From cc5dce64ae517b17acff9295c5370e6b79044218 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Tue, 27 Jun 2017 09:28:15 -0700 Subject: [PATCH 001/179] notary + tuf proposal --- proposals/notary + tuf.adoc | 84 +++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 proposals/notary + tuf.adoc diff --git a/proposals/notary + tuf.adoc b/proposals/notary + tuf.adoc new file mode 100644 index 0000000..a7d0a97 --- /dev/null +++ b/proposals/notary + tuf.adoc @@ -0,0 +1,84 @@ +== Notary & TUF Proposal + +*Name of project:* Notary & TUF + +*Description:* + +The Update Framework (TUF) is a specification designed to solve specifically provenance and trust problems as part of a larger distribution framework. + +Notary is a content signing framework implementing the TUF specification in the Go language. The project provides both a client, and a pair of server applications to host signed metadata and perform limited online signing functions. It is the de facto image signing framework in use by Docker, Quay, VMWare, and others. + +Notary and TUF have been presented at [CNCF TOC meeting 6/20/2017](https://docs.google.com/presentation/d/1MvCZytMQpTgGW4IvJ1cM0hvnIr8IowH7hFaeXJZ6cp4/edit#slide=id.g2309ce468a_22_0) + +*Sponsor / Advisor from TOC:* Solomon Hykes + +*Preferred maturity level:* incubating + +*Unique identifier:* + +* Notary: notary +* The Update Framework: tuf + +*License:* + +* Notary: Apache 2.0 +* TUF: MIT + +*Source control repositories:* + +* https://github.com/docker/notary +* https://github.com/theupdateframework/tuf +* https://github.com/theupdateframework/taps + +*Initial Committers:* + +* https://github.com/docker/notary/blob/master/MAINTAINERS +* https://github.com/theupdateframework/tuf/blob/develop/AUTHORS.txt + +*Infrastructure requirements (CI / CNCF Cluster):* + +* CircleCI +* CodeCov +* Travis CI + +*Issue tracker:* + +* https://github.com/docker/notary/issues +* https://github.com/theupdateframework/tuf/issues + +*Mailing lists:* + +* Slack: https://dockercommunity.slack.com/messages/notary +* Google Groups: https://groups.google.com/forum/#!forum/theupdateframework + +*Website:* + +* TUF: https://theupdateframework.github.io/ + +*Release methodology and mechanics:* + +* Feature based releases + +*Social media accounts:* None + +*Existing sponsorship:* Docker for Notary, National Science Foundation and NYU for TUF + +*Contributor statistics:* + +The notary community is growing slowly with a very small but active base and a larger group of occasional contributors. Maintainers are from Docker, CoreOS and Huawei. + +TUF maintainers from NYU and CoreOS. + +*Adopters:* Docker, Quay, Huawei, Motorola Solutions, VMWare + +*External Dependencies:* + +* https://github.com/docker/notary/blob/master/vendor.conf +* Protobuf +* GRPC +* MySQL/PostgreSQL/rethinkDB +* https://github.com/yubico/yubico-piv-tool + +*Statement on alignment with CNCF mission:* + +Notary is the most secure and widely adopted implementation of The Update Framework to date, and represents a critical security building block for ensuring the provenance and integrity of data in the field of cloud-native computing. As an implementer of The Update Framework it can provide its guarantees over any arbitrary digital content, making it ultimately flexible to any use case requiring security guarantees against attacks up to and including nation state level. From aac1d3504960cacd9f6e83af1b2a2f21521782a0 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Fri, 1 Sep 2017 09:54:47 -0700 Subject: [PATCH 002/179] updated license for TUF and remove 'most secure' --- proposals/notary + tuf.adoc | 113 +++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 3 deletions(-) diff --git a/proposals/notary + tuf.adoc b/proposals/notary + tuf.adoc index a7d0a97..3333822 100644 --- a/proposals/notary + tuf.adoc +++ b/proposals/notary + tuf.adoc @@ -22,7 +22,7 @@ Notary and TUF have been presented at [CNCF TOC meeting 6/20/2017](https://docs. *License:* * Notary: Apache 2.0 -* TUF: MIT +* TUF: Dual licensed under MIT and Apache 2.0 *Source control repositories:* @@ -77,8 +77,115 @@ TUF maintainers from NYU and CoreOS. * Protobuf * GRPC * MySQL/PostgreSQL/rethinkDB -* https://github.com/yubico/yubico-piv-tool +* https://github.com/yubico/yubico-piv-tool +* https://github.com/flynn/gotuf (forked and heavily modified under the "tuf" directory in the notary repository) *Statement on alignment with CNCF mission:* -Notary is the most secure and widely adopted implementation of The Update Framework to date, and represents a critical security building block for ensuring the provenance and integrity of data in the field of cloud-native computing. As an implementer of The Update Framework it can provide its guarantees over any arbitrary digital content, making it ultimately flexible to any use case requiring security guarantees against attacks up to and including nation state level. +Notary is the most secure and widely adopted implementation of The Update Framework to date, and represents a +critical security building block for ensuring the provenance and integrity of data in the field of +cloud-native computing. As an implementer of The Update Framework it can provide its guarantees over any +arbitrary digital content, making it ultimately flexible to any use case requiring security guarantees +against attacks up to and including nation state level. + +Additional Material +--- + +*Notary/TUF vs Traditional Package Signing* + +Traditional package signing methods commonly revolve around GPG signing of various metadata fragments. In a +sense, GPG is a primitive used by traditional package signing systems. If there was strong enough desire, +GPG could be integrated into any existing TUF implementation as an available signing option. TUF recognizes +that the existing signing systems have not gone far enough to address the threats that are meaningful in the +context of software distribution. It proposes a complete system for secure software distribution that +addresses these threats. + +Over the years many package management signing systems have been developed and they continue to make the +mistakes of the past because the community has largely focused on the expertise required to develop +crypto primitives, without also acknowledging the expertise required to design systems. To quote Duncan +Coutts in his explanation of Haskell’s choice to use TUF, “TUF has been designed by academic experts in +the subject, based both on research and existing real-world systems. Our crypto-humility should cover +not just crypto algorithms but extend to whole system designs.” + +*TUF vs GPG* + +GPG currently has much greater recognition that TUF. This is expected given the age and lack of +competition it has received. This does not automatically make it a good solution to signing requirements. +GPG lacks the same features as our “Traditional Package Managers”, as they have largely added very little +if anything meaningful on top of the GPG primitives. + +Nominally one could argue that GPG private key management is simpler than TUF private key management +purely on the basis that there are slightly fewer keys to manage. This marginal difference is a poor +tradeoff in the face of ease of integration. GPG is well recognized as being difficult to use [1] (response +at [5]), and even more difficult to integrate with at the library level as a developer [2]. By comparison, +one user was able to write a tool to use Notary to sign and verify git tags during a hackathon with no \ +help from the Notary maintainers [3]. + +*Why a joint submission?* + +We want the TUF specification to be accepted into CNCF because it will make a clear statement of the +importance and expectations the community must have for the security of their software distribution +channels. Furthermore we want there to be implementations in many languages to enable broad adoption. +A joint submission of TUF and Notary is a highly cohesive package that lays a solid foundation for +package signing in CNCF, providing both the spec for guidance, and an implementation in Golang, which +is the majority language among existing CNCF projects. + +We are at an inflection point in the methods used to develop and deploy software. The paradigm shift +happening right now must be capitalized on lest we risk extending the the unacceptable status quo in +software distribution security. + +*Use Cases* + +The most unequivocal use case for TUF and Notary is securing software update systems. This is the stated +scope and primary goal of TUF. It is also a stated goal that the framework should be usable with both +new and existing software update systems. + +We should define what we mean by “software update system” in this context: a software update system is +a process and utilities that allow one to download and install entirely new software, and upgrades to +existing software, within a specific environment. Some examples are Python’s PIP, Debian’s APT, and +RedHat’s YUM systems. + +Container images map very closely to a typical software update system payload. Like some of those +mentioned, it uses TAR files containing the collection of files to be installed on the requesting host. +It uses a manifest, a JSON file, to describe how those files are used to set up and run the container. +The manifest is the root of a Merkle tree, containing the SHA256 checksums of the layers that make up +the image. This efficiently allows us to sign only the manifest using Notary and a user can perform a +verification of everything they download for the image. + +We also see a future for Notary and TUF in signing service or pod definitions. This strengthens +protections around what software can run on a cluster. We envision a single Notary repository +maintained within a cluster to which recognized delegates can push updates. This would be the only +mechanism for a cluster to receive updates to its definitions and automatically acts as a second +factor of authentication (something you have: the private key) in the presence of traditional +username+password based auth. + +Finally, we recognize that there is a natural link between code identity and container, service, and +pod identity. We believe that runtime identity ought to be tied to code signatures, so that policies +can be set such that only particular images may assume a runtime identity. For example, a customer +might specify that a particular signing process for container images is necessary in order to call +particular APIs within a cluster. This link between image identity and container runtime identity +requires a cryptographically strong, commonly shared image signing and verification system. + +Use cases that we consider in scope and that are already implemented or can be accomplished now: + +* Container image signing +* General software package signing (a demo of this was put together using Notary to sign PIP packages for a talk at PyCon 2016 [4]) +* OS/Kernel signing (already in use in LinuxKit) +* CI pipeline signing + * Every entity performing a step in a CI pipeline (build, test, security scan, etc…) should add a signature and all signatures should be verified at deployment time. + +Use cases that are achievable with some additional work: + +* Signing cluster/service/pod definitions +* Binding code signatures to service/container/pod identity + +Out of scope: + +* Signing communications, i.e. emails +* Signed logs (though TUF/Notary could be applicable to signing log files backed up offsite) + +1. https://blog.filippo.io/giving-up-on-long-term-pgp/ +2. https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_GnuPG.html +3. https://github.com/docker/global-hack-day-3/tree/master/docker-bdx +4. https://www.youtube.com/watch?v=fDvO9jwXCV4 +5. https://arstechnica.co.uk/information-technology/2016/12/signal-does-not-replace-pgp/ From 3c3cabf4167d964625dbef3a8d1451873ced51e2 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 18 Sep 2017 17:53:46 -0500 Subject: [PATCH 003/179] Add 9/19/17 agenda https://goo.gl/cgx9j2 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8d1c5b4..0273a26 100644 --- a/README.md +++ b/README.md @@ -154,3 +154,4 @@ If you're interested in presenting at a TOC call about your project, please open * [August 1st, 2017](https://goo.gl/ehtgts) * [August 15th, 2017](https://goo.gl/iSP394) * [September 5th, 2017](https://goo.gl/WbKUmd) +* [Setember 19th, 2017](https://goo.gl/cgx9j2) From 8557d76fb10aa6efe0ddf50e70fc8a3e32a9064e Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 18 Sep 2017 18:59:01 -0500 Subject: [PATCH 004/179] Update serverless wg time --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0273a26..d111ca1 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ The TOC has created the following working groups to investigate and discuss the |---------------|------------------|---------------------------------------|--------------------| | [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/j/199346891) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) | [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 8AM PT](https://zoom.us/j/175547218) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) -| [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [1st and 3rd Thu of every month at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) +| [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) | [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [3rd Wed of every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) All meetings are on the public CNCF calendar: https://goo.gl/eyutah From e0cd344f36ca6d94d1118a8045787c47ffe8c9ff Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Tue, 19 Sep 2017 10:04:31 -0500 Subject: [PATCH 005/179] Update Networking WG time --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d111ca1..f1c1fe8 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ The TOC has created the following working groups to investigate and discuss the | Working Group | Chair | Meeting Time | Minutes/Recordings | |---------------|------------------|---------------------------------------|--------------------| | [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/j/199346891) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) -| [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 8AM PT](https://zoom.us/j/175547218) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) +| [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/j/175547218) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) | [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) | [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [3rd Wed of every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) From e7d15608bf6b6239300e14de15c7529e14eae645 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Tue, 19 Sep 2017 10:05:19 -0500 Subject: [PATCH 006/179] Update Networking WG Zoom link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f1c1fe8..46f9a4c 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ The TOC has created the following working groups to investigate and discuss the | Working Group | Chair | Meeting Time | Minutes/Recordings | |---------------|------------------|---------------------------------------|--------------------| | [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/j/199346891) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) -| [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/j/175547218) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) +| [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/j/999936723) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) | [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) | [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [3rd Wed of every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) From 97336f280e486f79c9c3e2c83a6b72dd7ba1c63c Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 20 Sep 2017 18:22:10 -0500 Subject: [PATCH 007/179] Update Storage WG meeting times --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 46f9a4c..0bfbd19 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ The TOC has created the following working groups to investigate and discuss the | [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/j/199346891) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) | [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/j/999936723) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) | [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) -| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [3rd Wed of every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) +| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [1st and 3rd Wed every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) All meetings are on the public CNCF calendar: https://goo.gl/eyutah From 17d3611fdd2c5c75f34b066c31817f9baac36b33 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 25 Sep 2017 13:51:48 -0500 Subject: [PATCH 008/179] Add TOC Principles + GB discussion on 10/17 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0bfbd19..4a0fdef 100644 --- a/README.md +++ b/README.md @@ -111,9 +111,10 @@ If you're interested in presenting at a TOC call about your project, please open * **September 5, 2017**: gluster-kubernetes and Storage WG readout * **September 19, 2017**: TBD * **October 3, 2017**: NATS.io revisited -* **October 17, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **October 17, 2017**: TOC Principles / GB (Todd Moore) * **November 7, 2017**: SPIFFE.io * **November 21, 2017**: Project Graduation Reviews (Kubernetes, Prometheus) +* **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 0af016f6f94a41f487a583682d383162bf53c1cf Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Tue, 26 Sep 2017 11:18:41 -0400 Subject: [PATCH 009/179] s/Incubation/Incubating/ --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4a0fdef..afe17a3 100644 --- a/README.md +++ b/README.md @@ -76,11 +76,11 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Inception [gRPC](http://www.grpc.io/)|Brian Grant|[10/19/16](https://docs.google.com/presentation/d/16mNYaqgd7BaV50OnbcuQ1zRHpWoUKhL3XHvCJwEm8CE/edit#slide=id.g185c09339a_23_106)|[2/16/17](https://www.cncf.io/blog/2017/03/01/cloud-native-computing-foundation-host-grpc-google)|Incubating [CoreDNS](https://coredns.io/)|Jonathan Boulle|[8/17/16](https://docs.google.com/presentation/d/1LPvM44Pi7gletiDs40P7XmTKJLez5nz88ObYCHrHal8/edit?usp=sharing)|[2/27/17](https://www.cncf.io/blog/2017/03/02/cloud-native-computing-foundation-becomes-steward-service-naming-discovery-project-coredns)|Inception -[containerd](https://containerd.io/)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1qmGsmARyMhRLwbFWG7LXJSsDHm45nqZ_QtBv5SnQL54/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/containerd-joins-cloud-native-computing-foundation/)|Incubation -[rkt](http://rkt.io)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1KzA58_Zz30mKKzeLuSvXLh63aIC75KRdAOTw4PJ_10g/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/cloud-native-computing-foundation-becomes-home-pod-native-container-engine-project-rkt/)|Incubation -[CNI](https://github.com/containernetworking/cni)|Ken Owens|[5/3/17](https://docs.google.com/presentation/d/1flQXWp1NQg_FdiLQ0MzKw5QACIwR1i939a-FD74imxk/edit#slide=id.g217fd51990_0_140)|[5/23/17](https://www.cncf.io/blog/2017/05/23/cncf-hosts-container-networking-interface-cni/)|Incubation -[Envoy](https://github.com/envoyproxy/envoy)|Alexis Richardson|[8/15/17](https://goo.gl/iSP394)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-envoy/)|Incubation -[Jaeger](https://github.com/jagertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubation +[containerd](https://containerd.io/)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1qmGsmARyMhRLwbFWG7LXJSsDHm45nqZ_QtBv5SnQL54/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/containerd-joins-cloud-native-computing-foundation/)|Incubating +[rkt](http://rkt.io)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1KzA58_Zz30mKKzeLuSvXLh63aIC75KRdAOTw4PJ_10g/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/cloud-native-computing-foundation-becomes-home-pod-native-container-engine-project-rkt/)|Incubating +[CNI](https://github.com/containernetworking/cni)|Ken Owens|[5/3/17](https://docs.google.com/presentation/d/1flQXWp1NQg_FdiLQ0MzKw5QACIwR1i939a-FD74imxk/edit#slide=id.g217fd51990_0_140)|[5/23/17](https://www.cncf.io/blog/2017/05/23/cncf-hosts-container-networking-interface-cni/)|Incubating +[Envoy](https://github.com/envoyproxy/envoy)|Alexis Richardson|[8/15/17](https://goo.gl/iSP394)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-envoy/)|Incubating +[Jaeger](https://github.com/jagertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating ## Scheduled Community Presentations From 8a872d16befba5591b9e322672895e2b3961c73d Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 26 Sep 2017 10:19:46 -0500 Subject: [PATCH 010/179] Move Storage WG to 2nd and 4th Wed every month --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afe17a3..6a012c4 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ The TOC has created the following working groups to investigate and discuss the | [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/j/199346891) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) | [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/j/999936723) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) | [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) -| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [1st and 3rd Wed every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) +| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [2nd and 4th Wed every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) All meetings are on the public CNCF calendar: https://goo.gl/eyutah From 98dfb7ffcb9961b2091019a0d74273c875e198bb Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Sun, 1 Oct 2017 19:45:05 -0500 Subject: [PATCH 011/179] Add agenda deck for 10/3/17 https://goo.gl/nsYz4j --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6a012c4..9354f59 100644 --- a/README.md +++ b/README.md @@ -156,3 +156,4 @@ If you're interested in presenting at a TOC call about your project, please open * [August 15th, 2017](https://goo.gl/iSP394) * [September 5th, 2017](https://goo.gl/WbKUmd) * [Setember 19th, 2017](https://goo.gl/cgx9j2) +* [October 3rd, 2017](https://goo.gl/nsYz4j) From eb1f80fd337481aa6e5dc5bbe3031a62618e191a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 2 Oct 2017 15:35:40 -0500 Subject: [PATCH 012/179] Add Sam Lambert as the new End User TOC rep --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9354f59..858800c 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ The CNCF TOC is the technical governing body of the CNCF Foundation. It admits a * **Brian Grant** (term: 2 years - start date: 3/17/2016) * **Benjamin Hindman** (term: 3 years - start date: 1/29/2016) * **Solomon Hykes** (term: 2 years - start date: 3/17/2016) -* **Elissa Murphy** (term: 2 years - start date: 3/11/2016) +* **Sam Lambert** (term: 16 months - start date: 10/2/2017) * **Ken Owens** (term: 3 years - start date: 1/29/2016) * **Alexis Richardson** (term: 3 years - start date: 1/29/2016) From 409bcc146e9d37e909dba520011e36157b1cf53d Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Mon, 2 Oct 2017 17:34:58 -0400 Subject: [PATCH 013/179] Added Sam Lambert as TOC member --- process/election-schedule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process/election-schedule.md b/process/election-schedule.md index 500d4c1..b1d430e 100644 --- a/process/election-schedule.md +++ b/process/election-schedule.md @@ -20,7 +20,7 @@ Current TOC [Members](https://github.com/cncf/toc#members) and their terms are: * Brian Grant (term: 2 years - start date: 3/17/2016) * Benjamin Hindman (term: 3 years - start date: 1/29/2016) * Solomon Hykes (term: 2 years - start date: 3/17/2016) -* Elissa Murphy (term: 2 years - start date: 3/11/2016) +* Sam Lambert (term: 16 months - start date: 10/2/2017) * Ken Owens (term: 3 years - start date: 1/29/2016) * Alexis Richardson (term: 3 years - start date: 1/29/2016) From 3c5b8d6c5cf2748718c64b455e5e8045b3134a67 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 3 Oct 2017 10:58:59 -0500 Subject: [PATCH 014/179] Mov Nov 21st meeting to Nov 14th; add OPA --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 858800c..b76bbf3 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ If you're interested in presenting at a TOC call about your project, please open * **October 3, 2017**: NATS.io revisited * **October 17, 2017**: TOC Principles / GB (Todd Moore) * **November 7, 2017**: SPIFFE.io -* **November 21, 2017**: Project Graduation Reviews (Kubernetes, Prometheus) +* **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 87881f61d8323cd14aee1151744a21d0ba8d629a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 9 Oct 2017 10:28:49 -0500 Subject: [PATCH 015/179] Add Serverless WG to 11/7/17 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b76bbf3..d7a027a 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ If you're interested in presenting at a TOC call about your project, please open * **September 19, 2017**: TBD * **October 3, 2017**: NATS.io revisited * **October 17, 2017**: TOC Principles / GB (Todd Moore) -* **November 7, 2017**: SPIFFE.io +* **November 7, 2017**: SPIFFE.io and Serverless WG * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From b299bca5b5cbf592e1dfaf2ed2c88e85310b9122 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 13 Oct 2017 08:51:40 -0500 Subject: [PATCH 016/179] Add Istio to presentation queue https://istio.io/ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7a027a..f76107a 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ If you're interested in presenting at a TOC call about your project, please open * **September 19, 2017**: TBD * **October 3, 2017**: NATS.io revisited * **October 17, 2017**: TOC Principles / GB (Todd Moore) -* **November 7, 2017**: SPIFFE.io and Serverless WG +* **November 7, 2017**: Istio, SPIFFE.io and Serverless WG * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From d86da207eaaa28610ab548214986a295db08c173 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 13 Oct 2017 10:43:14 -0500 Subject: [PATCH 017/179] Add OpenMetrics update for next meeting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f76107a..7cb4cfc 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ If you're interested in presenting at a TOC call about your project, please open * **September 5, 2017**: gluster-kubernetes and Storage WG readout * **September 19, 2017**: TBD * **October 3, 2017**: NATS.io revisited -* **October 17, 2017**: TOC Principles / GB (Todd Moore) +* **October 17, 2017**: TOC Principles / GB (Todd Moore) and OpenMetrics Update * **November 7, 2017**: Istio, SPIFFE.io and Serverless WG * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From 17f71d37c5ce15d1eadc32c7213097012937e75a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 13 Oct 2017 11:06:22 -0500 Subject: [PATCH 018/179] Fix link to Jaeger https://github.com/jaegertracing/jaeger --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7cb4cfc..2e2e2a7 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [rkt](http://rkt.io)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1KzA58_Zz30mKKzeLuSvXLh63aIC75KRdAOTw4PJ_10g/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/cloud-native-computing-foundation-becomes-home-pod-native-container-engine-project-rkt/)|Incubating [CNI](https://github.com/containernetworking/cni)|Ken Owens|[5/3/17](https://docs.google.com/presentation/d/1flQXWp1NQg_FdiLQ0MzKw5QACIwR1i939a-FD74imxk/edit#slide=id.g217fd51990_0_140)|[5/23/17](https://www.cncf.io/blog/2017/05/23/cncf-hosts-container-networking-interface-cni/)|Incubating [Envoy](https://github.com/envoyproxy/envoy)|Alexis Richardson|[8/15/17](https://goo.gl/iSP394)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-envoy/)|Incubating -[Jaeger](https://github.com/jagertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating +[Jaeger](https://github.com/jaegertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating ## Scheduled Community Presentations From c1eaa0ccf4fea695c70a29580305dcd0a4ac4f68 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 16 Oct 2017 08:41:03 -0500 Subject: [PATCH 019/179] Add Oct 17th TOC deck https://goo.gl/hH6fS4 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2e2e2a7..286d87f 100644 --- a/README.md +++ b/README.md @@ -157,3 +157,4 @@ If you're interested in presenting at a TOC call about your project, please open * [September 5th, 2017](https://goo.gl/WbKUmd) * [Setember 19th, 2017](https://goo.gl/cgx9j2) * [October 3rd, 2017](https://goo.gl/nsYz4j) +* [October 17th, 2017](https://goo.gl/hH6fS4) From a053655a9e1e3fd2f787d79d3f82839b9e6313bf Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 25 Oct 2017 11:37:46 +0200 Subject: [PATCH 020/179] Add TUF/Notary to official project list --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 286d87f..d66d9dd 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [CNI](https://github.com/containernetworking/cni)|Ken Owens|[5/3/17](https://docs.google.com/presentation/d/1flQXWp1NQg_FdiLQ0MzKw5QACIwR1i939a-FD74imxk/edit#slide=id.g217fd51990_0_140)|[5/23/17](https://www.cncf.io/blog/2017/05/23/cncf-hosts-container-networking-interface-cni/)|Incubating [Envoy](https://github.com/envoyproxy/envoy)|Alexis Richardson|[8/15/17](https://goo.gl/iSP394)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-envoy/)|Incubating [Jaeger](https://github.com/jaegertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating +[Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating +[TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating ## Scheduled Community Presentations @@ -150,7 +152,7 @@ If you're interested in presenting at a TOC call about your project, please open * [May 3rd, 2017](https://docs.google.com/presentation/d/1flQXWp1NQg_FdiLQ0MzKw5QACIwR1i939a-FD74imxk/edit#slide=id.g217fd51990_0_140) * [May 16th, 2017](https://docs.google.com/presentation/d/1SHfBDI3YeyCTJ3ZrGoc0S4EmfHsUVW2jMmXmcYQe96E/edit?usp=sharing) * [June 6th, 2017](https://docs.google.com/presentation/d/1Lzy94UNzdSXkqZCvrwjkcChKpU8u2waDqGx_Sjy5eJ8/edit?usp=sharing) -* [June 20th, 2017](https://docs.google.com/presentation/d/1MvCZytMQpTgGW4IvJ1cM0hvnIr8IowH7hFaeXJZ6cp4/edit#slide=id.gd5ae4e962_2_136) +* [June 20th, 2017](https://goo.gl/6nmyDn) * [July 11th, 2017](https://docs.google.com/presentation/d/1bSP9UmxLP4gBu9kzxrqZCahDGS8JcsHFh1CawVtZOTY/edit#slide=id.gd5ae4e962_2_136) * [August 1st, 2017](https://goo.gl/ehtgts) * [August 15th, 2017](https://goo.gl/iSP394) From 2fbb2bef8f3b7f06ebe6265b0ec41d894b5691cd Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 1 Nov 2017 10:36:47 -0500 Subject: [PATCH 021/179] Add initial list of TOC Contributors --- CONTRIBUTORS.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 CONTRIBUTORS.md diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md new file mode 100644 index 0000000..60f6264 --- /dev/null +++ b/CONTRIBUTORS.md @@ -0,0 +1,53 @@ +# TOC Contributor Information + +There has been a call from CNCF’s Technical Oversight Committee for additional contributors and expertise to help evaluate potential projects and contribute to working groups. With the metaphor of the TOC as an open source project and the 9 TOC members as the maintainers, we are making a call for new TOC Contributors. + +Possible ways to contribute: + +* Tech due diligence for projects +* Time spent helping projects +* Liaison with GB +* Working Groups +* Technical content + +This is not only about individual contribution. It is also about rallying help from your employer. Given the breadth of projects represented by cloud native, it is impossible for anyone to be an expert in all technologies that we’re evaluating. We’re particularly interested in TOC Contributors that can act as a focal point for tapping relevant expertise from their organizations and colleagues in order to engage with CNCF discussions in a timely manner. The TOC already has the pattern of encouraging non-members to make non-binding votes, so no change in the TOC charter is necessary to allow Contributors. + +If you are interested in engaging in this way, we would encourage you to issue a pull request here that you desire to become a TOC Contributor. Although there is not an actual limit of having one TOC Contributor per company, we would encourage CNCF member companies to designate an official TOC Contributor who is tasked with consulting internal experts and expressing a semi-official view on a given project. + +## TOC Contributors + +List below is the official list of TOC contributors, in alphabetical order: + +* Randy Abernethy, RX-M LLC (randy.abernethy@rx-m.com) +* Josh Bernstein, Dell (Joshua.Bernstein@dell.com) +* Erin Boyd, Red Hat (eboyd@redhat.com) +* Lee Calcote, SolarWinds (leecalcote@gmail.com) +* Nick Chase, Mirantis (nchase@mirantis.com) +* Alex Chircop, StorageOS (alex.chircop@storageos.com) +* Gergely Csatari, Nokia (gergely.csatari@nokia.com) +* Doug Davis, IBM (dug@us.ibm.com) +* Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) +* Yaron Haviv, iguazio (yaronh@iguaz.io) +* Quinton Hoole, Huawei (quinton.hoole@huawei.com) +* Joseph Jacks, Independent (jacks.joe@gmail.com) +* Naadir Jeewa, The Scale Factory (naadir@scalefactory.com) +* Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) +* Dustin Kirkland, Canonical (kirkland@canonical.com) +* Clinton Kitson, Dell (Clinton.Kitson@dell.com) +* Christopher Liljenstople, Tigera (cdl@asgaard.org) +* Chase Pettet, Wikimedia (cpettet@wikimedia.org) +* Ara Pulido, Bitnami (ara@bitnami.com) +* Gou Rao, Portworx (gou@portworx.com) +* Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) +* Darren Ratcliffe, Atos (darren.ratcliffe@atos.net) +* Ghe Rivero, Independent (ghe.rivero@gmail.com) +* Andy Santosa, Ebay (asantosa@ebay.com) +* Yuri Shkuro, Uber (ys@uber.com) +* Eduardo Silva, Treasure Data (eduardo@treasure-data.com) +* Rick Spencer, Bitnami (rick@bitnamni.com) +* Bassam Tabbara, Quantum (bassam@tabbara.com) +* Yong Tang, Infoblox (ytang@infoblox.com) +* Xu Wang, Hyper (xu@hyper.sh) +* Bob Wise, Samsung SDS (bob@bobsplanet.com) +* Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) +* Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) From 300bb8229d467a2572d793deb1a317da37efd13e Mon Sep 17 00:00:00 2001 From: Mark Peek Date: Wed, 1 Nov 2017 09:12:26 -0700 Subject: [PATCH 022/179] Add Mark Peek to CONTRIBUTORS --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 60f6264..010895a 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -35,6 +35,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Dustin Kirkland, Canonical (kirkland@canonical.com) * Clinton Kitson, Dell (Clinton.Kitson@dell.com) * Christopher Liljenstople, Tigera (cdl@asgaard.org) +* Mark Peek, VMware (markpeek@vmware.com) * Chase Pettet, Wikimedia (cpettet@wikimedia.org) * Ara Pulido, Bitnami (ara@bitnami.com) * Gou Rao, Portworx (gou@portworx.com) From bc53b924694144767036569bfe89ce6cd3859ee3 Mon Sep 17 00:00:00 2001 From: Timothy Chen Date: Wed, 1 Nov 2017 09:18:56 -0700 Subject: [PATCH 023/179] Add Timothy Chen to TOC contributors --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 60f6264..194cb9a 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -51,3 +51,4 @@ List below is the official list of TOC contributors, in alphabetical order: * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) +* Timothy Chen, Hyperpilot (tim@hyperpilot.io) From 11e0826db8271eaff2bd59963b83ed4c6c2a1b2f Mon Sep 17 00:00:00 2001 From: emaildanwilson Date: Wed, 1 Nov 2017 09:43:06 -0700 Subject: [PATCH 024/179] add Concur to TOC Contributors --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 60f6264..8e40634 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -48,6 +48,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Bassam Tabbara, Quantum (bassam@tabbara.com) * Yong Tang, Infoblox (ytang@infoblox.com) * Xu Wang, Hyper (xu@hyper.sh) +* Dan Wilson, Concur (danw@concur.com) * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) From a48fb133f61ff2eae49a6c347b2c63a954177daa Mon Sep 17 00:00:00 2001 From: Philip Lombardi Date: Wed, 1 Nov 2017 14:03:08 -0400 Subject: [PATCH 025/179] Add Philip Lombardi (Datawire.io) to cncf-toc contributors --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index f7656e3..9232a1d 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -35,6 +35,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Dustin Kirkland, Canonical (kirkland@canonical.com) * Clinton Kitson, Dell (Clinton.Kitson@dell.com) * Christopher Liljenstople, Tigera (cdl@asgaard.org) +* Philip Lombardi, Datawire.io (plombardi@datawire.io) * Mark Peek, VMware (markpeek@vmware.com) * Chase Pettet, Wikimedia (cpettet@wikimedia.org) * Ara Pulido, Bitnami (ara@bitnami.com) From 45093ff5fafab6175144b71f0cf40b5e37ee6630 Mon Sep 17 00:00:00 2001 From: Chase Pettet Date: Thu, 2 Nov 2017 08:38:16 -0500 Subject: [PATCH 026/179] Legally I believe we have to called "Wikimedia Foundation" Nothing to see here except trademark goodness. --- CONTRIBUTORS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index f7656e3..d312a08 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -36,7 +36,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Clinton Kitson, Dell (Clinton.Kitson@dell.com) * Christopher Liljenstople, Tigera (cdl@asgaard.org) * Mark Peek, VMware (markpeek@vmware.com) -* Chase Pettet, Wikimedia (cpettet@wikimedia.org) +* Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) * Ara Pulido, Bitnami (ara@bitnami.com) * Gou Rao, Portworx (gou@portworx.com) * Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) From c45ae040de83b1c6f53ee7ef1fb700dce234ae64 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 2 Nov 2017 08:49:28 -0500 Subject: [PATCH 027/179] Add Storage WG readout to Nov 14th --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d66d9dd..2ac7a6e 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ If you're interested in presenting at a TOC call about your project, please open * **October 3, 2017**: NATS.io revisited * **October 17, 2017**: TOC Principles / GB (Todd Moore) and OpenMetrics Update * **November 7, 2017**: Istio, SPIFFE.io and Serverless WG -* **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Project Graduation/Health Reviews (Kubernetes, Prometheus) +* **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Storage WG/CSI and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From d624f40cdad1cc884e17e7171beb3103d4f2ebc8 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 2 Nov 2017 11:48:34 -0500 Subject: [PATCH 028/179] Add Rook revisited for Dec 5th --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ac7a6e..9c4c2fa 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,8 @@ If you're interested in presenting at a TOC call about your project, please open * **October 17, 2017**: TOC Principles / GB (Todd Moore) and OpenMetrics Update * **November 7, 2017**: Istio, SPIFFE.io and Serverless WG * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Storage WG/CSI and Project Graduation/Health Reviews (Kubernetes, Prometheus) -* **December 5, 2017**: TBD (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **December 5, 2017**: Rook +* **January 16, 2017**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 945c86bf335a023bc7f47a3b8062b06588fac8a7 Mon Sep 17 00:00:00 2001 From: lfourie Date: Thu, 2 Nov 2017 12:40:19 -0700 Subject: [PATCH 029/179] Added Louis Fourie --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 842ca80..a97921a 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -27,6 +27,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Gergely Csatari, Nokia (gergely.csatari@nokia.com) * Doug Davis, IBM (dug@us.ibm.com) * Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) +* Louis Fourie, Huawei (louis.fourie@huawei.com) * Yaron Haviv, iguazio (yaronh@iguaz.io) * Quinton Hoole, Huawei (quinton.hoole@huawei.com) * Joseph Jacks, Independent (jacks.joe@gmail.com) From 61eb64bd95cd55337ad11c5ba80f70726743d105 Mon Sep 17 00:00:00 2001 From: Ian Crosby Date: Fri, 3 Nov 2017 14:29:10 +0100 Subject: [PATCH 030/179] Add Ian Crosby to TOC Contributors --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 842ca80..d258350 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -54,3 +54,4 @@ List below is the official list of TOC contributors, in alphabetical order: * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) +* Ian Crosby, Container Solutions (ian.crosby@container-solutions.com) From a4d76e09a140f0f919294a77fd612c60dd6c818c Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Sun, 5 Nov 2017 18:05:31 +0800 Subject: [PATCH 031/179] Add Pengfei Ni to contributors --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 01e6e45..0379729 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -55,4 +55,5 @@ List below is the official list of TOC contributors, in alphabetical order: * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) +* Pengfei Ni, Microsoft (peni@microsoft.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) From 340c61b75676260a4a234b35925ad25a16ed5550 Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Sun, 5 Nov 2017 18:06:25 +0800 Subject: [PATCH 032/179] Sort contributors alphabetically --- CONTRIBUTORS.md | 64 ++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 0379729..d2375fb 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -18,42 +18,42 @@ If you are interested in engaging in this way, we would encourage you to issue a List below is the official list of TOC contributors, in alphabetical order: -* Randy Abernethy, RX-M LLC (randy.abernethy@rx-m.com) -* Josh Bernstein, Dell (Joshua.Bernstein@dell.com) -* Erin Boyd, Red Hat (eboyd@redhat.com) -* Lee Calcote, SolarWinds (leecalcote@gmail.com) -* Nick Chase, Mirantis (nchase@mirantis.com) * Alex Chircop, StorageOS (alex.chircop@storageos.com) -* Gergely Csatari, Nokia (gergely.csatari@nokia.com) -* Doug Davis, IBM (dug@us.ibm.com) -* Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) -* Louis Fourie, Huawei (louis.fourie@huawei.com) -* Yaron Haviv, iguazio (yaronh@iguaz.io) -* Quinton Hoole, Huawei (quinton.hoole@huawei.com) -* Joseph Jacks, Independent (jacks.joe@gmail.com) -* Naadir Jeewa, The Scale Factory (naadir@scalefactory.com) -* Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) -* Dustin Kirkland, Canonical (kirkland@canonical.com) -* Clinton Kitson, Dell (Clinton.Kitson@dell.com) -* Christopher Liljenstople, Tigera (cdl@asgaard.org) -* Philip Lombardi, Datawire.io (plombardi@datawire.io) -* Mark Peek, VMware (markpeek@vmware.com) -* Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) -* Ara Pulido, Bitnami (ara@bitnami.com) -* Gou Rao, Portworx (gou@portworx.com) -* Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) -* Darren Ratcliffe, Atos (darren.ratcliffe@atos.net) -* Ghe Rivero, Independent (ghe.rivero@gmail.com) * Andy Santosa, Ebay (asantosa@ebay.com) -* Yuri Shkuro, Uber (ys@uber.com) -* Eduardo Silva, Treasure Data (eduardo@treasure-data.com) -* Rick Spencer, Bitnami (rick@bitnamni.com) +* Ara Pulido, Bitnami (ara@bitnami.com) * Bassam Tabbara, Quantum (bassam@tabbara.com) -* Yong Tang, Infoblox (ytang@infoblox.com) -* Xu Wang, Hyper (xu@hyper.sh) -* Dan Wilson, Concur (danw@concur.com) * Bob Wise, Samsung SDS (bob@bobsplanet.com) -* Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) +* Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) +* Christopher Liljenstople, Tigera (cdl@asgaard.org) +* Clinton Kitson, Dell (Clinton.Kitson@dell.com) +* Dan Wilson, Concur (danw@concur.com) +* Darren Ratcliffe, Atos (darren.ratcliffe@atos.net) +* Doug Davis, IBM (dug@us.ibm.com) +* Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) +* Dustin Kirkland, Canonical (kirkland@canonical.com) +* Eduardo Silva, Treasure Data (eduardo@treasure-data.com) +* Erin Boyd, Red Hat (eboyd@redhat.com) +* Gergely Csatari, Nokia (gergely.csatari@nokia.com) +* Ghe Rivero, Independent (ghe.rivero@gmail.com) +* Gou Rao, Portworx (gou@portworx.com) +* Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) +* Joseph Jacks, Independent (jacks.joe@gmail.com) +* Josh Bernstein, Dell (Joshua.Bernstein@dell.com) +* Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) +* Lee Calcote, SolarWinds (leecalcote@gmail.com) +* Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) +* Louis Fourie, Huawei (louis.fourie@huawei.com) +* Mark Peek, VMware (markpeek@vmware.com) +* Naadir Jeewa, The Scale Factory (naadir@scalefactory.com) +* Nick Chase, Mirantis (nchase@mirantis.com) * Pengfei Ni, Microsoft (peni@microsoft.com) +* Philip Lombardi, Datawire.io (plombardi@datawire.io) +* Quinton Hoole, Huawei (quinton.hoole@huawei.com) +* Randy Abernethy, RX-M LLC (randy.abernethy@rx-m.com) +* Rick Spencer, Bitnami (rick@bitnamni.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) +* Xu Wang, Hyper (xu@hyper.sh) +* Yaron Haviv, iguazio (yaronh@iguaz.io) +* Yong Tang, Infoblox (ytang@infoblox.com) +* Yuri Shkuro, Uber (ys@uber.com) From 514cf8ecc4453a3497fb24206ed77ae2a5f5c891 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 6 Nov 2017 08:15:10 -0600 Subject: [PATCH 033/179] Add 11/7/17 TOC deck https://goo.gl/LoKyV5 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9c4c2fa..00c2a91 100644 --- a/README.md +++ b/README.md @@ -161,3 +161,4 @@ If you're interested in presenting at a TOC call about your project, please open * [Setember 19th, 2017](https://goo.gl/cgx9j2) * [October 3rd, 2017](https://goo.gl/nsYz4j) * [October 17th, 2017](https://goo.gl/hH6fS4) +* [November 7th, 2017](https://goo.gl/LoKyV5) From 89f6c17fadcafedd1d43bf5b5ef22e0ec383229a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 7 Nov 2017 19:14:01 -0600 Subject: [PATCH 034/179] Inubation review for CoreDNS Signed-off-by: Chris Aniszczyk --- reviews/incubation-coredns.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 reviews/incubation-coredns.md diff --git a/reviews/incubation-coredns.md b/reviews/incubation-coredns.md new file mode 100644 index 0000000..df47c9f --- /dev/null +++ b/reviews/incubation-coredns.md @@ -0,0 +1,30 @@ +To be accepted to the inception stage, a project must: + +* Add value to cloud native computing (i.e., containerization, orchestration, microservices, or some combination) and be aligned with the CNCF [charter](https://cncf.io/about/charter). + + * [https://github.com/kubernetes/community/pull/1100](https://github.com/kubernetes/community/pull/1100) + +* Have all code under an ASL 2.0 license, or another license explicitly approved by the Governing Board. + + * [https://github.com/coredns/coredns/blob/master/LICENSE](https://github.com/coredns/coredns/blob/master/LICENSE) + + * [https://app.fossa.io/projects/git%2Bgithub.com%2Fcoredns%2Fcoredns](https://app.fossa.io/projects/git%2Bgithub.com%2Fcoredns%2Fcoredns) + +To be accepted to incubating stage, a project must meet the inception stage requirements plus: + +* Document that it is being used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope. + + * [https://github.com/coredns/coredns/blob/master/ADOPTERS.md](https://github.com/coredns/coredns/blob/master/ADOPTERS.md) + + * Note: there are private adopters too that CoreDNS is willing to share to TOC privately + +* Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. + + * [https://github.com/coredns/coredns/blob/master/MAINTAINERS](https://github.com/coredns/coredns/blob/master/MAINTAINERS) + +* Demonstrate a substantial ongoing flow of commits and merged contributions + + * [https://github.com/coredns/coredns/releases](https://github.com/coredns/coredns/releases) + + * [https://github.com/coredns/coredns/graphs/contributors](https://github.com/coredns/coredns/graphs/contributors) + From 5cbfd945bd2c0ab121b71d667b8ff299ea5e4d80 Mon Sep 17 00:00:00 2001 From: Sugu Sougoumarane Date: Fri, 10 Nov 2017 22:24:39 -0800 Subject: [PATCH 035/179] Project Proposal: Vitess Original doc: https://docs.google.com/document/d/1p7gqlpQNJpZtsolHeX6vXR4NXXwGrCMsCz8rSi5jsBA/edit# I've made some minor changes based on the formatting of the other proposals. The vendor list was very big (182 lines). So, I shortened by listing top level orgs in some cases. --- proposals/vitess.adoc | 109 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 proposals/vitess.adoc diff --git a/proposals/vitess.adoc b/proposals/vitess.adoc new file mode 100644 index 0000000..980badc --- /dev/null +++ b/proposals/vitess.adoc @@ -0,0 +1,109 @@ +== Vitess + +*Name of project*: Vitess + +*Description*: + +Vitess is a database clustering system for horizontal scaling of MySQL. Using the terminology from the link:http://db.cs.cmu.edu/papers/2016/pavlo-newsql-sigmodrec2016.pdf[Pavlo and Aslett NewSQL survey article], Vitess is “sharding middleware”. