NatronTech Logo
Back to Case Studies
Swissgrid

Swissgrid

Hyperscaler
On-Premise

Critical Infrastructure on Kubernetes

Building and operating 20+ Kubernetes clusters across Hyperscaler cloud and high-security on-premise datacenters for Switzerland's national grid operator — from platform engineering to cloud-native developer tooling.

20+

Kubernetes Clusters

GitOps

Fully Declarative

24/7

Managed Operations

The Challenge

As the operator of the Swiss electricity transmission grid, Swissgrid needed an enterprise-grade Kubernetes container platform that could operate seamlessly across both Hyperscaler cloud and multiple high-security on-premise datacenters. Each environment has fundamentally different networking, compliance, and operational constraints — from private cloud clusters with CIS-benchmarked configurations to air-gapped on-premise environments with distributed storage and GPU workloads. The platform had to provide a consistent, self-service experience for a growing number of application teams while enforcing strict multi-tenancy, automated secrets management, network segmentation, and pod security standards across every cluster. Additionally, Swissgrid needed a structured release management process to safely roll out platform changes through multiple stages — from proof of concept all the way to production.

Our Solution

As part of Swissgrid's container platform team, Natron Tech helped design and build a fully declarative, GitOps-driven platform spanning 20+ Kubernetes clusters across all environments. Together, we created a unified blueprint that adapts to each environment — from cloud-native Hyperscaler integrations with managed identities and key vaults to on-premise clusters with distributed Ceph storage and private container registries. Onboarding a new application team is a single pull request: namespaces, RBAC, network policies, secrets vaults, registry projects, GitOps deployment pipelines, and monitoring are all provisioned automatically. Custom Kubernetes operators continuously reconcile external systems and self-heal configuration drift. The platform enforces CIS security benchmarks, default-deny network policies, and pod security standards across all environments. Beyond the platform itself, we also built an ephemeral cloud development environment that gives developers instant, browser-based IDE sessions with integrated Docker and Kubernetes access — enabling secure development without local tooling dependencies.

Platform at a Glance

Key capabilities we built together with Swissgrid.

GitOps Automation

Every change — from infrastructure to tenant onboarding — flows through Git with full audit trail.

Multi-Tenancy

Isolated namespaces, RBAC, and dedicated secrets for each application team.

Security & Compliance

CIS benchmarks, default-deny network policies, and pod security standards enforced everywhere.

Self-Healing Operators

Custom operators detect drift and automatically reconcile all managed resources.

Developer Environments

Ephemeral browser-based IDEs with Docker and Kubernetes — no local setup needed.

Release Management

Automated promotion through POC, test, integration, and production stages.

Onboarding in Action

A single pull request provisions everything a team needs.

tenant-onboarding

$ git commit -m "feat: onboard team-alpha"

$ git push origin main

> namespace/team-alpha-prod created

> argocd-project/team-alpha configured

> network-policies applied

> secrets-vault provisioned

> registry-project created

> monitoring-rules deployed

✓ Team onboarded in 3 minutes

The Results

  • 20+ Kubernetes clusters operated across Hyperscaler cloud and on-premise datacenter environments
  • Self-service team onboarding via pull requests — namespaces, secrets, registries, pipelines, and monitoring provisioned in minutes
  • CIS-benchmarked security with default-deny network policies, pod security standards, and automated policy enforcement
  • Self-healing platform with custom operators for drift detection and automated reconciliation of all managed resources
  • Ephemeral cloud development environments giving developers instant, browser-based IDE sessions with Docker and Kubernetes access
  • Structured release management with automated promotion through POC, test, integration, and production stages

Ready for Enterprise Kubernetes?

Let us build and operate your container platform — on any infrastructure.

Schedule Consultation