|
| 1 | += Lifecycle Policies |
| 2 | + |
| 3 | +This page details our current lifecycle policies around various parts of our product - the Stackable Data Platform (SDP). |
| 4 | + |
| 5 | +We define multiple lifecycle policies for different parts of our platform, but all these policies follow some common goals: |
| 6 | + |
| 7 | +* It should always be possible to upgrade to a new version of SDP without also changing any of your Kubernetes resources as long as you are not currently using anything that has already been marked as deprecated |
| 8 | +** This means you can upgrade the control plane independently of the user-facing products |
| 9 | +
|
| 10 | +* All deprecations follow a predictable lifecycle that allows planning of upgrades ahead of time |
| 11 | +
|
| 12 | +The guarantees we give are on multiple levels as detailed below: |
| 13 | + |
| 14 | +* The SDP itself |
| 15 | +* CustomResourceDefinition (CRD) versions |
| 16 | +* Supported product versions |
| 17 | +* Supported OpenShift & Kubernetes versions |
| 18 | +
|
| 19 | +All these policies may evolve as we learn what works best for our customers and for us. |
| 20 | + |
| 21 | +These policies are from *July 2023*. |
| 22 | + |
| 23 | + |
| 24 | +== Stackable Data Platform Lifecycle Policy |
| 25 | + |
| 26 | +NOTE: This policy concerns releases of our platform as a whole and how long and to which extent we support each version. |
| 27 | + |
| 28 | +We do releases of our Stackable Data Platform. |
| 29 | +These releases get a name based on the year and month they have been released in (e.g. `23.4`, `23.7`, also called https://calver.org/[CalVer]). This name does not follow Semantic Versioning (https://semver.org/[SemVer]). We may release patches for a release, which then follow the PATCH naming semantics of SemVer (e.g. `23.4.1`) or the _Micro_ name from CalVer. See below for our policy on patches for the SDP. |
| 30 | + |
| 31 | +We do support an SDP release for a specific time after its release. |
| 32 | + |
| 33 | +An SDP release contains our operators and other code developed at Stackable as well as the product docker images. |
| 34 | + |
| 35 | +TIP: Our policy is inspired by the https://kubernetes.io/releases/patch-releases/[Kubernetes] and the https://access.redhat.com/support/policy/updates/openshift#ocp4[OpenShift] policies. |
| 36 | + |
| 37 | +=== Full Support Phase |
| 38 | + |
| 39 | +This phase begins once a new non-patch SDP version is released and ends after a 6-month period OR 3 months after the general availability of the superseding non-patch release, whichever is later. |
| 40 | + |
| 41 | +The following pictures show both scenarios: |
| 42 | + |
| 43 | +image:full_support_scenario_1.png[Full Support Scenario 1] |
| 44 | + |
| 45 | +image:full_support_scenario_2.png[Full Support Scenario 2] |
| 46 | + |
| 47 | +We _will_ release new patch releases of a SDP release (e.g. `23.4.1`) for any issues we deem Critical or High (see definition below) once fixes become available. |
| 48 | +We _may_ release new patch releases for other reasons. |
| 49 | + |
| 50 | +=== Maintenance Phase |
| 51 | + |
| 52 | +This phase commences after the _Full Support_ phase for the respective SDP version and ends 12 months after general availability of the SDP release. |
| 53 | + |
| 54 | +We _may_ release new patch releases of a SDP release (e.g. `23.4.1`) for any issues we deem Critical or High (see definition below) once fixes become available. |
| 55 | + |
| 56 | +image:maintenance_phase.png[Maintenance Phase] |
| 57 | + |
| 58 | +=== General |
| 59 | + |
| 60 | +We may release patches for other reasons. |
| 61 | + |
| 62 | +Customers are expected to upgrade their SDP environment to the most current supported patch/micro (`23.4.z`) version. |
| 63 | +Make sure to follow our release notes to learn of valid upgrade paths, some intermediate updates might be necessary. |
| 64 | + |
| 65 | +== CRD Versioning Lifecycle Policy |
| 66 | + |
| 67 | +IMPORTANT: As of June 2023 all our CRDs are versioned as `alpha1`. We will start introducing other versions later in 2023. |
| 68 | + |
| 69 | +``CustomResourceDefinition``s at Stackable are versioned. |
| 70 | + |
| 71 | +Our policies around CRD versioning are inspired by the https://kubernetes.io/docs/reference/using-api/deprecation-policy/[Kubernetes Deprecation Policy]. |
| 72 | + |
| 73 | +Specifically we try to follow these rules: |
| 74 | + |
| 75 | +* API elements may only be removed by incrementing the version of the API group. |
| 76 | + |
| 77 | +* API objects must be able to round-trip between API versions in a given release without information loss, except for whole REST resources that do not exist in some versions. |
| 78 | + |
| 79 | +* An API version in a given track may not be deprecated in favor of a less stable API version. |
| 80 | + |
| 81 | +* API lifetime is determined by the API stability level |
| 82 | +** Alpha API versions may be removed in any release without prior deprecation notice. |
| 83 | + |
| 84 | +** Beta API versions are deprecated at a minimum of 1 platform releases after introduction and removed at a minimum of 1 platform releases after deprecation. |
| 85 | + |
| 86 | +** GA (stable) API versions are deprecated at a minimum of 2 platform releases after introduction and removed at a minimum of 1 platform releases after deprecation. |
| 87 | + |
| 88 | +Similar to the Exception noted by the Kubernetes project itself, we will also evolve these policies as we go along and find that one of the rules doesn't fit a situation. |
| 89 | + |
| 90 | +NOTE: According to these rules it is legal to _add_ fields to a CRD without increasing the version as long as there is a default for this field. |