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multiple shards. You can split and merge shards as your needs change, with an atomic cutover step that is performed in seconds. Vitess has been serving all YouTube database traffic since 2011, and has grown to encompass tens of thousands of MySQL nodes. It has also gained increasing adoption in the community with about fifteen companies currently in the pipeline, some of whom have already gone into production. For more details, see the link:http://vitess.io/overview/[Vitess overview]. + +*Sponsor / Advisor from TOC*: Brian Grant + +*Unique Identifier*: vitess + +*License*: ALv2 + +*Maturity Level:* Incubating + +*Source control repositories*: https://github.com/youtube/vitess + +*Initial Committers*: + +* Sugu Sougoumarane +* Mike Solomon +* Alain Jobart +* Anthony Yeh +* Michael Berlin + +*Infrastructure requirements*: CI, CNCF Cluster + +*Issue tracker*: https://github.com/youtube/vitess/issues + +*Mailing lists* + +* https://vitess.slack.com (see https://vitess.slackarchive.io) +* https://groups.google.com/forum/#!forum/vitess + +*Website*: http://vitess.io + +*Release methodology and mechanics* + +The current release is v2.1.1. We use the link:http://semver.org/[semantic versioning] numbering system. The releases are announced using link:https://github.com/youtube/vitess/releases[github’s releases] feature and link:http://blog.vitess.io/2017/04/vitess-releases-version-21.html[through a blog post]. Additionally, a release involves tagging of a docker image and a Maven release of the Java client. The next major release changes the client protocols, and will be tagged 3.0. + +The master branch is kept strictly stable, and we encourage users to regularly pull and deploy from it, as YouTube does. Many users have adopted this approach. + +*Social media accounts*: N/A + +*Existing sponsorship*: + +* Google (lead) +* Hubspot (many core contributions) +* Slack (many core contributions) +* Flipkart (Java client) +* BetterCloud (TLS support) +* Pixel Federation (PHP client) + +*Adopters*: Source: https://github.com/youtube/vitess/blob/master/ADOPTERS.md + +* Axon +* BetterCloud +* FlipKart +* HubSpot +* Nozzle +* Pixel Federation +* Quiz of Kings +* Slack +* Square +* Stitch Labs +* YouTube + +*Statement on alignment with CNCF mission*: + +NoSQL storage systems were designed to scale out, but focus on unstructured and non-transactional data. However, it is complex to migrate or build applications that truly need transactions, indexes, and joins over structured data using NoSQL. NewSQL storage systems such as Vitess fill that gap, and enable more applications to migrate to cloud-native architectures and to scale out. Vitess was built to be cloud-native for use within Google, and can link:http://vitess.io/getting-started/[run on Kubernetes]. + +*External Dependencies*: Full list: https://github.com/youtube/vitess/blob/master/vendor/vendor.json. Top level orgs: + +* cloud.google.com/ +* github.com/aws/aws-sdk-go/ +* github.com/beorn7/perks/quantile +* github.com/coreos/ +* github.com/davecgh/go-spew +* github.com/ghodss/yaml +* github.com/go-ini/ini +* github.com/golang +* github.com/googleapis/gax-go +* github.com/gopherjs/gopherjs/js +* github.com/gorilla/websocket +* github.com/grpc-ecosystem +* github.com/hashicorp/ +* github.com/influxdb/influxdb/client +* github.com/jmespath/go-jmespath +* github.com/jtolds/gls +* github.com/mattn/go-runewidth +* github.com/matttproud/golang_protobuf_extensions +* github.com/minio/minio-go +* github.com/olekukonko/tablewriter +* github.com/pborman/uuid +* github.com/pmezard/go-difflib +* github.com/prometheus +* github.com/samuel/go-zookeeper/zk +* github.com/satori/go.uuid +* github.com/sergi/go-diff +* github.com/smartystreets +* github.com/stretchr/testify +* github.com/tchap/go-patricia +* github.com/yudai/gojsondiff +* github.com/yudai/golcs +* golang.org/x +* google.golang.org/ + +*Other Contributors*: https://github.com/youtube/vitess/graphs/contributors From e3042227efd6469b39e3189a6aaed9a53a2bd4d1 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 14 Nov 2017 09:58:33 +0500 Subject: [PATCH 036/179] Add 11/14/17 TOC deck https://goo.gl/vKbawR --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 00c2a91..661899f 100644 --- a/README.md +++ b/README.md @@ -162,3 +162,4 @@ If you're interested in presenting at a TOC call about your project, please open * [October 3rd, 2017](https://goo.gl/nsYz4j) * [October 17th, 2017](https://goo.gl/hH6fS4) * [November 7th, 2017](https://goo.gl/LoKyV5) +* [November 14th, 2017](https://goo.gl/vKbawR) From db9de08440bd049c9cfc294f12cd5bd86e9824ec Mon Sep 17 00:00:00 2001 From: Sugu Sougoumarane Date: Mon, 13 Nov 2017 22:01:04 -0800 Subject: [PATCH 037/179] add license info for dependencies --- proposals/vitess.adoc | 66 +++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/proposals/vitess.adoc b/proposals/vitess.adoc index 980badc..20eb01a 100644 --- a/proposals/vitess.adoc +++ b/proposals/vitess.adoc @@ -72,38 +72,38 @@ NoSQL storage systems were designed to scale out, but focus on unstructured and *External Dependencies*: Full list: https://github.com/youtube/vitess/blob/master/vendor/vendor.json. Top level orgs: -* cloud.google.com/ -* github.com/aws/aws-sdk-go/ -* github.com/beorn7/perks/quantile -* github.com/coreos/ -* github.com/davecgh/go-spew -* github.com/ghodss/yaml -* github.com/go-ini/ini -* github.com/golang -* github.com/googleapis/gax-go -* github.com/gopherjs/gopherjs/js -* github.com/gorilla/websocket -* github.com/grpc-ecosystem -* github.com/hashicorp/ -* github.com/influxdb/influxdb/client -* github.com/jmespath/go-jmespath -* github.com/jtolds/gls -* github.com/mattn/go-runewidth -* github.com/matttproud/golang_protobuf_extensions -* github.com/minio/minio-go -* github.com/olekukonko/tablewriter -* github.com/pborman/uuid -* github.com/pmezard/go-difflib -* github.com/prometheus -* github.com/samuel/go-zookeeper/zk -* github.com/satori/go.uuid -* github.com/sergi/go-diff -* github.com/smartystreets -* github.com/stretchr/testify -* github.com/tchap/go-patricia -* github.com/yudai/gojsondiff -* github.com/yudai/golcs -* golang.org/x -* google.golang.org/ +* cloud.google.com/ - ALv2 +* github.com/aws/aws-sdk-go/ - ALv2 +* github.com/beorn7/perks - MIT +* github.com/coreos/ - ALv2 +* github.com/davecgh/go-spew - ISC (https://github.com/davecgh/go-spew/blob/master/LICENSE) +* github.com/ghodss/yaml - MIT +* github.com/go-ini/ini - ALv2 +* github.com/golang - ALv2 +* github.com/googleapis/gax-go - BSD3 +* github.com/gopherjs/gopherjs - BSD2 +* github.com/gorilla/websocket - BSD2 +* github.com/grpc-ecosystem - ALv2 +* github.com/hashicorp/ - MPL2 (https://github.com/hashicorp/consul/blob/master/LICENSE) +* github.com/influxdb/influxdb - MIT +* github.com/jmespath/go-jmespath - ALv2 +* github.com/jtolds/gls - MIT +* github.com/mattn/go-runewidth - MIT +* github.com/matttproud/golang_protobuf_extensions - ALv2 +* github.com/minio/minio-go - ALv2 +* github.com/olekukonko/tablewriter - MIT +* github.com/pborman/uuid - BSD3 +* github.com/pmezard/go-difflib - BSD3 +* github.com/prometheus - ALv2 +* github.com/samuel/go-zookeeper - BSD3 +* github.com/satori/go.uuid - MIT +* github.com/sergi/go-diff - MIT +* github.com/smartystreets - MIT with addendum (https://github.com/smartystreets/assertions/blob/master/LICENSE.md) +* github.com/stretchr/testify - MIT +* github.com/tchap/go-patricia - MIT +* github.com/yudai/gojsondiff - MIT with addendum (https://github.com/yudai/gojsondiff/blob/master/LICENSE) +* github.com/yudai/golcs - MIT +* golang.org/x - BSD3 +* google.golang.org/ - BSD3 *Other Contributors*: https://github.com/youtube/vitess/graphs/contributors From ebfcf02e780861de6736d371273ec09f052fcd2f Mon Sep 17 00:00:00 2001 From: Sunil James Date: Wed, 15 Nov 2017 00:42:21 -0800 Subject: [PATCH 038/179] Project Proposal: SPIFFE As requested during the 7 November 2017 CNCF TOC meeting (https://goo.gl/LoKyV5), we submit SPIFFE for consideration to be included as a CNCF project. Note: the original Google doc containing this content is available at https://goo.gl/gxjRCx --- proposals/spiffe.adoc | 140 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 proposals/spiffe.adoc diff --git a/proposals/spiffe.adoc b/proposals/spiffe.adoc new file mode 100644 index 0000000..852b3b2 --- /dev/null +++ b/proposals/spiffe.adoc @@ -0,0 +1,140 @@ +== SPIFFE + +*Name of project*: SPIFFE + +*Description*: + +With microservices, container orchestrators, and cloud computing leading to the deployment of increasingly dynamic and heterogeneous production environments, conventional network and application security practices struggle to scale under such distributed design patterns. + +Further, engineers must be involved in how applications are deployed and managed in such environments; and operations teams require deeper visibility into managed applications. + +As we move to a more evolved security stance, we must create technology frameworks that enable the aforementioned to play active roles in easily building secure, distributed applications. **SPIFFE (aka the “Secure Production Identity Framework for Everyone”)** is one such framework. + +SPIFFE comprises three (3) components: + +1. **SPIFFE ID**: A specification defining how workloads identify themselves to each other; such an ID is implemented as a Uniform Resource Identifier (URI). +1. **SPIFFE Verifiable Identity Document (SVID)**: a specification for encoding SPIFFE IDs in a cryptographically-verifiable document. +1. **SPIFFE Workload API**: An API specification to issue and/or retrieve SVIDs. + +The SPIFFE Workload API does not require a calling workload to 1) have a priori knowledge of its identity; or 2) possess authentication token(s) when calling the API. + +Implementations of the SPIFFE Workload API can 1) run on and across multiple platforms; and 2) identify running workloads at a process “and” kernel level, making it suitable for use with container schedulers like Kubernetes. + +Building upon work done at Bell Labs (Plan 9), Google (LOAS), and others, **SPIRE (aka the “SPIFFE Runtime Environment”)** is an open-source software implementation of SPIFFE that can bootstrap and issue cryptographically verifiable identity to workloads running on heterogeneous environments and organizational boundaries. SPIRE consists of two (2) components: + +1. **SPIRE Server**: provides a central registry of SPIFFE IDs, and the attestation policies describing which workloads can assume said identities. Attestation policies describe the properties a workload must exhibit to be assigned a SPIFFE ID, and are described as a mix of process attributes (such as a Linux UID, or Kubernetes service account) and infrastructure attributes (such as running in a Amazon EC2 instance with a particular tag). + +1. **SPIRE Agent**: runs on any kernel and exposes the local workload API to any process that needs a SPIFFE ID, key, and/or trust bundle. On *nix systems, this API is exposed locally through a Unix domain socket. By verifying the attributes of a calling workload, the workload API avoids requiring the workload to supply a secret in order to authenticate. + +SPIRE’s 12-month roadmap is exciting and will deliver multiple features: + +* Production readiness, including HA mode, versioned APIs, documented SLOs, >80% test coverage, and functional testing in release train. +* Support for automatic bootstrapping and node attestation on public cloud platforms (Amazon Web Services, Microsoft Azure, and Google Cloud Platform). +* Support for automatic bootstrapping and node attestation on virtualization platforms (VMWare and OpenStack). +* Support for Microsoft Windows-based workloads. +* SPIFFE Workload API client libraries in Go, C, Java, and Javascript, with support for TLS negotiation and JWT signing. +* gRPC support for the SPIFFE Workload API. +* SPIFFE Workload API certificate helpers for Linux and Windows. +* A standards conformance test suite. +* Secure introduction to popular products, including Lyft Envoy and Hashicorp Vault. + +*Sponsor / Advisor from TOC*: Brian Grant + +*Preferred maturity level*: Inception + +*Unique Identifier*: spiffe + +*License*: ALv2 + +*Source control repositories*: + +SPIFFE has its own “top-level” link:https://github.com/spiffe[GitHub organization], within which resides the link:https://github.com/spiffe/spiffe[SPIFFE] and link:https://github.com/spiffe/spire[SPIRE] repositories. + +*Initial Committers*: + +This link:https://github.com/spiffe/spiffe/blob/master/CODEOWNERS[document] captures SPIFFE’s current committers, while this link:https://github.com/spiffe/spire/blob/master/CODEOWNERS[document] captures SPIRE’s current committers. + +*Infrastructure requirements*: + +SPIFFE's test suite and SPIRE’s continuous integration (CI) tests are currently executed on Travis-CI.org. Longer term, we seek access to the CNCF test cluster to automatically run functional, integration, and performance tests. + +*Issue tracker*: + +Issues are tracked with GitHub Issues feature link:https://github.com/spiffe/spiffe/issues[here]. + +*Mailing lists* + +SPIFFE has the following primary mailing lists, nearly all of which were used primarily for ACLing meeting documents and calendar invites. The lists do have some activity, but the overwhelming activity occurs in SPIFFE’s link:https://spiffe.slack.com/[Slack] channel. More details can be found link:https://github.com/spiffe/spiffe#communications[here]. + +* [Discussions] Developers & Contributors (link:https://groups.google.com/a/spiffe.io/forum/#!forum/dev-discussion[website]): used by The purpose of this Google Group is for SPIFFE developers and contributors to discuss design and implementation issues. + +* [Discussions] Users (link:https://groups.google.com/a/spiffe.io/forum/#!forum/user-discussion[website]): The purpose of this Groogle Group is to give feedback, ask questions, and interact with the SPIFFE community. You can also check out SPIFFE on GitHub. + +* [SIG] Components (link:https://groups.google.com/a/spiffe.io/forum/#!forum/sig-components[website]): The purpose of this Google Group is to discuss items related to the components and APIs tied to SPIFFE's reference implementation (SPIRE) and its architecture. Topics such as role of Node Agent vs. Cluster CA, API semantics, and others serve as good examples of what's to be discussed. + +* [SIG] Specification (link:https://groups.google.com/a/spiffe.io/forum/#!forum/sig-specification[website]): The purpose of this Google Group is to discuss items related to the SPIFFE specifications. + +* SPIFFE Announce (link:https://groups.google.com/a/spiffe.io/forum/#!forum/announce[website]): The purpose of this Google Group is to share community-wide announcements about SPIFFE and SPIRE. + +* Technical Steering Committee (link:https://groups.google.com/a/spiffe.io/forum/#!forum/tsc[website]): This is an ACLd distribution group for communications amongst members of the SPIFFE’s Technical Steering Committee. + +*Website*: + +SPIFFE’s link:https://www.spiffe.io/[website] is based on GitHub Pages. It primarily serves as a landing page for the project’s primary documents, and mostly redirects to the GitHub repositories. + +*Release methodology and mechanics* + +SPIRE operates on a 30 to 60-day release cadence, with releases marked with versioned git tags. RC-quality code is periodically tagged off of the master branch before the final release. RC and final releases include binaries for glibc-based Linux platforms. The SPIFFE standards themselves are currently unversioned. + +*Social media accounts*: + +SPIFFE’s only social media account is on link:https://twitter.com/spiffeio[Twitter]. + +*Existing sponsorship*: + +link:https://www.scytale.io[Scytale, Inc.] and link:https://www.google.com[Google] currently serves as SPIFFE’s primary sponsors. + +*Contributor statistics*: + +The various SPIFFE projects currently have 16 active contributors from 8 organizations, including Scytale, Twilio, Square, Buoyant.io, and OvrClk. 11 contributors are granted the ability to commit changes across some or all of the codebase. + +*External Dependencies*: + +SPIRE has the following build-time dependencies: + +* golang (BSD 3-clause) +* go.uuid (MIT) +* golang/protobuf (BSD 3-clause) +* logrus (MIT) +* go-grpc (Apache 2.0) +* go-plugin (MPL-2.0) +* hcl (MPL-2.0) +* gorm (MIT) +* gopsutil (BSD 3-clause) +* go-hclog (MIT) +* grpc-gateway (BSD 3-clause, Apache 2.0) +* inflection (MIT) +* go-bindata (CC0 1.0) +* go-sqlite3 (MIT) +* sqlite (public domain) + +As a golang project, SPIRE has no special runtime dependencies. + +*Statement on alignment with CNCF mission*: + +We believe aligning on a common representation of workload identity, and proscribing best practices for identity issuance and delivery are critical for widespread adoption of cloud-native architectures. SPIFFE provides exactly this capability. + +We see organizations adopting SPIFFE in conjunction with other CNCF-sponsored projects to deliver robust and secure production systems. Concrete examples include: + +* Providing the basis for authentication between Kubernetes-hosted workloads, between workloads hosted across multiple Kubernetes clusters, and workloads hosted outside of Kubernetes. +* Providing the basis of identity and establishing TLS between endpoints of a service mesh implemented with Envoy and/or Linkerd. +* Authentication and TLS between gRPC servers and clients. +* Identifying workloads when exporting telemetry to systems such as Prometheus, Jaeger, and fluentd, and establishing mTLS to the same. +* Enforcing that only Notary-signed images be issued valid identities in production environments. + +*Additional CNCF asks*: + +* Public relations (including analyst relations and social media management) +* Marketing (case studies, store) +* Certification (expert certification, software conformance, training) +* Legal (trademark, copyright, patents, licenses) From 89bb4c4fcf2373509515f1100435e106623d9a63 Mon Sep 17 00:00:00 2001 From: Quinton Hoole Date: Tue, 3 Oct 2017 15:03:31 -0700 Subject: [PATCH 039/179] Add technical due diligence guidelines. --- process/due-diligence-guidelines.md | 147 ++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 process/due-diligence-guidelines.md diff --git a/process/due-diligence-guidelines.md b/process/due-diligence-guidelines.md new file mode 100644 index 0000000..fc0e78a --- /dev/null +++ b/process/due-diligence-guidelines.md @@ -0,0 +1,147 @@ +# Due Diligence Guidelines + +This page provides guidelines to those leading or contributing to due +diligence exercises performed by or on behalf of the Technical +Oversight Committee of the CNCF. + +## Introduction + +Part of the evaluation process in deciding upon initial or continued +inclusion of projects into the CNCF is a Technical Due Diligence +('Tech DD') exercise. Ultimately the voting members of the TOC will, +on the basis of this and other information, vote for or against the +inclusion of each project at the relevant time. + +## Leading a Technical Due Diligence + +### Primary Goals + +To enable the voting TOC members to cast an informed vote about a +project, it is crucial that each member is able to form their own +opinion as to whether and to what extent the project meets the agreed +upon [criteria](https://www.cncf.io/projects/graduation-criteria/) for +inception, incubation or graduation. As the leader of a DD, your job +is to make sure that they have whatever information they need, +succinctly and readily available, to form that opinion. + +As a secondary goal, it is in the interests of the broader CNCF +ecosystem that there exists some reasonable degree of consensus across +the community regarding the inclusion or otherwise of projects at the +various maturity levels. Making sure that the relevant information is +available, and any disagreement or misunderstanding as to it's +validity are ideally resolved, helps to foster this consensus. + +### Where to start + +* make sure you're clear on the [TOC Principles](https://github.com/cncf/toc/blob/toc-principles/principles.md), + the [project proposal process](https://github.com/cncf/toc/blob/master/process/project_proposals.adoc), + the [graduation criteria](https://www.cncf.io/projects/graduation-criteria/) + and [desired cloud native properties](https://www.cncf.io/about/charter/) are. The project sponsor (a member + of the TOC) should have assisted in crafting the proposal to explain why it's a good fit for the CNCF. If anything's + unclear to you, reach out to the project sponsor or, failing that, the TOC mailing list for advice. +* make sure you've read, in detail, the relevant [project proposal](https://github.com/cncf/toc/tree/master/proposals), + This will usually be in the form of an [open pull request](https://github.com/cncf/toc/pulls). + Consider holding off on commenting on the PR until you've completed the next three steps. +* take a look at some [previous submissions](https://github.com/cncf/toc/pulls?utf8=%E2%9C%93&q=is%3Apr) + (both successful and unsuccessful) to help calibrate your expectations. +* Verify that all of the basic [project proposal requirements](https://github.com/cncf/toc/blob/master/process/project_proposals.adoc) have been provided. +* do as much reading up as you need to (and consult with experts in the specific field) in order to familiarize yourself with the technology + landscape in the immediate vicinity of the project (and don't only use the proposal and that project's documentation as a guide in this regard). +* at this point you should have a very clear technical idea of what exactly the project actually does and does not do, roughly how it compares with and differs from + similar projects in it's technology area, and/or a set of unanswered questions in those regards. +* go through the [graduation criteria](https://www.cncf.io/projects/graduation-criteria/) and for each item, + decide for yourself whether or not you have enough info to make a strong, informed call on that item. + * If so, write it down, with motivation. + * If not, jot down what information you feel you're missing. + * Also take note of what unanswered questions the community might have posted in the PR review that you consider + to be critically important. + +### Some example questions that will ideally need clear answers + +Most of these should be covered in the project proposal document. The +due diligence exercise involves validating any claims made there, +verifying adequate coverage of the topics, and possibly summarizing +the detail where necessary. + +#### Technical + +* An architectural, design and feature overview should be available. + ([example](https://github.com/docker/notary/blob/master/docs/service_architecture.md), + [example](https://github.com/docker/notary/blob/master/docs/command_reference.md)) +* What are the primary target cloud-native use cases? Which of those: + * Can be accomplished now. + * Can be accomplished with reasonable additional effort (and are ideally already on the project roadmap). + * Are in-scope but beyond the current roadmap. + * Are out of scope. +* What are the current performance, scalability and resource consumption bounds of the software? Have these been explicitly tested? + Are they appropriate given the intended usage (e.g. agent-per-node or agent-per-container need to be lightweight, etc)? +* What exactly are the failure modes? Are they well understood? Have they been tested? Do they form part of continuous integration testing? + Are they appropriate given the intended usage (e.g. cluster-wide shared services need to fail gracefully etc)? +* What trade-offs have been made regarding performance, scalability, complexity, reliability, security etc? Are these trade-offs explicit or implicit? + Why? Are they appropriate given the intended usage? Are they user-tunable? +* What are the most important holes? No HA? No flow control? Inadequate integration points? +* Code quality. Does it look good, bad or mediocre to you (based on a spot review). How thorough are the code reviews? Substance over form. + Are there explicit coding guidelines for the project? +* Dependencies. What external dependencies exist, do they seem justified? +* What is the release model? Versioning scheme? Evidence of stability or otherwise of past stable released versions? +* What is the CI/CD status? Do explicit code coverage metrics exist? If not, what is the subjective adequacy of automated testing? + Do different levels of tests exist (e.g. unit, integration, interface, end-to-end), or is there only partial coverage in this regard? Why? +* What licensing restrictions apply? Again, CNCF staff will handle the full legal due diligence. +* What are the recommended operational models? Specifically, how is it operated in a cloud-native environment, such as on Kubernetes? + +#### Project + +The key high-level questions that the voting TOC members will be looking to have answered are (from the [graduation criteria](https://www.cncf.io/projects/graduation-criteria/): + +* Do we believe this is a growing, thriving project with committed contributors? +* Is it aligned with CNCF's values and mission? +* Do we believe it could eventually meet the graduation criteria? +* Should it start at the inception level or incubation level? + +Some details that might inform the above include: + +* Does ithe project have a sound, documented process for source control, issue tracking, release management etc. +* Does it have a documented process for adding committers? +* Does it have a documented governance model of any kind? +* Does it have committers from multiple organizations? +* Does it have a code of conduct? +* Does it have a license? Which one? Does it have a CLA or DCO? Are the licenses of it's dependencies compatible with their usage and CNCF policies? + CNCF staff will handle the full legal due diligence. +* What is the general quality of informal communication around the project (slack, github issues, PR reviews, technical blog posts, etc)? +* How much time does the core team commit to the project? +* How big is the team? Who funds them? Why? How much? For how long? +* Who are the clear leaders? Are there any areas lacking clear leadership? Testing? Release? Documentation? These roles sometimes go unfilled. +* Besides the core team, how active is the surrounding community? Bug reports? Assistance to newcomers? Blog posts etc. +* Do they make it easy to contribute to the project? If not, what are the main obstacles? +* Are there any especially difficult personalities to deal with? How is this done? Is it a problem? +* What is the rate of ongoing contributions to the project (typically in the form of merged commits). + +#### Users + +* Who uses the project? Get a few in-depth references from 2-4 of them who actually know and understand it. +* What do real users consider to be it's strengths and weaknesses? Any concrete examples of these? +* Perception vs Reality: Is there lots of buzz, but the software is flaky/untested/unused? Does it have a bad reputation for some flaw that has already been addressed? + +#### Context + +* What is the origin and history of the project? +* Where does it fit in the market and technical ecosystem? +* Is it growing or shrinking in that space? Is that space growing or shrinking? +* How necessary is it? What do people who don't use this project do? Why exactly is that not adequate, and in what situations? +* Clearly compare and contrast with peers in this space. A summary matrix often helps. + Beware of comparisons that are too superficial to be useful, or might have been manipulated so as to favor some projects over others. + Most balanced comparisons will include both strengths and weaknesses, require significant detailed research, and usually there is no hands-down winner. + Be suspicious if there appears to be one. + +#### Other advice + +* Bring in other people (e.g. from your company) who might be more familiar with a + particular area than you are, to assist where needed. Even if you know the area, + additional perspectives from experts are usually valuable. +* Conduct as much of the investigation in public as is practical. For example, favor explicit comments on the + submission PR over private emails, phone calls etc. By all means conduct whatever communication might be + necessary to do a thorough job, but always try to summarize these discussions in the PR so that others can follow along. +* Explicitly disclose any vested interest or potential conflict of interest that you, the project sponsor, + the project champion, or any of the reviewers have in the project. If this creates any significant concerns regarding + impartiality, its usually best for those parties to recuse themselves from the submission and it's evaluation. +* Fact-check where necessary. If an answer you get to a question doesn't smell right, check the underlying data, or get a second/third... opinion. \ No newline at end of file From 27128476ba40eec84dd754c269e77810bed26914 Mon Sep 17 00:00:00 2001 From: Ken Owens Date: Mon, 27 Nov 2017 15:29:30 -0600 Subject: [PATCH 040/179] Create Open Policy Agent Proposal for Review --- proposals/Open Policy Agent | 182 ++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 proposals/Open Policy Agent diff --git a/proposals/Open Policy Agent b/proposals/Open Policy Agent new file mode 100644 index 0000000..0c0c2fc --- /dev/null +++ b/proposals/Open Policy Agent @@ -0,0 +1,182 @@ +# Project Description + +Every organization has unique policies that affect the entire stack. These policies are vital to long term success because they codify +important requirements around cost, performance, security, legal regulation, and more. At the same time, organizations often rely on +tribal knowledge and documentation to ensure that policies are enforced correctly. While these approaches are known to be error prone, +they exist because systems frequently lack the flexibility and expressiveness required to automate policy enforcement. + +The Open Policy Agent (OPA) is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. +OPA empowers administrators with greater control and flexibility so that organizations can automate policy enforcement at any layer. + +At the core of OPA is a high-level declarative language (and runtime) that allows administrators to enforce policies across multiple +domains such as API authorization, admission control, workload placement, storage, and networking. OPA’s language is purpose-built for +expressing policy decisions. The language has rich support for processing complex data structures as well as performing search and +aggregation across context required for policy decisions. The language also provides support for encapsulation and composition so that +complex policies can be shared and re-used. Finally, the language includes a standard library of built-in functions for performing math +operations, string manipulation, date/time parsing, and more. + +With OPA, policy decisions are decoupled from applications and services so that policy logic can be modified easily and upgraded +on-the-fly without requiring expensive, time consuming development and release cycles. + +OPA provides simple APIs to offload policy decisions from applications and services. Policy decisions are computed by OPA and returned +to callers as structured data. Callers integrate with OPA by executing policy queries that can include arbitrary input values. For +example, an API gateway might supply incoming API requests as input and expect boolean values (representing allow/deny decisions) as +output. On the other hand, a container orchestrator might supply workload resources as input and expect a map of clusters and weights +to drive workload placement as output. See the appendix for sample policies that cover these use cases. + +OPA itself is written in Go and can be integrated as a library, host-level daemon, or sidecar container. OPA provides APIs to load and +manage policies as well as external data. Finally, OPA provides rich tooling to support the development, testing, and debugging of +policies. + +Since the initial release in July 2016, OPA’s mission has been to provide a powerful building block that enables policy-based control +across the stack. OPA’s roadmap for the next 12 months includes improvements to the language, integration with Google’s CEL, expansion +of the standard policy library, as well as continued hardening and performance optimization. + +**Sponsor from TOC:** Ken Owens + +**Preferred Maturity Level:** Inception + +**License:** Apache License v2 + +# Source Control +https://github.com/open-policy-agent/opa +https://github.com/open-policy-agent/library + +# External Dependencies + +github.com/ghodss/yaml MIT License +github.com/gorilla/mux BSD 3-clause "New" or "Revised" License +github.com/mattn/go-runewidth MIT License +github.com/olekukonko/tablewriter MIT License +github.com/peterh/liner MIT License +github.com/pkg/errors BSD 2-clause "Simplified" License +github.com/sirupsen/logrus MIT License +github.com/spf13/cobra Apache License 2.0 +github.com/spf13/pflag BSD 3-clause "New" or "Revised" License +golang.org/x/crypto/ssh/terminal BSD 3-clause "New" or "Revised" License +golang.org/x/sys/unix BSD 3-clause "New" or "Revised" License +gopkg.in/fsnotify.v1 BSD 3-clause "New" or "Revised" License +gopkg.in/yaml.v2 Apache License 2.0 + + +**Initial Committers:** Torin Sandall and Tim Hinrichs from Styra (since creation), Tristan Swadell from Google (since May 2017) + +**Infrastructure Requests:** None initially. CI is currently hosted on Travis and covered by the free tier for open source projects. In +the future, we would like to leverage CNCF test clusters for system testing integrations built as part of the OPA project. + +**Communication Channels:** +Slack: http://slack.openpolicyagent.org + +**Issue Tracker:** https://github.com/open-policy-agent/opa/issues + +**Website:** http://www.openpolicyagent.org + +# Release Methodology and Mechanics + +We currently use numbered releases with the changelog and binaries published to https://github.com/open-policy-agent/opa/releases. +The release process is partially automated with manual portions assisted by scripts. The current release process is documented here: +https://github.com/open-policy-agent/opa/blob/master/docs/devel/RELEASE.md. The release schedule is somewhat ad-hoc, aligned around +large feature boundaries. + +**Social Media Accounts:** +Twitter: https://twitter.com/openpolicyagent + +# Community Size and any Existing Sponsorship + +Adopters: +Netflix +Medallia +Schuberg Phillis +Huawei +More: At least one large financial institution and one large online retailer is testing OPA + +Integrations: +Kubernetes (Use cases: federated resource placement, admission control) +Docker (Use cases: Docker engine authorization) +Istio (Use cases: microservice API authorization) +Linkerd (Use cases: microservice API authorization) +OpenSDS (Use cases: storage scheduling) +Terraform (Use cases: risk management on terraform plans) +PAM (Use cases: SSH and sudo authorization) +Cloud Foundry buildpack to enable microservice API authorization + +**Sponsors** +https://www.styra.com +https://www.firebase.com (Google) + +**Numbers:** +3 active contributors currently (2 from Styra, 1 from Google), with 8 other contributors over past 12 months. +80 stars +49 members on Slack +31 releases + +# Statement of Alignment with CNCF Mission + +As cloud native technology matures and enterprise adoption increases, the need for policy-based control has become apparent. OPA +provides a powerful building-block that enables fine-grained, expressive policy enforcement. As such, we think that OPA would be a +great for fit for the CNCF + +# Benefits to the CNCF + +The ecosystem must provide solutions to control who can do what across microservice deployments because legacy approaches to access +control do not satisfy the requirements of modern environments. OPA provides a purpose-built language and runtime that can be used to +author and enforce authorization policy. As such, we feel that OPA will complement the CNCF’s portfolio and help accelerate adoption of +cloud native technology in enterprises. In the longer term, we think that enterprises will benefit from a unified approach to policy +enforcement can be applied across the stack. + +# What does OPA need from the CNCF + +OPA needs a well respected, vendor-neutral home that can help serve as a rallying point around policy as code. In addition to increased +visibility, we hope that inclusion in the CNCF will foster communication between OPA and other projects in the ecosystem. As the project +grows, we would want to leverage the CNCF’s expertise around project governance and community standards as those are fundamental to the +long term success of the project. + +The project does not have any infrastructure requests at this time. CI is currently hosted on Travis and covered by the free tier for +open source projects. In the future, we would like to leverage CNCF test clusters for system testing integrations built as part of the +OPA project. + +# Appendix A: REST API Authorization Example + +This sample shows two simple rules that enforce an authorization policy on an API that serves salary data. In English, the policy says +that employees can see their own salary and the salary of any of their reports. + +allow { + input.method = "GET" + input.path = ["salary", employee_id] + input.user = employee_id +} + + +allow { + input.method = "GET" + input.path = ["salary", employee_id] + input.user = data.management_chain[employee_id][_] +} + + +The first rule allows employees to GET their own salary. The rule shows how you can use variables in rules. In that rule, employee_id is +a variable that will be bound to the same value across the last two expressions. + +The second rule allow employees to GET the salary of their reports. The rule shows how you can access arbirary context (e.g., JSON data) +inside the policy. The data may loaded into the policy engine (and cached) or it may be external and fetched dynamically. + + +# Appendix B: Cluster Placement Example + +This sample shows a simple rule that generates a set of clusters that a workload may be deployed to. The workload is provided as input +to policy. In English, the policy says that workloads must be placed on clusters that satisfy the workload’s jurisdiction requirements. + +desired_clusters = {name | + cluster = data.clusters[name] + satisfies_jurisdiction(input.deployment, cluster) +} + + +satisfies_jursidiction(deployment, cluster) { + deployment.jurisdiction = "europe" + startswith(cluster.region, "eu") +} else { + not deployment.jurisdiction +} + +This example shows how logic can be composed across rules and functions. From dc63ecbec8f10a558ba2d62a6795f02b6d19a66f Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 27 Nov 2017 15:46:34 -0600 Subject: [PATCH 041/179] Update agenda for Dec 5th/7th --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 661899f..4fac50c 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,8 @@ If you're interested in presenting at a TOC call about your project, please open * **October 17, 2017**: TOC Principles / GB (Todd Moore) and OpenMetrics Update * **November 7, 2017**: Istio, SPIFFE.io and Serverless WG * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Storage WG/CSI and Project Graduation/Health Reviews (Kubernetes, Prometheus) -* **December 5, 2017**: Rook +* **December 5, 2017**: Rook, OpenOverlay +* **December 7, 2017**: KubeCon/CloudNativeCon F2F * **January 16, 2017**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes @@ -163,3 +164,5 @@ If you're interested in presenting at a TOC call about your project, please open * [October 17th, 2017](https://goo.gl/hH6fS4) * [November 7th, 2017](https://goo.gl/LoKyV5) * [November 14th, 2017](https://goo.gl/vKbawR) +* [December 5th, 2017](https://goo.gl/77pMFY) +* [December 7th, 2017](https://goo.gl/Ugo7F9) From 1fb4651317a6f4fee56513120ec68c8a50f1b4bb Mon Sep 17 00:00:00 2001 From: Bassam Tabbara Date: Thu, 13 Jul 2017 21:57:18 -0700 Subject: [PATCH 042/179] proposals: add rook --- proposals/rook.adoc | 155 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) create mode 100644 proposals/rook.adoc diff --git a/proposals/rook.adoc b/proposals/rook.adoc new file mode 100644 index 0000000..47a64bf --- /dev/null +++ b/proposals/rook.adoc @@ -0,0 +1,155 @@ +== Rook + +*Name of project:* Rook + +*Description:* + +Rook is an open source orchestrator for distributed storage systems running in cloud native environments. + +Distributed storage systems are inherently complex -- they define strong consistency and durability guarantees that must hold even when scaling, upgrading, and running maintenance operations. They require careful provisioning and balancing of resources to optimize access to data and maintain durability. It's common for such systems to require dedicated administrators. + +Rook turns distributed storage systems into self-managing, self-scaling, and self-healing storage services. It does this by automating the tasks of a storage administrator including deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. Rook leverages the power of the underlying cloud-native container management, scheduling, and orchestration platform to perform its duties. + +Rook integrates deeply into cloud native environments leveraging extension points and providing a seamless experience for scheduling, lifecycle management, resource management, security, monitoring, and user experience. + +Rook is currently in alpha state and has focused initially on orchestrating Ceph on-top of Kubernetes. Ceph is a distributed storage system that provides file, block and object storage and is deployed in large scale production clusters. Rook is planning to be production ready by Dec'17 for block storage deployments on-top of Kubernetes. + +With community participation, Rook plans to add support for other storage systems beyond Ceph and other cloud native environments beyond Kubernetes. The logic for orchestrating storage systems can be reused across storage backends. Also having common abstractions, packaging, and integrations reduces the burden of introducing storage back-ends and improves the overall experience. + +*Statement on alignment with CNCF mission:* + +Rook is well-aligned with CNCF's goals and mission of promoting cloud-native computing. Rook adheres to the core principles of cloud-native systems: container packaged, micro-services oriented, and dynamically managed. + +Rook is complimentary to other CNCF projects like Kubernetes and Prometheus. It integrates and extends Kubernetes and has a strong alignment on design and architecture. Rook is itself implemented as a controller (reconciling desired and actual state), and uses the Kubernetes API extensively to perform its functions. Rook exposes monitoring and instrumentation via Prometheus. + +Rook brings distributed storage services into cloud-native environments beyond what has been done to date with plugins (including CSI). We believe that by running storage systems on-top of cloud-native environments we will be a step closer to the multi-cloud vision. + +*Sponsor / Advisor from TOC:* Benjamin Hindman + +*Unique identifier:* rook + +*Preferred maturity level:* inception + +*License:* Apache License v2.0 + +*Source control repositories:* https://github.com/rook/rook + +*External Dependencies:* + +Golang package dependencies: + +* https://github.com/coreos/pkg (Apache v2.0) +* https://github.com/go-ini/ini (Apache v2.0) +* https://github.com/google/uuid (BSD 3-Clause) +* https://github.com/gorilla/mux (Apache v2.0) +* https://github.com/jbw976/go-ps (Apache v2.0) +* https://github.com/kubernetes/api (Apache v2.0) +* https://github.com/kubernetes/apiextensions-apiserver (Apache v2.0) +* https://github.com/kubernetes/apimachinery (Apache v2.0) +* https://github.com/kubernetes/apiserver (Apache v2.0) +* https://github.com/kubernetes/client-go (Apache v2.0) +* https://github.com/kubernetes/code-generator (Apache v2.0) +* https://github.com/kubernetes/kubernetes (Apache v2.0) +* https://github.com/kubernetes/utils (Apache v2.0) +* https://github.com/prometheus/client_golang (Apache v2.0) +* https://github.com/rook/operator-kit (Apache v2.0) +* https://github.com/spf13/cobra (Apache v2.0) +* https://github.com/spf13/pflag (BSD 3-Clause) + +Binary dependencies packaged into Rook containers: + +* Ceph (mostly LGPL 2.0) - https://github.com/ceph/ceph + +*Initial Committers:* + +* Bassam Tabbara (Upbound) +* Jared Watts (Quantum) +* Travis Nielsen (Quantum) + +Current list is on https://github.com/rook/rook/blob/master/MAINTAINERS. Maintainers are updated according to the following rules https://github.com/rook/rook/blob/master/MAINTAINERS_RULES.md + +*Infrastructure requests (CI / CNCF Cluster):* + +CI currently at https://jenkins.rook.io but could move to CNCF CI. + +Planning to use CNCF cluster for integration and performance testing at scale. + +*Communication Channels:* + +* Slack: https://rook-slackin.herokuapp.com +* Gitter: https://gitter.im/rook/rook (deprecated) +* Google Groups: https://groups.google.com/forum/#!forum/rook-dev +* Email: mailto:info@rook.io[info@rook.io] + +*Issue tracker:* https://github.com/rook/rook/issues + +*Website:* https://rook.io + +*Release methodology and mechanics:* + +Major releases roughly every two months, minor releases as needed. + +*Social media accounts:* + +* Twitter: @rook_io + +*Existing sponsorship*: Quantum and Upbound + +Statement from Quantum: In 2016 as part of ongoing product development work we identified the need for richer implementations of storage technologies in Cloud Native systems. As this work progressed we felt that it was evolving into a core component of the platform architecture and chose to open-source our work. Since then Quantum has continued to invest in both the Rook technologies and launching Rook as a vibrant open source project. Internally we are utilizing Rook as well as many other Cloud Native technologies to build systems relevant to our businesses. We firmly believe that a vibrant Rook project and ecosystem is in our and the community’s best interests. As the project continues to grow our role will become less significant in terms of strategy and direction and we think this evolution and adopting well established governance principles will strengthen the project. + +*Community size:* + +* Rook was open sourced Nov'2016 +* 1785+ stars +* 40+ contributors +* 155+ forks +* 135+ on slack +* 600K+ container pulls (quay.io), 50K+ container pulls (docker) + +*Comparison with gluster-kubernetes and ceph-container*: + +Existing approaches to running distributed storage systems like Ceph and Gluster focus primarily on packaging in containers, initial deployment, and bootstrapping. There is no central controller that is responsible for ongoing operations, dynamic management and maintenance of such storage systems. While some of these operations can be handled by the orchestration platform itself (for example, scaling through stateful-sets in Kubernetes) the approach only covers a small subset of the administration tasks and does not take into account the inherent constraints and guarantees of the backend storage system. For example, growing a cluster in Ceph not only requires scheduling more storage nodes but also updating the storage topology to optimize data access and improve durability all without breaking consistency guarantees. Rook's storage controller is responsible for ongoing and dynamic management of the storage system and it does so in a storage backend specific way. + +Rook introduces new abstractions for storage clusters, pools, volumes, volume-attachements, snapshots and others that are extension points of the cloud-native environment. This leads to a deeper integration into cloud-native environments. Other approaches like gluster-kubernetes and ceph-container rely on their own storage API for management and integrate primarily at the volume plugin level, and not the storage service level. + +Finally Rook is designed to run primarily as an application of cloud-native systems minimizing (and eventually eliminating all dependencies) on the host platform. For example, Rook runs using the Kubernetes networking, whereas other approach like ceph-container require host networking. + +*Comparison with minio*: + +Minio is a distributed object store that is designed for cloud applications. Minio focuses on simplicity of deployment and operations. Rook could orchestrate Minio just like it does with Ceph's object store (rgw). Some of the operation tasks that Rook would perform include initial deployment, dealing with erasure-coding and multi-tenancy constraints, locking and dsync quorum, topology, and healing storage nodes on loss events. Also Rook exposes object store abstractions that could be used by minio for a deeper integration into cloud-native environments like Kubernetes. + +*Production usage*: + +Rook is in alpha and has little production usage. The first stable release of Rook is expected in Dec'2017. Ceph is production ready and is deployed in large-scale production environments. There are a number of companies and users that have deployed Rook in testing and staging environments (on-premise and public cloud), and a few that have deployed it in production (see quotes below). Quantum Corp. (the current sponsor of the Rook project) plans to deploy Rook within commercial enterprise storage appliances early next year. + + +[quote, Brandon Philips, CTO - CoreOS] +CoreOS helps companies ensure their critical application infrastructure is able to run free from cloud lock-in with CoreOS Tectonic and Kubernetes APIs. We are encouraged to see storage systems, like Rook, emerging that build directly upon those APIs to deliver a flexible cloud-agnostic storage solution. + + +[quote, Sasha Klizhentas, CTO - Gravitational] +Gravitational team is excited to be early adopters of Rook. Rook's solid foundation makes it the leader among emerging cloud-native storage solutions. + + +[quote, Hunter Nield, CTO - Acaleph] +At Acaleph, we're excited for a true cloud-native storage platform. Having experienced the complexity of running Ceph on Kubernetes, Rook provides the stability and power of an established software-defined storage solution with ease of use of native Kubernetes integration. With the latest release of Rook, we're looking to implement as a core part of our storage platform. + + +[quote, Matt Baldwin, CTO - StackPointCloud] +I have been watching adoption of Rook grow within our 6,000+ base of Kubernetes users. We have worked with users to prototype Rook in their Deployments. As it approaches a production release, I have plans to include and support it as a part of the official Stackpoint.io offering. + + +[quote, Bryan Zubrod, Founder - Zubrod Farms] +On my farm it's important to make efficient use of resources I already have. With Rook's Kubernetes-native design I am able to use commodity hardware without sacrificing redundancy for my storage or availability of my services. That's why Rook fits perfectly in my farm's metrics and automation systems, and I follow its development closely. + + +[quote, Jason Vigil, Software Engineer - Dell/EMC] +Rook looks like a simple and easy solution for persistent storage in a Kubernetes environment. I plan to use it for upcoming projects. + + +[quote, Lucas Käldström, Founder - luxas labs] +I'm really excited to see Rook evolve to a fully production-grade system. I've used and contributed to it from an early stage and can't wait to use it in even more prod systems + + +[quote, Patrick Stadler, Software Engineer - Liip] +Utilizing hyper-converged systems with storage tightly coupled to computational resources reduces cost and operational complexity of infrastructure. This is especially true for small scale cluster deployments. The biggest challenge with Kubernetes on bare metal is providing distributed block storage. Although proprietary solutions exist, there's been a lack of well-backed open source solutions. Rook has the potential to fill this void. From 20a2e3c8cf27bce220ee4880bc287c03f45ac9d5 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 5 Dec 2017 09:07:21 -0600 Subject: [PATCH 043/179] Remove OPA project proposal Proposals shouldn't be committed to the main repo unless approved by the TOC. All discussion should happen in a PR first. Signed-off-by: Chris Aniszczyk --- proposals/Open Policy Agent | 182 ------------------------------------ 1 file changed, 182 deletions(-) delete mode 100644 proposals/Open Policy Agent diff --git a/proposals/Open Policy Agent b/proposals/Open Policy Agent deleted file mode 100644 index 0c0c2fc..0000000 --- a/proposals/Open Policy Agent +++ /dev/null @@ -1,182 +0,0 @@ -# Project Description - -Every organization