When should you use platform engineering and what’s the best approach?
The possibilities of the cloud are nearly endless – but it comes with a bewildering array of tools, methods, and systems. Platform engineering has emerged as a way of giving you mastery over this complexity without restricting developer freedoms or creativity.
It’s a cloud-native approach that gives developers a proven DevOps pathway equipped with a complete suite of self-service tools.
But there’s a significant investment involved in platform engineering – so, when is it needed, and what’s the best way of doing it? In this edition of my newsletter, we’ll look at this important issue and highlight how to get the maximum value with our proven approach.
When is platform engineering valuable?
Platform engineering generates value through the repetition of validated development pathways, so it can generate maximum value when it is used frequently over a long period of time.
Given the effort involved, it only makes sense to use platform engineering once your team reaches a certain size.
This may vary depending on the skill level and work involved, but it becomes easier to manage a team with an internal development platform (IDP) once it exceeds 15 members in our experience.
How it generates value
Automating expertise: Without an IDP, your infrastructure experts will spend a lot of time taking care of infrastructure-related requests for other team members. The bigger the team, the more requests.
And this means your infrastructure team is tied up dealing with repetitive tasks that – let’s face it – could be automated.
So instead, they put their expertise to work in building a platform that does exactly this. Now, your team and projects can grow without restriction.
Specific, rigorous requirements: If your project/s have stringent requirements such as regulatory compliance or high-spec industry demands, then you can’t afford to make infrastructure mistakes.
In this case, the IDP generates value by enabling you to tackle these projects by automating all the security, performance, and compliance.
Speed: Ok, it takes time to set up a platform. However, once it’s up and running you can develop at speed. New features or products can reach the market faster, following a validated path each time.
Use a proven approach to platform engineering in the cloud
Deployment: With a continuous stream of toolchains and workflows, you can keep your deployment as transparent and reproducible as possible.
We use Git for storing the manifest, because it allows developers to add applications and dependencies on a Git branch. This way, a pull request to merge changes becomes a trigger for the infrastructure team to carefully check the changes.
Git also enables easy management of versions, and with platforms such as github or gitlab, they offer automations that can perform automated scans and other processes.
Container orchestration: For the platform environment, our choice at Blackbird Cloud for container orchestration is usually Kubernetes (K8s) or AWS ECS. These give developers a lot of choice over their preferred tools.
You can synchronize with the Git state using a tool like ArgoCD or AWS CloudFormation. ArgoCD is a handy, open-source tool, but can only be used to sync kubernetes resources and AWS CloudFormation for AWS resources.
Dependencies: This can be a real ‘can of worms’ because without good resource mapping it’s hard to maintain visibility (or control) over cost-effectiveness or security, so code and dependencies scanning is a must.
K8s gives you a control plane to deploy your containers and their dependencies, it has some nice features such as policies, service registries, service meshes, liveness probes, and readiness probes.
Feedback: Performance monitoring and logging tools are invaluable for the smooth flow of feedback and iterative improvements. Give your team access to insights from tools like Prometheus, AWS CloudWatch, and Loki.
Ensuring best practices and security, end-to-end
Security and compliance can be built-in with platform engineering – if done right.
Here are some important ways you can use your platform to enforce your security posture and regulatory compliance throughout.
Application templates: Use templates to maintain your best practices. These form a secure framework for your development process, and can include things like branch protection rules that prevent unauthorized merges.
Software bill of materials (SBOM): An SBOM is recommended by CISA as a ‘key building block’ for managing the risk of software supply-chains. When there’s a deviation from the SBOM, then you know there’s a potential vulnerability - and action is needed.
Automated code testing: Automated testing helps ensure standards throughout the application lifecycle.
Whitelisting: Limit code to trusted repositories, and enable developers to submit code for approval and addition to the whitelist.
Multiple checkpoints: Install security checkpoints at each stage in the pipeline, including automated and (potentially) manual checks.
Access control: This seems basic, but it’s also a powerful way to ensure the security of your platform. Enforce multi-factor authentication and log access attempts.
Want to get your cloud project on the right track from day one?
There’s no point in reinventing the wheel. With the advice and guidance of seasoned experts, you can get your project to the finish line faster using the best methods and tools for your needs.
Harness our experience in complex and demanding cloud software to accelerate your time to market. Get in touch.