[Incubation] k8gb Incubation Application

[elohmrow]

k8gb Incubation Application

v1.5
This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.

Project Repo(s): https://github.com/k8gb-io/k8gb
Project Site: https://github.com/k8gb-io/k8gb
Sub-Projects: None
Communication: https://cloud-native.slack.com/archives/C021P656HGB

Project points of contact:

• Yury Tsarev (@ytsarev) yury@upbound.io

• @donovanmuller

• @k0da

• @kuritka

• @jkremser

• @abaguas

• Bradley Andersen (@elohmrow) bradley.andersen@pm.me

• (Post Incubation only) Book a meeting with CNCF staff to understand project benefits and event resources.

Incubation Criteria Summary for k8gb

Adoption Assertion

• See https://github.com/k8gb-io/k8gb/blob/master/ADOPTERS.md
  The project has been adopted by the following organizations in a testing and integration or production capacity:
  • Absa
  • Millennium bcp
  • Eficode
  • Open Systems
  • PagBank

Application Process Principles

Suggested

N/A

Required

• Give a presentation and engage with the domain specific TAG(s) to increase awareness

  • This was completed and occurred on 01-Apr-2021. It was not recorded, but a reference to it can be found in the CNCF TAG Network Meeting Notes.

• TAG provides insight/recommendation of the project in the context of the landscape

• All project metadata and resources are vendor-neutral.

  • Notes:
    • Project website: k8gb.io is self-hosted
    • GitHub Repo: https://github.com/k8gb-io/k8gb is self-hosted
    • Slack: #k8gb is CNCF-hosted
    • Mailing-list: cncf-k8gb-maintainers@lists.cncf.io is CNCF-hosted
    • LinkedIn: https://www.linkedin.com/company/k8gb/ is self-hosted
    • Twitter / X: https://x.com/k8gb_io is self-hosted
    • Blog (Medium): https://medium.com/@kubernetesglobalbalancer is Medium-hosted
    • Zoom: https://zoom-lfx.platform.linuxfoundation.org/meeting/92572060749?password=645f8346-1952-44fa-bd9b-45208260fc10 is Linux Foundation hosted
    • Community meeting invite: https://zoom-lfx.platform.linuxfoundation.org/meetings/k8gb?view=week lives on the Linux Foundation calendar

• Review and acknowledgement of expectations for Sandbox projects and requirements for moving forward through the CNCF Maturity levels.

  • No sandbox application can be found, but, according to https://www.cncf.io/projects/k8gb/, k8gb was accepted to CNCF on March 30, 2021 at the Sandbox maturity level. Reference to Onboarding PR [PROJECT ONBOARDING] k8gb sandbox#251

• Due Diligence Review.

  • WIP with TOC Sponsor / Epic: [DTR] k8gb-io/k8gb#1906
    Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisfies the Due Diligence Review criteria.

• Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.

  • Installation:
    • k8gb requires a single Gslb CRD to enable Global Load Balancing.
    • Quick Start: https://github.com/k8gb-io/k8gb?tab=readme-ov-file#quick-start
    • Other integrations: https://github.com/k8gb-io/k8gb?tab=readme-ov-file#installation-and-configuration-tutorials
  • End user documentation:
    • https://www.k8gb.io/
    • https://www.k8gb.io/#installation-and-configuration-tutorials
  • Blog posts:
    • https://medium.com/@kubernetesglobalbalancer

Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

• Clear and discoverable project governance documentation.

  • See https://github.com/k8gb-io/k8gb/blob/master/GOVERNANCE.md

• Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.

• Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.

• Governance clearly documents vendor-neutrality of project direction.

• Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.

  • See Leadership
  • See Changes
  • See Contributions and Contributing

• Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).

  • See Maintainers
  • See Conflict Resolution

• Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).

  • See Maintainers

• Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.

  • See Maintainers

• If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.

  • No subprojects

Required

• Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.

  • See https://github.com/k8gb-io/k8gb/blob/master/GOVERNANCE.md#maintainers

• A number of active maintainers which is appropriate to the size and scope of the project.

  • 6 active maintainers from Upbound, Absa Group, Kedify, and Open Systems.

• Code and Doc ownership in Github and elsewhere matches documented governance roles.

  • See Codeowners

• Document agreement that project will adopt CNCF Code of Conduct.

  • k8gb has adopted the CNCF Code of Conduct. See https://github.com/k8gb-io/k8gb/blob/master/CODE_OF_CONDUCT.md

• CNCF Code of Conduct is cross-linked from other governance documents.

  • CNCF Code of Conduct is linked at Code of Conduct and cross-linked from there to Governance and Security Insights

• All subprojects, if any, are listed.

  • No subprojects

Contributors and Community

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

• Contributor ladder with multiple roles for contributors.

Required

• Clearly defined and discoverable process to submit issues or changes.

  • See https://github.com/k8gb-io/k8gb/blob/master/CONTRIBUTING.md

• Project must have, and document, at least one public communications channel for users and/or contributors.

  • See https://www.k8gb.io/ "Join #k8gb on CNCF Slack"
  • Existing public communications channels:
    • Slack: #k8gb
    • LinkedIn: https://www.linkedin.com/company/k8gb/
    • Twitter / X: https://x.com/k8gb_io
    • Community meetings: https://zoom-lfx.platform.linuxfoundation.org/meetings/k8gb?view=week

• List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.

