Platform Engineering: How to Build an Internal Developer Platform

spinny:~/writing $ less platform-engineering-internal-developer-platform.md

1 
2As software systems grow more complex  -  microservices, Kubernetes, multi-cloud, CI/CD pipelines, observability stacks  -  developers are spending more time on infrastructure and less time on building products. **Platform Engineering** solves this by creating an internal platform that abstracts away complexity and provides developers with self-service tools to ship faster.
3 
4Gartner predicts that by 2027, **80% of software engineering organizations** will establish platform teams. In this guide, we'll explore what Platform Engineering is, why it matters, and how to build an Internal Developer Platform from scratch.
5 
6## What is Platform Engineering?
7 
8Platform Engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations. The output is an **Internal Developer Platform (IDP)**  -  a layer that sits between developers and infrastructure.
9 
10```mermaid
11graph TD
12    subgraph "Developers"
13        D1[Frontend Team]
14        D2[Backend Team]
15        D3[Data Team]
16    end
17 
18    subgraph "Internal Developer Platform"
19        Portal[Developer Portal]
20        Templates[Service Templates]
21        CICD[CI/CD Pipelines]
22        Infra[Infrastructure Abstraction]
23    end
24 
25    subgraph "Infrastructure"
26        K8s[Kubernetes]
27        Cloud[Cloud Services]
28        DB[Databases]
29        Monitor[Monitoring]
30    end
31 
32    D1 --> Portal
33    D2 --> Portal
34    D3 --> Portal
35    Portal --> Templates
36    Portal --> CICD
37    Portal --> Infra
38    Infra --> K8s
39    Infra --> Cloud
40    Infra --> DB
41    CICD --> Monitor
42```
43 
44### Platform Engineering vs DevOps
45 
46Platform Engineering is not a replacement for DevOps  -  it's the next evolution. DevOps said "you build it, you run it." Platform Engineering says "we'll make building and running it effortless."
47 
48| Aspect | DevOps | Platform Engineering |
49|--------|--------|---------------------|
50| **Focus** | Culture and practices | Products and self-service |
51| **Approach** | Every team manages infra | Platform team abstracts infra |
52| **Cognitive Load** | High (each team learns everything) | Low (golden paths provided) |
53| **Output** | CI/CD pipelines, IaC scripts | Internal Developer Platform |
54| **Users** | All engineering | Platform team serves engineering |
55 
56## Why Platform Engineering Matters
57 
58### The Cognitive Load Problem
59 
60In a typical modern organization, a developer needs to understand:
61 
62- Git workflows and branching strategies
63- CI/CD pipeline configuration
64- Container building and registry management
65- Kubernetes manifests and Helm charts
66- Cloud provider services (AWS/GCP/Azure)
67- Networking, DNS, TLS certificates
68- Monitoring, logging, alerting setup
69- Database provisioning and migrations
70- Security policies and compliance
71 
72That's an enormous cognitive burden that takes focus away from the actual product.
73 
74### The Golden Path
75 
76Platform Engineering introduces the concept of **golden paths**  -  opinionated, well-supported, and documented paths for common tasks. A golden path is not a mandate; developers *can* deviate, but the platform makes the right thing the easy thing.
77 
78```mermaid
79flowchart LR
80    Dev[Developer] -- "Create new service" --> Portal[Portal]
81    Portal -- "Select template" --> Template[Service Template]
82    Template -- "Auto-provision" --> Repo[Git Repository]
83    Template --> Pipeline[CI/CD Pipeline]
84    Template --> Infra[Kubernetes Namespace]
85    Template --> Monitor[Dashboards + Alerts]
86    Repo --> Ready[Ready to Code!]
87```
88 
89**Example golden path for creating a new microservice:**
901. Developer selects "New Backend Service" in the portal
912. Chooses language/framework (Node.js, Go, Python)
923. Platform auto-creates: Git repo, CI/CD pipeline, Kubernetes namespace, monitoring dashboards, and alert rules
934. Developer clones the repo and starts coding immediately
94 
95## Building an Internal Developer Platform
96 
97### Layer 1: Developer Portal
98 
99The portal is the single entry point for developers. The most popular open-source option is **Backstage** (created by Spotify, now a CNCF project).
100 
101Key features:
102- **Service catalog**: Every service, its owner, documentation, and dependencies
103- **Software templates**: Scaffolding for new services with best practices built in
104- **Tech docs**: Documentation as code, rendered and searchable
105- **Plugin ecosystem**: Extend with custom functionality
106 
107```yaml
108# backstage/catalog-info.yaml
109apiVersion: backstage.io/v1alpha1
110kind: Component
111metadata:
112  name: user-service
113  description: Manages user accounts and authentication
114  annotations:
115    github.com/project-slug: myorg/user-service
116    backstage.io/techdocs-ref: dir:.
117spec:
118  type: service
119  lifecycle: production
120  owner: team-auth
121  system: identity-platform
122  dependsOn:
123    - resource:postgresql-main
124  providesApis:
125    - user-api
126```
127 
128### Layer 2: Infrastructure Abstraction
129 
130Developers shouldn't write Terraform or Kubernetes YAML directly. The platform should provide abstractions.
131 
132**Tools:**
133- **Crossplane**: Kubernetes-native infrastructure provisioning
134- **Terraform with modules**: Pre-built, tested infrastructure modules
135- **Pulumi**: Infrastructure as real code (TypeScript, Python, Go)
136 
137```yaml
