Adam Kierat avatar
deploy.sh — portfolio
Available for new challenges

Adam Kierat

I build the infrastructure that never makes the headlines.
Tech Lead / Cloud Architecture / Platform Engineering

90+ Services in Production
~30% Cloud Cost Reduction
<8min Mean Time to Recovery
scroll
// about

From zero infra to 90+ services
in under three years

Adam Kierat

I took Beesafe from zero infrastructure to 90+ production microservices on AKS — and now own every technical decision from network topology to deployment strategy.

As Infrastructure Tech Lead, I architected the entire cloud platform from scratch: Kubernetes clusters, GitOps pipelines, full observability stack, and zero-trust security. The result? ~30% cloud cost reduction, 15+ daily automated deploys, and a platform that lets development teams ship without opening infrastructure tickets.

My path: Linux administration at Kyndryl, cloud migration at ING, then building everything from the ground up at Beesafe. Each step was about going deeper into platform ownership.

cat ~/.config/adam.yaml 
name: Adam Kierat
role: Infrastructure Tech Lead
location: Gliwice, Poland
education:
  degree: BSc Computer Science
  university: Silesian University of Technology
languages:
  - Polish # native
  - English # C1
interests:
  - Cloud Architecture
  - Platform Engineering
  - Infrastructure Automation
status: operational # 99.9% uptime
// impact

Numbers That Matter
Quantified results from production

0 Services in Production 90+ microservices + Guidewire insurance platform on Azure
0 Cloud Cost Reduction Azure spend optimized through spot instances & right-sizing
0 Automated Deployments From weekly manual releases to continuous delivery
0 Platform Uptime High availability across all production environments
0 Mean Time to Recovery Incident response with automated runbooks & monitoring
0 Security Incidents Zero-trust architecture with WAF, Vault, and network policies

Credentials

Kubernetes
Terraform
Azure
Linux
GitOps
// experience

git log
--oneline --graph

a3f8c2d Sep 2022 — Present

Infrastructure Tech Lead @ Beesafe

📍 Warszawa (remote from Gliwice) HEAD

Promoted from DevOps Engineer to Tech Lead. As sole infrastructure engineer, architected the entire cloud platform from zero — now serving 90+ production microservices and the Guidewire insurance platform across Azure.

Changes:
  • + Architected the entire cloud platform from zero — AKS clusters, GitOps pipelines (ArgoCD + GitHub Actions), observability stack (Prometheus, Mimir, Grafana, Loki), and secrets management (Vault)
  • + Own all technical decisions across infrastructure, security, and deployment strategy, establishing engineering standards adopted by all development teams
  • + Reduced Azure cloud spend by ~30% through spot instance strategies, reserved capacity, and resource right-sizing
  • + Designed zero-trust security architecture with Cloudflare WAF, K8s network segmentation, and Vault — zero security incidents since implementation
  • + Increased deployment frequency from weekly manual releases to 15+ automated deploys/day via ArgoCD and Terraform
AzureAKSKubernetesHelmArgoCDTerraformGitHub ActionsPrometheusGrafanaLokiVaultCloudflareDocker
7b2e1f9 May 2022 — Sep 2022

Junior DevOps Engineer @ ING Hubs Poland

📍 Katowice

Managed production, staging, and development environments across enterprise middleware. Led migration of customer applications from on-premise to ING Private Cloud. Transitioned to Beesafe to architect a greenfield cloud platform.

Changes:
  • + Managed production, staging, and development environments running enterprise Java middleware (IBM WebSphere, JBoss, WebLogic, Apache Tomcat)
  • + Led migration of customer applications from on-premise infrastructure to ING Private Cloud, ensuring zero-downtime transitions
  • + Built and maintained CI/CD pipelines in Azure Pipelines for automated build, test, and deployment workflows
Azure PipelinesIBM WebSphereJBossWebLogicTomcatNginx
e5d4a8c Jun 2021 — Apr 2022

Junior Linux Administrator @ Kyndryl

📍 Wrocław

Administered Red Hat Enterprise Linux systems in production environments, progressing from L2 to L3 support through demonstrated expertise.

Changes:
  • + Administered Red Hat Enterprise Linux systems in production environments, progressing from L2 to L3 support
  • + Developed automation scripts in Bash for disk management, LVM provisioning, network configuration, and service monitoring
  • + Resolved complex system issues involving file systems, VLAN configuration, package management, and process control
RHELBashLVMNetworkingVLAN
// production challenges

Production Challenges
Real incidents, details anonymized

Timeline

14:32 UTC PagerDuty alert: 90% of compute fleet unavailable
14:35 UTC Identified all spot instances reclaimed simultaneously in eu-west-1a
14:41 UTC Triggered on-demand fallback, began redistributing across AZs
14:55 UTC Full capacity restored, all services healthy

Root Cause

Entire spot fleet was provisioned in a single availability zone (eu-west-1a). AWS reclaimed all spot capacity in that AZ during a regional demand spike, causing simultaneous termination of all instances.

