← Back to overview
Scentbird
Scentbird
Fragrance subscription platform · Lead SRE · 2019–2022 & 2025–present
700K+
Subscribers
40+
Microservices
5+
Years total
The Story
How it started (2019): I joined Scentbird as a Frontend Engineer — React.js, Node.js SSR, performance work. But from day one I could see the pain in code delivery. The company was growing fast and preached DevOps culture, yet there was no one who truly owned CI, infrastructure administration, or deployment pipelines. Jenkins was the CI — brittle, hard to configure, and opaque. Deployments ran through AWS Elastic Beanstalk: slow, nearly black-box releases with equally slow rollbacks. Every deploy was a gamble.
The experiments: In my free time between frontend tasks, I picked up a few infrastructure problems on my own initiative — just to see if I could solve them. I spun up the company's first Kubernetes cluster, migrated several services onto it, and wired up GitLab CI for transparent, fast deployments — then demoed the whole thing to the team. I also cracked a problem that had been unsolved for years: proper CORS configuration on S3 so we could drop the extra proxy that sat between users and S3 just to handle CORS headers. On top of that, I audited running infrastructure, shut down unused servers, and cut costs.
The transition: The results spoke for themselves — both sides won. I got a massive scope of new, genuinely interesting work; the business got someone who was solving long-standing problems fast. Within 4 months I fully transitioned from Frontend to SRE — the first SRE position the company ever had. Over the next 3 years I grew from SRE to Lead SRE, built out the entire infrastructure platform, and eventually hired and mentored my replacement before leaving.
Why I left (2022): After growing from SRE to Lead SRE, I reached a ceiling in infrastructure administration. Scentbird didn't have room for me to design backend systems from scratch — so I left to do exactly that at Azuro.
Why I returned (2025): Azuro and I parted ways as our interests diverged. Scentbird welcomed me back — this time with a broader mandate and a stronger SRE culture to build.
Infrastructure
Core Platform
  • 40+ microservices on Kubernetes (EKS) + AWS. Services written in Java (Spring Boot / Micronaut) and TypeScript (Node.js). GraalVM Native Images used to reduce startup time and memory footprint.
  • Terraform IaC — entire AWS infrastructure as code. Modular design, remote state, GitOps pipelines.
  • Karpenter for node auto-provisioning — replaced Cluster Autoscaler for better cost efficiency and spot/on-demand mix.
  • Helm charts authored for all microservices, umbrella charts for environment consistency.
  • ArgoCD GitOps — all infra and service deployments via app-of-apps pattern.
  • Argo Rollouts — canary deployments with automated analysis and rollback for critical services.
  • Argo Workflows — replaced CronJobs for flexible scheduled workloads.
  • GitLab CI (self-hosted) — administered self-hosted runners, designed pipelines.
  • Custom deploy tooling — internal tools to manage blue/green and canary deployments across 40+ services.
Observability
  • Prometheus + Grafana + Loki + Tempo — full self-hosted observability stack. Metrics (direct scrape + OTLP), logs, and distributed traces in one place.
  • OpenTelemetry — instrumented services and deployed collector pipelines. Replaced NewRelic APM with self-hosted Grafana Stack.
  • SLI/SLO framework — introduced SRE culture: defined service-level indicators, set SLOs, established error budgets, calculated outage cost.
  • Sentry (self-hosted) — deployed on docker-compose then K8s. Survived every painful upgrade cycle.
Databases
  • PostgreSQL → Aurora — migrated from self-managed Postgres to Aurora. Tuned parameters, configured vacuums, set up read-only replicas, implemented table partitioning for query optimisation. Used pg_stat_statements + PgHero for index recommendations.
  • MongoDB → DocumentDB — migrated MongoDB workloads to AWS DocumentDB with compatibility testing.
  • Redis — caching, distributed locks, pub/sub, rate limiting.
  • Qdrant — deployed vector database for LLM-era search use cases.
Messaging
  • RabbitMQ & Kafka / Redpanda — deployed and configured for async processing and event streaming.
Security
  • Cloudflare — WAF, DDoS protection, Workers, Zero Trust access.
  • HashiCorp Vault — deployed and administered. vault-secrets-operator for K8s Secret mapping; vault-secrets-webhook for automatic CLI injection at runtime.
  • OIDC / Keycloak → Okta — introduced Keycloak, then migrated to Okta as the organisation scaled.
  • SAST / DAST / container scanning — integrated into CI/CD. Dependency analysis, secrets detection.
  • VPN — OpenVPN, Outline, VLESS (gRPC) for engineers in restricted countries. Split-tunnel by traffic.
Analytics Stack
  • Set up, configured, and administered the full analytics platform: Airflow (pipeline orchestration), Airbyte (ELT), Snowflake (data warehouse), RudderStack (CDP / event streaming), dbt (transformations).
Feature Flags
  • Unleash and GrowthBook — deployed and configured for feature toggles and A/B testing.
Tech Stack at Scentbird
Kubernetes AWS EKS Terraform Karpenter Helm ArgoCD Argo Rollouts GitLab CI Prometheus Grafana Stack OpenTelemetry Vault Cloudflare PostgreSQL / Aurora Redis MongoDB → DocumentDB Kafka / Redpanda Qdrant Airflow Snowflake GraalVM Java Spring Boot Node.js TypeScript