138# Example: Crossplane composition for a database
139apiVersion: database.example.com/v1
140kind: PostgreSQLInstance
141metadata:
142  name: user-db
143spec:
144  size: small        # Abstraction: small = 2 vCPU, 4GB RAM
145  version: "16"
146  backup: daily
147  team: auth-team
148```
149 
150Instead of configuring RDS parameters, VPC subnets, security groups, and backup policies, the developer just specifies `size: small` and `backup: daily`. The platform handles the rest.
151 
152### Layer 3: CI/CD Standardization
153 
154Standardize CI/CD so teams don't each build their own pipelines.
155 
156```yaml
157# .github/workflows/platform-ci.yml
158# Teams just include the shared workflow
159name: Build and Deploy
160on:
161  push:
162    branches: [main]
163 
164jobs:
165  pipeline:
166    uses: myorg/platform-workflows/.github/workflows/standard-pipeline.yml@v2
167    with:
168      language: node
169      deploy-target: production
170    secrets: inherit
171```
172 
173**Key practices:**
174- Shared CI/CD templates that teams include (not copy)
175- Automatic security scanning (SAST, dependency audit)
176- Standardized deployment strategies (canary, blue/green)
177- Automatic rollback on failed health checks
178 
179### Layer 4: Observability
180 
181Pre-configured monitoring so developers get dashboards and alerts out of the box.
182 
183- **Metrics**: Prometheus + Grafana with standard dashboards per service
184- **Logging**: Structured logging with centralized collection (Loki, ELK)
185- **Tracing**: Distributed tracing with OpenTelemetry
186- **Alerting**: PagerDuty/Opsgenie integration with sensible defaults
187 
188```mermaid
189graph LR
190    Service[Your Service] -- "OpenTelemetry SDK" --> Collector[OTel Collector]
191    Collector --> Prometheus[Prometheus]
192    Collector --> Loki[Loki]
193    Collector --> Tempo[Tempo]
194    Prometheus --> Grafana[Grafana Dashboards]
195    Loki --> Grafana
196    Tempo --> Grafana
197    Grafana --> PagerDuty[PagerDuty Alerts]
198```
199 
200## Measuring Success
201 
202How do you know your platform is working? Track these metrics:
203 
204### DORA Metrics
205- **Deployment frequency**: How often code reaches production
206- **Lead time for changes**: Time from commit to production
207- **Change failure rate**: Percentage of deployments causing failures
208- **Mean time to recovery**: Time to restore service after an incident
209 
210### Platform-Specific Metrics
211- **Time to first deploy**: How long from "new service" to first production deploy
212- **Developer satisfaction (NPS)**: Survey your users regularly
213- **Self-service ratio**: % of infrastructure requests handled without tickets
214- **Golden path adoption**: % of services following the recommended path
215 
216## Common Mistakes
217 
218### 1. Building Too Much, Too Soon
219Start with the biggest pain point, not a grand vision. If deployments are painful, start there. If provisioning takes weeks, start there.
220 
221### 2. Not Treating the Platform as a Product
222The platform team needs a product manager, user research, and feedback loops. Developers are your customers  -  understand their needs.
223 
224### 3. Mandating Instead of Attracting
225The best platforms are adopted voluntarily because they make developers' lives easier. If you have to mandate usage, your platform isn't good enough.
226 
227### 4. Ignoring Developer Experience
228A platform with terrible UX won't be used. Invest in clear documentation, helpful error messages, and fast feedback loops.
229 
230## Getting Started
231 
232A practical roadmap for building your first IDP:
233 
234```mermaid
235flowchart TD
236    A[Month 1-2: Discovery] --> B[Month 3-4: MVP]
237    B --> C[Month 5-6: Iterate]
238    C --> D[Month 7+: Scale]
239 
240    A --> A1[Interview developers]
241    A --> A2[Map pain points]
242    A --> A3[Choose first golden path]
243 
244    B --> B1[Deploy Backstage]
245    B --> B2[First service template]
246    B --> B3[Standardized CI/CD]
247 
248    C --> C1[Gather feedback]
249    C --> C2[Add infrastructure abstraction]
250    C --> C3[Improve docs and onboarding]
251 
252    D --> D1[More templates and golden paths]
253    D --> D2[Self-service infrastructure]
254    D --> D3[Advanced observability]
255```
256 
257### Minimum Viable Platform
258 
2591. **Service catalog** (Backstage)  -  know what exists and who owns it
2602. **One service template**  -  golden path for your most common service type
2613. **Standardized CI/CD**  -  shared pipeline that teams include
2624. **Basic docs**  -  how to use the platform, where to get help
263 
264You can build this MVP in 2-3 months with a team of 2-3 engineers.
265 
266## Conclusion
267 
268Platform Engineering is not about building the perfect platform from day one. It's about incrementally reducing the cognitive load on developers so they can focus on building products. Start small, measure impact, and iterate based on developer feedback.
269 
270The organizations that invest in Platform Engineering will have a significant competitive advantage: faster delivery, happier developers, and more reliable systems.
271 
272**Resources:**
273- [Team Topologies](https://teamtopologies.com/)  -  the book that popularized platform teams
274- [Backstage](https://backstage.io/)  -  Spotify's open-source developer portal
275- [CNCF Platforms White Paper](https://tag-app-delivery.cncf.io/whitepapers/platforms/)  -  community definition and best practices
276- [platformengineering.org](https://platformengineering.org/)  -  community, events, and resources
277