has unique policies that affect the entire stack. These policies are vital to long term success because they codify -important requirements around cost, performance, security, legal regulation, and more. At the same time, organizations often rely on -tribal knowledge and documentation to ensure that policies are enforced correctly. While these approaches are known to be error prone, -they exist because systems frequently lack the flexibility and expressiveness required to automate policy enforcement. - -The Open Policy Agent (OPA) is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. -OPA empowers administrators with greater control and flexibility so that organizations can automate policy enforcement at any layer. - -At the core of OPA is a high-level declarative language (and runtime) that allows administrators to enforce policies across multiple -domains such as API authorization, admission control, workload placement, storage, and networking. OPA’s language is purpose-built for -expressing policy decisions. The language has rich support for processing complex data structures as well as performing search and -aggregation across context required for policy decisions. The language also provides support for encapsulation and composition so that -complex policies can be shared and re-used. Finally, the language includes a standard library of built-in functions for performing math -operations, string manipulation, date/time parsing, and more. - -With OPA, policy decisions are decoupled from applications and services so that policy logic can be modified easily and upgraded -on-the-fly without requiring expensive, time consuming development and release cycles. - -OPA provides simple APIs to offload policy decisions from applications and services. Policy decisions are computed by OPA and returned -to callers as structured data. Callers integrate with OPA by executing policy queries that can include arbitrary input values. For -example, an API gateway might supply incoming API requests as input and expect boolean values (representing allow/deny decisions) as -output. On the other hand, a container orchestrator might supply workload resources as input and expect a map of clusters and weights -to drive workload placement as output. See the appendix for sample policies that cover these use cases. - -OPA itself is written in Go and can be integrated as a library, host-level daemon, or sidecar container. OPA provides APIs to load and -manage policies as well as external data. Finally, OPA provides rich tooling to support the development, testing, and debugging of -policies. - -Since the initial release in July 2016, OPA’s mission has been to provide a powerful building block that enables policy-based control -across the stack. OPA’s roadmap for the next 12 months includes improvements to the language, integration with Google’s CEL, expansion -of the standard policy library, as well as continued hardening and performance optimization. - -**Sponsor from TOC:** Ken Owens - -**Preferred Maturity Level:** Inception - -**License:** Apache License v2 - -# Source Control -https://github.com/open-policy-agent/opa -https://github.com/open-policy-agent/library - -# External Dependencies - -github.com/ghodss/yaml MIT License -github.com/gorilla/mux BSD 3-clause "New" or "Revised" License -github.com/mattn/go-runewidth MIT License -github.com/olekukonko/tablewriter MIT License -github.com/peterh/liner MIT License -github.com/pkg/errors BSD 2-clause "Simplified" License -github.com/sirupsen/logrus MIT License -github.com/spf13/cobra Apache License 2.0 -github.com/spf13/pflag BSD 3-clause "New" or "Revised" License -golang.org/x/crypto/ssh/terminal BSD 3-clause "New" or "Revised" License -golang.org/x/sys/unix BSD 3-clause "New" or "Revised" License -gopkg.in/fsnotify.v1 BSD 3-clause "New" or "Revised" License -gopkg.in/yaml.v2 Apache License 2.0 - - -**Initial Committers:** Torin Sandall and Tim Hinrichs from Styra (since creation), Tristan Swadell from Google (since May 2017) - -**Infrastructure Requests:** None initially. CI is currently hosted on Travis and covered by the free tier for open source projects. In -the future, we would like to leverage CNCF test clusters for system testing integrations built as part of the OPA project. - -**Communication Channels:** -Slack: http://slack.openpolicyagent.org - -**Issue Tracker:** https://github.com/open-policy-agent/opa/issues - -**Website:** http://www.openpolicyagent.org - -# Release Methodology and Mechanics - -We currently use numbered releases with the changelog and binaries published to https://github.com/open-policy-agent/opa/releases. -The release process is partially automated with manual portions assisted by scripts. The current release process is documented here: -https://github.com/open-policy-agent/opa/blob/master/docs/devel/RELEASE.md. The release schedule is somewhat ad-hoc, aligned around -large feature boundaries. - -**Social Media Accounts:** -Twitter: https://twitter.com/openpolicyagent - -# Community Size and any Existing Sponsorship - -Adopters: -Netflix -Medallia -Schuberg Phillis -Huawei -More: At least one large financial institution and one large online retailer is testing OPA - -Integrations: -Kubernetes (Use cases: federated resource placement, admission control) -Docker (Use cases: Docker engine authorization) -Istio (Use cases: microservice API authorization) -Linkerd (Use cases: microservice API authorization) -OpenSDS (Use cases: storage scheduling) -Terraform (Use cases: risk management on terraform plans) -PAM (Use cases: SSH and sudo authorization) -Cloud Foundry buildpack to enable microservice API authorization - -**Sponsors** -https://www.styra.com -https://www.firebase.com (Google) - -**Numbers:** -3 active contributors currently (2 from Styra, 1 from Google), with 8 other contributors over past 12 months. -80 stars -49 members on Slack -31 releases - -# Statement of Alignment with CNCF Mission - -As cloud native technology matures and enterprise adoption increases, the need for policy-based control has become apparent. OPA -provides a powerful building-block that enables fine-grained, expressive policy enforcement. As such, we think that OPA would be a -great for fit for the CNCF - -# Benefits to the CNCF - -The ecosystem must provide solutions to control who can do what across microservice deployments because legacy approaches to access -control do not satisfy the requirements of modern environments. OPA provides a purpose-built language and runtime that can be used to -author and enforce authorization policy. As such, we feel that OPA will complement the CNCF’s portfolio and help accelerate adoption of -cloud native technology in enterprises. In the longer term, we think that enterprises will benefit from a unified approach to policy -enforcement can be applied across the stack. - -# What does OPA need from the CNCF - -OPA needs a well respected, vendor-neutral home that can help serve as a rallying point around policy as code. In addition to increased -visibility, we hope that inclusion in the CNCF will foster communication between OPA and other projects in the ecosystem. As the project -grows, we would want to leverage the CNCF’s expertise around project governance and community standards as those are fundamental to the -long term success of the project. - -The project does not have any infrastructure requests at this time. CI is currently hosted on Travis and covered by the free tier for -open source projects. In the future, we would like to leverage CNCF test clusters for system testing integrations built as part of the -OPA project. - -# Appendix A: REST API Authorization Example - -This sample shows two simple rules that enforce an authorization policy on an API that serves salary data. In English, the policy says -that employees can see their own salary and the salary of any of their reports. - -allow { - input.method = "GET" - input.path = ["salary", employee_id] - input.user = employee_id -} - - -allow { - input.method = "GET" - input.path = ["salary", employee_id] - input.user = data.management_chain[employee_id][_] -} - - -The first rule allows employees to GET their own salary. The rule shows how you can use variables in rules. In that rule, employee_id is -a variable that will be bound to the same value across the last two expressions. - -The second rule allow employees to GET the salary of their reports. The rule shows how you can access arbirary context (e.g., JSON data) -inside the policy. The data may loaded into the policy engine (and cached) or it may be external and fetched dynamically. - - -# Appendix B: Cluster Placement Example - -This sample shows a simple rule that generates a set of clusters that a workload may be deployed to. The workload is provided as input -to policy. In English, the policy says that workloads must be placed on clusters that satisfy the workload’s jurisdiction requirements. - -desired_clusters = {name | - cluster = data.clusters[name] - satisfies_jurisdiction(input.deployment, cluster) -} - - -satisfies_jursidiction(deployment, cluster) { - deployment.jurisdiction = "europe" - startswith(cluster.region, "eu") -} else { - not deployment.jurisdiction -} - -This example shows how logic can be composed across rules and functions. From fadec1f97a71ef4d3a0b28ac1d7dc3e2eee61b37 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 5 Dec 2017 09:09:39 -0600 Subject: [PATCH 044/179] Add OPA project proposal Signed-off-by: Chris Aniszczyk --- proposals/opa.md | 182 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 proposals/opa.md diff --git a/proposals/opa.md b/proposals/opa.md new file mode 100644 index 0000000..0c0c2fc --- /dev/null +++ b/proposals/opa.md @@ -0,0 +1,182 @@ +# Project Description + +Every organization has unique policies that affect the entire stack. These policies are vital to long term success because they codify +important requirements around cost, performance, security, legal regulation, and more. At the same time, organizations often rely on +tribal knowledge and documentation to ensure that policies are enforced correctly. While these approaches are known to be error prone, +they exist because systems frequently lack the flexibility and expressiveness required to automate policy enforcement. + +The Open Policy Agent (OPA) is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. +OPA empowers administrators with greater control and flexibility so that organizations can automate policy enforcement at any layer. + +At the core of OPA is a high-level declarative language (and runtime) that allows administrators to enforce policies across multiple +domains such as API authorization, admission control, workload placement, storage, and networking. OPA’s language is purpose-built for +expressing policy decisions. The language has rich support for processing complex data structures as well as performing search and +aggregation across context required for policy decisions. The language also provides support for encapsulation and composition so that +complex policies can be shared and re-used. Finally, the language includes a standard library of built-in functions for performing math +operations, string manipulation, date/time parsing, and more. + +With OPA, policy decisions are decoupled from applications and services so that policy logic can be modified easily and upgraded +on-the-fly without requiring expensive, time consuming development and release cycles. + +OPA provides simple APIs to offload policy decisions from applications and services. Policy decisions are computed by OPA and returned +to callers as structured data. Callers integrate with OPA by executing policy queries that can include arbitrary input values. For +example, an API gateway might supply incoming API requests as input and expect boolean values (representing allow/deny decisions) as +output. On the other hand, a container orchestrator might supply workload resources as input and expect a map of clusters and weights +to drive workload placement as output. See the appendix for sample policies that cover these use cases. + +OPA itself is written in Go and can be integrated as a library, host-level daemon, or sidecar container. OPA provides APIs to load and +manage policies as well as external data. Finally, OPA provides rich tooling to support the development, testing, and debugging of +policies. + +Since the initial release in July 2016, OPA’s mission has been to provide a powerful building block that enables policy-based control +across the stack. OPA’s roadmap for the next 12 months includes improvements to the language, integration with Google’s CEL, expansion +of the standard policy library, as well as continued hardening and performance optimization. + +**Sponsor from TOC:** Ken Owens + +**Preferred Maturity Level:** Inception + +**License:** Apache License v2 + +# Source Control +https://github.com/open-policy-agent/opa +https://github.com/open-policy-agent/library + +# External Dependencies + +github.com/ghodss/yaml MIT License +github.com/gorilla/mux BSD 3-clause "New" or "Revised" License +github.com/mattn/go-runewidth MIT License +github.com/olekukonko/tablewriter MIT License +github.com/peterh/liner MIT License +github.com/pkg/errors BSD 2-clause "Simplified" License +github.com/sirupsen/logrus MIT License +github.com/spf13/cobra Apache License 2.0 +github.com/spf13/pflag BSD 3-clause "New" or "Revised" License +golang.org/x/crypto/ssh/terminal BSD 3-clause "New" or "Revised" License +golang.org/x/sys/unix BSD 3-clause "New" or "Revised" License +gopkg.in/fsnotify.v1 BSD 3-clause "New" or "Revised" License +gopkg.in/yaml.v2 Apache License 2.0 + + +**Initial Committers:** Torin Sandall and Tim Hinrichs from Styra (since creation), Tristan Swadell from Google (since May 2017) + +**Infrastructure Requests:** None initially. CI is currently hosted on Travis and covered by the free tier for open source projects. In +the future, we would like to leverage CNCF test clusters for system testing integrations built as part of the OPA project. + +**Communication Channels:** +Slack: http://slack.openpolicyagent.org + +**Issue Tracker:** https://github.com/open-policy-agent/opa/issues + +**Website:** http://www.openpolicyagent.org + +# Release Methodology and Mechanics + +We currently use numbered releases with the changelog and binaries published to https://github.com/open-policy-agent/opa/releases. +The release process is partially automated with manual portions assisted by scripts. The current release process is documented here: +https://github.com/open-policy-agent/opa/blob/master/docs/devel/RELEASE.md. The release schedule is somewhat ad-hoc, aligned around +large feature boundaries. + +**Social Media Accounts:** +Twitter: https://twitter.com/openpolicyagent + +# Community Size and any Existing Sponsorship + +Adopters: +Netflix +Medallia +Schuberg Phillis +Huawei +More: At least one large financial institution and one large online retailer is testing OPA + +Integrations: +Kubernetes (Use cases: federated resource placement, admission control) +Docker (Use cases: Docker engine authorization) +Istio (Use cases: microservice API authorization) +Linkerd (Use cases: microservice API authorization) +OpenSDS (Use cases: storage scheduling) +Terraform (Use cases: risk management on terraform plans) +PAM (Use cases: SSH and sudo authorization) +Cloud Foundry buildpack to enable microservice API authorization + +**Sponsors** +https://www.styra.com +https://www.firebase.com (Google) + +**Numbers:** +3 active contributors currently (2 from Styra, 1 from Google), with 8 other contributors over past 12 months. +80 stars +49 members on Slack +31 releases + +# Statement of Alignment with CNCF Mission + +As cloud native technology matures and enterprise adoption increases, the need for policy-based control has become apparent. OPA +provides a powerful building-block that enables fine-grained, expressive policy enforcement. As such, we think that OPA would be a +great for fit for the CNCF + +# Benefits to the CNCF + +The ecosystem must provide solutions to control who can do what across microservice deployments because legacy approaches to access +control do not satisfy the requirements of modern environments. OPA provides a purpose-built language and runtime that can be used to +author and enforce authorization policy. As such, we feel that OPA will complement the CNCF’s portfolio and help accelerate adoption of +cloud native technology in enterprises. In the longer term, we think that enterprises will benefit from a unified approach to policy +enforcement can be applied across the stack. + +# What does OPA need from the CNCF + +OPA needs a well respected, vendor-neutral home that can help serve as a rallying point around policy as code. In addition to increased +visibility, we hope that inclusion in the CNCF will foster communication between OPA and other projects in the ecosystem. As the project +grows, we would want to leverage the CNCF’s expertise around project governance and community standards as those are fundamental to the +long term success of the project. + +The project does not have any infrastructure requests at this time. CI is currently hosted on Travis and covered by the free tier for +open source projects. In the future, we would like to leverage CNCF test clusters for system testing integrations built as part of the +OPA project. + +# Appendix A: REST API Authorization Example + +This sample shows two simple rules that enforce an authorization policy on an API that serves salary data. In English, the policy says +that employees can see their own salary and the salary of any of their reports. + +allow { + input.method = "GET" + input.path = ["salary", employee_id] + input.user = employee_id +} + + +allow { + input.method = "GET" + input.path = ["salary", employee_id] + input.user = data.management_chain[employee_id][_] +} + + +The first rule allows employees to GET their own salary. The rule shows how you can use variables in rules. In that rule, employee_id is +a variable that will be bound to the same value across the last two expressions. + +The second rule allow employees to GET the salary of their reports. The rule shows how you can access arbirary context (e.g., JSON data) +inside the policy. The data may loaded into the policy engine (and cached) or it may be external and fetched dynamically. + + +# Appendix B: Cluster Placement Example + +This sample shows a simple rule that generates a set of clusters that a workload may be deployed to. The workload is provided as input +to policy. In English, the policy says that workloads must be placed on clusters that satisfy the workload’s jurisdiction requirements. + +desired_clusters = {name | + cluster = data.clusters[name] + satisfies_jurisdiction(input.deployment, cluster) +} + + +satisfies_jursidiction(deployment, cluster) { + deployment.jurisdiction = "europe" + startswith(cluster.region, "eu") +} else { + not deployment.jurisdiction +} + +This example shows how logic can be composed across rules and functions. From 5234b0bc4d433b8e6ab2ec234cf5d226756ff132 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 5 Dec 2017 13:40:00 -0600 Subject: [PATCH 045/179] GB approved the TOC principles on 12/5/17 Signed-off-by: Chris Aniszczyk --- PRINCIPLES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PRINCIPLES.md b/PRINCIPLES.md index 7011bb3..62d7760 100644 --- a/PRINCIPLES.md +++ b/PRINCIPLES.md @@ -2,7 +2,7 @@ _Version 1.0, Nov 27, 2017 Approved by TOC on: Nov 27, 2017 -Approved by GB on: TBD_ +Approved by GB on: Dec 5, 2017 [TOC Operating Principles](#toc-operating-principles) [We Are Project-Centric](#we-are-project-centric) From 434ec3c8c298f2a53982baeeaab974ed2d7b300f Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 11 Dec 2017 10:21:01 -0600 Subject: [PATCH 046/179] Add CSI / Storage WG Readout Jan 16th --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4fac50c..5e17485 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,8 @@ If you're interested in presenting at a TOC call about your project, please open * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Storage WG/CSI and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: Rook, OpenOverlay * **December 7, 2017**: KubeCon/CloudNativeCon F2F -* **January 16, 2017**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **January 16, 2017**: CSI/Storage WG Readout +* **Feb 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 0d84f058f41aea4382f86b3e6fa05121bae6fec2 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 11 Dec 2017 15:21:55 -0600 Subject: [PATCH 047/179] Address comments in #71 https://github.com/cncf/toc/pull/71#issuecomment-350858244 --- PRINCIPLES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PRINCIPLES.md b/PRINCIPLES.md index 62d7760..48b6b5f 100644 --- a/PRINCIPLES.md +++ b/PRINCIPLES.md @@ -56,7 +56,7 @@ Identify projects that have a real shot at being a useful tool in the evolving b Some considerations: - Transparent, consistent technical and governance quality bar for [graduation](https://www.cncf.io/projects/graduation-criteria/) from incubation -- Has users, preferably in production; is a high quality, high-velocity project +- Has users, preferably in production; is a high quality, high-velocity project (for incubation and graduated projects). Inception level projects are targeted at earlier-stage projects to cultivate a community/technology - Has a committed and excited team that appears to understand the challenges ahead and wishes to meet them - Has a fundamentally sound design without obvious critical compromises that will inhibit potential widespread adoption - Is useful for cloud native deployments & ideally, is architected in a cloud native style From b162eb0c82484cf6ff6a638d9bc3763d92a2565d Mon Sep 17 00:00:00 2001 From: Deyuan Deng Date: Thu, 14 Dec 2017 21:18:15 +0800 Subject: [PATCH 048/179] add Deyuan Deng to toc contributor --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index d2375fb..0272120 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -29,6 +29,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Clinton Kitson, Dell (Clinton.Kitson@dell.com) * Dan Wilson, Concur (danw@concur.com) * Darren Ratcliffe, Atos (darren.ratcliffe@atos.net) +* Deyuan Deng, Caicloud (deyuan@caicloud.io) * Doug Davis, IBM (dug@us.ibm.com) * Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) * Dustin Kirkland, Canonical (kirkland@canonical.com) From c2209bf59829e97476375d261fbd5c536bad9718 Mon Sep 17 00:00:00 2001 From: Bassam Tabbara Date: Thu, 14 Dec 2017 08:13:33 -0800 Subject: [PATCH 049/179] update bassam's email --- CONTRIBUTORS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 0272120..a57251f 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -21,7 +21,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Alex Chircop, StorageOS (alex.chircop@storageos.com) * Andy Santosa, Ebay (asantosa@ebay.com) * Ara Pulido, Bitnami (ara@bitnami.com) -* Bassam Tabbara, Quantum (bassam@tabbara.com) +* Bassam Tabbara, Upbound (bassam@upbound.io) * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) * Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) From 42ae0a152e7cbca8ef34155b0f80854b4074c9fb Mon Sep 17 00:00:00 2001 From: supereagle Date: Fri, 15 Dec 2017 10:24:57 +0800 Subject: [PATCH 050/179] fix principle link --- process/due-diligence-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process/due-diligence-guidelines.md b/process/due-diligence-guidelines.md index fc0e78a..318e355 100644 --- a/process/due-diligence-guidelines.md +++ b/process/due-diligence-guidelines.md @@ -33,7 +33,7 @@ validity are ideally resolved, helps to foster this consensus. ### Where to start -* make sure you're clear on the [TOC Principles](https://github.com/cncf/toc/blob/toc-principles/principles.md), +* make sure you're clear on the [TOC Principles](https://github.com/cncf/toc/blob/master/PRINCIPLES.md), the [project proposal process](https://github.com/cncf/toc/blob/master/process/project_proposals.adoc), the [graduation criteria](https://www.cncf.io/projects/graduation-criteria/) and [desired cloud native properties](https://www.cncf.io/about/charter/) are. The project sponsor (a member From 91e7485b4bebf8784dbfd5f7e635526ec890183c Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 15 Dec 2017 11:04:35 -0500 Subject: [PATCH 051/179] 2018 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e17485..92de8c9 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ If you're interested in presenting at a TOC call about your project, please open * **November 14, 2017**: [OPA](http://www.openpolicyagent.org/) and Storage WG/CSI and Project Graduation/Health Reviews (Kubernetes, Prometheus) * **December 5, 2017**: Rook, OpenOverlay * **December 7, 2017**: KubeCon/CloudNativeCon F2F -* **January 16, 2017**: CSI/Storage WG Readout +* **January 16, 2018**: CSI/Storage WG Readout * **Feb 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 2040d3337de92419184076268eaf6c9cd49eebda Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 9 Jan 2018 16:37:38 -0600 Subject: [PATCH 052/179] Update WG zoom meeting links --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 92de8c9..2adf9fe 100644 --- a/README.md +++ b/README.md @@ -36,10 +36,10 @@ The TOC has created the following working groups to investigate and discuss the | Working Group | Chair | Meeting Time | Minutes/Recordings | |---------------|------------------|---------------------------------------|--------------------| -| [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/j/199346891) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) -| [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/j/999936723) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) -| [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/j/893315636) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) -| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [2nd and 4th Wed every month at 8AM PT](https://zoom.us/j/158580155) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) +| [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/my/cncfciwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) +| [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/my/cncfnetworkingwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) +| [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/my/cncfserverlesswg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) +| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [2nd and 4th Wed every month at 8AM PT](https://zoom.us/my/cncfstoragewg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) All meetings are on the public CNCF calendar: https://goo.gl/eyutah From 93cb6c4b1578793550cb4bc92840201de62392ad Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 15 Jan 2018 17:50:34 -0600 Subject: [PATCH 053/179] Add Jan 16th 2018 meeting agenda https://goo.gl/5wBe3d --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2adf9fe..e9e6576 100644 --- a/README.md +++ b/README.md @@ -167,3 +167,4 @@ If you're interested in presenting at a TOC call about your project, please open * [November 14th, 2017](https://goo.gl/vKbawR) * [December 5th, 2017](https://goo.gl/77pMFY) * [December 7th, 2017](https://goo.gl/Ugo7F9) +* [January 16th, 2018](https://goo.gl/5wBe3d) From a173ab79aefce4336ce0233127a6213708f078ff Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 16 Jan 2018 09:16:14 -0600 Subject: [PATCH 054/179] Add CoreDNS inception project review to schedule --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e9e6576..fc51284 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,9 @@ If you're interested in presenting at a TOC call about your project, please open * **December 5, 2017**: Rook, OpenOverlay * **December 7, 2017**: KubeCon/CloudNativeCon F2F * **January 16, 2018**: CSI/Storage WG Readout -* **Feb 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Feb 6, 2018**: TBD +* **Feb 20, 2018**: CoreDNS Inception Project Review +* **Mar 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From ed8e73ba0cb59ce4dfa3025071421e2144f236fb Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 16 Jan 2018 11:42:25 -0600 Subject: [PATCH 055/179] Add NATS to feb 6 meeting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fc51284..d1d1006 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ If you're interested in presenting at a TOC call about your project, please open * **December 5, 2017**: Rook, OpenOverlay * **December 7, 2017**: KubeCon/CloudNativeCon F2F * **January 16, 2018**: CSI/Storage WG Readout -* **Feb 6, 2018**: TBD +* **Feb 6, 2018**: NATS * **Feb 20, 2018**: CoreDNS Inception Project Review * **Mar 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From 294fe218e589a60db97e2423dcdb68a86999058c Mon Sep 17 00:00:00 2001 From: Sugu Sougoumarane Date: Tue, 16 Jan 2018 10:13:57 -0800 Subject: [PATCH 056/179] Incorporate TOC recommended changes As proposed by @bgrant0607 in the review comments. --- proposals/vitess.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/vitess.adoc b/proposals/vitess.adoc index 20eb01a..27baebe 100644 --- a/proposals/vitess.adoc +++ b/proposals/vitess.adoc @@ -4,7 +4,7 @@ *Description*: -Vitess is a database clustering system for horizontal scaling of MySQL. Using the terminology from the link:http://db.cs.cmu.edu/papers/2016/pavlo-newsql-sigmodrec2016.pdf[Pavlo and Aslett NewSQL survey article], Vitess is “sharding middleware”. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multiple shards. You can split and merge shards as your needs change, with an atomic cutover step that is performed in seconds. Vitess has been serving all YouTube database traffic since 2011, and has grown to encompass tens of thousands of MySQL nodes. It has also gained increasing adoption in the community with about fifteen companies currently in the pipeline, some of whom have already gone into production. For more details, see the link:http://vitess.io/overview/[Vitess overview]. +Vitess is a database clustering system for horizontal scaling of MySQL. It orchestrates management of MySQL instances and intermediates requests to the cluster. Using the terminology from the link:http://db.cs.cmu.edu/papers/2016/pavlo-newsql-sigmodrec2016.pdf[Pavlo and Aslett NewSQL survey article], Vitess is “sharding middleware”. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multiple shards. You can split and merge shards as your needs change, with an atomic cutover step that is performed in seconds. Vitess also supports and automatically handles various scenarios, including master failover and data backups. Vitess has been serving all YouTube database traffic since 2011, and has grown to encompass tens of thousands of MySQL nodes. It has also gained increasing adoption in the community with about fifteen companies currently in the pipeline, some of whom have already gone into production. For more details, see the link:http://vitess.io/overview/[Vitess overview]. *Sponsor / Advisor from TOC*: Brian Grant From 10e65e83c441748beba21656059500d44a23947a Mon Sep 17 00:00:00 2001 From: Sugu Sougoumarane Date: Tue, 16 Jan 2018 10:52:59 -0800 Subject: [PATCH 057/179] NewSQL -> Database orchestration system --- proposals/vitess.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/vitess.adoc b/proposals/vitess.adoc index 27baebe..a303f36 100644 --- a/proposals/vitess.adoc +++ b/proposals/vitess.adoc @@ -68,7 +68,7 @@ The master branch is kept strictly stable, and we encourage users to regularly p *Statement on alignment with CNCF mission*: -NoSQL storage systems were designed to scale out, but focus on unstructured and non-transactional data. However, it is complex to migrate or build applications that truly need transactions, indexes, and joins over structured data using NoSQL. NewSQL storage systems such as Vitess fill that gap, and enable more applications to migrate to cloud-native architectures and to scale out. Vitess was built to be cloud-native for use within Google, and can link:http://vitess.io/getting-started/[run on Kubernetes]. +NoSQL storage systems were designed to scale out, but focus on unstructured and non-transactional data. However, it is complex to migrate or build applications that truly need transactions, indexes, and joins over structured data using NoSQL. Database orchestration systems such as Vitess fill that gap, and enable more applications to migrate to cloud-native architectures and to scale out. Vitess was built to be cloud-native for use within Google, and can link:http://vitess.io/getting-started/[run on Kubernetes]. *External Dependencies*: Full list: https://github.com/youtube/vitess/blob/master/vendor/vendor.json. Top level orgs: From 290dd6c7995bfcdaaa0140e0f984b0be8ae7034e Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Wed, 17 Jan 2018 13:32:56 -0500 Subject: [PATCH 058/179] Add website guidelines link --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d1d1006..5eea1f4 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,10 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating +## Website Guidelines + +CNCF has the following [guidelines](https://www.cncf.io/projects/website-guidelines/) for the websites of our projects. + ## Scheduled Community Presentations If you're interested in presenting at a TOC call about your project, please open a [github issue](https://github.com/cncf/toc/issues) with the request. We can schedule a maximum of two community presentations per TOC meeting. From dbccc77c41534fd565008b80bb80d2cf77d6658d Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Thu, 18 Jan 2018 12:35:19 -0700 Subject: [PATCH 059/179] Add NATS proposal. --- proposals/nats.adoc | 405 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 405 insertions(+) create mode 100644 proposals/nats.adoc diff --git a/proposals/nats.adoc b/proposals/nats.adoc new file mode 100644 index 0000000..81f56a2 --- /dev/null +++ b/proposals/nats.adoc @@ -0,0 +1,405 @@ +== NATS Proposal + +*Name of project:* NATS + +*Description:* As developers and operators of modern cloud native +infrastructure have come to realize, there are limitations to using +traditional forms of systems communications (eg. REST, legacy +messaging, or traditional enterprise messaging) and applying these to +a cloud native environment. + +=== Why does CNCF need messaging? + +Software has matured from large monolith applications to event driven +distributed applications and microservices comprised of many +components that need to communicate. Messaging +(https://en.wikipedia.org/wiki/Message-oriented_middleware[message oriented middleware]) +has evolved to meet these communication needs, and NATS was created +specifically for next generation cloud native applications. + +=== NATS Overview + +NATS is a mature, seven year old messaging technology, built from the +ground up to be cloud native, implementing the publish/subscribe, +request/reply and distributed queue patterns to help create a +performant and secure method of InterProcess Communication (IPC). +Simplicity, performance, scalability, and security constitute the core +tenets of NATS. For more detail of how these values inform the design +of NATS, including features that are intentionally absent, refer to +https://github.com/nats-io/roadmap/blob/master/architecture/DESIGN.md[“NATS Design Considerations”]. + +NATS is based on a client-server architecture with servers that can be +clustered to operate as a single entity. Clients connect to these +clusters to exchange data encapsulated in messages. An overview of +the NATS architecture can be found in +https://github.com/nats-io/roadmap/blob/master/architecture/ARCHITECTURE.md[“Understanding NATS Architecture”]. + +Core NATS was designed around fire and forget, or *at-most-once* +semantics, similar to how neurons fire in the brain. However, some +use cases may require a guarantee of delivery, and *at-least-once* +pattern utilizing storage and replay of data. In this case the +optional streaming component of NATS can be deployed and utilized. + +Most messaging systems do provide a mechanism to persist messages and +ensure message delivery. NATS does this through log based streaming; +a way to store and replay messages. Streaming subscribers can retrieve +messages published when they were offline, or replay a series of +messages. Streaming inherently provides a buffer in the distributed +application ecosystem, increasing stability and matching consumer +ability to receive messages. This allows applications to offload +local message caching and buffering logic into NATS Streaming, and +ensures a message will be delivered. + +NATS supports both of these modes of delivery, *at-most-once*, and +*at-least-once*. At-most-once means that a message will be sent to a +subscriber only one time, and can be lost in flight. It is up to the +application, or the system, to ensure data has been delivered, +resending messages as necessary. This is sufficient for most modern +cloud native applications since for example NATS based Request/Response +can be used to ensure that a message has been delivered and processed, +thus providing an end-to-end delivery guarantee. At-least-once +delivery, provided through NATS Streaming, means a message will always +be delivered, but may be delivered more than once. It is worth noting +that there is another delivery mode, *exactly-once*, which guarantees +a message will always be delivered once and only once. This mode is +not supported by NATS. + +==== Trade-offs + +As stated, NATS' design goals include simplicity and performance. In +order to achieve this, there are a number of notable features NATS +does not provide. Some of these include: + + * Message transactions + * Message schemas + * Last will and testament messages + * Message groups (e.g. JMSXGroupID) + * Exactly once delivery + * https://github.com/nats-io/roadmap/blob/master/architecture/DESIGN.md#minimizing-state[Cluster consistency] + +While features like these are valuable to users, they add complexity, +and thus overhead. A simpler feature set ultimately translates into a +simple and direct fastpath that a message takes, allowing NATS to +optimize for raw performance, availability to all users, and to +maintain a small memory footprint. + +=== Messaging Patterns + +Messaging systems typically provide a number of usage patterns. The +major patterns NATS provides includes publish/subscribe, queue +subscriptions, and request/reply. These basic patterns supported by +NATS provide a foundation to build a scalable and resilient +application ecosystem in a cloud environment. NATS goes further, +providing additional features facilitating cloud based deployments. +More information about this can be found in <>. + +=== The NATS Protocol + +Core NATS has a lightweight plain text protocol with a handful of +verbs. The protocol is easy to learn - plain text simplifies +development and debugging and facilitates contributions of new client +libraries. Being very terse, there are only a few extra bytes of +overhead per message found when compared to binary protocols. + +The NATS Streaming protocol, being more complex, is a binary protocol +implemented through protobuf, layered above the NATS protocol. + +NATS has a versioning plan in place for handling both breaking and +non-breaking changes in protocol, described +https://github.com/nats-io/roadmap/blob/master/VERSIONING.md[here]. + +=== Cloud-Native Features of NATS +Being built from the ground up to be cloud-native, NATS has a number of +cloud-friendly features. + +==== High Availability and Scalability augmented with Auto-Discovery +NATS allows users to dynamically scale server cluster sizes with zero +downtime and no configuration changes. Updated cluster topology +information is propagated in real time throughout the NATS server +nodes and clients, allowing existing servers to automatically route +with new servers and clients to automatically update their list of +available NATS servers. This means you cluster a few seed servers in +your cloud, then add additional NATS servers (referencing the seed +servers) as needed - no downtime or reconfiguration of existing +servers or clients is needed. + +==== Resiliency +NATS prioritizes the health and availability of the system as a whole +rather than attempting to service an individual client or server, +creating a foundation for stable and resilient systems. In +traditional messaging systems, when a consumer is slow to process +messages, resources can be used trying to accommodate it at the +expense of the entire system, potentially leading to instability and +errors. Core NATS identifies a slow consumer and drops messages, or +the consumer's connection entirely, to prevent back-pressure affecting +the entire system and other users. + +NATS Streaming, built upon NATS, has this same resiliency but takes it +a step further to avoid the problem of slow consumers entirely in that +it is self-metering to the throughput rate of each consumer. + +==== No Dependencies and Low Overhead + +NATS servers are extremely lightweight, with very low configuration +needs, making them ideal for use in cloud environments. The server +operates as a single binary with no prerequisites or runtime +dependencies. The NATS server docker image is less than 10MB, utilizes +little memory, and spins up very quickly allowing NATS to work well in +container orchestration systems. + +=== Messaging Alternatives + +Messaging is simply a form of IPC - there are other ways to transfer +information, for example using a coordination mechanism such as a +distributed hash table or a database - these may be more appropriate +depending on the use case. Generally though, messaging provides +better features in terms of diverse messaging patterns, scalability +and throughput when compared to other forms of IPC, and does not +require as much additional custom tooling and error handling. We +address a specific question asked of us, +"Why not use etcd?" in <>. + +=== NATS Feature Comparison + +This comparison is intended simply to compare features of NATS with +Apache Kafka and RabbitMQ, two other messaging projects. It is not +intended to favor or position one project over another. Any +corrections are welcome. + +.Feature Comparison +|=== +|Area |NATS |Apache Kafka |RabbitMQ + +|Language & Platform Coverage +|Core NATS: 48 known client types, 11 supported by maintainers, 18 contributed by the community. NATS Streaming: 6 client types supported by maintainers, 3 contributed by the community. NATS servers can be compiled on architectures supported by golang. NATS provides binary distributions for darwin-amd64, linux-306, linux-amd64, linux-arm6, linux-arm64, linux-arm7, windows-386, and windows-amd6, and server installations through homebrew, chocolatey, and go. +|18 client types supported across the community and by confluent. Kafka servers can run on platforms supporting java - very wide support. +|At least 10 client platforms footnote:[http://www.rabbitmq.com/devtools.html] that are maintainer supported with over 50 community supported client types. Servers are supported on the following platforms: Linux Windows, NT through 10 Windows Server 2003 through 201, Mac OS X, Solaris, FreeBSD, TRU64, VxWorks The server may be run on many other platforms where erlang can run, but may not officially supported. + +|Delivery Guarantees +|At most once, at least once +|At most once, at least once, exactly once footnote:[https://www.confluent.io/blog/exactly-once-semantics-are-possible-heres-how-apache-kafka-does-it/] +|At most once, at least once + +|Operational Complexity +|Little configuration for both server and clients, easy to install, auto discovery reduces configuration. +|Requires several configured components, zookeeper, brokers, clients must maintain some state. +|Should work out of the box. + +|Security +|TLS, Authentication and Subject based Authorization in a reloadable configuration file. +|Supports Kerberos and TLS. Supports JAAS and an out-of-box authorizer implementation that uses ZooKeeper to store connection and subject. +|TLS, SASL, and Pluggable authentication. + +|HA/FT +|Core NATS supports full mesh clustering to provide high availability to clients. NATS streaming has warm failover backup servers. Full data replication is in progress. +|Fully replicated cluster members coordinated via zookeeper. +|Clustering Support with full data replication via mirrors. + +|Monitoring +|Configuration is command line and configuration file, which can be reloaded with changes at runtime +|Kafka has a number of managements tools and consoles including Confluent Control Center, Kafkat, Kafka Web Console, Kafka Offset Monitor. +|CLI tools, a plugin-based management system with dashboards and third party tools. + +|Management +|Configuration is command line and configuration file, which can be reloaded with changes at runtime. +|Kafka has a number of managements tools and consoles including Confluent Control Center, Kafkat, Kafka Web Console, Kafka Offset Monitor. +|CLI tools, a plugin-based management system with dashboards and third party tools. + +|Integrations +|NATS supports a NATS Connector Framework with a Redis Connector, Apache Spark, Apache Flink, CoreOS, Elasticsearch, Prometheus, Telegraf, Logrus, Fluent Bit, Fluentd +|Kafka has a large number of integrations in their ecosystem, including stream processing (Storm, Samza, Flink), Hadoop, database (JDBC, Oracle Golden Gate), Search and Query (ElasticSearch, Hive), and a variety of logging and other integrations. +|RabbitMQ has a rich set of plugins, including protocols (MQTT, STOMP), websockets, and various authorization and authentication plugins. + +|=== + +==== Performance +We feel NATS performance is industry leading. However, to our knowledge there +has not been a third party benchmark made public that includes NATS, Kafka, +and RabbitMQ. We feel strongly that benchmarks by third party are unbiased +and widely accepted. + +Here are two third party benchmarks to reference: + +** http://bravenewgeek.com/dissecting-message-queues/[Dissecting Message Queues] comparing NATS and Kafka. +** https://cloudplatform.googleblog.com/2014/06/rabbitmq-on-google-compute-engine.html[RabbitMQ on Google Compute Engine]. + +=== Notable Use Cases +NATS, being as flexible as it is, covers a variety of use cases, from +acting as a microservices control plane to publishing events on +devices in IoT solutions. + +A few use cases include: + +* http://nats.io/blog/rapidloop-monitoring-with-opsdash-built-on-nats/[Rapidloop]: NATS as a microservices backplane, service discovery, and service orchestration. +* http://nats.io/blog/how-clarifai-uses-nats-and-kubernetes-for-machine-learning/[Clarifai]: NATS as a microservices control plane in Kubernetes +* http://nats.io/blog/nats-good-gotchas-awesome-features/[StorageOS]: NATS enabling a system event notification system. +* http://nats.io/blog/serverless-functions-and-workflows-with-kubernetes-and-nats/[Fission.io]: Event sourcing for serverless functions implemented through NATS streaming. +* http://nats.io/blog/nats-for-the-marionette-collective/[Choria/MCollective]: Server orchestration implemented over NATS. +* https://nats.io/blog/earthquakewarningnats/[A Circular World]: An early earthquake detection system utilizing NATS as the communications system with back end servers. +* http://nats.io/blog/nats-on-autopilot/[Joyent]: Sensor data aggregation implemented through NATS streaming. +* http://weave.works[Weaveworks]: General Pub/Sub and simple queue based routing within Weave Cloud SaaS, alongside K8s. + + +=== Roadmap +NATS intends to deliver some compelling additional functionality in the future, +refer to our https://github.com/nats-io/roadmap[roadmap]. + +=== Additional Resources +For additional information about NATS, please visit +http://nats.io/documentation/, and a good slideshow about NATS +messaging and the problems it can solve can be found in +https://www.slideshare.net/Apcera/simple-solutions-for-complex-problems[“Simple Solutions for Complex Problems”]. + + +*Sponsor / Advisor from the TOC:* Alexis Richardson + +*Preferred Maturity Level:* Incubating + +*License:* MIT (Intend to change to Apache 2.0 in the near future) + +*Source control repositories:* https://github.com/nats-io + +*Issue Tracker:* These are currently tracked via the various server and client +repositories for NATS Server and NATS Streaming. For example, +https://github.com/nats-io/gnatsd/issues for NATS Server. This has currently +served us very well, although if there is a preferred tracking system CNCF use, +we would be interested in discussing. + +*Website:* https://NATS.io + +*Release Methodology and Mechanics:* We currently do numbered releases for +major updates 3-4 times per year. We include the highest priority items from +our roadmap as well as the user community’s wishlist and strive for code +coverage of >80% for client APIs, and >90% for server code. + +*Social Media Accounts:* + +* Twitter: https://twitter.com/nats_io +* Google Groups: https://groups.google.com/forum/#!forum/natsio +* Slideshare: https://www.slideshare.net/nats_io/presentations +* Reddit: https://www.reddit.com/r/NATS_io/ +* Slack: (currently by invite, with ~550 members: http://bit.ly/2DMdR6G) + +*Existing project sponsorship:* Synadia + +*Contributor Statistics:* + +* NATS Server and NATS Streaming: 43 external contributors distributed across dozens of companies, spanning a variety of industry segments. +* NATS Server and NATS Streaming Clients: Over 100 contributors distributed across dozens of companies + +*Sample Adopters:* Apcera, Apporeto, Clarifai, Comcast, General Electric (GE), +Greta.io, CloudFoundry, HTC, Samsung, Netlify, Pivotal, Platform9, Sensay, +Workiva, VMware. + +*Sample Integrators:* + +* *Functions as a Service:* OpenFaaS, Fission.io, Storage, Minio, StorageOS +* *Cloud Computing, Monitoring and Tooling:* Pivotal, VMware, Hemera, RapidLoop, Spindoc +* *Event Gateways:* Apache Camel + +*Statement on Alignment with CNCF mission:* Our team believes NATS to be a +great fit for the CNCF. We believe that the CNCF also recognizes this, having +been in discussions for some time for NATS to be contributed, and we are +interested in making that a reality. As the CNCF’s mission is to “create and +drive the adoption of a new computing paradigm that is optimized for modern +distributed systems environments capable of scaling to tens of thousands of +self healing multi-tenant nodes,” we believe NATS to be a core enabling +technology for this. This has also been validated by developers working on +cloud native systems already, as NATS has been widely chosen over traditional +communication methods and protocols for distributed systems. + +Moreover, NATS has very strong existing synergy and inertia with other CNCF +projects, and is used heavily in conjunction with projects like: Kubernetes, +Prometheus, gRPC, Fluentd, Linkerd, and Containerd to name a few. The broad +client coverage, and simplicity of the protocol will make supporting and +integrating with future cloud native systems and paradigms straight forward +as well. + +*Additional CNCF asks:* + +. *Governance advice:* General access to staff to provide advice and help +optimize and document our governance process +. *General help managing contribution process going forward:* We do not +currently have a CLA, nor do we require developers making contributions +to sign anything. We would like to find a straightforward process that +meets the CNCF’s requirements - but also that is not overly burdensome +for developers to interact with. + +=== Appendices + +=== Appendix A + +*Messaging Patterns in NATS* + +Messaging systems typically provide a number of usage patterns. The major +patterns NATS provides include the following: + +===== Publish/Subscribe +Messaging systems that support the publish/subscribe paradigm offer a +key benefit: decoupling of applications through subjects (also called +topics). Applications establish a connection to the broker, then +subscribe to various topics and begin receiving messages on that topic +regardless of the location or number of publishers producing data. +Any interested subscriber receives messages published on that topic. +This allows scalability and a loose coupling of publishers and +subscribers. With this dynamic topology, any publisher or subscriber +can move across network nodes without affecting the rest of the +system - a boon to microservices in the cloud. + +===== Queue Subscribers (Load Balancing) +NATS can be described as a layer 7 load balancer - it routes +application data based on message data, the subject, which is provided +by the producing application. In discussing load balancing specific +to NATS we are referring to the competing consumer pattern in the form +of queue subscribers. In this pattern, the NATS server distributes +messages randomly amongst multiple subscribers working together to +each individually process messages from a single virtual “queue”. For +example, one might run several identical applications queue subscribed +on the same subject. The NATS server (or streaming server) will +distribute this message to one subscriber in the group, allowing for +distribution of workload amongst multiple instances of the +application. In some cases this can be preferable to layer 4 load +balancing because network traffic can be directed through use of the +subject namespace - applications balancing the workload can move or +scale with no additional configuration, although it may not be as +performant as level 4 load balancing. + +===== Request / Reply Pattern Support +NATS supports request/reply through use of unique subjects, still allowing for +a loose coupling of a requestor and replier(s). The request reply pattern +involves sending a request message, and expecting a reply. Often times the +application will block until the reply is received. + +=== Appendix B + +==== Why not use etcd? + +NATS is designed to deliver application data in a distributed system. +NATS does this by packaging application data in a message and sending +it to endpoints. Various messaging patterns (request reply, +publish/subscribe, distributed queues) are supported to communicate +with individual consumers or to fan out and send one message to many +consumers. It is up to the application to consider messages as atomic +units of data, or as elements of a stream - real-time with Core NATS, +or as a historical log of messages NATS streaming. + +Etcd was designed to solve the problem of distributed system +coordination and metadata storage. It persists data in a key value +store, and supports many concurrency primitives including distributed +locking and leadership election. There are recipes for queueing using +unique keys, as well as a gRpc API to stream updates - this is where +we begin to see overlap. + +The fundamental decision of whether to use NATS or etcd can be based +on a few factors. One factor is the structure of data - whether your +distributed application can benefit most from data structured as a +key-value store versus a stream. If your application benefits from +key/value data storage, etcd is a better choice. The second being the +frequency of the updates. Any update to a value in etcd is more +expensive than a message sent in NATS due to the consistency +guarantees etcd provides. If you have frequently updating values, or +require an extremely high frequency of update, NATS is a better +choice. + +NATS and etcd can also complement each other, with etcd for +coordination and NATS for data distribution. From 5a60c7c6be76c05f4a1af8dcf2a3a12a6e2d488d Mon Sep 17 00:00:00 2001 From: Sarah Allen Date: Sun, 21 Jan 2018 09:15:07 -0800 Subject: [PATCH 060/179] adding myself to contributors list --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index a57251f..d593415 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -53,6 +53,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Quinton Hoole, Huawei (quinton.hoole@huawei.com) * Randy Abernethy, RX-M LLC (randy.abernethy@rx-m.com) * Rick Spencer, Bitnami (rick@bitnamni.com) +* Sarah Allen, Google (sarahallen@google.