Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: update roadmap after 1.14 release #27089

Merged
merged 2 commits into from
Aug 1, 2023
Merged

docs: update roadmap after 1.14 release #27089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
06fa102
docs: update roadmap after 1.14 release
lizrice Jul 26, 2023
5e174cf
docs: updates to roadmap
lizrice Jul 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
114 changes: 66 additions & 48 deletions Documentation/community/roadmap.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,35 +14,60 @@ broader community. You'll also find here some pointers on how you can

Major Feature Status
--------------------
+-----------------------------+------------------------------------------------------------+
| eBPF Networking | Stable (:ref:`Roadmap Details<rm-advanced-networking>`) |
++----------------------------+------------------------------------------------------------+
|| Kubernetes CNI | Stable |
++----------------------------+------------------------------------------------------------+
|| Load Balancing | Stable |
++----------------------------+------------------------------------------------------------+
|| Network Policy | Stable |
++----------------------------+------------------------------------------------------------+
|| Kube-proxy Replacement | Stable |
++----------------------------+------------------------------------------------------------+
|| Egress Gateway | Stable |
++----------------------------+------------------------------------------------------------+
| Multi-Cluster (ClusterMesh) | Stable (:ref:`Roadmap Details<rm-clustermesh>`) |
+-----------------------------+------------------------------------------------------------+
| Hubble Observability | Stable (:ref:`Roadmap Details<rm-hubble-observability>`) |
+-----------------------------+------------------------------------------------------------+
| Service Mesh | Stable (:ref:`Roadmap Details<rm-cilium-service-mesh>`) |
+-----------------------------+------------------------------------------------------------+
| Tetragon Security | Beta |
+-----------------------------+------------------------------------------------------------+

+--------------------------------------------------+----------------------------------------------------------+
| eBPF Networking | Stable (:ref:`Roadmap Details<rm-advanced-networking>`) |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`Kubernetes CNI<k8s_network_root>` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| `Load Balancing`_ | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`k8s_policy` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`Kube-proxy Replacement<kubeproxy-free>` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`egress-gateway` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`gsg_encryption` (IPSec and WireGuard) | Stable |
lizrice marked this conversation as resolved.
Show resolved Hide resolved
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`bandwidth-manager` | Stable |
lizrice marked this conversation as resolved.
Show resolved Hide resolved
++-------------------------------------------------+----------------------------------------------------------+
| Cilium Mesh | Stable (:ref:`Roadmap Details<rm-clustermesh>`) |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`Multi-Cluster (ClusterMesh)<clustermesh>` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`External Workloads<external_workloads>` | Beta |
++-------------------------------------------------+----------------------------------------------------------+
| Hubble Observability | Stable (:ref:`Roadmap Details<rm-hubble-observability>`) |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`Hubble CLI<hubble_cli>` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`hubble_ui` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`Prometheus metrics<metrics>` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
| Cilium Service Mesh | Stable (:ref:`Roadmap Details<rm-cilium-service-mesh>`) |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`gs_ingress` | Stable |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`gs_gateway_api` | Beta |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`gs_l7_traffic_management` | Beta |
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`gs_mutual_authentication` | Beta |
lizrice marked this conversation as resolved.
Show resolved Hide resolved
++-------------------------------------------------+----------------------------------------------------------+
|| :ref:`SPIFFE integration<identity_management>` | Beta |
++-------------------------------------------------+----------------------------------------------------------+
| `Tetragon`_ Security | Beta (:ref:`Roadmap Details<rm-tetragon>`) |
+--------------------------------------------------+----------------------------------------------------------+

"Stable" means that the feature is in use in production (though advanced
features may still be in beta or in development).

Release Cadence
~~~~~~~~~~~~~~~

We aim to make 2-3 point releases per year of Cilium and its core components
We aim to make 2 to 3 `point releases`_ per year of Cilium and its core components
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are rather consistently making 2 releases per year, with patch releases every month.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's consistent with the text as written? We could document patch releases here too, but I think that would probably be more detail than needed for this roadmap page

(Hubble, Cilium CLI, Tetragon, etc). We also make patch releases available as
necessary for security or urgent fixes.

Expand Down Expand Up @@ -72,43 +97,30 @@ Cilium has applied for `CNCF Graduation`_, please add your support on the PR!
Cilium Service Mesh
~~~~~~~~~~~~~~~~~~~