:Platform Engineering: How to Build an Internal Developer Platformlines 1-277 (END) — press q to close

2As software systems grow more complex - microservices, Kubernetes, multi-cloud, CI/CD pipelines, observability stacks - developers are spending more time on infrastructure and less time on building products. **Platform Engineering** solves this by creating an internal platform that abstracts away complexity and provides developers with self-service tools to ship faster.

4Gartner predicts that by 2027, **80% of software engineering organizations** will establish platform teams. In this guide, we'll explore what Platform Engineering is, why it matters, and how to build an Internal Developer Platform from scratch.

6## What is Platform Engineering?

8Platform Engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations. The output is an **Internal Developer Platform (IDP)** - a layer that sits between developers and infrastructure.

10```mermaid

11graph TD

12 subgraph "Developers"

13 D1[Frontend Team]

14 D2[Backend Team]

15 D3[Data Team]

16 end

18 subgraph "Internal Developer Platform"

19 Portal[Developer Portal]

20 Templates[Service Templates]

21 CICD[CI/CD Pipelines]

22 Infra[Infrastructure Abstraction]

23 end

25 subgraph "Infrastructure"

26 K8s[Kubernetes]

27 Cloud[Cloud Services]

28 DB[Databases]

29 Monitor[Monitoring]

30 end

32 D1 --> Portal

33 D2 --> Portal

34 D3 --> Portal

35 Portal --> Templates

36 Portal --> CICD

37 Portal --> Infra

38 Infra --> K8s

39 Infra --> Cloud

40 Infra --> DB

41 CICD --> Monitor

42```

44### Platform Engineering vs DevOps

46Platform Engineering is not a replacement for DevOps - it's the next evolution. DevOps said "you build it, you run it." Platform Engineering says "we'll make building and running it effortless."

