Date   

Re: [VOTE] SPIFFE project proposal (inception)

Louis Fourie <louis.fourie@...>
 

+1 (non-binding)

 

 

From: cncf-toc@... [mailto:cncf-toc@...] On Behalf Of Chris Aniszczyk
Sent: Thursday, February 01, 2018 7:44 AM
To: cncf-toc@...
Subject: [cncf-toc] [VOTE] SPIFFE project proposal (inception)

 

The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment: https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here: https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


Re: [VOTE] SPIFFE project proposal (inception)

Cathy zhang
 

+1 non binding.

 

Cathy

 

 

From: cncf-toc@... [mailto:cncf-toc@...] On Behalf Of Chris Aniszczyk
Sent: Thursday, February 01, 2018 7:44 AM
To: cncf-toc@...
Subject: [cncf-toc] [VOTE] SPIFFE project proposal (inception)

 

The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment: https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here: https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


Re: [VOTE] SPIFFE project proposal (inception)

Erin Boyd
 

+1 (non-binding)

On Feb 1, 2018 12:47 PM, "Timothy Chen" <tim@...> wrote:
+1 non binding.

Tim
On Thu, Feb 1, 2018 at 11:44 AM Arun Gupta <arun.gupta@...> wrote:
+1 non-binding

On Thu, Feb 1, 2018 at 7:44 AM, Chris Aniszczyk <caniszczyk@linuxfoundation.org> wrote:
The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment: https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here: https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719





Re: [VOTE] SPIFFE project proposal (inception)

Timothy Chen
 

+1 non binding.

Tim

On Thu, Feb 1, 2018 at 11:44 AM Arun Gupta <arun.gupta@...> wrote:
+1 non-binding

On Thu, Feb 1, 2018 at 7:44 AM, Chris Aniszczyk <caniszczyk@...> wrote:
The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment: https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here: https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719





Re: [VOTE] SPIFFE project proposal (inception)

Arun Gupta
 

+1 non-binding

On Thu, Feb 1, 2018 at 7:44 AM, Chris Aniszczyk <caniszczyk@...> wrote:
The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment: https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here: https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719





Re: [VOTE] SPIFFE project proposal (inception)

karan@...
 

+1 (non-binding)

On Thu, Feb 1, 2018 at 11:30 AM, <jainvipin@...> wrote:
+1 (non-binding)

Vipin Jain
Pensando



Re: [VOTE] SPIFFE project proposal (inception)

jainvipin@...
 

+1 (non-binding)

Vipin Jain
Pensando


Re: [VOTE] SPIFFE project proposal (inception)

Enrico Schiattarella
 

+1 (non-binding)

Enrico Schiattarella


Re: updating what it means to be "Cloud Native"

alexis richardson
 

I feel an acronym coming on....


On Thu, 1 Feb 2018, 18:52 Bernstein, Joshua, <joshua.bernstein@...> wrote:
I know I’m late to the party here, but I really like the key bullets Yaron outlined below. I think this makes it pretty straight forward and is really a powerful statement.

I’d be in favor, of whatever we agree to here to be able to be distilled down to clear bullets like these.

-Josh

On Jan 31, 2018, at 1:38 AM, Yaron Haviv <yaronh@...> wrote:

I’m also more aligned with Justin’s definition, the way I usually describe Cloud-Native architecture in my posts is that it provides:

 

  • Durability — services must sustain component failures
  • Elasticity — services and resources grow or shrink to meet demand
  • Continuity — versions are upgraded while the service is running

 

I think declarative may be the way to achieve those, but can be added explicitly

Containers, unikernels, serverless, foo… are ways to implement this

 

Yaron

iguazio, CTO

 

From: <cncf-toc@...> on behalf of Bryan Cantrill <bryan@...>
Reply-To: "cncf-toc@..." <cncf-toc@...>
Date: Wednesday, 31 January 2018 at 8:30
To: "cncf-toc@..." <cncf-toc@...>
Subject: Re: [cncf-toc] updating what it means to be "Cloud Native"

 

 

Wow, I really like Justin's (and Kris's) definitions.  As I read Brian's proposed attributes, it occurred to me how much software we have that is indisputably cloud native and yet doesn't exhibit the attributes as described.  I think part of the problem is that it's too focused on artifact attributes and not on the principles behind those attributes.  Justin's definitions are more expansive in that regard and (from my perspective, anyway), a better fit for us...