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) * Xu Wang, Hyper (xu@hyper.sh) * Yaron Haviv, iguazio (yaronh@iguaz.io) From 3dcc174ae3bd1deb85388131c7de4446abb514d1 Mon Sep 17 00:00:00 2001 From: Jeyappragash JJ Date: Tue, 23 Jan 2018 13:37:42 -0800 Subject: [PATCH 061/179] Adding myself(Jeyappragash JJ) to contributors.md I have been working on identity and access management open standards and protocols for the past year or so. Been involved with spiffee.io, started padme.io based on collaboration with few people in industry. Would love to help and see standard Security model emerge, that accelerates safe adoption of cloud native technologies in enterprises. --- CONTRIBUTORS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index d593415..363ba3d 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -59,3 +59,5 @@ List below is the official list of TOC contributors, in alphabetical order: * Yaron Haviv, iguazio (yaronh@iguaz.io) * Yong Tang, Infoblox (ytang@infoblox.com) * Yuri Shkuro, Uber (ys@uber.com) +* Jeyappragash JJ, Independent (pragashjj@gmail.com) + From e09b08b3b1f6dd849fa92dd03e1b3786b9b456f3 Mon Sep 17 00:00:00 2001 From: Jeyappragash JJ Date: Wed, 24 Jan 2018 06:57:50 -0800 Subject: [PATCH 062/179] Fixing the non-alphebetic insertion --- CONTRIBUTORS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 363ba3d..dbbc261 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -38,6 +38,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Gergely Csatari, Nokia (gergely.csatari@nokia.com) * Ghe Rivero, Independent (ghe.rivero@gmail.com) * Gou Rao, Portworx (gou@portworx.com) +* Jeyappragash JJ, Independent (pragashjj@gmail.com) * Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) * Joseph Jacks, Independent (jacks.joe@gmail.com) * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) @@ -59,5 +60,4 @@ List below is the official list of TOC contributors, in alphabetical order: * Yaron Haviv, iguazio (yaronh@iguaz.io) * Yong Tang, Infoblox (ytang@infoblox.com) * Yuri Shkuro, Uber (ys@uber.com) -* Jeyappragash JJ, Independent (pragashjj@gmail.com) From d249750de14730e1e1f5a857cb21c8c6591d6e4a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 29 Jan 2018 10:27:00 -0600 Subject: [PATCH 063/179] Add rook as our 15th CNCF project https://rook.io/ --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5eea1f4..8a34c19 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Jaeger](https://github.com/jaegertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating +[rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Inception ## Website Guidelines From 8897dadeec286eee9dfc3dc45bcfa4877fecd040 Mon Sep 17 00:00:00 2001 From: Vasu Chandrasekhara Date: Wed, 31 Jan 2018 16:54:22 +0100 Subject: [PATCH 064/179] add VasuC-SAP --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index dbbc261..582345c 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -24,6 +24,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Bassam Tabbara, Upbound (bassam@upbound.io) * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) +* Vasu Chandrasekhara, SAP SE (vasu.chandrasekhara@sap.com) * Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) * Christopher Liljenstople, Tigera (cdl@asgaard.org) * Clinton Kitson, Dell (Clinton.Kitson@dell.com) From 81c558d710ee6239ad9763e30c8d8114605f091c Mon Sep 17 00:00:00 2001 From: William Morgan Date: Thu, 1 Feb 2018 11:01:53 -0800 Subject: [PATCH 065/179] add incubation-linkerd.md --- reviews/incubation-linkerd.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 reviews/incubation-linkerd.md diff --git a/reviews/incubation-linkerd.md b/reviews/incubation-linkerd.md new file mode 100644 index 0000000..08a8b36 --- /dev/null +++ b/reviews/incubation-linkerd.md @@ -0,0 +1,18 @@ +_Linkerd is currently an inception stage CNCF project._ + +To be accepted to incubating stage, a project must meet the inception stage requirements plus: + +* Document that it is being used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope. + + * [https://github.com/linkerd/linkerd/blob/master/ADOPTERS.md](https://github.com/linkerd/linkerd/blob/master/ADOPTERS.md) + * (Several non-public adopters that we know of that we can share privately if you desire.) + +* Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. + + * [https://github.com/linkerd/linkerd/blob/master/MAINTAINERS.md](https://github.com/linkerd/linkerd/blob/master/MAINTAINERS.md) + +* Demonstrate a substantial ongoing flow of commits and merged contributions + + * [https://github.com/linkerd/linkerd/releases](https://github.com/linkerd/linkerd/releases) + * [https://github.com/linkerd/linkerd/graphs/contributors](https://github.com/linkerd/linkerd/graphs/contributors) + From 1c1367736fa543f830aaf3c03afb2eb45a3d7212 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Sat, 3 Feb 2018 13:46:03 +0100 Subject: [PATCH 066/179] Add draft TOC slides for 2/6/18 https://goo.gl/5WWA2Q --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8a34c19..43d2df9 100644 --- a/README.md +++ b/README.md @@ -175,3 +175,4 @@ If you're interested in presenting at a TOC call about your project, please open * [December 5th, 2017](https://goo.gl/77pMFY) * [December 7th, 2017](https://goo.gl/Ugo7F9) * [January 16th, 2018](https://goo.gl/5wBe3d) +* [February 6th, 2018](https://goo.gl/5WWA2Q) From 2181164bfc4cf99ec823aae704458d0af496cf03 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 7 Feb 2018 12:49:14 -0600 Subject: [PATCH 067/179] Add Vitess to the official project list http://vitess.io/ --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 43d2df9..a7e2cb8 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Inception +[Vitess](https://github.com/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubation ## Website Guidelines @@ -125,7 +126,7 @@ If you're interested in presenting at a TOC call about your project, please open * **December 7, 2017**: KubeCon/CloudNativeCon F2F * **January 16, 2018**: CSI/Storage WG Readout * **Feb 6, 2018**: NATS -* **Feb 20, 2018**: CoreDNS Inception Project Review +* **Feb 20, 2018**: Sandbox + CoreDNS Inception Project Review * **Mar 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 6304e5807537402e5f7fd7a5b86864223cae5e0d Mon Sep 17 00:00:00 2001 From: Julius Volz Date: Tue, 13 Feb 2018 15:12:38 +0700 Subject: [PATCH 068/179] Graduation review for Prometheus --- reviews/graduation-prometheus.md | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 reviews/graduation-prometheus.md diff --git a/reviews/graduation-prometheus.md b/reviews/graduation-prometheus.md new file mode 100644 index 0000000..39a55d4 --- /dev/null +++ b/reviews/graduation-prometheus.md @@ -0,0 +1,60 @@ +# Prometheus Graduation Application + +Prometheus was the second accepted project into the CNCF (joined in May 2016) and has grown significantly over time. In August 2017 we have successfully hosted a community conference (PromCon) in collaboration with the CNCF that attracted 200+ attendees from the developer and user community. + +The following application links to the required information to become a graduated project. + +## Prometheus fulfills all the incubating and graduation criteria: + +### Document that it is being used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope. + +* "Users" section of https://prometheus.io/ +* In-progress PR to add an `ADOPTERS.md` file: https://github.com/prometheus/prometheus/pull/3833/files + +### Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. + +See the current list of [Prometheus team members](https://github.com/prometheus/docs/blob/master/content/governance.md#team-members), who are also committers. + +### Demonstrate a substantial ongoing flow of commits and merged contributions. + +* https://github.com/prometheus/prometheus/graphs/contributors + +In all official Prometheus repositories, we have had 850+ unique contributors with a total of 12k+ commits so far. + +### Have committers from at least two organizations. + +We have [17 committers](https://github.com/prometheus/docs/blob/master/content/governance.md#team-members) from ~10 organizations: + +* [Ben Kochie](https://github.com/SuperQ) ([GitLab](https://about.gitlab.com/)) +* [Björn Rabenstein](https://github.com/beorn7) ([SoundCloud](https://soundcloud.com/)) +* [Brian Brazil](https://github.com/brian-brazil) ([Robust Perception](https://www.robustperception.io/)) +* [Conor Broderick](https://github.com/Conorbro) ([Robust Perception](https://www.robustperception.io/)) +* [Fabian Reinartz](https://github.com/fabxc) ([CoreOS](https://coreos.com/) / [Red Hat](https://www.redhat.com/)) +* [Frederic Branczyk](https://github.com/brancz) ([CoreOS](https://coreos.com/) / [Red Hat](https://www.redhat.com/)) +* [Goutham Veeramachaneni](https://github.com/Gouthamve) (Independent) +* [Johannes Ziemke](https://github.com/discordianfish) ([Latency.at](https://latency.at/) / Independent) +* [Julius Volz](https://github.com/juliusv) (Independent) +* [Matt Layher](https://github.com/mdlayher) ([DigitalOcean](https://www.digitalocean.com/)) +* [Matthias Rampke](https://github.com/matthiasr) ([SoundCloud](https://soundcloud.com/)) +* [Max Inden](https://github.com/mxinden) ([CoreOS](https://coreos.com/) / [Red Hat](https://www.redhat.com/)) +* [Richard Hartmann](https://github.com/RichiH) ([SpaceNet](https://www.space.net/)) +* [Steve Durrheimer](https://github.com/sdurrheimer) ([Netapsys](https://www.netapsys.fr/)) +* [Stuart Nelson](https://github.com/stuartnelson3) ([DigitalOcean](https://www.digitalocean.com/)) +* [Tobias Schmidt](https://github.com/grobie) ([SoundCloud](https://soundcloud.com/)) +* [Tom Wilkie](https://github.com/tomwilkie) ([Kausal](https://kausal.co/)) + +### Have achieved and maintained a Core Infrastructure Initiative Best Practices Badge. + +https://bestpractices.coreinfrastructure.org/projects/486 + +### Adopt the CNCF Code of Conduct. + +https://github.com/prometheus/prometheus/blob/master/code-of-conduct.md + +### Explicitly define a project governance and committer process. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers. + +* https://prometheus.io/governance/ + +### Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website). + +See the bottom of https://prometheus.io/. We aim to additionally curate a more extensive list in an `ADOPTERS.md` file in the future. See https://github.com/prometheus/prometheus/pull/3833/files. From 4aa1713e8a987346b2c3e77ab97b12eec131d702 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 19 Feb 2018 11:03:48 -0600 Subject: [PATCH 069/179] Add 2/20/18 TOC agenda https://goo.gl/Z5ytqu --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a7e2cb8..802fd1f 100644 --- a/README.md +++ b/README.md @@ -177,3 +177,4 @@ If you're interested in presenting at a TOC call about your project, please open * [December 7th, 2017](https://goo.gl/Ugo7F9) * [January 16th, 2018](https://goo.gl/5wBe3d) * [February 6th, 2018](https://goo.gl/5WWA2Q) +* [February 20th, 2018](https://goo.gl/Z5ytqu) From da64ad1094d824924e11d49fbfd671cd4af308a2 Mon Sep 17 00:00:00 2001 From: Brian Grant Date: Fri, 23 Feb 2018 08:44:56 -0800 Subject: [PATCH 070/179] Kubernetes graduation application --- reviews/kubernetes-graduation.md | 41 ++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 reviews/kubernetes-graduation.md diff --git a/reviews/kubernetes-graduation.md b/reviews/kubernetes-graduation.md new file mode 100644 index 0000000..8dd02ac --- /dev/null +++ b/reviews/kubernetes-graduation.md @@ -0,0 +1,41 @@ +# Kubernetes Graduation Application + +Kubernetes was the project that motivated the creation of the CNCF, +and was its first project. It has sustained a fast pace of growth of +contributors, contributing organizations, and users, and now operates +at massive scale. The project's governance and community-management +practices continue to evolve and mature as the project grows, but the +[Kubernetes Steering Committee](https://github.com/kubernetes/steering/blob/master/README.md#members) +unanimously believes that Kubernetes fulfills all the incubating and graduation criteria. + +1. Document that it is being used successfully in production by at + least three independent end users which, in the TOC’s judgement, are + of adequate quality and scope. + * https://kubernetes.io/case-studies + +2. Have a healthy number of committers. A committer is defined as + someone with the commit bit; i.e., someone who can accept + contributions to some or all of the project. + * Kubernetes is so large, with thousands of contributors and nearly 100 repositories, + that we had to develop our [own mechanism](https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md) + to manage approval permissions. We have hundreds of approvers, listed in more than 4000 + [OWNERS files across the project](https://github.com/search?utf8=%E2%9C%93&q=org%3Akubernetes+filename%3AOWNERS&type=Code). + +3. Demonstrate a substantial ongoing flow of commits and merged contributions + * [Devstats](https://k8s.devstats.cncf.io/d/000000025/prs-merged-repository-groups?orgId=1&var-period=m&var-repogroups=All) shows that we have thousands of PRs merged per month. + +4. Have committers from at least two organizations. + * Yes, uncountably many, within the steering committee, maintainers, approvers, and reviewers (kubernetes/kubernetes and other repositories). + * [PR authors by company](https://k8s.devstats.cncf.io/d/000000022/prs-authors-companies-histogram?orgId=1) + * See also [steering committee diversity requirements](https://github.com/kubernetes/steering) + +5. Have achieved and maintained a Core Infrastructure Initiative Best Practices Badge. + * [Badge](https://bestpractices.coreinfrastructure.org/projects/569) + +6. Adopt the CNCF Code of Conduct. + * The CNCF adopted the [Kubernetes Code of Conduct](https://github.com/kubernetes/kubernetes/blob/master/code-of-conduct.md) + +7. Explicitly define a project governance and committer process. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers. + * [Steering Committee](https://github.com/kubernetes/steering) + * [Contributor ladder](https://github.com/kubernetes/community/blob/master/community-membership.md) + * [SIG](https://github.com/kubernetes/community/blob/master/sig-list.md) [governance](https://github.com/kubernetes/community/blob/master/governance.md) From 6d51c724390bf9314f8bcce7af751f02a2532fb8 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 26 Feb 2018 08:32:28 -0800 Subject: [PATCH 071/179] CoreDNS is now an incubating project --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 802fd1f..a396b06 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Fluentd](http://www.fluentd.org/)|Brian Grant|[8/3/16](https://docs.google.com/presentation/d/1S79MNv3E2aG8nuZJFJ0XMSumf7jnKozN3vdrivCH77U/edit?usp=sharing)|[11/8/16](https://www.cncf.io/blog/2016/12/08/fluentd-cloud-native-logging)|Incubating [Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Inception [gRPC](http://www.grpc.io/)|Brian Grant|[10/19/16](https://docs.google.com/presentation/d/16mNYaqgd7BaV50OnbcuQ1zRHpWoUKhL3XHvCJwEm8CE/edit#slide=id.g185c09339a_23_106)|[2/16/17](https://www.cncf.io/blog/2017/03/01/cloud-native-computing-foundation-host-grpc-google)|Incubating -[CoreDNS](https://coredns.io/)|Jonathan Boulle|[8/17/16](https://docs.google.com/presentation/d/1LPvM44Pi7gletiDs40P7XmTKJLez5nz88ObYCHrHal8/edit?usp=sharing)|[2/27/17](https://www.cncf.io/blog/2017/03/02/cloud-native-computing-foundation-becomes-steward-service-naming-discovery-project-coredns)|Inception +[CoreDNS](https://coredns.io/)|Jonathan Boulle|[8/17/16](https://docs.google.com/presentation/d/1LPvM44Pi7gletiDs40P7XmTKJLez5nz88ObYCHrHal8/edit?usp=sharing)|[2/27/17](https://www.cncf.io/blog/2017/03/02/cloud-native-computing-foundation-becomes-steward-service-naming-discovery-project-coredns)|Incubating [containerd](https://containerd.io/)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1qmGsmARyMhRLwbFWG7LXJSsDHm45nqZ_QtBv5SnQL54/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/containerd-joins-cloud-native-computing-foundation/)|Incubating [rkt](http://rkt.io)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1KzA58_Zz30mKKzeLuSvXLh63aIC75KRdAOTw4PJ_10g/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/cloud-native-computing-foundation-becomes-home-pod-native-container-engine-project-rkt/)|Incubating [CNI](https://github.com/containernetworking/cni)|Ken Owens|[5/3/17](https://docs.google.com/presentation/d/1flQXWp1NQg_FdiLQ0MzKw5QACIwR1i939a-FD74imxk/edit#slide=id.g217fd51990_0_140)|[5/23/17](https://www.cncf.io/blog/2017/05/23/cncf-hosts-container-networking-interface-cni/)|Incubating @@ -84,7 +84,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Inception -[Vitess](https://github.com/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubation +[Vitess](https://github.com/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating ## Website Guidelines From 7699babccfab9e8a9c790df81bb9293da3c855b0 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 27 Feb 2018 14:34:14 -0600 Subject: [PATCH 072/179] Add Sandbox guidelines Signed-off-by: Chris Aniszczyk --- process/sandbox.md | 104 ++++++++++++++++++++++++++++++++++++++++++++ process/sandbox.png | Bin 0 -> 12124 bytes 2 files changed, 104 insertions(+) create mode 100644 process/sandbox.md create mode 100644 process/sandbox.png diff --git a/process/sandbox.md b/process/sandbox.md new file mode 100644 index 0000000..268c45d --- /dev/null +++ b/process/sandbox.md @@ -0,0 +1,104 @@ +# CNCF Sandbox Guidelines v1.0 +![CNCF Sandbox](https://github.com/cncf/artwork/blob/master/other/cncf-sandbox/horizontal/color/cncf-sandbox-horizontal-color.png) + +The CNCF Sandbox is the entry point for early stage projects and has four goals: + +* Encourage public visibility of experiments or other early work that can add value to the CNCF mission and build the ingredients of a successful Incubation level project +* Facilitate alignment with existing projects if (and only if) this is desired +* Nurture projects (e.g. via CNCF [Service Desk](https://github.com/cncf/servicedesk) requests) +* Remove possible legal and governance obstacles to adoption and contribution by ensuring all projects adhere to CNCF legal, code of conduct and IP Policy requirements + +This proposal is to move all Inception level projects to the Sandbox and provide clarity on what Sandbox projects stand for. + +## What is the CNCF Sandbox + +There’s been a desire within the CNCF TOC and community to provide further clarity around project maturity levels in CNCF. + +When we initially created the Inception project level, it was intended to provide an avenue for technically interesting early-stage projects that were beneficial to the cloud-native community. We are transitioning Inception projects to the Sandbox. Sandbox projects should be early-stage projects that the CNCF TOC believes warrant experimentation. The Sandbox should provide a beneficial, neutral home for such projects, in order to foster collaborative development. We aspire to make the Sandbox the preferred path for early-stage projects to enter the CNCF. More mature projects can continue to jump directly to incubation, but as the cloud-native ecosystem grows, we expect to see proportionally more early-stage projects. + +## Early Stage + +When we say that Sandbox projects are "early stage" this covers the following examples: + +1. New projects that are designed to extend one or more CNCF projects with functionality or interoperability libraries. Eg. in the case of Kubernetes, the Sandbox is intended as a home for projects that would previously have [started in the Kubernetes Incubator](https://github.com/kubernetes/community/blob/master/incubator.md). + +2. Independent projects that fit the CNCF mission and provide potential for a novel approach to existing functional areas, or are an attempt to meet an unfulfilled need + +3. Projects commissioned or sanctioned by the CNCF, including initial code for CNCF WG collaborations, and "experimental" projects + +4. Any project that realistically intends to join CNCF Incubation in future and wishes to lay the foundations for that + +## Roadmap for Sandbox Projects + +![CNCF Sandbox Roadmap](sandbox.png) + +## Caveat Utilitor + +The CNCF hopes that all early stage projects will achieve the success they desire. And the organisation will help as appropriate. But certain caveats must be stated nonetheless. + +End users should treat early stage projects with care. It is expected that some Sandbox projects may fail. They may never move to the next maturity level. While many early projects are safe to try out, users must exercise their own judgment. Some projects may be alpha quality software. There is no guarantee of production readiness, users, or professional level support. Where projects enjoy the public support of one or more professional software organisations, those may be seed stage. In short: The CNCF Operating Principle about "no kingmakers" is of special importance in the Sandbox. + +## Sandbox Governance and Benefits + +### Advantages of Sandbox vs non-Sandbox for new projects + +CNCF will remain fair and open to all projects no matter what their initial provenance. Should a project apply for CNCF Incubation, the TOC will use the same criteria regardless of origin. This means the TOC will not discriminate in favour of Sandbox projects vs. non-Sandbox projects. + +Therefore the advantages of being in the Sandbox apply prior to application for Incubation, ie.: + +1. That a project has a legally neutral home that is stable and known + +2. And that a project *may *attain Incubation-level success faster: + + 1. Due to public visibility and association with the CNCF mission + + 2. Through alignment with other CNCF projects (if and only if desired) + + 3. Via CNCF Service Desk etc. + +3. The CNCF will help projects adopt good principles of governance + +### Neutral Home + +A neutral home for your project increases the willingness of developers from other companies and independent developers to collaborate, contribute, and become committers. Neutrality requires that projects contribute their trademark to CNCF so that: + +* no company is favored over any other +* CNCF ensures project governance is transparent and fair for everyone. + +### Clarifying Marketing Expectations + +To date the CNCF has invested in marketing to educate users and grow awareness of cloud native purpose and benefits, to foster community, and to accelerate production use of projects. + +Investments fall into at least three types: + +* Developer community support: hangouts, meetups, events and (some) conferences +* Digital marketing: help with online content, interactive tutorials, webinars, and social +* Product marketing: conference promotion, certification, case studies, AR/PR + +Since the Sandbox is for early stage, sandbox projects will receive minimal marketing support from the foundation. The Sandbox group as a whole may be promoted from time to time. + +The CNCF will lean towards developer community support and the CNCF service desk, to help discovery and initial steps towards CNCF Incubation. There will only be limited CNCF investment in Digital and Product marketing for individual Sandbox projects, and these should be factual and informative. + +Some key points: + +* Sandbox projects will be listed separately from other CNCF projects (cncf.io/sandbox) +* They will not be prominently listed at our events or issued a press release +* Reviewed on an annual basis; submit a report to the TOC for review +* CNCF Sandbox projects can stay in the sandbox indefinitely + +### Sandbox Entry Requirements + +* Require 2 TOC sponsors to enter the sandbox +* Require presentation to the TOC community twice-a-month meeting +* Require adherence to CNCF IP Policy (including trademark transferred) +* Require sandbox projects to list their sandbox status prominently on website/readme + +### Sandbox Exit Requirements + +* Existing incubation criteria: [https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc](https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc) + + * Require 2/3 vote from the TOC to enter incubation + * Used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope. + * Have a healthy number of committers + +* Archiving criteria: projects may be archived via a 2/3 vote from the TOC diff --git a/process/sandbox.png b/process/sandbox.png new file mode 100644 index 0000000000000000000000000000000000000000..6edbf97bcd46ba483ec1153cd3923a21ce45ea32 GIT binary patch literal 12124 zcmbVScOaGh`#y+BA|j*g86i6(LT2{fk#TIYvLy*cnkaC)xY= zdGuEA`~CCh503LZpZ&S-`?{~|4p&!|Cpt%c4hDk}DJsZn!eH147z~RF9}j#Z+!A^T z2IFB;l)bI}aBMY|AclN!Z@VZyqA!S=s4t9$gTnxq{EETMp#gS;LQ=>b>?bTFXU=LM z({ZsgrAWw0E{>90oyEn*?_lJ0D8IRqOi$m@gyF;NNX#Fk9c-QF4{{jrpWi8{7j$bl z*k1LW4A>X9Y5oKThQYXT^kUCIAA7bvKFsOoivF;pZg&oUSy^k*rS^>FEzwjhL^osxwd%ehVJTbu0XI+M!mm&U3Je5JCovh*S(ouPP^sdMsHQgj4m>_~1wxnWHJ>$hxJ3P1k4I9NQzQ)=)1=w$~OWvovs!ugQ_*Xy54_-?muE5A85*UH!C*r8$84LsU+^0)3n z2(IyivrrCp1joH{;K!lUEHjKm5hc)WT^$RUX(g~9DopZifu##?;=u_W%>}-4?al>H zD|f-_T^|d(mddhb_-~Ke6n~nWZSxRvRf<{Ky>iG+U^p+CEW*MoLFs;h;K5>lwkms? z-%mx)7ckUV=4d z2um5k36TUz>G{4B-@q}KgKN~FIS@iXW|5u$>|zej&83lhA2p_GTxaEKoVQm-%jTY$ zjg{QV78Z0~KvbD^5$-!loS*AXr8x+gvXNI|!8v;&GIijDTadwhd8jK~H%&*9hF~-? zCV|37B-dNkLg(Y~vn&4@_+)cHDn;D8KjDG9mRXp{poZamJc&C_K|J|kq?1Fq)J)$_ z?xoz>Lxsl9)uI^Jso*6O z;t^3_5>sUy$Q6xRB0Rou(!i{cKyqY5MoQ|ivo=xIv-~wPQC;57uLI5zaJ92xYR z7x-TA^FL4ML#~LrcU+Ik9wcenU*g;`tadPXvXO`dgUppuCFpKn1g_!j4ABIh+#b^jpKHBhO97~bM@=)TIuaMK11q3}f4%ti` zADLe>UGM(-{;A0#*Ug)I5&k(!2%a}Tu)|NCIW$Turr}uoS*Gk)EGiFN2Wx&AAk$&T{GIE2{tjUkP_)gb_yC1QkgFWq$ zAmN%$c{mx{lQ|y{U98Di@6z-BX%^pijM>Z1hX<=Q zt6RfnYzlwgzhpa7ngKi?SLLu*kHk*x-p4v1cTZR&wc$)a@@7tfKR@&Yb^!o5If3J@{S@tTg0Ult$RefzE&PA{Nf(lSx=F z@Z^~-Ah@jZ1nwy_7kdD&vOO<(l9Z11dpkAKLAV;q)5_^E#&ii!Ir#3ZvAF!1?g)oL zc@_&BoBW(lRsZ{V4lVpEkW&i+Yb3E&O}pjTygyjN=+OmSc;)k}Vx;1Kwz`wcu(IRz z! zQ;Njiw-=z_t>s}Ouxt4L>X(AY)B*UNXK2A_D*krJN`lY+z62pjSH(Q_*S^#-d30gk zY&<_Ym^xwo+w%wq2w|zB9@qGW$4kv+mM0p7AN@Iich6BFy=W4RjDVy4SVQackUbQ! z+XACYjE|N)9-$Vri(d>-d7G~K+58@WL7wA|H5Uc`Y~(o*<=cLK`}ktXC!(4Gi;$KH);I_QqL#33E?=N{&2mRYp%@7ILfP9eXh zUHb6_8yWqdX8DHz>TH9}xurdW<}*=22r!8Jna#-F{&ER~D3aFbL|oDbi%rBX%@{X$ z7EO3f`JW;BeL2Fg5t?7iKG0T}o$L>9gZ>&=N`;&!Q|4a1mhc@ja&AocK6BXR9B?1R zi+}Ayyok?cZWOJ=SW%4+FmJ=R!MLm66U{ucW!HC_PbP{gV{~TFII?6vu>V{oSF~$A z*fiZ@wa=Da@Lyj*lcSni4ggO5^UpWk=H6Iv zQg*(U7!)IzAKBtp(YV_GEH?Dgy z+M6MxNOI~lfZM0m>vxX! zw<-YSG6Jx#=)w0-x_O!`G<=r$;kf@a;TF!z%UiQv8!Ac$!M`Vh;<{aUc(~`Fj^6sG z%*1{(S9S4vFU*=~ET?MFiR0ng3!96`x`)OOa+Q$3sn8n+U6Jrj%@qG4mZb^pA>?QWu>S9cvBMN{{F!jw0F_tg)}Ov)DKKlk_1|`GI%P`Iewl(U&&WCD zq@h*A2^mXHhx0*7`8|3FTW48i=v;4u%U!zeMBI8g>@0~{Kkd6KW{i;{k9M)w>6@g+ zWOk!aW3yAf7>VJ%jr9+7UXB|z6Q0QhqJw6Q!=9^wCr3MriI2eRq{Q@1SrYdI_-$rd z!?(Y<^^9Ki`tmi>a=6%JLIFuY#ws#f=YQbom2$k)SZ&`Ni4w({0&#CBOOfngsh}hb zf9A}LvUt#L+;&i(0FC&=QX`98&1|Ki3LCZYdXHt?R2zWQx4%B6GXzd?V(-a?t4fw6 zZ0jsdtvF#kw#1`-@ccOq`?y;ho&4Lg(UPY9gmH_78ptOFRH@?Ld>5rtey^|mS)T(s zH@3jrxZZuys*zW)OfOgcEw!-I-FVO+?hICIV&&6^LWl-0Ots|US7IUm{Y_4vM_M_m z9{wUbm?^c&f4#S9O`B zQ~n$_qny@@GW*w^?CQYB*oXuY0F>oKp1H|1QsXdcQDr||{qnleSh91IZCA3eS0G3~ z9G_8KF9$KPzEuhQ3^+(SPm0&@*mS2jMeUHWsnV;`pB_NWc1&y^Izlqhmv39S?OiA# z1olKRvw{SEAWBU{$h1AX?4=C%d4A=l1r#MUka9O?YyI{f2+!QQd2=*L!G9aLpP?Kz zx|);ew~xy<7TutnOwZK2&D4KOr9%0<)p-{c@kK-Tl)>ft-QNQd@m7*rAc9UZwp8slILDQxp*)x;g_lDrr8hC4fgA4 zcfihsgG*1pdINEy43N0A7>u1?fLEcav^fL-82voWY=>_hu{JA4AS{q`XtoL_E$aZZ z>*Ys6^^>Rhus^A{@XFD15$|17b}A1BjiP{)Pq)COdApUE;3H3@0uqw!_W!=m<7ib33^OYk2e+mKOEFPqn0E_du zPPjnyj@qm;w3?m_dDC@9wm>^ilQ~cpxLZe%zR!ECq~CsQtW{ewDxTb@-IcXp;51gr z(RHJw`MACd#Di;k#VdAlj~QwCtzTRQquLib$^q&uEQv8Vf6{Avi8$>nij2c%16#L1HD9>F*2^xlL98h}s5$vTmvh zWGy2%2PF+BG_vS2HkLOe0q&+6E?(C3qTrLkzwg&aF&11wsS-84HdwWTcbxn!KjkI_^F$$YwYy*osd82Q1iwwiaq_0kO*2gTE4jq*k zl3Q7@slBc|M}E!n702Ehlk|j2R?@U$vsgoVv9;sbXH$7n$Tn z+M{SpP`U04fNQXK)IcT0#7x^+0{^kJ&2fLIY=Nj;vhtj`&)cPqYd29-Y#VvhstHmz z5G0|ycnvXE#5_B#TyDu|5k5+@VqnVGE1~^-UZ-ISd>6#sdcF||yDZg1hqruGupM*yRo(m6Zm;q1#p^3scy-(XC z5TG8$BbjrTxmWhvjk&cyy^!K3P1*lwdB;qpRk7VGBMT#)X%n;`#^I)cr8MB42g{)* z8=OqL&L6)mB%vJ+IzQ}2!-bu9lUe^Vm$Au9*fUSyo)Q3Kdp4Z|##}A-cF}So*XYVWY z;<)#`mathx!3@ZzBI{#v6;)JRm)>Uwm|aufyLB&Oc9c)X%F_GiH`gL8T0yFOjQ+lV z{-OqJ9!4qJ@XBVgV3;&jvR#OFEt#E&BY#NYbDpt?;%aRY zb#cB30%L4sUYv4sz!BIEv@omxN1mlK@|WdUX0>dMkaQDKTg^OC)oLXp7vsH`O6Fc{ zsf6ZR^$DeF1wRvV$gr3TrFE z#=OAP$jmdlf;^t!?wq6j6*3QR1>4NX~kAtLe zz+u<{@8k#*IB~KBKL*(OgPcG&pf4SV1+MTk?PiiS&>53oLdP)3eA#Y3-YRjbM3wZR zck(zCKP;1{R9~xg&sAClf!LGy{vhvp8llds$T?O)oxSDvaBH*7bYUtLD(OM-Ymc>S z*i3SYRi5eXz70dn$YGA?<){=V4)U*WxUu6+707ArYw+ivMAA8OZRAlfnT<0wE>`S2 zmFNuCpP6^~0`T9;LAKi#n>bx6Qn=ECB{p{GXb-sMv@%ST@TAL;W9T)d_-NqhhQ3Si z?NHe==1L4k>~j?8xcKfP+<6wqB4N2zqYd-pP;C zq@;^9)hCVE$HB#LN-k;4jJ@%$u*Xx^it1U|yqPe`tmN_dhl+QTd!C{Fp!HHH7W=-yMulcyN;p}{IQ$qw$tnb&)A?%Im z5WKf2S=6Z%x<1U6=$!ykPObY}UbU75`sCA*@3+@!i*ucg3r>fP*Jr92NHVis#N_hAOTWo#)^{ zBv&jpiPci!@lJrc{36C*a=mHtLqq!llFGub`DHr$`@?(jF77G;W9OrXwg#gxU8$@L zx*ye9iruJGB=9Ru$Oz8%Toypw#`*|XN;l*Y5fSZ4)b@`;A+8)QyqlK6Lnir$2Tyi? zfZJ6TVpwPFH*|J28Pv!9Ri3(&q0{(U@8K=lTf{%gi>~02wR3c|f+tx8FNskX+HPGZ zvRiC{XBP3=Dhuw`(+#d(lgJP0=!9FN2)b@lqfK3SV}@T1hq})adaW1VkV}0^8HIkq zJMfIJkXUZ2%#ejYNhLx1h|d;K?w(!e>aDlZw8$h{Km4)+r6XM{&bR$4-tU&wwBWx z8>j-j(a@se2L(y$GA<(af#IWKUrD&Y78UtSysd2l<&?ZusIaZh_@HIZY!+L_OPnfA zcv>^9nQ|89GGLLSx5C@O;!3j{>2T7qGV7;2c=nHv`J5-=c=m_<10jafhXPt-IYYRT zlpXVd`Ik0cEci0fV5slYc9FOhd%tsQT6u1Nk9r`wey|RmIo(5!Hn-joUgBTEY%9-4GB?3F z3pO)v7t9-NcnPT}+#gFcFip_7MbSg;Cg%pITHQ)`pTbmb=sEI;E~e1aJoYrrQiwzy z*KKr*-5+R`CED6+*qQXb$OfSQX{v>f>_fAEA(lMkjgypCnM1H$aK-+e3X)KFl{D>t z@=%Rp{QfDSA@_#d}Ryi%L_vl;=CQV5x z`)H8%kpAtFmqz7cwob6Xhj>=}e>K6D(;_>vW1M3DA$hVPDdadN0Med+lJd-Z0(WNH zqZ|Re$Y^pY5=f8z8AcYyLvosQ%XYvcczX(xOy;{}|D?Gy@8EXf<$!#=5r5hLJ&~|w z{UrvFViW#Kml=c+7C?d9?qG@zSqi4}Szt)!x4952^QU>HgFqWdy9;H*Ni%LF*$JI( zRs78uT!=)y610D5FLwg6@$zqsR@{Tesw%91Gf*2jt=yhD6R!!6wnQKF!ULki47Gnf z&XF6~0Q^8*Roi85QCZLhUO931Br&ILChV!FA3&^1$*9 z%N1zdzcS})0mN%SzK`P&i{JbHIk5&(`%o&$+zaAMk4KA)g!QxxvlL<-8a!|Qi(9z+ z0no-=92_6lnhu;ejcZFAfiyAH;N=Xc>Xhq%B(8QGpL;%V%5Gr#v!4M{v19A4!%*QU zIp!q%?|tfsvW|(5zoaKN3K&)hrLDd_OIHbS(gZ0P*~Dq{Vb{+uuQQ$dGhrM#G7@m* z0K;%u!M6p@czTU~F&-g=w0Z2C$!$h*2rbvsYwzj;5df%*<85&9|kB1 z9AE;s2_hs+hSq;m13LWwkVhp<2=%Jf{n!a9nK?H7SGa~sfR_(+1ERn%my z#Csd_H3^)0aU?+Sq8SUW1q46;48XPRW7Uqz(ydrUhE?U;tK%z>+TY{4^m;LEInZU6IXOWqT*JuAv1&&fnyuB-MOKppm2{K8|)k&oU^zp zv@cRC?!}7<**w6xdnrrRZOK*DN|bPUa~zSMEs9I8<#nd>nGKzUIa-~CG#b(cytAjI zDC2fAff&8&A8m+YPVcu`1!-h|>H;j?;Gcd!aPfB1#$)?Uw@RfzIu#^>Fyg3q|JJOa z#=ms7puP}?3x6MQ_e6b~KJ%N94I=|Y{i!r$na)A{kB9}e1yWsiG`NWeKi(5NLaMqW zs4gfwJ~|kGgmc!RB?wE%4$Zz3NaBwIS;-I}xdCPwF7#X-tA6kuK%v80h>j3s_|}~| z&Z_o0W$ul0(;jMkXLmMw9MF;dDQtvd!$0x%YC&#nIwBob%AdR<&DDR-4 zpO&2_qFqN{KD@9P7ex)9LWp8K1NBR0(^$G&WG zSNTE7f>EPS6%f^XfXx&EVL(-!M#!NQ8~0r81`35T94)sh0))8d=7I(=QcQ|MjpI0l zz0*j!)wAzi$;08A3y1rMJ(4GW?N!V5;7|z|)2qzV1sNJM1f|TrS%FfDmCdz@@q{<6 z`&-LJD#=1?Cx8;00Ib4yC2!I}pcNEJhn}N~$O1ff^}V;)J13CKQ;21>eZDac$hg^K zJX~&9#g-A~Tmp9U z-W&~EK!UhOqfdHnW&SLz7m=#t3@7Tn>`f&{#x3?3kElH5rdzwxW4mDWH1dg+{B23s znGnaZ%8v=t=nxkn*ZkwU)yArI^nv}C!rWG0i@!o*ZbPIVd z>9<=-mggL-KG62+#(iV5r%JJaOY@p3HfwGgEHWAfH6E`~Sp-2t$IU|_!!(9Cn|Dl~ z^o4wm*ssWKop<)jxE3Htl&coLpOGv3{UB>)v|_$+CcYHtN%w)s5VfjD_GG_2Ybqx$ zN45Z?qz1^xlxcLHk+c?pPWJ5#6iK+|Op2ISu`hkDf$YN9j5yXLx^%%xyahskV5-kz z@wKu2e!M-KN(p@9cO_HOf-|E~TFQ^y2<<5PGb#6y+YcCD_ zC$Bfskheb}>GJ?8%xJ>4yT2V??1)-KB+|qQrkcNSv3ma>4#bX@|8E08!#pO6Kd0Kl_i`0=0!9383Gg3~27} zgXy1Na?k&9U_l~SKx>91Wm!DLPayk3&gE45|EH=6Nicc^Jm98#!KPLX2}CWAa0V7s zFjfAbq=%Ul2HmZhU1&NjRxH5hcmk9$0{D%kO;oc_AaF8qA~47Zf!lNW>b^44m!xFd z)x6mx^YjAqg=kO8n^vm!IDheL)q=D$uQ%@lLxZVUyC0Lm*Cd zD!^PB0HLc8-k16E)vH(5>O>`+2b%kw7b4_=BXb1C&aHYn+o1Cqi&x%t^k*vl7CI* z#0y%RbP(cm-p5E{bciYzMaO3lD=1a)ajAEaw~|OCFLCMjzT`1el|Ef@xfohpN;fml zRlqLkk>q+P9zF{*a|{WzQD%n<#;OX#ol}j$MCVr zysd@4$04v5xU}aJlv{^V<-17MlP9}Kv*rNZ<^X?EY-sqHB4ye0c)?t<8{FkHYJTMp z*DW}83n>Y({yA)e$3xwCGlZw7BNB>oqj!VN5JJyjutZdQ&1$V_5^(IQUXdjT(MnFu-0+c1VO2W8(j1(-&p{;0$j5vJTBaz;ryUhutXBdQWaF4VF3qek{=!AzH<3lgb$sKL zU7)~jytr}OuwfCEOhORj1w5@-Y+Rf)V++gu>6S;HM_a>U72Xpb!>Q&XNJ{~oW&Ii_ z6Z^i*PzfLel&vlW{2a3{83i047btqG_QIGZO9nO-?4dEBaG)I2w22_|fU?=UE$;oZ zwKIEPDR8~*GE}N_&=Yt}Cbk23Y5*hc)>0r?1LUdt9^FFyK5*x0Zz4G!=lR~|nYauB zoHVnPDJV->Y0cF@uBZj>zi2%C`I*}dr&iwy?1;X~ye7^7a@pQ* zk9-S%pe&`m2S9Hj05;XY8;uAJe%d`Ros^jaAen>Bfk6#1D95SpYA&vuqb>lGwTwjB zslCAx_gr}e6^ph%ze)pCM}G(eV01PNs_X{!%{l?*8W+R7xet7m>j#dCOLp8lPjqZq zx~|^x8yWNgvl*Q;%P``5!Nb{bfx{TS}X}KRQK_R9p zI0X{*sL^iE=A+QdreTgJ+vCowKnw9G!iONP2vSb#=%;qUV1~?DF(5@jv%5DylMRZ4 z#P~VLC=0)W5Q*Aan>dJcTM(hrZYI_H;Wi160E;sK!lxr}wq=IO&H@9??{023*VOK4#|tgQ&LrNJ`3h0pt>8K*o!Nq7gRC zk_c$%6(Fg3LE@?~)#P7v`!OE#8ECrn_6w7Z4J<4yvET`)_9y}h&F?1=P4T~3E*7-v z4r)y;EhxTM|IKju5vQBhp$UEpUB13!mc0@y85jV{vRDXyHSz)C@_nFovM|g9fgHjB z=z)s((8Q%4_G-(6!2O?`_E*4{QCY~J2wBKL+`Y?sI$d-wK_f_H&yz&ppN4ROL>wqs zFuwiy{qscbcaU<`?@=CXEzj#B9u>;F_FAq)JhO<8iD_w}I~{6MK~>fBMZj>0+0=EL w+^UL_`lV~82AdF+Fi_@% literal 0 HcmV?d00001 From e0e15cf4946f34a51395dd8aacb435e2c33a891b Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 27 Feb 2018 16:00:16 -0600 Subject: [PATCH 073/179] Some nits and updates from Alexis Signed-off-by: Chris Aniszczyk --- process/sandbox.md | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/process/sandbox.md b/process/sandbox.md index 268c45d..ec80308 100644 --- a/process/sandbox.md +++ b/process/sandbox.md @@ -12,7 +12,7 @@ This proposal is to move all Inception level projects to the Sandbox and provide ## What is the CNCF Sandbox -There’s been a desire within the CNCF TOC and community to provide further clarity around project maturity levels in CNCF. +There’s been a desire within the CNCF TOC and community to provide further clarity around project maturity levels in CNCF. When we initially created the Inception project level, it was intended to provide an avenue for technically interesting early-stage projects that were beneficial to the cloud-native community. We are transitioning Inception projects to the Sandbox. Sandbox projects should be early-stage projects that the CNCF TOC believes warrant experimentation. The Sandbox should provide a beneficial, neutral home for such projects, in order to foster collaborative development. We aspire to make the Sandbox the preferred path for early-stage projects to enter the CNCF. More mature projects can continue to jump directly to incubation, but as the cloud-native ecosystem grows, we expect to see proportionally more early-stage projects. @@ -20,12 +20,9 @@ When we initially created the Inception project level, it was intended to provid When we say that Sandbox projects are "early stage" this covers the following examples: -1. New projects that are designed to extend one or more CNCF projects with functionality or interoperability libraries. Eg. in the case of Kubernetes, the Sandbox is intended as a home for projects that would previously have [started in the Kubernetes Incubator](https://github.com/kubernetes/community/blob/master/incubator.md). - -2. Independent projects that fit the CNCF mission and provide potential for a novel approach to existing functional areas, or are an attempt to meet an unfulfilled need - +1. New projects that are designed to extend one or more CNCF projects with functionality or interoperability libraries. In the case of Kubernetes, the Sandbox is intended as a home for projects that would previously have [started in the Kubernetes Incubator](https://github.com/kubernetes/community/blob/master/incubator.md). +2. Independent projects that fit the CNCF mission and provide potential for a novel approach to existing functional areas (or are an attempt to meet an unfulfilled need) 3. Projects commissioned or sanctioned by the CNCF, including initial code for CNCF WG collaborations, and "experimental" projects - 4. Any project that realistically intends to join CNCF Incubation in future and wishes to lay the foundations for that ## Roadmap for Sandbox Projects @@ -48,36 +45,34 @@ Therefore the advantages of being in the Sandbox apply prior to application for 1. That a project has a legally neutral home that is stable and known -2. And that a project *may *attain Incubation-level success faster: +2. And that a project may attain Incubation-level success faster: 1. Due to public visibility and association with the CNCF mission - 2. Through alignment with other CNCF projects (if and only if desired) - 3. Via CNCF Service Desk etc. 3. The CNCF will help projects adopt good principles of governance ### Neutral Home -A neutral home for your project increases the willingness of developers from other companies and independent developers to collaborate, contribute, and become committers. Neutrality requires that projects contribute their trademark to CNCF so that: +A neutral home for your project increases the willingness of developers from other companies and independent developers to collaborate, contribute, and become committers. Neutrality requires that projects contribute their trademark to CNCF so that: -* no company is favored over any other +* No company is favored over any other * CNCF ensures project governance is transparent and fair for everyone. ### Clarifying Marketing Expectations -To date the CNCF has invested in marketing to educate users and grow awareness of cloud native purpose and benefits, to foster community, and to accelerate production use of projects. +All open source projects in some sense enjoy a level of promotion from community, user enthusiasm, sponsoring organisations and so on. Please note that in this section we discuss marketing as a measurable financial investment into CNCF projects from the CNCF marketing budget and staff. -Investments fall into at least three types: +To date the CNCF has invested in marketing to educate users and grow awareness of cloud native purpose and benefits, to foster community, and to accelerate production use of projects. These investments fall into at least three types: * Developer community support: hangouts, meetups, events and (some) conferences * Digital marketing: help with online content, interactive tutorials, webinars, and social -* Product marketing: conference promotion, certification, case studies, AR/PR +* Product marketing: conference promotion, landscape, certification, case studies, AR/PR Since the Sandbox is for early stage, sandbox projects will receive minimal marketing support from the foundation. The Sandbox group as a whole may be promoted from time to time. -The CNCF will lean towards developer community support and the CNCF service desk, to help discovery and initial steps towards CNCF Incubation. There will only be limited CNCF investment in Digital and Product marketing for individual Sandbox projects, and these should be factual and informative. +The CNCF will lean towards developer community support and the CNCF service desk, to help discovery and initial steps towards CNCF Incubation. There will only be limited CNCF investment in Digital and Product marketing for individual Sandbox projects, and CNCF-funded content should be factual and informative. Some key points: From 8f592dbc83615f078946b41f0ca2e4d410d3c16b Mon Sep 17 00:00:00 2001 From: Ricardo Aravena Date: Thu, 1 Mar 2018 16:00:37 -0800 Subject: [PATCH 074/179] Fix the Vitess github link (#93) Seems to be pointing to a github user with the name vitess rather than https://github.com/vitessio/vitess --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a396b06..b04e911 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Inception -[Vitess](https://github.com/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating +[Vitess](https://github.com/vitessio/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating ## Website Guidelines From d91226f95e5989cb1ad6ee4e09e78cb5b79f15c4 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 5 Mar 2018 11:36:10 -0800 Subject: [PATCH 075/179] Add March 6th TOC agenda https://goo.gl/LcE3TC --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b04e911..b4c0b36 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,8 @@ If you're interested in presenting at a TOC call about your project, please open * **January 16, 2018**: CSI/Storage WG Readout * **Feb 6, 2018**: NATS * **Feb 20, 2018**: Sandbox + CoreDNS Inception Project Review -* **Mar 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Mar 6, 2018**: Sandbox + Graduation Reviews + Working Group Process +* **Mar 20, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes @@ -178,3 +179,4 @@ If you're interested in presenting at a TOC call about your project, please open * [January 16th, 2018](https://goo.gl/5wBe3d) * [February 6th, 2018](https://goo.gl/5WWA2Q) * [February 20th, 2018](https://goo.gl/Z5ytqu) +* [March 6th, 2018](https://goo.gl/LcE3TC) From cfba5e56e9a9dc7b049a7c7b379b5c25dda3def5 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Tue, 13 Mar 2018 15:54:32 +0000 Subject: [PATCH 076/179] Add Justin Cormack to contributors Signed-off-by: Justin Cormack --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 83e03b2..e4126bc 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -44,6 +44,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) * Joseph Jacks, Independent (jacks.joe@gmail.com) * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) +* Justin Cormack, Docker (justin.cormack@docker.com) * Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) * Lee Calcote, SolarWinds (leecalcote@gmail.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) From 6196699b8f9260ea4bf849d48fc91a7831f16737 Mon Sep 17 00:00:00 2001 From: Joe Beda Date: Tue, 13 Mar 2018 09:45:07 -0700 Subject: [PATCH 077/179] Add Joe Beda to CONTRIBUTORS.md Signed-off-by: Joe Beda --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index e4126bc..f54724c 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -42,6 +42,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Ian Crosby, Container Solutions (ian.crosby@container-solutions.com) * Jeyappragash JJ, Independent (pragashjj@gmail.com) * Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) +* Joe Beda, Heptio (joe@heptio.com) * Joseph Jacks, Independent (jacks.joe@gmail.com) * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) * Justin Cormack, Docker (justin.cormack@docker.com) From 01acf1f01c9d62dae851c6ec79d0fbfeece37f82 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 15 Mar 2018 10:02:20 -0700 Subject: [PATCH 078/179] Add NATS as an incubating project https://www.cncf.io/blog/2018/03/15/cncf-to-host-nats/ --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b4c0b36..7824baa 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Inception [Vitess](https://github.com/vitessio/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating +[NATS](https://github.com/nats-io/gnatsd)|Alexis Richardson|[9/21/16](https://goo.gl/6nmyDn)|[3/15/18](https://www.cncf.io/blog/2018/03/15/cncf-to-host-nats/)|Incubating ## Website Guidelines From bae9cb1f96768626f7959a3cd7b8f3568ea1bdc2 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 15 Mar 2018 10:03:08 -0700 Subject: [PATCH 079/179] Kubernetes is a graduated project --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7824baa..4455894 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert **Project**|**Sponsor**|**TOC Deck**|**Accepted**|**Maturity Level** :-----:|:-----:|:-----:|:-----:|:-----: -[Kubernetes](https://kubernetes.io/)|Alexis Richardson|N/A|[3/10/16](https://cncf.io/news/news/2015/07/techcrunch-kubernetes-hits-10-google-donates-technology-newly-formed-cloud-native)|Incubating +[Kubernetes](https://kubernetes.io/)|Alexis Richardson|N/A|[3/10/16](https://cncf.io/news/news/2015/07/techcrunch-kubernetes-hits-10-google-donates-technology-newly-formed-cloud-native)|Graduated [Prometheus](https://prometheus.io/)|Alexis Richardson|[3/4/16](https://docs.google.com/presentation/d/1GtVX-ppI95LhrijprGENsrpq78-I1ttcSWLzMVk5d8M/edit?usp=sharing)|[5/9/16](https://cncf.io/news/announcement/2016/05/cloud-native-computing-foundation-accepts-prometheus-second-hosted-project)|Incubating [OpenTracing](http://opentracing.io/)|Bryan Cantrill|[8/17/16](https://docs.google.com/presentation/d/1kQkmJtT0bjSRvUTP5YFTKaXSfIM3aL7zxja_KtZtbgw/edit#slide=id.g15fc45ec1a_0_165)|[10/11/16](https://cncf.io/news/blogs/2016/10/opentracing-joins-cloud-native-computing-foundation)|Incubating [Fluentd](http://www.fluentd.org/)|Brian Grant|[8/3/16](https://docs.google.com/presentation/d/1S79MNv3E2aG8nuZJFJ0XMSumf7jnKozN3vdrivCH77U/edit?usp=sharing)|[11/8/16](https://www.cncf.io/blog/2016/12/08/fluentd-cloud-native-logging)|Incubating From 04b922e8a9302ccd8e3bb3389e5e47a8af360e26 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 15 Mar 2018 16:32:20 -0700 Subject: [PATCH 080/179] Add additional TOC sponsors for sandbox --- proposals/spiffe.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/spiffe.adoc b/proposals/spiffe.adoc index 852b3b2..82e95e7 100644 --- a/proposals/spiffe.adoc +++ b/proposals/spiffe.adoc @@ -38,7 +38,7 @@ SPIRE’s 12-month roadmap is exciting and will deliver multiple features: * A standards conformance test suite. * Secure introduction to popular products, including Lyft Envoy and Hashicorp Vault. -*Sponsor / Advisor from TOC*: Brian Grant +*Sponsor / Advisor from TOC*: Brian Grant , Sam Lambert , Ken Owens *Preferred maturity level*: Inception From 15f95f621388ff3f20b17365a96009d868a8666a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 15 Mar 2018 16:35:17 -0700 Subject: [PATCH 081/179] Add Brian Grant as additional TOC sponsor --- proposals/opa.