Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

A peek behind the curtain: Managing the Kuberne...

A peek behind the curtain: Managing the Kubernetes Contributor Community

The Kubernetes community is a vibrant beacon in open source. It takes a village to enable a city of contributors doing what they do best. There are a lot of fun stories and lessons to be shared from helping out the community. One lesson is taken straight from the Kubernetes project itself: declarative config management. Most aspects of the community are managed using declarative configs. Adding a new SIG, GitHub org member, and even Slack channel, involves updating and PRing a change into one of the many Kubernetes repos. Adopting this methodology provides the community the means to self-manage itself. Join us as we journey through the many bits of community automation and weigh the merits of automating every aspect of our community.

https://www.socallinuxexpo.org/scale/18x/presentations/peek-behind-curtain-managing-kubernetes-contributor-community

Bob Killen

March 07, 2020
Tweet

More Decks by Bob Killen

Other Decks in Programming

Transcript

  1. $ whoami - Jeff Jeffrey Sica [email protected] Senior Software Engineer

    @ CNCF Ambassador Github: @jeefy Twitter: @jeefy
  2. $ whoami - Bob Bob Killen [email protected] Senior Research Cloud

    Administrator CNCF Ambassador Github: @mrbobbytables Twitter: @mrbobbytables
  3. tl;dr Kubernetes • Open Source vendor-neutral container orchestration system initially

    created by Google in 2014 • Donated as the inception project to the CNCF (Cloud Native Computing Foundation) in 2015 • Grown to become the standard for container orchestration Image Source @jeefy @mrbobbytables
  4. What is the Kubernetes Community #1 OSS project by developer

    activity* #2 project by Pull Requests* Source: devstats Community Stats (2020-02-21) Contributors 42,000+ Org Members 1,225 Repos 209 Pull Requests 148,000~ Slack 92,000+ * As of 2020-02-25 - Ref: CNCF Velocity Report @jeefy @mrbobbytables
  5. @jeefy @mrbobbytables Distribution is better than centralization Community over product

    or company Automation over process Inclusive is better than exclusive Evolution is better than stagnation Source: http://git.k8s.io/community/values.md
  6. A word on CI...Prow • Prow • Supports three types

    of jobs: ◦ Periodics ◦ Pre-submits ◦ Post-submits • Project CI is defined within one repo: test-infra • Performs tests and merges PRs based on labels and rules
  7. A word on CI...ProwJob presubmits: kubernetes/org: - name: pull-org-verify-all always_run:

    true decorate: true labels: preset-service-account: "true" preset-bazel-scratch-dir: "true" spec: Containers: - image: launcher.gcr.io/google/bazel:0.29.1 command: - ./hack/verify-all.sh annotations: testgrid-num-columns-recent: '30' testgrid-create-test-group: 'true'
  8. The first contribution...labels @jeefy @mrbobbytables • Provide verbose messages regarding

    PR • Check state of PR ◦ Check CLA ◦ Check kind label (bug, feature, etc) ◦ Check priority ◦ Check commit message ◦ Check for release notes in PR template ◦ Applies group (SIG) labels based on files being updated (more on this later…)
  9. The first contribution...assigning reviewers @jeefy @mrbobbytables • Prow Plugin: Blunderbuss

    • Reviewers are selected from OWNERS files • Inspired by Chromium’s OWNERS files / GitHub’s CODEOWNERS files • Each directory can contain an independent OWNERS file ◦ If not found in current directory, it walks backwards up the directory tree till one is found • Root of repo can contain a aliases to groups of contributors in an OWNERS_ALIASES file approvers: - alice - bob reviewers: - alice - carl - sig-foo # alias labels: - sig/foo OWNERS
  10. The first contribution...assigning reviewers @jeefy @mrbobbytables • Prow Plugin: Blunderbuss