 

        - Bryan

 

 

On Tue, Jan 30, 2018 at 9:42 PM, Justin Garrison <justinleegarrison@...> wrote:

This is just my opinion. Feedback is encouraged. I did a lot of thinking about definitions when writing Cloud Native Infrastructure with Kris Nova last year.

 

In the book I define cloud native infrastructure as

 

Cloud native infrastructure is infrastructure that is hidden behind useful abstractions, controlled by APIs, managed by software, and has the purpose of running applications.

 

​The definitions for the CNCF are not just about running infrastructure and also impact how applications are designed and managed.

 

I defined cloud native applications as

 

A cloud native application is engineered to run on a platform and is designed for resiliency, agility, operability, and observability. Resiliency embraces failures instead of trying to prevent them; it takes advantage of the dynamic nature of running on a platform. Agility allows for fast deployments and quick iterations. Operability

​ ​

adds control of application life cycles from inside the application instead of relying on external processes and monitors. Observability provides information to answer questions about application state.

 

A possible elevator pitch could be something like.

 

Declarative, dynamic, resilient, and scalable.​

 

For me these expand to mean

 

Declarative APIs backed by infrastructure as software (not static code) that converge on a desired state. This applies to infrastructure, policy, application deployments, everything!

Dynamic because of the high rate of change and making frequent deployments (applications and infrastructure). This also can be used to describe service discovery as well as testing patterns and service mesh style routing.

Resilient to changes and discovery of environments. Microservices is one pattern for this but it also can include other options. Resiliency enables reliability which is the single most important factor of complex systems (or so I've read from numerous sources)

Scalable means applications need to be packaged in a way to scale horizontally instead of vertically. Ideally this would be containers but it can also be what I'd call "accidental containers" for things like lambda, app engine, or any PaaS where you don't explicitly package your code into an executable unit.


 

--
Justin Garrison
justingarrison.com

 

On Tue, Jan 30, 2018 at 4:49 PM, Brian Grant via Lists.Cncf.Io <briangrant=google.com@...> wrote:

Good point. I'll think about that (and am open to suggestions). "Automation" is a bit too terse, and not differentiated from the numerous automation systems of the past.

 

On Tue, Jan 30, 2018 at 4:45 PM, Bob Wise <bob@...> wrote:

Although the new definition is deeper and more inclusive, I think it is much less approachable especially to an less technical audience.

 

The "container packaged, dynamically managed, micro service oriented" was (and is) a great elevator pitch. It's simple, and has really helped give

those in organizations trying to sell upward on transformation paths great clear air cover. I think we would all agree that containers incorporate

many of the approaches indicated in the bits below. 

 

If we are going to replace those points (rather than enhance them) can we work on three simple bullets, or something that helps the entry?

 

-Bob

 

 

 

On Tue, Jan 30, 2018 at 9:30 AM, Brian Grant via Lists.Cncf.Io <briangrant=google.com@...> wrote:

The CNCF Charter contains a definition of "Cloud Native" that was very Kubernetes-focused. This definition proved to be inadequate during a number of recent discussions, particularly those around "cloud-native storage" in the Storage WG. I would like to update the definition. My first attempt follows. 

 

Existing charter text:

 

The Foundation’s mission is to create and drive the adoption of a new computing paradigm that is optimized for modern distributed systems environments capable of scaling to tens of thousands of self healing multi-tenant nodes.

Cloud native systems will have the following properties:

(a) Container packaged. Running applications and processes in software containers as an isolated unit of application deployment, and as a mechanism to achieve high levels of resource isolation. Improves overall developer experience, fosters code and component reuse and simplify operations for cloud native applications.

(b) Dynamically managed. Actively scheduled and actively managed by a central orchestrating process. Radically improve machine efficiency and resource utilization while reducing the cost associated with maintenance and operations.

(c) Micro-services oriented. Loosely coupled with dependencies explicitly described (e.g. through service endpoints). Significantly increase the overall agility and maintainability of applications. The foundation will shape the evolution of the technology to advance the state of the art for application management, and to make the technology ubiquitous and easily available through reliable interfaces.

Proposed text:

 

The Foundation’s mission is to create and drive the adoption of a new computing paradigm, dubbed Cloud-Native computing, designed to facilitate a high velocity of change to applications, services, and infrastructure at scale in modern distributed-systems environments such as public clouds and private datacenters, while providing high degrees of security, reliability, and availability. To that end, the Foundation seeks to shape the evolution of the technology to advance the state of the art for application management and to foster an ecosystem of Cloud-Native technologies that are interoperable through well defined interfaces, and which are portable, vendor-neutral, and ubiquitous.

