toc icon indicating copy to clipboard operation
toc copied to clipboard
verified publisher icon cncf

[Incubation] k8gb Incubation Application

Open elohmrow opened this issue 1 year ago • 8 comments

k8gb Incubation Application

v1.5 This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.

Project Repo(s): https://github.com/k8gb-io/k8gb Project Site: https://github.com/k8gb-io/k8gb Sub-Projects: None Communication: https://cloud-native.slack.com/archives/C021P656HGB

Project points of contact:

Incubation Criteria Summary for k8gb

Adoption Assertion

Application Process Principles

Suggested

N/A

Required

  • [x] Give a presentation and engage with the domain specific TAG(s) to increase awareness

  • [ ] TAG provides insight/recommendation of the project in the context of the landscape

  • [x] All project metadata and resources are vendor-neutral.

    • Notes:
      • Project website: k8gb.io is self-hosted
      • GitHub Repo: https://github.com/k8gb-io/k8gb is self-hosted
      • Slack: #k8gb is CNCF-hosted
      • Mailing-list: [email protected] is CNCF-hosted
      • LinkedIn: https://www.linkedin.com/company/k8gb/ is self-hosted
      • Twitter / X: https://x.com/k8gb_io is self-hosted
      • Blog (Medium): https://medium.com/@kubernetesglobalbalancer is Medium-hosted
      • Zoom: https://zoom-lfx.platform.linuxfoundation.org/meeting/92572060749?password=645f8346-1952-44fa-bd9b-45208260fc10 is Linux Foundation hosted
      • Community meeting invite: https://zoom-lfx.platform.linuxfoundation.org/meetings/k8gb?view=week lives on the Linux Foundation calendar

  • [x] Review and acknowledgement of expectations for Sandbox projects and requirements for moving forward through the CNCF Maturity levels.

    • No sandbox application can be found, but, according to https://www.cncf.io/projects/k8gb/, k8gb was accepted to CNCF on March 30, 2021 at the Sandbox maturity level. Reference to Onboarding PR https://github.com/cncf/sandbox/issues/251

  • [x] Due Diligence Review.

    • WIP with TOC Sponsor / https://github.com/k8gb-io/k8gb/issues/1906 Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisfies the Due Diligence Review criteria.

  • [x] Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.

    • Installation:
      • k8gb requires a single Gslb CRD to enable Global Load Balancing.
      • Quick Start: https://github.com/k8gb-io/k8gb?tab=readme-ov-file#quick-start
      • Other integrations: https://github.com/k8gb-io/k8gb?tab=readme-ov-file#installation-and-configuration-tutorials
    • End user documentation:
      • https://www.k8gb.io/
      • https://www.k8gb.io/#installation-and-configuration-tutorials
    • Blog posts:
      • https://medium.com/@kubernetesglobalbalancer

Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Update: Governance Review opened here: https://github.com/cncf/toc/issues/1963

Suggested

  • [x] Clear and discoverable project governance documentation.

    • See https://github.com/k8gb-io/k8gb/blob/master/GOVERNANCE.md

  • [ ] Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.

  • [x] Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.

  • [x] Governance clearly documents vendor-neutrality of project direction.

  • [x] Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.

  • [x] Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).

  • [x] Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).

  • [x] Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.

  • [x] If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.

    • No subprojects

Required

  • [x] Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.

    • See https://github.com/k8gb-io/k8gb/blob/master/GOVERNANCE.md#maintainers

  • [x] A number of active maintainers which is appropriate to the size and scope of the project.

    • 6 active maintainers from Upbound, Absa Group, Kedify, and Open Systems.

  • [x] Code and Doc ownership in Github and elsewhere matches documented governance roles.

  • [x] Document agreement that project will adopt CNCF Code of Conduct.

    • k8gb has adopted the CNCF Code of Conduct. See https://github.com/k8gb-io/k8gb/blob/master/CODE_OF_CONDUCT.md

  • [x] CNCF Code of Conduct is cross-linked from other governance documents.