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/opa.md b/proposals/opa.md index 0c0c2fc..42e9dfc 100644 --- a/proposals/opa.md +++ b/proposals/opa.md @@ -32,7 +32,7 @@ Since the initial release in July 2016, OPA’s mission has been to provide a po across the stack. OPA’s roadmap for the next 12 months includes improvements to the language, integration with Google’s CEL, expansion of the standard policy library, as well as continued hardening and performance optimization. -**Sponsor from TOC:** Ken Owens +**Sponsor from TOC:** Ken Owens, Brian Grant **Preferred Maturity Level:** Inception From 77775cb854b6e4537697011b29056e0136bbad28 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 19 Mar 2018 09:11:08 -0500 Subject: [PATCH 082/179] Add March 20th TOC agenda https://goo.gl/PpznT7 --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4455894..02bcf8d 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,11 @@ If you're interested in presenting at a TOC call about your project, please open * **Feb 6, 2018**: NATS * **Feb 20, 2018**: Sandbox + CoreDNS Inception Project Review * **Mar 6, 2018**: Sandbox + Graduation Reviews + Working Group Process -* **Mar 20, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Mar 20, 2018**: New Sandbox Projects + Working Group Process +* **Apr 3, 2018**: Working Group Process +* **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal +* **May 1, 2018**: CloudNativeCon/KubeCon Copenhagen (may skip) +* **May 15, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes @@ -181,3 +185,4 @@ If you're interested in presenting at a TOC call about your project, please open * [February 6th, 2018](https://goo.gl/5WWA2Q) * [February 20th, 2018](https://goo.gl/Z5ytqu) * [March 6th, 2018](https://goo.gl/LcE3TC) +* [March 20th, 2018](https://goo.gl/PpznT7) From 75348f0f3c7b256b54455ed21d4886af49b523ce Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 20 Mar 2018 22:32:28 +0800 Subject: [PATCH 083/179] Sandbox --- proposals/spiffe.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/spiffe.adoc b/proposals/spiffe.adoc index 82e95e7..c9e15bd 100644 --- a/proposals/spiffe.adoc +++ b/proposals/spiffe.adoc @@ -40,7 +40,7 @@ SPIRE’s 12-month roadmap is exciting and will deliver multiple features: *Sponsor / Advisor from TOC*: Brian Grant , Sam Lambert , Ken Owens -*Preferred maturity level*: Inception +*Preferred maturity level*: Sandbox *Unique Identifier*: spiffe From 925ff151ccddfc0abf9e6c18c84c5d1d30b47b8c Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 20 Mar 2018 22:32:44 +0800 Subject: [PATCH 084/179] Sandbox --- proposals/opa.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/opa.md b/proposals/opa.md index 42e9dfc..3e08978 100644 --- a/proposals/opa.md +++ b/proposals/opa.md @@ -34,7 +34,7 @@ of the standard policy library, as well as continued hardening and performance o **Sponsor from TOC:** Ken Owens, Brian Grant -**Preferred Maturity Level:** Inception +**Preferred Maturity Level:** Sandbox **License:** Apache License v2 From da5f7af5d017123840e01fb24eac5287672b7023 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 20 Mar 2018 22:34:42 +0800 Subject: [PATCH 085/179] Cross Cloud CI / CNCF CI WG will present April 3rd https://github.com/crosscloudci --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 02bcf8d..464e917 100644 --- a/README.md +++ b/README.md @@ -130,7 +130,7 @@ If you're interested in presenting at a TOC call about your project, please open * **Feb 20, 2018**: Sandbox + CoreDNS Inception Project Review * **Mar 6, 2018**: Sandbox + Graduation Reviews + Working Group Process * **Mar 20, 2018**: New Sandbox Projects + Working Group Process -* **Apr 3, 2018**: Working Group Process +* **Apr 3, 2018**: CNCF CI WG: [Cross Cloud CI](https://github.com/crosscloudci) + Working Group Process * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal * **May 1, 2018**: CloudNativeCon/KubeCon Copenhagen (may skip) * **May 15, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From 3f808d7be2e4c09715e8679b52fe2c9f01e5250e Mon Sep 17 00:00:00 2001 From: Dave Zolotusky Date: Tue, 20 Mar 2018 16:28:13 +0100 Subject: [PATCH 086/179] unify steps to become a TOC Contributor This file used to say that "we would encourage you to make a public commitment on the TOC mailing list that you will become a TOC Contributor." while CONTRIBUTORS.md said "we would encourage you to issue a pull request here that you desire to become a TOC Contributor". Updating this file to match CONTRIBUTORS.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index cd15bee..c93cbf9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,7 +18,7 @@ Possible ways to contribute: * Working groups (various tasks) * Technical content for website -If you are interested in engaging in this way, we would encourage you to make a public commitment on the TOC mailing list that you will become a TOC Contributor. Although there is not an actual limit of having one Contributor per company, we would encourage CNCF member companies to designate an official TOC Contributor who is tasked with consulting internal experts and expressing a semi-official view on a given project. We will list current TOC Contributors on a page similar to https://www.cncf.io/people/ambassadors/. +If you are interested in engaging in this way, we would encourage you to issue a pull request to [TOC Contributors](https://github.com/cncf/toc/blob/master/CONTRIBUTORS.md) that you desire to become a TOC Contributor. Although there is not an actual limit of having one Contributor per company, we would encourage CNCF member companies to designate an official TOC Contributor who is tasked with consulting internal experts and expressing a semi-official view on a given project. We will list current TOC Contributors on a page similar to https://www.cncf.io/people/ambassadors/. This is not only about individual contribution. It is also about rallying help from your employer, e.g., if you work for a CNCF Member company. Given the [breadth](https://raw.githubusercontent.com/cncf/landscape/master/landscape/CloudNativeLandscape_v0.9.5_cncf.jpg) of projects represented by cloud native, it is impossible for anyone to be an expert in all technologies that we’re evaluating. We’re particularly interested in Contributors that can act as a focal point for tapping relevant expertise from their organizations and colleagues in order to engage with CNCF discussions in a timely manner. From 5867106a8aed0f6fed42e54f151e0bd8cc2debc9 Mon Sep 17 00:00:00 2001 From: Dave Zolotusky Date: Tue, 20 Mar 2018 16:37:04 +0100 Subject: [PATCH 087/179] fix alphabetical ordering on CONTRIBUTORS.md The file says "List below is the official list of TOC contributors, in alphabetical order:", but a few names were not in alphabetical order. --- CONTRIBUTORS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index f54724c..6758640 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -24,7 +24,6 @@ List below is the official list of TOC contributors, in alphabetical order: * Bassam Tabbara, Upbound (bassam@upbound.io) * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) -* Vasu Chandrasekhara, SAP SE (vasu.chandrasekhara@sap.com) * Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) * Christopher Liljenstople, Tigera (cdl@asgaard.org) * Clinton Kitson, Dell (Clinton.Kitson@dell.com) @@ -41,8 +40,8 @@ List below is the official list of TOC contributors, in alphabetical order: * Gou Rao, Portworx (gou@portworx.com) * Ian Crosby, Container Solutions (ian.crosby@container-solutions.com) * Jeyappragash JJ, Independent (pragashjj@gmail.com) -* Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) * Joe Beda, Heptio (joe@heptio.com) +* Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) * Joseph Jacks, Independent (jacks.joe@gmail.com) * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) * Justin Cormack, Docker (justin.cormack@docker.com) @@ -60,6 +59,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Rick Spencer, Bitnami (rick@bitnamni.com) * Sarah Allen, Google (sarahallen@google.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) +* Vasu Chandrasekhara, SAP SE (vasu.chandrasekhara@sap.com) * Xu Wang, Hyper (xu@hyper.sh) * Yaron Haviv, iguazio (yaronh@iguaz.io) * Yong Tang, Infoblox (ytang@infoblox.com) From ad2939221b5eb074dc3c10121dd29c4bd7ea6f81 Mon Sep 17 00:00:00 2001 From: Dave Zolotusky Date: Tue, 20 Mar 2018 16:40:38 +0100 Subject: [PATCH 088/179] Add Dave Zolotusky to CONTRIBUTORS.md --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index f54724c..e9beae3 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -30,6 +30,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Clinton Kitson, Dell (Clinton.Kitson@dell.com) * Dan Wilson, Concur (danw@concur.com) * Darren Ratcliffe, Atos (darren.ratcliffe@atos.net) +* Dave Zolotusky, Spotify (dzolo@spotify.com) * Deyuan Deng, Caicloud (deyuan@caicloud.io) * Doug Davis, IBM (dug@us.ibm.com) * Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) From 1d55edacbf06e6bdd51256c5bc561a4f1b61721b Mon Sep 17 00:00:00 2001 From: Josef Adersberger Date: Tue, 27 Mar 2018 22:26:12 +0200 Subject: [PATCH 089/179] Add Josef Adersberger to contributors - CTO QAware (CNCF Silver Member) - Contributor to CKAD - CloudNativeCon NA 2017 & CloudNativeCon EU 2018 speaker - CNCF "Cloud Native Night" meetup host (Munich) --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 26ea543..db80f65 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -43,6 +43,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Jeyappragash JJ, Independent (pragashjj@gmail.com) * Joe Beda, Heptio (joe@heptio.com) * Jonghyuk Jong Choi, NCSoft (jongchoi@ncsoft.com) +* Josef Adersberger, QAware (josef.adersberger@qaware.de) * Joseph Jacks, Independent (jacks.joe@gmail.com) * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) * Justin Cormack, Docker (justin.cormack@docker.com) From 886b55037839d012fa0f4f362b5ecf2fe0464fcb Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 29 Mar 2018 08:17:37 -0700 Subject: [PATCH 090/179] Add OPA and SPIFFE as Sandbox projects --- README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 464e917..be1cc5b 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Prometheus](https://prometheus.io/)|Alexis Richardson|[3/4/16](https://docs.google.com/presentation/d/1GtVX-ppI95LhrijprGENsrpq78-I1ttcSWLzMVk5d8M/edit?usp=sharing)|[5/9/16](https://cncf.io/news/announcement/2016/05/cloud-native-computing-foundation-accepts-prometheus-second-hosted-project)|Incubating [OpenTracing](http://opentracing.io/)|Bryan Cantrill|[8/17/16](https://docs.google.com/presentation/d/1kQkmJtT0bjSRvUTP5YFTKaXSfIM3aL7zxja_KtZtbgw/edit#slide=id.g15fc45ec1a_0_165)|[10/11/16](https://cncf.io/news/blogs/2016/10/opentracing-joins-cloud-native-computing-foundation)|Incubating [Fluentd](http://www.fluentd.org/)|Brian Grant|[8/3/16](https://docs.google.com/presentation/d/1S79MNv3E2aG8nuZJFJ0XMSumf7jnKozN3vdrivCH77U/edit?usp=sharing)|[11/8/16](https://www.cncf.io/blog/2016/12/08/fluentd-cloud-native-logging)|Incubating -[Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Inception +[Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Sandbox [gRPC](http://www.grpc.io/)|Brian Grant|[10/19/16](https://docs.google.com/presentation/d/16mNYaqgd7BaV50OnbcuQ1zRHpWoUKhL3XHvCJwEm8CE/edit#slide=id.g185c09339a_23_106)|[2/16/17](https://www.cncf.io/blog/2017/03/01/cloud-native-computing-foundation-host-grpc-google)|Incubating [CoreDNS](https://coredns.io/)|Jonathan Boulle|[8/17/16](https://docs.google.com/presentation/d/1LPvM44Pi7gletiDs40P7XmTKJLez5nz88ObYCHrHal8/edit?usp=sharing)|[2/27/17](https://www.cncf.io/blog/2017/03/02/cloud-native-computing-foundation-becomes-steward-service-naming-discovery-project-coredns)|Incubating [containerd](https://containerd.io/)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1qmGsmARyMhRLwbFWG7LXJSsDHm45nqZ_QtBv5SnQL54/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/containerd-joins-cloud-native-computing-foundation/)|Incubating @@ -83,9 +83,11 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Jaeger](https://github.com/jaegertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating -[rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Inception +[rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Sandbox [Vitess](https://github.com/vitessio/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating [NATS](https://github.com/nats-io/gnatsd)|Alexis Richardson|[9/21/16](https://goo.gl/6nmyDn)|[3/15/18](https://www.cncf.io/blog/2018/03/15/cncf-to-host-nats/)|Incubating +[SPIFFE](https://github.com/spiffe)|Brian Grant, Sam Lambert, Ken Owens|[11/7/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-the-spiffe-project/)|Sandbox +[OPA](https://github.com/open-policy-agent)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/)|Sandbox ## Website Guidelines @@ -127,13 +129,14 @@ If you're interested in presenting at a TOC call about your project, please open * **December 7, 2017**: KubeCon/CloudNativeCon F2F * **January 16, 2018**: CSI/Storage WG Readout * **Feb 6, 2018**: NATS -* **Feb 20, 2018**: Sandbox + CoreDNS Inception Project Review +* **Feb 20, 2018**: Sandbox + CoreDNS Project Review * **Mar 6, 2018**: Sandbox + Graduation Reviews + Working Group Process * **Mar 20, 2018**: New Sandbox Projects + Working Group Process * **Apr 3, 2018**: CNCF CI WG: [Cross Cloud CI](https://github.com/crosscloudci) + Working Group Process * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal * **May 1, 2018**: CloudNativeCon/KubeCon Copenhagen (may skip) -* **May 15, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **May 15, 2018**: OpenMessaging +* **June 5, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 32ecbe6d87dc6ba3d9becfba29907c12bfa80e8b Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 2 Apr 2018 18:04:36 -0500 Subject: [PATCH 091/179] Add Working Groups Process Signed-off-by: Chris Aniszczyk --- workinggroups/README.md | 11 ++++++++ workinggroups/ci.md | 34 ++++++++++++++++++++++++ workinggroups/networking.md | 53 +++++++++++++++++++++++++++++++++++++ workinggroups/serverless.md | 39 +++++++++++++++++++++++++++ workinggroups/storage.md | 32 ++++++++++++++++++++++ 5 files changed, 169 insertions(+) create mode 100644 workinggroups/README.md create mode 100644 workinggroups/ci.md create mode 100644 workinggroups/networking.md create mode 100644 workinggroups/serverless.md create mode 100644 workinggroups/storage.md diff --git a/workinggroups/README.md b/workinggroups/README.md new file mode 100644 index 0000000..b0be714 --- /dev/null +++ b/workinggroups/README.md @@ -0,0 +1,11 @@ +# CNCF Working Groups + +## Introduction + +The purpose of working groups are to study and report on a particular question and make recommendations based on its findings. The end result of a working group may be a new project proposal, landscape, whitepaper or even a report detailing their findings. The intention of working groups is not to host a full project or specification. Working Groups can be formed at any time but must be sponsored by a TOC member and voted with a super majority vote by the CNCF TOC. The TOC can also shut down a working group with a super majority vote. + +## Process + +If you would like to submit a working group proposal, please submit a pull request to the working groups folder. As an example, you can see the other working group proposals here: https://github.com/cncf/toc/tree/master/workinggroups + +You will also have to present to the CNCF TOC and wider community before your WG proposal will be voted upon by the TOC and community. You can request a presentation by filing an issue here: https://github.com/cncf/toc/issues \ No newline at end of file diff --git a/workinggroups/ci.md b/workinggroups/ci.md new file mode 100644 index 0000000..ce4f504 --- /dev/null +++ b/workinggroups/ci.md @@ -0,0 +1,34 @@ +# CNCF CI WG Proposal + +## TOC Sponsor + +Camille Fournier + +## Objective + +Explore the intersection of cloud native and CI technology. Discuss options for taking some of the cluster resources and dedicating them to supporting an open source CI system that can be used by CNCF projects for their CI needs. + +## Goals and Expected Outcomes + +* We believe that it would be good for us to provide CI services to projects who need or want to use them +* We need to understanding what, if any, SLA we can promise projects for this system +* We need to scope what features this system will provide; there is some concern around trying to promise testing the full cross-product of integration with all of the different CNCF projects +* We want to come away with a recommendation for staffing to support building out this initiative given project needs and desired SLA + +## Non Goals + +* Run CI for CNCF projects +* Recommend CI systems for CNCF projects + +## Initial Interested Parties + +* Camille Fournier (@skamille) [LEAD] +* Chris McClimans (@hh) [Hippie Hacker] +* Denver Williams (@dlx) +* Taylor Carpenter (@taylor) +* Lucina Stricko (@lixuna) +* Jonathan Boulle (@jonboulle) +* Clint Byrum (@spamaps) +* Quinton Hoole (@quintonhoole) +* Quanyi Ma (@genedna) +* Gianluca Arbezzano (@gianarb) \ No newline at end of file diff --git a/workinggroups/networking.md b/workinggroups/networking.md new file mode 100644 index 0000000..2c5172e --- /dev/null +++ b/workinggroups/networking.md @@ -0,0 +1,53 @@ +# CNCF Networking WG Proposal + +## TOC Sponsor + +Ken Owens + +## Objective + +Explore cloud native networking technology and concepts around the container networking interface (CNI). + +## Goals and Expected Outcomes + +* Recommend CNI be adopted as initial network interface specification focused on connectivity and portability as an official CNCF project. +* Adopt implementations of CNI that have traction in the cloud native ecosystem +* Define cloud native networking patterns +* Define the Policy framework and network services model +* A network plugin author should be able to write one “plugin” (a container) that “just works” across all container orchestration (CO) systems. +* Enable container orchestrator to present network interfaces to the users in a portable manner that is focused on connectivity initially. +* Support dynamic provisioning and deprovisioning network primitives through this interface. +* Support group of entities that are uniquely addressable that can communicate amongst each other. This could be either an individual container, a machine, or some other network service (e.g. load balancing, firewall, VPN, QoS, Service Discovery). Containers can be conceptually added to or removed from one or* more networks. +* Focused on cloud native application patterns. This includes VM-based, Bare metal based, and FaaS (TBD) based. +* Define policy framework for network isolation + +## Non Goals + +* Provide or dictate an implementation. +* This includes dictating plugin lifecycle management +* Plugin distribution +* Protocol-level authn/authz +* Plugin discovery +* Not going to make a one network standard for all +* Not going to focus on individual projects per service but rather projects that model network services and patterns not going to be prescriptive but more reference guidelines and patterns + +## Interested Parties + +* Ken Owens (@kenowens12) [lead] +* Ben Hindman (@benh) +* Alexis Richardson (@monadic) +* Jonathan Boulle (@jonboulle) +* Lee Calcote (@lcalcote) +* Madhu Venugopal +* Jie Yu +* Deepak Bansal +* John Gossman +* Christopher Liljenstolpe (@liljenstolpe) +* Bryan Boreham (@bboreham) +* Minhan Xia (@freehan) +* Daniel Nardo (@dnardo) +* Pengfei Ni (@feiskyer) +* John Belamaric (@johnbelamaric) +* Thomas Graf (@tgraf__) +* Jason Venner (@jvmirdel) +* Doug Davis (@duglin) \ No newline at end of file diff --git a/workinggroups/serverless.md b/workinggroups/serverless.md new file mode 100644 index 0000000..5999b76 --- /dev/null +++ b/workinggroups/serverless.md @@ -0,0 +1,39 @@ +# CNCF Serverless WG Proposal + +## TOC Sponsor + +Ken Owens + +## Objective + +Explore the intersection of cloud native and serverless technology. + +## Goals and Expected Outcomes + +* Produce a whitepaper +* Produce a serverless landscape +* Explore specifications for serverless to propose to the CNCF +* Bring recommendations to the TOC on serverless projects in CNCF + +## Non Goals + +* Define one serverless project to rule them all + +## Initial Interested Parties + +* Sarah Allen (Google) +* Chris Aniszczyk (CNCF) +* Chad Arimura (Oracle) +* Ben Browning (Red Hat) +* Lee Calcote (SolarWinds) +* Amir Chaudhry (Docker) +* Doug Davis (IBM) +* Louis Fourie (Huawei) +* Antonio Gulli (Google) +* Yaron Haviv (iguazio) +* Daniel Krook (IBM) +* Orit Nissan-Messing (iguazio) +* Chris Munns (AWS) +* Ken Owens (Mastercard) +* Mark Peek (VMWare) +* Cathy Zhang (Huawei) \ No newline at end of file diff --git a/workinggroups/storage.md b/workinggroups/storage.md new file mode 100644 index 0000000..a2776c6 --- /dev/null +++ b/workinggroups/storage.md @@ -0,0 +1,32 @@ +# CNCF Storage WG Proposal + +## TOC Sponsor + +Ben Hindman + +## Objective + +Explore cloud native storage technology and concepts. + +## Goals and Expected Outcomes + +* Produce a landscape +* Explore specifications for storage to propose to the CNCF +* Bring recommendations to the TOC on storage projects in CNCF + +## Non Goals + +* N/A + +## Initial Interested Parties + +* Ben Hindman (@benh) [lead] +* Steven Tan (@stevenphtan) +* Clinton Kitson (@clintonskitson) +* Alex Chircop (@chira001) +* Steve Wong (@cantbewong) +* Venkat Ramakrishnan (@katkrish) +* Gou Rao (@gourao) +* Vinod Jayaraman (@jvinod) +* Allen Samuels (@allensamuels) +* Yaron Haviv (@yaronhaviv) \ No newline at end of file From 274e0665674290668f392f92cc2555141b7db748 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 2 Apr 2018 18:15:49 -0500 Subject: [PATCH 092/179] Add 4/3/2018 TOC agenda https://goo.gl/FnpaEA --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index be1cc5b..eb62427 100644 --- a/README.md +++ b/README.md @@ -189,3 +189,4 @@ If you're interested in presenting at a TOC call about your project, please open * [February 20th, 2018](https://goo.gl/Z5ytqu) * [March 6th, 2018](https://goo.gl/LcE3TC) * [March 20th, 2018](https://goo.gl/PpznT7) +* [April 3rd, 2018](https://goo.gl/FnpaEA) From 4cab92f988ebc562299252b343e07c18bd5966d5 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 6 Apr 2018 10:26:16 -0500 Subject: [PATCH 093/179] linkerd is now officially incubating https://lists.cncf.io/g/cncf-toc/message/1952 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eb62427..0b35564 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Prometheus](https://prometheus.io/)|Alexis Richardson|[3/4/16](https://docs.google.com/presentation/d/1GtVX-ppI95LhrijprGENsrpq78-I1ttcSWLzMVk5d8M/edit?usp=sharing)|[5/9/16](https://cncf.io/news/announcement/2016/05/cloud-native-computing-foundation-accepts-prometheus-second-hosted-project)|Incubating [OpenTracing](http://opentracing.io/)|Bryan Cantrill|[8/17/16](https://docs.google.com/presentation/d/1kQkmJtT0bjSRvUTP5YFTKaXSfIM3aL7zxja_KtZtbgw/edit#slide=id.g15fc45ec1a_0_165)|[10/11/16](https://cncf.io/news/blogs/2016/10/opentracing-joins-cloud-native-computing-foundation)|Incubating [Fluentd](http://www.fluentd.org/)|Brian Grant|[8/3/16](https://docs.google.com/presentation/d/1S79MNv3E2aG8nuZJFJ0XMSumf7jnKozN3vdrivCH77U/edit?usp=sharing)|[11/8/16](https://www.cncf.io/blog/2016/12/08/fluentd-cloud-native-logging)|Incubating -[Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Sandbox +[Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Incubating [gRPC](http://www.grpc.io/)|Brian Grant|[10/19/16](https://docs.google.com/presentation/d/16mNYaqgd7BaV50OnbcuQ1zRHpWoUKhL3XHvCJwEm8CE/edit#slide=id.g185c09339a_23_106)|[2/16/17](https://www.cncf.io/blog/2017/03/01/cloud-native-computing-foundation-host-grpc-google)|Incubating [CoreDNS](https://coredns.io/)|Jonathan Boulle|[8/17/16](https://docs.google.com/presentation/d/1LPvM44Pi7gletiDs40P7XmTKJLez5nz88ObYCHrHal8/edit?usp=sharing)|[2/27/17](https://www.cncf.io/blog/2017/03/02/cloud-native-computing-foundation-becomes-steward-service-naming-discovery-project-coredns)|Incubating [containerd](https://containerd.io/)|Brian Grant|[3/15/17](https://docs.google.com/presentation/d/1qmGsmARyMhRLwbFWG7LXJSsDHm45nqZ_QtBv5SnQL54/edit?usp=sharing)|[3/29/17](https://www.cncf.io/announcement/2017/03/29/containerd-joins-cloud-native-computing-foundation/)|Incubating From 8e6dc9861dd9aa121c50e4cf61963fe2f37a4273 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 16 Apr 2018 09:55:05 -0500 Subject: [PATCH 094/179] Add April 17th TOC agenda https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0b35564..3b9b28b 100644 --- a/README.md +++ b/README.md @@ -190,3 +190,4 @@ If you're interested in presenting at a TOC call about your project, please open * [March 6th, 2018](https://goo.gl/LcE3TC) * [March 20th, 2018](https://goo.gl/PpznT7) * [April 3rd, 2018](https://goo.gl/FnpaEA) +* [April 17th, 2018](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing) From 20f3c47d3a39c3e7f6b28a18b2bc8ecdf85bf6bf Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 17 Apr 2018 10:36:00 -0500 Subject: [PATCH 095/179] Add Quinton Hoole to TOC; remove Solomon Brian Grant was re-elected and Quinton Hoole had the second seat. Thank you Solomon Hykes for your service! --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 3b9b28b..f18c66f 100644 --- a/README.md +++ b/README.md @@ -8,15 +8,15 @@ The CNCF TOC is the technical governing body of the CNCF Foundation. It admits a ## Members -* **Jonathan Boulle** (term: 3 years - start date: 1/29/2016) -* **Bryan Cantrill** (term: 3 years - start date: 1/29/2016) -* **Camille Fournier** (term: 3 years - start date: 1/29/2016) -* **Brian Grant** (term: 2 years - start date: 3/17/2016) -* **Benjamin Hindman** (term: 3 years - start date: 1/29/2016) -* **Solomon Hykes** (term: 2 years - start date: 3/17/2016) -* **Sam Lambert** (term: 16 months - start date: 10/2/2017) -* **Ken Owens** (term: 3 years - start date: 1/29/2016) -* **Alexis Richardson** (term: 3 years - start date: 1/29/2016) +* **Jonathan Boulle** (term: 3 years - start date: 1/29/2016 - 1/29/2019) +* **Bryan Cantrill** (term: 3 years - start date: 1/29/2016 - 1/29/2019) +* **Camille Fournier** (term: 3 years - start date: 1/29/2016 - 1/29/2019) +* **Brian Grant** (term: 2 years - start date: 3/17/2018 - 3/17/2020) +* **Benjamin Hindman** (term: 3 years - start date: 1/29/2016 - 1/29/2019) +* **Quinton Hoole** (term: 1 years - start date: 3/17/2018 - 3/17/2019) +* **Sam Lambert** (term: 16 months - start date: 10/2/2017 - 1/29/2019) +* **Ken Owens** (term: 3 years - start date: 1/29/2016 - 1/29/2019) +* **Alexis Richardson** (term: 3 years - start date: 1/29/2016 - 1/29/2019) Election [schedule](process/election-schedule.md) @@ -134,7 +134,7 @@ If you're interested in presenting at a TOC call about your project, please open * **Mar 20, 2018**: New Sandbox Projects + Working Group Process * **Apr 3, 2018**: CNCF CI WG: [Cross Cloud CI](https://github.com/crosscloudci) + Working Group Process * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal -* **May 1, 2018**: CloudNativeCon/KubeCon Copenhagen (may skip) +* **May 1, 2018**: CANCELLED: CloudNativeCon/KubeCon Copenhagen Office Hours at CNCF Booth * **May 15, 2018**: OpenMessaging * **June 5, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From 8792703c11a3d981346bdcb111d5717b25f1fae2 Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Tue, 24 Apr 2018 11:09:52 -0400 Subject: [PATCH 096/179] Changed CI to meet monthly --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f18c66f..2bb278e 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ The TOC has created the following working groups to investigate and discuss the | Working Group | Chair | Meeting Time | Minutes/Recordings | |---------------|------------------|---------------------------------------|--------------------| -| [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [2nd and 4th Tue every month at 8AM PT](https://zoom.us/my/cncfciwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) +| [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [4th Tue of every month at 8AM PT](https://zoom.us/my/cncfciwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) | [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/my/cncfnetworkingwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) | [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/my/cncfserverlesswg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) | [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [2nd and 4th Wed every month at 8AM PT](https://zoom.us/my/cncfstoragewg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) From 03b23f771912b7cbc0967acfb18cf9e2a904f2e4 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 25 Apr 2018 20:23:24 -0400 Subject: [PATCH 097/179] Add CloudEvents for June 5th per request of the Serverless WG, CloudEvents is presenting on June 5th --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bb278e..aa04bd5 100644 --- a/README.md +++ b/README.md @@ -136,7 +136,8 @@ If you're interested in presenting at a TOC call about your project, please open * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal * **May 1, 2018**: CANCELLED: CloudNativeCon/KubeCon Copenhagen Office Hours at CNCF Booth * **May 15, 2018**: OpenMessaging -* **June 5, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **June 5, 2018**: CloudEvents +* **June 14, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 4bf0ad2d9ef930ec71439e192bdac665e3f76f2e Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 30 Apr 2018 12:50:58 +0200 Subject: [PATCH 098/179] Add OpenMetrics / Harbor to the presentation queue --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index aa04bd5..d4ec7c7 100644 --- a/README.md +++ b/README.md @@ -137,7 +137,8 @@ If you're interested in presenting at a TOC call about your project, please open * **May 1, 2018**: CANCELLED: CloudNativeCon/KubeCon Copenhagen Office Hours at CNCF Booth * **May 15, 2018**: OpenMessaging * **June 5, 2018**: CloudEvents -* **June 14, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **June 19, 2018**: OpenMetrics and Harbor +* **July 3, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 0db493914f54ca6909a4fc7aa5e2107759698bf1 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 7 May 2018 09:53:51 -0500 Subject: [PATCH 099/179] move cloudevents presentation up --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d4ec7c7..226fe65 100644 --- a/README.md +++ b/README.md @@ -135,8 +135,8 @@ If you're interested in presenting at a TOC call about your project, please open * **Apr 3, 2018**: CNCF CI WG: [Cross Cloud CI](https://github.com/crosscloudci) + Working Group Process * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal * **May 1, 2018**: CANCELLED: CloudNativeCon/KubeCon Copenhagen Office Hours at CNCF Booth -* **May 15, 2018**: OpenMessaging -* **June 5, 2018**: CloudEvents +* **May 15, 2018**: CloudEvents/ServerlessWG and OpenMessaging +* **June 5, 2018**: TBD * **June 19, 2018**: OpenMetrics and Harbor * **July 3, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From 4a9ec5319df84dd61b9ca614aa0f8ceefa688e4e Mon Sep 17 00:00:00 2001 From: Richard Li Date: Tue, 8 May 2018 17:12:05 -0400 Subject: [PATCH 100/179] telepresence project proposal --- proposals/telepresence.adoc | 88 +++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 proposals/telepresence.adoc diff --git a/proposals/telepresence.adoc b/proposals/telepresence.adoc new file mode 100644 index 0000000..143250a --- /dev/null +++ b/proposals/telepresence.adoc @@ -0,0 +1,88 @@ +== Telepresence + +*Name of project:* Telepresence + +*Description:* + +Telepresence enables software engineers using Kubernetes to develop services locally, while proxying their local services to a remote Kubernetes clusters. + +As cloud-native applications grow in complexity, running the entire application locally is no longer practical. The entire application frequently consumes more memory and CPU than is available locally. Moreover, many applications rely on cloud-native services such as cloud databases (e.g., Amazon RDS) or cloud messaging (e.g., Google Pub/Sub). Thus, developers need to develop using a remote Kubernetes cluster. + +However, moving development to a remote Kubernetes cluster has tradeoffs. Remote development requires containers to be pushed to a remote registry, does not permit auto-reloading of code, and generally increases the overall latency in the code/test/debug cycle. In addition, developers are unable to use their complete suite of development tools, eg., IDE, debugger, profiler, and so forth. + +Telepresence enables a hybrid model for development. Services are developed locally, while the rest of the application runs in the cloud. Telepresence deploys a bi-directional proxy to the remote Kubernetes cluster, connecting the local development machine to the cloud. + +Telepresence is currently used by dozens of organizations in their daily development process. These organizations range in size from Fortune 50 companies to small startups. + +Telepresence was presented at the https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit#slide=id.g380c8a0114_0_178[CNCF TOC meeting on 4/17/2018]. + +*Statement on alignment with CNCF mission:* + +Given the CNCF's stated role in "fostering the growth and evolution of the cosystem" and "making the technology accessible and reliable", we believe Telepresence helps with both of these goals. In particular, we have heard repeatedly from Kubernetes users that one of the major barriers to adoption is the developer experience. Telepresence's goal is to reduce the friction of developing cloud-native applications, for developers. We think that expanding the portfolio of CNCF projects beyond operational infrastructure (e.g., Kubernetes, Prometheus, Envoy) to software for developers will help further the ubiquity of cloud-native technologies. + +*Sponsor / Advisor from TOC:* Alexis Richardson, Camille Fournier + +*Unique identifier:* telepresence + +*Preferred maturity level:* sandbox + +*License:* Apache License v2.0 + +*Source control repositories:* https://github.com/datawire/telepresence + +*External Dependencies:* + +Teepresence depends on the following external software components: + +* `kubectl` (Apache Software License 2.0) +* OpenSSH (BSD 2 clause) +* `sshfs` (GPL 2.0) +* `conntrack` (GPL 2.0) +* `torsocks` (GPL 2.0) +* `socat` (GPL 2.0) +* Docker (Apache Software License 2.0) + +*Initial Committers (leads):* + +* Rafael Schloming (Datawire) +* Abhay Saxena (Datawire) + +*Infrastructure requests (CI / CNCF Cluster):* + +CI (currently using the CircleCI free plan), and possibly the CNCF Community cluster for regression testing. + +*Communication Channels:* + +* Gitter: https://gitter.im/datawire/telepresence + +*Issue tracker:* https://github.com/datawire/telepresence/issues + +*Website:* https://www.telepresence.io + +*Release methodology and mechanics:* + +We release rapidly and frequently. Generally this varies from weekly to monthly. + +*Social media accounts:* + +None + +*Existing sponsorship*: https://www.datawire.io[Datawire] + +*Community size:* + +* 700+ stars +* 40+ contributors +* 155+ forks +* 135+ on slack +* 600K+ container pulls (quay.io), 50K+ container pulls (docker) + +*Production usage*: + +Telepresence is being actively used by a number of organizations for active development. Telepresence is not designed for use in production. Some of these users include: + +* Bitnami https://youtu.be/8Dl8U-AbJN0([KubeCon EU talk] +* Namely https://www.youtube.com/watch?v=xIOkbu0sUi4[Kubernetes NYC meetup talk] +* Sight Machine +* Shopify +* Verloop From d3a046791b6989db953a61463a58098259126117 Mon Sep 17 00:00:00 2001 From: Richard Li Date: Tue, 8 May 2018 17:15:37 -0400 Subject: [PATCH 101/179] fix stats --- proposals/telepresence.adoc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/proposals/telepresence.adoc b/proposals/telepresence.adoc index 143250a..a489062 100644 --- a/proposals/telepresence.adoc +++ b/proposals/telepresence.adoc @@ -72,10 +72,9 @@ None *Community size:* * 700+ stars -* 40+ contributors -* 155+ forks -* 135+ on slack -* 600K+ container pulls (quay.io), 50K+ container pulls (docker) +* 50+ forks +* 100K+ container pulls +* 90+ people on Gitter *Production usage*: From 3f7db769d457bcd63b0d2240b70e3f6ac8c5dc73 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 10 May 2018 08:47:48 -0700 Subject: [PATCH 102/179] clean up scheduled community presentations --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 226fe65..0027707 100644 --- a/README.md +++ b/README.md @@ -135,10 +135,12 @@ If you're interested in presenting at a TOC call about your project, please open * **Apr 3, 2018**: CNCF CI WG: [Cross Cloud CI](https://github.com/crosscloudci) + Working Group Process * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal * **May 1, 2018**: CANCELLED: CloudNativeCon/KubeCon Copenhagen Office Hours at CNCF Booth -* **May 15, 2018**: CloudEvents/ServerlessWG and OpenMessaging -* **June 5, 2018**: TBD +* **May 15, 2018**: CloudEvents/ServerlessWG Update +* **June 5, 2018**: Cortex * **June 19, 2018**: OpenMetrics and Harbor -* **July 3, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **July 3, 2018**: TiKV +* **July 14, 2018**: Falco +* **Aug 7, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 2295369952475895760cf1d9026c11b78f984f33 Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Thu, 10 May 2018 16:47:35 -0400 Subject: [PATCH 103/179] Add Helm project proposal --- proposals/helm.adoc | 122 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 proposals/helm.adoc diff --git a/proposals/helm.adoc b/proposals/helm.adoc new file mode 100644 index 0000000..c0028f4 --- /dev/null +++ b/proposals/helm.adoc @@ -0,0 +1,122 @@ +== Helm + +*Name of project*: Helm + +*Description*: + +link:http://helm.sh[Helm] is a package manager, like Debian Apt for Kubernetes, that enables you to define, install, and upgrade container based applications including those with dependencies. Dependencies can be held in distributed repositories including those in public and private locations. + +Those who develop packages, known as charts, have the full power of Kubernetes objects and the ability to depend on other charts. Depending on other charts allows individual services to be defined separately while also allowing an application to launch using a microservice architecture. + +Helm not only provides a simple out-of-the-box experience for those installing applications, but also simplifies deployment automation by enabling configuration reuse, enabling multiple components to be managed as a single entity, and facilitating observability of overall application health. + +*Sponsor / Advisor from TOC*: Brian Grant + +*Unique Identifier*: helm + +*License*: ALv2 + +*Maturity Level:* Incubating + +*Source control repositories*: + +* https://github.com/kubernetes/helm +* https://github.com/kubernetes/charts +* https://github.com/kubernetes-helm/community +* https://github.com/kubernetes-helm/monocular +* https://github.com/kubernetes-helm/helm-summit-notes +* https://github.com/kubernetes-helm/chart-testing +* https://github.com/kubernetes-helm/charts-tooling +* https://github.com/kubernetes-helm/rudder-federation +* https://github.com/kubernetes-helm/chartmuseum +* https://github.com/helm/helm-www + +A goal is to consolidate all repositories under the link:https://github.com/helm[helm] GitHub org. + +link:https://github.com/kubernetes/community/blob/6c3b1a6f0c1152f5e35a53ea93e692ed501abf7a/governance.md#subprojects[Kubernetes, where Helm grew up, has the concept of sub-projects]. For Kubernetes these can be ways the core Kubernetes codebase is organized as well as separate codebases, some with their own release schedules, that support Kubernetes as a whole. Under Kuberentes, Helm and its supporting projects were organized as several sub-projects. This proposal groups those supporting projects of Helm, coming from Kubernetes, as sub-projects of Helm. Sub-projects may have their own maintainers and release schedules. + +*Current Core Maintainers*: + +* Adam Reese +* Adnan Abdulhussein +* Justin Scott +* Maciej Kwiek +* Matt Butcher +* Matt Farina +* Matt Fisher +* Michelle Noorali +* Nikhil Manchanda +* Taylor Thomas +* Vic Iglesias + +_Note, the current core maintainers represent 5 different companies._ + +Sub-projects of Helm have their own maintainers. For example, you can read about the Charts maintainers in the link:https://github.com/kubernetes/charts/blob/master/OWNERS[OWNERS file]. + +*Infrastructure requirements*: CI, CNCF Cluster, Object Storage + +*Issue tracker*: https://github.com/kubernetes/helm/issues + +Sub-projects each have their own issue queue. + +*Mailing lists* + +* Slack: +** Helm Dev room https://kubernetes.slack.com/messages/helm-dev +** Helm Users room https://kubernetes.slack.com/messages/helm-users (see https://kubernetes.slackarchive.io/helm-users/page-100) +** Charts room https://kubernetes.slack.com/messages/charts +** Chartmuseum room https://kubernetes.slack.com/messages/chartmuseum +* https://lists.cncf.io/g/cncf-kubernetes-helm + +*Website*: http://helm.sh + +*Release methodology and mechanics* + +Helm uses link:http://semver.org/[semantic versioning] for releases. Releases are announced using GitHub releases while the release artifacts are placed into object storage for later download. The continuous integration systems, currently CircleCI, automatically places releases and development builds into object storage. + +Helm is currently releases stable releases with a major version of 2. When a minor version comes out containing new features a release branch is created where release candidates, final releases, and patch releases are created from. Anything to be added to these releases is cherry-picked into the branch prior to releases. + +The Helm release process is documented in the link:https://github.com/kubernetes/helm/blob/master/docs/release_checklist.md[release checklist]. + +Sub-projects have their own releases processes. For example, the Helm Community Charts repository uses continuous deployments. All changes to individual charts increment the chart versions. A sync job runs every 15 minutes to pickup changes, builds the chart packages, and places them into object storage to be retrieved by Helm clients. + +*Social media accounts*: + +* https://twitter.com/helmpack +* link:https://www.youtube.com/channel/UC_kvCKc5EHNomq64f8C4sfA[YouTube] + +*Existing sponsorship*: + +* Microsoft +* Google +* Codefresh +* Bitnami +* Ticketmaster +* Codecentric + +_Note, these companies and their logos are listed on the link:https://helm.sh[Helm website]._ + +*Adopters*: + +Many Kubernetes users depend on Helm to configure and deploy their applications. The following is a partial list of those who have said they are using Helm at the Helm Summit, a conference held earlier this year that focused solely on the development of and use of Helm. The list is in alphabetical order. + +* IBM +* jFrog +* Microsoft +* Nike +* Oteemo +* Reddit +* Samsung SDS +* SUSE +* Ubisoft +* WP Engine + +In addition to these we have measured downloads of Helm. A sample of that for the month of April 2018 shows 59,050 downloads from unique IPs from the Helm distribution channel along with 11,618 installations via Homebrew for MacOS. + +*Statement on alignment with CNCF mission*: + +Helm joined the CNCF at the same time Kubernetes did as it was a sub-project of Kubernetes at that time. Helm is seeking to become a top-level project within the CNCF because Helm has grown up and is taking on a life of it's own. This can be seen in the over 300 contributors to Helm, the over 800 contributors to the community charts, a successful conference based solely on Helm, and the unique culture forming around Helm compared to core Kubernetes. + +*External Dependencies*: A full list of dependencies can be found at https://github.com/kubernetes/helm/blob/master/glide.lock. + +*Other Contributors*: https://github.com/kubernetes/helm/graphs/contributors \ No newline at end of file From 0f1d357ef1913ce9913b2da641d7276225859cc5 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 14 May 2018 08:42:40 -0500 Subject: [PATCH 104/179] Add 5/15/2018 TOC deck https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0027707..217be73 100644 --- a/README.md +++ b/README.md @@ -135,7 +135,7 @@ If you're interested in presenting at a TOC call about your project, please open * **Apr 3, 2018**: CNCF CI WG: [Cross Cloud CI](https://github.com/crosscloudci) + Working Group Process * **Apr 17, 2018**: [Telepresence](https://github.com/cncf/toc/issues/99) + SAFE Working Group Proposal * **May 1, 2018**: CANCELLED: CloudNativeCon/KubeCon Copenhagen Office Hours at CNCF Booth -* **May 15, 2018**: CloudEvents/ServerlessWG Update +* **May 15, 2018**: CloudEvents/ServerlessWG Update + Helm * **June 5, 2018**: Cortex * **June 19, 2018**: OpenMetrics and Harbor * **July 3, 2018**: TiKV @@ -195,3 +195,4 @@ If you're interested in presenting at a TOC call about your project, please open * [March 20th, 2018](https://goo.gl/PpznT7) * [April 3rd, 2018](https://goo.gl/FnpaEA) * [April 17th, 2018](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing) +* [May 15th, 2018](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0) From ecee687fa0f8f193bdfe573042c2ac26b31b4222 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 27 Apr 2018 17:48:33 -0700 Subject: [PATCH 105/179] CloudEvents sandbox proposal Signed-off-by: Doug Davis --- proposals/cloudevents.md | 156 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 proposals/cloudevents.md diff --git a/proposals/cloudevents.md b/proposals/cloudevents.md new file mode 100644 index 0000000..ed1d115 --- /dev/null +++ b/proposals/cloudevents.md @@ -0,0 +1,156 @@ +# CloudEvents + +**Name of project**: CloudEvents + +**Description**: + +Last year the CNCF TOC created the Serverless Working Group to investigate +the Serverless landscape. The outputs of the WG included: +- a [whitepaper](https://github.com/cncf/wg-serverless#whitepaper) that: + - defines Serverless and its terminology + - describes common use cases for the technology + - compares it with other Cloud Native technologies and \*aaS environments + - describes the common architecture of Serverless platforms +- a [landscape document](https://docs.google.com/spreadsheets/d/10rSQ8rMhYDgf_ib3n6kfzwEuoE88qr0amUPRxKbwVCk/edit#gid=0) + that lists well-known open-source and proprietary Serverless platforms + and tools +- a set of recommended next steps for the WG, as part of the whitepaper: + - encourage more Serverless technology vendors and open source developers + to join the CNCF + - foster an open ecosystem by establishing interoperable APIs, in particular + around: Events, Deployments and Workflows + - provide additional education as needed + +One of the recommendations, interoperability around Events, was agreed to +by the TOC and the WG began to develop a new specification for how +Events that are transferred between an event producer and an event consumer +should be formalized. The purpose of this would be to better enable +interoperability between these components such that basic processing of +the events (such as routing) can be achieved without having to require +knowledge of the event's structure in advance, or without understanding +the application specific data of the event. + +The work on this specification is currently being done within the +CNCF's Serverless Working Group, but with the release of our first +milestone (v0.1), it would make sense for this work to be more +formalized as a new sandbox project under the CNCF. + +The goals/roadmap of the project include: +- moving the specification to v1.0. A baseline format for an Event + to enable broad adoption within the Cloud community, and in particular + for Serverless/FaaS implementations +- define protocol mappings for popular transports, such as HTTP +- define serialization mappings for popular formats, such as JSON + +**Statement on alignment with CNCF mission**: + +Being born out of the CNCF's Serverless Working Group, the CloudEvents +project (and its members) share the CNCF's goals of promoting Cloud Native +technologies, and offering choice to our consumers through an open +interoperability specification, as shown by the significant participation +from key industry companies. + +We believe that the CNCF provides the proper home for this due to its +commitment to the promotion and development of open, vendor-neutral projects. +Additionally, the wide breadth of the CNCF members will provide the feedback +necessary to ensure the CloudEvents specification isn't too limited in its +scope and appeals to as many constituents of the cloud native community +as possible. + +**Sponsor / Advisor from TOC**: +- Ken Owens +- Brian Grant + +**Preferred maturity level**: Sandbox + +**License**: Apache License v2.0 + +**Source control repositories**: + +CloudEvents org: https://github.com/cloudevents + +CloudEvents repo for the specification: https://github.com/cloudevents/spec + +**External dependencie**: None + +**Initial Maintainers**: + +The CloudEvents group does not have "maintainers" that approve +Pull Requests (PRs) like traditional GitHub projects. Rather, the group +discusses/reviews PRs in the PRs themselves and then when consensus is reached +they are approved during our weekly calls. If concensus can not be reached +then a formal vote is taken. + +Voting rights: each member company designates a "primary" and "alternate" +member whose attendance at the weekly calls is tracked. Any member company +that attends three out of the last four meetings (current meeting not included) +has voting rights. + +We also have this +[GOVERNANCE](https://github.com/cloudevents/spec/blob/master/GOVERNANCE.md) +doc which explains the processes we follow. + +**Infrastructure Requests**: None + +**Communication Channels**: + +Mailing list: CloudEvents uses the CNCF Serverless WG mailing list: +https://groups.google.com/forum/#!forum/cncf-wg-serverless but we may +move to our own dedicated mailing list when/if the Serverless WG starts +a second project. + +Slack: There is a #cloudevents Slack channel under CNCF's Slack workspace. + +We have weekly zoom calls (9am PT on Thursdays): +https://zoom.us/my/cncfserverlesswg + +**Issue tracker**: + +Issues are tracked with GitHub Issues:https://github.com/cloudevents/spec/issues + +Changes are tracked with GitHub PRs: https://github.com/cloudevents/spec/pulls + +**Website**: + +CloudEvents has its own website at: https://cloudevents.io + +**Release Methodology and Mechanics** + +CloudEvents has a set of milestones defined in its +[roadmap](https://github.com/cloudevents/spec/blob/master/roadmap.md) +document. Beyond what is defined there, the group will decide when +significate progress has been made to warrant a new release. + +**Social Media Accounts**: + +Twitter: @CloudEventsDemo + +**Contributor statistics**: + +Attendance is tracked [here](https://docs.google.com/spreadsheets/d/1bw5s9sC2ggYyAiGJHEk7xm-q2KG6jyrfBy69ifkdmt0/edit?pli=1#gid=0). +As can been seen in that document, CloudEvents weekly calls have regular +attendance from most major cloud vendors, averaging nearly 30 people +each week. + +Without implying endorsement, the following companies have attended at least +one meeting: +Accenture, Alibaba, Amazon, Bitnami/Kubeless, Cisco, Clay, CNCF, +Collinson Group, Cuemby, Google, Hauwei, Honeycomb.io, Huawei, IBM, iguazio, +infraCloud, Intel, JP Morgan, JS Foundation, Mastercard, Microsoft, NAIC, +Nordstrom, OpenFaaS, Oracle, Particular Software, Pivotal, Progress, Red Hat, +RX-M, SAP, Serverless, Singlepoint, Solar Winds, solo.io, Splunk, VMWare + +And the following have voting rights (today), which means they regularly +attend the weekly calls: +Alibaba, CNCF, Google, Huawei, IBM, iguazio, Intel, JS Foundation, Microsoft, +NAIC, Nordstrom, Oracle, Red Hat, SAP, Serverless, VMWare + +In terms of adoption, the following companies participated in the KubeCon +EU CloudEvents demo: +Alibaba, Google, Hauwei, IBM, iguazio, Microsoft, Oracle, Red Hat, SAP, +Serverless, VMWare + +Azure recently announced official support for CloudEvents in their +[Event Grid](https://docs.microsoft.com/en-us/azure/event-grid/cloudevents-schema), +and Serverless announced support for it in their +[Event Gateway](https://serverless.com/learn/event-gateway/). From dd29bdea62d5d8d1b87c1d778022c3a15f11be71 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 15 May 2018 21:42:48 -0500 Subject: [PATCH 106/179] July 17th instead of 14th :) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 217be73..dda6945 100644 --- a/README.md +++ b/README.md @@ -139,7 +139,7 @@ If you're interested in presenting at a TOC call about your project, please open * **June 5, 2018**: Cortex * **June 19, 2018**: OpenMetrics and Harbor * **July 3, 2018**: TiKV -* **July 14, 2018**: Falco +* **July 17, 2018**: Falco * **Aug 7, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 41c6cc68d22f7048292d20cc49d6bc7bce378f88 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 16 May 2018 16:17:43 -0700 Subject: [PATCH 107/179] Add CloudEvents to the CNCF Sandbox https://cloudevents.io --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dda6945..dd30c7e 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,8 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Vitess](https://github.com/vitessio/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating [NATS](https://github.com/nats-io/gnatsd)|Alexis Richardson|[9/21/16](https://goo.gl/6nmyDn)|[3/15/18](https://www.cncf.io/blog/2018/03/15/cncf-to-host-nats/)|Incubating [SPIFFE](https://github.com/spiffe)|Brian Grant, Sam Lambert, Ken Owens|[11/7/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-the-spiffe-project/)|Sandbox -[OPA](https://github.com/open-policy-agent)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/)|Sandbox +[OPA](https://github.com/open-policy-agent)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/)|Sandbox +[CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/15/18](https://cloudevents.io/)|Sandbox ## Website Guidelines From 52a95bc391b920cca355df53eebae6b5a26c645c Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Wed, 16 May 2018 17:52:03 -0700 Subject: [PATCH 108/179] Add Xiang Li to TOC contributor list I represent Alibaba to help evaluate potential projects and contribute to working groups. I have been contributing to CNCF and related eco-system since 2014 with my work on etcd, flannel, rkt, Kubernetes, Kubernetes Operator. And now, my group at Alibaba is contributing to various CNCF areas including Container, Messaging, Orchestration, Serverless, etc.. --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index db80f65..236124c 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -66,4 +66,5 @@ List below is the official list of TOC contributors, in alphabetical order: * Yaron Haviv, iguazio (yaronh@iguaz.io) * Yong Tang, Infoblox (ytang@infoblox.com) * Yuri Shkuro, Uber (ys@uber.com) +* Xiang Li, Alibaba (x.li@alibaba.com) From f77cd744e0ddd161e42357b8ee9f841b3891fc51 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Wed, 16 May 2018 17:56:56 -0700 Subject: [PATCH 109/179] Update CONTRIBUTORS.md --- CONTRIBUTORS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 236124c..308d385 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -62,9 +62,9 @@ List below is the official list of TOC contributors, in alphabetical order: * Sarah Allen, Google (sarahallen@google.