A peek behind the curtain: Managing the Kubernetes Contributor Community

Transcript

1. Managing the Kubernetes Contributor Community A peek behind the curtain

   Bob Killen @mrbobbytables Jeff Sica @jeefy
2. None

3. $ whoami - Jeff Jeffrey Sica [email protected] Senior Software Engineer

   @ CNCF Ambassador Github: @jeefy Twitter: @jeefy

4. $ whoami - Bob Bob Killen [email protected] Senior Research Cloud

   Administrator CNCF Ambassador Github: @mrbobbytables Twitter: @mrbobbytables

5. tl;dr Kubernetes • Open Source vendor-neutral container orchestration system initially

   created by Google in 2014 • Donated as the inception project to the CNCF (Cloud Native Computing Foundation) in 2015 • Grown to become the standard for container orchestration Image Source @jeefy @mrbobbytables

6. What is the Kubernetes Community #1 OSS project by developer

   activity* #2 project by Pull Requests* Source: devstats Community Stats (2020-02-21) Contributors 42,000+ Org Members 1,225 Repos 209 Pull Requests 148,000~ Slack 92,000+ * As of 2020-02-25 - Ref: CNCF Velocity Report @jeefy @mrbobbytables
7. None
8. None
9. None
10. None

11. @jeefy @mrbobbytables Distribution is better than centralization Community over product

    or company Automation over process Inclusive is better than exclusive Evolution is better than stagnation Source: http://git.k8s.io/community/values.md

12. The first contribution... @jeefy @mrbobbytables

13. The first contribution... @jeefy @mrbobbytables First interaction will be with

    our bots

14. A word on CI...Prow • Prow • Supports three types

    of jobs: ◦ Periodics ◦ Pre-submits ◦ Post-submits • Project CI is defined within one repo: test-infra • Performs tests and merges PRs based on labels and rules

15. A word on CI...ProwJob presubmits: kubernetes/org: - name: pull-org-verify-all always_run:

    true decorate: true labels: preset-service-account: "true" preset-bazel-scratch-dir: "true" spec: Containers: - image: launcher.gcr.io/google/bazel:0.29.1 command: - ./hack/verify-all.sh annotations: testgrid-num-columns-recent: '30' testgrid-create-test-group: 'true'

16. A word on CI...Tests

17. The first contribution...labels @jeefy @mrbobbytables • Provide verbose messages regarding

    PR • Check state of PR ◦ Check CLA ◦ Check kind label (bug, feature, etc) ◦ Check priority ◦ Check commit message ◦ Check for release notes in PR template ◦ Applies group (SIG) labels based on files being updated (more on this later…)

18. ...but first! The CLA

19. ...but first! The CLA

20. The first contribution...assigning reviewers @jeefy @mrbobbytables • Prow Plugin: Blunderbuss

    • Reviewers are selected from OWNERS files • Inspired by Chromium’s OWNERS files / GitHub’s CODEOWNERS files • Each directory can contain an independent OWNERS file ◦ If not found in current directory, it walks backwards up the directory tree till one is found • Root of repo can contain a aliases to groups of contributors in an OWNERS_ALIASES file approvers: - alice - bob reviewers: - alice - carl - sig-foo # alias labels: - sig/foo OWNERS

21. The first contribution...assigning reviewers @jeefy @mrbobbytables • Prow Plugin: Blunderbuss

    • Reviewers are selected from OWNERS files • Inspired by Chromium’s OWNERS files / GitHub’s CODEOWNERS files • Each directory can contain an independent OWNERS file ◦ If not found in current directory, it walks backwards up the directory tree till one is found • Root of repo can contain a aliases to groups of contributors in an OWNERS_ALIASES file

22. All BEFORE tests are run

23. The first contribution...ok-to-test @jeefy @mrbobbytables • /ok-to-test allows CI to

    be run for PRs proposed from non Kubernetes Org members. • Any Org member may comment with /ok-to-test • Commonly applied by reviewers after first pass a PR

24. The first contribution...ok-to-test • /ok-to-test allows CI to be run

    for PRs proposed from non Kubernetes Org members. • Any Org member may comment with /ok-to-test • Commonly applied by reviewers after first pass a PR @jeefy @mrbobbytables

