Portfolio¶
2024¶
ArgoCD GitOps Implementation inside AWS EKS¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
This project focuses on implementing a GitOps workflow using ArgoCD in an AWS Elastic Kubernetes Service (EKS) environment. The goal is to streamline application deployment and infrastructure management by leveraging the GitOps methodology:
- Develop a GitLab CI/CD pipeline to build Docker images for the application, Push the Docker images to AWS Elastic Container Registry (ECR).
- Set up ArgoCD to monitor the k8s-infra Git repository for application and infrastructure manifests using Helm Charts
- Setup ArgoCD Image Updater for auto update image tag from AWS ECR
- Automate synchronization between the Git repository and the AWS EKS cluster to ensure desired state configurations.
Outcomes: - Efficient and automated application delivery process. - Reliable Kubernetes infrastructure state management via GitOps principles. - Enhanced scalability and observability for cloud-native applications on AWS EKS. - Single source of truth and version control for kubernetes cluster config.
AWS EKS - Kubernetes Cluster Installation and Configuration¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
This project sets up a fully operational Kubernetes cluster on Amazon EKS, designed for scalability, security, and high availability of containerized workloads.
Key Deliverables: - Cluster Setup: Provision EKS cluster with secure VPC, subnets, and security groups using AWS Console, CLI, or IaC (Terraform/CloudFormation). - Node Groups: Deploy managed/self-managed EC2 or Fargate nodes integrated with the EKS control plane. - Networking: Configure VPC CNI for pod networking, set up ALB/ELB/NLB for external traffic. - Access Control: Implement IAM roles and Kubernetes RBAC for fine-grained security. - Monitoring & Logging: Enable CloudWatch, metrics-server, FluentD, and centralized log collection. - Autoscaling: Deploy Cluster Autoscaler to dynamically adjust resources based on workload demands. Add-ons & Tooling: Install Helm, ArgoCD, cert-manager, nginx-ingress, infisical-secret-operator, CoreDNS, and storage solutions (EBS/EFS).
Outcomes:
- Production-ready Kubernetes cluster on AWS EKS.
- Scalable, secure, and automated environment for containerized applications.
- Integrated monitoring, logging, and DevOps tooling for smooth operations.
Implement DevSecOps Gitlab CI/CD Pipeline¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Implemented a self-hosted GitLab instance on AWS for a large-scale project, providing a robust and secure version control system (VCS) for managing the company’s codebase.
Technologies: GitLab, AWS, Docker, Terraform, Ansible
Key Contributions:
- Set up AWS EC2 instances with Docker containers running GitLab.
- Automated infrastructure deployment using Terraform and Ansible.
- Enabled CI/CD pipelines for multiple development teams to streamline project releases.
DevSecOps Pipeline Using Trivy¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Designed and integrated a DevSecOps pipeline in GitLab CI/CD to enhance security by performing automatic vulnerability scanning on container images.
Technologies: GitLab CI/CD, Trivy, Docker
Key Contributions:
- Integrated Trivy for vulnerability scanning in the CI/CD pipeline.
- Automated the process of detecting and reporting vulnerabilities in Docker images.
- Reduced the time spent on manual security checks, improving release cycles.
2023¶
Gitlab Runner Cost Optimization using spot instance¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Optimized GitLab CI/CD pipeline infrastructure by migrating GitLab Runners to AWS EC2 Spot Instances, reducing operational costs while maintaining reliability and scalability.
Technologies: AWS (EC2 Spot, Auto Scaling Groups, IAM, CloudWatch), GitLab Runner, Docker, Terraform, Ansible
Key Contributions: - Designed and deployed GitLab Runners on AWS EC2 Spot Instances, achieving significant cost savings compared to on-demand instances.
- Configured Auto Scaling Groups and Launch Templates to ensure resilient and scalable runner pools.
- Implemented fallback strategies with On-Demand instances to handle Spot interruptions and maintain pipeline stability.
- Automated provisioning and configuration with Terraform & Ansible, reducing manual overhead.