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) * Vasu Chandrasekhara, SAP SE (vasu.chandrasekhara@sap.com) +* Xiang Li, Alibaba (x.li@alibaba.com) * Xu Wang, Hyper (xu@hyper.sh) * Yaron Haviv, iguazio (yaronh@iguaz.io) * Yong Tang, Infoblox (ytang@infoblox.com) * Yuri Shkuro, Uber (ys@uber.com) -* Xiang Li, Alibaba (x.li@alibaba.com) From c9251f984ed8c34d332451121f304a6e993cda25 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 18 May 2018 10:01:18 -0500 Subject: [PATCH 110/179] Clean up sandbox references (closes #105) Signed-off-by: Chris Aniszczyk --- process/due-diligence-guidelines.md | 4 ++-- process/graduation_criteria.adoc | 20 +++++++------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/process/due-diligence-guidelines.md b/process/due-diligence-guidelines.md index 318e355..1c49492 100644 --- a/process/due-diligence-guidelines.md +++ b/process/due-diligence-guidelines.md @@ -20,7 +20,7 @@ To enable the voting TOC members to cast an informed vote about a project, it is crucial that each member is able to form their own opinion as to whether and to what extent the project meets the agreed upon [criteria](https://www.cncf.io/projects/graduation-criteria/) for -inception, incubation or graduation. As the leader of a DD, your job +sandbox, incubation or graduation. As the leader of a DD, your job is to make sure that they have whatever information they need, succinctly and readily available, to form that opinion. @@ -96,7 +96,7 @@ The key high-level questions that the voting TOC members will be looking to have * Do we believe this is a growing, thriving project with committed contributors? * Is it aligned with CNCF's values and mission? * Do we believe it could eventually meet the graduation criteria? -* Should it start at the inception level or incubation level? +* Should it start at the sandbox level or incubation level? Some details that might inform the above include: diff --git a/process/graduation_criteria.adoc b/process/graduation_criteria.adoc index a0c7219..5eac976 100644 --- a/process/graduation_criteria.adoc +++ b/process/graduation_criteria.adoc @@ -1,22 +1,16 @@ -== CNCF Graduation Criteria v1.0 +== CNCF Graduation Criteria v1.1 -Every CNCF project has an associated maturity level. Proposed CNCF projects should state their preferred maturity level. When a TOC vote is held on a proposed project entering CNCF, votes may either be for the project to enter as an inception, incubating, or graduated project, or not to enter at this time. A two-thirds supermajority is required for a project to be accepted. If there is not a supermajority of votes to enter as a graduated project, then any graduated votes are recounted as votes to enter as an incubating project. If there is not a supermajority of votes to enter as an incubating project, then any graduated or incubating votes are recounted as votes to enter as an inception project. If there is not a supermajority to enter as an inception stage project, the project is rejected. This voting process is called fallback voting. +Every CNCF project has an associated maturity level. Proposed CNCF projects should state their preferred maturity level. A two-thirds supermajority is required for a project to be accepted as incubating or graduated. If there is not a supermajority of votes to enter as a graduated project, then any graduated votes are recounted as votes to enter as an incubating project. If there is not a supermajority of votes to enter as an incubating project, then any graduated or incubating votes are recounted as sponsorship to enter as an sandbox project. If there is not enough sponsorship to enter as an sandbox stage project, the project is rejected. This voting process is called fallback voting. Projects of all maturities have access to all resources listed at https://cncf.io/projects[https://cncf.io/projects] but if there is contention, more mature projects will generally have priority. -=== Inception Stage +=== Sandbox Stage -To be accepted to the inception stage, a project must: - - * Add value to cloud native computing (i.e., containerization, orchestration, microservices, or some combination) and be aligned with the CNCF https://cncf.io/about/charter[charter]. - * Have all code under an ASL 2.0 license, or another license explicitly approved by the Governing Board. - * Agree to transfer any relevant trademarks to CNCF and to assist in filing for any relevant unregistered ones. This means, for example, that Example, Inc. would need to call their microservices tool OpenExample (or similar) and support CNCF receiving a trademark for OpenExample, while Example could remain a trademark of Example, Inc. This assignment will be reversed if the project does not remain in the CNCF, as described below. Note that no patent or copyright assignment is necessary because the ASL 2.0 license provides sufficient protections for other developers and users. - * Every 12 months, each inception stage project will come to a vote with the TOC. A supermajority vote is required to renew a project at inception stage for another 12 months or move it to incubating or graduated stage. If there is not a supermajority for any of these options, using the fallback voting process defined above, the project is not renewed. - * In the case of an inception stage project that is not renewed with CNCF, the trademark will be returned to the project maintainers or an organization they designate. +To be accepted in the sandbox a project must have at least 2 TOC sponsors. See the [CNCF Sandbox Guidelines v1.0](https://github.com/cncf/toc/blob/master/process/sandbox.md) for the detailed process. === Incubating Stage -To be accepted to incubating stage, a project must meet the inception stage requirements plus: +To be accepted to incubating stage, a project must meet the sandbox stage requirements plus: * Document that it is being used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope. * Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. @@ -25,11 +19,11 @@ To be accepted to incubating stage, a project must meet the inception stage requ === Graduation Stage -To graduate from inception or incubating status, or for a new project to join as a graduated project, a project must meet the incubating stage criteria plus: +To graduate from sandbox or incubating status, or for a new project to join as a graduated project, a project must meet the incubating stage criteria plus: * Have committers from at least two organizations. * Have achieved and maintained a Core Infrastructure Initiative https://bestpractices.coreinfrastructure.org/[Best Practices Badge]. * Adopt the CNCF https://github.com/cncf/foundation/blob/master/code-of-conduct.md[Code of Conduct]. * Explicitly define a project governance and committer process. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers. * Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website). - * Receive a supermajority vote from the TOC to move to graduation stage. Projects can attempt to move directly from inception to graduation, if they can demonstrate sufficient maturity. Projects can remain in an incubating state indefinitely, but they are normally expected to graduate within two years. + * Receive a supermajority vote from the TOC to move to graduation stage. Projects can attempt to move directly from sandbox to graduation, if they can demonstrate sufficient maturity. Projects can remain in an incubating state indefinitely, but they are normally expected to graduate within two years. From 47f1c2c1174cf1f8e8a2fef1aeb49765ac1e2086 Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Sat, 19 May 2018 23:31:20 -0400 Subject: [PATCH 111/179] Create Cloud Native Definition Based on 11 drafts from https://docs.google.com/document/d/1d9Ks3UvUV8sZj4ribAMwmq0MZwi1CwnOZWGtrCufOuk/ --- DEFINITION.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 DEFINITION.md diff --git a/DEFINITION.md b/DEFINITION.md new file mode 100644 index 0000000..5f069d5 --- /dev/null +++ b/DEFINITION.md @@ -0,0 +1,15 @@ +# CNCF Cloud Native Definition # + +*Approved by TOC: [TBD]* + +Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic +environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable +infrastructure, and declarative APIs exemplify this approach. + +These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with +robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal +toil. + +The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an +ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these +innovations accessible for everyone. From 88f038e100cc6839ac4f72b369a1600602fccd7e Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 21 May 2018 20:59:39 -0500 Subject: [PATCH 112/179] Add telepresence to the sandbox https://www.telepresence.io/ --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dd30c7e..f34b924 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,8 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [NATS](https://github.com/nats-io/gnatsd)|Alexis Richardson|[9/21/16](https://goo.gl/6nmyDn)|[3/15/18](https://www.cncf.io/blog/2018/03/15/cncf-to-host-nats/)|Incubating [SPIFFE](https://github.com/spiffe)|Brian Grant, Sam Lambert, Ken Owens|[11/7/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-the-spiffe-project/)|Sandbox [OPA](https://github.com/open-policy-agent)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/)|Sandbox -[CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/15/18](https://cloudevents.io/)|Sandbox +[CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/22/18](https://www.cncf.io/blog/2018/05/22/cloudevents-in-the-sandbox/)|Sandbox +[Telepresence](https://github.com/telepresence)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox ## Website Guidelines From 0fb5b1aaf998a226470102882e08e9d562108ba6 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 21 May 2018 21:07:28 -0500 Subject: [PATCH 113/179] Not all projects start in the incubator now With the creation of the sandbox, not all projects start in the incubator --- process/project_proposals.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/process/project_proposals.adoc b/process/project_proposals.adoc index f910d56..b5aa6a9 100644 --- a/process/project_proposals.adoc +++ b/process/project_proposals.adoc @@ -1,4 +1,4 @@ -*CNCF Project Proposal Process v1.1* +*CNCF Project Proposal Process v1.2* . *Introduction*. This governance policy sets forth the proposal process for projects to be accepted into the Cloud Native Computing Foundation (“CNCF”). The process is the same for both existing projects which seek to move into the CNCF, and new projects to be formed within the CNCF. . *Project Proposal Requirements*. Projects must be proposed via https://github.com/cncf/toc/tree/master/proposals[GitHub]. Project proposals submitted to the CNCF (see https://github.com/cncf/toc/blob/master/proposals/kubernetes.adoc[example]) must provide the following information to the best of your ability: @@ -23,4 +23,3 @@ . *Project Acceptance Process*. .. Projects are required to present their proposal at a TOC meeting .. Projects get accepted via a 2/3 supermajority vote of the TOC - .. All projects start in the incubator TLP From b946e621395d632070aacdc9e639376d8c0437f5 Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Tue, 22 May 2018 10:03:26 -0400 Subject: [PATCH 114/179] Updated the helm proposal per feedback --- proposals/helm.adoc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/proposals/helm.adoc b/proposals/helm.adoc index c0028f4..276bf5f 100644 --- a/proposals/helm.adoc +++ b/proposals/helm.adoc @@ -33,7 +33,7 @@ Helm not only provides a simple out-of-the-box experience for those installing a A goal is to consolidate all repositories under the link:https://github.com/helm[helm] GitHub org. -link:https://github.com/kubernetes/community/blob/6c3b1a6f0c1152f5e35a53ea93e692ed501abf7a/governance.md#subprojects[Kubernetes, where Helm grew up, has the concept of sub-projects]. For Kubernetes these can be ways the core Kubernetes codebase is organized as well as separate codebases, some with their own release schedules, that support Kubernetes as a whole. Under Kuberentes, Helm and its supporting projects were organized as several sub-projects. This proposal groups those supporting projects of Helm, coming from Kubernetes, as sub-projects of Helm. Sub-projects may have their own maintainers and release schedules. +link:https://github.com/kubernetes/community/blob/6c3b1a6f0c1152f5e35a53ea93e692ed501abf7a/governance.md#subprojects[Kubernetes, where Helm grew up, has the concept of sub-projects]. For Kubernetes these can be ways the core Kubernetes codebase is organized as well as separate codebases, some with their own release schedules, that support Kubernetes as a whole. Under Kubernetes, Helm and its supporting projects were organized as several sub-projects. This proposal groups those supporting projects of Helm, coming from Kubernetes, as sub-projects of Helm. Sub-projects may have their own maintainers and release schedules. *Current Core Maintainers*: @@ -105,11 +105,13 @@ Many Kubernetes users depend on Helm to configure and deploy their applications. * Microsoft * Nike * Oteemo -* Reddit +* Reddit † * Samsung SDS * SUSE -* Ubisoft -* WP Engine +* Ubisoft † +* WP Engine † + +† These companies shared, at the conference, how they use Helm in production. In addition to these we have measured downloads of Helm. A sample of that for the month of April 2018 shows 59,050 downloads from unique IPs from the Helm distribution channel along with 11,618 installations via Homebrew for MacOS. From bbf95ed311a99d14fa5b324d3eff8ec97a324802 Mon Sep 17 00:00:00 2001 From: Allen Sun Date: Wed, 30 May 2018 11:09:52 +0800 Subject: [PATCH 115/179] add Allen Sun to TOC contributor list Signed-off-by: Allen Sun --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 308d385..19cc5e3 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -19,6 +19,7 @@ If you are interested in engaging in this way, we would encourage you to issue a List below is the official list of TOC contributors, in alphabetical order: * Alex Chircop, StorageOS (alex.chircop@storageos.com) +* Allen Sun, Alibaba (allensun.shl@alibaba-inc.com) * Andy Santosa, Ebay (asantosa@ebay.com) * Ara Pulido, Bitnami (ara@bitnami.com) * Bassam Tabbara, Upbound (bassam@upbound.io) From 5388a754a45c598c5d3927bb4c416aaa11f73ea4 Mon Sep 17 00:00:00 2001 From: Ce Gao Date: Wed, 30 May 2018 11:47:06 +0800 Subject: [PATCH 116/179] README: Fix a link for telepresence --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f34b924..b34ba58 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [SPIFFE](https://github.com/spiffe)|Brian Grant, Sam Lambert, Ken Owens|[11/7/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-the-spiffe-project/)|Sandbox [OPA](https://github.com/open-policy-agent)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/)|Sandbox [CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/22/18](https://www.cncf.io/blog/2018/05/22/cloudevents-in-the-sandbox/)|Sandbox -[Telepresence](https://github.com/telepresence)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox +[Telepresence](https://github.com/telepresenceio)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox ## Website Guidelines From 321b2a2aeaeae35183dcc2ede15889b50846c417 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 1 Jun 2018 11:18:07 -0500 Subject: [PATCH 117/179] Add Helm to the official project list https://www.helm.sh --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b34ba58..6a39e03 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [OPA](https://github.com/open-policy-agent)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/)|Sandbox [CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/22/18](https://www.cncf.io/blog/2018/05/22/cloudevents-in-the-sandbox/)|Sandbox [Telepresence](https://github.com/telepresenceio)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox +[Helm](https://github.com/helm)|Brian Grant|[5/15/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[6/1/18](https://www.cncf.io/blog/2018/06/01/cncf-to-host-helm/)|Incubating ## Website Guidelines From 702ba295fa421c0fdc5419055e2275c7907eab2a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Sun, 3 Jun 2018 21:26:51 -0500 Subject: [PATCH 118/179] Add 6/5/2018 TOC agenda deck --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6a39e03..c32af28 100644 --- a/README.md +++ b/README.md @@ -199,3 +199,4 @@ If you're interested in presenting at a TOC call about your project, please open * [April 3rd, 2018](https://goo.gl/FnpaEA) * [April 17th, 2018](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing) * [May 15th, 2018](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0) +* [June 5th, 2018](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0) From 1b3bc9302b4ff440caf9b8f22ed070723cdfb4c9 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 11 Jun 2018 12:31:28 -0500 Subject: [PATCH 119/179] Approved by the TOC 6/11/2018 https://lists.cncf.io/g/cncf-toc/message/2119 --- DEFINITION.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DEFINITION.md b/DEFINITION.md index 5f069d5..af07555 100644 --- a/DEFINITION.md +++ b/DEFINITION.md @@ -1,6 +1,6 @@ -# CNCF Cloud Native Definition # +# CNCF Cloud Native Definition v1.0 # -*Approved by TOC: [TBD]* +*Approved by TOC: 6/11/2018* Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable From 2f6a4dd067481ec5475d056ba4276542d81844cc Mon Sep 17 00:00:00 2001 From: Ayrat Khayretdinov Date: Wed, 13 Jun 2018 11:08:53 -0400 Subject: [PATCH 120/179] Add Ayrat Khayretdinov to TOC Contributors --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 19cc5e3..9f2ca82 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -22,6 +22,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Allen Sun, Alibaba (allensun.shl@alibaba-inc.com) * Andy Santosa, Ebay (asantosa@ebay.com) * Ara Pulido, Bitnami (ara@bitnami.com) +* Ayrat Khayretdinov (akhayertdinov@cloudops.com) * Bassam Tabbara, Upbound (bassam@upbound.io) * Bob Wise, Samsung SDS (bob@bobsplanet.com) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) From 131815b6f6080337e7a7a07d61ecc981e952c371 Mon Sep 17 00:00:00 2001 From: Bob Cotton Date: Mon, 11 Jun 2018 12:55:36 -0600 Subject: [PATCH 121/179] Cortex sandbox proposal --- proposals/cortex.adoc | 99 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 proposals/cortex.adoc diff --git a/proposals/cortex.adoc b/proposals/cortex.adoc new file mode 100644 index 0000000..689ffbd --- /dev/null +++ b/proposals/cortex.adoc @@ -0,0 +1,99 @@ +== Cortex + +*Name of project:* Cortex + +*Description:* + +Cortex is a horizontally scalable, highly available, and multitenant SaaS service that is compatible with Prometheus and offers a long-term storage solution. + +For teams looking for a Prometheus solution that offers the following over vanilla Prometheus: + +* Long-term metrics storage in a variety of cloud based and on-prem NoSQL data stores +* Tenancy model supporting commercial SaaS offerings or large/multiple Kubernetes installations requiring data separation +* On-demand Prometheus instance provisioning +* A highly-available architecture that benefits from cloud-native architectures run with Kubernetes +* A highly scalable Prometheus experience that scales out, not up +* The ability to handle large metric topologies in a single instance without the need for federation + +Cortex was presented at the https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0[CNCF TOC meeting on 6/5/2018] + +*Statement on alignment with CNCF mission:* + +Cortex fully supports the CNCF's goal for scalability, "Ability to support all scales of deployment, from small developer centric environments to the scale of enterprises and service providers." + +There are many different ways to provide a scalable and available metric system for Kubernetes. Cortex with it's tenancy model combined with the both the high-availability and horizontally scalability architecture serves this goal directly. + + + +*Sponsor / Advisor from TOC:* + +*Unique identifier:* cortex + +*Preferred maturity level:* sandbox + +The CNCF sandbox was designed for just this kind of project. Specifically, the Cortex community is looking for the following from being in the sandbox: + +* Encourage public visibility of experiments or other early work that can add value to the CNCF mission +* Visibility for a new projects designed to extend one or more CNCF projects with functionality +* The Sandbox should provide a beneficial, neutral home for such projects, in order to foster collaborative development. + +*License:* Apache License 2.0 + +*Source control repositories:* https://github.com/weaveworks/cortex + +*External Dependencies:* + +Cortex depends on the following external software components: + +* Prometheus (Apache Software License 2.0) +* Kubernetes (Apache Software License 2.0) +* Jaeger Tracing (Apache Software License 2.0) +* OpenTracing (Apache Software License 2.0) +* GRPC (Apache Software License 2.0) +* Weaveworks Mesh (Apache Software License 2.0) +* Golang (Apache Software License 2.0) + +*Initial Committers (leads):* + +Julius Volz (Independent) +Tom Wilkie (Grafana Labs) + +*Infrastructure requests (CI / CNCF Cluster):* + +None + +*Communication Channels:* + +* Slack: https://weave-community.slack.com/ +* Mailing List: https://groups.google.com/forum/#!forum/cortex-monitoring +* Community Meeting Doc: https://docs.google.com/document/d/1mYvY4HMVGmetYHupi5z2BnwT1K8PiO64ZcxuX5c6ssc/edit#heading=h.ou5xp51fcp6v + +*Issue tracker:* https://github.com/weaveworks/cortex/issues + +*Website:* https://github.com/weaveworks/cortex + +*Release methodology and mechanics:* Most folks run HEAD in production. + +*Social media accounts:* None + +*Existing sponsorship:* WeaveWorks + +*Community size:* + +* 500+ stars +* 60+ forks + +*Production usage*: + +Cortex is being actively used in production by the following: + +* Electronic Arts https://www.ea.com/ +* FreshTracks.io https://freshtracks.io/ +* Grafana Labs https://grafana.com/ +* OpenEBS https://www.openebs.io/ +* WeaveWorks https://weave.works/ + + + + + From 3980a1c09815a020a89a1105088a8f28e57d6525 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 15 Jun 2018 09:27:32 -0500 Subject: [PATCH 122/179] Add rsocket, netdata and buildpacks to schedule --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c32af28..1cf729b 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,11 @@ If you're interested in presenting at a TOC call about your project, please open * **June 19, 2018**: OpenMetrics and Harbor * **July 3, 2018**: TiKV * **July 17, 2018**: Falco -* **Aug 7, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Aug 7, 2018**: RSocket +* **Aug 21, 2018**: Buildpacks +* **Sep 4, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Sep 18, 2018**: netdata +* **Oct 2, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From bae46f80404cd0ba0104d501d0ab477ee333c364 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 18 Jun 2018 10:16:08 -0500 Subject: [PATCH 123/179] Add 6/19/18 agenda deck https://docs.google.com/presentation/d/1Ym8fLRCaX43uHPHBRyuRXM62U8m4vXaBXkuUp6tt3js/edit?usp=sharing --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1cf729b..692f873 100644 --- a/README.md +++ b/README.md @@ -204,3 +204,4 @@ If you're interested in presenting at a TOC call about your project, please open * [April 17th, 2018](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing) * [May 15th, 2018](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0) * [June 5th, 2018](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0) +* [June 19th, 2018](https://docs.google.com/presentation/d/1Ym8fLRCaX43uHPHBRyuRXM62U8m4vXaBXkuUp6tt3js/edit?usp=sharing) From 28cbe864e1ecd5581a541da98f6480efe5f71f2a Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 2 Jul 2018 08:54:57 -0500 Subject: [PATCH 124/179] Add 7/3/2018 agenda https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 692f873..3392ef3 100644 --- a/README.md +++ b/README.md @@ -205,3 +205,4 @@ If you're interested in presenting at a TOC call about your project, please open * [May 15th, 2018](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0) * [June 5th, 2018](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0) * [June 19th, 2018](https://docs.google.com/presentation/d/1Ym8fLRCaX43uHPHBRyuRXM62U8m4vXaBXkuUp6tt3js/edit?usp=sharing) +* [July 3rd, 2018](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing) From dbef46aeeedee5f13280620acf5666f67ab2d0dd Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 4 Jul 2018 09:07:28 +0200 Subject: [PATCH 125/179] Add OpenMessaging to TOC schedule --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3392ef3..5946f73 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,7 @@ If you're interested in presenting at a TOC call about your project, please open * **July 17, 2018**: Falco * **Aug 7, 2018**: RSocket * **Aug 21, 2018**: Buildpacks -* **Sep 4, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Sep 4, 2018**: OpenMessaging * **Sep 18, 2018**: netdata * **Oct 2, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) From baef2182e4a204be2ce2174e00574c20e1a9a8df Mon Sep 17 00:00:00 2001 From: Richard Hartmann Date: Sat, 7 Jul 2018 21:10:08 +0200 Subject: [PATCH 126/179] Add OpenMetrics Signed-off-by: Richard Hartmann --- proposals/openmetrics.adoc | 77 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 proposals/openmetrics.adoc diff --git a/proposals/openmetrics.adoc b/proposals/openmetrics.adoc new file mode 100644 index 0000000..fd5bd4b --- /dev/null +++ b/proposals/openmetrics.adoc @@ -0,0 +1,77 @@ +== OpenMetrics + +*Name of project:* OpenMetrics + +*Description:* + +OpenMetrics refines the Prometheus exposition format into an independent standard. + +Prometheus has become the de facto standard in cloud-native metric monitoring, and has active upstream work by competitors. +The ease of implementing this exposition data has lead to an explosion in compatible metrics endpoints with 300+ exporters registered, dozens of native integrations, and unknown numbers of internal adoptions. + +To allow for even more adoption, OpenMetrics received a lot of additional scrutiny and engineering time from several large players in the cloud-native space. +It also puts the format under a neutral name, allowing more monitoring vendors to adopt it without potential political considerations. + +With substantial commitments for adoption, OpenMetrics will enjoy solid support from day 1. +Amongst others, these are: + +* Prometheus +* Cloudflare +* GitLab +* Google +* Grafana +* InfluxData +* Oath.com +* RobustPerception +* SpaceNet +* Uber + +OpenMetrics was presented at the [CNCF TOC meeting on 2018-06-19](https://docs.google.com/presentation/d/1Ym8fLRCaX43uHPHBRyuRXM62U8m4vXaBXkuUp6tt3js/edit#slide=id.g25ca91f87f_0_0). + +*Statement on alignment with CNCF mission:* + +Given the CNCF's stated role in "fostering the growth and evolution of the cosystem" and "making the technology accessible and reliable", we believe OpenMetrics helps with both of these goals. + +*Sponsor / Advisor from TOC:* Alexis Richardson, Bryan Cantrill + + +*Unique identifier:* openmetrics + +*Preferred maturity level:* sandbox + +*License:* Apache License v2.0 + +*Source control repositories:* https://github.com/RichiH/OpenMetrics/ + +*External Dependencies:* + +OpenMetrics currently depends on no external software components. + +Once the test suite is released, it will depend on Go and Python and some libraries. Proper licence hygiene will be ensured. + +*Lead:* * Richard Hartmann (SpaceNet) + +*Infrastructure requests (CI / CNCF Cluster):* None + +*Communication Channels:* + +*Issue tracker:* https://github.com/RichiH/OpenMetrics/issues + +*Website:* https://www.openmetrics.io + +*Release methodology and mechanics:* + +Given that this is a format, releases will be slow, deliberate, and forward- and backwards-compatible. + +*Social media accounts:* None + +*Existing sponsorship*: None + +*Community size:* + +* 128 stars +* 15 forks +* Commitments by companies with billions of combined yearly turnover +* 6 people on bi-weekly call + +*Production usage*: None yet From c040305b303ef2fd84f95f279912d5604e814015 Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Mon, 9 Jul 2018 16:43:19 -0400 Subject: [PATCH 127/179] Added definition in Chinese --- DEFINITION.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/DEFINITION.md b/DEFINITION.md index af07555..75c658e 100644 --- a/DEFINITION.md +++ b/DEFINITION.md @@ -2,6 +2,8 @@ *Approved by TOC: 6/11/2018* +中文版本在英文版本之后 (in Chinese below) + Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. @@ -13,3 +15,12 @@ toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone. + +## 中文版本: + +云原生技术有利于各组织在公有云、私有云和混合云等新型动态环境中,构建和运行可弹性扩展的应用。云原生的代表技术包括容器、服务网格、微服务、不可变基础设施和声明式API。 + +这些技术能够构建容错性好、易于管理和便于观察的松耦合系统。结合可靠的自动化手段,云原生技术使工程师能够轻松地对系统作出频繁和可预测的重大变更。 + +云原生计算基金会(CNCF)致力于培育和维护一个厂商中立的开源生态系统,来推广云原生技术。我们通过将最前沿的模式民主化,让这些创新为大众所用。 + From ccd7dffb8d2b415ef24f135cb2114f94d922e954 Mon Sep 17 00:00:00 2001 From: Richard Hartmann Date: Tue, 10 Jul 2018 09:09:54 +0200 Subject: [PATCH 128/179] Feedback by @simonpasquier Signed-off-by: Richard Hartmann --- proposals/openmetrics.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/openmetrics.adoc b/proposals/openmetrics.adoc index fd5bd4b..ef0cbd7 100644 --- a/proposals/openmetrics.adoc +++ b/proposals/openmetrics.adoc @@ -7,7 +7,7 @@ OpenMetrics refines the Prometheus exposition format into an independent standard. Prometheus has become the de facto standard in cloud-native metric monitoring, and has active upstream work by competitors. -The ease of implementing this exposition data has lead to an explosion in compatible metrics endpoints with 300+ exporters registered, dozens of native integrations, and unknown numbers of internal adoptions. +The ease of implementing this exposition data has led to an explosion in compatible metrics endpoints with 300+ exporters registered, dozens of native integrations, and unknown numbers of internal adoptions. To allow for even more adoption, OpenMetrics received a lot of additional scrutiny and engineering time from several large players in the cloud-native space. It also puts the format under a neutral name, allowing more monitoring vendors to adopt it without potential political considerations. @@ -30,7 +30,7 @@ OpenMetrics was presented at the [CNCF TOC meeting on 2018-06-19](https://docs.g *Statement on alignment with CNCF mission:* -Given the CNCF's stated role in "fostering the growth and evolution of the cosystem" and "making the technology accessible and reliable", we believe OpenMetrics helps with both of these goals. +Given the CNCF's stated role in "fostering the growth and evolution of the ecosystem" and "making the technology accessible and reliable", we believe OpenMetrics helps with both of these goals. *Sponsor / Advisor from TOC:* Alexis Richardson, Bryan Cantrill From 4e172b901b9d1cb748b00cf4d869570110100ece Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 10 Jul 2018 08:02:22 -0500 Subject: [PATCH 129/179] Add keycloak to the TOC presentation schedule https://github.com/keycloak/keycloak --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5946f73..13c4746 100644 --- a/README.md +++ b/README.md @@ -145,9 +145,10 @@ If you're interested in presenting at a TOC call about your project, please open * **July 17, 2018**: Falco * **Aug 7, 2018**: RSocket * **Aug 21, 2018**: Buildpacks -* **Sep 4, 2018**: OpenMessaging +* **Sep 4, 2018**: OpenMessaging/Dragonfly * **Sep 18, 2018**: netdata -* **Oct 2, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Oct 2, 2018**: keycloak +* **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From d5b00800c1a7aac28b94f7d0175620d7882efa90 Mon Sep 17 00:00:00 2001 From: Tammy Butow Date: Thu, 12 Jul 2018 13:24:33 -0700 Subject: [PATCH 130/179] Add Tammy and Forni from Gremlin --- CONTRIBUTORS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 9f2ca82..de258ca 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -54,6 +54,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Louis Fourie, Huawei (louis.fourie@huawei.com) * Mark Peek, VMware (markpeek@vmware.com) +* Matthew Fornaciari, Gremlin (forni@gremlin.com) * Naadir Jeewa, The Scale Factory (naadir@scalefactory.com) * Nick Chase, Mirantis (nchase@mirantis.com) * Pengfei Ni, Microsoft (peni@microsoft.com) @@ -62,6 +63,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Randy Abernethy, RX-M LLC (randy.abernethy@rx-m.com) * Rick Spencer, Bitnami (rick@bitnamni.com) * Sarah Allen, Google (sarahallen@google.com) +* Tammy Butow, Gremlin (tammy@gremlin.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) * Vasu Chandrasekhara, SAP SE (vasu.chandrasekhara@sap.com) * Xiang Li, Alibaba (x.li@alibaba.com) From 33da21409a47776033070499f135e18dc8791bd6 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 16 Jul 2018 08:10:47 -0500 Subject: [PATCH 131/179] Add 7/17/2018 TOC agenda deck https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 13c4746..408a79c 100644 --- a/README.md +++ b/README.md @@ -207,3 +207,4 @@ If you're interested in presenting at a TOC call about your project, please open * [June 5th, 2018](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0) * [June 19th, 2018](https://docs.google.com/presentation/d/1Ym8fLRCaX43uHPHBRyuRXM62U8m4vXaBXkuUp6tt3js/edit?usp=sharing) * [July 3rd, 2018](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing) +* [July 17th, 2018](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing) From f7aa05112d0c52e922202cb1d03d34a0c480ee54 Mon Sep 17 00:00:00 2001 From: kxu Date: Mon, 16 Jul 2018 12:02:01 -0700 Subject: [PATCH 132/179] TiKV Project Proposal (Sandbox) Hi CNCF TOC, Thank you for giving us a chance to present TiKV on July 3. Please see our TiKV project proposal for Sandbox maturity level. We currently have Bryan Cantrill as our sponsor and need one more sponsor from the TOC. We look forward to reading your comments and answering your questions. Thank you for your consideration. Kevin --- proposals/tikv.adoc | 140 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 proposals/tikv.adoc diff --git a/proposals/tikv.adoc b/proposals/tikv.adoc new file mode 100644 index 0000000..658fb08 --- /dev/null +++ b/proposals/tikv.adoc @@ -0,0 +1,140 @@ +== TiKV Project Proposal + +*Name of Project*: TiKV + +*Description*: TiKV is an open-source distributed transactional key-value database built in Rust and implements the Raft consensus algorithm. It features horizontal scalability, consistent distributed transactions, and geo-replication. + +*Why is TiKV a good fit for CNCF?* + +TiKV has been one of the few key-value storage solutions in the cloud-native community that can balance both performance and ease of operation with Kubernetes. Data storage is one of the most important components of any cloud-native infrastructure platform, and end users need a range of choices to meet their needs. TiKV is complementary to existing CNCF database projects like Vitess, which is currently the only database option hosted by CNCF. As a transactional key-value database, TiKV serves as another choice for cloud-native applications that need scalability, distributed transactions, high availability, and strong consistency. + +With TiKV becoming a CNCF project, the open-source cloud-native ecosystem will also become more vibrant and robust in China, because our team has a strong track record of fostering the open source community in China and is dedicated to building and promoting CNCF’s mission there. Open source is global, and having TiKV as a part of CNCF will further make that story so. + +*TiKV Overview* + +_Development Timeline_: + +- Current release: 2.1.0 beta +- April 27, 2018: TiKV 2.0 released +- October 16, 2017: TiKV 1.0 released +- October 2016: beta version of TiKV was released and used in production +- April 1, 2016: TiKV was open-sourced + +TiKV is currently adopted in-production in more than 200 companies, either together with TiDB (a stateless MySQL compatible SQL layer) or on its own. Please refer to the “Adopters” list below for the current list of publicly acknowledged adopters. + +_Community Stats_: + +- Stars: 3300+ +- Contributors: 75+ +- Commits: 2900+ +- Forks: 400+ + +*Cloud-Native Features of TiKV* + +_Horizontal scalability_: TiKV automatically handles data sharding and replication for cloud-native applications and enables elastic capacity scaling by simply adding or removing nodes with no interruption to ongoing workloads. + +_Auto-failover and self-healing_: TiKV supports automatic failover with its implementation of the Raft consensus algorithm, so in situations of software or hardware failures, the system will automatically recover while maintaining the applications’ availability. + +_Strong consistency_: TiKV delivers performant transactions and strong consistency by providing full support for ACID semantics, ensuring the accuracy and reliability of your data anytime, anywhere. + +_Cloud-native deployment_: TiKV can be deployed in any cloud environment--public, private, or hybrid--using tidb-operator, a Kubernetes-based deployment tool. + +*Comparison* + +This comparison is intended simply to compare features of TiKV with two other well-known NoSQL databases, Cassandra and MongoDB. It is not intended to favor or position one project over another. Any corrections are welcome. + +.Feature Comparison +|=== +|Area |Cassandra |MongoDB |TiKV + +|Type +|Wide Column +|Document +|Key-Value + +|Auto-scaling +|Y +|Optional +|Y + +|ACID Transaction +|N +|Maybe? +|Y + +|Strong consistency replication +|Optional +|N +|Y + +|Geo-based replication +|N +|N +|Y + +|Self-hearing +|N +|N +|Y + +|SQL Compatibility +|Partial (w/ CQL) +|N +|MySQL (w/ TiDB) + +|=== + +*Roadmap*: + +https://github.com/pingcap/tikv/blob/master/docs/ROADMAP.md + +*Additional Information*: + +_TOC Presentation Date_: July 3, 2018 + +_Current TOC Sponsor_: Bryan Cantrill + +_Preferred Maturity Level_: Sandbox + +_License_: Apache 2.0 + +_Source control repositories_: https://github.com/pingcap/tikv + +_Contributor Guideline_: https://github.com/pingcap/tikv/blob/master/CONTRIBUTING.md + +_Official Documentation_: https://github.com/pingcap/tikv/wiki/TiKV-Documentation + +_Blog_: https://www.pingcap.com/blog/#TiKV + +_Infrastructure Required_: + +TiKV uses Circle CI for unit tests and builds and in-house Jenkins CI cluster for some integration tests. We plan to use CNCF test cluster to automatically run stability tests and performance tests in the future. + +_Issue Tracker_: https://github.com/pingcap/tikv/issues + +_Website_: tikv.org (under construction) + +_Release Methodology and Mechanics_: + +TiKV follows the Semantic Versioning 2.0.0 convention. The release cadence is: + +- Major version is released every 6 months +- Minor version is released every 3 months. +- Patch version is released every 2 weeks. + +TiKV releases are announced using GitHub releases and current release is 2.1.0 beta. + +_Social Media Accounts_: TBD + +_Adopters_: + +https://github.com/pingcap/tikv/blob/master/docs/adopters.md + +_Dependencies and License Compliance (done by FOSSA)_: + +https://app.fossa.io/reports/87fe16e8-72a2-4e27-8509-a07dfa52a21a + +*Statement on Alignment with CNCF Mission* + +Our team believes TiKV will be a great fit for CNCF. As the CNCF’s mission is to “create and drive the adoption of a new computing paradigm that is optimized for modern distributed systems environments capable of scaling to tens of thousands of self healing multi-tenant nodes,” we believe TiKV to be a core enabling technology for this mission. This belief has been validated by our many adopters and developers working to build, deploy, and maintain large-scale applications in a cloud-native environment. Moreover, TiKV has very strong existing synergy with other CNCF projects, and is used heavily in conjunction with projects like: Kubernetes, Prometheus, and gRPC. + From fba76cef915ff586797d3e17efd0a4935f9f1e35 Mon Sep 17 00:00:00 2001 From: James Zabala <35942204+clouderati@users.noreply.github.com> Date: Wed, 25 Jul 2018 14:13:44 -0400 Subject: [PATCH 133/179] Proposing Harbor for donation to CNCF --- proposals/harbor.adoc | 134 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 proposals/harbor.adoc diff --git a/proposals/harbor.adoc b/proposals/harbor.adoc new file mode 100644 index 0000000..e580cfb --- /dev/null +++ b/proposals/harbor.adoc @@ -0,0 +1,134 @@ +== Harbor Proposal + +*Name of project:* Harbor + +*Description:* Harbor is an open source cloud native registry that provides trust, compliance, performance, and interoperability. As a private on-premises registry, Harbor fills a gap for organizations that prefer not to use a public or cloud-based registry or want a consistent experience across clouds. + +=== Why does CNCF need a container registry? + +The CNCF has an impressive portfolio of projects that can be leveraged to build and run complex distributed systems; a gap, however, exists without a secure container registry. In particular, no other open source container registry offers the featureset present in Harbor. + +Harbor's features and community are a natural fit for the CNCF. A donation would ensure a vendor-neutral home for the project, while increasing community involvement and feature velocity, and a tighter alignment between Harbor and other CNCF projects. + +=== Harbor Overview + +Harbor is an open source cloud native registry that solves common problems in organizations building cloud native applications by delivering trust, compliance, performance, and interoperability. As a private on-premises registry, Harbor fills a gap for organizations that prefer not to use a public or cloud-based registry or want a consistent experience across clouds. + +==== Features + +The mission of Harbor is to provide users in cloud native environments the ability to confidently manage and securely serve container images. To do so, Harbor stores, signs, and scans content. Here are some of the key features of Harbor: + + * Multi-tenant content signing and validation + * Security and vulnerability analysis + * Audit logging + * Identity integration and role-based access control + * Image replication between instances + * Extensible API and graphical UI + * Internationalization (currently English and Chinese) + +https://blogs.vmware.com/cloudnative/2018/06/14/harbor-delivers-a-trusted-cloud-native-registry/[Click here] to learn more about Harbor's features. + +=== Project Timeline and Snapshot + + * In June 2014, Harbor started as a project within VMware's China R&D organization, where it was leveraged for a handful of internal projects to manage container images. To allow more developers in the community to use and contribute to the project, VMware open sourced Harbor in March of 2016 and it has steadily gained traction since. + * Harbor has been integrated into two commercial VMware products, vSphere Integrated Containers (VIC) and Pivotal Container Services (PKS). + * Many companies include Harbor in their own cloud native solutions, including Chinese CNCF member startups Caicloud and Dataman. + * In April 2018, Harbor passed 4000 stars on GitHub and currently has 59 community contributors worldwide, 30 of which have made non-trivial contributions to the project. + +== Production Users + +Harbor currently has production https://github.com/vmware/harbor/blob/master/partners.md[users], including: + + * Trend Micro + * OnStar in China + * Caicloud + * CloudChef + * Rancher + +A number of CNCF member companies, such as JD.com, China Mobile, Caicloud, Dataman, and Tenxcloud are also users of Harbor. + +== In-Flight Features + +The Harbor team is currently working on improving Harbor, including: + + * Native support of Helm + * Highly-available deployments + * Image caching and proxying + * Label-related feature improvements + * Quotas + +The direction of the project has been generally guided by our open source community and users. There are a plethora of GitHub issues requesting various features that we prioritize based on popularity of user requests and engineering capacity. Our community has been involved in the addition of several new important features, including the creation of a Helm chart for Harbor. + +A roadmap for future features, including those listed above, can be found GitHub: https://github.com/vmware/harbor/labels/Epic. The project welcomes contributions of any kind: code, documentation, bug reporting via issues, and project management to help track and prioritize workstreams. + +== Use Cases + +The following is a list of common use-cases for Harbor users: + + * *On-prem container registry* – organizations with the desire to host sensitive production images on-premises can do so with Harbor + * *Vulnerability scanning* – organizations can scan images before they are used in production. Images with failed vulnerability scans can be blocked from being pulled + * *Image signing* – images can be signed via Notary to ensure provenance + * *Role-based Access Control* – integration with LDAP (and AD) to provide user- and group-level permissions + * *Image replication* – production images can be replicated to disparate Harbor nodes, providing disaster recovery, load balancing and the ability for organizations to replicate images to different geos to provide a more expedient image pull + + +== CNCF Donation Details + * *Preferred Maturity Level:* Sandbox or Incubation + * *Sponsors:* Quinton Hoole and Ken Owens + * *License:* Apache 2 + * *Source control repositories / issue tracker:* https://github.com/vmware/harbor, with a ZenHub board tracking engineering work. _Will be moved to github.com/goharbor organization_ + * *Infrastructure Required:* Infrastructure for CI / CD + * *Website:* https://vmware.github.io/harbor/. Will be moved to https://goharbor.io. + * *Release Methodology and Mechanics:* We currently do feature releases for major updates 3-4 times per year (with minor releases) when needed. Before releasing we tag one or more RC releases for community testing. Commits to the project are analyzed and we require that changes do not decrease overall test coverage to the project. + +== Social Media Accounts: + + * *Twitter:* https://twitter.com/project_harbor + * *Users Google Groups:* harbor-users@googlegroups.com + * *Developer Google Groups:* harbor-dev@googlegroups.com + * *Slack:* #harbor on https://code.vmware.com/join/ + +== Contributor Statistics +There have been 23 non-VMware committers with non-trivial (50+ LoC) contributions since the project's inception. + +== Alignment with CNCF + +Our team believes Harbor to be a great fit for the CNCF. Harbor's core mission aligns well with Kubernetes and the container ecosystem. The CNCF's mission is to “create and drive the adoption of a new computing paradigm that is optimized for modern distributed systems environments capable of scaling to tens of thousands of self-healing multi-tenant nodes.” We believe container registries are essential to achieve this mission. Harbor, as a mature open source registry is a logical complement to the CNCF's existing portfolio of projects. + +== Asks from CNCF + + * Governance – General access to staff to provide advice, and help optimize and document our governance process + * Infrastructure for CI / CD + * Integration with CNCF devstat + * A vendor-neutral home for Harbor + + +== Appendices + +=== Architecture +Harbor is cleanly architected and includes both third-party components – notably Clair, Notary and Nginx – and various Harbor-specific components. Harbor leverages Kubernetes to manage the runtimes of the various components. + +An architectural diagram can be found on https://github.com/vmware/harbor/blob/master/docs/img/harbor-arch.png[GitHub] and shows various components: red 3rd party components which Harbor leverages for functionality (e.g., nginx, Notary, etc.); green components to denote a persistence layer; and blue Harbor-specific components. + +Succinctly, the bulk of the heavy lifting is done by the Core Service which provides both an API and a UI for registry functionality. The job and admin services handle asynchronous jobs and management of configurations. Additional details for the various components below. + +=== Components + +|=== +| *Component* | *Description* +| *API Routing Layer (Nginx)* | A reverse proxy serves as the endpoint of Harbor, Docker and Notary clients. Users will leverage this endpoint to access Harbor’s API or UI +| *Core Services* | Hosts Harbor’s API and UI resources. Additionally, an interceptor for registry API to block Docker pull/push in particular use cases (e.g., image fails vulnerability scan) +| *Admin Service* | Serves API for components to retrieve/manage the configurations +| *Job Service* | Serves API to be called by Core service for asynchronous job +| *Registry v2* | Open Source Docker Distribution, whose authorization is set to the token API of Core service +| *Clair* | Open Source vulnerability scanner by CoreOS whose API will be called by job service to pull image layers fro Registry for static analysis +| *Notary* | Components of Docker’s content trust open source project +| *Database* | PostgresSQL to store user data +|=== + +== Registry Landscape +There are numerous registries available for developers and platform architecture teams to leverage. We’ve analyzed the various options available and summarized them here: + +https://github.com/vmware/harbor/blob/master/docs/registry_landscape.md + +This table provides our best estimation of features and functionality available on other container registry platforms. Should you find mistakes please submit a PR to update the table. From f645b2d77502fdae69818d466e3236f5f39aca30 Mon Sep 17 00:00:00 2001 From: James Zabala <35942204+clouderati@users.noreply.github.com> Date: Fri, 27 Jul 2018 15:36:58 -0400 Subject: [PATCH 134/179] Addressing PR comments * Updating with new Slack workspace * Shout out to Docker registry in architecture / third-party section --- proposals/harbor.