7 Great Tools for Your Platform Engineering Toolchain

This article was originally published on The New Stack.

Platform engineering, the practice of building and managing internal developer platforms for software development, is rapidly gaining popularity. Its promise? To seamlessly integrate with and optimize traditional development and DevOps methods, addressing their critical gaps.

However, the rise in platform engineering has led to an explosion of toolsets, each claiming to solve all your organization’s woes. Sadly, only a handful deliver on that hype. Take a closer look at seven platform engineering tools that do deliver.

Seven Tools for Platform Engineers

Here are some of the tools that foster seamless adoption of platform engineering.

1. OPA and Rönd

Open Policy Agent (OPA) is an open source, general-purpose policy engine designed to simplify and unify security policy management across diverse software and systems. OPA empowers you to define and enforce policies declaratively as code, leveraging the expressive power of the high-level language Rego.

This policy engine powers solutions like Rönd, a lightweight, open source Kubernetes container developed to protect your APIs with simple security policies.

By leveraging OPA as a security engine for validating authorization rules and Rego for writing security policies, Rönd transcends its role as an authorization mechanism. It empowers you to build robust and flexible role-based access control (RBAC) or attribute-based access control (ABAC) solutions by providing their fundamental building blocks: roles, permissions and user groups.

By bridging the gap between policy definition and enforcement, OPA and Rönd simplify security management and enhance applications’ overall security posture.

However, securing applications goes beyond defining who can access what; it also involves safeguarding the keys and credentials that unlock that access. Enter Hashicorp Vault.

2. HashiCorp Vault

Over the past few decades, cyberattacks of varying scales have cost major corporations millions. The multitude of ongoing breaches proves the undeniable need for robust data security.

Organizations traditionally use passwords, encryption keys and certificates to control access to sensitive information. However, these “credentials” often lack a central home and are scattered across various systems. This makes it challenging to track who has access to what, often leaving sensitive data vulnerable.

This is where HashiCorp Vault comes in. It’s an identity-based secrets and encryption management system designed to simplify storing, generating, encrypting and transmitting secrets securely. Using authentication and authorization, Vault helps ensure that only authorized individuals can access the information they have permission to access.

Vault securely stores and manages various secrets, including passwords, API keys, SSH keys, RSA tokens and one-time passcodes (OTPs), in a centralized platform. Another key Vault feature is dynamic secrets — short-lived, automatically renewed credentials that minimize exposure.

Vault also supports diverse authentication methods like tokens, Lightweight Directory Access Protocol (LDAP) and multifactor authentication (MFA), providing a flexible and adaptable security framework. Its encryption capabilities extend beyond storage, facilitating data encryption in transit and at rest.

As crucial as they are, access control and secret management are not sufficient. For true peace of mind, continuous monitoring is vital. This means gaining real-time insights into the health and performance of your security infrastructure, allowing you to identify and address potential issues before they become problems. This brings us to the classic monitoring and visualization duo, Prometheus and Grafana.

3. Prometheus and Grafana

Prometheus excels at collecting real-time data from various targets, such as applications, servers and cloud services. These targets expose crucial metrics through a dedicated /metrics path, allowing Prometheus to assess system health and performance.

But collecting data is just the first step. Grafana, the visualization expert, transforms complex metrics stored by Prometheus into actionable insights. Grafana empowers teams to build interactive dashboards, turning raw numbers into easily digestible visuals that reveal trends and potential issues.

Together, Grafana and Prometheus form a powerful team. While Prometheus collects and stores real-time metrics, Grafana presents them in a clear and insightful way. This collaboration enables teams to quickly identify performance issues, track trends and maintain optimal system health and resource utilization efficiency. This leads to the next cost-saving and eco-friendly tool: kube-green.

4. kube-green

kube-green is an open source operator designed to reduce the environmental impact and cost of your Kubernetes clusters. This Kubernetes add-on automatically shuts down unused resources, minimizing energy consumption and carbon emissions. This “green” approach aligns with increasing sustainability efforts in the tech industry. Developed by Mia-Platform’s Davide Bianchi, kube-green is part of the CNCF Landscape.

Beyond its environmental benefits, kube-green helps you save money. Many cloud providers use the pay-as-you-go payment model, so by intelligently powering down unused resources, kube-green can significantly reduce your cloud bills. Adopters report 30% to 40% savings, solidifying kube-green’s reputation as a powerful optimizer for resource usage, energy consumption and financial resources.

kube-green is built to work seamlessly with Kubernetes, one of the most popular container orchestration platforms. This enables smooth integration with popular workflows and CI/CD pipelines, making it easy to reap its benefits without disrupting your current setup.