25. The first contribution...tests • Testing Kubernetes is expensive ◦ 1.5

    - 2 hours to complete the full test suite • Retesting of just failed jobs • Flakes are sadly still common :( @jeefy @mrbobbytables

26. The first contribution...lgtm • Prow Plugin: LGTM • Any org

    Member may apply the lgtm label • Commonly applied by reviewers after comments or by those they loop in • Signals the PR should be good for final review from an approver @jeefy @mrbobbytables

27. The first contribution...approve approvers: - alice - bob reviewers: -

    alice - carl - sig-foo # alias labels: - sig/foo OWNERS @jeefy @mrbobbytables • Prow Plugin: Approvers • Only approvers listed in an OWNERS file may approve

28. The first contribution...approve • Prow Plugin: Approvers • Only approvers

    listed in an OWNERS file may approve • Requires /approve from each area the PR touches or a higher level approver. @jeefy @mrbobbytables

29. The first contribution...approve • Prow Plugin: Approvers • Only approvers

    listed in an OWNERS file may approve • Requires /approve from each area the PR touches or a higher level approver. @jeefy @mrbobbytables PR will now be merged \o/

30. Finding Your Place in the Community

31. Community Groups Special Interest Group Primary organizational unit of the

    Kubernetes Project. Code developed by the project must be owned by a SIG. Working Group Short lived groups to tackle cross-cutting SIG efforts. Code is owned by one or more of the sponsoring SIGs. User Group Provide a means for end users to collaborate along with a unifying voice to drive specific features. Cannot own code. Committee Handle sensitive topics (security, Code of Conduct etc) No open membership; Members are elected or appointed @jeefy @mrbobbytables

32. Release Contributor Experience PM Docs Testing API Machinery CLI UI

    Multicluster Windows Auth Apps Autoscaling Cluster Lifecycle Instrumentation Network Node Scalability Scheduling Service Catalog Storage Resource Management Steering Project Horizontal Vertical Architecture Code of Conduct Product Security Big Data Cloud Provider Component Standard IoT Edge K8s infra Machine Learning Multitenancy Policy Security Audit LTS Apply Usability Applications Resource Management Infrastructure Working group SIG Committee User group VMware Data Protection Community Group Structure

33. The Community Repo • Community groups are managed in the

    kubernetes/community repo. • Each group has a directory that contains information about the group itself ◦ Charter ◦ README @jeefy @mrbobbytables

34. Source of truth...sigs.yaml • Metadata regarding the group is stored

    in sigs.yaml • Human friendly version: sig-list.md • Community Group READMEs are rendered using go template using the information from sigs.yaml

35. Getting involved...Zoom • Every SIG/WG/UG has regularly scheduled meetings •

    All meetings are uploaded to the Kubernetes Community YouTube Channel ◦ In process of being automated via splain.io Zoom -> Youtube bridge @jeefy @mrbobbytables

36. Getting involved...Zoom • Every SIG/WG/UG has regularly scheduled meetings •

    All meetings are uploaded to the Kubernetes Community YouTube Channel ◦ In process of being automated via splain.io Zoom -> Youtube bridge @jeefy @mrbobbytables ...sometimes we get a little slap happy

37. The ladder @jeefy @mrbobbytables Subproject Owner - Set priorities and

    approve proposals for subproject - Responsibility and leadership for entire repository/directory Approver - Approve contributions for acceptance - Highly experienced reviewer and contributor in subproject Reviewer - History of reviewing; reviews frequently - Authorship in subproject Member - Active contributor to the project - Sponsored by two Reviewers Non-member Contributors

38. Becoming an Org Member It’s about building trust... @jeefy @mrbobbytables

39. Becoming an Org Member • Community Membership Requirements • Be

    active within the community • Find two sponsors (a reviewer or approver from different companies) • File a GitHub Issue That’s It! @jeefy @mrbobbytables

40. Peribolos • Prow Plugin: Peribolos • GitOps for GitHub management

    • Defines base org settings • Org Membership • GitHub Teams name: Kubernetes description: Kubernetes default_repository_permission: read has_organization_projects: true has_repository_projects: true members_can_create_repositories: false billing_email: [email protected] admins: - cblecker ... members: - 27149chen ... teams: metrics-admins: description: Admin access to the metrics repo members: - DirectXMan12 ... privacy: closed @jeefy @mrbobbytables

41. Peribolos Team management can be delegated... @jeefy @mrbobbytables teams: sig-architecture-api-reviews:

    description: ... members: - bgrant0607 - liggitt - smarterclayton privacy: closed sig-architecture-bugs: description: ... members: - bgrant0607 privacy: closed ...