Our eBPF-accelerated Service Mesh is the main focus for
major enhancement, and it's a natural evolution of Cilium's networking
capabilities. We released a beta at the end of 2021 and had very valuable
feedback from our user community. The next steps we'd like to take for Cilium
Service Mesh (in no particular order) are:
As Cilium Service Mesh gets wider adoption, the next steps in
this area (in no particular order) include:

* Graduating Gateway API and L7 Traffic management to stable
* Graduating next-gen mutual authentication and SPIFFE integration to stable
* Graduating Prometheus metrics and OpenTelemetry collector to stable
* Using Kubernetes as service mesh control plane

* Simple to use sidecar-free service mesh configured using Kubernetes Services
and Ingress with support for additional annotations

* Graduating EnvoyConfig CRD to stable
lizrice marked this conversation as resolved.
Show resolved Hide resolved
* Extended sample Grafana dashboards for L7 visibility
* SMI integration
* SPIFFE integration
* Gateway API Integration
lizrice marked this conversation as resolved.
Show resolved Hide resolved
* Next-generation mutual authentication datapath framework

* Support for integrated runtime identity
* SSL-based mutual authentication
* Support for any network protocol

* Performance benchmarking

.. _rm-clustermesh:

ClusterMesh
Cilium Mesh
~~~~~~~~~~~

Core :ref:`ClusterMesh<clustermesh>` is stable and widely adopted. Future extensions include:
Cilium Mesh incorporates the ability to connect any application workload to any
other, whether they are distributed within the same or different Kubernetes
clusters, or in external services or VMs in public or private clouds. This
builds on the core :ref:`ClusterMesh<clustermesh>` capability that is stable and
widely adopted. Future extensions include:

* Service affinity
* Cluster health checks
* :ref:`External Workloads<external_workloads>` graduating to stable


.. _rm-advanced-networking:

Advanced Networking Features
Expand All @@ -118,12 +130,11 @@ There are several advanced networking features currently in beta, several of
these are already in production use with a set of adopters. We expect the
following features to graduate to stable:

* :ref:`gsg_encryption` (IPsec & WireGuard)
* :ref:`BGP<bgp>`
* :ref:`bandwidth-manager`
* :ref:`Local Redirect Policy<local-redirect-policy>`
* :ref:`CiliumEndpointSlice<gsg_ces>`
* :ref:`Multi-Pool IPAM<ipam_crd_multi_pool>`
* :ref:`Node-to-node WireGuard encryption<node-node-wg>`

.. _rm-hubble-observability:

Expand All @@ -145,13 +156,18 @@ currently working on `CI improvements`_ to make these more reliable and easier t
maintain. This is a good area to get involved if you are interested in learning
more about Cilium internals and development.

.. _rm-tetragon:

Tetragon Security
~~~~~~~~~~~~~~~~~

Tetragon provides security observability and runtime enforcement through the JSON events and the Tetragon
`Tetragon`_ is a sub-project within the Cilium family. It provides security observability and runtime enforcement through the JSON events and the Tetragon
CLI for things like process execution, file access, network observability, and
privileged execution.

Although Tetragon is still in Beta stage, a set of adopters already use it in
production.

Codebase modularization
~~~~~~~~~~~~~~~~~~~~~~~

Expand Down Expand Up @@ -201,6 +217,8 @@ anything other than trivial fixes.


.. _committers: https://raw.githubusercontent.com/cilium/cilium/main/MAINTAINERS.md
.. _Load Balancing: https://cilium.io/use-cases/load-balancer/
.. _Tetragon: https://tetragon.cilium.io
.. _GitHub issues: https://github.com/cilium/cilium/issues
.. _point releases: https://cilium.io/blog/categories/release/
.. _Get Involved: https://cilium.io/get-involved
Expand Down
2 changes: 2 additions & 0 deletions Documentation/network/servicemesh/mutual-authentication/mutual-authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ mutual authentication requires a framework secure identity verification for dist

To learn more about the the Mutual Authentication architecture for the Cilium Service Mesh, read the `CFP <https://github.com/cilium/design-cfps/blob/main/cilium/CFP-22215-mutual-auth-for-service-mesh.md>`_.

.. _identity_management:

Identity Management
###################

Expand Down
2 changes: 2 additions & 0 deletions Documentation/security/network/encryption-wireguard.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,8 @@ have WireGuard encryption enabled, i.e. mixed mode is currently not supported.
In addition, UDP traffic between nodes of different clusters on port ``51871``
must be allowed.

.. _node-node-wg:

Node-to-Node Encryption (beta)
==============================

Expand Down