Skip to main content

Goals and Non-Goals

Goals

G1 — Golden Paths for All Common Workflows

Provide Backstage Scaffolder templates for every standard platform operation: creating a domain, system, service, cloud resource, team, and user. A developer should never need to manually write ArgoCD YAML, Kubernetes manifests, or Crossplane Claims.

G2 — One Semantic Key Across All Systems

Every resource — namespace, ArgoCD application, Backstage entity, Crossplane claim — is addressable via the same three-segment key: {project}-{env}-{service}. Zero manual translation between systems.

G3 — Self-Service in Under 30 Minutes

From running the first Backstage template to a service running in the dev cluster: under 30 minutes, with no platform team involvement required.

G4 — Full Catalog Visibility

Every service, cloud resource, team, and user is in the Backstage catalog. Health, sync status, and resource ownership are visible on a single page per component — across all environments and clusters.

G5 — Continuous Reconciliation for Cloud Resources

Cloud infrastructure (databases, clusters, queues) is declared as Crossplane Claims in Git and reconciled continuously. Drift is detected and corrected automatically. Accidental deletion is prevented by deletionPolicy: Orphan on production resources.

G6 — Least-Privilege RBAC Enforced by Convention

Kubernetes and ArgoCD access is granted via Group subjects, not individuals. The developer role is blocked from production namespaces at the RBAC level — not by convention or documentation. Prod access requires explicit role elevation.

G7 — Convention Validation in CI

Every domain GitOps repository runs a validation pipeline on every PR that checks naming, required labels, resource limits, and YAML schema compliance. Convention violations fail the PR automatically.

Non-Goals

  • Not replacing CI pipelines — the platform manages CD (ArgoCD). CI (build, test, publish image) remains with existing pipelines.
  • Not managing application code — the platform owns GitOps repos, not application source repos.
  • Not a managed service offering — the IDP is internal only, not customer-facing infrastructure.
  • Not a cost management platform — cloud cost visibility is a future phase.
  • Not replacing all Terraform — Crossplane manages platform and domain cloud resources. Existing Terraform for account-level bootstrapping (VPCs, IAM roots) remains in place.