Foundations
Five timeless patterns that underlie everything else in the program: control-loops, mediation, virtualization, privilege-separation, and layering-and-abstraction. The category every other category leans on.
Five patterns that underlie everything. Touched in Y1; deepens through Y3 as the substrate exercises them daily.
Patterns in this category
| Pattern | First touched | DEEP target |
|---|---|---|
| control-loops | Y3 Phase 20 (K8s reconciliation) | Y3 end (operating Flux + custom operator) |
| mediation | Y3 Phase 25 (service mesh) | Y3 end (Cilium operational) |
| virtualization | Y1 Phase 1 (Linux processes) | Y3 Phase 19 (containers from scratch) |
| privilege-separation | Y3 Phase 17 (kernel) | Y3 end (multi-cloud + mesh + secrets) |
| layering-and-abstraction | Y1 Phase 1 (Linux) | Y3 Phase 18 (networking deep) |
Why this category exists
Foundations are the small set of patterns that don’t fit cleanly under any other category but get exercised under every other category. Control loops underlie GitOps, observability alerting, and operator reconciliation. Mediation underlies service mesh, API gateways, and the platform contract. Virtualization underlies containers, VMs, and namespace-as-a-service. Privilege separation underlies the kernel, mesh mTLS, and zero-trust. Layering-and-abstraction is the meta-pattern that lets every other layer in the stack stay debuggable.
These five patterns are touched early and return often. Each phase from Y1 to Y5 re-exercises at least one foundations pattern in a new layer. By Year 3 you’re running control loops through Flux; by Year 5 you’re running them through the aiops operator. The pattern is the same. The context is different. That’s the whole point of naming the pattern once and reusing the name.
By graduation, all five should be DEEP. Not because you read about them, but because you’ve operated systems that depend on each. The Foundations category is the litmus test for pattern-fluency: if you can articulate the four trade-offs of control loops from your operational experience, you’re a platform engineer. If you can only recite a Kubernetes tutorial, you’re not there yet.
How to read this category
Two patterns are entry points and two are late-DEEP.
Entry points (Y1): virtualization and layering-and-abstraction. You touch these on day one of Phase 1 (Linux processes and namespaces are virtualization; the shell → filesystem → kernel stack is layering). Read the STUB entries when Phase 1 references them. Promote to OUTLINE by end of Phase 1.
Load-bearing (Y3): control-loops and mediation. These are the patterns that basecamp’s whole architecture depends on. You’ll see control-loops in Kubernetes, ArgoCD, Flux, Crossplane, and the custom operators you write. You’ll see mediation in Cilium mesh, ingress controllers, and the platform contract. Both go DEEP by end of Year 3 through operational hours on basecamp.
Cross-cutting (Y3): privilege-separation shows up everywhere identity and permission live: kernel capabilities, mesh mTLS, cloud IAM, Kubernetes RBAC, Kyverno policies. It’s less a single pattern than a discipline that runs through the other four.
How the patterns connect
The five patterns compose in predictable ways.
layering-and-abstractionis the meta-pattern. Every other pattern in this category (and most patterns in other categories) is an instance of layering applied to a specific problem.virtualizationcreates the layerslayering-and-abstractiondescribes. Namespaces, cgroups, VMs, containers, K8s pods are all virtualization applied at different depths of the stack.control-loopsandmediationare the two ways layers talk. Control loops drive reconciliation between declared and actual state. Mediation intercepts traffic between layers to enforce cross-cutting concerns.privilege-separationis the safety discipline that runs across all four. Every layer, every reconciliation, every mediated flow has a privilege model. Get it wrong and the layer becomes unsafe.
Where these show up in /root
Chronologically, from Phase 1 to Phase 50:
- Y1 Phase 1 —
virtualization(Linux processes as virtualized execution) andlayering-and-abstraction(shell, filesystem, kernel as layers). - Y3 Phase 17 —
privilege-separationfirst fires as kernel capabilities and syscall boundaries. - Y3 Phase 18 —
layering-and-abstractiondeepens through the OSI model and TCP/IP stack. - Y3 Phase 19 —
virtualizationdeepens as you build containers from scratch withunshareandcgroups. - Y3 Phase 20 —
control-loopsfirst fires (Kubernetes reconciliation). All subsequent phases operate through this pattern. - Y3 Phase 25 —
mediationfirst fires through service mesh. Cilium becomes the operational proof. - Y3 Phase 27 —
privilege-separationdeepens through secrets lifecycle + Kyverno policies. - Y5 Phase 46 —
mediationreappears asllm-gateway(the LLM traffic mediator). - Y5 Phase 50 —
control-loopsreappears inaiops(agents reconciling incident state).
By the time you write the Pattern Paper at graduation, every one of the five foundations has been operated in at least two contexts.
Anti-patterns
| Anti-pattern | Why |
|---|---|
Promoting control-loops to DEEP after only using Kubernetes | DEEP requires operating at least two implementations. If you only know K8s reconciliation, you know Kubernetes; you don’t know the pattern. Wait until you’ve written a Crossplane XRD or a custom operator. |
Skipping the STUB stage for virtualization because “it’s obvious” | The obviousness is the trap. Every senior engineer discovers late that they conflated virtualization-as-isolation with virtualization-as-abstraction. The STUB entry forces you to write the distinction down. |
Treating mediation and layering-and-abstraction as the same pattern | They’re related but distinct. Mediation intercepts a flow; layering creates the abstractions the flow crosses. A layer boundary is not automatically a mediation point. |
Deferring privilege-separation promotion to Y5 | This pattern lives in every year. Force yourself to promote it to OUTLINE by end of Y3 even though the DEEP evidence keeps accumulating. Deferring the OUTLINE work means the entry stays wrong for longer than it needs to. |
Cross-references
- Pattern Library — the depth ladder
- Master Plan — pattern-first philosophy
- Platform Patterns in the Industry — how hyperscale platforms instantiate these five