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/harbor.adoc b/proposals/harbor.adoc index e580cfb..5d8d33b 100644 --- a/proposals/harbor.adoc +++ b/proposals/harbor.adoc @@ -86,7 +86,7 @@ The following is a list of common use-cases for Harbor users: * *Twitter:* https://twitter.com/project_harbor * *Users Google Groups:* harbor-users@googlegroups.com * *Developer Google Groups:* harbor-dev@googlegroups.com - * *Slack:* #harbor on https://code.vmware.com/join/ + * *Slack:* https://goharbor.slack.com == Contributor Statistics There have been 23 non-VMware committers with non-trivial (50+ LoC) contributions since the project's inception. @@ -106,7 +106,7 @@ Our team believes Harbor to be a great fit for the CNCF. Harbor's core mission a == Appendices === Architecture -Harbor is cleanly architected and includes both third-party components – notably Clair, Notary and Nginx – and various Harbor-specific components. Harbor leverages Kubernetes to manage the runtimes of the various components. +Harbor is cleanly architected and includes both third-party components – notably Docker registry, Clair, Notary and Nginx – and various Harbor-specific components. Harbor leverages Kubernetes to manage the runtimes of the various components. An architectural diagram can be found on https://github.com/vmware/harbor/blob/master/docs/img/harbor-arch.png[GitHub] and shows various components: red 3rd party components which Harbor leverages for functionality (e.g., nginx, Notary, etc.); green components to denote a persistence layer; and blue Harbor-specific components. From 647c21d31650d70e501dcd4f71e284783bc639af Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 30 Jul 2018 06:32:10 +0800 Subject: [PATCH 135/179] Add etcd to schedule --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 408a79c..7b43d87 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ If you're interested in presenting at a TOC call about your project, please open * **June 19, 2018**: OpenMetrics and Harbor * **July 3, 2018**: TiKV * **July 17, 2018**: Falco -* **Aug 7, 2018**: RSocket +* **Aug 7, 2018**: RSocket / etcd * **Aug 21, 2018**: Buildpacks * **Sep 4, 2018**: OpenMessaging/Dragonfly * **Sep 18, 2018**: netdata From df4bf09fc64a972e366e18d90704e37080915577 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 1 Aug 2018 08:29:25 +0800 Subject: [PATCH 136/179] Add Harbor to the Sandbox https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/ --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7b43d87..665e49e 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/22/18](https://www.cncf.io/blog/2018/05/22/cloudevents-in-the-sandbox/)|Sandbox [Telepresence](https://github.com/telepresenceio)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox [Helm](https://github.com/helm)|Brian Grant|[5/15/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[6/1/18](https://www.cncf.io/blog/2018/06/01/cncf-to-host-helm/)|Incubating +[Harbor](https://github.com/goharbor)|Quinton Hoole, Ken Owens|[6/19/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[7/31/18](https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/)|Sandbox ## Website Guidelines @@ -149,6 +150,7 @@ If you're interested in presenting at a TOC call about your project, please open * **Sep 18, 2018**: netdata * **Oct 2, 2018**: keycloak * **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Nov 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) ## Meeting Minutes From 76808aa6f2046ddf94160f4b97eacd7ec023533e Mon Sep 17 00:00:00 2001 From: Aeneas Date: Wed, 1 Aug 2018 21:18:28 +0200 Subject: [PATCH 137/179] Fixes link layout in graduation critera (#137) --- process/graduation_criteria.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process/graduation_criteria.adoc b/process/graduation_criteria.adoc index 5eac976..37a0a28 100644 --- a/process/graduation_criteria.adoc +++ b/process/graduation_criteria.adoc @@ -6,7 +6,7 @@ Projects of all maturities have access to all resources listed at https://cncf.i === Sandbox Stage -To be accepted in the sandbox a project must have at least 2 TOC sponsors. See the [CNCF Sandbox Guidelines v1.0](https://github.com/cncf/toc/blob/master/process/sandbox.md) for the detailed process. +To be accepted in the sandbox a project must have at least 2 TOC sponsors. See the https://github.com/cncf/toc/blob/master/process/sandbox.md[CNCF Sandbox Guidelines v1.0] for the detailed process. === Incubating Stage From 6a9cafa5f1d2a9d1e05521f8606c59b354ac5b0d Mon Sep 17 00:00:00 2001 From: kxu Date: Wed, 1 Aug 2018 14:39:13 -0700 Subject: [PATCH 138/179] Update with 2nd TOC sponsor Updated proposal with 2nd TOC sponsor (Ben Hindman) --- proposals/tikv.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/tikv.adoc b/proposals/tikv.adoc index 658fb08..662d349 100644 --- a/proposals/tikv.adoc +++ b/proposals/tikv.adoc @@ -92,7 +92,7 @@ https://github.com/pingcap/tikv/blob/master/docs/ROADMAP.md _TOC Presentation Date_: July 3, 2018 -_Current TOC Sponsor_: Bryan Cantrill +_Current TOC Sponsor_: Bryan Cantrill and Ben Hindman _Preferred Maturity Level_: Sandbox From 1f622935ae334271458beafcc8a36a9ce13603a3 Mon Sep 17 00:00:00 2001 From: Jared Watts Date: Fri, 20 Jul 2018 10:25:26 -0700 Subject: [PATCH 139/179] Rook proposal for incubating stage Signed-off-by: Jared Watts --- reviews/incubation-rook.md | 43 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 reviews/incubation-rook.md diff --git a/reviews/incubation-rook.md b/reviews/incubation-rook.md new file mode 100644 index 0000000..168ed79 --- /dev/null +++ b/reviews/incubation-rook.md @@ -0,0 +1,43 @@ +# Rook Incubating Stage Review + +Rook is currently a sandbox stage project. Please refer to Rook's [sandbox stage proposal](../proposals/rook.adoc) ("inception" at time of acceptance) for details on the sandbox requirements. + +In the time since being accepted to the sandbox stage, Rook has demonstrated healthy growth and progress. +Two releases were completed, starting with v0.7 on February 21st and then v0.8 on July 18th. +With those releases, Rook extended beyond just orchestration of Ceph and has built a framework of reusable specs, logic and policies for [cloud-native storage orchestration of other providers](https://blog.rook.io/rooks-framework-for-cloud-native-storage-orchestration-c66278014df7). +Operators and CRD types were added for both CockroachDB and Minio in the v0.8 release, initial support for NFS is nearly complete, and other storage providers are also in the works. + +The CRD types and support for Ceph has graduated to Beta in the v0.8 release, reflecting the increased maturity that has only been possible from impressive engagement from the community. +Other big features for the Ceph operator include automatic horizontal scaling of storage resources, an improved security model, and support for new environments such as OpenShift. + +A [formalized governance policy](https://github.com/rook/rook/blob/master/GOVERNANCE.md) has been approved and instituted for the project, and a [new maintainer](https://github.com/rook/rook/blob/master/OWNERS.md) has also been added to help the project continue to grow. + +## Incubating Stage Criteria + +To be accepted to incubating stage, a project must meet the sandbox stage requirements plus: + +* Document that it is being used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope. + + * Adopters: [https://github.com/rook/rook/blob/master/ADOPTERS.md](https://github.com/rook/rook/blob/master/ADOPTERS.md) + +* Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. + + * Maintainers of the project are listed in [https://github.com/rook/rook/blob/master/OWNERS.md](https://github.com/rook/rook/blob/master/OWNERS.md). + + * Maintainers are added and removed from the project as per the policies outlined in the project governance: [https://github.com/rook/rook/blob/master/GOVERNANCE.md](https://github.com/rook/rook/blob/master/GOVERNANCE.md). + +* Demonstrate a substantial ongoing flow of commits and merged contributions. + + * Releases: [https://github.com/rook/rook/releases](https://github.com/rook/rook/releases) + + * Roadmap: [https://github.com/rook/rook/blob/master/ROADMAP.md](https://github.com/rook/rook/blob/master/ROADMAP.md) + + * Contributors: [https://github.com/rook/rook/graphs/contributors](https://github.com/rook/rook/graphs/contributors) + + * Commit activity: [https://github.com/rook/rook/graphs/commit-activity](https://github.com/rook/rook/graphs/commit-activity) + + * CNCF DevStats: [https://rook.devstats.cncf.io/](https://rook.devstats.cncf.io/) + * [Last 30 days activity on Github](https://rook.devstats.cncf.io/d/8/dashboards?refresh=15m&orgId=1&from=now-30d&to=now-1h) + * [Community Stats](https://rook.devstats.cncf.io/d/3/community-stats?orgId=1) + +Further details of Rook's growth and progress since entering the sandbox stage as well as use case details from the Rook community can be found in this [slide deck](https://docs.google.com/presentation/d/1DOgAlX0RyB8hzD7KbmXK4pKu9hFFPY9WiLv-LEy38jo/edit?usp=sharing). From 072942976bb0781e8c929fe24fb3c385a21834a3 Mon Sep 17 00:00:00 2001 From: Naadir Jeewa Date: Wed, 8 Aug 2018 09:05:41 +0100 Subject: [PATCH 140/179] Remove Naadir Jeewa from TOC contributors --- CONTRIBUTORS.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index de258ca..65400a6 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -55,7 +55,6 @@ List below is the official list of TOC contributors, in alphabetical order: * Louis Fourie, Huawei (louis.fourie@huawei.com) * Mark Peek, VMware (markpeek@vmware.com) * Matthew Fornaciari, Gremlin (forni@gremlin.com) -* Naadir Jeewa, The Scale Factory (naadir@scalefactory.com) * Nick Chase, Mirantis (nchase@mirantis.com) * Pengfei Ni, Microsoft (peni@microsoft.com) * Philip Lombardi, Datawire.io (plombardi@datawire.io) From 6d80d35d6d755d4ce40181bbb1316d43901b6da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 8 Aug 2018 15:25:01 +0200 Subject: [PATCH 141/179] Fixed typo in README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 665e49e..72f3b68 100644 --- a/README.md +++ b/README.md @@ -149,8 +149,8 @@ If you're interested in presenting at a TOC call about your project, please open * **Sep 4, 2018**: OpenMessaging/Dragonfly * **Sep 18, 2018**: netdata * **Oct 2, 2018**: keycloak -* **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) -* **Nov 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues) +* **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) +* **Nov 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) ## Meeting Minutes From e0ce34cbe8d36524d7421e52a0e85b14dfda5bcb Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 8 Aug 2018 08:31:32 -0500 Subject: [PATCH 142/179] Add 8/7/2018 agenda deck https://docs.google.com/presentation/d/1Eebd5ZwSYyvNRLbHDpiF_USDC4sEz7lEEpPLju_0PaU/edit --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 72f3b68..d7d50a9 100644 --- a/README.md +++ b/README.md @@ -210,3 +210,4 @@ If you're interested in presenting at a TOC call about your project, please open * [June 19th, 2018](https://docs.google.com/presentation/d/1Ym8fLRCaX43uHPHBRyuRXM62U8m4vXaBXkuUp6tt3js/edit?usp=sharing) * [July 3rd, 2018](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing) * [July 17th, 2018](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing) +* [August 7th, 2018](https://docs.google.com/presentation/d/1Eebd5ZwSYyvNRLbHDpiF_USDC4sEz7lEEpPLju_0PaU/edit) From a3bb169a8bfd5e4c0c26c0bf6962cb7cf25f81b0 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 9 Aug 2018 11:37:54 -0500 Subject: [PATCH 143/179] Prometheus graduates! https://www.cncf.io/announcement/2018/08/09/prometheus-graduates/ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7d50a9..5911ec8 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert **Project**|**Sponsor**|**TOC Deck**|**Accepted**|**Maturity Level** :-----:|:-----:|:-----:|:-----:|:-----: [Kubernetes](https://kubernetes.io/)|Alexis Richardson|N/A|[3/10/16](https://cncf.io/news/news/2015/07/techcrunch-kubernetes-hits-10-google-donates-technology-newly-formed-cloud-native)|Graduated -[Prometheus](https://prometheus.io/)|Alexis Richardson|[3/4/16](https://docs.google.com/presentation/d/1GtVX-ppI95LhrijprGENsrpq78-I1ttcSWLzMVk5d8M/edit?usp=sharing)|[5/9/16](https://cncf.io/news/announcement/2016/05/cloud-native-computing-foundation-accepts-prometheus-second-hosted-project)|Incubating +[Prometheus](https://prometheus.io/)|Alexis Richardson|[3/4/16](https://docs.google.com/presentation/d/1GtVX-ppI95LhrijprGENsrpq78-I1ttcSWLzMVk5d8M/edit?usp=sharing)|[5/9/16](https://cncf.io/news/announcement/2016/05/cloud-native-computing-foundation-accepts-prometheus-second-hosted-project)|Graduated [OpenTracing](http://opentracing.io/)|Bryan Cantrill|[8/17/16](https://docs.google.com/presentation/d/1kQkmJtT0bjSRvUTP5YFTKaXSfIM3aL7zxja_KtZtbgw/edit#slide=id.g15fc45ec1a_0_165)|[10/11/16](https://cncf.io/news/blogs/2016/10/opentracing-joins-cloud-native-computing-foundation)|Incubating [Fluentd](http://www.fluentd.org/)|Brian Grant|[8/3/16](https://docs.google.com/presentation/d/1S79MNv3E2aG8nuZJFJ0XMSumf7jnKozN3vdrivCH77U/edit?usp=sharing)|[11/8/16](https://www.cncf.io/blog/2016/12/08/fluentd-cloud-native-logging)|Incubating [Linkerd](https://linkerd.io/)|Jonathan Boulle|[10/5/16](https://docs.google.com/presentation/d/19aamsOR__zGFNNFCmid2TjaJwEqNOXmHRa34EQwf3sA/edit#slide=id.g181e6fdb33_0_0)|[1/23/17](https://www.cncf.io/blog/2017/01/23/linkerd-project-joins-cloud-native-computing-foundation)|Incubating From d4233086f2ebc442eead4deba758a5427ae74796 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 10 Aug 2018 08:39:11 -0500 Subject: [PATCH 144/179] Add OpenMetrics to the sandbox https://openmetrics.io --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5911ec8..dfe97d3 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Telepresence](https://github.com/telepresenceio)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox [Helm](https://github.com/helm)|Brian Grant|[5/15/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[6/1/18](https://www.cncf.io/blog/2018/06/01/cncf-to-host-helm/)|Incubating [Harbor](https://github.com/goharbor)|Quinton Hoole, Ken Owens|[6/19/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[7/31/18](https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/)|Sandbox +[OpenMetrics](https://github.com/OpenObservability/OpenMetrics)|Alexis Richardson, Bryan Cantrill|[6/20/17](https://goo.gl/6nmyDn)|[8/10/18](https://www.cncf.io/blog/2018/08/10/cncf-to-host-openmetrics/)|Sandbox ## Website Guidelines From 7b7098eb33c7c7e6bce38055462670cb11fc8071 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 20 Aug 2018 08:37:35 -0500 Subject: [PATCH 145/179] Address feedback from community --- workinggroups/README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/workinggroups/README.md b/workinggroups/README.md index b0be714..91d0e1c 100644 --- a/workinggroups/README.md +++ b/workinggroups/README.md @@ -8,4 +8,13 @@ The purpose of working groups are to study and report on a particular question a If you would like to submit a working group proposal, please submit a pull request to the working groups folder. As an example, you can see the other working group proposals here: https://github.com/cncf/toc/tree/master/workinggroups -You will also have to present to the CNCF TOC and wider community before your WG proposal will be voted upon by the TOC and community. You can request a presentation by filing an issue here: https://github.com/cncf/toc/issues \ No newline at end of file +You will also have to present to the CNCF TOC and wider community before your WG proposal will be voted upon by the TOC and community. You can request a presentation by filing an issue here: https://github.com/cncf/toc/issues + +At a minimum, please include this information: + +* Goals +* Non-goals +* Mailing list information +* The location of meetings / agenda / notes +* Initial interested parties to show that there are multiple people across multiple orgs interested +* The chair(s) and TOC sponsor being explicitly listed so they are discoverable From 84b3ddafdc9faca451e747be2e2c455e244a3440 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 20 Aug 2018 09:37:40 -0500 Subject: [PATCH 146/179] Add 8/21/2018 TOC agenda https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dfe97d3..7537766 100644 --- a/README.md +++ b/README.md @@ -212,3 +212,4 @@ If you're interested in presenting at a TOC call about your project, please open * [July 3rd, 2018](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing) * [July 17th, 2018](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing) * [August 7th, 2018](https://docs.google.com/presentation/d/1Eebd5ZwSYyvNRLbHDpiF_USDC4sEz7lEEpPLju_0PaU/edit) +* [August 21st, 2018](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing) From 4c8ee56fa12b96e86f988732ac6827835ce91923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=83=A2=E3=83=8F=E3=83=A1=E3=83=89?= Date: Mon, 27 Aug 2018 15:05:37 +0900 Subject: [PATCH 147/179] Update coredns.adoc fix formatting --- proposals/coredns.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/proposals/coredns.adoc b/proposals/coredns.adoc index fd21b85..f6fce3b 100644 --- a/proposals/coredns.adoc +++ b/proposals/coredns.adoc @@ -92,6 +92,7 @@ CoreDNS can be thought of as a DNS protocol head that can be configured to front *Comparison with KubeDNS*: The incumbent DNS service for Kubernetes, “kubedns”, consists of three components: + * kube-dns which uses SkyDNS as a library provides the DNS service based on the Kubernetes API * dnsmasq which acts as a caching server in front of kube-dns * sidecar provides metrics and health-check status. From 2073c63805c566287723907657494b654f88c8d5 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 28 Aug 2018 07:03:19 -0700 Subject: [PATCH 148/179] Add TiKV as a sandbox project --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7537766..47e6d7e 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Helm](https://github.com/helm)|Brian Grant|[5/15/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[6/1/18](https://www.cncf.io/blog/2018/06/01/cncf-to-host-helm/)|Incubating [Harbor](https://github.com/goharbor)|Quinton Hoole, Ken Owens|[6/19/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[7/31/18](https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/)|Sandbox [OpenMetrics](https://github.com/OpenObservability/OpenMetrics)|Alexis Richardson, Bryan Cantrill|[6/20/17](https://goo.gl/6nmyDn)|[8/10/18](https://www.cncf.io/blog/2018/08/10/cncf-to-host-openmetrics/)|Sandbox +[TiKV](https://github.com/tikv/tikv)|Ben Hindman, Bryan Cantrill|[7/3/18](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing)|[8/28/18](https://www.cncf.io/blog/2018/08/28/cncf-to-host-tikv/)|Sandbox ## Website Guidelines @@ -100,7 +101,7 @@ CNCF has the following [guidelines](https://www.cncf.io/projects/website-guideli ## Scheduled Community Presentations -If you're interested in presenting at a TOC call about your project, please open a [github issue](https://github.com/cncf/toc/issues) with the request. We can schedule a maximum of two community presentations per TOC meeting. +If you're interested in presenting at a TOC call about your project, please open a [github issue](https://github.com/cncf/toc/issues) with the request. We can schedule a maximum of one community presentation per TOC meeting. * **May 4th, 2016**: [Prometheus](https://prometheus.io/) ([overview](https://docs.google.com/presentation/d/1GtVX-ppI95LhrijprGENsrpq78-I1ttcSWLzMVk5d8M/edit?usp=sharing)): Fabian Reinartz, Julius Volz * **August 3rd, 2016**: [Fluentd](http://www.fluentd.org/) ([overview](https://docs.google.com/presentation/d/1S79MNv3E2aG8nuZJFJ0XMSumf7jnKozN3vdrivCH77U/edit?usp=sharing)): Kiyoto Tamura / [Heron](https://github.com/twitter/heron) ([overview](https://docs.google.com/presentation/d/1pKwNO2V3VScjD1JxJ0gEgFTwAOccJgaJxHWgwcyczec/edit?usp=sharing)): Karthik Ramasamy / [Minio](https://minio.io/) ([overview](https://docs.google.com/presentation/d/1DGm_Zwq7qYHaXm6ZH26RAQeyBAKF1FOCLlEZQNTMJYE/edit?usp=sharing)): Anand Babu Periasamy From 7a2248841955bf905e539be187dc654aa7b4e199 Mon Sep 17 00:00:00 2001 From: Stephen Levine Date: Wed, 29 Aug 2018 22:01:52 -0400 Subject: [PATCH 149/179] Add Cloud Native Buildpacks proposal --- proposals/buildpacks.adoc | 116 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 proposals/buildpacks.adoc diff --git a/proposals/buildpacks.adoc b/proposals/buildpacks.adoc new file mode 100644 index 0000000..7e83bbd --- /dev/null +++ b/proposals/buildpacks.adoc @@ -0,0 +1,116 @@ +== Cloud Native Buildpacks + +*Name of project:* Cloud Native Buildpacks + +*Description:* + +Buildpacks are application build tools that provide a higher level of abstraction compared to Dockerfiles. +Conceived by Heroku in 2011, they establish a balance of control that reduces the operational burden on developers and supports operators who manage apps at scale. +Buildpacks ensure that apps meet security and compliance requirements without developer intervention. +They provide automated delivery of both OS-level and application-level dependency upgrades, efficiently handling day-2 app operations that are often difficult to manage with Dockerfiles. + +Cloud Native Buildpacks aim to unify the buildpack ecosystems with a platform-to-buildpack contract that is well-defined and that incorporates learnings from maintaining production-grade buildpacks for years at both Pivotal and Heroku, the largest contributors to the buildpack ecosystem. + +Cloud Native Buildpacks embrace modern container standards, such as the OCI image format. +They take advantage of the latest capabilities of these standards, such as remote image layer rebasing on Docker API v2 registries. + +*Statement on alignment with CNCF mission:* + +The Cloud Native Buildpacks project is well-aligned with the CNCF's mission statement of supporting cloud native systems. +The next generation of buildpacks will aid developers and operators in packaging applications into containers (1a), allow operators to efficiently manage the infrastructure necessary to keep application dependencies updated (1b), and be available via well-defined interfaces (1c). + +The Cloud Native Buildpacks project is complimentary to other CNCF projects like Helm, Harbor, and Kubernetes. +Cloud Native Buildpacks produce OCI images that can be managed by Helm, stored in Harbor, and deployed to Kubernetes. +Additionally, the project roadmap includes creating a Kubernetes CRD controller (or alternatively, adapting Knative's https://github.com/knative/build[Build CRD]) to enable cloud builds using buildpacks. + +We agree with the CNCF’s “no kingmakers” principle, and propose Cloud Native Buildpacks as an alternative to Dockerfiles for certain use cases, not as a one-size-fits-all solution for building cloud apps. + +*Sponsors from TOC:* Brian Grant & Alexis Richardson + +*Preferred maturity level:* Sandbox + +*License:* Apache License v2.0 + +*Source control:* Github (https://github.com/buildpack) + +*External Dependencies:* + + * https://github.com/BurntSushi/toml[github.com/BurntSushi/toml] (MIT) + * https://github.com/docker/docker[github.com/docker/docker] (Apache-2.0) + * https://github.com/docker/go-connections[github.com/docker/go-connections] (Apache-2.0) + * https://github.com/golang/mock[github.com/golang/mock] (Apache-2.0) + * https://github.com/google/go-cmp[github.com/google/go-cmp] (NewBSD) + * https://github.com/google/go-containerregistry[github.com/google/go-containerregistry] (Apache-2.0) + * https://github.com/google/uuid[github.com/google/uuid] (NewBSD) + * https://github.com/nu7hatch/gouuid[github.com/nu7hatch/gouuid] (MIT) + * https://github.com/onsi/ginkgo[github.com/onsi/ginkgo] (MIT) + * https://github.com/onsi/gomega[github.com/onsi/gomega] (MIT) + * https://github.com/sclevine/spec[github.com/sclevine/spec] (Apache-2.0) + * https://github.com/spf13/cobra[github.com/spf13/cobra] (Apache-2.0) + * https://gopkg.in/yaml.v2[gopkg.in/yaml.v2] (Apache-2.0) + * https://code.cloudfoundry.org/buildpackapplifecycle[code.cloudfoundry.org/buildpackapplifecycle] (Apache-2.0) + * https://code.cloudfoundry.org/cli[code.cloudfoundry.org/cli] (Apache-2.0) + +*Initial Committers:* + +Founding Maintainers: + + * Stephen Levine (Pivotal) + * Ben Hale (Pivotal) + * Terence Lee (Heroku) + * Joe Kutner (Heroku) + +Additional Maintainers: + + * Emily Casey (Pivotal) + * Jacques Chester (Pivotal) + * Dave Goddard (Pivotal) + * Anthony Emengo (Pivotal) + * Stephen Hiehn (Pivotal) + * Andreas Voellmer (Pivotal) + +*Infrastructure requests (CI / CNCF Cluster):* + +_Development needs:_ + +We currently use Travis for CI, but we may want to use CNCF resources to deploy Concourse CI. +Additionally, we will need access to all common Docker registry implementations for performance and compatibility testing. +This includes deploying Harbor to CNCF infrastructure as well as access to DockerHub, GCR, ACR, ECR, etc. + +_Production needs:_ + +Additionally, we would like to use CNCF resources to host a buildpack registry containing buildpacks and buildpack dependencies. + +*Communication Channels:* + + * Slack: https://buildpacks.slack.com + * Mailing List: https://lists.cncf.io/g/cncf-buildpacks (proposed) + * Issue tracker: https://github.com/orgs/buildpack/projects + +*Website:* https://buildpacks.io + +*Release methodology and mechanics:* + +Continuous release process made possible by reliable automated tests. + +We plan to cut small releases whenever possible. + +*Social media accounts:* + + * Twitter: @buildpacks_io + +*Existing sponsorship*: Pivotal and Heroku + +*Community size:* + +_Existing buildpacks:_ + +Cloud Foundry Buildpacks: +1000+ stars, 4,000+ forks, 8 full-time engineers + +Heroku Buildpacks: +5,500+ stars, 12,000+ forks, 5 full-time engineers + +_Cloud Native Buildpacks project:_ + +New project with 10 active contributors from Pivotal and Heroku. From 58f3f051c2bb00653312c3c4a08bce1726ab69b4 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 3 Sep 2018 07:12:17 -0700 Subject: [PATCH 150/179] Add 9/4/2018 TOC agenda --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 47e6d7e..8e8ed46 100644 --- a/README.md +++ b/README.md @@ -214,3 +214,4 @@ If you're interested in presenting at a TOC call about your project, please open * [July 17th, 2018](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing) * [August 7th, 2018](https://docs.google.com/presentation/d/1Eebd5ZwSYyvNRLbHDpiF_USDC4sEz7lEEpPLju_0PaU/edit) * [August 21st, 2018](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing) +* [September 4th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) From ae3636f2cd87b4e4be44fc42abbae8d43a0cac51 Mon Sep 17 00:00:00 2001 From: Bob Cotton Date: Thu, 6 Sep 2018 13:27:54 -0600 Subject: [PATCH 151/179] Added Sponsors --- proposals/cortex.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/cortex.adoc b/proposals/cortex.adoc index 689ffbd..a7681f0 100644 --- a/proposals/cortex.adoc +++ b/proposals/cortex.adoc @@ -25,7 +25,7 @@ There are many different ways to provide a scalable and available metric system -*Sponsor / Advisor from TOC:* +*Sponsor / Advisor from TOC:* Bryan Cantrill and Ken Owens *Unique identifier:* cortex From 984d3bc81b83bc9db06310c6bf270bf16606630f Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 11 Sep 2018 08:37:39 -0700 Subject: [PATCH 152/179] add graduation reviews for November TOC meeting --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8e8ed46..98c7da3 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ The TOC has created the following working groups to investigate and discuss the | [CI](https://github.com/cncf/wg-ci) | Camille Fournier | [4th Tue of every month at 8AM PT](https://zoom.us/my/cncfciwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3_A3ujWHSxOu1IO_bd7Zi) | [Networking](https://github.com/cncf/wg-networking) | Ken Owens | [1st and 3rd Tue every month at 9AM PT](https://zoom.us/my/cncfnetworkingwg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2M_-K5n67_zTdrPh_PtTKFC) | [Serverless](https://github.com/cncf/wg-serverless) | Ken Owens | [Thu of every week at 9AM PT](https://zoom.us/my/cncfserverlesswg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Ph7YoBIgsZNW_RGJvNlFOt) -| [Storage](https://github.com/cncf/wg-storage) | Ben Hindman | [2nd and 4th Wed every month at 8AM PT](https://zoom.us/my/cncfstoragewg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) +| [Storage](https://github.com/cncf/wg-storage) | Quinton Hoole | [2nd and 4th Wed every month at 8AM PT](https://zoom.us/my/cncfstoragewg) | [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6) All meetings are on the public CNCF calendar: https://goo.gl/eyutah @@ -152,7 +152,7 @@ If you're interested in presenting at a TOC call about your project, please open * **Sep 18, 2018**: netdata * **Oct 2, 2018**: keycloak * **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) -* **Nov 6, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) +* **Nov 6, 2018**: Graduation/Project Reviews: TUF ## Meeting Minutes From 27fcaa67a082507ad48f04c55bd460268edadc36 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Sun, 16 Sep 2018 11:36:59 -0400 Subject: [PATCH 153/179] Add a way to recognize previous TOC members --- EMERITUS.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 EMERITUS.md diff --git a/EMERITUS.md b/EMERITUS.md new file mode 100644 index 0000000..8b817f0 --- /dev/null +++ b/EMERITUS.md @@ -0,0 +1,6 @@ +We would like to acknowledge previous TOC members and their huge contributions to our collective success: + +* Solomon Hykes (1/29/2016 - 3/17/2018) +* Elissa Murphy (1/29/2016 - 10/2/2017) + +We thank these members for their service to the CNCF community. From 0d242578fe3962b97edfc9825310ee8f1fd1883c Mon Sep 17 00:00:00 2001 From: m1093782566 Date: Mon, 17 Sep 2018 17:12:02 +0800 Subject: [PATCH 154/179] add Jun Du to TOC contributor --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 65400a6..5882b4c 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -49,6 +49,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Joseph Jacks, Independent (jacks.joe@gmail.com) * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) * Justin Cormack, Docker (justin.cormack@docker.com) +* Jun Du, Huawei (dujun5@huawei.com) * Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) * Lee Calcote, SolarWinds (leecalcote@gmail.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) From 8eb4091618ef6993c6519d024abe7e9a036e3e9d Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 17 Sep 2018 14:24:35 -0700 Subject: [PATCH 155/179] TOC Agenda 9/18/2018 https://docs.google.com/presentation/d/1gNU8wJK2NH902V_j_Dbaz12ptIgWEMYCM8MVeVfqFIM/edit#slide=id.g25ca91f87f_0_0 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 98c7da3..a4cb648 100644 --- a/README.md +++ b/README.md @@ -215,3 +215,4 @@ If you're interested in presenting at a TOC call about your project, please open * [August 7th, 2018](https://docs.google.com/presentation/d/1Eebd5ZwSYyvNRLbHDpiF_USDC4sEz7lEEpPLju_0PaU/edit) * [August 21st, 2018](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing) * [September 4th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) +* [September 18th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) From fcceab88cffeacec46cf8aa3f3b0eff7298a268f Mon Sep 17 00:00:00 2001 From: Kevin Date: Tue, 18 Sep 2018 19:52:21 +0800 Subject: [PATCH 156/179] Add Zefeng (Kevin) Wang to contributors --- CONTRIBUTORS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 5882b4c..1b3d355 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -71,4 +71,4 @@ List below is the official list of TOC contributors, in alphabetical order: * Yaron Haviv, iguazio (yaronh@iguaz.io) * Yong Tang, Infoblox (ytang@infoblox.com) * Yuri Shkuro, Uber (ys@uber.com) - +* Zefeng (Kevin) Wang, Huawei (wangzefeng@huawei.com) From 05dc3370ca179ca5b60cd33ef6d26f24b2144964 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Fri, 21 Sep 2018 04:40:02 +0800 Subject: [PATCH 157/179] Add Cortex to the CNCF Sandbox https://github.com/cortexproject/cortex --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a4cb648..1ea717e 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Harbor](https://github.com/goharbor)|Quinton Hoole, Ken Owens|[6/19/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[7/31/18](https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/)|Sandbox [OpenMetrics](https://github.com/OpenObservability/OpenMetrics)|Alexis Richardson, Bryan Cantrill|[6/20/17](https://goo.gl/6nmyDn)|[8/10/18](https://www.cncf.io/blog/2018/08/10/cncf-to-host-openmetrics/)|Sandbox [TiKV](https://github.com/tikv/tikv)|Ben Hindman, Bryan Cantrill|[7/3/18](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing)|[8/28/18](https://www.cncf.io/blog/2018/08/28/cncf-to-host-tikv/)|Sandbox +[Cortex](https://github.com/cortexproject/cortex)|Ken Owens, Bryan Cantrill|[6/5/18](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0)|[9/20/18](https://www.cncf.io/blog/2018/09/20/cncf-to-host-in-the-sandbox/)|Sandbox ## Website Guidelines From 27622d0d9d718cfc6a3bb459a183720771ae5ba2 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Tue, 25 Sep 2018 08:44:46 -0500 Subject: [PATCH 158/179] Rook moves to incubation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1ea717e..b1ea94c 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Jaeger](https://github.com/jaegertracing/jaeger)|Bryan Cantrill|[8/1/17](https://goo.gl/ehtgts)|[9/13/17](https://www.cncf.io/blog/2017/09/13/cncf-hosts-jaeger/)|Incubating [Notary](https://github.com/docker/notary)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating [TUF](https://github.com/theupdateframework)|Solomon Hykes|[6/20/17](https://goo.gl/6nmyDn)|[10/24/17](https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/)|Incubating -[rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Sandbox +[rook](https://github.com/rook)|Ben Hindman|[6/6/17](https://goo.gl/6nmyDn)|[1/29/18](https://www.cncf.io/blog/2018/01/29/cncf-host-rook-project-cloud-native-storage-capabilities)|Incubating [Vitess](https://github.com/vitessio/vitess)|Brian Grant|[4/19/17](https://goo.gl/6nmyDn)|[2/5/18](https://www.cncf.io/blog/2018/02/05/cncf-host-vitess/)|Incubating [NATS](https://github.com/nats-io/gnatsd)|Alexis Richardson|[9/21/16](https://goo.gl/6nmyDn)|[3/15/18](https://www.cncf.io/blog/2018/03/15/cncf-to-host-nats/)|Incubating [SPIFFE](https://github.com/spiffe)|Brian Grant, Sam Lambert, Ken Owens|[11/7/17](https://goo.gl/6nmyDn)|[3/29/18](https://www.cncf.io/blog/2018/03/29/cncf-to-host-the-spiffe-project/)|Sandbox From a9099dbc47d981339277cf813b0f1a0f052e52a5 Mon Sep 17 00:00:00 2001 From: Michael Ducy Date: Thu, 27 Sep 2018 16:55:26 -0400 Subject: [PATCH 159/179] add Falco sandbox proposal --- proposals/falco.adoc | 219 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 proposals/falco.adoc diff --git a/proposals/falco.adoc b/proposals/falco.adoc new file mode 100644 index 0000000..1560c25 --- /dev/null +++ b/proposals/falco.adoc @@ -0,0 +1,219 @@ +=== Falco CNCF Sandbox Project Proposal + + +*Name of Project:* Falco + +*Description:* + +Highly distributed and dynamic architectural patterns such as microservices are proving that traditional models of application and network security alone do not meet today’s current needs. Additionally, the increasing level of regulation being introduced (General Data Protection Regulation, or GDPR, for instance) to any business with a digital presence makes security more important than ever. Organizations must quickly respond to exploits and breaches to minimize financial penalties introduced by such regulation, yet the dynamic nature of modern Cloud Native architectures make it extremely difficult for organizations to keep pace. + +Falco seeks to solve this problem by shortening the security incident detection and response cycle in microservices architectures. Falco provides runtime security for systems running container workloads to detect behavior that is defined as abnormal. Falco can be broken into three areas: + +*Event & Metadata Providers* - inputs of events to the rules engine. + +* Sysdig Kernel Module - provides a stream of system call events for Linux based systems. +* Kubernetes API Server - provides metadata for Kubernetes resources such as Namespace, Deployment, Replication Controllers, Pods, and Services. +* Marathon - provides metadata for Marathon resources. +* Mesos - provides metadata for Mesos resources. +* Docker - provides metadata for containers running under the Docker container runtime. + +*Rules Engine & Condition Syntax* - Falco implements a rules engine that supports the following rule syntax. + +* https://github.com/draios/falco/wiki/Falco-Rules#conditions[Sysdig Filter Syntax] - Falco supports the Sysdig filter syntax used for filtering system call events from the Sysdig kernel module. This syntax also supports filtering on metadata from sources such as container runtimes, Kubernetes, Mesos, and Marathon. + +*Notification Outputs* - Falco’s rules engine will send alerts when rule conditions are met. The following output destinations are currently supported. + +* Stdout, Log file, Syslog - These can be aggregated using Fluentd or similar +* Command Execution - Falco can execute a command, passing the alert in via stdin + + +For example, by leveraging the Sysdig kernel module’s capabilities of tapping into system calls from the Linux kernel, rules can be written to detect behavior seen as abnormal. Through the system calls, Falco can detect events such as: + +* A Kubernetes Pod running in a Deployment labeled ‘node-frontend’ begins running processes other than ‘node’. +* A shell is run inside a container +* A container is running in privileged mode, or is mounting a sensitive path like /proc from the host. +* A server process spawns a child process of an unexpected type +* Unexpected read of a sensitive file (like /etc/shadow) +* A non-device file is written to /dev +* A standard system binary (like ls) makes an outbound network connection + +When a rule condition is met, Falco can either log an alert to a file, syslog, stdout, etc, or trigger an external program. This allows an automated system to respond to compromised containers or container hosts. This automated system could stop or kill containers identified as compromised, or mark container hosts as tainted to prevent workloads from being scheduled on the compromised host. + +*Value to the Cloud Native Operating Model* + +As Cloud Native starts to become the defacto operating model for many organizations, the security of this model is often the first thing many organizations seek to address. The Cloud Native model seeks to empower developers to be able to rapidly package applications and services in containers, then quickly deploy them to platforms such as Kubernetes. This model seeks to remove the traditional points of friction in operations by providing a consistent deployment paradigm and abstraction of the underlying infrastructure. The challenge for many organizations is that applications packaged as containers are often a black box to downstream teams in terms of 1) what is packaged inside the container, and 2) operations any processes might perform once the application is running. + +Currently there are several prescribed methods for building security into the Cloud Native workflow: + +* *Image Chain of Trust* +** Scan images as part of a deployment process, such as GitOps, to verify their contents and check for known vulnerabilities (for example Anchore or Clair). +** Cryptographically sign images and restrict container runtimes to only run trusted images. (eg Notary) +** Restrict which container registries images can be pulled from. +* *Admittance Control* +** Cryptographically verifiable identities to restrict/allow workloads to run based on a defined policy (eg SPIFFE). +** Leveraging Service Meshes to control what workloads can join a particular service. +* *Orchestrator/Infra Security* +** Role Based Access Control to restrict access to the orchestrator API services. +** General best practices for securing the orchestrator entry points. +** Network Policy API and CNI Plugins +** Linux Security Module support. +** PodSecurity Policies +* *Runtime Security* +** Detect abnormal behavior inside a workload and take appropriate action, such as telling the orchestrator to kill the workload, thus shortening the security “detect-response” cycle. (eg Falco) +* *Workload Access Control Policies* +** Policies controlling the network activity of workloads and restricting inter-workload communication. +** Policies controlling the API endpoints available to workloads (eg Cilium) + +Each prescribed method provides an additional level of protection, but one method by itself does not provide a complete security solution. Image Chain of Trust for instance is a “point in time” method of providing security. In other words, the container image is considered “secure” when the image scanning process completes successfully, but anytime after that it may become “insecure” once new exploits or vulnerabilities are discovered. + +Additionally, while container images are considered immutable when built, once a container is created from the image, the process inside the container can modify the container’s instantiation of the root filesystem. Some best-practices suggest starting containers with a read-only root filesystem to prevent this, but this method has its own problems. For instance, the “standard” Node.js image needs to write to the root filesystem to create a number of files (lock files for instance) when node starts. Runtime Security seeks to mitigate this problem by watching what changes may be made once a container is running, and taking action on abnormal behavior. + +Currently the most of the options for runtime security are limited to proprietary solutions that limits the ability to take advantage of the larger open source software ecosystem. Falco is unique in that its open approach allows for a broader community to define and share rule sets for common security exploits. This open approach also provides the opportunity for a faster response time to newly discovered exploits by providing the ability to share new rules for these exploits as they are discovered. + +*Falco Roadmap* + +Short term improvements include: + +* *Rules Library* - Expand the shipped rule set to include rules for commonly deployed applications and CNCF Projects, as well as common compliance rules such as CIS. + +** Container Images/Apps: Nginx, HAProxy, etcd, Java, Node +** CNCF Projects: Kubernetes, Prometheus, Fluentd, Linkerd +** CIS Runtime Compliance Rules + +Longer term improvements include: + +* *Prometheus Metrics Exporter* - Expose a metrics endpoint to allow collection of metrics by Prometheus. Metrics include # of overall alerts, # of alerts by rule, # of alerts by rule tag. +* *Kubernetes networking policy support* - Support detecting networking policy violations via the Sysdig kernel module +* *Alert Output* - Add support for additional output destinations to allow Falco to more easily be integrated into a Cloud Native architecture. +** *Direct webhook support* - Support posting to a generic webhook + +** *Messaging systems* - Support sending messages to a messaging server such as NATS + +** *gRPC* - Support sending to alerts to external systems via gRPC + +* *Event & Metadata Providers* - Support for additional backend providers for the event stream. +* *Kubernetes Audit Events* - Ingest Kubernetes Audit Events and support rules based on Kubernetes Audit Events. + +* *Container Runtimes* - Support additional container runtime. + +* *Baselining* - Automatic baselining of an application’s “normal” behavior + + +*Planned Advocacy Work* + +Beyond the engineering work planned, there is also work planned to improve the awareness of Falco in the Cloud Native ecosystem. + +* *Workshops on Falco:* As the project’s main sponsor, Sysdig has been investing in workshops focused on Container Troubleshooting and Container Forensics that include sections on Falco and CNCF projects such as Kubernetes. These workshops will be expanded to include more exercises on writing rules for applications, testing workflow for rule writing, and incorporation of Falco in CD workflows such as GitOps, etc. +* *Documentation Improvements*: Improve documentation with regard to writing rules including out of the box macros, lists, and rules provided by Falco. +* *Documenting Use Cases:* Document existing use cases around using Falco with other projects to deliver a complete end to end solution. +* *Events:* Conference and Meetup presentations to help educate the community on security in the Cloud Native landscape, and to help new community members how to implement Cloud Native based architectures in a secure fashion. + +*Current CNCF Ecosystem Integrations:* + +*Containerd and rkt* + +Falco can detect containers running in both containerd and rkt container runtimes. + +*Kubernetes* + +Falco can communicate with the Kubernetes API to pull Namespace, Deployment, Service, ReplicaSet, Pod, and Replication controller information such as name and labels. This data can be used to create rule conditions (e.g. k8s.ns.name = mynamspace) as well as used as an outputted field in any generated alerts. + +A common deployment method for Falco in the Cloud Native landscape is to deploy it as a Daemon Set running in Kubernetes. The Falco project provides releases packaged as containers and provides a Daemon Set example for end users to deploy Falco. + +Docker Hub: https://hub.docker.com/r/sysdig/falco/[https://hub.docker.com/r/sysdig/falco/] + +Kubernetes Daemon Set: https://github.com/draios/falco/tree/dev/integrations/k8s-using-daemonset[https://github.com/draios/falco/tree/dev/integrations/k8s-using-daemonset] + +Helm chart: https://github.com/helm/charts/tree/master/stable/falco[https://github.com/helm/charts/tree/master/stable/falco] + +*Fluentd* + +Falco can also leverage Fluentd from the CNCF ecosystem. Falco alerts can be collected from logs or stdout by Fluentd and the alerts can be aggregated and analyzed. An example of using Falco with Fluentd, Elasticsearch, and Kibana can be found on the Sysdig Blog. + +https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/[https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/] + +*NATS* + +A https://github.com/sysdiglabs/falco-nats[proof of concept] was created showing publishing of Falco alerts to a NATS messaging server. These alerts can be subscribed to by various programs to process and take action on alerts. In the proof of concept, Falco alerts published to NATS triggered a Kubeless function to delete an offending Pod. + + + +*Sponsors from TOC:* Quinton Hoole, Brian Grant + +*Preferred maturity level:* Sandbox + +*Unique identifier:* falco + +*Current Project Sponsor:* https://sysdig.com/opensource/[Sysdig] + +*License:*** **Apache License v 2 (ALv2) + +*Code Repositories:* +Code is currently hosted by Sysdig: +https://github.com/draios/falco[https://github.com/draios/falco] + +The code will move to a vendor netural github organization at: +https://github.com/falcosecurity[https://github.com/falcosecurity] + + +*External Code Dependencies* + +External dependencies of Falco are listed below: + +|=== +|*Software*|*License*|*Project Page* + +|libb64|Creative Commons|http://libb64.sourceforge.net/[http://libb64.sourceforge.net/] +|curl|MIT/X|https://curl.haxx.se/[https://curl.haxx.se/] +|jq|MIT|https://stedolan.github.io/jq/[https://stedolan.github.io/jq/] +|libyaml|MIT|https://pyyaml.org/wiki/LibYAML[https://pyyaml.org/wiki/LibYAML] +|lpeg|MIT|http://www.inf.puc-rio.br/\~roberto/lpeg/[http://www.inf.puc-rio.br/~roberto/lpeg/] +|luajit|MIT|http://luajit.org/luajit.html[http://luajit.org/luajit.html] +|lyaml|MIT|https://github.com/gvvaughan/lyaml[https://github.com/gvvaughan/lyaml] +|ncurses|MIT?