Roadmap
Info
Current status: ALPHA
Alpha requirements
Literally anything that works.
Beta requirements
Good enough for tinkering and personal usage, and reasonably secure.
- Automated bare metal provisioning
- Controller set up (Docker)
- OS installation (PXE boot)
- Automated cluster creation (k3s)
- Automated application deployment (ArgoCD)
- Automated DNS management
- Initialize GitOps repository on Gitea automatically
- Observability
- Monitoring
- Logging
- Alerting
- SSO
- Reasonably secure
- Automated certificate management
- Declarative secret management
- Replace all default passwords with randomly generated ones
- Expose services to the internet securely with Cloudflare Tunnel
- Only use open-source technologies (except external managed services in
./external
) - Everything is defined as code
- Backup solution (3 copies, 2 seperate devices, 1 offsite)
- Define SLOs:
- 70% availability (might break in the weekend due to new experimentation)
- Core applications
- Gitea
- Tekton
- Private container registry
- Homepage
Stable requirements
Can be used in "production" (for family or even small scale businesses).
- A single command to deploy everything
- Fast deployment time (from empty hard drive to running services in under 1 hour)
- Fully automatic, not just automated
- Bare-metal OS rolling upgrade
- Kubernetes version rolling upgrade
- Application version upgrade
- Encrypted backups
- Secrets rotation
- Self healing
- Secure by default
- SELinux
- Network policies
- Static code analysis
- Chaos testing
- Minimal dependency on external services
- Complete documentation
- Diagram as code
- Book (this book)
- Walkthrough tutorial and feature demo (video)
- Configuration script for new users
- SLOs:
- 99,9% availability (less than 9 hours of downtime per year)
- 99,99% data durability
- Clear upgrade path
- Additional applications
- Matrix with bridges
- VPN server
- PeerTube
- Seafile
- Blog
- Development dashboard
Unplanned
Nice to have
- Addition applications
- Mail server
- Air-gap install
- Automated testing
- Security audit
- Serverless (Knative)
- Cluster API (last attempt)
- Split DNS (requires a better router)