Resolution

Implemented multi-AZ spread constraints in ASG configuration. Added on-demand base capacity (20%) as fallback. Deployed capacity rebalancing with mixed instance policies across 3+ instance families.

23min MTTR
12 Affected Services

Lessons Learned

  • Never concentrate spot capacity in a single AZ — diversify across at least 3
  • Maintain an on-demand baseline for critical workloads
  • Spot interruption notices (2min) are not enough time for graceful failover without pre-provisioned capacity

Timeline

06:00 UTC Began dual-write phase: Prometheus → Mimir + existing TSDB
08:30 UTC Validated query parity across 47 critical dashboards
12:00 UTC Cutover read path to Mimir, Prometheus demoted to write-only
18:00 UTC Full migration complete, Prometheus decommissioned

Root Cause

Self-hosted Prometheus hitting vertical scaling limits at 2M+ active time series. Single-node architecture created a SPOF for all observability. Needed horizontal scalability and long-term storage.

Resolution

Deployed Grafana Mimir in microservices mode with S3 backend. Used dual-write strategy during migration to ensure zero data loss. Implemented recording rules to reduce cardinality by 35%.

0min MTTR
0 Affected Services

Lessons Learned

  • Dual-write migrations eliminate the 'big bang' cutover risk
  • Always validate dashboard query parity before switching read paths
  • Recording rules should be implemented proactively, not as a migration afterthought

Timeline

09:17 UTC Multiple services report 403 Forbidden from upstream APIs
09:19 UTC Correlated with Cloudflare WAF rule deployment 4min prior
09:22 UTC Identified overly aggressive rate limiting rule blocking internal service mesh traffic
09:28 UTC Rolled back WAF rule, services recovered immediately

Root Cause

A new Cloudflare WAF rate limiting rule was deployed without exemptions for internal service-to-service traffic. The rule's threshold was set too low, treating legitimate internal API calls as abuse.

Resolution

Built a WAF rule testing pipeline that validates rules against recorded production traffic patterns before deployment. Implemented canary deployments for security policies — new rules deploy to 5% of traffic first with automated rollback on error rate spikes.

11min MTTR
8 Affected Services

Lessons Learned

  • Security policies need the same CI/CD rigor as application code
  • Internal service traffic must be explicitly allowlisted in WAF rules
  • Canary deployments aren't just for apps — security policies benefit equally
// projects

terraform plan
Infrastructure I've Built

terraform plan — main.tf

Terraform will perform the following actions:

+ resource "platform" "beesafe_platform" running
+ name = "Beesafe Cloud Platform"
+ description = "Complete cloud platform built from zero as sole infrastructure engineer: AKS clusters, GitOps pipelines, full observability stack, zero-trust security, and CI/CD automation serving 90+ production microservices."
+ tech_stack = ["AKS", "ArgoCD", "Terraform", "Prometheus", "Mimir", "Grafana", "Vault", "Cloudflare"]
+ url = "/case-study"
+ resource "open-source" "portfolio_site" running
+ name = "This Portfolio Site"
+ description = "Static portfolio built with Astro, GSAP animations, interactive terminal, particle network, and deployed on Cloudflare Pages. 47KB JS gzipped, Lighthouse 95+."
+ tech_stack = ["Astro", "GSAP", "Cloudflare Pages", "Vanilla CSS", "TypeScript"]
+ url = "https://github.com/akierat/portfolio"
+ resource "infrastructure" "monitoring_stack" running
+ name = "Observability Platform"
+ description = "Full observability stack processing millions of time series daily: Prometheus for collection, Mimir for long-term storage, Loki for logs, Fluent Bit for forwarding, Grafana for dashboards and alerting."
+ tech_stack = ["Prometheus", "Grafana Mimir", "Loki", "Fluent Bit", "Grafana"]
+ resource "automation" "cicd_pipelines" running
+ name = "GitOps Deployment System"
+ description = "Fully automated deployment pipeline: GitHub Actions for CI (build, test, security scan), ArgoCD for GitOps CD, enabling 15+ deploys/day from weekly manual releases."
+ tech_stack = ["GitHub Actions", "ArgoCD", "Docker", "Helm", "ACR"]

Plan: 4 to add, 0 to change, 0 to destroy.

// contact

kubectl exec -it
Let's connect

kubectl exec -it adam -- /bin/bash
Welcome to Adam Kierat's terminal.
Type help to see available commands.
 
adam@portfolio:~$

Skip the terminal? Reach me directly:

@
email adam.kierat1@gmail.com
github akierat
in
linkedin /in/adam-kierat
📄
resume Download CV (PDF)