Principal Engineer @ Southern Cross

Prageesha
Galagedara

@prageesha · Principal Engineer @ Southern Cross

Google and AWS certified engineer with 11+ years building production-grade Kubernetes platforms — OpenShift, GKE, ARO. Currently Principal Engineer at Southern Cross, Auckland.

View Projects ↓ Download CV
scroll

// about

Building Platforms
That Scale Quietly

I'm a Google Certified Professional Cloud Architect with 11+ years of experience in cloud computing and software development.

My work spans production-grade Kubernetes platforms — Red Hat OpenShift, GKE, and Azure Red Hat OpenShift — for 7+ years. I provide technical solutions for clients migrating workloads to cloud technologies, and have implemented and maintained GCP, AWS, and Azure infrastructure at scale.

I believe the best infrastructure is invisible: it just works, scales when it needs to, and never wakes anyone up at 3am.

11+
Years Experience
7+
Years Kubernetes
3
Cloud Platforms
2
Certifications
prageesha.sh
$ whoami
prageesha_galagedara
$ cat skills.txt
▸ kubernetes, openshift, argocd,
  terraform, gcp, aws, azure,
  istio, kafka, helm, gitops
$ cat location.txt
Auckland, New Zealand
$ echo $STATUS
Principal Engineer @ Southern Cross ●
$ _

// projects

What I've Built

Platform engineering work spanning cloud-native infrastructure, API management, and developer tooling.

Featured
01 /
Enterprise OpenShift Platform Engineering
Architected and operated production-grade Red Hat OpenShift platforms across large-scale financial, telco, and insurance enterprises. Designed active-active multi-cluster topologies with dedicated nonprod, UAT, and production tiers hosting hundreds of microservices. Delivered full platform lifecycle ownership — greenfield cluster builds, in-place version upgrades with zero-downtime rollout strategies, CIS security hardening, certificate lifecycle management, network policy enforcement, and RBAC governance at scale. Established platform operating models and self-service onboarding frameworks that enabled product squads to deploy independently without platform team bottlenecks.
OpenShiftKubernetesRHELMulti-ClusterRBACNetwork PolicyTLSHelmGitOps
02 /
Service Mesh & API Gateway Architecture
Designed and operated enterprise service mesh using Istio across production OpenShift environments — managing mTLS enforcement, traffic routing, VirtualService and DestinationRule configuration, circuit breaking, and fault injection across hundreds of service-to-service interactions. Implemented 3scale as the centralised API gateway integrated with Istio via APIcast, enforcing OIDC authentication through Azure Entra ID, rate limiting, and API product lifecycle management. Automated the full 3scale configuration lifecycle using Helm-based Kubernetes CRs and Tekton CI/CD pipelines.
IstioEnvoymTLS3scaleAPIcastOIDCEntra IDTektonHelm
03 /
GitOps Platform Automation with ArgoCD
Implemented GitOps as the single source of truth for all cluster configuration and application delivery across nonprod and production OpenShift environments. Designed multi-team ArgoCD architecture with AppProjects, sync waves, and RBAC to allow independent squad deployments without cluster drift. Built ADO and GitHub Actions pipelines automating Helm chart promotion across environments, integrating Azure Key Vault via External Secrets Operator for secrets management and ACR for container image governance.
ArgoCDGitOpsHelmAzure DevOpsGitHub ActionsKey VaultESOACRTerraform
04 /
Kafka Event Streaming Platform
Deployed and operated active-active Kafka clusters across multiple Azure regions using Strimzi/AMQ Streams on OpenShift. Designed cross-region replication topology, TLS mutual authentication, consumer group management, and topic governance for high-throughput event streaming across production workloads. Built a custom resilience health checker to validate inter-region replication lag and trigger automated alerting on degraded replication state.
KafkaStrimziAMQ StreamsTLSAROAzureHelmPrometheus
05 /
Cloud Infrastructure on GCP & AWS
Consulted enterprise clients on cloud migration strategies to GCP, designing and deploying Google Kubernetes Engine clusters with Terraform-managed infrastructure. Implemented Prometheus and Grafana monitoring stacks and configured Stackdriver for cloud-native observability. At 2degrees, designed and maintained AWS infrastructure using CloudFormation, Jenkins CI/CD pipelines, and Splunk for log aggregation — supporting Drupal workloads on Acquia Cloud.
GCPGKEAWSTerraformPrometheusGrafanaStackdriverCloudFormationJenkinsSplunk
06 /
Observability & Platform Monitoring
Designed and owned full observability stacks across multiple enterprise environments spanning a decade of platform work. Built Prometheus, Alertmanager, and Grafana monitoring solutions from scratch on OpenShift and GKE — including custom SLO dashboards, capacity planning metrics, and multi-cluster federation. Integrated Splunk and Dynatrace for APM and log analytics. At DBS Bank, built the bank's first containerised monitoring stack using ELK alongside Prometheus for the OpenShift PAAS platform.
PrometheusAlertmanagerGrafanaSplunkDynatraceELKStackdriverOpenShiftGKE

