|
RFC: What do projects need to succeed?
Matt Klein
Hi TOC community and GB, Over the past several weeks I have been working with Michelle and Brandon to create an overview document that aims to clarify both what services projects need to succeed as well as the different funding options available to obtain those services. Our goal is to start a community and GB discussion that will allow us to:
The first step to set the foundation for these discussions is to agree on a set of needs for each project which we’ve laid out in the overview document with feedback from the maintainers of the CNCF projects. We request that you review the overview document and add your input. We look forward to your discussion and comments over the coming weeks as well as in-person at OSLS next week for those present. Thanks, Matt, Michelle, and Brandon |
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
Brendan Burns
Xiang,
Please do file these issues on the gatekeeper project, it is part of the OPA repository as people mentioned.
--brendan
From: cncf-toc@... <cncf-toc@...> on behalf of Chris Aniszczyk via Lists.Cncf.Io <caniszczyk=linuxfoundation.org@...>
Sent: Thursday, March 7, 2019 9:14 AM To: Li, Xiang Cc: cncf-toc@... Subject: Re: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request re: gatekeeper, it was moved into OPA a couple months ago: https://github.com/open-policy-agent/gatekeeper +
history: https://github.com/open-policy-agent/opa/issues/1093
On Thu, Mar 7, 2019 at 11:12 AM "Li, Xiang <x.li@...> wrote:
Thanks Brendan for the information. I gave a look at the project this week, and agree on most of the feedbacks azure engineers provided. Chris Aniszczyk (@cra) | +1-512-961-6719
|
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
re: gatekeeper, it was moved into OPA a couple months ago: https://github.com/open-policy-agent/gatekeeper + history: https://github.com/open-policy-agent/opa/issues/1093 On Thu, Mar 7, 2019 at 11:12 AM "Li, Xiang <x.li@...> wrote: Thanks Brendan for the information. I gave a look at the project this week, and agree on most of the feedbacks azure engineers provided. --
Chris Aniszczyk (@cra) | +1-512-961-6719 |
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
Li, Xiang
Thanks Brendan for the information. I gave a look at the project this week, and agree on most of the feedbacks azure engineers provided.
Since you mentioned the gatekeeper project, do you know if it is part of OPA (the sandbox project) or a separate project? I took a look at OPA Kubernetes example (https://www.openpolicyagent.org/docs/kubernetes-admission-control.html), and found some potential issues: 1. require cache Kubernetes resources into OPA agent, which can be pretty expensive. Is there a cheaper way to do it? Can the agent obtain the base JSON data on demand? 2. the policy agent runs on the eventual consistent cache. This might cause wrong evaluation if previous change has not yet propagated back. |
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
Brendan Burns
Here's some verbatum feedback from one of my engineers who lead the azure policy controller and is helping lead gatekeeper (opa + admission control), I'll do my own look too, but I thought I'd pass this along.
--brendan
Vision At the heart of the OPA’s premise is to decouple the definition of policy from the enforcement of it providing ability to define fine-grained policy control at various levels of the stack. At the basics it is JSON document store with Rego as the query-able language. The design of it being a general open policy engine allows easily building platform specific policy controllers Gatekeeper to be successful. Quality The project is well structured and is maintainable, follows good design patterns. I had a chance to add the contribute and enhance the query method in OPA core project. It was easy to make changes i.e. straightforward to satisfy new requirements, and add new test cases in existing test infrastructure. The project has clear and good documentation. The code review process is thorough. The project has does good performance test and security analysis. The github issues are well documented for fresh developers to start making contributions. Community Support The support is awesome and growing (supported by folks at Styra). Questions get answered in a near real time. The Gatekeeper project would not have been successful without the help of the level of support (special mention Torin and Tim)
Adoption In my last several months of closely working and monitoring this project I see fast growing adoption and interest in the project. With the Gatekeeper project we see interest from all major clouds expecting this project to make it to large number of test and production environments. I am already see products and teams within organization like Microsoft e.g Office, AAD, IOT solving policy problems where OPA would be a natural fit. Improvements There are always this that we are striving to improve, in that spirit arguably there is a learning curve associated with writing new policies in Rego, and sizable portion of questions on Slack channel are related to policy syntax and bugs . The project has done incredible work it making it debuggable and testable to tooling (e.g. vs code extensions). There is work going on via Gatekeeper project to build a constraint framework a higher level abstraction on top of Rego to make policies more reusable.
