Start building with us today.
Buy this course β $149.00Architecting Enterprise Platforms on Local Systems
Course Details
Why This Course?
Look, anyone can build a platform with an unlimited cloud budget and a 100-node cluster. That doesn't teach you engineering; that teaches you spending. True mastery comes from constraints.
Iβve interviewed hundreds of "Senior" engineers who can run a Terraform script but have no idea why their pods are getting OOMKilled or how the Linux kernel handles memory pressure. In this course, we simulate the friction, resource contention, and architectural trade-offs of a massive enterprise environment, but we do it entirely on your local 8GB laptop. By forcing a production-grade Internal Developer Platform (IDP) into a constrained memory budget, you will learn optimization strategies that most "cloud-native" engineers never encounter until they take down production. We aren't just running scripts; we are engineering a substrate.
What Youβll Build
You will engineer The Nano-IDP, a fully functional, multi-tenant platform capability of supporting hypothetical feature teams. It includes:
Substrate: A tuned K3d cluster running Cilium eBPF networking (stripped of heavy sidecars).
Control Plane: An ArgoCD-driven GitOps engine optimized for low-memory footprints.
Infrastructure Engine: A Crossplane implementation delivering "Infrastructure as Data" using Python logic.
Tenancy Model: Hard isolation using vCluster to spin up ephemeral virtual clusters that "sleep" when idle.
The Portal: A bespoke Python (FastAPI) and React Developer Portal that replaces heavy off-the-shelf tools like Backstage.
Resilience: Self-healing capabilities tested against real chaos (network latency, pod failure).
Who Should Take This Course?
Platform Engineers who need to move beyond "installing tools" to "architecting systems."
Python/React Developers who want to break into Platform Engineering but feel intimidated by the "Java/Go" heavy ecosystem.
SREs who need to understand the internal mechanics of the platforms they operate.
Software Architects designing systems where cost and efficiency are first-class citizens.
Students & Fresh Grads who want to build a portfolio project that actually proves they understand system internals.
What Makes This Course Different?
The 8GB Constraint: We don't handwave resource usage. We optimize JVM heaps, tune control plane memory, and strip unused CRDs to make it fit. This mimics the "Cost Awareness" required in real FinOps environments.
Everyday Code: No slides. Every lesson ends with a commit. If it doesn't run on your laptop, it doesn't count.
No "Black Box" Magic: We don't use managed services. We build the "glue" ourselves using Python and eBPF.
Failure-Driven: We will intentionally break thingsβinduce split-brain scenarios, fill disks, and cause sync loopsβso you know how to fix them when it matters.
Key Topics Covered
Advanced Kubernetes: K3d internals, API server tuning, and eBPF networking on low resources.
GitOps Patterns: Sync waves, app-of-apps, and resolving dependency hell without heavy UIs.
Infrastructure as Data: Crossplane provider families, Composition Functions in Python, and XRDs.
Multi-Tenancy: Virtual Clusters (vCluster) vs. Namespace isolation and "Scale-to-Zero" architectures.
Progressive Delivery: Blue/Green and Canary deployments using Argo Rollouts.
Portal Engineering: Building a custom IDP interface with FastAPI and React.
Prerequisites
Hardware: A computer with exactly 8GB RAM (Strictly enforced. 4GB Swap required).
Software: Docker Desktop (or Rancher Desktop), VS Code.
Knowledge: Comfortable with terminal/CLI, basic Python, and understanding of JSON/YAML.
Course Structure
The course flows logically from the bottom upβstarting with the raw compute substrate and layering abstractions until we reach the developer interface.
Module 1: The Substrate (Lessons 1-12) - Designing a memory-efficient Kubernetes foundation using K3d and Cilium.
Module 2: The Control Plane (Lessons 13-25) - Establishing the GitOps engine with ArgoCD to manage the platform itself.
Module 3: Infrastructure as Code (Lessons 26-45) - Building the provisioning engine with Crossplane and Python logic.
Module 4: The Tenancy Model (Lessons 46-60) - Implementing hard isolation using vClusters for tenant environments.