 

The following are some attributes of Cloud Native:

  • Cloud-native services should enable self-service. For instance, cloud-native resources should be self-provisioned from an elastic pool that for typical, on-demand usage appears to be of unlimited capacity.
  • Cloud-native environments are dynamic. They necessitate self-healing and adaptability of applications and services running in such environments.
  • Cloud-native applications, services, and infrastructure facilitate high-velocity management at scale via continuous automation, which is enabled by externalizing control, supporting dynamic configuration, and providing observability. In particular, resource usage is measured to enable optimal and efficient use.
  • Cloud-native services and infrastructure are decoupled from applications, with seamless and transparent consumption experiences.

 

Non-exhaustive, non-exclusive examples of mechanisms and approaches that promote Cloud-Native approaches include:

  • Immutable infrastructure: Replace individual components and resources rather than updating them in place, which rejuvenates the components/resources, mitigates configuration drift, and facilitates repeatability with predictability, which is essential for high-velocity operations at scale.
  • Application containers: Running applications and processes in containers as units of application deployment isolates them from their operational environments as well as from each other, facilitates higher levels of resource isolation, fosters component reuse, enables portability, increases observability, and standardizes lifecycle management.
  • Microservices: Loosely coupled microservices significantly increase the overall agility and maintainability of applications, particularly for larger organizations.
  • Service meshes: Service meshes decouple service access from the provider topology, which reduces the risk of operational changes, and support inter-component observability.
  • Declarative configuration: Intent-oriented configuration lets users focus on the What rather than the How, and reserves latitude for automated systems achieve the desired state.
  • Event-driven execution: Enables agile, reactive automated processes, and facilitates systems integration.

 

As new Cloud-Native techniques and technologies emerge, they will be incorporated into the Foundation’s portfolio of recommended practices, approaches, and projects.

 

 

 

 

 


VOTE

Hong <hong@...>
 

+1 (non-binding)


Re: [VOTE] SPIFFE project proposal (inception)

Gou Rao <grao@...>
 

+1 non-binding

On Thu, Feb 1, 2018 at 8:04 AM, alexis richardson <alexis@...> wrote:

+1 binding


On Thu, 1 Feb 2018, 16:04 Joe Beda, <joe@...> wrote:
+1 non-binding


On Thu, Feb 1, 2018 at 7:44 AM Chris Aniszczyk <caniszczyk@linuxfoundation.org> wrote:
The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment: https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here: https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Chris Aniszczyk (@cra) | +1-512-961-6719



Re: [VOTE] SPIFFE project proposal (inception)

Ken Adler <kadler@...>
 

+1

--
Ken Adler
InfoSec SME, DPS
ThoughtWorks
510-290-5806 (Cell)


Re: [VOTE] SPIFFE project proposal (inception)

Lukas Karlsson <karlsson@...>
 

+1 (non-binding)

--
Lukas Karlsson, Cloud Architect / Developer Advocate

Broad Institute of MIT and Harvard
75 Ames Street, 11129, Cambridge, Massachusetts 02142
karlsson@..., +1.6177147142


Re: [VOTE] SPIFFE project proposal (inception)

Shrenik Dedhia <sdedhia@...>
 

+1 (non-binding)


Re: [VOTE] SPIFFE project proposal (inception)

Josef Fuchshuber <josef.fuchshuber@...>
 

+1 non-binding


Re: [VOTE] SPIFFE project proposal (inception)

Mark Peek
 

+1 non-binding

 

From: <cncf-toc@...> on behalf of Chris Aniszczyk <caniszczyk@...>
Reply-To: "cncf-toc@..." <cncf-toc@...>
Date: Thursday, February 1, 2018 at 7:44 AM
To: "cncf-toc@..." <cncf-toc@...>
Subject: [cncf-toc] [VOTE] SPIFFE project proposal (inception)

 

The TOC has decided to invite SPIFFE (https://github.com/spiffe) as an INCEPTION level CNCF project, sponsored by Brian Grant from the TOC.

