Skip to content

Commit

Permalink
Release plan 2 (#59)
Browse files Browse the repository at this point in the history
  • Loading branch information
j-zimnowoda authored Feb 29, 2024
1 parent d64b3d1 commit 11534e4
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 13 deletions.
1 change: 1 addition & 0 deletions .cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@
"argoproj",
"authz",
"autocd",
"bitnami",
"chartrepo",
"chmod",
"ciso",
Expand Down
29 changes: 16 additions & 13 deletions product/roadmap.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,34 +32,37 @@ We are dedicated to maintain support for three different Kubernetes versions wit
### 2024 Q1

- Add Grype to the Otomi Build pipeline to scan source code for security vulnerabilities ✅
- Add the option to add charts from [artifacthub](https://artifacthub.io) to the Catalog 🔄
- Implement a new secret management solution (as a replacement for Hashicorp Vault) 🔄
- Implement a new secret management solution (as a replacement for Hashicorp Vault) ✅
- Move network policies out of the Service configuration to improve network policy management 🔄
- Migrate OPA/Gatekeeper to Kyverno and offer a large set of default policies that can also be managed by Teams 🔄
- Improve Team self-service permissions 🔄
- Leverage Argo CD to deploy Otomi Platform apps 🔄
- Harden the Istio service mesh configuration
- Implement Gitea with a database managed by the CloudNativePG operator
- Migrate Harbor and Keycloak Jobs to the Otomi operators
- Improve Team self-service permissions ✅
- Create an Organization in Gitea for each Team (tenant)

### 2024 Q2

- Bring user management into Otomi when Keycloak is used as an IdP
- Harden the Istio service mesh configuration
- Implement Gitea with a database managed by the CloudNativePG operator
- Migrate Harbor and Keycloak Jobs to the Otomi operators
- Enhance network policies across the platform
- Establish separate Kubernetes namespaces for Team Applications
- Ensure Otomi's NSA and CISA compliance
- Enable user configurable storage classes
- Provide disaster recovery procedures for Otomi core applications, such as Gitea, Keycloak and Harbor
- Show a compliance report (code vulnerabilities, image vulnerabilities, security violations, container vulnerabilities, config audit, exposed secrets) per workload

### After Q2 2024
### Q3 2024

After Q2 2024 we have the following goals:

- Add the option to add charts from [artifacthub](https://artifacthub.io) to the Catalog 🔄
- Leverage Argo CD to deploy Otomi Platform apps 🔄
- Bring user management into Otomi when Keycloak is used as an IdP
- Ensure Otomi's NSA and CISA compliance
- Show a compliance report (code vulnerabilities, image vulnerabilities, security violations, container vulnerabilities, config audit, exposed secrets) per workload
- Make Otomi more plugable by enabling users to bring their own platform apps
- Migrate to ambient mesh using eBPF

### Q4 2024

- Encrypt platform secrets with SealedSecrets instead of SOPS
- Remove platform app forms in favor of generated values that can be customized in an editor
- Migrate to ambient mesh using eBPF

## Removed features by release

Expand Down

0 comments on commit 11534e4

Please sign in to comment.