Platform Engineering 101
- Mindset Shift: Platform Engineering is about treating your internal developers as customers and the platform as a product. It moves beyond "ticket-based ops" to "self-service automation."
- The Golden Path: Creating a "Paved Road" — an opinionated, supported, and automated path for building and deploying software. Deviating is allowed but unsupported ("off-roading").
- IDP (Internal Developer Platform): The interface (GUI/CLI) developers use to interact with the platform. Tools like Backstage or Port aggregate docs, catalogs, and scaffolding templates.
- CRDs-as-a-Service: Using Kubernetes CRDs (Crossplane, Ack) to provision non-Kubernetes resources (RDS, S3, Redis), giving developers a unified API for everything.
"Kubernetes is a platform for building platforms. It is not the platform itself." — Kelsey Hightower
Raw Kubernetes is too complex for most application developers. Asking every dev to understand PodDisruptionBudgets, Ingress, CertManager, and HPA leads to cognitive overload and misconfiguration.
Platform Engineering is the discipline of building an abstraction layer on top of Kubernetes (and cloud primitives) to enable developer self-service.
1. The Maturity Model
Level 0: Ticket Ops
- Dev: "I need a database."
- Ops: (Opens Jira ticket, manually runs Terraform, emails credentials).
- Result: Slow, blocking, error-prone.
Level 1: Scripted Ops
- Dev: Runs
./create-db.sh. - Result: Faster, but fragile. Scripts drift from reality.
Level 2: Self-Service Platform (The Goal)
- Dev: Commits a
PostgresInstanceYAML to their repo. - Platform: Automatically provisions RDS, creates K8s Secrets, and updates the App configuration.
- Result: Non-blocking, auditable, standardized.
2. The Golden Path (Paved Road)
Do not ban bad practices; make the good practice the easiest one.
- The Path: "If you use our standard Helm Chart / Template, you get Logging, Metrics, CI/CD, DNS, and TLS for free."
- Off-Roading: "If you want to write raw manifests, you can, but you are responsible for your own security patching and ingress config."
Most developers want to focus on business logic, not infrastructure plumbing. They will choose the Golden Path if it works.
3. Abstraction Patterns
How much Kubernetes should you hide?
A. The "Namespace-as-a-Service" Model
The platform team vends Namespaces.
- Platform provides: A Namespace with Quotas, RBAC, NetworkPolicies, and a default ServiceAccount.
- Dev provides: Deployments, Services, ConfigMaps.
- Pros: High flexibility for devs.
- Cons: High complexity for devs.
B. The "App-Spec" Model (Heroku-style)
The platform team creates a simplified CRD (Custom Resource Definition).
# Simplified Developer Interface
apiVersion: internal.corp/v1
kind: WebApp
metadata:
name: my-shop
spec:
image: my-shop:v1
public: true
database: true
- Platform Operator: Watches
WebApp, generates Deployment + Service + Ingress + Certificate + PVC + RDS Instance. - Pros: Extreme simplicity. "You build it, you run it" becomes possible.
- Cons: The platform team must write and maintain the Operator/Controller.
4. The Internal Developer Platform (IDP)
The IDP is the "Portal". Popular tools include Backstage (Spotify) and Port.
Core Features of an IDP:
- Service Catalog: A searchable registry of all microservices, their owners, and their API docs.
- Scaffolder: "Create New Spring Boot Service" wizard that generates a repo with boilerplate code, Dockerfile, and CI/CD pipelines.
- Scorecards: "Your service is rated B- because it lacks a README and 99% test coverage."
5. Composition: Crossplane & ACK
How do you provision cloud resources (S3, RDS, Pub/Sub) via Kubernetes?
Crossplane allows you to manage external infrastructure using K8s manifests.
# Developer commits this to Git
apiVersion: database.aws.crossplane.io/v1beta1
kind: RDSInstance
metadata:
name: my-db
spec:
forProvider:
region: us-east-1
dbInstanceClass: db.t3.micro
engine: postgres
The Crossplane controller sees this and calls the AWS API to create the RDS instance. It's Terraform, but with a control loop (drift detection is continuous).
6. What's Next?
- Multi-Tenancy: The foundation for sharing your platform.
- GitOps: The delivery mechanism for your platform.
- CRDs: The building blocks of your custom abstractions.