SPIFFE (Secure Production Identity Framework For Everyone) provides a secure identity, in the form of a specially crafted x509 certificate, to every workload in a modern production environment:
https://spiffe.io

Please vote (+1/0/-1) by replying to this thread; the full project proposal located here:
https://github.com/cncf/toc/pull/68

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!


Re: [VOTE] SPIFFE project proposal (inception)

krishnag@...
 

"+1 (non-binding)"


Re: [VOTE] SPIFFE project proposal (inception)

Joseph Jacks
 

+1 non-binding


Re: [VOTE] SPIFFE project proposal (inception)

Bernstein, Joshua <joshua.bernstein@...>
 

+1 non-binding

On Feb 1, 2018, at 10:51 AM, Haim Helman <haim@...> wrote:

+1 non-binding


Re: updating what it means to be "Cloud Native"

Bernstein, Joshua <joshua.bernstein@...>
 

I know I’m late to the party here, but I really like the key bullets Yaron outlined below. I think this makes it pretty straight forward and is really a powerful statement.

I’d be in favor, of whatever we agree to here to be able to be distilled down to clear bullets like these.

-Josh

On Jan 31, 2018, at 1:38 AM, Yaron Haviv <yaronh@...> wrote:

I’m also more aligned with Justin’s definition, the way I usually describe Cloud-Native architecture in my posts is that it provides:

 

  • Durability — services must sustain component failures
  • Elasticity — services and resources grow or shrink to meet demand
  • Continuity — versions are upgraded while the service is running

 

I think declarative may be the way to achieve those, but can be added explicitly

Containers, unikernels, serverless, foo… are ways to implement this

 

Yaron

iguazio, CTO

 

From: <cncf-toc@...> on behalf of Bryan Cantrill <bryan@...>
Reply-To: "cncf-toc@..." <cncf-toc@...>
Date: Wednesday, 31 January 2018 at 8:30
To: "cncf-toc@..." <cncf-toc@...>
Subject: Re: [cncf-toc] updating what it means to be "Cloud Native"

 

 

Wow, I really like Justin's (and Kris's) definitions.  As I read Brian's proposed attributes, it occurred to me how much software we have that is indisputably cloud native and yet doesn't exhibit the attributes as described.  I think part of the problem is that it's too focused on artifact attributes and not on the principles behind those attributes.  Justin's definitions are more expansive in that regard and (from my perspective, anyway), a better fit for us...

 

        - Bryan

 

 

On Tue, Jan 30, 2018 at 9:42 PM, Justin Garrison <justinleegarrison@...> wrote:

This is just my opinion. Feedback is encouraged. I did a lot of thinking about definitions when writing Cloud Native Infrastructure with Kris Nova last year.

 

In the book I define cloud native infrastructure as

 

Cloud native infrastructure is infrastructure that is hidden behind useful abstractions, controlled by APIs, managed by software, and has the purpose of running applications.

 

​The definitions for the CNCF are not just about running infrastructure and also impact how applications are designed and managed.

 

I defined cloud native applications as

 

A cloud native application is engineered to run on a platform and is designed for resiliency, agility, operability, and observability. Resiliency embraces failures instead of trying to prevent them; it takes advantage of the dynamic nature of running on a platform. Agility allows for fast deployments and quick iterations. Operability

​ ​

adds control of application life cycles from inside the application instead of relying on external processes and monitors. Observability provides information to answer questions about application state.

 

A possible elevator pitch could be something like.

 

Declarative, dynamic, resilient, and scalable.​

 

For me these expand to mean

 

Declarative APIs backed by infrastructure as software (not static code) that converge on a desired state. This applies to infrastructure, policy, application deployments, everything!

Dynamic because of the high rate of change and making frequent deployments (applications and infrastructure). This also can be used to describe service discovery as well as testing patterns and service mesh style routing.

Resilient to changes and discovery of environments. Microservices is one pattern for this but it also can include other options. Resiliency enables reliability which is the single most important factor of complex systems (or so I've read from numerous sources)

Scalable means applications need to be packaged in a way to scale horizontally instead of vertically. Ideally this would be containers but it can also be what I'd call "accidental containers" for things like lambda, app engine, or any PaaS where you don't explicitly package your code into an executable unit.


 

--
Justin Garrison
justingarrison.com

 

On Tue, Jan 30, 2018 at 4:49 PM, Brian Grant via Lists.Cncf.Io <briangrant=google.com@...> wrote:

Good point. I'll think about that (and am open to suggestions). "Automation" is a bit too terse, and not differentiated from the numerous automation systems of the past.

