Skip to content

Latest commit

 

History

History

roadmap

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
done.md
done.md
 
 
readme.md
readme.md
 
 

readme.md

Roadmap

See also what's done, as well as the TODO for a more "nitty gritty" level view.

Arch ⩓ Kube ☸️

  1. first baremetal install - easy, now -- or is it, with x2 USB keys for Arch ISO & cloud-init; git clone and launch?

  2. Something like dinstall from https://github.com/vorburger/LearningLinux/compare/WIP-arch-iso-dinstall to install from USB to persistent bare-metal. But test it in VM first.

  3. Few kubeadm join Vagrant VMs, with different hostnames, on same subnet, form a working Kube cluster

  4. Cluster API-based machine management, notably CABPK

  5. Host & Ephemeral Volumes work out-of-the-box

  6. Service, LoadBalancer, Ingress.. how to expose on LAN and external public IP?! VIIP? (HAProxy? seesaw?)

  7. trim down installed packages - it shouldn't have (need) pacman or most of base (IFF we can pacstrap without?)

  8. make an AUR package of kube-prepare.sh, kube-init.sh (but why? ask on IRC releng if any real interest)

  9. Security: installer partitions disk and puts /bin and /usr etc. into SquashFS read-only filesystem, and mounts other BTRFS partitions with noexec flag

  10. Certify it? ;)

Containers 🐳

  1. Learning Kubernetes CodeLabs ToDo

  2. Flux https://toolkit.fluxcd.io/get-started/ (with Kustomize?)

  3. Metrics: Node Agent, cAdvisor, Prometheus, Grafana

  4. Logging?!

  5. sshd shell container with fixed image (pubkey from Cloud Init) sshd as systemd container https://docs.linuxserver.io/images/docker-openssh-server

  6. New containers can be started from within other containers Post or pre Kube? Pre, ideally. Declarative, not imperative! Use git repo pushed from within container to host, and actuated by systemd.path.

  7. ISO can build containers from within containers #dogfood Using kaniko (not buildah)

  8. Run container cached and distributed from IPFS cache, using https://github.com/miguelmota/ipdr.

  9. Shell image name is read from DID (buildable by SCR)

  10. Shell container can replace itself #dogfood #inception

  11. kube auth

  12. ISO has gVisor

CI, CD & CMS

  1. Skaffold-, Draft- and/or Garden-like (which?) dev model

  2. Git server container: Initially simple/trivial, sshd with auth from cloud-init, like term, /data storage without IPFS yet, repo list configured in a YAML that is under Git itself, an "Operator" run by a Hook (or systemd.path?) actuates it (LATER ditto as Kube CRD); also see old idea.

  3. Source Container Registry (SCR) which can build Images from Source.

  4. Learn about Buildpacks, ArgoCD and TektonCD's Pipelines relationship?

  5. CMS like buildback for doc container images, starting with a MD to HTML transformation of this file? ;) #dogfood Basically a native HTML "CMS" for static docs.

  6. KISS static content shortcut, just a convention to have container images filled only with HTML (no web server ENTRYPOINT), plus a CNAME file. Then adding 1 line to serving.yaml, in some other Git repo, should suffice something (a "template operator"?) push that into IPFS (if it's not always already, as all container images will be?), and set up an ingress route to IPFS GW.

  7. Maven repository, implemented simply using above

  8. Git web browser, implemented simply as static site generator, as above.

  9. Generalize run image? Not just content, but any service, through some KISS shortcut, instead of YAML? (opt. from source, using SCR)

  10. Serve our ISO using above #dogfood

  11. Container Registry Proxy: Proxies to other registry/-ies, ; stateless. #performance #scalability

IPFS 🧊 #storage

  1. ISO has ipfs (systemd) (and /ipfs & /ipns ?)

  2. Container Registry on IPFS, with IPDR?

  3. Container proc can add content to nodes' IPFS Just forward daemon port into containers? Doc/demo.

  4. https://blog.ipfs.io

  5. Two ISO form an IPFS cluster together

  6. Container proc can pin on node and in cluster

  7. ipfs mount FUSE /ipmfs for ipfs files Mutable File System (MFS) #gap, see ipfs/roadmap#90. (One would expect this, and the ipfs files CLI, to have a way to support several "roots".) More like a JGitFS?

  8. Kubernetes Container Storage Interface (CSI) implementation on IPFS, idea also raised e.g. on https://discuss.ipfs.io/t/ipfs-as-a-storage-option-on-kubernetes/4506/2.