    • Reviewers are selected from OWNERS files • Inspired by Chromium’s OWNERS files / GitHub’s CODEOWNERS files • Each directory can contain an independent OWNERS file ◦ If not found in current directory, it walks backwards up the directory tree till one is found • Root of repo can contain a aliases to groups of contributors in an OWNERS_ALIASES file
  11. The first contribution...ok-to-test @jeefy @mrbobbytables • /ok-to-test allows CI to

    be run for PRs proposed from non Kubernetes Org members. • Any Org member may comment with /ok-to-test • Commonly applied by reviewers after first pass a PR
  12. The first contribution...ok-to-test • /ok-to-test allows CI to be run

    for PRs proposed from non Kubernetes Org members. • Any Org member may comment with /ok-to-test • Commonly applied by reviewers after first pass a PR @jeefy @mrbobbytables
  13. The first contribution...tests • Testing Kubernetes is expensive ◦ 1.5

    - 2 hours to complete the full test suite • Retesting of just failed jobs • Flakes are sadly still common :( @jeefy @mrbobbytables
  14. The first contribution...lgtm • Prow Plugin: LGTM • Any org

    Member may apply the lgtm label • Commonly applied by reviewers after comments or by those they loop in • Signals the PR should be good for final review from an approver @jeefy @mrbobbytables
  15. The first contribution...approve approvers: - alice - bob reviewers: -

    alice - carl - sig-foo # alias labels: - sig/foo OWNERS @jeefy @mrbobbytables • Prow Plugin: Approvers • Only approvers listed in an OWNERS file may approve
  16. The first contribution...approve • Prow Plugin: Approvers • Only approvers

    listed in an OWNERS file may approve • Requires /approve from each area the PR touches or a higher level approver. @jeefy @mrbobbytables
  17. The first contribution...approve • Prow Plugin: Approvers • Only approvers

    listed in an OWNERS file may approve • Requires /approve from each area the PR touches or a higher level approver. @jeefy @mrbobbytables PR will now be merged \o/
  18. Community Groups Special Interest Group Primary organizational unit of the

    Kubernetes Project. Code developed by the project must be owned by a SIG. Working Group Short lived groups to tackle cross-cutting SIG efforts. Code is owned by one or more of the sponsoring SIGs. User Group Provide a means for end users to collaborate along with a unifying voice to drive specific features. Cannot own code. Committee Handle sensitive topics (security, Code of Conduct etc) No open membership; Members are elected or appointed @jeefy @mrbobbytables
  19. Release Contributor Experience PM Docs Testing API Machinery CLI UI

    Multicluster Windows Auth Apps Autoscaling Cluster Lifecycle Instrumentation Network Node Scalability Scheduling Service Catalog Storage Resource Management Steering Project Horizontal Vertical Architecture Code of Conduct Product Security Big Data Cloud Provider Component Standard IoT Edge K8s infra Machine Learning Multitenancy Policy Security Audit LTS Apply Usability Applications Resource Management Infrastructure Working group SIG Committee User group VMware Data Protection Community Group Structure
  20. The Community Repo • Community groups are managed in the

    kubernetes/community repo. • Each group has a directory that contains information about the group itself ◦ Charter ◦ README @jeefy @mrbobbytables
  21. Source of truth...sigs.yaml • Metadata regarding the group is stored

    in sigs.yaml • Human friendly version: sig-list.md • Community Group READMEs are rendered using go template using the information from sigs.yaml
  22. Getting involved...Zoom • Every SIG/WG/UG has regularly scheduled meetings •

    All meetings are uploaded to the Kubernetes Community YouTube Channel ◦ In process of being automated via splain.io Zoom -> Youtube bridge @jeefy @mrbobbytables
  23. Getting involved...Zoom • Every SIG/WG/UG has regularly scheduled meetings •

    All meetings are uploaded to the Kubernetes Community YouTube Channel ◦ In process of being automated via splain.io Zoom -> Youtube bridge @jeefy @mrbobbytables ...sometimes we get a little slap happy
  24. The ladder @jeefy @mrbobbytables Subproject Owner - Set priorities and

    approve proposals for subproject - Responsibility and leadership for entire repository/directory Approver - Approve contributions for acceptance - Highly experienced reviewer and contributor in subproject Reviewer - History of reviewing; reviews frequently - Authorship in subproject Member - Active contributor to the project - Sponsored by two Reviewers Non-member Contributors
  25. Becoming an Org Member • Community Membership Requirements • Be

    active within the community • Find two sponsors (a reviewer or approver from different companies) • File a GitHub Issue That’s It! @jeefy @mrbobbytables
  26. Peribolos • Prow Plugin: Peribolos • GitOps for GitHub management