Module 5: Progressive Delivery (Lessons 61-72) - Managing safe deployments with Argo Rollouts.
Module 6: The Interface (Lessons 73-82) - Creating the "Golden Path" with a custom Python/React Portal.
Module 7: Day 2 Operations (Lessons 83-90) - Chaos engineering, cost monitoring, and the final Capstone integration.
Detailed Curriculum (90 Lessons)
Module 1: The Substrate β Survival Mode K8s
Goal: Configure a Kubernetes foundation that consumes < 1.2GB of RAM by aggressively tuning the OS and Container Runtime.
Lesson 1: The Physics of 8GB
Objective: Audit memory budgets and calculate OOM kill zones using a custom Python psutil script.
Lesson 2: OS Tuning & Swap
Objective: Configure vm.swappiness (Linux) or pagefiles (Windows) to handle memory spillover without crashing the OS.
Lesson 3: Bootstrapping K3d
Objective: Initialize the cluster with stripped args (--disable traefik, --disable metrics-server) to save 300MB instantly.
Lesson 4: The CNI Decision
Objective: Install Cilium in "Strict" mode (eBPF only) without the heavy Hubble UI component.
Lesson 5: Kernel Tuning
Objective: Adjust maxmapcount and file descriptors to prevent random container crashes under load.
Lesson 6: Container Runtimes
Objective: Configure containerd with Cgroup V2 for stricter resource isolation between platform services and user apps.
Lesson 7: Ingress Lite
Objective: Deploy Nginx Ingress with worker_processes=1 and minimal buffers for low-memory routing.
Lesson 8: Local Path Storage
Objective: Map Persistent Volumes directly to host SSDs using local-path-provisioner for zero-overhead storage.
Lesson 9: PriorityClasses
Objective: Create a "SystemCritical" class to ensure the API server survives when tenant workloads exhaust memory.
Lesson 10: LimitRanges
Objective: Enforce default memory limits (64Mi) on all new namespaces to prevent "greedy" containers.
Lesson 11: The OOM Killer
Objective: Intentionally trigger an Out-Of-Memory event to verify that tenant pods are killed before system pods.
Lesson 12: Substrate Freeze
Objective: Script a "Hibernate" mode to pause Docker containers without losing cluster state to free up RAM.
Module 2: The Control Plane β ArgoCD Lite
Goal: Implement a self-managing GitOps platform without the heavy JVM/Redis overhead of standard installations.
Lesson 13: ArgoCD Core
Objective: Deploy the "Headless" version of ArgoCD to remove the heavy UI and Dex components, saving ~1GB RAM.
Lesson 14: Tuning Repo Server
Objective: Reduce parallelism settings and processor counts to limit CPU spikes during git fetches.
Lesson 15: App of Apps
Objective: Bootstrap the platform's lifecycle using a single root Application to manage all other manifests.
Lesson 16: Sync Waves
Objective: Orchestrate deployment order (Namespace -> Secret -> Deployment) to prevent CPU throttling.
Lesson 17: Resource Exclusion
Objective: Configure Argo to ignore high-frequency resources (Events) to save Etcd usage.
Lesson 18: Zombie Cleanup
Objective: Implement Pruning policies to remove orphaned resources automatically when deleted from Git.
Lesson 19: Python Generators
Objective: Replace heavy ApplicationSets with a lightweight Python script to generate manifests dynamically.
Lesson 20: Secrets (ESO Lite)
Objective: Install External Secrets Operator with low concurrency settings to inject secrets without heavy sidecars.
Lesson 21: RBAC Strategies
Objective: Define declarative RoleBindings for developer access without an external identity provider.
Lesson 22: Self-Healing
Objective: Configure aggressive auto-sync to correct configuration drift immediately.
Lesson 23: Debugging Sync Loops
Objective: Identify and fix CPU-burning reconciliation loops caused by live-state mutations.
Lesson 24: Notification Hooks
Objective: Implement simple curl-based webhooks for deployment alerts instead of heavy notification controllers.
Lesson 25: On-Demand UI
Objective: Script a temporary port-forward/enable toggle for the Argo UI only when debugging is needed.
