Risks and Mitigations

Risk	Probability	Impact	Mitigation
Teams skip templates and create resources manually	High	Medium	CI validation catches label violations; AppProject restricts allowed source repos
Crossplane provider upgrade breaks existing Claims	Medium	High	Pin provider versions; test upgrades in dev before prod; deletionPolicy: Orphan prevents data loss
ArgoCD management cluster outage	Low	Critical	HA ArgoCD deployment; existing clusters keep running; all state is in Git
Sealed Secrets key loss	Low	Critical	Automate key backup after cluster creation; document and test recovery procedure
Backstage catalog out of sync with reality	Medium	Medium	Periodic reconciliation scans; convention CI on every PR
Domain teams blocked waiting for platform PR reviews	Medium	High	SLA: platform PRs reviewed within 4 business hours; escalation path documented
Crossplane resource provisioning fails silently	Low	High	READY/SYNCED surfaced in Backstage; Prometheus alerts on Crossplane controller errors
Convention changes require mass updates	Low	High	Convention is in templates and validated in CI — changes rolled out iteratively per domain