Public CV / authenticated platform demo

Building the paved road, not just describing it.

This landing page is the public front door for a local-but-production-shaped internal developer platform demo. The public side explains the architecture and exposes generated resume sites. The protected side uses Backstage as the single IDP entry point for creating new sites through runtime-specific provisioning APIs.

1 authenticated IDP front door
2 provisioning backends with different runtime strategies
3+ public explainer sites shipped through the same path
GitOps delivery model using GitHub Actions and Argo CD

Selected Public Paths

Explore the output, not just the pitch.

These routes are intentionally public so the generated artifacts and platform narrative are inspectable without signing in.

Current architecture

Platform overview

What is running right now across Backstage, Cloudflare, k3s, Argo CD, and the provisioning APIs.

Open site -> Scaling the pattern

Current vs production

Which parts are workstation tradeoffs, and what changes when this moves to a fuller production topology.

Open site -> Alternative platform path

ECS vs EKS

A side-by-side explanation of the same platform goals on ECS and the tradeoffs against Kubernetes.

Open site ->

Platform Shape

One portal. Multiple backend capabilities.

The point of the demo is not a single hardcoded site. It is a repeatable path that supports multiple runtime patterns behind one internal developer portal.

01

Backstage acts as the public-facing control plane.

Templates live in one authenticated portal, not in scattered repos or shell scripts. Cloudflare Access protects the portal before requests ever reach the workstation.

02

Provisioning is split across runtime-specific APIs.

One backend provisions a Node.js CV application. Another provisions a static site variant. The portal experience stays unified while the backend delivery logic stays purpose-built.

03

GitHub Actions and Argo CD close the delivery loop.

Provisioners dispatch workflows, commit GitOps state, and let Argo reconcile the desired workload into the cluster. New public pages are created by the platform path itself.

04

The public root stays intentionally readable.

The landing page explains what is live, why the architecture is shaped this way, and where to inspect the public artifacts without forcing every visitor through the IDP.

Current Footprint

A clean split between public narrative and protected control.

This keeps the demo legible: the public routes prove the output, while the protected route proves the operator experience.

Public root

The narrative front door for the demo and the future polished CV surface.

https://tenison.cc/

Public generated sites

Deployed artifacts created through the same platform flow and exposed for easy review.

https://tenison.cc/sites/<slug>

Protected portal

Backstage behind Cloudflare Access, used to generate new sites and exercise the platform path.

https://backstage.tenison.cc/
Why this shape: keep the public experience simple, make the control plane explicit, and demonstrate that the same platform can support multiple backend implementation paths without fragmenting the developer experience.
  • Cloudflare terminates public TLS and gates the IDP with Access.
  • Backstage provides the single template-driven entry point.
  • k3s hosts the workload plane, including the public generated sites and internal platform APIs.
  • GitHub Actions and Argo CD provide the repeatable delivery path.