| 91 | + |
| 92 | + |
| 93 | +== Product Lifecycle Policy |
| 94 | + |
| 95 | +SDP ships with a lot of different downstream products (e.g. Apache HBase, Apache Superset). |
| 96 | + |
| 97 | +All of these products follow their own version semantics and release cadences and lifecycles, which is why we do not define a product lifecycle policy based on version numbers alone. |
| 98 | + |
| 99 | +For every one of the products we ship we always support one LTS (Long Term Support) release line, which we generally recommend to use. |
| 100 | +A release line usually means that we are going to keep a `major.minor` release stable but will include newer patch versions in later SDP releases. |
| 101 | + |
| 102 | +Some products (e.g. Trino) don't follow Semver rules, for those we will follow separate rules and clearly document what version is considered LTS. |
| 103 | + |
| 104 | +Every LTS release line is shipped for at least one full year. |
| 105 | +After a year we may switch to a new release line - but there will always be at least an overlap of one release in which the old LTS version is deprecated, but a new LTS version is available. |
| 106 | +Which line we chose as our LTS release is at our own discretion and is based on popularity, upstream lifecycle policies, stability, our own experience and other factors. |
| 107 | + |
| 108 | +In addition to the LTS line we may also ship other versions, e.g. the latest upstream version. |
| 109 | + |
| 110 | +We do honor the same deprecation policy for non-LTS products as for LTS products, but we do not guarantee a long term support for these versions. They may be deprecated faster. |
| 111 | + |
| 112 | +image:product_release_cycle.png[Product Lifecycle Policy] |
| 113 | + |
| 114 | +=== Deprecation |
| 115 | + |
| 116 | +Every product version that gets removed will be deprecated for at least 1 SDP release before removal. |
| 117 | +This guarantees that users can update the operators (e.g. from 23.1 to 23.4) without the need to simultaneously update the product version as well. The flow is to first update the control plane (the operators) and afterward the product versions if desired (e.g. when the currently used version is now deprecated). |
| 118 | + |
| 119 | +=== Definition of "support" |
| 120 | + |
| 121 | +We will ship new versions of the LTS release line in our currently supported SDP releases (see above) for any issues we deem Critical or High in severity when they become available. |
| 122 | + |
| 123 | +We will also engage with the upstream projects to try and solve issues. |
| 124 | + |
| 125 | +It is our explicit goal to limit the amount of times we have to ship a version of the products that deviates from the original upstream source. |
| 126 | + |
| 127 | +We may ship new versions for existing SDP releases for other issues as well. |
| 128 | + |
| 129 | + |
| 130 | +== OpenShift & Kubernetes Support Policy |
| 131 | + |
| 132 | +For every SDP release we will publish a list of supported Kubernetes versions. |
| 133 | + |
| 134 | +We are aiming to support the last three Kubernetes versions but will make case-by-case decisions by taking into account the currently supported Kubernetes versions. |
| 135 | +We will also take into account currently supported OpenShift versions as published by RedHat. It is our goal to support all versions that are in Full or Maintenance support. As the releases may be overlapping we might not always support the latest Kubernetes or OpenShift versions when we release a SDP version. |
| 136 | + |
| 137 | + |
| 138 | +== Support Policy (Security & Bugs) |
| 139 | + |
| 140 | +Stackable will analyze published security vulnerabilities (e.g. CVEs but other sources may apply as well) for all the products we support as well components developed by us and their dependencies. We take various sources into account when assigning a criticality. Among those sources is the NVD database, but we place higher value on the self-assessments by the projects themselves, and we will additionally evaluate vulnerabilities in the context of how they are used in the Stackable Data Platform. |
| 141 | + |
| 142 | +We will then assign a criticality to each vulnerability according to similar rating categories that https://access.redhat.com/security/updates/classification[RedHat has established]: |
| 143 | + |
| 144 | +Critical:: |
| 145 | +This rating is given to flaws that could be easily exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. Flaws that require authentication, local or physical access to a system, or an unlikely configuration are not classified as Critical impact. These are the types of vulnerabilities that can be exploited by worms. |
| 146 | + |
| 147 | +High:: |
| 148 | +This rating is given to flaws that can easily compromise the confidentiality, integrity or availability of resources. These are the types of vulnerabilities that allow local or authenticated users to gain additional privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication or other controls, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. |
| 149 | + |
| 150 | +Medium:: |
| 151 | +This rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity or availability of resources under certain circumstances. These are the types of vulnerabilities that could have had a Critical or Important impact but are less easily exploited based on a technical evaluation of the flaw, and/or affect unlikely configurations. |
| 152 | + |
| 153 | +Low:: |
| 154 | +This rating is given to all other issues that may have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences. This includes flaws that are present in a program’s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw. |
0 commit comments