Re: [VOTE] k3s for Sandbox

Darren Shepherd <darren@...>

I'm probably jumping into the conversation uninformed and without context.  I just want to make it very clear k3s is in no way shape or form a fork.  There is nothing technically correct about calling it a fork. While k3s does include some modifications to k8s code (about 300 lines or less), it is completely inline with the spirit of Linux distributions that carry their own patches for upstream components.  The patches we carry largely have to do with enabling how k3s packages k8s (single binary).

Furthermore k3s has a proven track record already of keeping inline with every k8s minor and patch release. Patch releases are released withing days or in the case of a CVE the same day.  Minor releases sometimes take a couple weeks to deliver, but we are trying to get that to day. We have zero intention of diverging from upstream.

Please, please do not call k3s fork. It isn't a fork. I understand why some might have come to that conclusion, but it's neither technically true or the intention of the project.


From: cncf-toc@... <cncf-toc@...> on behalf of Bob Wise via <>
Sent: Monday, August 3, 2020 6:51 AM
To: alexis richardson <alexis@...>
Cc: aprokharchyk@... <aprokharchyk@...>; Joe Beda <jbeda@...>; wisebob@... <wisebob@...>; Amye Scavarda Perrin <ascavarda@...>; CNCF TOC <cncf-toc@...>
Subject: Re: [cncf-toc] [VOTE] k3s for Sandbox
K3s is a distro, and it is a fork as well. The "opinionated" description always applies to distros (which can be more or less opinionated, of course). If the opinion included things like backported security patches (does it?) that are available upstream but not for all versions, then I'd be inclined to agree that the spirit of the distro is not to be a fork.

That does not appear to be the case for K3s, which is a conformant fork. The comments about encouraging mending of fences and contribution upstream are further evidence of the forked nature of the project.

The TOC has distinct if related questions to address:

1) Will the TOC sponsor project forks into sandbox?
2) Will the TOC sponsor project distros into sandbox?
3) Is there something nuanced about sponsoring these into sandbox vs a track towards incubation and graduation?  If the purpose of the sandboxing of K3s were to give it a more neutral home while the forks are upstreamed and fences are mended, then that seems like a reasonable use of sandbox. If the track here is to put a fork onto a graduation path then that is much more concerning.
4) Kubernetes conformance tests are what determine distro eligibility. These tests are always evolving. What happens if a sponsored distro (or fork) stops passing conformance?

FWIW, I agree on the k8s sandbox point.


On Fri, Jul 31, 2020 at 11:38 AM alexis richardson <alexis@...> wrote:
Currently k3s is a distro of k8s.

We used to have a k8s sandbox.  If we still did then k3s would happily live there as a way to show k8s how to be a better project.

On Fri, Jul 31, 2020 at 7:17 PM Alena Prokharchyk via <> wrote:
k3s is not a fork of Kubernetes. It is an opinionated way of delivering Kubernetes to IoT and Edge devices. Talking to Kubernetes steering committee made it clear that Kubernetes main design principle is extensibility, and the core system will be maintained to support Kubernetes development/deployment in a generic and configurable way. Therefore projects like k3s could benefit the ecosystem by expanding Kubernetes adoption footprint while remaining standalone.

For the areas where k3s maintainers can contribute back to Kubernetes, we should strongly encourage them to do so. Mending the relationship with Kubernetes community should be the first priority for the health of the project. By accepting k3s to Sandbox we get an opportunity to advise on its contributor experience, sustainability and governance. 


On Jul 31, 2020, at 11:07 AM, alexis richardson <alexis@...> wrote:

-1, nb

+1 to joe & bob comments.
I am very keen to see k3s initiative do well
I am even more keen to see it feed back into K8s

let's find a way to make this work!  I don't know the answer and recognise how unfair this probably seems to the k3s folks

On Fri, Jul 31, 2020 at 7:04 PM Joe Beda <jbeda@...> wrote:
-1 non-binding


My concerns echo Bob’s.


There is a ton to like about k3s.  There is a super enthusiastic user community and it has pioneered bringing together an opinionated set of components with a streamlined experience.  That is awesome!


Concrete concerns:
  1. Is k3s a distribution?  Many people publicly refer to it as such. The project page itself ( has a headline saying “The certified Kubernetes distribution built for IoT & Edge computing”.
  2. Should the CNCF be a place to host distributions? (purpose discussion for the TOC)
  3. The name is very confusing.  Kubernetes and k8s are synonymous.  In fact, “k8s” is a registered trademark of the LF (  I’m not a lawyer, but these clearly commercially overlap and there is confusion in the marketplace. The LF may need to take action here regardless of the TOC decision.
  4. The places where k3s has made progress has, traditionally, included essentially forking parts of k8s and rebuilding.  That forking has gotten thinner over time but is still there.  There are promises around pushing changes upstream, but, to my knowledge, that has been minimal.  The relationship there is fraught with a lot of history of friction and conflict.
  5. [point in time concern] The project is still pretty entangled with the rest of Rancher.  This can be solved but obviously hasn’t been a priority.  An example is that the documentation for k3s is part of the Rancher docs repo.  Would the docs be included in the assets that come into the CNCF?
    1. The repo is also part of the Rancher org.  The set of code owners is hidden and looks to be driven exclusively by Rancher (


There are a lot of thorny issues here. I have confidence in the TOC to be able to detangle these.




From: cncf-toc@... <cncf-toc@...>
Date: Friday, July 31, 2020 at 9:14 AM
To: aprokharchyk@... <aprokharchyk@...>, Amye Scavarda Perrin <ascavarda@...>
Cc: CNCF TOC <cncf-toc@...>
Subject: [Suspected Spam] Re: [cncf-toc] [VOTE] k3s for Sandbox
-1 non-binding.


I’m deeply concerned about the idea that CNCF is accepting what appears to be a Kubernetes fork into sandbox.


The statements about “encouraging upstream” seem like good intentions only.


Kubernetes as a project has, in my opinion, succeeded in part because of the community dedication to staying upstream and not forking.


For clarity, I would be strongly in favor of k3s being part of Kubernetes upstream.







From: <cncf-toc@...> on behalf of "Alena Prokharchyk via" <>
Reply-To: "aprokharchyk@..." <aprokharchyk@...>
Date: Friday, July 31, 2020 at 9:09 AM
To: Amye Scavarda Perrin <ascavarda@...>
Cc: CNCF TOC <cncf-toc@...>
Subject: RE: [EXTERNAL] [cncf-toc] [VOTE] k3s for Sandbox


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


+1 binding.



On Jul 31, 2020, at 8:04 AM, Amye Scavarda Perrin <ascavarda@...> wrote:


k3s has applied for inclusion into the sandbox:

Liz Rice has called for the vote: 

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!


Amye Scavarda Perrin | Program Manager | amye@...



Join to automatically receive all group messages.