You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
KSail Monthly Strategy β July 2026. The roadmap home for KSail (monthly refresh of #4988; same scheme: theme/epic items carry roadmap, actionable children use normal labels). Grounded in the live backlog and the June merge history.
Theme A β Cloud-provider & distribution expansion β epic #4627 (roadmap)
Problem. One SDK across the major clouds; GKE/AKS missing, Hetzner K3s/Vanilla and EKS unfinished. Direction. Finish #4510 GKE slices in order β (3) provisioner + factory routing after #5682 merges, (4) Provider/Distribution enum + schema surface, (5) AKS mirror via armcontainerservice β these are startable now and NOT credential-gated (unit-tested like the merged EKS/GKE code). #3983/#4328 completion stays gated on #4972/#4973 (credentials/machines β maintainer-only); the platform-side AWS chain (platform#2324β#2327) is advancing (#2377 promoted). Size: L. Priority:High β the default substantive lane for July.
Problem.#5344 is one slice from done; the Flux-2.9 epic's children #3β#8 are unscoped wishes. Direction.#5344 remainder: 3b --ephemeral operator-children (env-gated, reuses #4899) + native cel-go CEL validation (per #5624: stay-native, no external tool). From #5606 pick and spec 1β2 children for July β suggested first: #3Kustomization.spec.ignore drift handling (extends workload reconcile) and #4 CEL Helm health checks (builds on #5576). Size: M. Priority: High (maintainer-requested epic).
Problem. Multi-cluster scaffolding is mid-flight; the CLI's command taxonomy (#5626ksail project) and scope over unmanaged clusters (#5654, filed 07-01) are open shape questions. Direction.#5441: next increment = cluster init --multi-cluster flag composing the merged Derive+Write; then item 3 (environmentsΓproviders). #5654 needs a decomposition pass first (kubeconfig discovery, context ops, which commands go cluster-agnostic) β it is the freshest scope question and should get an ADR-style design comment + child issues early in July. #5626 follows the same ADR-first path (command-migration matrix). Size: MβL. Priority: High for the #5654 decomposition; Medium for implementation until the design lands.
Problem. Remaining phases need real child clusters (Connectors for Kind-DinD/k3k/KWOK/Talos-DinD, Docker provider, cloud kubeconfigs) β not unit-testable on the dev hub. Direction. Land #5551 (awaiting promotion); then pick the KWOK Connector as the one possibly-testable slice; the rest as environments allow. Size: L. Priority: Medium, env-gated.
Unchanged from #4988: new feature work maps to a theme (or proposes one here first); implementing PRs Fixes #child; epics close with their children; refreshed monthly.
Supersedes #4988 (June). No new epics minted β all themes point at existing tracking issues.
KSail Monthly Strategy β July 2026. The roadmap home for KSail (monthly refresh of #4988; same scheme: theme/epic items carry
roadmap, actionable children use normal labels). Grounded in the live backlog and the June merge history.June outcomes (vs #4988)
June was a feature-heavy month β the roadmap structure worked and most of it shipped:
spec.verifyshipped and closed; platform now runs verify in prod (platform#1570 β chore(deps): Bump actions/checkout from 4.3.1 to 6.0.2Β #2319).workload networkone-shot +--follow).ResolveTarget(feat(workload): add native mirror target resolutionΒ #5534) + P1SelectTapPoint(feat(workload): select the pod and container a mirror tap attaches toΒ #5537) merged.hetznerbase, factory wiring all merged β completion (validation flip feat(apis): enable K3s/Vanilla Γ Hetzner β validation flip + docs (lands last)Β #5514 + E2E test(system): smoke tests for Hetzner Γ K3s/Vanilla (blocked on #4972)Β #5515) blocked on bug(ci): Hetzner system test red for 6+ weeks β HCLOUD_TOKEN invalid (unauthorized)Β #4972. [Repo Assist] [chore]: complete AWS EKS providerΒ #4328 EKS stays code-complete, credential-gated. [Repo Assist] [chore]: add GKE and AKS cloud providers to extend KSail beyond AWS EKSΒ #4510 GKE/AKS started: GKE client merged (feat(gke): add native GKE cluster-lifecycle client foundationΒ #5677),pkg/svc/provider/gcpin flight (feat(provider): add the GCP infrastructure provider over the GKE clientΒ #5682).workload