From 63a0f872833bbc7d78f1436b5b42fe5a5a2ad3a5 Mon Sep 17 00:00:00 2001
From: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Date: Thu, 7 Mar 2024 18:29:56 +0100
Subject: [PATCH] readme: document limitations and upcoming features

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 790b556cfd..23172dc2c3 100644
--- a/README.md
+++ b/README.md
@@ -191,6 +191,24 @@ lbip=$(kubectl get svc ${MY_SERVICE} -o=jsonpath='{.status.loadBalancer.ingress[
 curl --cacert ./verify/mesh-root.pem "https://${lbip}:8443"
 ```
 
+## Current limitations
+
+Contrast is in an early development stage and most underlying projects are under development, too.
+As a result there are currently certain limitations, from which we try to document the most significant
+ones here:
+
+- Only availabile on AKS with CoCo preview (AMD SEV-SNP)
+- Persistent volumes currently not supported in CoCo
+- While workload policies are functional in general, but [not covering all edge cases](https://github.com/microsoft/kata-containers/releases/tag/genpolicy-0.6.2-5)
+- Port-forwarding isn't supported by Kata Containers yet
+- CLI only available for Linux (mostly because upstream dependencies are not availabile for other platforms)
+
+## Upcoming Contrast features
+
+- Transparent service mesh (apps can currently use mTLS with Coordinator certs for secure communication)
+- Plugin key management service (KMS) for attestation/coordinator certificate based key release
+- High availability (distributed Contrast Coordinator)
+
 ## Contributing
 
 See the [contributing guide](CONTRIBUTING.md).