Production readiness checklist platform

Section 1 “Org level” is independent of the first app you onboard - start there! Section 2 (workload+env level) is specific to the 1st app and requires you having this app identified.

Section 1: Organization level production readiness

Platform configurations on an organizational level are required for production readiness.

  • What’s your preferred method of configuring your platform? CLI? TF provider? Are you applying this method consistently?
  • Is SSO/SAML enabled for your production organization?
  • What types of environments do you have across your organization?
  • Are K8s clusters shared org wide or by app/environment? If they are org wide, is the agent setup for all of them?
  • What secret stores are you using? Are they connected?
  • What’s your approach to RBAC ? Is this configured?
  • Self-hosted TF runners or managed/hosted by the Orchestrator?
  • What Cloud Accounts do you have org-wide? Are they connected?
  • Are there generally applicable config patterns for resources, workloads, namespaces that you want to enforce across the organization? Examples include observability, Istio enablement, PSS, securityContext, labels and annotations. How does this differ by org, app and env level?
  • What types of resources do you have across your organization? Which ones do you want to expose to your developers? Are there classes of resources? Do the default types suffice?
  • What does the local Devs setup look like? Tools (humctl, etc.), Tech docs (how tos, Score spec, available resource types, etc.) and scaffolding templates/snippets?
  • How do you want to expose/provide the Deployment to your IDP/Humanitec for your Devs and their Workloads? (GitHub Actions templates, GitLab Pipelines templates, etc.)

Section 2: App + environment level production readiness

Platform configurations that are specific to the app you are onboarding first.

  • Do we have Resource Definitions for all possible Resource Types across all Environment Types available? Add the missing resource Definitions.
  • Have we already connected the cluster on the org level? If not, connect the cluster where this application is running.
  • Are there any roadmap items in the next sprints of the team that will require certain functionality of the platform we should add now? If so, add them now.
  • Are the Environment Types we have defined on the org level sufficient for this app?
  • What are the users? What RBAC rights do they have?
  • Do we have the right secret store and parameter store connected?

Identifying and onboarding app 1