File size: 1,239 Bytes
d0ff6ff | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | # Microservice Golden Path Checklist
## Pre-Deployment
- [ ] Service name follows naming convention: lowercase-hyphenated
- [ ] Dockerfile uses multi-stage build + distroless base
- [ ] Image is signed with Cosign
- [ ] SBOM is generated and attested
- [ ] All security scans pass (Trivy, Semgrep, Checkov)
- [ ] Health endpoints: /healthz (liveness) + /readyz (readiness)
- [ ] Graceful shutdown handles SIGTERM
## Kubernetes
- [ ] Resource requests AND limits defined
- [ ] runAsNonRoot: true + readOnlyRootFilesystem: true
- [ ] capabilities.drop: ["ALL"]
- [ ] Probes configured (liveness + readiness)
- [ ] PDB created (minAvailable >= 2)
- [ ] HPA configured
- [ ] NetworkPolicy: default deny + selective allow
- [ ] Secrets from External Secrets Operator (not hardcoded)
- [ ] automountServiceAccountToken: false (unless needed)
- [ ] TopologySpreadConstraints for multi-AZ
## Observability
- [ ] Prometheus metrics endpoint exposed
- [ ] Structured JSON logging
- [ ] OpenTelemetry traces emitted
- [ ] Dashboard exists in Grafana
- [ ] Alert rules defined in Prometheus
## CI/CD
- [ ] DevSecOps pipeline passes (SAST + scan + sign + test)
- [ ] ArgoCD application manifest created
- [ ] Kustomize overlay for each environment
|