AtomicOpenShift Roadmap Overview

Table of Contents

  1. seamless-devexp
  2. cluster-scale
  3. container-security
  4. atomic-registry
  5. simple-install
  6. scanning-images
  7. initial-devexp
  8. [prometheus-alerts]
  9. [epic-ois-agl-perf]
  10. [reliability]
  11. catalog
  12. signing-images
  13. cri-o
  14. [online-crio]
  15. [cloud native infra]
  16. [epic-ois-es5]

Seamless Developer Experience on OpenShift [seamless-devexp]

As a developer, I want to have a seamless and productive user experience when developing applications on OpenShift.

I should be easily able to easily get started developing in my favorite tools across all operating systems.

I should have access to well written examples, documentation, and guides on how to bring my software onto the cloud. I should be able to easily understand how to leverage the capabilities provided as I need them.

Measurable outcomes:

Add support for defining volumes for build pods [builds] 13BacklogUnassigned ReleaseDeveloper Experience
Support github's "secret" for invoking webhooks [techdebt][builds] 5BacklogUnassigned ReleaseDeveloper Experience
Tooling for creating valid templates [evg][templates] 20BacklogUnassigned ReleaseDeveloper Experience
Make new-app generate based on skeleton definition [evg][app_creation] 8DevTools CandidatesUnassigned ReleaseDeveloper Experience
Complete Rails config/database.yml based on available data [scl] 3SCL CandidatesUnassigned ReleaseDeveloper Experience
Add mod_wsgi to sti-python [evg][scl] 8SCL CandidatesUnassigned ReleaseDeveloper Experience
Better Git integration in the web console [evg] [onboarding] [build] Don't MoveUnassigned ReleaseUser Interface
Completed Points: 0 of 57

Cluster Scale [cluster-scale]

As an OpenShift & Atomic administrator, I want to be able to scale my cluster to thousands of Nodes, tens of thousands of projects, and thousands of builds.

At very large scales, my operational tooling should summarize and identify the overall health of the applications on the cluster.

As an administrator, when I choose to split my cluster into multiple clusters, I have tools and processes that help me manage the increased complexity and preserve the movement of my applications across the clusters.

Measurable outcomes:

Use ruby 2.4 S2I base image for fluentd [logging] 5Backlogproposed-3.11Logging and Metrics
Completed Points: 0 of 5

Container Security [container-security]

As an administrator, I want to ensure that my Atomic and OpenShift environment is secure to and prevent exploits of my containers or container hosts.

Completed Points: 0 of 0

Enterprise Image Registry [atomic-registry]

As an administrator, I want to be able to setup a private enterprise registry for my developers to usage with OpenShift & Atomic and for accessing containers locally on their desktop.

As an administrator using the enterprise registry, I should be able to upgrade to Atomic Enterprise and OpenShift with minimal disruption to my existing infrastructure.

As an OpenShift administrator I should be able to move images across clusters (including the enterprise registry) cleanly and securely to control the flow of applications into production clusters.

Support importing local Docker images using oc import-image [evg] 5BacklogUnassigned ReleaseDeveloper Experience
Completed Points: 0 of 5

Simple Install & Getting Started Experience for Admins and Developers [simple-install]

Installation of AEP, OpenShift, and Origin should be as simple or simpler than installing kubernetes.

A developer and an admin should be able begin running an Origin/AEP/OSE all-in-one (single node) in under 30s. The setup should be predictable and reliable across any system that supports Docker, with a focus on Windows and Mac machines. They should be able to leverage the Red Hat CDK for integrated development tooling and workflow.

With minimal effort, and admin should be able to use Ansible to deploy a cluster and try out multi-node setups on a wide variety of cloud infrastructure as well as bare metal, with centos and RHEL being the primary focus OSes.

The documentation should support and assist users in getting through this process and identify possible failure modes and common steps.

[install] [CFME] Prerequisites playbook 3BacklogUnassigned ReleaseCluster Lifecycle
Update Installer NFS support to use NFS provisioner 3BacklogUnassigned ReleaseCluster Lifecycle
oo-install dynamic inventory and provisioning support NewUnassigned ReleaseCluster Lifecycle
Completed Points: 0 of 6

Scanning Images and Containers [scanning-images]

As a user of OpenShift I want to be able to efficiently scan images in the registry and running containers for known vulnerabilities against a set of configurable providers such as OpenSCAP, Black Duck, etc. I want to be able to view how these vulnerabilities map to errata. I want to be able to trigger integrated builds and deployments to fix vulnerabilities when they are identified.

atomic registry should explode images onto ostree 5BacklogUnassigned ReleaseContainer Security
R&D pushing scanning data into Elasticsearch NewUnassigned ReleaseContainer Security
Blacklist new pushed images until scanned NewUnassigned ReleaseContainer Security
Scan new images based on imagestream trigger NewUnassigned ReleaseContainer Security
Completed Points: 0 of 5

Developer initial experience [initial-devexp]

As a developer, I want to get started very quickly so that I can quickly focus on developing my application and deploying it so I can get feedback on it.