  • [x] All subprojects, if any, are listed.

    • No subprojects

Contributors and Community

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

  • [ ] Contributor ladder with multiple roles for contributors.

Required

  • [x] Clearly defined and discoverable process to submit issues or changes.

    • See https://github.com/k8gb-io/k8gb/blob/master/CONTRIBUTING.md

  • [x] Project must have, and document, at least one public communications channel for users and/or contributors.

    • See https://www.k8gb.io/ "Join #k8gb on CNCF Slack"
    • Existing public communications channels:
      • Slack: #k8gb
      • LinkedIn: https://www.linkedin.com/company/k8gb/
      • Twitter / X: https://x.com/k8gb_io
      • Community meetings: https://zoom-lfx.platform.linuxfoundation.org/meetings/k8gb?view=week

  • [x] List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.

    • Project website: k8gb.io
    • GitHub Repo: https://github.com/k8gb-io/k8gb
    • Slack: #k8gb
    • Mailing-list: [email protected]
    • LinkedIn: https://www.linkedin.com/company/k8gb/

  • [x] Up-to-date public meeting schedulers and/or integration with CNCF calendar.

    • Zoom: https://zoom-lfx.platform.linuxfoundation.org/meeting/92572060749?password=645f8346-1952-44fa-bd9b-45208260fc10 is Linux Foundation hosted
    • Community meeting invite: https://zoom-lfx.platform.linuxfoundation.org/meetings/k8gb?view=week lives on the Linux Foundation calendar

  • [x] Documentation of how to contribute, with increasing detail as the project matures.

    • See https://github.com/k8gb-io/k8gb/blob/master/CONTRIBUTING.md

  • [x] Demonstrate contributor activity and recruitment.

    • 39 community members, including 6 active maintainers, have contributed to k8gb's 36 releases.
    • See devstat metrics: https://k8gb.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1

Engineering Principles

Suggested

  • [x] Roadmap change process is documented.

    • See https://github.com/k8gb-io/k8gb/blob/master/ROADMAP.md

  • [x] History of regular, quality releases.

    • 39 community members have contributed to k8gb's 36 releases: https://github.com/k8gb-io/k8gb/releases
    • k8gb have moved to a quarterly release cycle

Required

  • [x] Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently.

    • See https://www.k8gb.io/#key-differentiators

  • [x] Document what the project does, and why it does it - including viable cloud native use cases.

    • See https://www.k8gb.io/ and https://www.k8gb.io/#motivation-and-architecture

  • [x] Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.

    • See https://github.com/k8gb-io/k8gb/blob/master/ROADMAP.md

  • [x] Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation.

    • See the extended architecture documentation here
    • Internal k8gb architecture and its components are described here

  • [x] Document the project's release process.

    • See https://github.com/k8gb-io/k8gb/blob/master/CONTRIBUTING.md#release-process

Security

Note: this section may be augmented by a joint-assessment performed by TAG Security.

Suggested

N/A

Required

  • [x] Clearly defined and discoverable process to report security issues.

  • [x] Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)

    • The setting "Require two-factor authentication for everyone in the k8gb organization." is enabled for https://github.com/k8gb-io organization.

  • [x] Document assignment of security response roles and how reports are handled.

  • [x] Document Security Self-Assessment.

    • See https://github.com/k8gb-io/k8gb/blob/master/self-assessment.md
    • See also https://github.com/k8gb-io/k8gb/blob/master/SECURITY.md and https://github.com/k8gb-io/k8gb/blob/master/SECURITY-INSIGHTS.yml

  • [x] Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.

    • k8gb has achieved the OpenSSF Best Practices passing badge: https://www.bestpractices.dev/en/projects/4866. It is linked on the https://www.k8gb.io/ index page and the main README of https://github.com/k8gb-io/k8gb.

Ecosystem

Suggested

N/A

Required

  • [x] Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)

    • See https://github.com/k8gb-io/k8gb/blob/master/ADOPTERS.md

  • [x] Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)

    • See https://github.com/k8gb-io/k8gb/blob/master/ADOPTERS.md

The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation.

