Building a Cloud-Native Container Platform from Scratch - Part 5

2 minute read Platform Engineering

By now, your platform has all the infrastructure essentials: a secure Kubernetes foundation, GitOps-based delivery, ingress, observability, and secrets management. But to truly empower developers — and reduce cognitive load — we need to build something more than infrastructure.

We need a developer experience (DevEx) layer.

In this part, we’ll walk through how to provide self-service capabilities that abstract away Kubernetes complexity and make the platform usable by product teams.

Full series

Part 1: Why Build a Self-Service Container Platform
Part 2: Choosing Your Platform’s Building Blocks
Part 3: Bootstrapping Your Infrastructure with Terraform
Part 4: Installing Core Platform Services
Part 5: Crafting the Developer Experience Layer (you are here)
Part 6: Scaling the Platform — Multi-Tenancy, Environments, and Governance
Part 7: Day-2 Operations and Platform Maturity
Part 8: The Future of Your Internal Platform

What Developers Really Want

Ask most product engineers how they want to deploy services, and you won’t hear “Helm values” or “pod specs.” They want:

A place to push code
A repeatable CI/CD pipeline
A clear way to request infrastructure (databases, secrets, DNS)
Logs, metrics, and health checks at their fingertips

So our goal is to build opinionated golden paths while still keeping things modular and flexible.

Step 1: Namespace-as-a-Service

Start by creating an automated way for teams to request and manage their own isolated namespaces, complete with:

Pre-provisioned RBAC (read/write for devs, read-only for others)
Resource quotas and network policies
Tooling: metrics dashboards, secrets access, CI/CD integration

This can be automated using GitOps (Argo CD) or a portal where teams submit a request and get a PR in the platform config repo.

Here’s a typical structure in Git:

namespaces/
  team-a/
    namespace.yaml
    rbac.yaml
    resource-quota.yaml
    application.yaml

Step 2: Standardised Workload Templates

Not every team wants to figure out how to configure liveness probes, memory requests, or TLS.

Give them curated templates, delivered as:

Helm charts (internal chart repo)
Kustomize bases
Platform-wide ApplicationSet definitions in Argo CD

Each template might include:

A deployment with sane defaults
Autoscaling enabled
TLS and ingress pre-configured
Service monitors for Prometheus
External secret references

Then teams just need to tweak a few inputs (repo URL, image tag, port).

Step 3: CI/CD Integration

CI/CD should be plug-and-play. Use tools like:

GitHub Actions, GitLab CI, or Tekton to build and push images
Argo CD to deploy from Git branches or tags
Optional integration with Backstage for a one-click “Create Component” flow

Tip: Define a reusable CI template that teams can extend with their own tests:

jobs:
  build:
    steps:
      - uses: actions/checkout@v3
      - name: Build & Push
        run: |
          docker build -t $REGISTRY/$SERVICE:$SHA .
          docker push $REGISTRY/$SERVICE:$SHA

Step 4: Internal Developer Portal (Optional, but Powerful)

To tie it all together, consider exposing this experience through a developer portal, like Backstage.

Features include:

Templates for new services (with built-in CI/CD, observability, secrets)
One-click deploys to dev or staging
Service catalog with docs, APIs, ownership
Direct links to logs, metrics, and alerts

The portal becomes the front door to your platform; giving developers confidence and autonomy.

What You’ve Achieved

At this point, you’ve shifted from “a Kubernetes cluster” to a true internal platform. Developers can:

Get a namespace with built-in guardrails
Deploy services using templated, approved paths
Push code and see it deployed automatically
Access logs, metrics, and alerts without digging through YAML

All while your platform team maintains central governance, security, and consistency.

Coming Up in Part 6

In the next part, we’ll zoom out and talk about multi-tenancy, environment management, and scaling your platform for teams and regions.

Part 6: Scaling the Platform — Multi-Tenancy, Environments, and Governance

Share on

X Facebook LinkedIn Bluesky

Glen Thomas

Building a Cloud-Native Container Platform from Scratch - Part 5

What Developers Really Want

Step 1: Namespace-as-a-Service

Step 2: Standardised Workload Templates

Step 3: CI/CD Integration

Step 4: Internal Developer Portal (Optional, but Powerful)

What You’ve Achieved

Coming Up in Part 6

Share on

Leave a comment

You may also enjoy

How to Make Architectural Decisions (and Stick to Them)

Designing a Scalable DNS Schema for Large Distributed Systems

Platform as a Product – A Guide for Platform Product Owners

The Forgotten Defenders: A Guide to HTTP Security Headers