As a developer, I don’t want to have to spend a bunch of time going through tutorials. I want to learn about concepts, when I need to learn about them. I also want it to be in the language I speak and tailored for the type of applications I’m building (specific to languages and frameworks).


This card represents the trello facing part of scenario development, based on specific objectives and personas. The goal is to have a systematic way to measure/score the current release experience from various category of users. Then identify areas for improvement and target experiences, link the cards needed for that to this epic, plan/mark those cards as usual for various releases and also associate the target score.

Targeted for 3.4 is 3 stars, up from 2 stars in 3.3

Scenario document:

Completed Points: 0 of 0

Prometheus Alerts [prometheus-alerts]

High-quality alerts are essential to automated cluster monitoring. In the spirit of “Online First”, develop, test and deploy alert rules to clusters that can then be hardened and delivered to customers. Components include:

Completed Points: 0 of 0

[epic-ois-agl-perf] Performance and scaling improvements for Aggregated Logging

Completed Points: 8 of 38

Cluster Reliability [reliability]

As an OpenShift operator, I would like high quality metrics and alerts for use on-premise and all hosted offerings to support cluster monitoring of essential use-cases and components.

As an OpenShift operator, I would like the platform to identify and remedy problems for components in my clusters. I would like the product to deliver automated solutions for anticipated failures. In the case of unanticipated failure, I would like a mechanism to execute automated actions. If not successful, I would like SOP documentation for how to remedy or diagnose the problem further. All automated actions and SOP documentation must be versioned with the core product.

[Reliability] Implement Metrics, alerts, SOPs 8NextUnassigned ReleaseLogging and Metrics
[Reliability] Audit Metrics + Alerts + SOPs for SDN ?BacklogUnassigned ReleaseNetworking
[Reliability] SRE Intro 0NewUnassigned ReleaseSecurity
[Reliability] SRE Intro 1In ProgressUnassigned ReleaseStorage
[reliability] Implement Metrics + Alerts + SOPs ?NextUnassigned ReleaseUser Interface
[Reliability] SRE Intro 1Newtargeted-3.11Containers
[Reliability] Audit Metrics + Alerts + SOPs 3Newtargeted-3.11Containers
[Reliability] Implement Metrics + Alerts + SOPs ?Newtargeted-3.11Containers
[Reliability] SRE Intro 1Newtargeted-3.11Master
[Reliability] Audit Metrics + Alerts + SOPs 3Newtargeted-3.11Master
[Reliability] Implement Metrics + Alerts + SOPs ?Newtargeted-3.11Master
[Reliability] SRE Intro 1Backlogtargeted-3.11Network Edge
[Reliability] [metrics] Implement Metrics + Alerts + SOPs In Progresstargeted-3.11Storage
[Reliability] [metrics] Audit Metrics + Alerts + SOPs In Progresstargeted-3.11Storage
[Reliability] Standa's SRE Intro 0Nextproposed-3.11Security
[Reliability] Audit Metrics + Alerts + SOPs 3Backlogproposed-3.11Security
[Reliability] Implement Metrics + Alerts + SOPs ?Backlogproposed-3.11Security
[Reliability] Mo's SRE Intro 1Sprint 150proposed-3.11Security
[Reliability] SRE Intro 1Sprint 150committed-3.11Pod
[Reliability] Audit Metrics + Alerts + SOPs 3Backlogtargeted-3.12Ansible Service Broker
[Reliability] SRE Intro 1Backlogtargeted-3.12Ansible Service Broker
[Reliability] Implement Metrics + Alerts + SOPs ?Backlogtargeted-3.12Ansible Service Broker
[reliability] Implement Metrics + Alerts + SOPs for router 5Backlogtargeted-3.12Network Edge
[registry][Reliability] Implement Metrics + Alerts + SOPs Nextproposed-3.12Developer Experience
Completed Points: 2 of 32

Service Catalog [catalog]

As a developer using Openshift, I should be able to locate and consume services in my application that are provided by other teams, other clusters, or are provisioned on demand for me.

