Mistwolf Tech | DevOps · Testing · Backend

What we do

Four disciplines.
One team.

End-to-end delivery across infrastructure, quality, backend, and project execution — without the coordination overhead of five separate vendors.

01 / 04

DevOps & Platform

Kubernetes clusters, CI/CD pipelines, GitOps workflows, infrastructure-as-code, observability stacks. We design for day-two operations from the start.

KubernetesArgo CDTerraformHelmAzure

02 / 04

Testing & QA

Automated test suites, performance benchmarking, contract testing, security scanning. We embed quality into pipelines rather than bolting it on at the end.

k6PlaywrightTestcontainersOPA

03 / 04

Backend Development

API design, Go and Python services, database modelling, event-driven architecture. We write code that ops teams are happy to run at 3 AM.

GoPythonPostgreSQLRESTgRPC

04 / 04

Project Management

Technical project leadership, delivery planning, stakeholder communication, risk management. We bridge engineering reality and business expectations.

AgileScrumRisk mgmtRoadmapping

Our product

drift-warden — From zero to production in one command.

A versioned GitOps reference architecture for platform teams. From bare Kubernetes to a fully wired, CIS-compliant platform — Argo CD, Authentik, Kargo, secrets, certs, ingress, storage — in a single bootstrapped operation.

Request access → Get support

What it covers

⎈

GitOps orchestration

App-of-apps wiring, ApplicationSets, sync waves

⇢

Progressive delivery

Kargo multi-stage promotion, Argo Rollouts canary and blue/green

⚿

Identity & SSO

OIDC provider, RBAC integration for platform services

🔒

Secrets management

External secrets sync from cloud vaults into Kubernetes

✓

TLS & certificates

Automated certificate lifecycle, renewal, and rotation

⇌

Networking & ingress

Gateway API routing, zero-trust network access

▤

Storage & databases

Distributed block storage, managed database clusters

☁

Cloud infrastructure

Provision cloud resources via GitOps — provider support expanding

◎

Observability

VictoriaMetrics, Grafana dashboards, Loki log aggregation — built in, not bolted on

⊕

Compliance & policy

CIS Kubernetes Benchmark v1.9 alignment, OPA/Gatekeeper policy enforcement, auto-generated COMPLIANCE.md

Cloud providers

Azure Available

Hetzner Available

GKEComing soon

AWSComing soon

DOPlanned

~/platform — drift-warden

# Scaffold a new GitOps repo
$ drift-warden bootstrap \
  --env prod \
  --clusters 2 \
  --argo-cd-version 3.0 \
  --chart-version v1.49.4 \
  --output ./my-gitops-repo

✓ bootstrap-app.yaml
✓ applicationset.yaml
✓ values-override.yaml
✓ README.md

→ Fill in values-override.yaml, then:
  kubectl apply -f bootstrap-app.yaml

# Upgrade targetRevision pins across a GitOps repo
$ drift-warden migrate \
  --from v1 \
  --to v2 \
  --dir ./my-gitops-repo \
  --dry-run

✓ applicationsets/argocd.yaml        v1.4.2 → v2.0.1
✓ applicationsets/authentik.yaml     v1.3.0 → v2.0.0
✓ applicationsets/cert-manager.yaml  v1.2.1 → v2.0.0

→ Remove --dry-run to apply changes

1

Quick start — install the binary, then run drift-warden bootstrap --env prod

Request access →

Coming soon · Open Source

nexus-hetzner — Self-hosted Kubernetes, fully automated.

Infrastructure-as-code for a production-ready k3s cluster on Hetzner Cloud. Terraform provisions the servers, Ansible configures every node — Tailscale VPN, NFS mounts, k3s install — and drift-warden takes it from there.

Get notified → Get support

What it provisions

☁

Hetzner Cloud infrastructure

1 master + 3 workers, load balancer, private network, firewall

⎈

k3s Kubernetes cluster

Lightweight, production-ready — Tailscale-only API access

⚿

Zero-trust networking

SSH and Kubernetes API locked to Tailscale CGNAT, HTTP/HTTPS open

⇌

Automated CI/CD pipeline

Validate → plan → manual-gate deploy, weekly drift detection

▤

NFS storage integration

Synology NAS mounted via Tailscale with iptables isolation

✓

Remote state & backups

Terraform state in Hetzner Object Storage (S3-compatible)

Tech stack

TerraformIaC

AnsibleConfig

k3sK8s

TailscaleVPN

HetznerCloud

~/infra — nexus-hetzner

# Bootstrap full k3s cluster on Hetzner
$ gh workflow run deploy.yml \
  --field bootstrap_mode=true \
  --field worker_count=3

✓ Terraform: network, firewall, servers
✓ Ansible: Tailscale → NFS → k3s master
✓ Ansible: k3s workers joined
✓ SSH locked to Tailscale CGNAT
✓ kubeconfig patched and uploaded

→ Cluster ready. Run drift-warden next.

# Weekly drift detection (Monday 08:00 UTC)
$ gh workflow run pipeline.yml

✓ terraform fmt  — clean
✓ tflint         — 0 issues
✓ checkov        — 0 failures
✓ terraform plan — no changes

→ No drift detected. All good.

2

Pairs with drift-warden — provision the cluster, then bootstrap the platform

Get notified →

Ready to clean up your platform?

Whether you need help with drift-warden, nexus-hetzner, a full DevOps engagement, or just a code review — let's talk.

Get in touch Request drift-warden access →

Contact

Let's build something solid.

Services engagement, drift-warden support, or a quick technical question — reach out and we'll respond within one business day.

Email

support@mistwolf.tech

Response time

Within 1 business day

drift-warden & nexus-hetzner

Request access below

Platform engineering, done right.

Four disciplines.
One team.

DevOps & Platform

Testing & QA

Backend Development

Project Management

drift-warden — From zero to production in one command.

nexus-hetzner — Self-hosted Kubernetes, fully automated.

Built on production experience.

Ready to clean up your platform?

Let's build something solid.

Platform engineering, done right.

Four disciplines.One team.

DevOps & Platform

Testing & QA

Backend Development

Project Management

drift-warden — From zero to production in one command.

nexus-hetzner — Self-hosted Kubernetes, fully automated.

Built on production experience.

Ready to clean up your platform?

Let's build something solid.

Four disciplines.
One team.