  • [ ] TOC verification of adopters.

Refer to the Adoption portion of this document.

  • [x] Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.
    • See https://www.k8gb.io/#installation-and-configuration-tutorials for examples of known integrations with other CNCF projects as well as non-CNCF projects.

Additional Information

millennium-bcp case study - TL;DR on LinkedIn

presentations-featuring-k8gb

online-publications-featuring-k8gb

books-featuring-k8gb

elohmrow avatar Oct 29 '24 15:10 elohmrow

@rochaporto to triage

angellk avatar Jan 21 '25 16:01 angellk

Thanks @elohmrow .

In preparation for k8gb to be picked up by a TOC member please:

Also i would recommend working on the following items (it will help speedup the process later):

  • Give a new project update to TAG-Network: the previous one was done in April 2021
  • Add affiliation information to the list of maintainers
  • Clarify the security self-assessment. The pointer passed is in the project's repo and has part of the information requested by the TAG-Security self-assessment form. Would be useful to create an issue with TAG-Security and follow it up there, also so that the document is added to the project list

rochaporto avatar Jan 21 '25 16:01 rochaporto

Hi @rochaporto 👋

Thanks for helping with this 👍

  • ✅ review the definition of an adopter
  • ✅ verify 5-7 project adopters that can and are willing to be interviewed by the TOC reviewer(s) and submit information for each adopter to the Adopter Interview Questionnaire form. - note: 7 submitted so far
  • ✅ Give a new project update to TAG-Network: the previous one was done in April 2021 - note: k8gb gave a preso to the Network TAG on 23 January 25). slides are here - link to the recording: https://www.youtube.com/watch?v=neWnJad-IxI
  • ✅ Add affiliation information to the list of maintainers - note: added with PRs: https://github.com/k8gb-io/k8gb/pull/1805 and https://github.com/k8gb-io/k8gb/pull/1821
  • ✅ Clarify the security self-assessment. The pointer passed is in the project's repo and has part of the information requested by the TAG-Security self-assessment form. Would be useful to create an issue with TAG-Security and follow it up there, also so that the document is added to the project list - note 1: self-assessment clarified: https://github.com/k8gb-io/k8gb/blob/master/self-assessment.md through PRs https://github.com/k8gb-io/k8gb/pull/1806, https://github.com/k8gb-io/k8gb/pull/1809, and https://github.com/k8gb-io/k8gb/pull/1810 note 2: ~Issue created with TAG-Security: https://github.com/cncf/tag-security/issues/1441~ <- we only need to do the self-assessment at this time, not the joint assessment. note 3: PR opened on TAG Security repo: https://github.com/cncf/tag-security/pull/1446

elohmrow avatar Jan 21 '25 18:01 elohmrow

@rochaporto looks like we have ticked everything off the list - should we do anything else before a TOC member is assigned?

elohmrow avatar Jan 29 '25 10:01 elohmrow

Thanks @elohmrow - the projects follow the queue for TOC member assignment. There are 5 projects ahead of K8gb in the 'New' queue that will either be moved forward or closed. K8gb will be alerted in the event a TOC member is assigned.

CNCF Projects team has been made aware of the issue linked above and will look into a course of action. cc: @krook

angellk avatar Feb 07 '25 23:02 angellk

Hello K8gb! Ricardo and I will be conducting your Due Diligence. Please give us a few weeks to get things set up so we can schedule a kick off call. With KCCN freeze imminent, expect us to reach back out post-kubecon. We're looking forward to working with you!

TheFoxAtWork avatar Oct 14 '25 16:10 TheFoxAtWork

@kashifest @joshgav have volunteered to do the tech and gov review

mrbobbytables avatar Oct 16 '25 15:10 mrbobbytables

security self-assessment moved to https://github.com/cncf/toc/pull/1977. see https://github.com/cncf/tag-security/pull/1446#issuecomment-3602311478

elohmrow avatar Dec 02 '25 14:12 elohmrow