From: cncf-toc@... <cncf-toc@...> on behalf of Brendan Burns via Lists.Cncf.Io <bburns=microsoft.com@...>
Sent: Monday, March 4, 2019 12:06 PM To: Quinton Hoole; caniszczyk@... Cc: cncf-toc@... Subject: Re: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request
I'll volunteer, unless Quinton wants it 🙂
From: cncf-toc@... <cncf-toc@...> on behalf of Chris Aniszczyk via Lists.Cncf.Io <caniszczyk=linuxfoundation.org@...>
Sent: Monday, March 4, 2019 11:40 AM To: Quinton Hoole Cc: cncf-toc@... Subject: Re: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request no but I look forward for someone from the TOC to volunteer, feel free to comment on the PR
|
|||
|
|
|||
|
Re: [RESULT] containerd moving to graduation (PASSED)
Joe Beda
Awesome! Congrats to the project and the team. Thanks for the update Phil! On Wed, Mar 6, 2019 at 11:40 AM Chris Aniszczyk <caniszczyk@...> wrote:
|
|||
|
|
|||
|
Re: [RESULT] containerd moving to graduation (PASSED)
Thanks Phil, always nice to see a project evolve its governance after community feedback. Here's the PR for reference: https://github.com/containerd/project/pull/16 On Wed, Mar 6, 2019 at 1:33 PM Phil Estes <estesp@...> wrote:
--
Chris Aniszczyk (@cra) | +1-512-961-6719 |
|||
|
|
|||
|
Re: [RESULT] containerd moving to graduation (PASSED)
Because it came up during
the graduation comment period for containerd, and specifically on this
TOC email list, I wanted to close the loop and note that today by
agreement of at least a 2/3rds majority of maintainers, the removal of
Moby TSC governance language from the containerd project governance
structure was finalized. The discussion was actually unanimous based on
the view that containerd project maturity has rendered a separate TSC
governance structure unnecessary going forward.
toggle quoted message
Show quoted text
Thank you, - Phil Estes Chris Aniszczyk wrote on 2/28/19 1:06 PM:
|
|||
|
|
|||
|
Re: [E] [cncf-toc] TOC Agenda for 3/5/2019
Dan, You are correct. I was able to open it up in my personal computer! Thanks Mehmet On Mon, Mar 4, 2019 at 6:39 PM Dan Kohn <dan@...> wrote:
|
|||
|
|
|||
|
Re: [E] [cncf-toc] TOC Agenda for 3/5/2019
Dan Kohn <dan@...>
You can get access if you open them in an incognito window. -- Dan Kohn <dan@...> Executive Director, Cloud Native Computing Foundation https://www.cncf.io +1-415-233-1000 https://www.dankohn.com On Mon, Mar 4, 2019 at 6:31 PM Chris Aniszczyk <caniszczyk@...> wrote:
|
|||
|
|
|||
|
Re: [E] [cncf-toc] TOC Agenda for 3/5/2019
The slides are public, please don't spam the main list. This is a verizon setting, your employer is blocking you from accessing the deck for some insane reason.  On Mon, Mar 4, 2019 at 3:28 PM Toy, Mehmet <mehmet.toy@...> wrote:
--
Chris Aniszczyk (@cra) | +1-512-961-6719 |
|||
|
|
|||
|
Re: [E] [cncf-toc] TOC Agenda for 3/5/2019
Below is what I get when I click on the url. You need permission Want in? Ask for access, or switch to an account with permission. Learn more You are signed in as mehmet.toy@.... On Mon, Mar 4, 2019 at 5:48 PM Chris Aniszczyk <caniszczyk@...> wrote:
|
|||
|
|
|||
|
TOC Agenda for 3/5/2019
