Demo Overview

A public CV backed by a protected internal platform workflow.

The public side of tenison.cc is intentionally open: it shows the CV, generated site examples, and the high-level architecture. The provisioning workflow itself lives behind Cloudflare Access on backstage.tenison.cc.

Site Model

What lives where.

The demo is split into a public entry point, a protected internal developer portal, and runtime services deployed into local Kubernetes.

Public Surface

tenison.cc

The homepage and generated CV-style sites are public. This is where you can see the design, browse the generated site examples, and understand the project without signing in.

Protected Portal

backstage.tenison.cc

Backstage is the authenticated control plane. It is protected by Cloudflare Access and serves as the single portal for templates, workflows, and platform entry points.

Provisioning APIs

Internal runtime-specific backends

Separate backend services handle different provisioning paths, including Node-based CV sites and static-site generation. Backstage orchestrates them, but they stay off the public edge.

Delivery Plane

GitHub Actions, Argo CD, and k3s

Template inputs become Git-managed changes. GitHub Actions generates or updates manifests, and Argo CD deploys them into the local k3s workload plane.

Provisioning Flow

What happens after you sign in.

The workflow is designed to look like a slim internal developer platform rather than a single-purpose app.

Template selection

Choose the right site type

Backstage exposes multiple golden paths through templates. In this demo, one path provisions a Node runtime and another provisions a static CV site.

Backend orchestration

Backstage calls the matching platform API

The Backstage backend handles user input and hands off to the correct internal API. That keeps the portal unified while still allowing multiple provisioning backends behind it.

GitOps delivery

The new site lands through one supported path

Generated files are committed through GitHub automation, then reconciled by Argo CD. The resulting site becomes available under the public hostname once the deployment is healthy.

Requesting Access

How to get into Backstage.

Access is intentionally limited. The public site is open; the provisioning portal is not.

Request access: email [email protected] with a short note about why you want access, or contact Allan on LinkedIn. Approved users are added to the Cloudflare Access policy for backstage.tenison.cc.
  • Public visitors can still browse the CV and generated site examples without authentication.
  • Backstage requires Cloudflare Access because it exposes the internal platform workflows.
  • Access requests are reviewed manually and granted by email allowlist.