 

On Tue, Jan 30, 2018 at 4:45 PM, Bob Wise <bob@...> wrote:

Although the new definition is deeper and more inclusive, I think it is much less approachable especially to an less technical audience.

 

The "container packaged, dynamically managed, micro service oriented" was (and is) a great elevator pitch. It's simple, and has really helped give

those in organizations trying to sell upward on transformation paths great clear air cover. I think we would all agree that containers incorporate

many of the approaches indicated in the bits below. 

 

If we are going to replace those points (rather than enhance them) can we work on three simple bullets, or something that helps the entry?

 

-Bob

 

 

 

On Tue, Jan 30, 2018 at 9:30 AM, Brian Grant via Lists.Cncf.Io <briangrant=google.com@...> wrote:

The CNCF Charter contains a definition of "Cloud Native" that was very Kubernetes-focused. This definition proved to be inadequate during a number of recent discussions, particularly those around "cloud-native storage" in the Storage WG. I would like to update the definition. My first attempt follows. 

 

Existing charter text:

 

The Foundation’s mission is to create and drive the adoption of a new computing paradigm that is optimized for modern distributed systems environments capable of scaling to tens of thousands of self healing multi-tenant nodes.

Cloud native systems will have the following properties:

(a) Container packaged. Running applications and processes in software containers as an isolated unit of application deployment, and as a mechanism to achieve high levels of resource isolation. Improves overall developer experience, fosters code and component reuse and simplify operations for cloud native applications.

(b) Dynamically managed. Actively scheduled and actively managed by a central orchestrating process. Radically improve machine efficiency and resource utilization while reducing the cost associated with maintenance and operations.

(c) Micro-services oriented. Loosely coupled with dependencies explicitly described (e.g. through service endpoints). Significantly increase the overall agility and maintainability of applications. The foundation will shape the evolution of the technology to advance the state of the art for application management, and to make the technology ubiquitous and easily available through reliable interfaces.

Proposed text:

 

The Foundation’s mission is to create and drive the adoption of a new computing paradigm, dubbed Cloud-Native computing, designed to facilitate a high velocity of change to applications, services, and infrastructure at scale in modern distributed-systems environments such as public clouds and private datacenters, while providing high degrees of security, reliability, and availability. To that end, the Foundation seeks to shape the evolution of the technology to advance the state of the art for application management and to foster an ecosystem of Cloud-Native technologies that are interoperable through well defined interfaces, and which are portable, vendor-neutral, and ubiquitous.

 

The following are some attributes of Cloud Native:

  • Cloud-native services should enable self-service. For instance, cloud-native resources should be self-provisioned from an elastic pool that for typical, on-demand usage appears to be of unlimited capacity.
  • Cloud-native environments are dynamic. They necessitate self-healing and adaptability of applications and services running in such environments.
  • Cloud-native applications, services, and infrastructure facilitate high-velocity management at scale via continuous automation, which is enabled by externalizing control, supporting dynamic configuration, and providing observability. In particular, resource usage is measured to enable optimal and efficient use.
  • Cloud-native services and infrastructure are decoupled from applications, with seamless and transparent consumption experiences.

 

Non-exhaustive, non-exclusive examples of mechanisms and approaches that promote Cloud-Native approaches include:

  • Immutable infrastructure: Replace individual components and resources rather than updating them in place, which rejuvenates the components/resources, mitigates configuration drift, and facilitates repeatability with predictability, which is essential for high-velocity operations at scale.
  • Application containers: Running applications and processes in containers as units of application deployment isolates them from their operational environments as well as from each other, facilitates higher levels of resource isolation, fosters component reuse, enables portability, increases observability, and standardizes lifecycle management.
  • Microservices: Loosely coupled microservices significantly increase the overall agility and maintainability of applications, particularly for larger organizations.
  • Service meshes: Service meshes decouple service access from the provider topology, which reduces the risk of operational changes, and support inter-component observability.
  • Declarative configuration: Intent-oriented configuration lets users focus on the What rather than the How, and reserves latitude for automated systems achieve the desired state.
  • Event-driven execution: Enables agile, reactive automated processes, and facilitates systems integration.

 

As new Cloud-Native techniques and technologies emerge, they will be incorporated into the Foundation’s portfolio of recommended practices, approaches, and projects.

 

 

 

 

 

5381 - 5400 of 6984