Module 3: Infrastructure as Code (Python Edition)
Goal: Master Crossplane using efficient Python logic (Composition Functions) instead of complex YAML patching.
Lesson 26: Crossplane Families
Objective: Install specific Provider Families (AWS S3) to avoid monolithic bloat and save ~500MB RAM.
Lesson 27: Reconcile Tuning
Objective: Adjust --max-reconcile-rate to lower the CPU floor, trading speed for stability.
Lesson 28: Composition Functions
Objective: Understand the architecture of "Infrastructure as Code" using Python logic containers.
Lesson 29: Writing Logic
Objective: Use the Crossplane Python SDK to manipulate infrastructure inputs programmatically.
Lesson 30: The Docker Runner
Objective: Package Python logic into distroless containers for execution by Crossplane.
Lesson 31: Defining XRDs
Objective: Create the "Abstract Database" API definition (XRD) for platform users.
Lesson 32: Local Mocking
Objective: Use provider-sql to provision local PostgreSQL containers instead of cloud RDS for cost-free testing.
Lesson 33: Unit Testing
Objective: Validate composition logic with Pytest to catch errors before deployment.
Lesson 34: Secret Injection
Objective: Securely generate and inject connection strings into Kubernetes Secrets via Python logic.
Lesson 35: Environment Switching
Objective: Implement logic to detect the environment (Local vs. Prod) and switch backends dynamically.
Lesson 36: Handling Drift
Objective: Observe and tune Crossplane's self-healing capabilities when resources are modified manually.
Lesson 37: Troubleshooting
Objective: Debug Python function execution errors via kubectl logs on the function runner pods.
Lesson 38: Packaging
Objective: Bundle XRDs and Compositions into an OCI Image for distribution.
Lesson 39: Local Registry
Objective: Push configuration packages to a cluster-internal registry for version control.
Lesson 40: Consuming the API
Objective: Create a Claim (YAML) to trigger the full stack provisioning defined in Python.
Lesson 41: Provider Helm
Objective: Deploy off-the-shelf charts (like MinIO) via Crossplane when native resources aren't available.
Lesson 42: SQL Schema Mgmt
Objective: Manage DB users and tables via Kubernetes manifests using provider-sql.
Lesson 43: Validation (Kuttl)
Objective: Run integration tests against the infrastructure APIs to prove they work.
Lesson 44: Policy Fields
Objective: Use advanced drift detection settings to manually intervene when necessary.
Lesson 45: API Publication
Objective: Finalize the Platform API and publish it for tenant consumption.
Module 4: The Tenancy Model β vCluster & Policy
Goal: Implement hard multi-tenancy and "Scale-to-Zero" capabilities using Virtual Clusters.
Lesson 46: The Trilemma
Objective: Analyze the isolation vs. cost vs. complexity trade-offs of vCluster vs. Namespaces.
Lesson 47: vCluster Internals
Objective: Understand how the Syncer proxies requests to the host API to create a "cluster in a cluster."
Lesson 48: First Tenant
Objective: Deploy a lightweight vCluster for "Team A" optimized for low memory.
Lesson 49: vCluster Network
Objective: Configure DNS chaining to allow tenant pods to resolve host services.
Lesson 50: Ingress Syncing
Objective: Configure the syncer to expose tenant applications to the host browser automatically.
Lesson 51: Resource Quotas
Objective: Enforce hard RAM limits on the tenant namespace to protect the host.
Lesson 52: Sleep Mode
Objective: Configure vCluster auto-hibernation to reclaim memory after 15 minutes of inactivity.
Lesson 53: Tenant GitOps
Objective: Configure ArgoCD to deploy apps inside the vCluster context.
Lesson 54: Custom Operators
Objective: Allow tenants to install their own CRDs safely inside their virtual environment.
Lesson 55: Kyverno Lite
Objective: Install the Kyverno policy engine with a minimal footprint for governance.
Lesson 56: Validation Policies
Objective: Enforce labeling standards (e.g., "CostCenter") on all tenant pods.
