From 1f9863689f74f1766594c870f3f213f02735ae43 Mon Sep 17 00:00:00 2001 From: jeho Date: Mon, 25 Sep 2023 11:19:17 +0200 Subject: [PATCH] docs: roadmap (#28) --------- Co-authored-by: Sander Rodenhuis --- .cspell.json | 1 + product/release-plan.md | 17 --------- product/roadmap.md | 82 ++++++++++++++++++++--------------------- sidebar-product.js | 3 +- 4 files changed, 43 insertions(+), 60 deletions(-) delete mode 100644 product/release-plan.md diff --git a/.cspell.json b/.cspell.json index 1e188d4b5..bea7fab52 100644 --- a/.cspell.json +++ b/.cspell.json @@ -8,6 +8,7 @@ "aspinu", "vultr", "OVHcloud", + "CISA", "minikube", "srodenhuis", "minio", diff --git a/product/release-plan.md b/product/release-plan.md deleted file mode 100644 index 2c17db0a5..000000000 --- a/product/release-plan.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -slug: release-plan -title: Release Plan -sidebar_label: Release Plan ---- - -The release plan in the table below only takes the compatibility and EOL issues into account. - - -| Otomi Version | K8s Compatibility | Release Month | -| ------- | ------ | ------ | -| v0.19.x | 1.21 1.22 1.23 | March 2023 | -| v0.20.x | 1.22 1.23 1.24 | March 2023 | -| v0.21.x | 1.23 1.24 | May 2023 | -| v0.22.x | 1.24 1.25 | July 2023 | - - diff --git a/product/roadmap.md b/product/roadmap.md index 25bd9c959..2b97be2c9 100644 --- a/product/roadmap.md +++ b/product/roadmap.md @@ -4,48 +4,48 @@ title: Product Roadmap sidebar_label: Roadmap --- -## In 2023 we aim to incorporate the following features - -We will make a destinction between `developer-experience` and `platform operations`: - -### Developer experience - -| Feature | Planned for | Status | -| ------- | ------ | ------ | -| Self-service default Response headers per service | Q1 | Ready 🚀 | -| Create workloads to Deploy Helm charts using ArgoCD | Q1 | Ready 🚀 | -| Separate workloads from services. Services will be used for ingress/egress | Q1 | Ready 🚀 | -| Download a push secret for the teams private image registry | Q1 | In progress | -| Prefill service names of deployed workloads | Q1 | | -| Independent Drone pipelines for teams | Q2 | | -| Developer workflows | Q2 | | - - -### Platform operations - -| Feature | Planned for | Status | -| ------- | ------ | ------ | -| Upgrade Harbor and add db backup option | Q1 | Ready 🚀 | -| Integrate Thanos for multi-cluster monitoring | Q1 | Ready 🚀 | -| Split-up cloud and storage configuration for Velero | Q1 | Ready 🚀 | -| Define ingress-nginx settings for each ingress class | Q1 | Ready 🚀 | -| Upgrade external secrets operator and add option for cluster-wide secrets | Q1 | Ready 🚀 | -| Integrate Falco for threat detection | Q1 | Ready 🚀 | -| Support for Kubernetes version 1.24 | Q1 | In progress | -| Multi entrypoints when using multiple ingress classes | Q2 | | -| Read only mode in Otomi Console | Q2 | | -| Add AlertManager receivers for Watchdog | Q2 | | -| Make Otomi compliant to the [NSA hardening guide](https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF) | Q2 | In progress | -| Pod sec policy exceptions need to be approved by platform admin | Q2 | | -| Harden Istio service mesh configuration | Q2 | | -| Support use of Istio egress gateway without disrupting outbound traffic | Q2 | | -| Manage users in Otomi when Keycloak is IdP | Q2 | | -| A platform admin can configure the shared apps available for a team | Q3 | | -| Migrate OPA/Gatekeeper to Kyverno | TBD | | -| Team wide secrets | TBD | | -| Manage service' ingress features (ingress config per service) | TBD | | -| Make Otomi storage class independent | TBD | | +# Supported Kubernetes version +We are dedicated to maintain support for three different Kubernetes versions within a specific major version of Otomi. Whenever we decide to discontinue support for a particular Kubernetes version, we increment the major version of Otomi. +| Otomi Version | Supported Kubernetes version | Expected date | +| ------------- | ---------------------------- | ------------- | +| v1.0.0 | 1.25, 1.26, 1.27 | 2023-09-28 | +| v2.0.0 | 1.26, 1.27, 1.28 | 2024-02-28 | +| v3.0.0 | 1.27, 1.28, 1.29 | 2024-05-28 | +# Roadmap +## 2023 Q4 + +- Provide a default workload catalog in Gitea +- Migrate platform pipeline from Drone to Tekton +- Leverage ArgoCD to deploy Otomi apps and Teams +- Quality assurance cluster for continuous Otomi hardening and performance test + +## 2024 Q1 + +- Implement status indicators within Otomi Console to keep Team users informed about the status of various components, including Build processes, Workload management, and Service availability +- Harden the Istio service mesh configuration +- Add support for ARM architecture +- Enable user configurable storage classes +- Implement Gitea with a database managed by the CloudNativePG operator +- Provide disaster recovery procedures for Otomi core applications, such as Gitea, Keycloak and Harbor +- New secret storage engine (a replacement for Hashicorp Vault) + +## 2024 Q2 + +- Add Team Dashboards to provide an overview of team resource status using Prometheus metrics +- Enhance network policies across the platform +- Establish separate Kubernetes namespaces for Team Applications +- Ensure Otomi's NSA and CISA compliance +- Provide Application specific dashboards + +## After Q2 2024 + +After Q2 2024 we have the following goals: + +- Make Otomi more plugable by enabling users to bring their own platform apps +- Offer more middleware services (like caching, message queuing, databases) +- Migrate to ambient mesh using eBPF +- Remove platform app forms in favor of generated values that can be customized in an editor diff --git a/sidebar-product.js b/sidebar-product.js index c5a90d135..fd003f257 100644 --- a/sidebar-product.js +++ b/sidebar-product.js @@ -2,8 +2,7 @@ module.exports = { mainSidebar: [ "introduction", "architecture", - // "roadmap", - // "release-plan", + "roadmap", "faq", { "Use Cases": [