  • Project website: k8gb.io
  • GitHub Repo: https://github.com/k8gb-io/k8gb
  • Slack: #k8gb
  • Mailing-list: cncf-k8gb-maintainers@lists.cncf.io
  • LinkedIn: https://www.linkedin.com/company/k8gb/

• Up-to-date public meeting schedulers and/or integration with CNCF calendar.

  • Zoom: https://zoom-lfx.platform.linuxfoundation.org/meeting/92572060749?password=645f8346-1952-44fa-bd9b-45208260fc10 is Linux Foundation hosted
  • Community meeting invite: https://zoom-lfx.platform.linuxfoundation.org/meetings/k8gb?view=week lives on the Linux Foundation calendar

• Documentation of how to contribute, with increasing detail as the project matures.

  • See https://github.com/k8gb-io/k8gb/blob/master/CONTRIBUTING.md

• Demonstrate contributor activity and recruitment.

  • 27 community members, including 6 active maintainers, have contributed to k8gb's 32 releases.
  • See devstat metrics: https://k8gb.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1

Engineering Principles

Suggested

• Roadmap change process is documented.

  • See https://github.com/k8gb-io/k8gb/blob/master/ROADMAP.md

• History of regular, quality releases.

  • 27 community members have contributed to k8gb's 32 releases: https://github.com/k8gb-io/k8gb/releases

Required

• Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently.

  • See https://www.k8gb.io/#key-differentiators

• Document what the project does, and why it does it - including viable cloud native use cases.

  • See https://www.k8gb.io/ and https://www.k8gb.io/#motivation-and-architecture

• Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.

  • See https://github.com/k8gb-io/k8gb/blob/master/ROADMAP.md

• Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation.

  • See the extended architecture documentation here
  • Internal k8gb architecture and its components are described here

• Document the project's release process.

  • See https://github.com/k8gb-io/k8gb/blob/master/CONTRIBUTING.md#release-process

Security

Note: this section may be augmented by a joint-assessment performed by TAG Security.

Suggested

N/A

Required

• Clearly defined and discoverable process to report security issues.

  • See Security - especially Reporting a Vulnerability.

• Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)

  • The setting "Require two-factor authentication for everyone in the k8gb organization." is enabled for https://github.com/k8gb-io organization.

• Document assignment of security response roles and how reports are handled.

  • See Security - especially Review Process.

• Document Security Self-Assessment.

  • See https://github.com/k8gb-io/k8gb/blob/master/self-assessment.md
  • See also https://github.com/k8gb-io/k8gb/blob/master/SECURITY.md and https://github.com/k8gb-io/k8gb/blob/master/SECURITY-INSIGHTS.yml

• Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.

  • k8gb has achieved the OpenSSF Best Practices passing badge: https://www.bestpractices.dev/en/projects/4866. It is linked on the https://www.k8gb.io/ index page and the main README of https://github.com/k8gb-io/k8gb.

Ecosystem

Suggested

N/A

Required

• Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)

  • See https://github.com/k8gb-io/k8gb/blob/master/ADOPTERS.md

• Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)

  • See https://github.com/k8gb-io/k8gb/blob/master/ADOPTERS.md

The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation.

• TOC verification of adopters.

Refer to the Adoption portion of this document.

• Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.
  • See https://www.k8gb.io/#installation-and-configuration-tutorials for examples of known integrations with other CNCF projects as well as non-CNCF projects.

Additional Information

[angellk]

@rochaporto to triage

[rochaporto]

Thanks @elohmrow .

In preparation for k8gb to be picked up by a TOC member please:

• review the definition of an adopter
• verify 5-7 project adopters that can and are willing to be interviewed by the TOC reviewer(s) and
  submit information for each adopter to the Adopter Interview Questionnaire form.

Also i would recommend working on the following items (it will help speedup the process later):

• Give a new project update to TAG-Network: the previous one was done in April 2021
• Add affiliation information to the list of maintainers
• Clarify the security self-assessment. The pointer passed is in the project's repo and has part of the information requested by the TAG-Security self-assessment form. Would be useful to create an issue with TAG-Security and follow it up there, also so that the document is added to the project list

[elohmrow]

Hi @rochaporto 👋

Thanks for helping with this 👍

WIP

• ✅ review the definition of an adopter
• ✅ verify 5-7 project adopters that can and are willing to be interviewed by the TOC reviewer(s) and
  submit information for each adopter to the Adopter Interview Questionnaire form. - note: 6 submitted so far
• ✅ Give a new project update to TAG-Network: the previous one was done in April 2021 - note: k8gb gave a preso to the Network TAG on 23 January 25). slides are here - link to the recording: https://www.youtube.com/watch?v=neWnJad-IxI
• ✅ Add affiliation information to the list of maintainers - note: added with PRs: Update CODEOWNERS k8gb-io/k8gb#1805 and Update CODEOWNERS k8gb-io/k8gb#1821
• ✅ Clarify the security self-assessment. The pointer passed is in the project's repo and has part of the information requested by the TAG-Security self-assessment form. Would be useful to create an issue with TAG-Security and follow it up there, also so that the document is added to the project list - note 1: self-assessment clarified: https://github.com/k8gb-io/k8gb/blob/master/self-assessment.md through PRs Update self-assessment.md k8gb-io/k8gb#1806, Update self-assessment.md k8gb-io/k8gb#1809, and More updates to Security self assessments k8gb-io/k8gb#1810 note 2: Issue created with TAG-Security: [Security Review] k8gb tag-security#1441 <- we only need to do the self-assessment at this time, not the joint assessment. note 3: PR opened on TAG Security repo: add k8gb security self-assessment tag-security#1446