Website overhaul

_posts/projects/2023-10-15-server-administration.md

@@ -1,18 +1,50 @@
 ---
 layout: single
-title: IT Expert Role
-categories: projects server_admin unix
-excerpt: Linux server (Workstations and Web) and cloud infrastructure administration
+title: "LMU DevOps Admin"
+categories: projects
+tags: devops kubernetes server-administration infrastructure
+excerpt: "Managed LMU chair IT: Kubernetes, CI/CD, automation (2018-2023)."
 header:
-  teaser: assets/images/projects/arch.png
+  teaser: /assets/images/projects/arch.png # Corrected path
+role: System Administrator, DevOps Engineer, Network Administrator
+skills: Kubernetes (K3S), Ansible, Docker, CI/CD (GitLab CI, Argo CD), GitOps, Linux Server Administration (Debian, Arch), Networking (Traefik, WireGuard), Virtualization (Hyper-V), Storage (ZFS, Longhorn), Monitoring (WandB), Infrastructure as Code (IaC)
 ---
-![logo](\assets\images\projects\arch.png){: .align-left style="padding:0.1em; width:5em"}
-During my tenure at the Mobile and Distributed Systems Chair, I played a key role in the setup and maintenance of our technical infrastructure, including workstations, Windows server hypervisors, Linux file servers, and networking. Our approach to managing a diverse ecosystem of operating systems, hardware, and libraries involved extensive use of Ansible for orchestration.
 
-I spearheaded the transition of a significant portion of our services to Kubernetes (K3S), implementing a comprehensive toolchain that included Longhorn, Argo CD, Sealed Secrets, and GitLab. For managing ingress and egress, Traefik served as our automated proxy manager, enabling us to efficiently route traffic within our network and accommodate external users securely through WireGuard.
+![Arch Linux Logo](/assets/images/projects/arch.png){: .align-left style="padding:0.1em; width:5em" alt="Arch Linux Logo"}
+**Role:** IT Infrastructure & DevOps Lead (Informal)<br>
+**Affiliation:** Chair for Mobile and Distributed Systems, LMU Munich<br>
+**Duration:** 2018 - 2023 (Concurrent with Research Role)<br>
+**Objective:** Continious maintenance of IT infrastructure
 
-My experience extended to optimizing machine learning workflows, transitioning from unreliable SLURM-based setups to automated, high-performance workstation runs using Weights & Biases (WandB) for experiment management, leveraging our self-hosted GitLab registry for Docker container orchestration.
 
-This journey enriched my skills in Linux server administration, networking, infrastructure as code, and cloud-native technologies. It fostered a preference for minimalist, microservice-based architectures, and I've applied these principles to my personal projects, including self-hosting this website and other services, underscoring my commitment to practical, efficient technology solutions.
+During my tenure at the LMU Chair for Mobile and Distributed Systems, alongside my research activities, I assumed responsibility for the ongoing maintenance of the group's IT infrastructure. This encompassed Linux workstations, Windows Server-based hypervisors, Linux file servers (utilizing ZFS), and core network services.
 
-More of the tech stack I encountered on my journey is listed [here](/about).
+**Key Initiatives & Achievements:**
+
+*   **Infrastructure as Code & Orchestration:**
+    *   Leveraged **Ansible** extensively for automated configuration management and orchestration across a heterogeneous environment, ensuring consistency and reducing manual effort in managing diverse operating systems (Debian, Arch Linux, Windows), hardware configurations, and software libraries.
+
+*   **Containerization & Kubernetes Migration:**
+    *   Spearheaded the migration of numerous internal services (including web applications, databases, and research tools) from traditional VMs and bare-metal deployments to a **Kubernetes (K3S)** cluster. This enhanced scalability, resilience, and resource utilization.
+    *   Implemented **Longhorn** for persistent, distributed block storage within the Kubernetes cluster.
+
+*   **DevOps & GitOps Implementation:**
+    *   Established a modern DevOps workflow centered around a self-hosted **GitLab** instance, utilizing **GitLab CI** for automated testing and container building.
+    *   Implemented **Argo CD** for GitOps-based continuous deployment to the Kubernetes cluster, ensuring declarative state management and automated synchronization.
+    *   Managed sensitive information using **Sealed Secrets** for secure secret handling within the GitOps workflow.
+
+*   **Networking & Security:**
+    *   Configured **Traefik** as the primary reverse proxy and ingress controller for the Kubernetes cluster, automating routing, service discovery, and TLS certificate management.
+    *   Implemented and managed a **WireGuard** VPN server to provide secure remote access for chair members to internal resources.
+
+*   **ML Workflow Optimization:**
+    *   Re-architected the execution environment for machine learning experiments. Transitioned from managing dependencies directly on workstations or via a less reliable SLURM setup to a containerized approach using **Docker**.
+    *   Utilized the self-hosted **GitLab Container Registry** for storing ML environment images and integrated **Weights & Biases (WandB)** for robust experiment tracking, visualization, and collaboration, significantly improving reproducibility and simplifying resource management on high-performance workstations.
+
+---
+
+**Outcomes & Philosophy:**
+
+This hands-on role provided deep practical experience in modern system administration, networking, Infrastructure as Code (IaC), and cloud-native technologies within an academic research setting. It fostered my preference for minimalist, reproducible, and microservice-oriented architectures. These principles and skills are actively applied in my personal projects, including the self-hosting and management of this website and various other containerized services.
+
+A more comprehensive list of the technologies I work with can be found on the [About Me](/about/) page.