Elevate requirements to organizational/architectural policy

- Security: no IAM in service repos, no custom auth, no direct external calls - Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config - DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions - Cost: resource tagging, no unbounded allocation, no per-tenant infra - Updated checker and demo to match - These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
2026-03-07 07:41:27 +00:00
parent a7728c6266
commit e323c45cb0
10 changed files with 265 additions and 198 deletions
--- a/.demo/k8s/deployment.yaml
+++ b/.demo/k8s/deployment.yaml
@@ -11,4 +11,33 @@ spec:
          image: reltio/user-service:latest
          ports:
            - containerPort: 8080
-          # OPS-003 VIOLATION: No resource limits defined
+---
+# OPS-001 VIOLATION: Custom ingress instead of Foxtrot routing
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: user-service-ingress
+spec:
+  rules:
+    - host: users.reltio.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: user-service
+                port:
+                  number: 8080
+---
+# OPS-004 VIOLATION: Pinned infrastructure version
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-db
+spec:
+  template:
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:14.2