Skip to content

Latest commit

 

History

History
172 lines (106 loc) · 5.73 KB

roadmap.md

File metadata and controls

172 lines (106 loc) · 5.73 KB

Roadmap and Vision

SIG Release Roadmap for 2022 and beyond

This document contains the SIG Release Roadmap for 2022 and beyond. More detailed information can be found on the corresponding project boards.

Primary Focus

Establish a consumable, introspectable, and secure supply chain for Kubernetes. As a supply chain we understand the defining, building and publishing of Kubernetes related artifacts.

  1. Consumable: Improving the usability of artifacts by making their consumption easier. This includes being process independent of vendor, employer and individuals.
  2. Introspectable: It is clear for users at which point and how Kubernetes artifacts are being built. This includes the documentation of all deliverables as well as clarifying what we do not support. All official release artifacts will be built by a hermetic process that is impervious to human interference.
  3. Secure: The artifacts we produce are verified for their integrity. This applies to their functionality (we know what we deliver) as well as their software security (we know when CVEs occur).

Deliverables

The following deliverables are necessary to achieve the overall goal. Within the following listing, all deliverables are sorted by their priority and their state.

Work in progress (WIP)

  1. SLSA compliance in the Kubernetes Release Process (Secure)

    Outcome: Ensure that our release process is SLSA compliant. We also intend to participate actively in the development of the framework.

    Enhancement: kubernetes/enhancements#3027

    Project board: https://github.com/orgs/kubernetes/projects/138

  2. Moving deb/rpm package builds to community infrastructure (Consumable)

    Outcome: Automated builds of signed deb and rpm Kubernetes packages within community infrastructure.

    Enhancement: kubernetes/enhancements#1731

    Project board: https://github.com/orgs/kubernetes/projects/137

  3. Signing of release artifacts (Secure)

    Outcome: Being able to ship signed release artifacts, which includes container images in the first iteration as well as all artifacts following on.

    Enhancement: kubernetes/enhancements#3031

To be done (TODO)

  1. Enhance Kubernetes binary artifact management (Consumable)

    kubernetes#1372

    Enhancement: none

    Outcome: Being able to promote files as artifacts and using this mechanism for Kubernetes releases.

  2. Define and collect metrics about Kubernetes releases (Introspectable)

    kubernetes#1527

    Enhancement: none

    Outcome: Being able to measure and interpret a set of defined metrics about Kubernetes releases to associate actions with those.

  3. Establish Cluster API as first-class signal for upstream releases (Consumable)

    Enhancement: none

    Outcome: Cluster API provides a CI signal for blocking release test jobs.

  4. Enhance and simplify Kubernetes version markers (Consumable)

    Enhancement: none

    Outcome: Clear documentation about available version markers as well as their simplified automation.

Known Risks

  1. We rely on different SIGs for our work

    We have a need to discuss our enhancements with different SIGs to get all required information and drive the change. This can lead into helpful, but maybe not expected input and delay the deliverable.

  2. Some topics require initial research

    We're not completely aware of all technical aspects for the changes. This means that there is a risk of delaying because of investing more time in pre-research.

  3. SLSA framework is in earlier stages and changes to it can/may affect some of the direction of roadmap items.

Requests to Other Teams

  1. SIG Architecture

    For the formalization of the released platforms and input about the overall supply chain.

  2. SIG Cluster Lifecycle

    To get input for making Cluster API a first-class signal for upstream releases.

  3. SIG K8s Infra

    For general infrastructure support we rely on.

Done Deliverables

  1. Formalize supported release platforms (Introspectable)

    kubernetes#1337

    Outcome: Definition of the life cycle for currently supported Kubernetes artifacts and a guideline for the community about how to add new platforms.

  2. Implement a Bill of Materials (BOM) for release artifacts (Introspectable / Secure)

    kubernetes/release#1837

    Outcome: An automated formal verification of produced release artifacts for every future release.

  3. Create releases landing page (Consumable)

    kubernetes/website#20293

    Outcome: A releases page that is up to date and acts as canonical place for release related information, for example links to release notes and support timelines.

  4. Define and implement the release cadence survey (Introspectable)

    kubernetes#1526

    Outcome: A regular survey evaluating the user experience of the current release cadence.

  5. Distribute the load of Kubernetes artifacts between vendors (Consumable)

    Outcome: A policy and procedure for use by SIG Release to promote container images and release binaries to multiple registries and mirrors.

    Enhancement: kubernetes/enhancements#3055

  6. Simplify CVE process for release management (Secure)

    kubernetes#896, kubernetes/release#1354

    Outcome: A documented and simple process for handling CVE information within Kubernetes releases.