Here's the deck for tomorrow: We will be doing an annual review for OPA since it's been a year in the sandbox (they also requested a move to incubation), announcing a new meeting specifically for project presentations, end user community update, CNCF SIGs finalization and CNF testbed discussion. See everyone tomorrow! Chris Aniszczyk (@cra) | +1-512-961-6719 |
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
Brendan Burns
I'll volunteer, unless Quinton wants it 🙂
From: cncf-toc@... <cncf-toc@...> on behalf of Chris Aniszczyk via Lists.Cncf.Io <caniszczyk=linuxfoundation.org@...>
Sent: Monday, March 4, 2019 11:40 AM To: Quinton Hoole Cc: cncf-toc@... Subject: Re: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request no but I look forward for someone from the TOC to volunteer, feel free to comment on the PR
|
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
no but I look forward for someone from the TOC to volunteer, feel free to comment on the PR On Mar 4, 2019, at 11:39 AM, Quinton Hoole <quinton.hoole@...> wrote:
|
|||
|
|
|||
|
Re: RFC: OPA is up for Annual Review + Incubation Request
Quinton Hoole
Thanks Chris
Has anyone been assigned yet to lead the technical due diligence?
Thanks
Q
From: cncf-toc@... [cncf-toc@...] on behalf of Chris Aniszczyk [caniszczyk@...]
Sent: Friday, March 01, 2019 6:17 PM To: CNCF TOC Subject: [cncf-toc] RFC: OPA is up for Annual Review + Incubation Request Just an FYI, OPA! They are close to their 1 year anniversary for their annual review as a sandbox project and also want to request a move to incubation:
We look forward to comments from the TOC and wider community.
Chris Aniszczyk (@cra) | +1-512-961-6719
|
|||
|
|
|||
|
Re: Anyone know what this is?
Russell Bryant <rbryant@...>
Thanks, Chris! That channel just got archived on slack, unfortunately. We are in #cluster-api as well, though. we can set up a mailing list for metalkube too if that helps. Russell Bryant On Sat, Mar 2, 2019 at 1:24 PM Chris Wright <chrisw@...> wrote:
--
Russell Bryant |
|||
|
|
|||
|
Re: Anyone know what this is?
Rob Hirschfeld
> "So I'm curious to see who is interested in Kubernetes on bare metal? " If the TOC is interested in Kube on bare metal... there's also KRIB on Digital Rebar which uses KubeAdm and has a wide range of options including HA. We've done work for a ClusterAPI Machine Controller which allows the ClusterAPI to treat metal like a cloud: https://github.com/galthaus/machine-controller
On Fri, Mar 1, 2019 at 10:01 AM Chris Wright <chrisw@...> wrote:
|
|||
|
|
|||
|
Re: Anyone know what this is?
Chris Wright
That's great Xuan! I agree, Kube is very promising for a variety of edge and other usecases in the network. Jump on #wg-onprem in Kubernetes Slack, visit http://metalkube.org/, or ping Russell (Cc'd) if you need any other pointers. thanks, -chris On Sat, Mar 2, 2019, 2:45 AM Xuan Jia <jason.jiaxuan@...> wrote:
|
|||
|
|
|||
|
Re: Anyone know what this is?
Xuan Jia <jason.jiaxuan@...>
Hi Chris, i am very interested in this project. It may have some value in edge computing. We are finding if community have any solution to solve the bare metal machine management problem . MetalKube is the one. How can we do together ? From my point of view, the resource in Edge Computing Data Center is limited. CNF is a very good chose in Edge. Xuan Jia Edge Computing Architect China Mobile Research Institute Chris Wright <chrisw@...> 于2019年3月2日周六 上午12:01写道:
|
|||
|
|
