Jirayut Nimsaeng, CEO and founder of Opsta (Thailand), discusses platform engineering, its significance in modern software development, and the transformational benefits it offers to organizations. He outlines the key components of platform engineering, including self-service deployments and governance, aimed at enhancing developer productivity and reducing complexity. The presentation includes an overview of best practices, tools, and a call for a dedicated team to innovate application deployment and operations.

1. Platform Engineering
Jirayut Nimsaeng (Dear)
CEO & Founder, Opsta (Thailand) Co.,Ltd.
Dev Mountain Tech Festival
March 19, 2022 https://bit.ly/opsta-dmtf-platform-engineering

2. Platform Engineering
#whoami
Jirayut Nimsaeng (Dear)
Jirayut has been involved in DevSecOps, Container, Cloud Technology
and Open Source for over 10 years. He has experienced and
succeeded in transforming several companies to deliver greater
values and be more agile.
● He is Founder and CEO of Opsta (Thailand) Co.,Ltd.
● He is Cloud/DevSecOps Transformation Consultant and
Solution Architecture
● He is the first Certified Kubernetes Security Specialist (CKS)
and Certified Kubernetes Administrator (CKA) in Thailand
● He is first Thai Google Cloud Developer Expert (GDE) in
Thailand
● Google Cloud Certified - Professional Cloud Architect and
Associate Cloud Engineer

3. Platform Engineering
What are we going to talk about today
● Why Platform?
● What is Platform Engineering?
● How to build Platform Engineering
● Platform Engineering Self-Service
● Demo
● Wrap up & Q/A

4. Platform Engineering
Why Platform?

5. Platform Engineering
Building
Developer
Infrastructure
Support
Tools
VCS
Artifacts
CI CD
DEV
UAT
PRD
Monitoring
Load Testing
Automation Security
Automation &
Infrastructure as Code
Operation
& SRE
Security
Communication

6. Platform Engineering
A lot of tools
https://landscape.cncf.io

7. Platform Engineering
Too many variations
Apps
Apps

8. Platform Engineering
DevSecOps Maturity Levels
Ad-Hoc
Org-wide
Adoption
Proof-of-concept
Sustained &
Repeatable
Optimized DevSecOps
& Site Reliability
Engineering (SRE)
- Team across organization doing ad-hoc implementation
- Different tools & framework & processes used across difference team
- DevSecOps implementation planned
- Team mentored
- Tools & processes chosen
- 3-4 teams chosen
- Implementation done; Lessons learnt
- DevSecOps rolled out for all the teams
- Mentoring sessions across the organization
- DevSecOps implementation governed & reported
- Sustained DevSecOps implementation across different teams
- DevSecOps Governance
- Tracking & reporting
- Lessons learnt using continuous feedback is incorporated back to improve
the DevSecOps implementation
- Appropriate mix of tools & frameworks used for optimized outcomes
- Development processes updated to optimize DevSecOps outcomes

9. Platform Engineering
DevSecOps Maturity Levels
Sustained &
Repeatable
- Sustained DevSecOps implementation across different teams
- DevSecOps Governance
- Tracking & reporting
This is Platform

10. Platform Engineering
When we need Platform?
● Want a dedicated team focused on constant innovation of how applications are
deployed and operated in production
● Want application teams to focus on building the business features for end-users
● Aligning how various teams deploy and operate applications across the
organization
● Teams lack the skills to self-manage deployment and operations
https://shahadarsh.com/2020/10/12/platform-engineering/

11. Platform Engineering
What is Platform
Engineering?

12. Platform Engineering
What is Platform Engineering?
Platform Engineering is a practice of building and operating a common
platform as a product for technology teams. It reduces time to market and
complexity by providing self-service deployments for infrastructure and application
and ease of operating applications in production. The team building and operating
the common platform constantly innovates and provides best practices
implementation, tools, and automation.
https://shahadarsh.com/2020/10/12/platform-engineering/

13. Platform Engineering
Platform Engineering
Engineering
Applications
Platform
Operations
Application
Engineering
Platform
Engineering
https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/separated-aeo-and-ieo-with-centralized-governance.html
Developer
Platform
Engineering Team

14. Platform Engineering
Internal Developer Platform (IDP)
DevOps Infrastructure Operation
Automation
Security
Services
Developer
Platform
Engineering Team
Use
Build
Consume

15. Platform Engineering
Platform Engineering is a new product
● [Customers] For Application Development, Information Security, Compliance, and
Infrastructure Teams
● [Goal] Who Need to deploy & operate applications in Production
● [Solution] We Are Providing Scalable, Secure, Reusable, and Self Service Platform
● [Key Outcome] That can enable out of the box complex deployments & operations using
industry best practices
● [Key Differentiator] Which is declarative, extendable & a comprehensive plug & play
solution
● [Value] So that they get a competitive advantage by reducing Time to Market & Complexity
https://shahadarsh.com/2020/10/12/platform-engineering/