validateandworkload scanto validate/scan all GitOps layers in-processΒ #5344 in-process validate/scan (phases 1β2, 3a, per-layer attribution, chart caching ALL merged), feat(cluster): scaffold and grow multi-cluster, multi-provider GitOps reposΒ #5441 multi-cluster scaffolding (item 1cluster add-environmentcomplete; item 2 layout derive+write merged), feat(flux): enrich KSail with Flux v2.9.0 capabilities (distribution bump + new features)Β #5606 Flux v2.9.0 capabilities epic (children 1β2 done), and KSail became a Flux 2.9 distributor with a matched-pair manifests pin after the v0.53.0 Receiver-CRD breakage (bug(flux): FluxInstance BuildFailed β floating flux-operator-manifests:latest + distribution 2.x breaks Flux bootstrapΒ #5595/fix(flux): pin flux-operator-manifests distribution artifact (no floating :latest)Β #5596).July themes
Theme A β Cloud-provider & distribution expansion β epic #4627 (
roadmap)Problem. One SDK across the major clouds; GKE/AKS missing, Hetzner K3s/Vanilla and EKS unfinished. Direction. Finish #4510 GKE slices in order β (3) provisioner + factory routing after #5682 merges, (4) Provider/Distribution enum + schema surface, (5) AKS mirror via
armcontainerserviceβ these are startable now and NOT credential-gated (unit-tested like the merged EKS/GKE code). #3983/#4328 completion stays gated on #4972/#4973 (credentials/machines β maintainer-only); the platform-side AWS chain (platform#2324β#2327) is advancing (#2377 promoted). Size: L. Priority: High β the default substantive lane for July.Theme B β GitOps depth: finish #5344, scope #5606 β
roadmapProblem. #5344 is one slice from done; the Flux-2.9 epic's children #3β#8 are unscoped wishes. Direction. #5344 remainder: 3b
--ephemeraloperator-children (env-gated, reuses #4899) + nativecel-goCEL validation (per #5624: stay-native, no external tool). From #5606 pick and spec 1β2 children for July β suggested first: #3Kustomization.spec.ignoredrift handling (extendsworkload reconcile) and #4 CEL Helm health checks (builds on #5576). Size: M. Priority: High (maintainer-requested epic).Theme C β Multi-cluster & CLI shape: #5441 Β· #5626 Β· #5654 β
roadmapProblem. Multi-cluster scaffolding is mid-flight; the CLI's command taxonomy (#5626
ksail project) and scope over unmanaged clusters (#5654, filed 07-01) are open shape questions. Direction. #5441: next increment =cluster init --multi-clusterflag composing the merged Derive+Write; then item 3 (environmentsΓproviders). #5654 needs a decomposition pass first (kubeconfig discovery, context ops, which commands go cluster-agnostic) β it is the freshest scope question and should get an ADR-style design comment + child issues early in July. #5626 follows the same ADR-first path (command-migration matrix). Size: MβL. Priority: High for the #5654 decomposition; Medium for implementation until the design lands.Theme D β Inner-loop DX (#4521) β epic
Problem. P1 is half-shipped (tap-point selection merged; no traffic path yet). Direction. Next: ephemeral-container tap injection + reverse port-forward tunnel (Vanilla/K3s/VCluster), then P2 intercept, P3 env/volume. Size: M per increment. Priority: Medium.
Theme E β Operator lifecycle (#4899) β epic
Problem. Remaining phases need real child clusters (Connectors for Kind-DinD/k3k/KWOK/Talos-DinD, Docker provider, cloud kubeconfigs) β not unit-testable on the dev hub. Direction. Land #5551 (awaiting promotion); then pick the KWOK Connector as the one possibly-testable slice; the rest as environments allow. Size: L. Priority: Medium, env-gated.
Operational health (not roadmap, named blockers)
enhancementqueue; pairs with platform's DaemonSet-VPA work ([agentics] Unbloat Docs failedΒ #2370).Suggested sequencing (July)
ksail projectand migrate gitops-file commands offksail clusterΒ #5626 ADR) β maintainer-hot design work, unblocks a Q3 lane.workload validateandworkload scanto validate/scan all GitOps layers in-processΒ #5344 CEL slice alongside.How to use this roadmap
Unchanged from #4988: new feature work maps to a theme (or proposes one here first); implementing PRs
Fixes #child; epics close with their children; refreshed monthly.Supersedes #4988 (June). No new epics minted β all themes point at existing tracking issues.