- Integrated CloudWatch monitoring & alerts to track runner performance, availability, and cost efficiency.
- Result: ~60–70% cost reduction in CI/CD runner infrastructure while maintaining SLA.
Setup and configure Gitlab Self Hosted for company code repository¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Implemented and configured a self-hosted GitLab platform to serve as the company’s central code repository, enabling secure, collaborative, and efficient software development workflows.
Technologies: GitLab CE/EE, Linux Ubuntu, Nginx, PostgreSQL, Docker, SSL/TLS, CI/CD Pipelines
Key Contributions: - Installed and configured self-hosted GitLab on company infrastructure with high availability and secure networking.
- Integrated PostgreSQL backend and Nginx reverse proxy with SSL/TLS for secure code management.
- Migrated existing repositories into GitLab, ensuring smooth transition with minimal downtime.
- Configured GitLab Runners to support automated build/test/deployment pipelines.
- Implemented role-based access control (RBAC) and LDAP/SSO integration for secure developer access.
- Automated backups and disaster recovery plans to protect source code assets.
- Delivered a reliable, self-hosted platform for source control, CI/CD, and collaboration.
Migrate to Docker and Optimize Wordpress Company Profile¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Migrated the company’s WordPress-based company profile website into a Dockerized environment, improving scalability, maintainability, and performance while reducing operational overhead.
Technologies: Docker, Docker Compose, Nginx, MySQL/MariaDB, PHP-FPM, Let’s Encrypt (SSL/TLS), Cloudflare
Key Contributions: - Containerized WordPress, MySQL, and Nginx using Docker & Docker Compose, standardizing deployments.
- Optimized PHP-FPM, caching, and Nginx configuration for faster page loads and reduced resource usage.
- Configured reverse proxy with SSL/TLS (Let’s Encrypt) and integrated Cloudflare for enhanced security and performance.
- Automated deployment workflows for development, staging, and production environments.
- Implemented monitoring and alerting to ensure uptime and detect performance bottlenecks.
- Result: Achieved ~40% faster response times and simplified maintenance with containerized infrastructure.
DevOps New Generation Banking System - KB Bukopin Project¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Supported the New Generation Banking System (NGBS) project for KB Bukopin, providing DevOps solutions to ensure scalable, secure, and automated infrastructure for a mission-critical banking platform mobile apps.
Technologies: Gitlab CI/CD, Fastlane
Key Contributions: - Setup Gitlab and Gitlab Runner on-premise server - Implemented CI/CD pipelines with GitLab to automate testing, deployment, and security scanning.
- Collaborated with development teams in an Agile/Scrum environment to streamline DevOps workflows.
- Delivered a secure, scalable, and resilient infrastructure on-premise foundation for the next-gen digital banking platform.
Product Capstone - Communicare - Bangkit Academy 2023¶
Project Information
Bangkit Academy 2023
Communicare is a mobile application developed as part of the Bangkit Academy 2023 Capstone Project (Team C23-PS325). The app combines communication psychology principles with machine learning to help users improve their communication skills through personalized recommendations, practice scenarios, and interactive exercises.
Technologies: Google Cloud Platform (GCP), Firebase, Cloud Run, Docker, GitHub Actions (CI/CD), Git, Python, Machine Learning APIs
Key Contributions: - Set up and managed the cloud environment on GCP to support application backend and ML services.
- Automated deployment workflows with CI/CD pipelines using GitHub Actions.
- Configured and deployed application services on Cloud Run & Firebase, ensuring scalability and reliability.
- Managed repository structure, version control, and collaboration workflows across the development team.
- Authored project documentation for deployment, system design, and DevOps processes.
- Delivered a stable, cloud-native foundation that enabled the team to focus on building ML-driven features for the app.
2022¶
Project Sistem OCR machine learning - EZxtract Project¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Contributed to the EZxtract OCR Machine Learning Project, which leverages AI/ML for automated text extraction. My role focused on setting up and configuring the server infrastructure to ensure reliable deployment and service delivery of the OCR application.
