Platform Services
Platform services turn Kubernetes from a runtime into a product. The goal is not to install every popular tool. The goal is to expose stable capabilities that application teams can use without owning cluster internals.
Capability map
| Capability | Typical services |
|---|---|
| Traffic | Ingress controller, Gateway API controller, service mesh. |
| Delivery | Argo CD, Helm, Kustomize, image automation. |
| Policy | Kyverno, Gatekeeper, Pod Security Admission. |
| Secrets | External Secrets Operator, Sealed Secrets, cloud secret stores. |
| Observability | Prometheus, Grafana, OpenTelemetry, Loki, Tempo or Jaeger. |
| Recovery | Velero, CSI snapshots, database-native backup. |
Implementation stance
- Standardize a small number of golden paths.
- Expose escape hatches only with clear owner, expiry, and review.
- Measure adoption and friction. A platform service that teams route around is not working.