// skills

Tech Stack

The tools and platforms I work with day to day.

Platform & Cloud

Kubernetes / OpenShift90%
GCP85%
Azure / ARO85%
AWS80%
Docker88%

GitOps & CI/CD

ArgoCD / GitOps88%
Helm85%
Terraform80%
Azure DevOps85%
Jenkins75%

Networking & Observability

Istio / Service Mesh82%
Prometheus / Grafana82%
Splunk / Dynatrace78%
Kafka / Strimzi75%
Bash / Python80%

// certified

Cloud Certified

Google Cloud
November 2019
Google Cloud Certified
Professional Cloud Architect
AWS
January 2021
AWS Certified Solutions
Architect – Associate

// experience

Where I've Worked

Dec 2023 — Present Auckland, NZ current

Principal Engineer

Southern Cross

  • Managing two active-active production OpenShift clusters and separate nonprod/prod cluster environments
  • Leading the platform engineering team across all OpenShift operations and tooling
  • Managing 3scale API Management platform for API gateway, security, and developer portal
  • Operating and maintaining Istio service mesh across production workloads
  • Running Kafka clusters for event streaming and maintaining Strimzi-based AMQ Streams
  • Driving GitOps automation using ArgoCD for cluster config and application delivery
  • Owning full observability stack with Prometheus, Alertmanager, and Grafana
  • Managing Azure resources and integrations supporting the OpenShift platform
OpenShiftAROAzure3scaleIstio KafkaStrimziArgoCDPrometheusGrafanaKubernetes
Apr 2022 — Dec 2023 Auckland, NZ

DevOps Tools & Automation Engineer

One NZ

  • Setup and configured Red Hat OpenShift environments (Infra, Nonprod, Prod)
  • Developed IaC using Terraform for reproducible Azure cloud environments
  • Implemented CI/CD pipelines using Azure DevOps
  • Monitored ARO clusters with Prometheus, Grafana, Dynatrace and Splunk
  • Maintained ARO cluster configurations via GitOps using ArgoCD
AzureAROKubernetesTerraform ArgoCDGitOpsSplunkDynatraceADO
May 2020 — Apr 2022 Auckland, NZ

Senior Cloud Engineer

2degrees Mobile

  • Deployed Drupal apps to Acquia Cloud environment
  • Designed, implemented and maintained AWS infrastructure and services
  • Configured Splunk for monitoring; deployed apps via Jenkins and CloudFormation
AWSAcquia CloudDrupalJenkins CloudFormationDockerSplunk
Jan 2019 — Dec 2019 Singapore

