docs: roadmap (#28)

---------

Co-authored-by: Sander Rodenhuis <sander.rodenhuis@redkubes.com>

.cspell.json

@@ -8,6 +8,7 @@
     "aspinu",
     "vultr",
     "OVHcloud",
+    "CISA",
     "minikube",
     "srodenhuis",
     "minio",

product/roadmap.md

@@ -4,48 +4,48 @@ title: Product Roadmap
 sidebar_label: Roadmap
 ---
 
-## In 2023 we aim to incorporate the following features
-
-We will make a destinction between `developer-experience` and `platform operations`:
-
-### Developer experience
-
-| Feature | Planned for | Status |
-| ------- | ------ | ------ |
-| Self-service default Response headers per service | Q1 | Ready 🚀 |
-| Create workloads to Deploy Helm charts using ArgoCD | Q1 | Ready 🚀 |
-| Separate workloads from services. Services will be used for ingress/egress | Q1 | Ready 🚀 |
-| Download a push secret for the teams private image registry | Q1 | In progress |
-| Prefill service names of deployed workloads | Q1 | |
-| Independent Drone pipelines for teams | Q2 | |
-| Developer workflows | Q2 | |
-
-
-### Platform operations
-
-| Feature | Planned for | Status |
-| ------- | ------ | ------ |
-| Upgrade Harbor and add db backup option | Q1 | Ready 🚀 |
-| Integrate Thanos for multi-cluster monitoring | Q1 | Ready 🚀 |
-| Split-up cloud and storage configuration for Velero | Q1 | Ready 🚀 |
-| Define ingress-nginx settings for each ingress class | Q1 | Ready 🚀 |
-| Upgrade external secrets operator and add option for cluster-wide secrets | Q1 | Ready 🚀 |
-| Integrate Falco for threat detection | Q1 | Ready 🚀 |
-| Support for Kubernetes version 1.24 | Q1 | In progress |
-| Multi entrypoints when using multiple ingress classes | Q2 | |
-| Read only mode in Otomi Console | Q2 | |
-| Add AlertManager receivers for Watchdog | Q2 | |
-| Make Otomi compliant to the [NSA hardening guide](https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF) | Q2 | In progress |
-| Pod sec policy exceptions need to be approved by platform admin | Q2 | |
-| Harden Istio service mesh configuration | Q2 | |
-| Support use of Istio egress gateway without disrupting outbound traffic | Q2 | |
-| Manage users in Otomi when Keycloak is IdP | Q2 | |
-| A platform admin can configure the shared apps available for a team | Q3 | |
-| Migrate OPA/Gatekeeper to Kyverno | TBD | |
-| Team wide secrets | TBD | |
-| Manage service' ingress features (ingress config per service) | TBD | |
-| Make Otomi storage class independent | TBD | |
+# Supported Kubernetes version
 
+We are dedicated to maintain support for three different Kubernetes versions within a specific major version of Otomi. Whenever we decide to discontinue support for a particular Kubernetes version, we increment the major version of Otomi.
 
+| Otomi Version | Supported Kubernetes version | Expected date |
+| ------------- | ---------------------------- | ------------- |
+| v1.0.0        | 1.25, 1.26, 1.27             | 2023-09-28    |
+| v2.0.0        | 1.26, 1.27, 1.28             | 2024-02-28    |
+| v3.0.0        | 1.27, 1.28, 1.29             | 2024-05-28    |
 
+# Roadmap
 
+## 2023 Q4
+
+- Provide a default workload catalog in Gitea
+- Migrate platform pipeline from Drone to Tekton
+- Leverage ArgoCD to deploy Otomi apps and Teams
+- Quality assurance cluster for continuous Otomi hardening and performance test
+
+## 2024 Q1
+
+- Implement status indicators within Otomi Console to keep Team users informed about the status of various components, including Build processes, Workload management, and Service availability
+- Harden the Istio service mesh configuration
+- Add support for ARM architecture
+- Enable user configurable storage classes
+- Implement Gitea with a database managed by the CloudNativePG operator
+- Provide disaster recovery procedures for Otomi core applications, such as Gitea, Keycloak and Harbor
+- New secret storage engine (a replacement for Hashicorp Vault)
+
+## 2024 Q2
+
+- Add Team Dashboards to provide an overview of team resource status using Prometheus metrics
+- Enhance network policies across the platform
+- Establish separate Kubernetes namespaces for Team Applications
+- Ensure Otomi's NSA and CISA compliance
+- Provide Application specific dashboards
+
+## After Q2 2024
+
+After Q2 2024 we have the following goals:
+
+- Make Otomi more plugable by enabling users to bring their own platform apps
+- Offer more middleware services (like caching, message queuing, databases)
+- Migrate to ambient mesh using eBPF
+- Remove platform app forms in favor of generated values that can be customized in an editor

sidebar-product.js

@@ -2,8 +2,7 @@ module.exports = {
   mainSidebar: [
     "introduction", 
     "architecture", 
-    // "roadmap", 
-    // "release-plan", 
+    "roadmap", 
     "faq",
     {
       "Use Cases": [