Available for new projects
DevOps / SRE / Cloud Infrastructure
Infrastructure that stays boring - so your team ships fast.
I am Aleš, a freelance DevOps and SRE engineer. I build and run the cloud platforms that startups and growing teams depend on: automated, observable, and quiet at 3am. You ship features; the infrastructure just works.
Tooling I run in production
Services
What I take off your plate
Six disciplines, one outcome: a platform your engineers trust and your finance team understands. Hire me for one, or all of them.
- 01 Cloud & Platform
Cloud Infrastructure
A well-architected foundation on AWS or GCP, defined as code so it is repeatable, reviewable and recoverable.
- Terraform / OpenTofu modules
- Multi-environment networking
- Landing zones & account structure
- 02 Delivery
CI/CD & Release Automation
Pipelines that turn a merge into a safe production deploy, with rollbacks that actually work when you need them.
- GitHub Actions / GitLab CI
- GitOps with Argo CD / Flux
- Zero-downtime & canary releases
- 03 Orchestration
Kubernetes & Containers
Clusters designed to be operated, not babysat: sane defaults, autoscaling, and Helm charts your team can read.
- Cluster design & hardening
- Autoscaling & resource tuning
- Helm / Kustomize packaging
- 04 Reliability
Observability & SRE
You cannot fix what you cannot see. SLOs, dashboards and alerts that point at the problem instead of the noise.
- Prometheus / Grafana / Loki
- SLOs & error budgets
- On-call setup & runbooks
- 05 FinOps
Cost & Performance
Find the spend that buys nothing and the latency that costs you users. Then cut both, with numbers to prove it.
- Right-sizing & spend visibility
- p99 latency profiling
- Spot / committed-use strategy
- 06 Hardening
Security & Resilience
Least-privilege access, managed secrets, and backups you have actually restored from. Sleep follows.
- IAM & secrets management
- Backups & disaster recovery
- SOC 2 / ISO readiness groundwork
Track record
Reliability you can put a number on
The point of good infrastructure is that nothing happens. Here is what that looks like in practice across recent engagements.
- api-gateway healthy checking
- postgres-primary healthy checking
- k8s-ingress healthy checking
- edge-cache healthy checking
- prometheus healthy checking
- 99.98 %
- Uptime maintained across managed platforms
- < 120 ms
- p99 API latency after tuning
- 45 min
- Median time to recovery on incidents
- 40 %
- Typical cloud spend cut in a cost audit
Figures are representative of recent engagements and depend on the stack involved.
How I work
Three ways to bring me in
Pick the engagement that fits where you are. Every one starts with a short call and a clear, written scope before any invoice.
Project
Fixed scopeA defined piece of work: a cloud migration, a Kubernetes platform, a CI/CD overhaul. Scoped and priced up front, delivered with documentation and a handover.
Best when you know what you need built.
Retainer
OngoingYour fractional SRE. A set number of days each month to run, improve and stay on call for your platform, so reliability has an owner without a full-time hire.
Best when you need a steady pair of hands.
Audit
1-2 weeksA fixed-fee review of your infrastructure, cost and reliability. You get a written report, prioritised findings and a roadmap you can act on with or without me.
Best when you want clarity before committing.
- 01 Discovery call
- 02 Written scope
- 03 Build & iterate
- 04 Handover & docs
About
Twelve years keeping systems online.
I have spent my career on the operations side of software: the pager, the migration, the 2am incident bridge. That taught me the same lesson every time. Reliable systems are not the ones with the cleverest architecture. They are the ones that are automated, observable, and documented well enough that the next person can fix them.
I work the way I would want a contractor to work with my own team: remote, async-friendly, and allergic to surprises. You get one engineer who owns the problem end to end, writes things down, and hands back something your team can run without me.
Based in the Czech Republic, working across European and US timezones. Available in English and Czech.
Certifications
- AWS Certified Solutions Architect - Professional
- Certified Kubernetes Administrator (CKA)
- HashiCorp Terraform Associate
Selected work
A few outcomes
Anonymised to respect client confidentiality. Real references available on request.
- 01
Cut the AWS bill by 40%
Right-sized a Series-A SaaS platform and moved steady workloads to committed-use, with no impact on performance.
AWS / Terraform / Kubernetes
- 02
Zero-downtime move to Kubernetes
Migrated a fintech off ageing VMs onto a hardened cluster with GitOps delivery and full audit logging.
GKE / Argo CD / Prometheus
- 03
From weekly outages to 99.99%
Introduced SLOs, real alerting and runbooks for an e-commerce team that was firefighting every week.
GCP / Grafana / PagerDuty
Questions
Good to know
Do you work remotely?
Yes, by default. I am based in the Czech Republic (CET) and work async with teams across Europe and the US. On-site visits are possible for kickoffs when it helps.
What size of company do you work with?
From early-stage startups to teams of around 200. The common thread is that reliability has become too important to leave to chance and too small to justify a full-time SRE hire yet.
How do you charge?
Projects are scoped and priced up front. Retainers are a fixed number of days per month. Audits are a fixed fee. You always know the number before we start. Get in touch for current rates and availability.
Can you join our existing team?
Yes. I work inside your tooling, your repos and your standups, and I leave documentation behind so the work outlives the engagement.
Do you handle on-call?
Within a retainer, yes. I will also set up on-call properly for your team: rotations, escalation, and runbooks so the pager is survivable.
Which languages do you work in?
English and Czech, for both written work and calls.
Contact
Let us talk about your infrastructure
Tell me what you are building and where it hurts. A short message is enough to start; I will reply with next steps.
- Prefer email?
- hello@alesnovak.dev