Roadmap

The first release provisions and runs the full Wazuh stack with ordered, rollout-aware upgrades. Planned follow-ups:

• Certificate & credential rotation — re-issue CA/leaf certs and rotate passwords (re-running securityadmin) without downtime.
• Backups / restore — pre-upgrade indexer snapshots and scheduled backups (likely via the bnerd-backup-operator).
• Version-upgrade orchestration — pre/post-upgrade hooks, reindex handling for major versions, maintenance windows.
• PVC expansion — handle storage.size growth without manual StatefulSet recreation.
• Multi-tenant pooling — pre-provisioned WazuhCluster pools for fast onboarding (à la the Nextcloud operator).
• cert-manager integration — optional Issuer/Certificate-based TLS.
• Autoscaling — HPA for workers/dashboard.

See the Day-2 Operations limitations for current workarounds.