As an administrator, I should be able to expose services for consumption and track their use across clusters, as well as securely integrate and expose my existing infrastructure services to applications on OpenShift

[cli] Provide tools to write kubectl plugins 5BacklogUnassigned ReleaseMaster
[catalog] Quota for ServiceInstances and ServiceBindings BacklogUnassigned ReleaseService Catalog and Multi-cluster
(M) [catalog] Distribute knowledge to rest of community BacklogUnassigned ReleaseService Catalog and Multi-cluster
(XL) [catalog] RBAC for Service Instances BacklogUnassigned ReleaseService Catalog and Multi-cluster
[catalog] svcat integrated with oc BacklogUnassigned ReleaseService Catalog and Multi-cluster
[catalog] extra consumer parameters on bind NewUnassigned ReleaseService Catalog and Multi-cluster
[catalog] convert openshift specific RBAC APIs in installer and cluster up NewUnassigned ReleaseService Catalog and Multi-cluster
[catalog] Add support for object and array types of parameters NewUnassigned ReleaseService Catalog and Multi-cluster
[catalog] Allow users to add entries to the credentials secret NewUnassigned ReleaseService Catalog and Multi-cluster
[catalog] More comprehensive docs for OpenShift 3.10 NewUnassigned ReleaseService Catalog and Multi-cluster
Document Network Isolation Integration with Service Linking (Related to Service Catalog) [sdn][docs] 3Pending Upstreamproposed-3.11Networking
[catalog] Add pod-preset to Catalog API Server 5In Progressproposed-3.11Service Catalog and Multi-cluster
[catalog] Health Check 8In Progressproposed-3.11Service Catalog and Multi-cluster
[catalog] Allow triggers for Deployments on Binding Backlogproposed-3.11Service Catalog and Multi-cluster
(XL) [catalog] Allow Service Instances to span multiple namespaces Backlogproposed-3.11Service Catalog and Multi-cluster
[catalog] Enhance kubectl get experience 13Acceptedproposed-3.11Service Catalog and Multi-cluster
[catalog] Add a way to filter which service classes and plans are created for a broker Acceptedcommitted-3.11Service Catalog and Multi-cluster
(XL) [catalog] Namespace scoped service catalog Acceptedcommitted-3.11Service Catalog and Multi-cluster
Completed Points: 13 of 34

Signing Images [signing-images]

As an image creator I want to be able to sign images using my private key so users can verify who created the image.

As an end-user I want tooling that will verify the signature of an image.

Use case document (internal URL):

Support consuming manifest lists in containers/image 5CompleteUnassigned ReleaseContainer Security
[signing] Support verification of images on disk ?BacklogUnassigned ReleaseContainer Security
Extract relevant public keys from policy.json 8BacklogUnassigned ReleaseContainer Security
[signing] Signing of Base Images ?BacklogUnassigned ReleaseContainer Security
[signing] Support X-Registry-Supports-Signatures in atomic BacklogUnassigned ReleaseContainer Security
Add signing integration test 3BacklogUnassigned ReleaseContainer Security
Provide oadm sign-image command [imagestreams] 8BacklogUnassigned ReleaseDeveloper Experience
[signing] Image signing service NewFuture ReleaseContainer Security
Allow serving signatures from Epic BacklogActions to eventually become cardsRoadmap
Sign our published images Epic BacklogActions to eventually become cardsRoadmap
Support for OCI images in registries, or OCI tarballs (are other components available?) Epic BacklogActions to eventually become cardsRoadmap
Speed up verification (now takes about ~1 s per signature) Epic BacklogActions to eventually become cardsRoadmap
Completed Points: 5 of 24


(EPIC) openshift-ansible to install CRI-O [oa-cri-o] Sprint 151committed-3.10Cluster Lifecycle
[CRI-O][KPOD] Implement kpod create 9CompleteUnassigned ReleaseContainer Security
Signature verification at container start time for cri-o 5BacklogUnassigned ReleaseContainer Security
Registry patch in CRI-O 8CompleteUnassigned ReleaseContainers
[CRI-O] Volume management 5CompleteUnassigned ReleaseContainers
SELinux support in CRI-O 5CompleteUnassigned ReleaseContainers
Add support for OCI hooks to cri-o [CRI-O] 5CompleteUnassigned ReleaseContainers
[online-crio] Make sure oci-umount fixes issues with leaked file descriptors under CRI-O [CRI-O] 3CompleteUnassigned ReleaseContainers
[CRI-O] minikube integration 8CompleteUnassigned ReleaseContainers
support mount propagation [CRI-O] [high] 5CompleteUnassigned ReleaseContainers
[CRI-O] Support sharing PID namespace in a pod 3CompleteUnassigned ReleaseContainers
[CRI-O] [Exec] Exec (streaming) CompleteUnassigned ReleaseContainers
[CRI-O] Attach 8CompleteUnassigned ReleaseContainers
[CRI-O] Add support for OOM 3CompleteUnassigned ReleaseContainers
[SPIKE][CRI-O] Internal RHEL Package build testing for CRI-O + OpenShift ?BacklogUnassigned ReleaseContainers
[SPIKE][CRI-O] External Fedora Package build testing for CRI-O + OpenShift ?BacklogUnassigned ReleaseContainers
[CRI-O][KPOD] Implement podman rm 5Sprint 149Unassigned ReleaseContainers
Completed Points: 67 of 72