  9. IPFS Cluster supports "standard" Pinning Service API Spec instead of it's own API and the node local only API

  10. Federated Pin API dispatcher service allows pinning in cluster and externally e.g. on Piñata et al.

  11. Backup WIP files by pinning to IPFS cluster running at some friends

  12. Create ipfs/go-ds-blkdev IPFS datastore directly backed by a Linux /dev/ block device #performance #scale #efficiency. An alternative to https://github.com/ipfs?q=go-ds, notably the default https://github.com/ipfs/go-ds-flatfs implementation of https://github.com/ipfs/go-datastore.

  13. IPFS Git Remote Helper, AND a corresponding server gateway (jgit, see cookbook), like https://github.com/meyer1994/ipgit for ease of use. Either find a working one among the many attempts, or contribute to creating it on the most promising foundation. Note ipfs/roadmap#43, and e.g. https://github.com/ipfs-shipyard/git-remote-ipld and https://github.com/whyrusleeping/git-ipfs-rehost, or https://github.com/cryptix/git-remote-ipfs, or https://developer.aliyun.com/mirror/npm/package/git-remote-ipfs-mam or https://github.com/dhappy/git-remote-ipfs or https://hackage.haskell.org/package/git-remote-ipfs, but see https://github.com/martindbp/ipvc#why-not-just-use-git for RW as RO like https://docs.ipfs.io/how-to/host-git-style-repo is obviously dumb. Git Browse Web UI is out of scope, here.

  14. Encrypted IPFS blocks, as a separate overlay concept not baked into core, using DID. Until this is available, this entire project is only suitable for public open code and content that is on the public web. This would, eventually, make a lot of sense for https://identity.foundation/working-groups/secure-data-storage.html...

Identity 🆔

Self-sovereign identity with Decentralized Identifiers (DIDs).

  1. did:ipfs: Decentralized Identifier (DID) for IPFS Method Specification and Universal Resolver Driver. See https://identity.foundation, specifically https://identity.foundation/working-groups/identifiers-discovery.html and https://www.w3.org/TR/did-core/

  2. Machine Identity is an IPFS DID. Either simply re-using IPFS PeerID, or have a separate key, but interlink them.

  3. Shell container accepts anyone with a W3C DID, instead of requiring a pubkey from Cloud Init Works with any DID TBD from TBD, e.g. https://w3c-ccg.github.io/did-method-web/ or https://tools.ietf.org/html/draft-mayrhofer-did-dns-01 or https://github.com/decentralized-identity/github-did.

  4. How to YubiKey <=> DID?

  5. How to WebAuthn <=> DID?

  6. Cloud Web Shell, as above, but using WebAuthn instead of YubiKey

  7. Research how to do Permissions/Grants/Privileges right? Not just black/white true/false, but with an economic model, for initial use cases: Pinned permanent storage space, and right to spawn new containers.

Infra 🌐 ☁️ 🌌

  1. Simple Kube Ingress tooling to serve IPFS content on custom DNS names, using https://docs.ipfs.io/how-to/address-ipfs-on-web or https://docs.ipfs.io/concepts/ipfs-gateway.

  2. Classical DNS server which resolves to 🖧 LB IP of Kube Service on federated clusters.

  3. ssh term.dev (TBD) gives anyone having a public key on any DID a shell (with limits)

  4. abuse prevention for distributed shell, limit number of terms per DID, and rate limit per source IP? #DDOS #security

  5. fully distributed decentralized builds

Tools 🛠️ 🤖

  1. Be? #be #build

  2. Issues can be managed decentralized through simple files, distributed by Git. Bi-di import/export to GitHub, using e.g. https://github.com/MichaelMure/git-bug/ uel al?

  3. Roadmap (this) is auto synchronized with GitHub Issues & Projects #plan #doc Basically a tool to transform this kind of file into the file structure of the previous item, plus GitHub Projects support; add to MichaelMure/git-bug?

  4. Roadmap (this) has a Tag Word Cloud image #doc The ## project name section headers are just tags as well.

  5. Automated weekly team status updates, pulled from systems like Git et al, pushed as text to a Git repo. E.g. https://github.com/psss/did or something like that.

Apps 🏁

  1. Messaging: Decentralized 📬 "Email" and IM. Perhaps https://identity.foundation/working-groups/did-comm.html?

Security

  1. Secure Boot, see https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot with https://man.archlinux.org/man/systemd-stub.7 ?

  2. selinux/apparmor? (cri-o supported)

Networking Opimizations

  1. do not hard-code 8.8.8.8 for DNS anymore

Hardware

  1. PC Engines APU2, e.g. as (HAProxy? seesaw?) LB/router! See Arch Wiki, this bug and their cheap prices.

  2. https://www.coreboot.org/users.html

  3. protoype custom ARM (and RISC V?) mini cluster boards, e.g. with Gumstix

  4. figure out sustainable economic model to "give out" boards for free ;)

  5. see also ipfs/roadmap#48

Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.