|https://www.gnu.org/software/ncurses/[https://www.gnu.org/software/ncurses/] +|openssl|OpenSSL & SSLeay|https://www.openssl.org/source[https://www.openssl.org/source] +|yamlcpp|MIT|https://github.com/jbeder/yaml-cpp[https://github.com/jbeder/yaml-cpp] +|zlib|zlib|https://www.zlib.net/zlib.html[https://www.zlib.net/zlib.html] +|sysdig|ALv2|https://github.com/draios/sysdig[https://github.com/draios/sysdig] +|tbb|ALv2|https://www.threadingbuildingblocks.org/[https://www.threadingbuildingblocks.org/] +|=== + + + +*Committers:* 16 + +*Users of Note:* + +Cloud.gov: + +* https://cloud.gov/docs/apps/experimental/behavior-monitoring/[Dynamic behavior monitoring in Cloud.gov] +* https://www.youtube.com/watch?v=wFQOXMcZnQg[Detecting tainted apps in Cloud Foundry] +* https://github.com/cloudfoundry-community/falco-boshrelease[falco-boshrelease] + + +*Community Communication:* +Slack is the preferred form of communication. Sysdig runs a Slack team for its open source projects and hosts a #falco channel under that Slack team: + +Slack team: https://sysdig.slack.com[https://sysdig.slack.com] + +Falco Channel: https://sysdig.slack.com/messages/C19S3J21F/[https://sysdig.slack.com/messages/C19S3J21F/] + +*Website/Blog:* + +The website is currently hosted by Sysdig, under the Open Source section of the website: https://sysdig.com/opensource/falco[https://sysdig.com/opensource/falco] + +Blog posts related to Falco are currently posted to the Sysdig Blog. https://sysdig.com/blog/tag/falco/[https://sysdig.com/blog/tag/falco/] + +The Falco website and blog will be moved to: https://falco.org[https://falco.org] + + +*Release Cadence:* + +Minor releases quarterly, Patch releases as frequent needed (Minor and Patch used as defined by https://semver.org/[semantic versioning].) + + +*Statement on alignment with CNCF mission:* + +With the number of systems under management increasing at a greater and greater rate, and regulation becoming more common, new approaches are required with regards to security that allows organizations to automatically manage the “detection & response” security cycle. Innovations in Cloud Native technologies allow this automatic approach to security more and more feasible. + +Falco aligns with the CNCF mission statement by: + +* Focusing on containers first: Falco was built with the assumption that containers are the method in which modern applications would be run. Falco has included since its inception the ability to identify containerized processes and apply rules to these processes. +* Enabling the CNCF ecosystem by including Cloud Native best practices: The https://github.com/draios/falco/blob/dev/rules/falco_rules.yaml[default Falco rule set] focuses on container anti-patterns, or rather common mistakes that new users tend to do when deploying a Cloud Native application in containers. While currently these rules focuses on containers and container runtimes, additional rule sets can be written for CNCF projects, and application runtimes in the CNCF Landscape. This work is on the Falco roadmap, and could be easily done wby the broader CNCF community. +* Falco’s goal is to provide a modular, composable system that allows easy integration with other CNCF projects or open source projects. This idea of composability allows for operators of Cloud Native platforms to easily build systems to manage the security of the platform, while maintaining a high degree of flexibility and maintaining the Cloud Native developer velocity. + From 397ceb25abe653fcc35b5b2dfbf7a469ff9799ae Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 1 Oct 2018 08:57:33 -0500 Subject: [PATCH 160/179] 10/2/2018 agenda deck https://docs.google.com/presentation/d/1Xt1xNSN8_pGuDLl5H8xEYToFss7VoIm7GBG0e_HrsLc/edit?usp=sharing --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b1ea94c..3d75908 100644 --- a/README.md +++ b/README.md @@ -217,3 +217,4 @@ If you're interested in presenting at a TOC call about your project, please open * [August 21st, 2018](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing) * [September 4th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) * [September 18th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) +* [October 2nd, 2018](https://docs.google.com/presentation/d/1Xt1xNSN8_pGuDLl5H8xEYToFss7VoIm7GBG0e_HrsLc/edit?usp=sharing) From a2add92a1ce03a6a3a9e70845c9047c5c3302b4b Mon Sep 17 00:00:00 2001 From: Steven Dake Date: Mon, 1 Oct 2018 14:16:27 -0700 Subject: [PATCH 161/179] Adding myself (Steven Dake) as a CNCF TOC contrib I have been working in the container ecosystem since the launch of Docker. I also serve as an individually elected member of the OpenStack foundation. My technical focus today is Istio (https://istio.io). Lew Tucker (@cisco) has requested I liason between the CNCF TOC and Cisco internal teams to present a "semi-offcial" view of Cisco's position. --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 1b3d355..773bf60 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -63,6 +63,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Randy Abernethy, RX-M LLC (randy.abernethy@rx-m.com) * Rick Spencer, Bitnami (rick@bitnamni.com) * Sarah Allen, Google (sarahallen@google.com) +* Steven Dake, Cisco (stdake@cisco.com) * Tammy Butow, Gremlin (tammy@gremlin.com) * Timothy Chen, Hyperpilot (tim@hyperpilot.io) * Vasu Chandrasekhara, SAP SE (vasu.chandrasekhara@sap.com) From f400c59500610d512de8cdde4dae63e1a4751a40 Mon Sep 17 00:00:00 2001 From: Taylor Carpenter Date: Tue, 2 Oct 2018 10:06:58 -0500 Subject: [PATCH 162/179] New zoom bridge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3d75908..d1bcec9 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ All meetings are on the public CNCF calendar: https://goo.gl/eyutah The TOC meets on the 1st and 3rd Tuesday of every month at 8AM PT (USA Pacific): -https://zoom.us/j/263858603 +https://zoom.us/j/967220397 Or Telephone: From 426524ed47606f31d92f6b4c3b630e4b72f55cc5 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 3 Oct 2018 09:53:55 -0500 Subject: [PATCH 163/179] Add buildpacks as a cloud native sandbox project --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d1bcec9..7dd7f82 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [OpenMetrics](https://github.com/OpenObservability/OpenMetrics)|Alexis Richardson, Bryan Cantrill|[6/20/17](https://goo.gl/6nmyDn)|[8/10/18](https://www.cncf.io/blog/2018/08/10/cncf-to-host-openmetrics/)|Sandbox [TiKV](https://github.com/tikv/tikv)|Ben Hindman, Bryan Cantrill|[7/3/18](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing)|[8/28/18](https://www.cncf.io/blog/2018/08/28/cncf-to-host-tikv/)|Sandbox [Cortex](https://github.com/cortexproject/cortex)|Ken Owens, Bryan Cantrill|[6/5/18](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0)|[9/20/18](https://www.cncf.io/blog/2018/09/20/cncf-to-host-in-the-sandbox/)|Sandbox +[Buildpacks](https://github.com/buildpack/spec)|Brian Grant, Alexis Richardson|[8/21/18](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing)|[10/3/18](https://www.cncf.io/blog/2018/10/03/cncf-to-host-cloud-native-buildpacks-in-the-sandbox)|Sandbox ## Website Guidelines From 3b6cd5a99ebb4877f9574cf2d075b2fa2378a0a4 Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Fri, 5 Oct 2018 16:43:46 -0400 Subject: [PATCH 164/179] Updated to remove events that have occurred Brian Grant was re-elected to a two-year term and Quinton Hoole was elected to a 1-year term. No policy changes were made in this commit. --- process/election-schedule.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/process/election-schedule.md b/process/election-schedule.md index b1d430e..f7d5226 100644 --- a/process/election-schedule.md +++ b/process/election-schedule.md @@ -17,24 +17,19 @@ Current TOC [Members](https://github.com/cncf/toc#members) and their terms are: * Jonathan Boulle (term: 3 years - start date: 1/29/2016) * Bryan Cantrill (term: 3 years - start date: 1/29/2016) * Camille Fournier (term: 3 years - start date: 1/29/2016) -* Brian Grant (term: 2 years - start date: 3/17/2016) +* Brian Grant (term: 2 years - start date: 3/17/2018) * Benjamin Hindman (term: 3 years - start date: 1/29/2016) -* Solomon Hykes (term: 2 years - start date: 3/17/2016) +* Quinton Hoole (term: 1 year - start date: 3/17/2018) * Sam Lambert (term: 16 months - start date: 10/2/2017) * Ken Owens (term: 3 years - start date: 1/29/2016) * Alexis Richardson (term: 3 years - start date: 1/29/2016) -The End User Community will shortly (September 2017) be electing a new TOC member to replace Elissa. That person's term would normally last through 3/10/2018. We will ask the End User Community to instead approve a 16 month term to align with GB-appointed TOC selections going forward. This End User TOC member will be reappointed or replaced on 1/29/2019. - -The terms of the two TOC appointed seats, currently held by Brian and Solomon, end on 3/16/18. At the time they are reelected or replaced, we propose that the two appointed members will draw straws to determine which of them gets a 1-year term in just that cycle so that these two positions are staggered going forward. After they are selected, we propose that the TOC vote to select its chairperson, and do so every 2 years thereafter. - On 1/29/2019, the other 6 TOC positions are up for re-election by the GB. The charter requires that the initial appointments have been for 3 years (which they were), but to use staggered, 2-year terms going forward. We propose that half of the positions get a 1-year term in just that cycle (by drawing straws), so that each year afterwards, 3 of the 6 will be reappointed or replaced. **Schedule** *All terms are two years unless otherwise specified. Selected means reappointed or replaced.* -* 10/1/2017: New End User TOC member is selected for a 16 month term. * 3/17/2018: Both TOC-selected members are selected, one for a 1-year term. * 3/17/2018 (and each future even year): The TOC selects its chairperson. * 1/29/2019: 6 GB-selected TOC members are selected, half for 1-year terms. From b78c796f4471a0aad42b5029eb3ca4332b15310f Mon Sep 17 00:00:00 2001 From: Dan Kohn Date: Fri, 5 Oct 2018 16:48:04 -0400 Subject: [PATCH 165/179] Remove one more past-dated event --- process/election-schedule.md | 1 - 1 file changed, 1 deletion(-) diff --git a/process/election-schedule.md b/process/election-schedule.md index f7d5226..a0a2e4a 100644 --- a/process/election-schedule.md +++ b/process/election-schedule.md @@ -30,7 +30,6 @@ On 1/29/2019, the other 6 TOC positions are up for re-election by the GB. The ch *All terms are two years unless otherwise specified. Selected means reappointed or replaced.* -* 3/17/2018: Both TOC-selected members are selected, one for a 1-year term. * 3/17/2018 (and each future even year): The TOC selects its chairperson. * 1/29/2019: 6 GB-selected TOC members are selected, half for 1-year terms. * 1/29/2019 (and each future odd year): End User TOC member is selected. From 77ce5d329c99d6a425ea00129c0c5c0d6984015a Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Mon, 8 Oct 2018 22:00:26 -0400 Subject: [PATCH 166/179] Adding self (Matt Farina) to toc contributors Signed-off-by: Matt Farina --- CONTRIBUTORS.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 773bf60..8b2c7f9 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -24,7 +24,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Ara Pulido, Bitnami (ara@bitnami.com) * Ayrat Khayretdinov (akhayertdinov@cloudops.com) * Bassam Tabbara, Upbound (bassam@upbound.io) -* Bob Wise, Samsung SDS (bob@bobsplanet.com) +* Bob Wise, Amazon Web Services (bob@bobsplanet.com) * Cathy Zhang, Huawei (cathy.h.zhang@huawei.com) * Chase Pettet, Wikimedia Foundation (cpettet@wikimedia.org) * Christopher Liljenstople, Tigera (cdl@asgaard.org) @@ -55,6 +55,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) * Louis Fourie, Huawei (louis.fourie@huawei.com) * Mark Peek, VMware (markpeek@vmware.com) +* Matt Farina, Samsung SDS (matt@mattfarina.com) * Matthew Fornaciari, Gremlin (forni@gremlin.com) * Nick Chase, Mirantis (nchase@mirantis.com) * Pengfei Ni, Microsoft (peni@microsoft.com) From 6afe4de100fadbe2a46927fdea5c624d36dd257b Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 10 Oct 2018 08:13:02 -0400 Subject: [PATCH 167/179] Add Falco to the sandbox https://falco.org --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 7dd7f82..fe70851 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,9 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [TiKV](https://github.com/tikv/tikv)|Ben Hindman, Bryan Cantrill|[7/3/18](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing)|[8/28/18](https://www.cncf.io/blog/2018/08/28/cncf-to-host-tikv/)|Sandbox [Cortex](https://github.com/cortexproject/cortex)|Ken Owens, Bryan Cantrill|[6/5/18](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0)|[9/20/18](https://www.cncf.io/blog/2018/09/20/cncf-to-host-in-the-sandbox/)|Sandbox [Buildpacks](https://github.com/buildpack/spec)|Brian Grant, Alexis Richardson|[8/21/18](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing)|[10/3/18](https://www.cncf.io/blog/2018/10/03/cncf-to-host-cloud-native-buildpacks-in-the-sandbox)|Sandbox +[Falco](https://github.com/falcosecurity/falco)|Brian Grant, Quinton Hoole|[7/17/18](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing)|[10/10/18](https://falco.org/)|Sandbox + +Quinton Hoole, Brian Grant ## Website Guidelines From 2b8d0bfc120e14035f79450fbc9209d314dbabff Mon Sep 17 00:00:00 2001 From: clouderati <35942204+clouderati@users.noreply.github.com> Date: Wed, 3 Oct 2018 10:09:47 -0400 Subject: [PATCH 168/179] Harbor incubation proposal Signed-off-by: clouderati <35942204+clouderati@users.noreply.github.com> --- reviews/incubation-harbor.md | 80 ++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 reviews/incubation-harbor.md diff --git a/reviews/incubation-harbor.md b/reviews/incubation-harbor.md new file mode 100644 index 0000000..8b9d733 --- /dev/null +++ b/reviews/incubation-harbor.md @@ -0,0 +1,80 @@ +# Harbor Incubating Stage Review + +Harbor is currently a CNCF sandbox project. Please refer to Harbor's initial +[sandbox proposal](../proposals/harbor.adoc) for discussion on Harbor's +alignment with the CNCF and details on sandbox requirements. + +In the time since being accepted as a sandbox project, Harbor has demonstrated +healthy growth and progress. + +* [v1.6.0 is the latest +releases](https://goharbor.io/blogs/harbor-1.6.0-release/), shipped on +September 7th, marking our 7th major feature release. New features include: + + * [Support for hosting Helm charts](https://github.com/goharbor/harbor/issues/4922) + * [Support for RBAC via LDAP groups](https://github.com/goharbor/harbor/issues/3506) + * [Replication filtering via labels](https://github.com/goharbor/harbor/issues/4861) + * [Major refactoring to coalesce to a single PostgreSQL database](https://github.com/goharbor/harbor/issues/4855) + +* A [formalized governance +policy](https://github.com/goharbor/community/blob/master/GOVERNANCE.md) has +been approved and instituted for the project, and two new maintainers from +different companies have joined the project to help Harbor continue to grow. + +## Incubating Stage Criteria + +In addition to sandbox requirements, a project must meet the following +criteria to become an incubation-stage project: + +* Document that it is being used successfully in production by at least three +independent end users which, in the TOC’s judgement, are of adequate quality +and scope. + + * Adopters: [https://github.com/goharbor/harbor/blob/master/ADOPTERS.md](https://github.com/goharbor/harbor/blob/master/ADOPTERS.md) + +* Have a healthy number of committers. A committer is defined as someone with +the commit bit; i.e., someone who can accept contributions to some or all of +the project. + + * Maintainers of the project are listed in +[https://github.com/goharbor/harbor/blob/master/OWNERS.md](https://github.com/goharbor/harbor/blob/master/OWNERS.md). There are 11 maintainers working on Harbor from 3 different +companies (VMware, Caicloud and Hyland Software) + + * Maintainers are added and removed from the project as per the policies +outlined in the project governance: +[https://github.com/goharbor/community/blob/master/GOVERNANCE.md](https://github.com/goharbor/community/blob/master/GOVERNANCE.md). + +* Demonstrate a substantial ongoing flow of commits and merged contributions. + + * Releases: 7 major releases ([https://github.com/goharbor/harbor/releases](https://github.com/goharbor/harbor/releases)) + + * Roadmap: [https://github.com/goharbor/harbor/wiki/Harbor-Roadmap](https://github.com/goharbor/harbor/wiki/Harbor-Roadmap) + + * Contributors: [https://github.com/goharbor/harbor/graphs/contributors](https://github.com/goharbor/harbor/graphs/contributors) + + * Commit activity: [https://github.com/goharbor/harbor/graphs/commit-activity](https://github.com/goharbor/harbor/graphs/commit-activity) + + * CNCF DevStats: [https://harbor.devstats.cncf.io/](https://harbor.devstats.cncf.io/) + * [Last 30 days activity on GitHub](https://harbor.devstats.cncf.io/d/8/dashboards?refresh=15m&orgId=1&from=now-30d&to=now-1h) + * [Community Stats](https://harbor.devstats.cncf.io/d/3/community-stats?orgId=1&var-period=d7&var-repo_name=goharbor%2Fharbor) + +Further details of Harbor's growth and progress since entering the sandbox +stage as well as use case details from the Harbor community can be found in this +[slide +deck](https://docs.google.com/presentation/d/1aBQnE96kKatc1_t3E97lJBwiWvL-3GTitojuv-nWMuo/). + +## Security + +Harbor's codebase has been analyzed and reviewed by VMware's internal product +security team. + +* Static analysis has been performed on Harbor via +[gosec](https://github.com/securego/gosec) +* Software decomposition via AppCheck, Snyk and retire.js with goal of +discovering outdated or vulnerable packages +* Manual code analysis / review +* Vulnerability assessment via multiple scanners +* Completed threat model + +In addition to this security work the Harbor maintainers are partnering with +the CNCF to schedule a third-party security audit of Harbor. From fec70a0f69f6bedd3abf87a394fd801729c9a572 Mon Sep 17 00:00:00 2001 From: Allen Sun Date: Fri, 12 Oct 2018 09:50:54 +0800 Subject: [PATCH 169/179] docs: add dragonfly proposal to toc Signed-off-by: Allen Sun --- proposals/dragonfly.adoc | 119 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 proposals/dragonfly.adoc diff --git a/proposals/dragonfly.adoc b/proposals/dragonfly.adoc new file mode 100644 index 0000000..97373da --- /dev/null +++ b/proposals/dragonfly.adoc @@ -0,0 +1,119 @@ +=== Dragonfly CNCF Sandbox Project Proposal + +*Name of Project:* Dragonfly + +*Description:* + +Dragonfly is an intelligent P2P based image and file distribution system. It aims to resolve three major issues: efficiency, flow control and security. + +It is a general tool which can be integrated with container engine to help deploy cloud native applications at scale. In addition, users can deploy Dragonfly easily on Kubernetes via Helm and daemonset. + +Dragonfly ensures distribution efficiency of images with P2P policy, the avoidance of duplicated image downloads. To not impact the other running applications, Dragonfly implements image distribution flow control, such as download bandwidth limit and disk IO protection. Dragonfly also takes advantages of encryption algorithm for image transmission in order to meet secure demand of enterprise. Here are some key features of Dragonfly: + +* P2P based file distribution +* Support a wide range of container technologies +* Host level speed limit +* Passive CDN for downloads +* Strong consistency of distributed image +* Disk protection and high efficient IO +* High performance +* Exception auto isolation +* Effective concurrency control of Registry Auth +* Image encryption when transmission + +Dragonfly consists of three major components: + +1. **SuperNode**: provides image cache services from source image registry; chooses appropriate downloading policy for each peer. + +1. **dfget**: is a client which downloads files from P2P network(peer nodes and SuperNode); receives control orders from SuperNode and transfers data among P2P network. + +1. **dfdaemon**: is an agent which proxies image pulling request from local container engine; filters out layer fetching requests and uses dfget to download all these layers. + +**Statement on alignment with CNCF mission:** + +The Cloud Native Dragonfly project is well-aligned with the CNCF's mission statement of supporting cloud native systems. When developers and operators finish to package applications in container images, Dragonfly aims to tackle distribution issue of packaged image distribution(1a). The intelligent distribution ability of Dragonfly can dynamically manage network bandwidth, disk IO and other resources efficiently to reduce maintenance and operation cost(1b). Dragonfly is decoupled with dependencies and designed to be consist of explicit and minimal services within itself(1c). + +The Cloud Native Dragonfly project is complimentary to other CNCF projects, such as Kubernetes, Helm, Harbor and containerd. SuperNode of Dragonfly can be deployed via Helm and dfget and dfdaemon agents can be deployed via daemonset of Kubernetes. When releasing a cloud native application in Kubernetes, Harbor takes advantanges of Dragonfly's open API to control the image preheater. when startup of pod, containerd sends image pull request to Dragonfly and Dragonfly takes over image distribution part automatically, efficiently and safely. + +*Roadmap:* + +Dragonfly intends to deliver more essential and advanced feature in ecosystem openness, scalability and security. For more details, please refer to https://github.com/alibaba/Dragonfly/blob/master/ROADMAP.md[ROADMAP]. + +*Sponsors from TOC:* Jonathan Boulle & Benjamin Hindman + +*Preferred maturity level:* Sandbox + +*License:* Apache License v2.0 + +*Source control:* GitHub (https://github.com/alibaba/dragonfly) + +*External Dependencies:* + +External dependencies of Falco are listed below: +|=== +|*Software*|*License*|*Project Page* + +|go-check|BSD|https://github.com/go-check/check/[https://github.com/go-check/check/] +|compress|BSD|https://github.com/klauspost/compress[https://github.com/klauspost/compress] +|cpuid|MIT|https://github.com/klauspost/cpuid[https://github.com/klauspost/cpuid] +|uuid|BSD|https://github.com/pborman/uuid[https://github.com/pborman/uuid] +|logrus|MIT|https://github.com/sirupsen/logrus[https://github.com/sirupsen/logrus] +|pflag|BSD|https://github.com/spf13/pflag[https://github.com/spf13/pflag] +|bytebufferpool|MIT|https://github.com/valyala/bytebufferpool[https://github.com/valyala/bytebufferpool] +|fasthttp|MIT|https://github.com/valyala/fasthttp[https://github.com/valyala/fasthttp] +|terminal|BSD|https://golang.org/x/crypto/ssh/terminal[https://golang.org/x/crypto/ssh/terminal] +|unix|MIT|https://golang.org/x/sys/unix[https://golang.org/x/sys/unix] +|windows|zlib|https://golang.org/x/sys/windows[https://golang.org/x/sys/windows] +|gcfg|BSD|https://gopkg.in/gcfg.v1[https://gopkg.in/gcfg.v1] +|yaml|Apache License 2.0|https://gopkg.in/yaml.v2[https://gopkg.in/yaml.v2] +|=== + +*Initial Committers:* + +Founding Maintainers: + + * Allen Sun (Alibaba) + * Chaobing Chen (Meitu) + * Jian Wang (Alibaba) + * Jin Zhang (Alibaba) + * Zuozheng Hu (Alibaba) + +Additional Maintainers: + + * Haibing Zhou (Ebay China) + +*Infrastructure requests (CI / CNCF Cluster):* + +_Development needs:_ + +We currently use Travis and CircleCI for CI, but we may want to use CNCF resources to deploy jenkis for node e2e test. + +_Production needs:_ + +none + +*Communication Channels:* + + * Gitter: https://gitter.im/alibaba/Dragonfly + * Mailing List: https://lists.cncf.io/g/cncf-dragonfly (proposed) + * Issue tracker: https://github.com/alibaba/Dragonfly/issues + +*Website:* https://alibaba.github.io/Dragonfly/ + +*Release methodology and mechanics:* + +We set the version rule of Dragonfly on the basis of SemVer which has a version number of MAJOR.MINOR.PATCH. Currently we do feature release 4-5 times per year(all with minor releases). Before every minor release, we plan to tag several RC releases to invite community developers to fully test them. In addition, all the code commits to Dragonfly project must add essential tests to cover the feature or code change. + +*Social media accounts:* + + * Twitter: https://twitter.com/dragonfly_oss[@dragonfly_oss] + +*Existing sponsorship*: Alibaba, AntFinancial and China Mobile + +*Community size:* + +2300+ stars + +3 full-time engineers + +16 contributors From e1138dbaaffdf1dad519c0ae18bf92a9fc257065 Mon Sep 17 00:00:00 2001 From: Kiran Mova Date: Sat, 13 Oct 2018 14:40:16 +0530 Subject: [PATCH 170/179] update self (kmova) to TOC contributor I represent MayaData, the company sponoring OpenEBS to help evaluate potential projects and contribute to working groups. I have been contributing to different projects under the CNCF landscape / Kubernetes related to Storage, Chaos Engineering and related projects since 2017 --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 8b2c7f9..efe6698 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -50,6 +50,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Josh Bernstein, Dell (Joshua.Bernstein@dell.com) * Justin Cormack, Docker (justin.cormack@docker.com) * Jun Du, Huawei (dujun5@huawei.com) +* Kiran Mova, MayaData (kiran.mova@mayadata.io) * Lachlan Evenson, Microsoft (lachlan.evenson@microsoft.com) * Lee Calcote, SolarWinds (leecalcote@gmail.com) * Lei Zhang, HyperHQ (harryzhang@zju.edu.cn) From 6899276ea9652da0592ceff5e77c1921002d301e Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Mon, 15 Oct 2018 19:02:30 -0500 Subject: [PATCH 171/179] Add 10/16/2018 TOC agenda --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index fe70851..b8c04f8 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,10 @@ The TOC has created the following working groups to investigate and discuss the All meetings are on the public CNCF calendar: https://goo.gl/eyutah +## Meeting Agenda and Minutes + +Meeting Minutes are recorded here: https://docs.google.com/document/d/1jpoKT12jf2jTf-2EJSAl4iTdA7Aoj_uiI19qIaECNFc/edit# + ## Meeting Time The TOC meets on the 1st and 3rd Tuesday of every month at 8AM PT (USA Pacific): @@ -222,3 +226,4 @@ If you're interested in presenting at a TOC call about your project, please open * [September 4th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) * [September 18th, 2018](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199) * [October 2nd, 2018](https://docs.google.com/presentation/d/1Xt1xNSN8_pGuDLl5H8xEYToFss7VoIm7GBG0e_HrsLc/edit?usp=sharing) +* [October 16th, 2018](https://docs.google.com/presentation/d/1UtObz-sbjJqtfoVxlfsl2YlalnZnWQQyH8wloDcRyXk/edit#slide=id.g25ca91f87f_0_0) From 1e8dde99ae7e3662a589cc3d19f29528a5284c91 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 31 Oct 2018 09:03:10 -0500 Subject: [PATCH 172/179] Initial stab at archiving process Closes #148 --- process/archiving.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 process/archiving.md diff --git a/process/archiving.md b/process/archiving.md new file mode 100644 index 0000000..df37ddd --- /dev/null +++ b/process/archiving.md @@ -0,0 +1,35 @@ +# CNCF Project Archiving Process v1.0 + +Open source projects have a lifecycle and there are times that projects become inactive due to a variety of reasons. There are also cases where a project may no longer want to be supported by the TOC. + +## Archiving Criteria + +There are different criteria to consider when archiving a project, but here are ones that the TOC looks for: + +* It hasn't seen a commit in over 6 months. +* It hasn't seen a release in over 6 months. +* There haven't been any issues opened for 6 months. +* Opened issues haven't received a response within 6 months. +* It's binaries/source are no longer being downloaded + +It is important to note that there is a difference between a mature project that doesn't get much attention anymore but is stable versus a project that is inactive. + +## Voting Process + +To archive a project: + +* A proposal must be put forth to the TOC repo and be open for at least 2 weeks of discussion. +* The TOC will inform the CNCF end user community and wider community of all archiving proposals +* A vote must be finalized with 2/3 approval from the TOC + +## Archiving Process + +What does archiving for a CNCF project mean? + +* CNCF will no longer provide any support for the project, via service desk +* CNCF will list archived projects online +* Archived CNCF projects will be transferred to the Linux Foundation for neutral holding and support + +## Reactivating an Archived Project + +Any project can be reactivated into CNCF by finally the normal project [proposal](https://github.com/cncf/toc/blob/master/process/project_proposals.adoc) and [sandbox](https://github.com/cncf/toc/blob/master/process/sandbox.md) process. From 6b18f28a340d33e0d1330c9743aca9431a562ee1 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 31 Oct 2018 09:03:56 -0500 Subject: [PATCH 173/179] Delete archiving.md (open PR for discussion) --- process/archiving.md | 35 ----------------------------------- 1 file changed, 35 deletions(-) delete mode 100644 process/archiving.md diff --git a/process/archiving.md b/process/archiving.md deleted file mode 100644 index df37ddd..0000000 --- a/process/archiving.md +++ /dev/null @@ -1,35 +0,0 @@ -# CNCF Project Archiving Process v1.0 - -Open source projects have a lifecycle and there are times that projects become inactive due to a variety of reasons. There are also cases where a project may no longer want to be supported by the TOC. - -## Archiving Criteria - -There are different criteria to consider when archiving a project, but here are ones that the TOC looks for: - -* It hasn't seen a commit in over 6 months. -* It hasn't seen a release in over 6 months. -* There haven't been any issues opened for 6 months. -* Opened issues haven't received a response within 6 months. -* It's binaries/source are no longer being downloaded - -It is important to note that there is a difference between a mature project that doesn't get much attention anymore but is stable versus a project that is inactive. - -## Voting Process - -To archive a project: - -* A proposal must be put forth to the TOC repo and be open for at least 2 weeks of discussion. -* The TOC will inform the CNCF end user community and wider community of all archiving proposals -* A vote must be finalized with 2/3 approval from the TOC - -## Archiving Process - -What does archiving for a CNCF project mean? - -* CNCF will no longer provide any support for the project, via service desk -* CNCF will list archived projects online -* Archived CNCF projects will be transferred to the Linux Foundation for neutral holding and support - -## Reactivating an Archived Project - -Any project can be reactivated into CNCF by finally the normal project [proposal](https://github.com/cncf/toc/blob/master/process/project_proposals.adoc) and [sandbox](https://github.com/cncf/toc/blob/master/process/sandbox.md) process. From c46b1afb333f80fbf1b8e153cb207d069162511c Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 31 Oct 2018 18:13:14 -0500 Subject: [PATCH 174/179] Add how TOC members were appointed --- process/election-schedule.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/process/election-schedule.md b/process/election-schedule.md index a0a2e4a..e8b69c2 100644 --- a/process/election-schedule.md +++ b/process/election-schedule.md @@ -14,15 +14,15 @@ The key sections of the [charter](https://www.cncf.io/about/charter/) are: Current TOC [Members](https://github.com/cncf/toc#members) and their terms are: -* Jonathan Boulle (term: 3 years - start date: 1/29/2016) -* Bryan Cantrill (term: 3 years - start date: 1/29/2016) -* Camille Fournier (term: 3 years - start date: 1/29/2016) -* Brian Grant (term: 2 years - start date: 3/17/2018) -* Benjamin Hindman (term: 3 years - start date: 1/29/2016) -* Quinton Hoole (term: 1 year - start date: 3/17/2018) -* Sam Lambert (term: 16 months - start date: 10/2/2017) -* Ken Owens (term: 3 years - start date: 1/29/2016) -* Alexis Richardson (term: 3 years - start date: 1/29/2016) +* Jonathan Boulle (term: 3 years - start date: 1/29/2016) [GB appointed] +* Bryan Cantrill (term: 3 years - start date: 1/29/2016) [GB appointed] +* Camille Fournier (term: 3 years - start date: 1/29/2016) [GB appointed] +* Brian Grant (term: 2 years - start date: 3/17/2018) [TOC appointed] +* Benjamin Hindman (term: 3 years - start date: 1/29/2016) [GB appointed] +* Quinton Hoole (term: 1 year - start date: 3/17/2018) [TOC appointed] +* Sam Lambert (term: 16 months - start date: 10/2/2017) [enduser appointed] +* Ken Owens (term: 3 years - start date: 1/29/2016) [GB appointed] +* Alexis Richardson (term: 3 years - start date: 1/29/2016) [GB appointed] On 1/29/2019, the other 6 TOC positions are up for re-election by the GB. The charter requires that the initial appointments have been for 3 years (which they were), but to use staggered, 2-year terms going forward. We propose that half of the positions get a 1-year term in just that cycle (by drawing straws), so that each year afterwards, 3 of the 6 will be reappointed or replaced. From 7e5f484397b8df91d528cb5d1d58a9a84ef43b31 Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 31 Oct 2018 20:17:45 -0500 Subject: [PATCH 175/179] Update 6(e)(ii) to reflect an outdated charter --- process/election-schedule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process/election-schedule.md b/process/election-schedule.md index e8b69c2..8e560b3 100644 --- a/process/election-schedule.md +++ b/process/election-schedule.md @@ -8,7 +8,7 @@ The key sections of the [charter](https://www.cncf.io/about/charter/) are: >6(c)(i) The TOC shall select a Chair of the TOC to set agendas and call meetings of the TOC. ->6(e)(ii) Nominations: Each individual (entity or member) eligible to nominate a TOC member may nominate up to two (2) technical representatives, (from vendors, end users or any other fields), at most one of which may be from their respective company. +>6(e)(ii) Nominations: Each CNCF member may nominate up to two (2) technical representatives, (from vendors, end users or any other fields), at most one of which may be from their respective company. The nominee(s) must agree to participate prior to being added to the nomination list. >6(f)(i) TOC Members shall serve two-year, staggered terms. The initial six elected TOC members from the Governing Board election shall serve an initial term of three (3) years. The TOC members initially elected by the End User TAB and TOC shall serve an initial term of two (2) years. From f039055a913032ddb6c34b747fc5cd81b6b95bb6 Mon Sep 17 00:00:00 2001 From: Ken Owens Date: Fri, 9 Nov 2018 11:42:24 -0600 Subject: [PATCH 176/179] Create Due Diligence project review template This DD review will be added to all graduating projects PRs --- process/DD Review Template | 100 +++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 process/DD Review Template diff --git a/process/DD Review Template b/process/DD Review Template new file mode 100644 index 0000000..571c9cf --- /dev/null +++ b/process/DD Review Template @@ -0,0 +1,100 @@ +# Due Diligence Project Review Template +This page provides project review guidelines to those leading or contributing to due diligence exercises performed by or on behalf of the Technical Oversight Committee of the CNCF. + +## Introduction +The decision to graduate or promote a project depend on the TOC sponsors of the project performina dn documenting the evaluation process in deciding upon initial or continued inclusion of projects through a Technical Due Diligence ('Tech DD') exercise. Ultimately the voting members of the TOC will, on the basis of this and other information, vote for or against the inclusion of each project at the relevant time. + +## Technical Due Diligence +### Primary Goals +To enable the voting TOC members to cast an informed vote about a project, it is crucial that each member is able to form their own opinion as to whether and to what extent the project meets the agreed upon criteria for sandbox, incubation or graduation. As the leader of a DD, your job is to make sure that they have whatever information they need, succinctly and readily available, to form that opinion. + +As a secondary goal, it is in the interests of the broader CNCF ecosystem that there exists some reasonable degree of consensus across the community regarding the inclusion or otherwise of projects at the various maturity levels. Making sure that the relevant information is available, and any disagreement or misunderstanding as to it's validity are ideally resolved, helps to foster this consensus. + +## Statment of CNCF Alignment to TOC Principles +1. Project is self-goverrning +2. Is there a documented Code of Conduct that adhears to the CNCF guidelines? +3. Does the project have production deployments that are high quality and high-velocity? (for incubation and graduated projects). +(Sandbox level projects are targeted at earlier-stage projects to cultivate a community/technology) +4. Is the project committed to acheiving the CNCF principls and do they have a committed roadmap to address any areas of concern raised by the community? +5. The project needs to be reviewed and dosucment that the project has a fundamentally sound design without obvious critical compromises that will inhibit potential widespread adoption +6. Document that the project is useful for cloud native deployments & degree that its architected in a cloud native style +7. Document that the project has an affinity for how CNCF operates and understand the expectation of being a CNCF project. + +## Review of graduation criteria and desired cloud native properties +/* Use appropriate Section */ + +### Sandbox Graduation (Exit Requirements) +1. Document that it is being used successfully in production by at least three independent end users which with focus on adequate quality and scope defined. +2. Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. +3. Demonstrate a substantial ongoing flow of commits and merged contributions. + +### Incubating Stage Graduation (Exit Requirements) +1. Document that it is being used successfully in production by at least three independent end users which with focus on adequate quality and scope defined. +2. Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project. +3. Demonstrate a substantial ongoing flow of commits and merged contributions. +4. Have committers from at least two organizations. +5. Have achieved and maintained a Core Infrastructure Initiative Best Practices Badge. +6. Adopted the CNCF Code of Conduct. +7. Explicitly define a project governance and committer process. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers. +8. Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website). + +### Documentation of CNCF Alignment (if not addressed above): +name of project (must be unique within CNCF) +project description (what it does, why it is valuable, origin and history) +statement on alignment with CNCF charter mission +sponsor from TOC (sponsor helps mentor projects) +license (charter dictates Apache 2 by default) +source control (GitHub by default) +external dependencies (including licenses) +release methodology and mechanics +community size and any existing sponsorship + +##Technical +* An architectural, design and feature overview should be available. (add link) +* What are the primary target cloud-native use cases? Which of those: + * Can be accomplished now. + * Can be accomplished with reasonable additional effort (and are ideally already on the project roadmap). + * Are in-scope but beyond the current roadmap. + * Are out of scope. +* What are the current performance, scalability and resource consumption bounds of the software? Have these been explicitly tested? Are they appropriate given the intended usage (e.g. agent-per-node or agent-per-container need to be lightweight, etc)? +* What exactly are the failure modes? Are they well understood? Have they been tested? Do they form part of continuous integration testing? Are they appropriate given the intended usage (e.g. cluster-wide shared services need to fail gracefully etc)? +* What trade-offs have been made regarding performance, scalability, complexity, reliability, security etc? Are these trade-offs explicit or implicit? Why? Are they appropriate given the intended usage? Are they user-tunable? +* What are the most important holes? No HA? No flow control? Inadequate integration points? +* Code quality. Does it look good, bad or mediocre to you (based on a spot review). How thorough are the code reviews? Substance over form. Are there explicit coding guidelines for the project? +* Dependencies. What external dependencies exist, do they seem justified? +* What is the release model? Versioning scheme? Evidence of stability or otherwise of past stable released versions? +* What is the CI/CD status? Do explicit code coverage metrics exist? If not, what is the subjective adequacy of automated testing? Do different levels of tests exist (e.g. unit, integration, interface, end-to-end), or is there only partial coverage in this regard? Why? +* What licensing restrictions apply? Again, CNCF staff will handle the full legal due diligence. +* What are the recommended operational models? Specifically, how is it operated in a cloud-native environment, such as on Kubernetes? + +## Project +* Do we believe this is a growing, thriving project with committed contributors? +* Is it aligned with CNCF's values and mission? +* Do we believe it could eventually meet the graduation criteria? +* Should it start at the sandbox level or incubation level? +* Does ithe project have a sound, documented process for source control, issue tracking, release management etc. +* Does it have a documented process for adding committers? +* Does it have a documented governance model of any kind? +* Does it have committers from multiple organizations? +* Does it have a code of conduct? +* Does it have a license? Which one? Does it have a CLA or DCO? Are the licenses of it's dependencies compatible with their usage and CNCF policies? CNCF staff will handle the full legal due diligence. +* What is the general quality of informal communication around the project (slack, github issues, PR reviews, technical blog posts, etc)? +* How much time does the core team commit to the project? +* How big is the team? Who funds them? Why? How much? For how long? +* Who are the clear leaders? Are there any areas lacking clear leadership? Testing? Release? Documentation? These roles sometimes go unfilled. +* Besides the core team, how active is the surrounding community? Bug reports? Assistance to newcomers? Blog posts etc. +* Do they make it easy to contribute to the project? If not, what are the main obstacles? +* Are there any especially difficult personalities to deal with? How is this done? Is it a problem? +* What is the rate of ongoing contributions to the project (typically in the form of merged commits). + +## Users +* Who uses the project? Get a few in-depth references from 2-4 of them who actually know and understand it. +* What do real users consider to be it's strengths and weaknesses? Any concrete examples of these? +* Perception vs Reality: Is there lots of buzz, but the software is flaky/untested/unused? Does it have a bad reputation for some flaw that has already been addressed? + +## Context +* What is the origin and history of the project? +* Where does it fit in the market and technical ecosystem? +* Is it growing or shrinking in that space? Is that space growing or shrinking? +* How necessary is it? What do people who don't use this project do? Why exactly is that not adequate, and in what situations? +* Clearly compare and contrast with peers in this space. A summary matrix often helps. Beware of comparisons that are too superficial to be useful, or might have been manipulated so as to favor some projects over others. Most balanced comparisons will include both strengths and weaknesses, require significant detailed research, and usually there is no hands-down winner. Be suspicious if there appears to be one. From 15db4b3e840fe99bff898a43b44d6b8a0d9bdb10 Mon Sep 17 00:00:00 2001 From: Ed Lee Date: Tue, 13 Nov 2018 15:50:30 -0800 Subject: [PATCH 177/179] Update CONTRIBUTORS.md --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index efe6698..01e2051 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -37,6 +37,7 @@ List below is the official list of TOC contributors, in alphabetical order: * Drew Rapenchuk, Bloomberg (drapenchuk@bloomberg.net) * Dustin Kirkland, Canonical (kirkland@canonical.com) * Eduardo Silva, Treasure Data (eduardo@treasure-data.com) +* Edward Lee, Intuit (edward_lee@intuit.com) * Erin Boyd, Red Hat (eboyd@redhat.com) * Gergely Csatari, Nokia (gergely.csatari@nokia.com) * Ghe Rivero, Independent (ghe.rivero@gmail.com) From 22c2d5734a30d663a4f101e2ffe1db2938530b5d Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Wed, 14 Nov 2018 09:07:26 +0800 Subject: [PATCH 178/179] Harbor is now an incubating project https://www.cncf.io/blog/2018/11/13/harbor-into-incubator --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b8c04f8..7ed88e7 100644 --- a/README.md +++ b/README.md @@ -95,15 +95,13 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [CloudEvents](https://github.com/cloudevents)|Brian Grant, Ken Owens|[11/14/17](https://goo.gl/vKbawR)|[5/22/18](https://www.cncf.io/blog/2018/05/22/cloudevents-in-the-sandbox/)|Sandbox [Telepresence](https://github.com/telepresenceio)|Alexis Richardson, Camille Fournier|[4/17/18](https://docs.google.com/presentation/d/1VrHKGre5Y8AbmXEOXu4VPfILReoLT38Uw9TMN71u08E/edit?usp=sharing)|[5/22/18](https://www.cncf.io/blog/2018/05/22/telepresence-in-the-sandbox/)|Sandbox [Helm](https://github.com/helm)|Brian Grant|[5/15/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[6/1/18](https://www.cncf.io/blog/2018/06/01/cncf-to-host-helm/)|Incubating -[Harbor](https://github.com/goharbor)|Quinton Hoole, Ken Owens|[6/19/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[7/31/18](https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/)|Sandbox +[Harbor](https://github.com/goharbor)|Quinton Hoole, Ken Owens|[6/19/18](https://docs.google.com/presentation/d/1KNSv70fyTfSqUerCnccV7eEC_ynhLsm9A_kjnlmU_t0/edit#slide=id.g25ca91f87f_0_0)|[7/31/18](https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/)|Incubating [OpenMetrics](https://github.com/OpenObservability/OpenMetrics)|Alexis Richardson, Bryan Cantrill|[6/20/17](https://goo.gl/6nmyDn)|[8/10/18](https://www.cncf.io/blog/2018/08/10/cncf-to-host-openmetrics/)|Sandbox [TiKV](https://github.com/tikv/tikv)|Ben Hindman, Bryan Cantrill|[7/3/18](https://docs.google.com/presentation/d/1864TEfbwCpbW5kPYGQNAfqAUdc3X83n-_OYigqxfohw/edit?usp=sharing)|[8/28/18](https://www.cncf.io/blog/2018/08/28/cncf-to-host-tikv/)|Sandbox [Cortex](https://github.com/cortexproject/cortex)|Ken Owens, Bryan Cantrill|[6/5/18](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0)|[9/20/18](https://www.cncf.io/blog/2018/09/20/cncf-to-host-in-the-sandbox/)|Sandbox [Buildpacks](https://github.com/buildpack/spec)|Brian Grant, Alexis Richardson|[8/21/18](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing)|[10/3/18](https://www.cncf.io/blog/2018/10/03/cncf-to-host-cloud-native-buildpacks-in-the-sandbox)|Sandbox [Falco](https://github.com/falcosecurity/falco)|Brian Grant, Quinton Hoole|[7/17/18](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing)|[10/10/18](https://falco.org/)|Sandbox -Quinton Hoole, Brian Grant - ## Website Guidelines CNCF has the following [guidelines](https://www.cncf.io/projects/website-guidelines/) for the websites of our projects. @@ -161,7 +159,7 @@ If you're interested in presenting at a TOC call about your project, please open * **Sep 18, 2018**: netdata * **Oct 2, 2018**: keycloak * **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) -* **Nov 6, 2018**: Graduation/Project Reviews: TUF +* **Nov 20, 2018**: Graduation/Project Reviews ## Meeting Minutes From da565be91579d34c90443fb3c3e4a1eeea154e5e Mon Sep 17 00:00:00 2001 From: Chris Aniszczyk Date: Thu, 15 Nov 2018 07:48:28 +0800 Subject: [PATCH 179/179] Add Dragonfly as sandbox project https://github.com/dragonflyoss/dragonfly --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7ed88e7..5f586fd 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,7 @@ Here is a link to a World Time Zone Converter here http://www.thetimezoneconvert [Cortex](https://github.com/cortexproject/cortex)|Ken Owens, Bryan Cantrill|[6/5/18](https://docs.google.com/presentation/d/190oIFgujktVYxWZLhLYN4q8p9dtQYoe4sxHgn4deBSI/edit#slide=id.g25ca91f87f_0_0)|[9/20/18](https://www.cncf.io/blog/2018/09/20/cncf-to-host-in-the-sandbox/)|Sandbox [Buildpacks](https://github.com/buildpack/spec)|Brian Grant, Alexis Richardson|[8/21/18](https://docs.google.com/presentation/d/1RkygwZw7ILVgGhBpKnFNgJ4BCc_9qMG8cIf0MRbuzB4/edit?usp=sharing)|[10/3/18](https://www.cncf.io/blog/2018/10/03/cncf-to-host-cloud-native-buildpacks-in-the-sandbox)|Sandbox [Falco](https://github.com/falcosecurity/falco)|Brian Grant, Quinton Hoole|[7/17/18](https://docs.google.com/presentation/d/17p5QBVooGMLAtX6Mn6d3NAFhRmFHE0cH-WI_-0MbOm8/edit?usp=sharing)|[10/10/18](https://falco.org/)|Sandbox +[Dragonfly](https://github.com/dragonflyoss/dragonfly)|Jonathan Boulle, Benjamin Hindman|[9/4/18](https://docs.google.com/presentation/d/1umu-iT5ZXq5XsMFmqmVeRe-tn2y7DeSoCebhrehi7fk/edit#slide=id.g41381b8fd7_0_199)|[11/15/18](https://github.com/oss/dragonfly)|Sandbox ## Website Guidelines @@ -158,8 +159,8 @@ If you're interested in presenting at a TOC call about your project, please open * **Sep 4, 2018**: OpenMessaging/Dragonfly * **Sep 18, 2018**: netdata * **Oct 2, 2018**: keycloak -* **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) * **Nov 20, 2018**: Graduation/Project Reviews +* **Oct 16, 2018**: (interested presenters contact cra@linuxfoundation.org or open up a github [issue](https://github.com/cncf/toc/issues)) ## Meeting Minutes