CNCF outlines its technical oversight goals

At KubeCon + CloudNativeCon Europe 2019 there was a public meeting of the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC); its members outlined the current state of the CNCF and where things are headed. What emerged was a picture of how the CNCF's governance is evolving as it brings in more projects, launches a new special interest group mechanism, and contemplates what to do with projects that go dormant.

The CNCF has several levels in its organizational structure with the Governing Board handling the overall operation, budget, and finances, while the TOC handles the technical vision and direction, as well as approving new project additions. Though the TOC currently acts as a sort of gatekeeper for admitting projects into the CNCF, there is more that TOC member Joe Beda, the developer who made the first commit to Kubernetes, said can be done. "The TOC helps to decide which projects come in, but I think we could do an expanded role to actually make sure that we're serving those projects better and that we're creating a great value proposition for projects, so that it's a really great two-way street between the CNCF and the projects to really build some sustainability," he said.

Jeff Brewer had a different perspective on how the TOC can help projects, based on his role, which is as an end user of CNCF projects. He is excited about the fact that end users of Kubernetes are talking with one another and helping to bring a customer focus to the TOC. By having that focus, the TOC can help to ensure that the projects it takes in aren't just cool projects that nobody actually uses, but rather are efforts that have practical utility. "We have over 80 end-user organization members and we look for them to really help us lead the way with the technical direction of the CNCF," he said.

CNCF SIGs

The CNCF was created in 2016 with only a single project — Kubernetes; it has grown in the years since. In 2019, the CNCF has six projects at the top level, known as "graduated", including: Kubernetes orchestration, Prometheus monitoring, Envoy service proxy, CoreDNS service discovery, containerd container runtime, and Fluentd for logging. There are 17 projects at the "incubating" level, which are projects that have not yet achieved the same level of maturity and adoption as graduated projects. Additionally, there are 15 projects at the "sandbox" level, which is the initial point of entry into the CNCF for new efforts that are are just getting started.

Alexis Richardson, who previously served as TOC chair, commented that 2019 has been the year in which the CNCF developed from being a startup type of organization to one that can really scale. "We've got the basics in place to have a new industry platform for cloud native applications, consisting of Kubernetes and many other pieces," he said. "That's not to say there's a single stack or anything like that, but it is a toolchain that collectively can solve the customer problem of 'how do I go cloud native?'."

Part of the maturation process for the CNCF is an effort to improve the level of diversity and contribution in the whole community. Richardson said that the TOC felt a bit embarrassed that there were the limited number of TOC seats, where people had a voice, but beyond that some people might have felt excluded. "We were also bottlenecking in the TOC. We had a number of things to do and we were meeting once a fortnight for an hour and I think everybody was getting quite depressed with that and we were not making enough progress," Richardson said. "So we had to call a halt and figure out how can we to step back and actually scale this across the key activity areas we've got to grow."

In an effort to improve contribution, the TOC took a page from the Kubernetes project playbook and has started CNCF Special Interest Groups (SIGs). The Kubernetes SIGs represent areas of responsibility for various operations. A previous article from KubeCon EU reported on sessions that outlined the activities of the Kubernetes Release and Architecture SIGs.

The new CNCF SIG construct brings together contributors to address issues that impact multiple projects. Among the first CNCF SIGs is one for security, which is in the process of conducting threat assessments for the projects. Liz Rice, the current chair of the TOC, commented that the new CNCF SIGs are all about benefiting from the expertise that's out in the community because the members of the TOC can't know everything.

Archiving projects

So far the CNCF has only added new projects, but panel moderator and CNCF COO Chris Aniszcyk noted that the TOC recently approved an approach for archiving projects that are no longer active. The idea of archiving non-active projects is not unique to CNCF, the Apache Software Foundation has its own approach, known as the Attic, where projects are archived. Richardson said that the goal is for archived projects to move to the Linux Foundation, so that intellectual property and code can all still be retained. The CNCF itself is part of the Linux Foundation, though it has its own operations staff and resources. Aniszcyk added that active projects are able to use CNCF resources, which are limited; by moving inactive projects, clutter can be reduced, which helps retain the organization's overall operating efficiency.

During the KubeCon meeting, there was no public mention about any specific projects that would be archived. That changed however during a TOC meeting [YouTube video] held after KubeCon, during which members talked about starting the process to add the rkt container runtime project to the archive. The rkt effort was originally started by CoreOS as an alternative to the Docker Engine. After CoreOS was acquired by Red Hat in 2018, development on rkt slowed for several reasons, in particular the switch to the cri-o container runtime for OpenShift 4.0.

Standards versus specifications

During the session, the TOC members were asked about the types of projects that could have a home as part of the CNCF. Rice said that she has no idea how many total projects there can or should be within the CNCF. She noted that the process of bringing new projects into the CNCF is still evolving as needs are determined and project usefulness is evaluated.

TOC members were also asked if there is a need for the CNCF to have projects that serve to define technical standards or specifications. Beda noted that there are several projects within the CNCF today, including SPIRE, Container Network Interface (CNI), and The Update Framework (TUF) that are specification projects. "We try and distinguish between a specification and a standard," Beda said. "A standard is like a stamp of approval type of thing and we don't see ourselves as a standard body."

Beda explained that he sees a standard as a recommendation for a particular way of doing a certain operation, which isn't what the CNCF wants to be advocating. On the other hand, he noted that there is a clear need in some cases for conformance testing, which is what the CNCF provides for Kubernetes. That testing ensures that a given vendor implementation works in a certain way and is compatible and interoperable with other Kubernetes deployments. "There is an interest in saying like 'hey if you're gonna call yourself Kubernetes you have got to meet a certain bar,' but that doesn't mean that Kubernetes is the standard orchestrator."

Beda argued that, as a hypothetical example, if Hashicorp decided that it wanted to move its Nomad orchestrator to the CNCF, the TOC would seriously consider it. He added that having competing projects within the CNCF is part of the organization's overall direction. "CNCF is a toolbox and not a platform," Beda said. "So there's this tension between actually providing cloud native thinking in general, versus a specific path through cloud native."

Though, the TOC did not come to any concrete conclusions or make any grand visionary statements during the public meeting, it did serve to illustrate how things are changing within the CNCF. The move toward a broader set of options for participation with the CNCF SIGs is a positive step forward as is the idea that the TOC should do more than just act as a gatekeeper for new projects. Though the CNCF has yet to officially archive a project, that time will come soon enough as well and it seems clear at this point that rkt will be the first archived project.

YouTube video of the public TOC meeting held at KubeCon is available.