From 941784b04be613b032b263ba6ee8d93cd7ca1862 Mon Sep 17 00:00:00 2001 From: ffforest Date: Thu, 25 Jul 2024 20:44:41 +0800 Subject: [PATCH] docs: add kusion server roadmap --- docs/design/kusion_server/roadmap.md | 86 ++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 docs/design/kusion_server/roadmap.md diff --git a/docs/design/kusion_server/roadmap.md b/docs/design/kusion_server/roadmap.md new file mode 100644 index 00000000..99fb45c7 --- /dev/null +++ b/docs/design/kusion_server/roadmap.md @@ -0,0 +1,86 @@ +# Kusion Server Roadmap + +## Current gaps between upstream and internal version + +The following can be contributed back to upstream in August with the exception of `KCL Configuration Management`. + +### KCL Configuration Management +- Initialize and modify `.k` files with new branches +- Update configuration items +- Manage configuration versions + +### AuthN, AuthZ +- Support authentication based on JWT token + - Support auth whitelist + - Support RBAC if an IAM system is present + - Support ability to generate a token if an IAM system is present + +### Version management +- Stack status management + - Persistent last `generated`/`previewed`/`applied` spec version + - Support explicit spec ID or content when `previewing`/`applying` + +### Resources management +- Centrally write resource metadata and attributes after apply +- Basic ability to look them up based on different criteria: + - Project/Stack/Workspace + - Example `"All resources for project X, stack Y in workspace Z"` + - ResourcePlane/ResourceType + - Example: `"All AWS S3 buckets for project X"` + - Any field in resource attributes + - Example: `"All MySQL databases in production with version 5.7 in region us-west-1"` + +### Secrets management +- Manage application secrets with third-party vendors + - API to manage secrets associated with a `stack` (usually application secrets) + - Automatically replace them to actual values during preview/apply without showing them +- Workspace credential management with third-party vendors + - API to manage `KubeConfig`/`AccessKey`/`Secretkey` associated with a `workspace` + - Automatically replace them to actual values during preview/apply without showing them + +### Quality-of-life improvements +- Support applying through a federated cluster via a gateway runtime +- The ability to list `projects`/`stacks`/`workspaces` with custom filters, for example: + - list all `projects` under org x + - list all `stacks` under org x and project y + - find `workspace` with the name x +- Better search experience + - Project name and path validation + - The ability to point to a `project` by name instead of ID + - The ability to automatically create relevant orgs when creating projects + - if exists, use it; otherwise create a new one +- The ability to set up a default backend during startup +- Automatically lock the `stack` when other operations are in progress + - Gating mechanism for proceeding into the next stage in lifecycle (generate -> preview -> apply) +- Automatically generate swag docs + +## Next up... + +These are what's considered interesting in the next few months for Kusion server to work on... + +### AuthN and AuthZ +- This will likely be integration with open-source IAM solutions +- More ways to AuthN and AuthZ than JWT +- Support organizational roles and role assignments + +### Resource Graphs +- Grant customized permissions on resources created by Kusion server +- The ability to render a topological view of resources on said dimensions + +### GitOps +- Manage automated GitOps triggers +- Support master-worker architecture + +### Variables and Variable Sets +- Support platform configurations that can set on any scopes: global, org, project, workspace, etc +- Define priorities when multiple variables with the same key are present and may result in a scope conflict +- Support more third-party secret management solutions for storing sensitive variables + +### Audit trails and workflows +- Create audit trails with subject, object and operation +- Persist workflow executions, e.g. all the generate, preview, apply operations +- The ability to insert custom stages in these workflow, e.g. approvals + +### Policies +- Render-time (generate) policies and Execution-time (preview/apply) policy +- Both built-in and customizable \ No newline at end of file