DevOps Engineer

Techolution Pvt Ltd

  • Consulted clients on migrating workloads to Google Cloud Platform
  • Designed and deployed Google Kubernetes Engine clusters on GCP
  • Designed, implemented and maintained AWS infrastructure and services
  • Wrote Terraform code to deploy and manage GKE resources
  • Deployed Prometheus and Grafana to monitor GKE clusters
  • Configured Stackdriver for cloud monitoring and logging
  • Deployed applications to Kubernetes using Jenkins and Helm
GCPGKEAWSTerraformKubernetes PrometheusGrafanaStackdriverJenkinsHelm
Mar 2016 — Dec 2018 Singapore

Cloud Engineer

DBS Bank Ltd

  • Designed and architected four clusters of the bank's PAAS (Red Hat OpenShift Container Platform)
  • Installed, configured and maintained the OpenShift platform; guided app teams on deploying workloads to PAAS
  • Applied hands-on expertise in DevOps, automation, build engineering and configuration management
  • Developed scripts for builds, deployments and maintenance tasks using Bash and Docker
  • Built a full monitoring solution for infrastructure services using Prometheus, Alertmanager, Grafana and ELK stack
  • Developed an internal web application using Laravel framework to track platform users
OpenShiftPAASKubernetesDocker PrometheusAlertmanagerGrafanaELK BashLaravelPHPVMwareRHEL
Sep 2015 — Dec 2015 Dubai, UAE

IT Programmer

Falconcity of Wonders LLC

  • Planned, designed, developed and maintained web applications
  • Developed the customer service portal managing 500+ villas and its contents
PHPLaravelMySQLApache jQueryAngular JSJavaScriptCSS
Mar 2013 — Aug 2015 Sri Lanka

Software Engineer

Thinkcube Systems (Pvt) Ltd

  • Led development of LMS for Dialog Axiata (largest telco in Sri Lanka)
  • Designed and developed corporate LMS and internal HR system
  • Managed and mentored other software engineering staff
  • Software design, prototyping, coding, unit testing, and documentation
PHPLaravelZend FrameworkMongoDB MySQLDockerNode.jsAngular JS
Jul 2012 — Mar 2013 Sri Lanka

Software Engineer

SP Solutions (Pvt) Ltd

  • Designed, developed and maintained web applications
  • Designed and developed internal invoice generating system
  • Maintained and troubleshot errors in existing applications
PHPMySQLPostgreSQLjQuery JavaScriptCSSXMLJSON
May 2012 — Jul 2012 Sri Lanka

PHP Developer

Zihina Creations (Pvt) Ltd

  • Designed and developed e-marketing web application
  • Bug fixing in existing web applications
PHPHTMLCSSjQueryJavaScript

// blog

Writing & Thinking

Notes on platform engineering, cloud-native systems, and lessons from production.

GitOps

Building a Multi-Team GitOps Operating Model on OpenShift

How we structured namespace strategy, RBAC, and ArgoCD sync waves to let 10 squads deploy independently without stepping on each other.

Coming soon · 8 min read

Service Mesh

Istio Debugging: When Redis Failover Takes Down Your Entire Mesh

A deep-dive into a production incident where an Azure Redis Cache failover overwhelmed Istio Pilot's XDS push queue and how we recovered.

Coming soon · 10 min read

API Management

3scale on OpenShift: A GitOps-First Approach

How to manage 3scale Products, Backends, and ApplicationPlans as Kubernetes CRs with Helm and ArgoCD sync wave ordering.

Coming soon · 12 min read

Kafka

Active-Active Kafka Across Two Azure Regions with Strimzi

Lessons from running AMQ Streams in Australia East and Southeast Asia — topology, TLS, and building a resilience health checker from scratch.

Coming soon · 9 min read

// contact

Let's Build
Something Together

Open to DevOps and cloud engineering roles, platform consulting, and infrastructure conversations. Based in Auckland, NZ.

Currently @ Southern Cross · Open to connect
[email protected]
linkedin.com/in/prageesha
blog.prageesha.com
📚 shelfie.prageesha.com
Download CV (PDF)