Roadmap Priorities

  1. [Done] Dockerized KDK
  2. [In Progress] KDF Docs
  3. [In Progress] Multi-cluster DRY Configuration
    • e.g. How to manage highly redundant umbrella charts or mh configs across many kubernetes clusters.
    • Next generation of mh technology, could be something else
  4. Kubernetes Individual Identity (Security)
    • OIDC Provider Integration
  5. Kubernetes RBAC (Security)
  6. Kubernetes Audit logging (Security)
  7. Multi-tenant Kubernetes Clusters
    • Per-region Kubernetes clusters
    • Individual Namespaces per project.
  8. Service Mesh (Security)
    • East/West (intra-cluster)
      • e.g. pod in one cluster can talk to service in another cluster.
    • North/South (cross-cluster / external-to-cluster)
      • Traffic encryption and authorization at sidecar container pod level
  9. Backups/Snapshots
  10. Secrets Management
    • Vault
  11. Distributed network tracing (Open-Tracing + Istio)
  12. Blue/Green deployments
  13. Kafka streaming platform
    • Accounting, cross-cluster mirroring, security, multi-tenancy, entitlement, etc.
  14. Kubernetes on Openstack encryption at rest
    • Node volumdes such as Etcd, and Kubernetes PVs

To be discussed/prioritized:

  1. Openstack Autoscale
  2. Kubernetes IDS (Falco/Abnormal Auth network traffic/etc…)
  3. Hardening around LoadBalancer/NodePort service creation.
  4. Dynamic Security Group creation for K8s service neutron ports. (bug in kube-controller-manager)
  5. Support for Node-Pools