Skip to main content
mfen.de
Platform Engineering

About

I’m Marcus Fenner, a cloud / platform architect based in Dresden. I build platform foundations (paved paths, identity, delivery automation) that teams can run without me.

This blog is a collection of practical patterns and implementation notes from real projects. No client identifiers, no sensitive details—just the parts that generalize.

What I do

  • Enable delivery teams: build the “developer surface area” (docs, templates, examples, guardrails) and take time to explain the why.
  • Identity and access: federation (SAML/OIDC where applicable), cloud IAM, least-privilege design, and policy-driven controls.
  • Kubernetes delivery and operations: production readiness, rollout safety, baseline observability, and security posture improvements.
  • Automation and governance: repeatable environments, infrastructure-as-code, drift control, and change discipline that doesn’t block shipping.

Where I work

I’m comfortable across on-prem, hybrid, and cloud environments.

  • GCP is my home turf.
  • AWS is a close second with deep production experience.
  • Azure shows up when projects require it.
  • I’ve also touched IBM Cloud (enough to navigate it, not enough to claim it as a specialty).

What you’ll find here

  • Small “golden path” designs that teams can actually adopt
  • Identity patterns: boundaries, federation, and permissions you can reason about
  • Kubernetes patterns: Gateway API / ingress, workload isolation, and operational readiness
  • CI/CD patterns: safe, fast, and developer-friendly pipelines
  • Security-by-default patterns: guardrails, verification/signing where it reduces operational risk
  • Documentation patterns: the stuff that keeps working after handover

Tooling I work with

  • Cloud & platforms: GCP, AWS, Azure; plus on-prem virtualization and Linux-heavy setups when needed
  • IaC: Terraform / OpenTofu; AWS CDK; Bicep
  • Config management: Ansible (from the on-prem days; still valuable when you need it)
  • Containers: Kubernetes, Helm, and GitOps-style delivery when it’s the right trade-off
  • CI/CD: GitHub Actions, GitLab CI, and whatever the project already standardized on
  • Secrets & crypto: Vault and cloud KMS services
  • Observability: CloudWatch (strong); Prometheus, OpenTelemetry, Grafana; Google’s observability stack is the one I still find less intuitive

How I work

  • Start from constraints: security posture, data handling, uptime targets, and team maturity.
  • Prefer designs that keep maintenance lower—sometimes boring, sometimes clever, always explainable.
  • Optimize for enablement: clear docs, runnable examples, and building blocks teams can own.
  • Reduce surprises: make failure modes visible and recovery steps obvious.
  • Measure impact by reduced toil, faster delivery, and systems that keep running after handover.

Contact

If you’d like to connect professionally, find me on LinkedIn .

A short personal note lives at /about/personal/ .