Building a Cloud-Native Container Platform from Scratch - Part 2
So, you’ve decided to build a self-service container platform. You’re aiming for something secure, scalable, and developer-friendly. But before you get near a kubectl command or Terraform script, there’s a foundational question to answer:
What’s the right orchestrator and ecosystem for your platform?
There’s no shortage of options — Kubernetes (K8s), Amazon ECS, Azure Container Apps, HashiCorp Nomad, even abstracted PaaS layers like Heroku or Fly.io. And if you’re in the cloud (like AWS or Azure), the lines between “fully managed” and “roll your own” can blur quickly.
Let’s walk through the core decisions you’ll make — and how they shape everything that follows.
Full series
- Part 1: Why Build a Self-Service Container Platform
- Part 2: Choosing Your Platform’s Building Blocks (you are here)
- Part 3: Bootstrapping Your Infrastructure with Terraform
- Part 4: Installing Core Platform Services
- Part 5: Crafting the Developer Experience Layer
- Part 6: Scaling the Platform — Multi-Tenancy, Environments, and Governance
- Part 7: Day-2 Operations and Platform Maturity
- Part 8: The Future of Your Internal Platform
First Decision: Do You Want Full Control or Full Abstraction?
Option 1: Control (but complexity)
Tools like EKS (AWS), AKS (Azure), or self-managed Kubernetes give you deep flexibility. You can run custom workloads, install open-source tools, and design exactly the platform you want. But they come with responsibility: networking, upgrades, policies, and uptime are all on you (or your team).
Great for:
- Platform teams who want custom pipelines and integrations
- Enterprises with compliance/security needs
- Teams that know Kubernetes well
Option 2: Abstraction (but tradeoffs)
Want to avoid managing nodes or YAML? Services like AWS ECS with Fargate, Azure Container Apps, or even Google Cloud Run abstract most of the infrastructure away. They scale automatically and reduce your DevOps burden — but also limit customisation and extensibility.
Great for:
- Startups or small teams
- Internal tools or short-lived services
- Teams prioritising speed over control
Quick Comparison Table
| Feature | EKS / AKS (Kubernetes) | ECS / Azure Container Apps | Nomad (Self-hosted) |
|---|---|---|---|
| Learning curve | High | Low–Medium | Medium |
| Extensibility | Very high | Medium | High |
| Cost control | Fine-grained | Simple | Flexible |
| Custom workflows | Easy | Limited | Very easy |
| Platform engineering | Required | Minimal | Required |
| Ecosystem | Massive (CNCF) | Smaller | Smaller |
| Runtime flexibility | Full (sidecars, jobs) | Limited | Full |
How to Choose for Your Use Case
Let’s break it down by persona:
For Enterprises
Go with EKS or AKS. You’ll need the control, security policies, and integrations.
- You probably already use IaC (Terraform, Pulumi)
- You can enforce guardrails with OPA, RBAC, and audit trails
- And Kubernetes’ ecosystem gives you observability, autoscaling, and cost insights
For Startups or Smaller Teams
AWS ECS with Fargate or Azure Container Apps might be perfect.
- Low barrier to entry
- Works well with GitHub Actions, Copilot CLI, and simple GitOps
- Easier to cost-manage without hiring full-time DevOps
For Infrastructure Enthusiasts
Nomad can be fun if you love the Unix philosophy.
- Great with Consul + Vault
- Fast startup times
- Simpler than Kubernetes in some ways — but fewer off-the-shelf tools
Our Path for This Series
For this series, we’ll go with a pragmatic sweet spot:
AWS with Kubernetes (EKS) as our container orchestrator
Why?
- It’s production-ready, battle-tested, and supported by a vast ecosystem
- It gives us full control to build developer tools, GitOps flows, and policy enforcement
- It plays nicely with other AWS services we’ll use (Secrets Manager, IAM, ALB)
If you’re following along on Azure, AKS is nearly 1:1 in concepts — and I’ll call out differences where needed.
What Comes Next?
Now that we’ve picked our base, we can start bootstrapping our cloud-native control plane. That means:
- Defining our network and security zones (VPCs, IAM, etc.)
- Spinning up EKS with IaC
- Planning how we’ll deploy platform services
In Part 3, we’ll set up the infrastructure and get Kubernetes running securely — with repeatable automation and no manual clicks.
Leave a comment