MoR services with fine-grained RBAC for tax officers, auditors, and administrators.

Observability is built on the ELK stack for centralized log aggregation, with Apache Superset and JasperReports providing structured business reporting on payment flows, audit trails, and reconciliation data. End-to-end health checks and resilience policies ensure the platform remains available during tax filing peak windows.