    • Defines base org settings • Org Membership • GitHub Teams name: Kubernetes description: Kubernetes default_repository_permission: read has_organization_projects: true has_repository_projects: true members_can_create_repositories: false billing_email: [email protected] admins: - cblecker ... members: - 27149chen ... teams: metrics-admins: description: Admin access to the metrics repo members: - DirectXMan12 ... privacy: closed @jeefy @mrbobbytables
  27. Peribolos Team management can be delegated... @jeefy @mrbobbytables teams: sig-architecture-api-reviews:

    description: ... members: - bgrant0607 - liggitt - smarterclayton privacy: closed sig-architecture-bugs: description: ... members: - bgrant0607 privacy: closed ...
  28. Slack • 92,000+ Users • 36 regions represented @jeefy @mrbobbytables

    • 380+ Channels • 700+ Custom Emojis ...We do like our emojis
  29. Slack...complications • No audit trail without contacting slack • Users

    cannot block other users • Handles are free-text and can have duplicates • Have to use 3rd party app for “open” sign-up • Undocumented or inconsistent APIs @jeefy @mrbobbytables ..BUT it’s the standard because folks use it for $dayjob
  30. Making Slack Safe for Open Communities • Slack-Infra Tools ◦

    Slack-welcomer - Sends a welcome message to every new user who joins Slack ◦ Slack-event-log - Global event logging for Slack ◦ Slack-report-message - Enables Slack users to report messages; sending them to a channel ◦ Slack-moderator - Allows an Admin or Owner to inactive a user and delete their content. ◦ Tempelis - GitOps for Slack channels and User Groups @jeefy @mrbobbytables Katharine Berry
  31. Tempelis • Manages channels and usergroups ◦ Create / Update

    / Archive • Management can be delegated by use of restrictions @jeefy @mrbobbytables restrictions: ... - path: "sig-docs/*.yaml" channels: - "^kubernetes-docs-[a-z]{2}$" - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ...
  32. Tempelis @jeefy @mrbobbytables restrictions: ... - path: "sig-docs/*.yaml" channels: -

    "^kubernetes-docs-[a-z]{2}$" - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ... • Manages channels and usergroups ◦ Create / Update / Archive • Management can be delegated by use of restrictions
  33. Tempelis User Groups @jeefy @mrbobbytables users: alejandrox1: U6AS37R50 aleksandra-malinowska: U357LUPHS

    bubblemelon: U7K9C643G calebamiles: U1ZDD4CUR castrojo: U1W1Q6PRQ ... sumitranr: UCQN13L9H tpepper: U6UB5V4TX Tunde: UAY977ENN
  34. Tempelis User Groups @jeefy @mrbobbytables restrictions: ... - path: "sig-release/*.yaml"

    channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ...
  35. K8s.io: Google Group Membership • Project: k8s.io/groups • GitOps for

    Gsuite Google Group Management ◦ Manages 70 *@kubernetes.io accounts ◦ NOT used for community group accounts (SIG/WG/UG) • Token is secured in repo via git-crypt groups: ... - email-id: [email protected] name: community description: |- settings: WhoCanPostMessage: "ANYONE_CAN_POST" ReconcileMembers: "true" owners: - [email protected] - [email protected] - [email protected] - [email protected] managers: - [email protected] members: - [email protected] - [email protected]
  36. K8s.io: Domains • Project: k8s.io/dns • Use GitHub’s ocotoDNS to

    manage all Kubernetes owned domains • All domains / url rewrites are managed via source control
  37. Contributor Summits 8 Events since 2014 Currently spanning EU, APAC,

    and NA Contributor-focused content New Contributor Workshops for onboarding Pre-summit socials “When you’re Kubernetes, you’re family” - Ancient Proverb
  38. Steering and Elections • Steering Committee oversees project governance and

    defines the overall project values and structure ◦ NOT the technical direction of the project ◦ 7 Members ◦ 2 year term staggered by 4 / 3 split • Voting Requirements ◦ 50 DevStats recorded contributions within the past year ◦ Exceptions allowed and vetted by election committee
  39. DevStats • Devstats project • https://devstats.cncf.io/ • Toolset to visualize

    GitHub archives (GitHub events) using Grafana dashboards • Data available for every CNCF project • Exportable for further analysis