Fix repeated/failed creation of connectors on the routerFigure out the issue with incorrect return values from API functionsDeleting sites and backbones causes exceptions to be repeatedly caught in the management controllerThere is a name-collision thing happening when a backbone is deleted and then re-created- Multiple Access Points can be created on the same site with the same name
- Claim against an expired invitation is honored
Generalize and parameterize the "hash-sets" for site-to-management reconciliation allowing for greater flexibility in development- Use PG notifications instead of polling to detect database changes
- Explore ways to virtualize the Kubernetes content on backbones/member-sites for non-kube environments
- Consolidate string definitions
- When reconciling changes that are immutable, delete the synced object and re-reconcile for the create
- Do something sensible when AMQP destinations are no longer reachable (i.e. credit runs out)
- Consider issuing temporary credentials so that the first site of a new backbone can be bootstrapped on another backbone
- Set up router policies to restrict access to management-plane APIs
- Router-feature: Use a PKI signature for the router configuration so the configuration cannot be altered
- HMAC digest for the initial configuration that is signed by the router's private key
- Digest is carried in the connection properties and is enforced by the connected router
- If policy (or other security) configuration is altered after the initial startup, the router is shut down
- Consider also sending the cryptographic signatures of the pod images in the connection properties
- Inter-router/Edge connections are:
- Authenticated via MTLS
- Accepted only if the connecting site has an authentic initial configuration
- Consider having the sites generate their own certificates and CSRs to be sync'd to the MC for signing
- This would require the installation of openssl into the site-controller container image
- Build APIs and front-end for managing the tree of certificates. This includes:
- API for fetching all certificates signed by root or a CA (to support a tree-table)
- configuring and commanding certificate rotation
- viewing the important fields of a certificate
In initial setup, specify which ingresses are needed on the site based on configured access points (skupperx-incoming configmap?)In site YAML, include outgoing peer-links to known access pointsFigure out how to establish connectivity from the management controller to the backboneDefine the backbone-router-to-management-controller protocol and APIsImplement the link APIs inband to the management controllerDemonstrate automatic backbone site bootstrapOn initial creation for backbone sites, only include manage and peer incoming linksReview the inband APIs to allow for full link updates at run time (add/remove links, rotate certificates)Review the API for coherence in the URL pathsReview the module structureEnsure that Kube watches are working as expectedDisable API for backbone-site config after the site has "checked in" with the management controllerDefine the APIs for the front-endChange the field validator to a validator/normalizer which returns a copy of the fields with their expected typesTrigger hash updates and heartbeats to sites when relevant database changes occurRename the site-controller imageConsider adding a "metadata" field to the interiorsites table to store opaque (JSON) data from the front-endProvide guidance in the deployment of backbone sites - bootstrapping the first site; indicating which sites can be deployed in sequence - deployment-stateSimplify the JSON fields in the bootstrap process to remove unneeded fields and depthAdd a shell command in one of the site containers that extracts the host info for bootstrap-deploymentDelete orphaned TlsCertificate records when their owners are deletedUse router names that are more descriptive and derived from the backbone site name- Clean up the async structure of the "prune" module
- Add an entry point in the "prune" module to clean things up after objects are deleted
- Add ingress capability for non-OpenShift kubernetes
- Consider replacing the boolean ingress indication with "no-ingress", "any", or ingress-style suggestions
- Add a PUT to allow backbones to be renamed
- Add a "platform" column for sites - probably enumerated for formality
- Return an error on the ingress-post (during bootstrap) if the input is not validated
- Consider invitation-templates for backbones
- Every new application network automatically comes with a set of pre-definied invitations which can be deleted or added-to
Create non-backbone mode for the site-controller - disable ingress and other backbone-specific functionsAdd a claim-handshake module to the site-controllerDesign a mechanism by which invited sites become member sitesAdd interactive invitations so member-console action is needed before the claim is assertedRemove the skx-inject annotation for claim secrets as they are not needed in the routerAdd the User API for access to application networks, invitations, and member sites- Remove backbone-mode and replace with backbone-enabled, member-enabled, claim-enabled. This allows a site to be a member and a backbone at the same time
- Design the member API
Site status and site activation- Active and inactive application state
- Allow users to rename member sites (affects site-scope addressing) - Alternatively, consider a separate site-scope-prefix field.
- Bug: Invitation can be created with a primary access that is not a 'member' access-point
Define the data structures to support full application definitionDesign the kube-state representation of the above dataImplement APIs to access the full application definition- Consider pre-loading a directory tree of sync-state in the management controller and separating the sync processing from the database (to reduce load on the DB)
- Add transitive dependency - A "mixed" block might be dragged in by a South interface but have a North interface that recursively drags in another dependent block.
- Consider un-constraining interface roles. Just make them arbitrary strings, defined by connector writers. Alternatively, allow users to add to the role list. Namespaced roles?? too much??