48| Aspect | DevOps | Platform Engineering |

49|--------|--------|---------------------|

50| **Focus** | Culture and practices | Products and self-service |

51| **Approach** | Every team manages infra | Platform team abstracts infra |

52| **Cognitive Load** | High (each team learns everything) | Low (golden paths provided) |

53| **Output** | CI/CD pipelines, IaC scripts | Internal Developer Platform |

54| **Users** | All engineering | Platform team serves engineering |

56## Why Platform Engineering Matters

58### The Cognitive Load Problem

60In a typical modern organization, a developer needs to understand:

62- Git workflows and branching strategies

63- CI/CD pipeline configuration

64- Container building and registry management

65- Kubernetes manifests and Helm charts

66- Cloud provider services (AWS/GCP/Azure)

67- Networking, DNS, TLS certificates

68- Monitoring, logging, alerting setup

69- Database provisioning and migrations

70- Security policies and compliance

72That's an enormous cognitive burden that takes focus away from the actual product.

74### The Golden Path

76Platform Engineering introduces the concept of **golden paths** - opinionated, well-supported, and documented paths for common tasks. A golden path is not a mandate; developers *can* deviate, but the platform makes the right thing the easy thing.

78```mermaid

79flowchart LR

80 Dev[Developer] -- "Create new service" --> Portal[Portal]

81 Portal -- "Select template" --> Template[Service Template]

82 Template -- "Auto-provision" --> Repo[Git Repository]

83 Template --> Pipeline[CI/CD Pipeline]

84 Template --> Infra[Kubernetes Namespace]

85 Template --> Monitor[Dashboards + Alerts]

86 Repo --> Ready[Ready to Code!]

87```

89**Example golden path for creating a new microservice:**

901. Developer selects "New Backend Service" in the portal

912. Chooses language/framework (Node.js, Go, Python)

923. Platform auto-creates: Git repo, CI/CD pipeline, Kubernetes namespace, monitoring dashboards, and alert rules

934. Developer clones the repo and starts coding immediately

95## Building an Internal Developer Platform

97### Layer 1: Developer Portal

99The portal is the single entry point for developers. The most popular open-source option is **Backstage** (created by Spotify, now a CNCF project).

100

101Key features:

102- **Service catalog**: Every service, its owner, documentation, and dependencies

103- **Software templates**: Scaffolding for new services with best practices built in

104- **Tech docs**: Documentation as code, rendered and searchable

105- **Plugin ecosystem**: Extend with custom functionality

106

107```yaml

108# backstage/catalog-info.yaml

109apiVersion: backstage.io/v1alpha1

110kind: Component

111metadata:

112 name: user-service

113 description: Manages user accounts and authentication

114 annotations:

115 github.com/project-slug: myorg/user-service

116 backstage.io/techdocs-ref: dir:.

117spec:

118 type: service

119 lifecycle: production

120 owner: team-auth

121 system: identity-platform

122 dependsOn:

123 - resource:postgresql-main

124 providesApis:

125 - user-api

126```

127

128### Layer 2: Infrastructure Abstraction

129

130Developers shouldn't write Terraform or Kubernetes YAML directly. The platform should provide abstractions.

131

132**Tools:**

133- **Crossplane**: Kubernetes-native infrastructure provisioning

134- **Terraform with modules**: Pre-built, tested infrastructure modules

135- **Pulumi**: Infrastructure as real code (TypeScript, Python, Go)

136

137```yaml

138# Example: Crossplane composition for a database

139apiVersion: database.example.com/v1

140kind: PostgreSQLInstance

141metadata:

142 name: user-db

143spec:

144 size: small # Abstraction: small = 2 vCPU, 4GB RAM

145 version: "16"

146 backup: daily

147 team: auth-team

148```

149

150Instead of configuring RDS parameters, VPC subnets, security groups, and backup policies, the developer just specifies `size: small` and `backup: daily`. The platform handles the rest.

151

152### Layer 3: CI/CD Standardization

153

154Standardize CI/CD so teams don't each build their own pipelines.

155

156```yaml

157# .github/workflows/platform-ci.yml

158# Teams just include the shared workflow

159name: Build and Deploy

160on:

161 push:

162 branches: [main]

163

164jobs:

165 pipeline:

166 uses: myorg/platform-workflows/.github/workflows/standard-pipeline.yml@v2

167 with:

168 language: node

169 deploy-target: production

170 secrets: inherit

171```

172

173**Key practices:**

174- Shared CI/CD templates that teams include (not copy)

175- Automatic security scanning (SAST, dependency audit)

176- Standardized deployment strategies (canary, blue/green)

177- Automatic rollback on failed health checks

178

179### Layer 4: Observability

180

181Pre-configured monitoring so developers get dashboards and alerts out of the box.

