Shared Services Platforms

Building self-service infrastructure environments

A Shared Services Platform (aka Internal Developer Portal or Infrastructure Platform) is an internal company service that allows application developers to self-service infrastructure environments. SSPs are an extremely common amongst companies that have reached a certain size where they want to share common infrastructure and automate the provisioning of infrastructure for the development teams. Kubernetes (K8s) is becoming the de facto control plane for modern clouds, and it is frequently employed to power these internal platforms. The goal of a SSP is to increase developer velocity while maintaining centralized control over security, networking, compliance, and costs. Pulumi makes it easy to model and provision the SSP control plane as well as automate the provisioning of the data plane stacks.

Reference Architecture

Why Shared Services Platforms?


Centralized control

Companies maintain centralized control over security, networking, compliance, and costs.

Direct infrastructure access

Developers can directly access and deploy to infrastructure (e.g., K8s clusters or cloud resources) without contacting operations/cluster managers.

Start easily

Developers can get started easily and do not have to adapt their workflows.

How Pulumi helps

Languages you love

Pulumi allows infrastructure or platform engineering teams to use the programming languages they already use for modeling their infrastructure. They can take advantage of all the existing testing tools, IDE plugins that are standard to their programming languages.

Build on any cloud

Pulumi can provision any resource available in the K8s API. Pulumi supports all new resources and features in the K8s API on the same day as the release. Pulumi allows K8s users novel forms of cluster management and app workload deployments.

Programmable guardrails

Pulumi also enables “policy as code”, which allows the platform team to enforce cost, security, and best practices across all infrastructure.

Reusable components

Pulumi makes creating reusable and modular components easy which allows repeatable infrastructure building blocks to be templatized and easily reused.

Kubernetes Platform Reference Architecture

1. Define your goals

Define your business goals you want to achieve by building a K8s platform. Your goals will determine what features to include or not include in your platform.

2. Define the platform

A good starting point for your internal Kubernetes platform is to use just a single environment that reflects the environment of your production system best. You want to first define the common infrastructure components/resources that will be shared across the platform and by all the developers (end users). Then you want to define the infrastructure components/resources that are configured and managed by the developer. Finally define the boundary between the platform space and end user space, which is how the developer will access the shared resources (e.g., via StackReference).

3. Define how developers consume the platform

Define how developers will interact with the platform. You may want to give them a self-service portal where they can pick and choose their infrastructure, a GitOps workflow, or developers just interact with a CI/CD pipeline directly.

4. Build the components, blueprints, & pipelines

Write code for the shared platform components first. Then write code for the application components that can be selected and used by developers. These application components will have the logic to retrieve credentials or connect to the shared resources in the platform.

5. Define the guardrails & policies

Use Pulumi CrossGuard to define cost guardrails and security policies. CrossGuard can also be used to enforce general best practices (e.g., closing ports) or best practices specific to your business (e.g., regional locality requirements).

Organizations building shared services platforms with Pulumi

Getting started

Talk with customer engineering

Schedule some time with our customer engineering team, and we will help you plan and build your shared services platform.

Schedule now