16. Platform Engineering
What Platform Engineering Team Do?
Platform 1 Platform 2
Build new Platform
Technology
Platform 1 Platform 2
Build new Instance

17. Platform Engineering
Benefit of Platform Engineering
● Reduce the toil of software development
● Improve Engineering Productivity
● Provide Consistency & Confidence
● Help Scale Teams

18. Platform Engineering
Team Topologies

19. Platform Engineering
DevSecOps, SRE, and Platform Engineering
https://www.getambassador.io/resources/rise-of-cloud-native-engineering-organizations/
Culture

20. Platform Engineering
How to build
Platform Engineering

21. Platform Engineering
Treat Platform Engineering as Product
● Requirements
● Product Manager
● Planning
● Onboarding
● Feedback

22. Platform Engineering
Platform Engineering Sample Features
● Infrastructure Provisioning
● Container Platform
● Self-service Pipelines
● Change & Release Management
● Observability Tools
● Identity Management
● Secret Management
● Security Baseline
● Automation Security Integration
● Load Testing Platform

23. Platform Engineering
Treat Platform as Most Viable Product

24. Platform Engineering
Create Platform Tech Stacks
Project Management Frontend Backend Testing API Gateway
Relation Database NoSQL Database Un-structure Database In-memory Database Messaging & Streaming
Communication Version Control CI/CD Artifacts Server Load Testing
Metric Monitoring Log Centralized APM Security Secret Manager
Container Platform Infrastructure as Code Automation Public Cloud Private Cloud

25. Platform Engineering
Use Cloud
Private Cloud
Public Cloud
Hybrid Cloud

26. Platform Engineering
Build Container Platform
Installation Tools Commercial Public Cloud

27. Platform Engineering
Build Kubernetes Multi-Tenancy
● Access Control
Use policies to ensure that
tenants can access only what
they should have access to
○ RBAC
● Fair Sharing
Enforce limits per tenant
○ Resource Quota
○ Pod Priority
○ Quality of Service
○ Taints & Tolerations
○ Pod Affinity / Anti-affinity
● Isolation
Ensure tenants cannot access
each others’ workloads,
secrets, etc.
○ Namespace
○ Pod Security Policy
○ Network Policy
○ Sandbox

28. Platform Engineering
● Disallow Capabilities (Strict)
● Disallow Privilege Escalation
● Require Run As Non-Root User
● Require runAsNonRoot
● Restrict Volume Types
● Add Network Policy
● Add Quota
● Disallow Default Namespace
Kubernetes Policies

29. Platform Engineering
Build Everything with GitOps

30. Platform Engineering
Develop Deployment Pattern
Kubernetes Cluster
Helm
Value UAT
Microservice
DB
Microservice
UI
DB
Production
Microservice
DB
Microservice
UI
DB
Dockerfile
+
app:
image: app-a
tag: dev
replicas: 2
healthCheck: "/health"
ingress:
host: app-a.example.com
env:
DB_URL: db-dev:5432
Helm
Chart

31. Platform Engineering
Standardized & Reused Pipeline

32. Platform Engineering
Secret Management

33. Platform Engineering
Observability
Centralized Monitoring
Metrics
Logging
Tracing
APM
Alert
Infrastructure
VM
OS
Database
Web Server
Application
Docker & K8s
Dashboard
Data
Automation
Setup
Developer
Operation
& SRE

34. Platform Engineering
Development Reuse Pattern

35. Platform Engineering
Application Pattern
Users
Web Portal

36. Platform Engineering
Documentation & How-to
● Twelve-Factor Guideline
● Secure Coding
● Coding Standard
● Standard Framework and Library
● Naming Convention
● Log Format

37. Platform Engineering
Platform Engineering
Self-Service

38. Platform Engineering
Self-service interfaces
● High performance
○ CLI
○ APIs
○ GitOps
○ ChatOps
● Composable into higher level workflows

39. Platform Engineering
Components List & SSO

40. Platform Engineering
Dashboard with Mirantis Lens IDE

41. Platform Engineering
CI/CD Pipeline with GitLab CI

42. Platform Engineering
SAST with Sonarqube

43. Platform Engineering
Container Registry with Harbor

44. Platform Engineering
Container Image Scan with Trivy

45. Platform Engineering
Grafana Integration

46. Platform Engineering
OpenSearch Integration

47. Platform Engineering
Performance Load Testing

48. Platform Engineering
Demo

49. Platform Engineering
Q&A

50. Platform Engineering
More questions?
jirayut@opsta.co.th
Jirayut Nimsaeng
CEO & Founder
Opsta (Thailand)
086-069-4042
Facebook