docs(serviceprovider): add quality standards first draft#105
docs(serviceprovider): add quality standards first draft#105maximiliantech wants to merge 9 commits into
Conversation
Initial draft of the openMCP service provider quality standards. Defines three tiers (Experimental / Community / Stable), ten quality criteria, the per-repo declaration format with a compliance table, and the SIG Extensibility-led graduation process. Refs #49 Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
Signed-off-by: Maximilian Techritz <maximilian.techritz@sap.com>
maximiliantech
left a comment
maximiliantech
left a comment
There was a problem hiding this comment.
Just finalised a first draft for the service provider quality standards. I believe this list will change over time (possibly just get longer). Please take this first draft as a proposal. There might be requirements that are just not right from the beginning or criteria that I forgot in here. I am happy to see your feedback @christophrj 🫶
| - End-to-end tests run on every release against a real cluster, using [openmcp-testing](https://github.com/openmcp-project/openmcp-testing). | ||
| - Documentation includes a troubleshooting section. | ||
|
|
||
| ## The ten quality criteria |
There was a problem hiding this comment.
For the reviewer: please treat this list as a proposal!
|
|
||
| ### 7. Security hardening | ||
|
|
||
| The controller's container runs with `runAsNonRoot: true`, `readOnlyRootFilesystem: true`, `allowPrivilegeEscalation: false`, and drops all Linux capabilities. RBAC is split between cluster-scope (only what is truly needed) and namespace-scope. No wildcards on critical verbs (`*` on `secrets`, etc.). |
There was a problem hiding this comment.
Not sure if we want to add it to our quality standards right from the beginning. The topic is way more deep and I am a bit unsure wether this is just a scratch on the surface which is not really helping a service provider developer or platform owner.
| The standard exists for two audiences: | ||
|
|
||
| 1. **Service provider developers** read it as a checklist. It tells you what you need to implement and which tier you can claim. | ||
| 2. **Platform owners** read it to evaluate whether a service provider is mature enough to install in their landscape. |
There was a problem hiding this comment.
I do believe the Service Provider developer is the main driver behind these quality standards. The platform owner is more or less the stakeholder for these requirements. Both have are interested in this. I am not sure if developers/serviceproviders/ is the right path to put this in. What do you think @christophrj?
|
|
||
| A `MAINTAINERS.md` or `CODEOWNERS` file names responsible humans or teams. The repo declares its support level (best-effort, business-hours, etc.). | ||
|
|
||
| ## Tier matrix |
There was a problem hiding this comment.
This tier matrix is definitely subject to change, but I thought it would make it more transparent what to expect from a service provider.
1 participant
What this PR does / why we need it:
First draft of the OpenControlPlane service provider quality standards at
docs/developers/serviceprovider/07-quality-standards.mdx.Defines three tiers (Experimental / Community / Stable), ten criteria, a per-repo compliance table, and SIG Extensibility-led tier graduation.
Which issue(s) this PR fixes:
Related #49
Special notes for your reviewer:
This document should be the place for the quality standard. In the document itself there is an example markdown snippet that each service provider should include in its README as well. Ultimately, I would like to turn this into a conformance standard in an automated fashion. Every service provider needs to do tests and then gets a badge for each criteria or something like that. Similar to the Kubernetes conformance matrix from Gardener.
Release note: