If your developers are raising tickets to get Kubernetes namespaces, cloud databases, or staging environments, you have a bottleneck. The golden path pattern fixes this: one paved road where developers self-serve infrastructure and deployments through a portal, while platform teams stay in control. This tutorial walks through the exact setup using Backstage as the developer portal, Crossplane for infrastructure provisioning, and ArgoCD for GitOps delivery, the core of an intelligent business transformation strategy for engineering teams.
What Is a Golden Path in Kubernetes?
A golden path is the “happy path” your platform team builds so developers don’t have to figure out infrastructure from scratch every time. Instead of Slack messages and manual provisioning:
- Developer picks a template in Backstage
- Crossplane creates the actual cloud resources (RDS, S3, GKE cluster)
- ArgoCD syncs the app and infra config from Git to the cluster
- Developer gets a running environment in minutes
This is the practical engine behind intelligent business transformation, reducing friction, cutting lead time, and letting engineers focus on product.
Prerequisites
Before you start, you need:
- A running Kubernetes cluster (EKS, GKE, or AKS)
- kubectl configured with cluster access
- Helm 3.x installed
- A GitHub or GitLab account for GitOps repos
- Basic familiarity with YAML and Kubernetes concepts
Step 1: Install Backstage as Your Developer Portal
Backstage is the front door. Developers use it to browse service catalog, spin up new services, and track ownership.
Install using the Backstage CLI:
npx @backstage/create-app@latest
cd my-backstage-app
yarn dev Register your first component by adding a catalog-info.yaml to any repo:
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: payment-service
description: Handles all payment processing
annotations:
github.com/project-slug: org/payment-service
spec:
type: service
lifecycle: production
owner: payments-team Push this file to your repo root. Backstage picks it up automatically if your GitHub integration is configured.
Why this matters: Every team sees who owns what, what’s deployed where, and can self-serve from templates, no more “who owns this service?” Slack threads.
Step 2: Install Crossplane for Infrastructure Provisioning
Crossplane turns Kubernetes into a universal control plane. You declare infrastructure (an RDS instance, an S3 bucket) as Kubernetes CRDs and Crossplane creates it in your cloud provider.
Install Crossplane:
helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane \
crossplane-stable/crossplane \
--namespace crossplane-system \
--create-namespace Install the AWS provider (swap for GCP/Azure as needed):
cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-aws
spec:
package: xpkg.upbound.io/upbound/provider-aws:v0.32.0
EOF Define a Composite Resource (XR) for a PostgreSQL database:
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xpostgresqlinstances.db.example.org
spec:
group: db.example.org
names:
kind: XPostgreSQLInstance
plural: xpostgresqlinstances
claimNames:
kind: PostgreSQLInstance
plural: postgresqlinstances
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
storageGB:
type: integer
required:
- storageGB
required:
- parameters Now a developer claims a database like this:
apiVersion: db.example.org/v1alpha1
kind: PostgreSQLInstance
metadata:
name: my-app-db
namespace: dev-team-a
spec:
parameters:
storageGB: 20
compositeDeletePolicy: Foreground
writeConnectionSecretToRef:
name: my-app-db-conn No AWS console access needed. No tickets. Platform team controls the composition, developers control the claim.
Step 3: Install ArgoCD for GitOps Delivery
ArgoCD watches your Git repo and keeps your cluster in sync with what’s committed. Drift detection is automatic.
Install ArgoCD:
kubectl create namespace argocd
kubectl apply -n argocd -f \
https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml Create an Application manifest that tracks your infra repo:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: payment-service
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/payment-service-infra
targetRevision: main
path: k8s/overlays/production
destination:
server: https://kubernetes.default.svc
namespace: payment-service
syncPolicy:
automated:
prune: true
selfHeal: true With selfHeal: true, any manual kubectl change gets automatically reverted. Git is the source of truth, always.
Step 4: Wire Backstage to Crossplane + ArgoCD
This is where the golden path closes the loop. Create a Backstage Software Template that:
- Scaffolds a new repo from a template
- Commits a Crossplane claim for the required infrastructure
- Commits an ArgoCD Application manifest
- Triggers ArgoCD sync automatically
A simplified template action in template.yaml:
steps:
- id: fetch-base
name: Fetch Base
action: fetch:template
input:
url: ./skeleton
values:
name: ${{ parameters.name }}
owner: ${{ parameters.owner }}
- id: publish
name: Publish to GitHub
action: publish:github
input:
repoUrl: github.com?repo=${{ parameters.name }}&owner=org
- id: register
name: Register in Backstage
action: catalog:register
input:
repoContentsUrl: ${{ steps['publish'].output.repoContentsUrl }}
catalogInfoPath: /catalog-info.yaml The template repo skeleton includes the Crossplane claim YAML and ArgoCD Application YAML pre-filled with template variables. Developer fills a form in Backstage UI, infrastructure and deployment config get committed to Git, ArgoCD deploys it.
The Business Case: Why This Is Intelligent Business Transformation
This setup directly impacts business velocity:
- Deployment lead time drops from days to minutes
- Platform team toil drops because provisioning is self-service
- Compliance and governance improve because everything goes through Git and approved templates
- Onboarding time for new developers shrinks significantly
This is not a technical exercise. It is an operating model change, the kind of intelligent business transformation that separates organizations that scale cleanly from those that accumulate platform debt.
FAQ
What is a golden path in Kubernetes?
A golden path is a pre-built, approved workflow that developers follow to provision infrastructure and deploy applications without needing manual help from platform or DevOps teams.
How does Crossplane differ from Terraform?
Crossplane manages infrastructure as Kubernetes resources using the same API patterns developers already know. Terraform is a separate CLI tool with its own state management. Crossplane runs inside your cluster and integrates natively with GitOps workflows.
Do I need all three tools, Backstage, Crossplane, and ArgoCD?
Each solves a different layer. Backstage handles the developer experience and service catalog. Crossplane handles cloud infrastructure provisioning. ArgoCD handles application delivery. You can start with ArgoCD alone and add the others incrementally.
How long does this setup take?
A basic working setup takes one to two days for an experienced platform engineer. Production-hardened, with proper RBAC, secrets management, and multi-team isolation, expect one to two weeks.
Is this setup cloud-provider agnostic?
Yes. Crossplane has providers for AWS, GCP, Azure, and many others. The Backstage and ArgoCD layers are completely cloud-agnostic.
Need help implementing this in your organization? 200OK Solutions specializes in intelligent business transformation, including platform engineering, Kubernetes adoption, and developer experience strategy.
You may also like : Istio vs Linkerd vs Cilium for Enterprise Kubernetes