Lesson 57: Mutating Policies
Objective: Automatically inject sidecars or environment variables into tenant workloads.
Lesson 58: Generation Rules
Objective: Auto-create NetworkPolicies for new namespaces to enforce "Default Deny."
Lesson 59: Reporting
Objective: Audit cluster compliance using PolicyReports without blocking developer work.
Lesson 60: Break-Glass
Objective: Create emergency bypass procedures for administrators during incidents.
Module 5: Progressive Delivery
Goal: Move beyond simple deployments to safe, metric-driven canary releases using Argo Rollouts.
Lesson 61: Strategies
Objective: Compare Rolling Update, Blue/Green, and Canary strategies for resource impact.
Lesson 62: Install Rollouts
Objective: Deploy the Argo Rollouts controller and kubectl plugin.
Lesson 63: Migration
Objective: Convert standard Deployment manifests to Rollout objects.
Lesson 64: Blue/Green
Objective: Configure active/preview services to switch traffic instantly.
Lesson 65: Canary Steps
Objective: Implement traffic splitting (e.g., 20% -> 50% -> 100%) using steps.
Lesson 66: Ingress Traffic
Objective: Integrate Rollouts with Nginx Ingress to manage weighted routing.
Lesson 67: AnalysisRuns
Objective: Define success criteria (AnalysisTemplates) for deployment promotion.
Lesson 68: Mock Metrics
Objective: Write a Python endpoint to serve fake Prometheus data for analysis testing.
Lesson 69: Success Queries
Objective: Write queries that analyze error rates against the mock metrics provider.
Lesson 70: Auto-Rollback
Objective: Simulate a failure to trigger automatic reversion to the stable version.
Lesson 71: Anti-Affinity
Objective: Ensure high availability on a single node using soft anti-affinity rules.
Lesson 72: Dashboard
Objective: Visualize the rollout process using the Argo Rollouts dashboard.
Module 6: The Interface β Custom Portal
Goal: Build a bespoke, 150MB Internal Developer Portal (FastAPI + React) to replace heavy standards like Backstage.
Lesson 73: Philosophy
Objective: Design the API boundary between the Developer and the Platform.
Lesson 74: Backend Init
Objective: Initialize the FastAPI backend with Pydantic and K8s client.
Lesson 75: Frontend Init
Objective: Initialize the Vite project with React, TypeScript, and ShadCN.
Lesson 76: Catalog Read
Objective: Fetch and display running services from K8s in a data table.
Lesson 77: TechDocs Lite
Objective: Render Markdown documentation from Git directly in the React UI.
Lesson 78: Scaffolder Logic
Objective: Write a Python script to clone, template, and push new repositories.
Lesson 79: Dynamic Forms
Objective: Create a React form to capture template parameters for the scaffolder.
Lesson 80: Argo Integration
Objective: Display application sync status from ArgoCD in the Portal UI.
Lesson 81: The Golden Path
Objective: Implement the end-to-end flow: Create Repo -> Deploy App -> Verify.
Lesson 82: Polish
Objective: Customize the UI with branding and polish for a "Product" feel.
Module 7: Day 2 Operations & Capstone
Goal: Operationalize the platform with Chaos Engineering, FinOps, and build the final integrated project.
Lesson 83: Chaos Theory
Objective: Understand the principles of resilience engineering in distributed systems.
Lesson 84: Chaos Mesh
Objective: Install the Chaos Mesh controller to inject faults.
Lesson 85: Pod Kill
Objective: Experiment: Randomly delete pods to test ReplicaSet recovery.
Lesson 86: Latency Injection
Objective: Experiment: Inject network lag to test frontend loading states.
Lesson 87: FinOps
Objective: Use OpenCost (briefly) to model tenant costs based on resource usage.
Lesson 88: Allocation
Objective: Calculate the "Cost per Tenant" based on memory consumption.
Lesson 89: Capstone Design
Objective: Plan the final architecture and integration of all components.
Lesson 90: Final Build
Objective: Create a "One-Click" bootstrap script that deploys the entire Nano-IDP from scratch.