Technologies: Linux Centos, Python, Gunicorn, Nginx (reverse proxy), Systemd, Firewall, OCR/ML stack (Python-based)
Key Contributions: - Installed and configured application server environment for OCR/ML workloads.
- Deployed Python application with Gunicorn as WSGI server for efficient request handling.
- Set up Nginx reverse proxy with proper routing, SSL/TLS, and firewall rules for secure access.
- Created systemd services for Gunicorn to ensure process auto-restart and reliability.
- Collaborated with ML developers to integrate and optimize the OCR service on production infrastructure.
- Delivered a stable, secure, and production-ready environment for the OCR application.
Project Internal Apps IDStar IDSWP¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Supported the development and deployment of internal company applications (IDSWP) using a microservices architecture containerized with Docker Compose. The goal was to streamline application delivery, improve maintainability, and standardize development environments.
Technologies: Docker, Docker Compose, Nginx, PostgreSQL/MySQL, Redis, GitLab CI/CD, Linux
Key Contributions: - Designed and implemented a microservices-based architecture using Docker Compose for multiple internal applications.
- Containerized backend services (API, database, cache) and integrated them into a single orchestrated stack.
- Configured reverse proxy (Nginx) and load balancing for service routing.
- Integrated with GitLab CI/CD pipelines to automate build, test, and deployment workflows.
- Set up persistent storage volumes for databases and services to ensure data durability.
- Improved developer productivity by providing a standardized, reproducible environment across teams.
- Delivered a more efficient and maintainable deployment process for IDStar’s internal platforms.
Grafana Resource Monitoring, Logging, And Alerting System¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Designed and deployed a centralized monitoring, logging, and alerting system to improve visibility, reliability, and performance of infrastructure and applications across multiple environments.
Technologies: Grafana, Prometheus, Loki, Promtail, Alertmanager, CloudWatch, Linux, Docker/Kubernetes
Key Contributions: - Implemented Prometheus for metrics collection and configured exporters for infrastructure, Kubernetes, and applications.
- Deployed Grafana dashboards to provide real-time visibility into CPU, memory, disk, and network usage.
- Set up Loki & Promtail for log aggregation and visualization, reducing troubleshooting time.
- Configured Alertmanager & Grafana Alerts with email/Slack integrations for proactive incident notifications.
- Integrated monitoring with CloudWatch and Kubernetes clusters to unify observability across platforms.
- Delivered a scalable monitoring stack that improved system reliability and reduced mean-time-to-recovery (MTTR).
Amazon Cloudwatch EC2 Resource Monitoring¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Implemented Amazon CloudWatch monitoring for EC2 instances to track resource utilization, enable proactive alerting, and improve operational visibility for cloud workloads.
Technologies: AWS CloudWatch, CloudWatch Alarms, EC2, IAM, SNS, Linux
Key Contributions: - Configured CloudWatch metrics to monitor EC2 performance (CPU, memory, disk, and network usage).
- Created CloudWatch Alarms with thresholds for critical metrics to trigger proactive notifications.
- Integrated Amazon SNS for real-time alerts via email/Slack channels.
- Implemented custom metrics (memory & disk) using CloudWatch Agent on Linux instances.
- Provided dashboards for system health visibility and improved incident response time.
Setup Taiga Project open-source project management tool¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Implemented and and configured Taiga, an open-source agile project management platform, to improve project tracking, sprint planning, and team collaboration within the company.
Technologies: PostgreSQL, Nginx, Docker, Ubuntu Linux, SSL/TLS
Key Contributions: - Installed and configured a self-hosted Taiga server with PostgreSQL database.
- Set up Nginx reverse proxy with SSL/TLS for secure and reliable access.
- Deployed services with Docker to simplify updates and maintenance.
- Configured user roles and permissions to support agile workflows.
- Delivered a stable and user-friendly project management tool that enhanced team productivity.
GitLab Event Notification Integration with Mattermost Webhook¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Overview: Implemented an integration between GitLab and Mattermost using webhooks to deliver real-time notifications of repository and pipeline activities, improving team communication and response time.