5. Git Providers

If you’ve ever touched software development, you’ve almost certainly encountered git, the popular distributed version control system, and its numerous providers. At their core, these platforms host your git repositories, allowing teams to collaborate and manage software projects effectively.

But git providers offer more than just collaboration and version control. They’ve become indispensable tools in modern software engineering, boasting functionalities that streamline development and enhance quality.

For example, GitHub leverages its built-in CI/CD solution, GitHub Actions, to automate code building, testing and deployment, enabling quality while speeding up the development process. Similarly, GitLab also offers CI/CD pipelines alongside issue tracking, project management and access control, enabling comprehensive project management within the platform.

Beyond these giants, other providers bring unique strengths. Tightly integrated with Jira, Bitbucket facilitates seamless project management and issue tracking, especially for teams within the Atlassian ecosystem. GitKraken and SourceTree focus on user-friendly graphical interfaces, making version control more accessible to developers less comfortable with the command line.

Git providers streamline the entire development and delivery process. They empower teams to embrace agile practices, accelerate delivery and maintain high-quality code through efficient, collaborative workflows. But as you manually deploy code changes to your increasing number of Kubernetes clusters, a new challenge arises: maintaining consistency across them. This is where Argo CD steps in to sustain seamless harmony among your clusters.

6. Argo CD

Argo CD is an open source declarative GitOps continuous delivery tool for Kubernetes. It simplifies the automation of deploying, scaling and updating applications within Kubernetes clusters by using git as the single source of truth for your app configs. An application’s desired state is specified in a git repository.

Argo CD uses this repository to reconcile the actual state of the application with the desired state declared in the repository. With Argo CD ensuring consistent and timely Kubernetes deployment, the next tool in the chain empowers developers to build on top of that stability and automation using internal developer platforms.

7. Mia-Platform

Mia-Platform enables organizations to build and manage their internal developer platforms (IDPs). IDPs are tools, services and processes that accelerate the development process by abstracting away the context and the complexities of the underlying infrastructure. This abstraction reduces cognitive load on the developers responsible for delivering a product, ultimately improving the developer experience.

Mia-Platform also champions composable development by providing a software catalog of ready-to-use components like Payment Integration Hub and Mia-Platform Fast Data. The catalog empowers developers to assemble fully functional applications quickly and without “reinventing the wheel”.

Considerations for a Platform Engineering Toolchain

While these tools are an excellent start for any organization looking to adopt platform engineering, there is no one-size-fits-all toolchain or solution. To make informed decisions and select tools that align with your requirements and goals, consider some key factors to ensure seamless integration and maximum impact:

• Security: Security is indispensable in a platform engineering tool, especially when it handles sensitive data. Some third-party solutions are like “black boxes” — you can’t see their internal security features, so you can’t know how they work. To be safe, research and choose tools that prioritize robust security to protect your data. Look for toolchains with features like strong encryption, vulnerability scanning and secure access controls.
• Compatibility: Choose tools that seamlessly integrate with your existing system and infrastructure to avoid headaches. Incompatible tools can create isolated silos and disrupt workflows, leading to delays in development and deployment. To enhance compatibility, opt for widely used tools with a proven track record in diverse environments.
• Vendor lock-in: Embrace open source tools when possible to avoid vendor lock-in. This reduces reliance on specific vendors and allows you to customize and adapt your platform as your business logic and needs change. If you must choose closed-source tools, avoid those that trap you in proprietary ecosystems; maintain multiple vendor options for redundancy and risk management.
• Scalability: Select tools designed for scalability to effectively manage your current and future requirements as your user base and data volume expand. Additionally, ensure that the tools’ pricing model allows resource optimization so that increased usage does not create unexpected financial burdens.
• Extensibility: Another characteristic that supports efficient scalability is extensibility. Choose tools that let you seamlessly integrate new tools and services according to your team’s needs.

Where Platform Engineering is Going

Platform engineering is a game-changer for how organizations build and deliver software. It’s not just about speed and security; it’s about empowering developers to do more with less.

What was once a strategic investment has become a fundamental shift in software development, paving the way for a future of agility and innovation.

The landscape of platform engineering is far from static. While these tools have paved the way for revolutionary change, the future holds even greater possibilities. You can expect a deepening of automation and intelligence through AI, allowing platforms to learn and adapt independently. Additionally, the democratization of platform building using no-code tools is on the horizon, empowering developers of all skill levels to contribute to the platform’s evolution. This future promises greater efficiency, agility and innovation for software development.

And though the future of platform engineering is brimming with potential, it’s important to approach it pragmatically. Carefully assess your team’s specific needs and choose tools that directly address them. By adopting a flexible and solution-oriented mindset, you can confidently leverage platform engineering.