Skip to content
$ invictus-solutions
EN SK

Independent contractor — Bratislava / EU / remote

Linux, Kubernetes and on-prem infrastructure that holds up under load.

Senior DevOps and SRE work for teams that want to ship fast without inheriting a fragile platform. Fractional, project-based, or monthly retainer.

Book a 30-min intro call See selected work

# services

Services

Specific work I can take on, not vague labels.

  • 01

    Kubernetes on-prem — design, build, upgrades, migrations

    Production Kubernetes on your own hardware or in co-location: sizing, networking, storage, HA control plane, and upgrades with a rollback path. I handle migrations from older on-prem platforms and repatriation from cloud, then leave the team with runbooks they can actually use.

  • 02

    Linux HA clusters — on-prem & IaaS

    Highly available web and database stacks on Debian/Ubuntu, on bare metal or IaaS. Load balancing, replication, failover and backups are tested instead of assumed. Legacy installs and shared-hosting moves get a written cutover and rollback plan.

  • 03

    Linux hardening & lifecycle management

    Linux servers brought to a documented, CIS-aligned baseline: SSH and PAM hardening, unattended security updates, kernel and distribution upgrades, audit logs and retention. A steady patch rhythm instead of quarterly emergencies.

  • 04

    Identity & access — Keycloak / OIDC

    Central IAM for Kubernetes and the platform tools around it: Grafana, Harbor, ArgoCD, GitLab and internal apps. OIDC SSO, group-based RBAC, MFA, and a clear split between human and machine identities.

  • 05

    CI/CD & GitOps

    GitLab CI and GitOps for Kubernetes and traditional Linux targets. ArgoCD promotion between environments, build caches that hold up, and security scanning with useful signal. One reviewable path from commit to production.

  • 06

    Infrastructure as Code

    Ansible and SaltStack treated like software: tested, reviewed and idempotent. Inventories that still make sense past 200 hosts. Every change reproducible, every host documented — no more "it works on the bastion."

  • 07

    Observability

    Prometheus, Grafana, Loki, Tempo, Zabbix or ELK — chosen for your team and budget, not for the trend cycle. SLO-based alerting, runbooks linked from alerts, and a serious pass over noisy pages before they wake people up.

  • 08

    Incident response retainers & postmortems

    Reserved capacity for production incidents, with response SLAs agreed up front for business hours. Blameless postmortems that turn into permanent fixes — written down, tracked and verified.

# work

Selected work

Three anonymized engagements. Numbers are real.

  1. Fintech startup

    Repatriating from Azure AKS to bare-metal RKE2 — 73% lower spend, roughly 2× the performance

    A growth-stage Fintech was spending about €22k/month on AKS and managed Azure databases. We moved production to a HA bare-metal RKE2 platform with a separate dev cluster, dedicated database tier, off-site backups, observability, and CI on-prem. Monthly infrastructure spend dropped to about €6k, while comparable workloads ran roughly twice as fast.

    • Infrastructure spend cut from €22k to about €6k/month (-73%)
    • Comparable workloads ran roughly 2× faster than on the previous AKS setup
    • HA prod/dev clusters, dedicated DB tier, on-prem GitLab and observability on one Ansible-managed baseline
    Read case study →
  2. Fintech startup

    From single-VM web app to HA Kubernetes — feature-branch CI/CD and zero-downtime deploys

    A web platform was split across two Linux VMs: one app server, one database server. Every deploy meant downtime, staging was a queue, and local development did not match production. We moved it to HA Kubernetes with production Docker images, feature-branch environments, GitLab CI/CD, MariaDB Galera, observability, and a docker-compose setup that mirrors production.

    • Zero-downtime rolling deploys for application changes (DB migrations still use a planned window)
    • Horizontally scalable web tier and Galera-backed database — both single-VM SPOFs removed
    • Preview environments for feature branches, so developers can ship in parallel
    Read case study →
  3. Software house

    Replatforming a virtualised Kubernetes cluster — k3s to RKE2, GitOps, SSO, and modern observability

    An internal k3s cluster on virtualised infrastructure had quietly become production: hand-rolled storage, ad-hoc kubectl deploys, scattered metrics and logs, shared kubeconfigs, and no clean RBAC. Over nine weeks we moved it to RKE2, Rook-Ceph, ArgoCD GitOps, Harbor, a Grafana observability stack, Keycloak SSO, namespace RBAC from group claims, and Renovate-managed platform updates.

    • In-place k3s → RKE2 migration; ceph-csi replaced with Rook-Ceph with only minutes of PVC downtime per app
    • All workloads reconciled by ArgoCD; Harbor became the team registry
    • One Grafana view for metrics, logs and traces, with exemplars linking the signals together
    Read case study →

# about

About

Senior Linux / DevOps / SRE Engineer

Martin Dulovič

Bratislava, Slovakia

I run infrastructure for SMBs and scale-ups across the EU. Background: a decade in Linux operations, the last six years split between Kubernetes platform work and on-prem repatriation projects.

I take a small number of engagements at a time so each one gets serious attention. I prefer to leave clients with documented, reproducible systems they can run without me.

Certifications

  • CKA — Certified Kubernetes Administrator
  • LFCS — Linux Foundation Certified Sysadmin

Working stack

OS
  • Debian
  • Ubuntu
  • RHEL
  • ArchLinux
Orchestration
  • Kubernetes
  • RKE2
  • K3S
  • OpenShift
IaC & Config
  • Ansible
  • SaltStack
  • Terraform
CI/CD
  • GitLab CI
  • Gitlab KAS
  • ArgoCD
Observability
  • Prometheus
  • Grafana
  • Loki
  • Tempo
  • Zabbix
  • ELK
Storage / Net
  • Ceph
  • ZFS
  • NFS
  • Longhorn
  • HAProxy
  • NGINX
  • Wireguard
Virt / Bare metal
  • Proxmox
  • KVM
  • LXD
  • LXC
Languages
  • Bash
  • Python
  • Go (read)
  • YAML

# engagement

Engagement models

Pick the shape that fits the work.

01

Hourly

For audits, second opinions, and surgical work. Tracked transparently, billed monthly.

02

Fixed-scope project

Defined deliverable, defined timeline, defined price. Best for migrations, hardening passes, and platform builds.

03

Monthly retainer

Reserved capacity for ongoing platform work and incident response with agreed response SLAs during business hours.

Rates

Day rate or fixed quote depending on scope. Contact for current rates and availability.

# contact

Get in touch

No form, no funnel. One email, one calendar link.

I read every inquiry personally. If we are a fit, I usually reply within one business day.

Book a call

A free 30-minute call. No obligation — we just check if it makes sense to continue.

Open calendar

cal.com/martin-dulovic