Get CRI-O workin in an online cluster [online-crio]

Completed Points: 22 of 22

Cloud Native Infrastructure [Cloud Native Infra]

[Cloud Native Infra] Component Lifecycle 8NewUnassigned ReleaseNetworking
[Cloud Native Infra] component break out ?NewUnassigned ReleaseNetworking
[Cloud Native Infra] install/upgrade CI ?NewUnassigned ReleaseNetworking
[Cloud Native Infra] Component Lifecycle 0NextUnassigned ReleasePod
[Cloud Native Infra] Migrate Existing clusters to scale groups (and Multi-AZ) ?Backlogtargeted-3.11Cluster Lifecycle
[Cloud Native Infra] Scale Group Upgrade Pipeline ?Newtargeted-3.11Cluster Lifecycle
[Cloud Native Infra] Component Lifecycle 8Newtargeted-3.11Containers
[Cloud Native Infra] component break out ?Newtargeted-3.11Containers
[Cloud Native Infra] install/upgrade CI ?Newtargeted-3.11Containers
[Cloud Native Infra] Component Lifecycle 8Newtargeted-3.11Master
[Cloud Native Infra] install/upgrade CI ?Newtargeted-3.11Master
[Cloud Native Infra] install/upgrade CI ?Newtargeted-3.11Storage
[Cloud Native Infra] component break out ?Newtargeted-3.11Storage
[Cloud Native Infra] Component Lifecycle 8Don't Movetargeted-3.11User Interface
[Cloud Native Infra] install/upgrade CI ?Don't Movetargeted-3.11User Interface
[Cloud Native Infra] component break out ?Don't Movetargeted-3.11User Interface
[Cloud Native Infra] Component Break Out 1Sprint 150targeted-3.11Pod
[Cloud Native Infra] openshift ansible pr job for aws ?Newproposed-3.12Cluster Lifecycle
[Cloud Native Infra] Component install/upgrade [registry] 8Nextproposed-3.12Developer Experience
[Cloud Native Infra] Component Lifecycle 8Newproposed-3.12Security
[Cloud Native Infra] component break out ?Newproposed-3.12Security
[Cloud Native Infra] install/upgrade CI ?Newproposed-3.12Security
[Cloud Native Infra] Component Lifecycle 8Backlogtargeted-3.12Ansible Service Broker
[Cloud Native Infra] install/upgrade CI ?Backlogtargeted-3.12Ansible Service Broker
Completed Points: 1 of 57

[epic-ois-es5] Aggregated logging Elasticsearch 5

R&D ES startup - load index templates/patterns/other settings into the cluster rather than individual nodes[logging][epic-ois-es5][epic-rnd] 3BacklogUnassigned ReleaseLogging and Metrics
separate readiness probes for clients and masters [epic-ois-es5] ?NewUnassigned ReleaseLogging and Metrics
Implement upgrade procedure from logging in 3.6 to 3.7 [epic-ois-es5] 8NewUnassigned ReleaseLogging and Metrics
Implement minor upgrade of Elasticsearch (5.x -> 5.y) [epic-ois-es5] 1NewUnassigned ReleaseLogging and Metrics
Remove Logging ES5 tech-preview [epic-ois-es5] 3Acceptedcommitted-3.11Logging and Metrics
Productize upstream curator 5.2 [epic-ois-es5] 3Acceptedcommitted-3.11Logging and Metrics
Productize elasticsearch [epic-ois-es5] 8Acceptedcommitted-3.11Logging and Metrics
Productize kibana [epic-ois-es5] 3Acceptedcommitted-3.11Logging and Metrics
Implement Single Searchguard Index [epic-ois-es5] 3Completeproposed-3.11Logging and Metrics
CI test for Elasticsearch5 without multitenancy [epic-ois-es5] ?NewFuture ReleaseLogging and Metrics
Completed Points: 20 of 32

Total Completed Points: 135 of 386

Generated at 05:30AM EDT - archives