182

183- **Metrics**: Prometheus + Grafana with standard dashboards per service

184- **Logging**: Structured logging with centralized collection (Loki, ELK)

185- **Tracing**: Distributed tracing with OpenTelemetry

186- **Alerting**: PagerDuty/Opsgenie integration with sensible defaults

187

188```mermaid

189graph LR

190 Service[Your Service] -- "OpenTelemetry SDK" --> Collector[OTel Collector]

191 Collector --> Prometheus[Prometheus]

192 Collector --> Loki[Loki]

193 Collector --> Tempo[Tempo]

194 Prometheus --> Grafana[Grafana Dashboards]

195 Loki --> Grafana

196 Tempo --> Grafana

197 Grafana --> PagerDuty[PagerDuty Alerts]

198```

199

200## Measuring Success

201

202How do you know your platform is working? Track these metrics:

203

204### DORA Metrics

205- **Deployment frequency**: How often code reaches production

206- **Lead time for changes**: Time from commit to production

207- **Change failure rate**: Percentage of deployments causing failures

208- **Mean time to recovery**: Time to restore service after an incident

209

210### Platform-Specific Metrics

211- **Time to first deploy**: How long from "new service" to first production deploy

212- **Developer satisfaction (NPS)**: Survey your users regularly

213- **Self-service ratio**: % of infrastructure requests handled without tickets

214- **Golden path adoption**: % of services following the recommended path

215

216## Common Mistakes

217

218### 1. Building Too Much, Too Soon

219Start with the biggest pain point, not a grand vision. If deployments are painful, start there. If provisioning takes weeks, start there.

220

221### 2. Not Treating the Platform as a Product

222The platform team needs a product manager, user research, and feedback loops. Developers are your customers - understand their needs.

223

224### 3. Mandating Instead of Attracting

225The best platforms are adopted voluntarily because they make developers' lives easier. If you have to mandate usage, your platform isn't good enough.

226

227### 4. Ignoring Developer Experience

228A platform with terrible UX won't be used. Invest in clear documentation, helpful error messages, and fast feedback loops.

229

230## Getting Started

231

232A practical roadmap for building your first IDP:

233

234```mermaid

235flowchart TD

236 A[Month 1-2: Discovery] --> B[Month 3-4: MVP]

237 B --> C[Month 5-6: Iterate]

238 C --> D[Month 7+: Scale]

239

240 A --> A1[Interview developers]

241 A --> A2[Map pain points]

242 A --> A3[Choose first golden path]

243

244 B --> B1[Deploy Backstage]

245 B --> B2[First service template]

246 B --> B3[Standardized CI/CD]

247

248 C --> C1[Gather feedback]

249 C --> C2[Add infrastructure abstraction]

250 C --> C3[Improve docs and onboarding]

251

252 D --> D1[More templates and golden paths]

253 D --> D2[Self-service infrastructure]

254 D --> D3[Advanced observability]

255```

256

257### Minimum Viable Platform

258

2591. **Service catalog** (Backstage) - know what exists and who owns it

2602. **One service template** - golden path for your most common service type

2613. **Standardized CI/CD** - shared pipeline that teams include

2624. **Basic docs** - how to use the platform, where to get help

263

264You can build this MVP in 2-3 months with a team of 2-3 engineers.

265

266## Conclusion

267

268Platform Engineering is not about building the perfect platform from day one. It's about incrementally reducing the cognitive load on developers so they can focus on building products. Start small, measure impact, and iterate based on developer feedback.

269

270The organizations that invest in Platform Engineering will have a significant competitive advantage: faster delivery, happier developers, and more reliable systems.

271

272**Resources:**

273- [Team Topologies](https://teamtopologies.com/) - the book that popularized platform teams

274- [Backstage](https://backstage.io/) - Spotify's open-source developer portal

275- [CNCF Platforms White Paper](https://tag-app-delivery.cncf.io/whitepapers/platforms/) - community definition and best practices

276- [platformengineering.org](https://platformengineering.org/) - community, events, and resources

277