- Cluster provisioning on EKS, GKE, AKS, or self-hosted (kubeadm/k3s)
- Helm chart development and management for application deployments
- Ingress controller setup (Nginx, Traefik) with TLS termination
- cert-manager configuration for Let’s Encrypt and internal CA certificates
- RBAC configuration: roles, role bindings, and service accounts
- Network Policy implementation for pod-to-pod traffic control
- Horizontal Pod Autoscaler and Cluster Autoscaler configuration
- Persistent volume management: storage classes, PVCs, volume snapshots
- Kubernetes upgrade management with zero-downtime node rotation
- GitOps deployment with ArgoCD or Flux for declarative cluster state
Infrastructure
Kubernetes
Kubernetes cluster setup, deployment and management.
Kubernetes is the industry-standard container orchestration platform, but it has a steep learning curve and significant operational overhead when self-managed. Hellenic Technologies manages Kubernetes clusters for clients on EKS (AWS), GKE (Google Cloud), AKS (Azure), and self-hosted clusters on Hetzner or bare metal. We handle cluster provisioning, day-to-day operations, upgrades, and the Kubernetes ecosystem tooling that makes clusters production-ready.
Every cluster we set up includes a standard set of foundational components: an ingress controller (Nginx Ingress or Traefik), cert-manager for automatic TLS certificate provisioning from Let’s Encrypt, external-dns for automatic DNS record management, a container-native storage class, and cluster-level monitoring with the kube-prometheus-stack (Prometheus Operator, Grafana, Alertmanager). These components are deployed via Helm charts with version-pinned, GitOps-managed configurations.
RBAC is configured from the start with least-privilege service accounts for each application workload, and namespaces are used to isolate tenants and environments. Network policies restrict pod-to-pod traffic to explicitly defined allowed flows. We implement pod security standards (restricted profile) for all namespaces and use OPA Gatekeeper or Kyverno for policy enforcement that prevents misconfigured workloads from reaching the cluster.
Kubernetes management services: