On-Premises Kubernetes for an Austrian NGO

An Austrian NGO with around 30 employees had relied on a proprietary Windows application for years. An external software agency developed a modern web application as its successor – but the new software raised a new question: Who operates the infrastructure?

Starting Point: New Application, Unresolved Operations​

• Replacement of a legacy Windows application with a custom-built web application
• Sensitive data: Cloud hosting was not an option due to data protection requirements
• A Windows server with hardware support from an IT systems integrator had already been ordered – but no one could operate the services on it
• The application was to be accessible exclusively internally, with no public access
• The software agency was responsible for development – not operations

Implementation: Two Kubernetes Clusters, Clear Responsibilities​

RiKuWe took over the complete infrastructure setup and operations on the NGO's own hardware:

• Setup of two Kubernetes clusters on customer hardware: Staging and Production
• Deployment of the web application along with all required databases
• Keycloak as the central authentication and identity management solution
• Dedicated container registry for the agency's deployments
• Access secured via VPN – the application is exclusively accessible internally
• Full monitoring & alerting stack as part of the SLA
• Defined deployment process: The agency deploys independently to staging – production releases are carried out exclusively by RiKuWe

Result: Stable Platform, Clear Accountability​

• Sensitive data remains on their own hardware – fully GDPR-compliant and without cloud dependency
• The agency can iterate quickly: Staging is available at all times
• Production environment stays stable: Releases only through RiKuWe, with quality control
• Comprehensive observability through monitoring & alerting with SLA backing
• The NGO focuses on its mission – RiKuWe takes care of the rest