Roadmap & Status¶
Where the code is today¶
Nodewright is pre-v0.1. The design and governance are settled and heavily documented; the running code is a scaffold plus one real vertical slice. This is deliberate — the plan front-loads the low-risk, high-value work.
| Area | Status | Notes |
|---|---|---|
| Design, PRDs, CI, governance | :material-check-circle:{ style="color:#1F7A78" } Solid | Architecture brief, security/test PRDs, 13-lane CI on self-hosted runners. |
VMVolumeMigration types + phase state-machine |
:material-check-circle:{ style="color:#1F7A78" } Real, tested | The one fleshed-out vertical slice: typed CRD, phase FSM, audit transition builder. |
Observation bridge (NodewrightCluster / AgentStatus) |
:material-progress-clock:{ style="color:#F0BE65" } In progress | Read-only rollup of the DaemonSet's live state. Under active construction. |
| Migration data path, agent, storage/OS backends, audit chain, webhooks | :material-circle-outline:{ style="color:#B94B01" } Designed, not built | Interfaces exist; implementations are stubs. |
Read the docs for intent, the code for reality
Everything on the Architecture pages is accurate as design. This page is the honest map of what actually executes today.
The plan: read-only bridge first, then gated parity¶
The productization sequence is C → B:
flowchart LR
C["C — Observation bridge<br/>read-only health surface<br/>blast radius: LOW"]:::c
B["B — Parity surface<br/>bond flip · replication upgrade<br/>DRBD · VM protection<br/>blast radius: HIGH, gated"]:::b
A["A — VMVolumeMigration<br/>the RWX migration workflow<br/>parallel track"]:::a
C --> B
A -.parallel.-> B
classDef c fill:#1F7A78,color:#fff,stroke:#005B5B
classDef b fill:#B94B01,color:#fff,stroke:#7a3200
classDef a fill:#9EB277,color:#012121,stroke:#6f7f52
- C — the observation bridge (now). Teach the operator to read and surface the DaemonSet's live state. Ships value in days, cannot harm the running cluster, and produces the accurate state model the rest of the work needs. Being built autonomously, story by story, gated on CI.
- B — the parity surface (next). Re-implement what the DaemonSet does — the bond-flip machine, replication upgrades, DRBD coordination, VM protection — as first-class, supervised workflows. High blast radius, so it's over-specified and human-gated, never an unattended loop.
- A —
VMVolumeMigration(parallel). The RWX migration workflow. It automates a runbook the DaemonSet never did, so it advances on its own track independent of parity.
Release phases¶
=== "v0.1 — Foundations"
- The read-only health surface (`NodewrightCluster.status`, `NodewrightAgentStatus`).
- `VMVolumeMigration` controller (cold + hot paths, snapshot bookends, checksum verify).
- Audit log to an external sink.
- The DaemonSet stays behaviorally untouched — the operator wraps and observes it.
=== "v0.2 — Takeover"
- `BondModeFlipPlan`, `ReplicationUpgrade` become real controllers.
- The DaemonSet shrinks to a thin Go agent that writes per-node status.
- `EdgeProfile` ships as a signed, versioned artifact; extensibility seams go live.
=== "v1.0 — Fleet"
- Multi-cluster fleet aggregation (read-only view; every action stays a per-cluster CRD apply).
- Boot-recovery, snapshot, and per-node version policies.
- Customer self-service for the safe operations.
Design principles that don't change¶
- Orchestrate, don't re-implement — Palette, LINSTOR, KubeVirt, and Kairos stay; Nodewright coordinates them.
- Operator owns intent, agent owns mutation.
- Fail loud; honor gates; never partially proceed.
- Product-neutral by construction — no customer or hardware name is compiled into the operator; every site is a profile.