Automation

Efficient IT is created when recurring tasks are standardized, documented, and versioned. I develop environments in which systems, deployments, and configurations are fully reproducible—from bare-metal provisioning to application deployment in Kubernetes clusters. I understand automation as a strategic operating concept that structures technical processes, clearly defines responsibilities, and systematically reduces implicit knowledge.

The focus is not on individual tools, but on a robust overall concept for operation and further development. Clear structures, clean interfaces, and consistent processes ensure that systems remain stable even under change and that decisions can be made in a technically and organizationally comprehensible manner.

The goal is to translate infrastructure and operations into code, playbooks, and workflows—comprehensible, testable, and free of manual sources of error.

Comeli dragon in front of a flowchart – symbolizing Linux automation and infrastructure as code.

Infrastructure as Code (IaC)

Applications are provided in a reproducible manner via container orchestration or declarative tools. I rely on standardized, portable procedures to manage infrastructure and software coherently.

In practice, this approach greatly facilitates collaboration between operations and development. Changes are prepared, reviewed, and versioned in a traceable manner, ensuring that handovers remain clearly defined and environments can be operated consistently across different stages.

  • Automated provisioning of servers and services with Ansible
  • Role-based structuring and reuse of playbooks
  • Integration into Git workflows (versioning, review, CI/CD pipelines)
  • Use of Kubespray for Kubernetes cluster provisioning

Service and application deployment

Applications are deployed in a reproducible manner using container orchestration or declarative tools.

I rely on standardized, portable procedures to manage infrastructure and software coherently.

Clearly defined release structures allow applications to be updated independently of each other. Error effects remain localized, deployments become more transparent, and rollouts can be applied specifically to individual components or environments.

  • Helm charts, Kustomize, Docker Compose
  • CI/CD integration with GitLab or Jenkins
  • Deployment pipelines with automatic validation and rollback mechanisms
  • Multi-stage setups for test, staging, and production environments

Documentation & Reproducibility

Any automation is only as good as its traceability. I record all workflows in Markdown, Bookstack, or Git repositories and document dependencies and parameters in a structured manner.

Clean documentation not only supports ongoing operations but also simplifies onboarding and knowledge transfer. New team members can understand processes more quickly, while existing systems remain maintainable and verifiable in the long term.

  • Automatically generated inventories and variable documentation
  • Integrated Markdown workflows for version tracking
  • Linking playbooks and documentation via Git hooks

Testing, Quality & Security

Honeycomb structure symbolizing testing, quality assurance, and security in IT systems.

Reproducible deployments require clear quality assurance. I use tests, syntax checks, and security audits directly in the deployment process to detect errors early, minimize risks, and roll out changes in a controlled and traceable manner.

  • Ansible Lint, Yamllint, Molecule tests
  • Static code analysis for playbooks and container images
  • OpenSCAP integration for compliance checks
  • Automatic rollback and recovery scripts for critical deployments

CI/CD & GitOps

Diagram with connected steps symbolizing CI/CD pipelines and GitOps workflows.

The lifecycle is consistently mapped in pipelines via build, test, and rollout processes.

I integrate build, test, and rollout processes into end-to-end CI/CD pipelines, controlled via Git and verifiable via versioning.

  • Setting up GitLab CI/CD or Jenkins pipelines
  • Automatic testing, linting, and container builds
  • GitOps workflows for declarative infrastructure changes
  • Rollout strategies (blue-green, canary, progressive delivery)
  • Security controls and secrets handling in pipelines

Integration & Tooling

Laboratory table with tools and equipment symbolizing integration and technical tooling.

Effective automation comes from thoughtful integration—between systems, tools, and teams.

I combine automation with monitoring, notification, and self-service to make technical processes seamless for administrators and developers.

  • Integration of Prometheus, Grafana, and Alertmanager into playbooks
  • Webhook-based automation for events and deployments
  • Use of Vault, Gopass, and SSM Parameter Store for secrets
  • REST/API interfaces for automated control of external systems
  • ChatOps concepts for notifications and status queries

Trainings

You can find specific trainings and current topics in the Comelio GmbH training catalog.
Available in-house at your company, as a webinar, or as an open training—designed to meet different requirements.

View trainings

Frequently asked questions about Automation

In this FAQ, you will find the topics that come up most frequently in consultations and training sessions. Each answer is kept brief and refers to further content where necessary. Can’t find your question? Feel free to contact me.

Comeli dragon leans against a ‘FAQ’ sign and answers questions about Automation.

GitOps or “classic” CI/CD – which offers more benefits?

GitOps keeps the desired state declaratively in Git and synchronizes it to the target environment via a controller. This results in verified, traceable changes with fast rollbacks. Classic CI/CD remains useful for one-time tasks/builds – ongoing operations benefit from the pull/sync approach.

Helm, Kustomize, or Docker Compose?

Compose is ideal for simple, single-stage setups or development. Helm packages complex applications, including templates/values, and is widely used for production. Kustomize complements this as an overlay/environment tool—we often use Helm for the base and Kustomize/Values for variants and stages.

How do I handle secrets securely in automation and pipelines?

No plaintext variables in the repo: store secrets in Vault/Gopass/SSM, use short-lived tokens, and limit access via policies/approvals. In CI/CD: only inject via temporary mount/env, never bake into the artifact; audit logs and regular rotations are part of this.

When is it worthwhile – and when is it not (yet)?

For recurring operational tasks, a standardized, versioned approach is worthwhile. For one-time setups, manual effort is acceptable; with increasing complexity and teamwork, reproducible processes prevail.

How do I ensure that solutions remain maintainable in the long term?

Through clear structure, traceable configurations, and consistent processes. Changes are documented, knowledge is anchored in the team, and dependencies are kept transparent so that systems can be operated and further developed stably over longer periods of time.