Hi, I'm André Bassi

Staff Platform Engineer |

Cloud Native Architect with over 20 years building scalable infrastructure, Kubernetes platforms and AI/LLM systems. Passionate about open source and solving complex challenges in distributed systems.

View Open Source Projects Get in Touch
20+ Years of Experience
3 Open Source Projects
18+ K8s Clusters Created
Most Viewed Articles:
Secure and Isolated Runtime for AI-Generated Code called Runner Codes Setting up a Homelab with Proxmox, Talos Linux and Kubernetes with Cloudflare Tunnel Talos Linux Secure Keycloak with Chainguard Wolfi with Dockerfiles | A Secure and Efficient Approach Kubernetes Security Best Practices Secure and Isolated Runtime for AI-Generated Code called Runner Codes Setting up a Homelab with Proxmox, Talos Linux and Kubernetes with Cloudflare Tunnel Talos Linux Secure Keycloak with Chainguard Wolfi with Dockerfiles | A Secure and Efficient Approach Kubernetes Security Best Practices
Scroll to explore
Projects

Open Source

edgeProxy

High-Performance Distributed TCP Proxy

Geo-aware TCP proxy written in Rust, designed for global edge POPs. Routes connections based on geographic proximity, backend health, load and capacity. Includes SQLite replication with SWIM gossip protocol.

Geo-Aware Routing
490+ Unit Tests
QUIC Replication
Hexagonal Architecture
Rust Tokio SQLite WireGuard QUIC

infra-operator

Kubernetes Operator for AWS Infrastructure

Production-ready Kubernetes operator for managing AWS resources using CRDs. Supports 30 AWS services including VPC, EC2, RDS, EKS, S3 and more. Built with Kubebuilder and Clean Architecture principles.

30 AWS CRDs
Drift Detection
Helm Chart
IRSA Support
Go Kubebuilder AWS SDK v2 Helm

runner.codes

Secure Code Execution with Firecracker microVMs

LLM execution environment running untrusted code in isolated Firecracker microVMs. Hardware-level isolation via KVM with vsock communication. Supports 40+ programming languages with sub-second cold starts.

40+ Languages
~12ms Warm Start
KVM Isolation
Snapshot Support
Go Firecracker KVM vsock
Highlights

edgeProxy - Distributed TCP Proxy in Rust

Distributed TCP proxy written in Rust, designed to operate in global edge POPs. Geo-aware routing, session affinity, SQLite replication with SWIM gossip + QUIC.

GeoIP Routing
TLS Termination
490+ Tests
Hexagonal Architecture
edgeProxy - Overview

edgeProxy - Overview

edgeProxy - Demo

edgeProxy - Demo

View GitHub Documentation
About Me

Building the Future of Cloud Infrastructure

Platform Engineer and Cloud Native Architect with over 20 years of experience in scalable infrastructure, Kubernetes, automation, SRE, DevOps and distributed systems. Deep expertise in multi-cloud (AWS, GCP, Azure, OCI), internal platform creation, architectural standardization, CI/CD pipelines, reliability governance and observability.

Technical leadership in highly complex projects, including LLMs, Generative AI, RAG, autonomous agents and MCP pipelines, focused on performance, cost, security and scalability. Strong experience in Go, Rust, Python, Terraform, Ansible, Istio, IaC, provisioning automation and Service Mesh, plus strategic work in R&D, technical roadmap definition and team mentoring.

Technical Highlights & Experience

Containers & Kubernetes

  • Service deployment with containers (Kubernetes, Docker, Kaniko) in cloud and on-premises
  • Kubernetes cluster management (EKS, GKE, AKS, OCI): provisioning, upgrade, troubleshooting
  • IoT projects with Kubernetes (k3s, k0s), edge-cloud integration
  • Helm 3 templates, deploy parameterization and environment management

Infrastructure as Code

  • Architecture and automation with Terraform and Ansible, reusable modules
  • Multi-cloud environments, private cloud, bare metal and high-performance networks
  • Hybrid environment governance, cost management and optimization
  • Custom providers and provisioning automation

Service Mesh & Networking

  • Service Mesh operation (Istio): mTLS, VirtualServices, Gateways, rate limit
  • APIs and Load Balancers (Kong, Nginx, Istio, Keycloak)
  • Advanced networking: TCP/IP, firewalls, routing, DNS, VPN
  • VPNs (WireGuard, OpenVPN) for cloud and bare metal integration

CI/CD & DevSecOps

  • CI/CD (GitLab, Bitbucket, GitHub Actions, Tekton) for build, test and deploy
  • DevSecOps security: SAST, DAST, IAST, leak scanning, compliance
  • Automated testing for software, infrastructure and security
  • Critical system integration and incident response

Observability

  • Monitoring (Prometheus, Grafana, Datadog, Dynatrace, NewRelic)
  • APM, distributed logging and tracing
  • Scalable and fault-tolerant architecture for high demand
  • Regulated environments and high availability

Leadership & Culture

  • Technical leadership in modernization and digital transformation
  • Documentation, training and DevOps practice standardization
  • Technical roadmap definition and team mentoring
  • DevOps and Cloud Native culture dissemination

Cloud & Platforms

Kubernetes AWS GCP Azure OCI Terraform Istio

Languages

Go Rust Python Node.js Java

AI & LLMs

RAG Pipelines Agentic AI Vertex AI Bedrock MCP
Career

Professional Experience

R&D Specialist

Zaia 2023 - 2025

Architected complete RAG pipelines with embeddings, vectorization and reranking. Developed MCPs and autonomous agents (Agentic AI). LLM deployment and optimization using Vertex AI and Amazon Bedrock.

RAG LLMs Go Vertex AI

Cloud Architect

Builders 2019 - 2023

Architected and operated Kubernetes clusters on EKS, GKE, AKS and OCI. Implemented Istio Service Mesh with mTLS and complex topologies. Led cloud modernization projects and DevOps standardization.

Kubernetes Istio Terraform GitOps

Software Architect

Bradesco 2015 - 2017

Architected mission-critical banking platforms focused on security, performance and compliance. Built CI/CD pipelines with SAST/DAST and led war rooms and root cause analysis for critical incidents.

Banking DevSecOps Microservices

Cloud Architect

eManage Solutions (Canada) 2017

Modernized multi-cloud and hybrid environments with emphasis on security and automation. Built multi-environment CI/CD with Jenkins, Chef and Ansible.

Multi-Cloud IaC CI/CD

Consultant

AndreBassi.com.br 2005 - 2014

Specialized consulting in distributed systems architecture and automation. Built scalable platforms and complex integrations. Led cloud migrations and DevOps/SRE adoption for multiple companies.

Consulting Architecture DevOps
Contact

Let's Build Something Together

If you're looking for a Staff Platform Engineer, need cloud architecture consulting, or want to discuss open source collaboration - I'd love to hear from you.

WhatsApp LinkedIn GitHub