Platform Engineering Foundations
Golden Paths & Paved Roads
3 min read
Netflix calls them "Paved Roads." Spotify calls them "Golden Paths." The concept is the same: opinionated, well-supported ways to build and deploy software that make the right way the easy way.
What is a Golden Path?
A Golden Path is a pre-defined, organization-approved workflow that guides developers from idea to production using best practices, approved tools, and automated guardrails.
The key insight: developers can still go "off-road," but the golden path is so much easier that most choose to stay on it.
Off-Road Development:
┌─────────────────────────────────────────────┐
│ Choose language → Pick framework → │
│ Set up CI/CD → Configure security → │
│ Deploy somewhere → Hope it works │
│ │
│ Time: Days to weeks │
│ Consistency: Low │
│ Support: "You're on your own" │
└─────────────────────────────────────────────┘
Golden Path Development:
┌─────────────────────────────────────────────┐
│ 1. Click "Create New Service" │
│ 2. Select template (Node.js API, etc.) │
│ 3. Fill in: name, owner, description │
│ 4. Click "Create" │
│ │
│ Time: 5 minutes │
│ Consistency: High │
│ Support: Platform team has your back │
└─────────────────────────────────────────────┘
Golden Path Components
A complete golden path includes:
# Golden Path Definition
apiVersion: platform.io/v1
kind: GoldenPath
metadata:
name: nodejs-api-golden-path
spec:
# What this path creates
output:
type: "Node.js REST API"
includes:
- "Express.js boilerplate"
- "TypeScript configuration"
- "Jest test setup"
- "Dockerfile (multi-stage build)"
- "Kubernetes manifests"
- "GitHub Actions CI/CD"
- "Backstage catalog entry"
# Pre-configured integrations
integrations:
monitoring:
- prometheus-metrics
- opentelemetry-tracing
security:
- snyk-scanning
- trivy-container-scan
secrets:
- vault-integration
# Guardrails (enforced automatically)
guardrails:
- "No secrets in code (Gitleaks)"
- "Base image must be approved"
- "Must have health endpoints"
- "Must have resource limits"
# Documentation
documentation:
- "Getting started guide"
- "Architecture decision records"
- "Runbook templates"
Building a Golden Path Template
Here's a real Backstage template for a golden path:
# Backstage Software Template
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
name: nodejs-api-template
title: Node.js REST API (Golden Path)
description: |
Create a production-ready Node.js REST API with all
platform integrations pre-configured.
tags:
- nodejs
- api
- golden-path
spec:
owner: platform-team
type: service
parameters:
- title: Service Information
required:
- name
- owner
properties:
name:
title: Service Name
type: string
pattern: "^[a-z0-9-]+$"
description: "Lowercase, alphanumeric with dashes"
owner:
title: Owner
type: string
ui:field: OwnerPicker
description:
title: Description
type: string
- title: Infrastructure
properties:
database:
title: Database Required?
type: boolean
default: false
databaseType:
title: Database Type
type: string
enum:
- postgresql
- mysql
ui:options:
hidden: "{{ not parameters.database }}"
steps:
# Step 1: Fetch template skeleton
- id: fetch-base
name: Fetch Base Template
action: fetch:template
input:
url: ./skeleton
values:
name: ${{ parameters.name }}
owner: ${{ parameters.owner }}
# Step 2: Create GitHub repo
- id: publish
name: Create Repository
action: publish:github
input:
repoUrl: github.com?owner=acme&repo=${{ parameters.name }}
defaultBranch: main
# Step 3: Register in catalog
- id: register
name: Register in Catalog
action: catalog:register
input:
repoContentsUrl: ${{ steps.publish.output.repoContentsUrl }}
catalogInfoPath: /catalog-info.yaml
# Step 4: Provision database if needed
- id: provision-db
name: Provision Database
if: ${{ parameters.database }}
action: crossplane:create-claim
input:
claimType: AppDatabase
claimName: ${{ parameters.name }}-db
parameters:
engine: ${{ parameters.databaseType }}
size: small
output:
links:
- title: Repository
url: ${{ steps.publish.output.remoteUrl }}
- title: Service in Catalog
url: ${{ steps.register.output.entityRef }}
Golden Path Decision Tree
Help developers choose the right path:
┌──────────────────┐
│ What are you │
│ building? │
└────────┬─────────┘
┌───────────────┼───────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ REST API │ │ Frontend │ │ Worker │
└────┬─────┘ └────┬─────┘ └────┬─────┘
│ │ │
┌────▼────┐ ┌────▼────┐ ┌────▼────┐
│ Node.js │ │ React │ │ Python │
│ or Go? │ │ or Vue? │ │ or Go? │
└────┬────┘ └────┬────┘ └────┬────┘
│ │ │
▼ ▼ ▼
[nodejs-api] [react-app] [python-worker]
Template Template Template
Measuring Golden Path Success
Track adoption and satisfaction:
# Golden Path Metrics
metrics:
adoption:
- name: "Template Usage Rate"
query: |
count(services where template != null) /
count(all_services) * 100
target: "> 90%"
- name: "Off-Path Services"
query: "count(services where template == null)"
target: "< 10%"
efficiency:
- name: "Time to First Deploy"
golden_path: "< 1 hour"
off_path: "3-5 days"
- name: "Onboarding Time"
golden_path: "< 1 day"
off_path: "2-4 weeks"
quality:
- name: "Security Scan Pass Rate"
golden_path: "99%"
off_path: "75%"
- name: "Incident Rate"
golden_path: "2x lower"
description: "Compared to off-path services"
The "Easy Path = Right Path" Principle
The goal is to make following best practices easier than not following them:
| Aspect | Off-Path (Hard) | Golden Path (Easy) |
|---|---|---|
| CI/CD setup | Configure from scratch | Pre-configured |
| Security scanning | Manual integration | Automatic |
| Monitoring | Find tools, configure | Built-in |
| Documentation | Write from scratch | Generated |
| Deployment | Figure out K8s | One-click |
"Make the pit of success the default."
In the next module, we'll dive into Backstage—the most popular developer portal for building these golden paths. :::