Services & Stack

A standard infrastructure stack, managed end-to-end and customised to your workload. We use the same core tooling across every cluster, but the configuration, sizing, and additional services are tailored to what you actually run.

Infrastructure Stack

Every cluster is built from these core components, configured and customised to your workload. This is the baseline. During planning, we add whatever else your workload requires. Open-source throughout, no vendor lock-in. If you leave, you take the whole setup with you.

Traffic In
Networking & Ingress

Requests routed through Cilium's eBPF dataplane. Sub-millisecond inter-node latency across a dedicated fibre network, network policies enforced by default.

Cilium CNI cert-manager External DNS Cilium Network Policies
Orchestration
Kubernetes on Bare Metal

Workloads scheduled across dedicated bare-metal nodes via RKE2, connected by a dedicated fibre network with NVMe storage on every node. Works with your existing CI/CD and deployment tooling. KEDA handles event-driven autoscaling: scaling pods based on queue depth, request rate, or any Prometheus metric, not just CPU.

RKE2 Dedicated Fibre Network NVMe Helm KEDA
Compute & State
Managed Stateful Services

Databases, caches, and message brokers deployed and managed as part of the cluster. HA configurations, connection pooling, automated snapshots to offsite EU-based S3. If it runs on Kubernetes, we can operate it. The list below is what we see most often.

PostgreSQL (StackGres) MySQL Valkey / Redis Kafka RabbitMQ Elasticsearch ClickHouse MongoDB + anything your workload needs
Persistence
Storage

Replicated block storage, local NVMe, and S3-compatible object storage on dedicated drives. Configured per workload: large slow storage or fast NVMe, encrypted at rest.

OpenEBS Mayastor ZFS LocalPV MinIO / Garage / Ceph JuiceFS
Observability
Metrics, Logs, Traces

Every layer instrumented. Metrics collected by Prometheus, logs aggregated by Loki, traces via OpenTelemetry and Tempo. Alerts mirrored to your chat platform or alerting system with a 2-hour incident response SLA.

Prometheus Grafana Loki Tempo OpenTelemetry Alertmanager Beyla eBPF
Security & Connectivity
Encryption, Identity, Access

WireGuard encryption between nodes, SSO via Keycloak, intrusion detection via CrowdSec. Mesh VPN and site-to-site tunnels for hybrid connectivity.

Keycloak CrowdSec WireGuard Headscale Tailscale
CI/CD
Build & Ship

Container registry, Git forges, and CI runners, all on your own infrastructure. Firecracker microVMs for fast, isolated build environments.

Harbor Forgejo GitLab GitHub Actions Forgejo Actions GitLab CI Firecracker
Backup & Recovery
Recover

Cluster-level snapshots, file-level backups, and database point-in-time recovery. Offsite replication to geographically separate EU storage on independent providers. Retention: hourly, daily, weekly, monthly.

Velero Restic PostgreSQL WAL Streaming Point-in-Time Recovery

Support & Operational Model

SRE Allocation

2 dedicated SRE days per €5,000/month. No separate consulting fee. SRE time is built into the same flat monthly price as your hardware and management.

Incident Response

2-hour response SLA for infrastructure incidents. We carry the pager for the full stack. If Kubernetes, PostgreSQL, Kafka, networking, or storage breaks, we fix it, day or night.

Communication

Direct chat (Slack, Teams, whatever you use) for day-to-day communication. Optional shared task board for tracking work. Monthly infrastructure review call. No ticket portals, no chatbots.

How We Run Migrations

We've migrated workloads off AWS, GCP, and other managed providers. The specifics change, but we follow the same general structure every time. See real examples in our case studies: PrepBusiness (45-day migration) and Futurepump (Google Cloud to bare metal).

  1. Cluster Design

    We audit your current infrastructure, map your workloads, and design a target cluster topology. You approve the design before we order hardware.

  2. Provisioning (4–6 weeks)

    Hardware procurement, burn-in, and rack installation at the data centre. Kubernetes cluster bootstrap, networking, storage, and observability stack deployment. Full CI/CD pipeline setup.

  3. Migration Execution

    Dry runs until the process is nailed down, then the real cutover. We have automated tooling for migrating out of RDS, Supabase, and other managed providers. Your existing infrastructure stays live until everyone is confident.

  4. De-Risked Billing

    No setup fee. Monthly billing starts when your workloads are running. For larger clusters, we may invoice the first few months in advance to cover hardware procurement.

Ready to talk?

Reach out on Slack or book a call — we'll talk through your setup, answer your questions, and figure out whether this is a good fit.

Calculate savings Talk to us