Technologies: GitLab, Mattermost, Webhook API, Linux
Key Contributions: - Configured GitLab webhook integration to send pipeline, merge request, and issue events to Mattermost channels.
- Automated real-time notifications to relevant project teams for faster feedback and collaboration.
- Enhanced developer awareness of CI/CD processes, reducing delays and improving project visibility.
- Delivered a lightweight, reliable integration without third-party dependencies.
Cost Alert AWS SNS Integration With Mattermost¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Overview: Implemented a cost monitoring and alerting system by integrating AWS SNS (Simple Notification Service) with Mattermost, enabling real-time notifications for cloud billing and usage thresholds.
Technologies: AWS SNS, AWS CloudWatch, IAM, Mattermost Webhook, Linux
Key Contributions: - Configured AWS CloudWatch billing alarms to detect unusual usage or cost spikes.
- Integrated CloudWatch alarms with SNS topics to trigger cost alerts automatically.
- Connected SNS notifications to Mattermost channels via webhook for real-time visibility.
- Established proactive monitoring, reducing risks of unexpected AWS billing issues.
- Improved cost governance by ensuring the operations team received instant alerts.
Website Uptime Monitoring System (Uptime Kuma)¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Deployed and configured Uptime Kuma, an open-source uptime monitoring solution, to continuously track website availability and performance, ensuring reliable operations and proactive incident response.
Technologies: Uptime Kuma, Docker, Nginx, Linux, SSL/TLS, Notification Integrations (Email/Mattermost/Slack)
Key Contributions: - Installed and configured Uptime Kuma in a Dockerized environment for easy deployment and maintenance.
- Monitored critical company websites and services with health checks, latency tracking, and availability metrics.
- Integrated alerting via email and Mattermost for real-time incident notifications.
- Secured the monitoring dashboard with reverse proxy (Nginx) and SSL/TLS.
- Delivered a cost-effective uptime monitoring solution, reducing downtime impact and improving response time.
Cross-Account Migration of EC2 Instances and S3 Buckets¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Executed a cross-account AWS migration by transferring EC2 instances and S3 buckets between AWS accounts. This project ensured secure data transfer, minimal downtime, and compliance with company cloud governance policies.
Technologies: AWS EC2, S3, IAM, AWS CLI, CloudWatch, Linux
Key Contributions: - Planned and executed EC2 instance migration (AMI backup, snapshot replication, and launch in target account).
- Migrated S3 buckets with secure cross-account permissions, bucket policies, and data synchronization.
- Implemented IAM role-based access control to ensure secure data transfer between accounts.
- Verified service integrity post-migration with monitoring and validation checks.
- Minimized downtime and ensured business continuity during migration activities.
Migrasi Server OCR Server Machine GCP¶
Project Information
PT. IDstar Cipta Teknologi - DevOps Engineer
Migrated an on-premises OCR server to Google Cloud Platform (GCP), improving scalability, reliability, and cost efficiency while ensuring smooth integration with existing services.
Technologies: Google Cloud Platform (GCP), Compute Engine, Cloud Storage, IAM, Linux, Nginx, Firewall
Key Contributions: - Planned and executed the migration of OCR server workloads from on-premises to GCP Compute Engine.
- Configured firewalls, networking, and IAM roles to ensure secure access and compliance.
- Integrated OCR application services with Cloud Storage for scalable data handling.
- Set up reverse proxy (Nginx) and system services for stable and optimized performance.
- Conducted post-migration validation to ensure application functionality and uptime.
- Delivered a cloud-based OCR infrastructure with higher availability and easier maintenance.
Google Workspace Admin Implementation¶
Project Information
PT. Unicorn Tosan Perkasa
Implemented and configured Google Workspace Admin Console to centralize company email, collaboration, and user management. The project enhanced productivity, security, and administrative control across the organization.