42. Becoming an Org Member @jeefy @mrbobbytables

43. Growing your role

44. Slack • 92,000+ Users • 36 regions represented @jeefy @mrbobbytables

    • 380+ Channels • 700+ Custom Emojis

45. Slack • 92,000+ Users • 36 regions represented @jeefy @mrbobbytables

    • 380+ Channels • 700+ Custom Emojis ...We do like our emojis

46. Slack...complications • No audit trail without contacting slack • Users

    cannot block other users • Handles are free-text and can have duplicates • Have to use 3rd party app for “open” sign-up • Undocumented or inconsistent APIs @jeefy @mrbobbytables ..BUT it’s the standard because folks use it for $dayjob

47. Making Slack Safe for Open Communities • Slack-Infra Tools ◦

    Slack-welcomer - Sends a welcome message to every new user who joins Slack ◦ Slack-event-log - Global event logging for Slack ◦ Slack-report-message - Enables Slack users to report messages; sending them to a channel ◦ Slack-moderator - Allows an Admin or Owner to inactive a user and delete their content. ◦ Tempelis - GitOps for Slack channels and User Groups @jeefy @mrbobbytables Katharine Berry

48. Slack Reporter @jeefy @mrbobbytables

49. Slack Reporter @jeefy @mrbobbytables ¯\_(ツ)_/¯

50. Tempelis • Manages channels and usergroups ◦ Create / Update

    / Archive • Management can be delegated by use of restrictions @jeefy @mrbobbytables restrictions: ... - path: "sig-docs/*.yaml" channels: - "^kubernetes-docs-[a-z]{2}$" - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ...

51. Tempelis @jeefy @mrbobbytables restrictions: ... - path: "sig-docs/*.yaml" channels: -

    "^kubernetes-docs-[a-z]{2}$" - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ... • Manages channels and usergroups ◦ Create / Update / Archive • Management can be delegated by use of restrictions

52. Tempelis Channel Delegation @jeefy @mrbobbytables

53. Tempelis User Groups @jeefy @mrbobbytables users: alejandrox1: U6AS37R50 aleksandra-malinowska: U357LUPHS

    bubblemelon: U7K9C643G calebamiles: U1ZDD4CUR castrojo: U1W1Q6PRQ ... sumitranr: UCQN13L9H tpepper: U6UB5V4TX Tunde: UAY977ENN

54. Tempelis User Groups @jeefy @mrbobbytables restrictions: ... - path: "sig-release/*.yaml"

    channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ...

55. K8s.io: Google Group Membership • Project: k8s.io/groups • GitOps for

    Gsuite Google Group Management ◦ Manages 70 *@kubernetes.io accounts ◦ NOT used for community group accounts (SIG/WG/UG) • Token is secured in repo via git-crypt groups: ... - email-id: [email protected] name: community description: |- settings: WhoCanPostMessage: "ANYONE_CAN_POST" ReconcileMembers: "true" owners: - [email protected] - [email protected] - [email protected] - [email protected] managers: - [email protected] members: - [email protected] - [email protected]

56. K8s.io: Domains • Project: k8s.io/dns • Use GitHub’s ocotoDNS to

    manage all Kubernetes owned domains • All domains / url rewrites are managed via source control

57. Contributor Summits 8 Events since 2014 Currently spanning EU, APAC,

    and NA Contributor-focused content New Contributor Workshops for onboarding Pre-summit socials “When you’re Kubernetes, you’re family” - Ancient Proverb

58. Steering and Elections • Steering Committee oversees project governance and

    defines the overall project values and structure ◦ NOT the technical direction of the project ◦ 7 Members ◦ 2 year term staggered by 4 / 3 split • Voting Requirements ◦ 50 DevStats recorded contributions within the past year ◦ Exceptions allowed and vetted by election committee

59. DevStats • Devstats project • https://devstats.cncf.io/ • Toolset to visualize

    GitHub archives (GitHub events) using Grafana dashboards • Data available for every CNCF project • Exportable for further analysis
60. None

61. Automation is meant to help people.

62. Thank you!