Swill Cheng

Istio & Traffic Management

• Architected multi-version deployment strategies using Istio Service Mesh to support canary releases and A/B testing.
• Implemented traffic-tinting and "swimlane" isolation to enable end-to-end testing in shared clusters.
• Configured VirtualServices and DestinationRules to automate traffic shifting and enhance environment resilience.

GitOps Migration (FluxCD → ArgoCD)

• Led the organizational migration from FluxCD to ArgoCD, standardizing GitOps workflows across multiple Kubernetes clusters.
• Deployed the "App-of-Apps" pattern and ApplicationSets to manage microservices and CRD lifecycles at scale.
• Integrated ArgoCD with CI/CD pipelines to ensure automated drift detection and self-healing for infrastructure manifests.

• Built GCP infrastructure and established observability platform (logging, metrics, distributed tracing) with Prometheus and Grafana for the new Traze environment.
• Optimized ArgoCD / Kafka / GitLab CI deployment pipelines.
• Took over DevSecOps responsibilities, integrating security practices into CI/CD pipelines.

• Transformed GCP flow logs and HTTP load balancer logs into Prometheus metrics; configured Grafana dashboards for traffic pattern analysis.
• Redesigned Prometheus alerting at the service level and integrated with PagerDuty for improved incident response.
• Designed PVC migration strategy from multi-AZ to single-AZ in GKE, reducing cross-zone traffic costs.
• Utilized GKE Metering with BigQuery and Grafana for service-level cost allocation dashboards.
• Redesigned GitLab Runner architecture using Helm and Spot VM node pools to reduce infrastructure costs.

DevOps Platform (0 → 1)

• Built enterprise-level DevOps platform using Jenkins + ArgoCD, supporting 100+ developers.
• Established artifact repository (Artifactory) and GitHub Flow standards for complete code-to-artifact lifecycle management.
• Integrated Sonar code quality checks and X-ray vulnerability scanning, implementing DevSecOps security framework.
• Implemented GitOps principles achieving Infrastructure-as-Code and Pipeline-as-Code.

Alibaba Cloud Infrastructure (0 → 1)

• Led Alibaba Cloud architecture design and implementation, managing multi-million annual cloud resource costs.
• Implemented IaC using Terraform for ECS / ACK / RDS / SLB / SLS / MySQL / Redis / OSS.
• Built cloud security framework with SSO authentication and AK/RAM minimal privilege management.
• Designed hybrid cloud architecture with dedicated line network integration; optimized costs through reserved instances and storage optimization.

Observability & Microservice Governance (SRE)

• Managed hybrid cloud Kubernetes clusters (100+ nodes) for cross-environment container orchestration.
• Built observability platform integrating Prometheus / Grafana for metrics and SLS for log collection; established end-to-end tracing with OpenTelemetry.
• Led microservice architecture upgrade (Eureka → Nacos), achieving 90% containerization rate.

Platform Development & Engineering Efficiency

• Developed Kubernetes admission controller (Go) for automatic Java Agent injection and Jenkins Pipeline controller using Operator SDK.
• Built alert bus system (Java) integrating Prometheus and Jenkins alerts.

• Led Kubernetes-native service discovery implementation replacing Eureka; developed service discovery server in Go with K8s API-server watch mechanism.
• Led containerization transformation, creating Helm charts and standardizing deployment processes.