Technologies: Google Workspace (Gmail, Drive, Docs, Calendar, Meet), Admin Console, DNS (MX, SPF, DKIM, DMARC), SSO/2FA
Key Contributions: - Deployed and configured Google Workspace Admin Console for company-wide collaboration.
- Migrated user accounts, groups, and email services into Google Workspace.
- Set up DNS records (MX, SPF, DKIM, DMARC) to secure and authenticate email delivery.
- Implemented role-based access and 2FA for enhanced account security.
- Trained staff on using Gmail, Drive, and Meet effectively to improve adoption.
- Delivered a centralized, secure, and scalable productivity suite for the organization.
On-Premises Infrastructure Migration to Amazon Web Service Cloud¶
Project Information
Sekolah DevOps Cilsy Batch #14
Overview: Migrated a traditional on-premises infrastructure to AWS Cloud, modernizing deployment processes, reducing operational costs, and improving scalability and reliability.
Technologies: AWS (EC2, VPC, IAM, S3, RDS, CloudWatch), Linux, Terraform, Ansible, Nginx, Docker
Key Contributions: - Assessed on-premises workloads and designed a migration strategy to AWS.
- Migrated applications, databases, and storage into EC2, RDS, and S3 with minimal downtime.
- Implemented Terraform and Ansible for Infrastructure-as-Code and automated provisioning.
- Configured VPC, IAM roles, and security groups to ensure compliance and secure access.
- Enabled monitoring and alerting with CloudWatch to maintain operational visibility.
- Delivered a scalable, cost-efficient cloud infrastructure that replaced legacy on-prem systems.
Build Infrastructure Container Orchestration Based / Kubernetes¶
Project Information
Sekolah DevOps Cilsy Batch #14
Designed and deployed a container orchestration platform using Kubernetes to manage microservices workloads, improve scalability, and enable automated deployments in a production-like environment.
Technologies: Kubernetes, Docker, Nginx Ingress, Linux, Terraform
Key Contributions: - Deployed and configured a Kubernetes cluster to orchestrate containerized applications.
- Designed microservices infrastructure with Docker and Helm charts for efficient deployment.
- Implemented Nginx Ingress Controller for load balancing and routing external traffic.
- Delivered a scalable and highly available orchestration platform for application workloads.
Build Infrastructure on Premises for Web Apps¶
Project Information
Sekolah DevOps Cilsy Batch #14
Overview: Designed and implemented an on-premises infrastructure environment to host and manage web applications, ensuring secure networking, scalability, and maintainability before transitioning to cloud platforms.
Technologies: Linux, Nginx, Apache, MySQL/PostgreSQL, Docker, Virtualization (Proxmox/VMware), Firewall
Key Contributions: - Set up virtualized infrastructure on-premises for running multiple web application environments.
- Deployed web servers (Nginx/Apache) and configured databases (MySQL/PostgreSQL).
- Implemented reverse proxy, SSL/TLS, and firewall rules to secure application access.
- Containerized selected workloads using Docker to simplify deployment and maintenance.
- Documented infrastructure setup and migration paths to support future cloud adoption.
- Delivered a reliable and maintainable environment for hosting business-critical web apps.
Tendean Office LAN Network Installation¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
2021¶
HR System Migration Into Virtual System Proxmox¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Installation and Configuration Proxmox VE¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Internet Bandwidth QoS Optimization¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Fortigate 30E installation and configuration¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Mikrotik replacement and configuration migration¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Zimbra Email Migration To Google Workspace¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
2020¶
Implementing Zabbix Monitoring System¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
VPN IPSec/L2TP Network Implementation¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Bandwidth Improvement And Optimization¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
2019¶
Core Router Migration & Replacement¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
CCTV System migration¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Video Conference Room Infrastructure Installation¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
Computer Network Performance Improvement Mikrotik¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc
2018¶
CV. Lintas Opsi Gradasi Informatika Design LAN¶
Project Information
PT. Unicorn Tosan Perkasa
Overview - Bla Bla Bla
Technologies: A, B, C
Key Contributions: - point 1 - point 2 - point 3 - etc