20231129 如何選擇適當的 CNCF Project 來使用

Transcript

1. 如何選擇適當的 CNCF Project 來使用 Cloud Native Taiwan User Group 2023/11

   Meetup Phil Huang <[email protected]> CNCF Ambassador / Senior Cloud Solution Architect, Microsoft 2023/11/29

2. © 2023 Cloud Native Computing Foundation 2 Credited by Slide:

   Navigating Open Source Project Hurdles to Achieve Community Empowerment - or how the heck do you get through graduation? YouTube: https://www.youtube.com/watch?v=9jTZR7GLvzo

3. CNCF's Mission "Make cloud native computing ubiquitous."

4. © 2023 Cloud Native Computing Foundation 4 CNCF is part

   of the Linux Foundation The Linux Foundation is much more than Linux today We are helping global privacy and security through a program to encrypt the entire internet. Security Networking We are creating ecosystems around networking to improve agility in the evolving software- defined datacenter. Cloud We are creating a portability layer for the cloud, driving de facto standards and developing the orchestration layer for all clouds. Automotive We are creating the platform for infotainment in the auto industry that can be expanded into instrument clusters and telematics systems. Blockchain We are creating a permanent, secure distributed ledger that makes it easier to create cost- efficient, decentralized business networks. We are regularly adding projects; for the most up-to-date listing of all projects visit tlfprojects.org Web Node.js and other projects are the application development framework for next generation web, mobile, serverless, and IoT applications.

5. © 2023 Cloud Native Computing Foundation 5 Containers Cloud Native

   From Virtualization to Cloud Native •Cloud native computing uses an open source software stack to: ◦ segment applications into microservices, ◦ package each part into its own container ◦ and dynamically orchestrate those containers to optimize resource utilization Open Source IaaS PaaS Open Source PaaS Virtualiza- tion 2000 2001 2006 2009 2010 2011 Non- Virtualized Hardware 2013 2015 IaaS

6. Check Landscape v2.0 https://cncf.landscape2.io

7. Top 30 projects Velocity

8. Linux Foundation Project Velocity

9. CNCF Project Velocity

10. © 2023 Cloud Native Computing Foundation 10 創新者 “技術為主” 早期多數

    “實用主義者” 落後者 “懷疑論者” “鴻溝” 晚期多數 “保守派” SANDBOX GRADUATED INCUBATING 早前採用者 “有遠見的人” CNCF Project Maturities

11. © 2023 Cloud Native Computing Foundation 11 CNCF Technical Oversight

    Committee (TOC) 1. Adoption by end users 2. Healthy rate of changes 3. Committers from multiple organizations 4. CNCF Code of Conduct 5. Maintained the OpenSSF Best Practices Badge Ref: https://github.com/cncf/toc/tree/main/process

12. © 2022 Cloud Native Computing Foundation 12 Sandbox Project "Joined

    CNCF"

13. © 2023 Cloud Native Computing Foundation 13 INNOVATORS “TECHIES” EARLY

    MAJORITY “PRAGMATISTS” LAGGARDS “SKEPTICS” “THE CHASM” LATE MAJORITY “CONSERVATIVES” SANDBOX EARLY ADOPTERS “VISIONARIES” CNCF Project Maturities: SANDBOX

14. © 2023 Cloud Native Computing Foundation 14 Sandbox Projects

15. © 2023 Cloud Native Computing Foundation 15 Governance Requirement •

    IP Policy requirements (遵循 CNCF 知識 產權規則) • Adopt CNCF Code of Conduct (遵守 CNCF 行為準則) • Discoverable and simple project governance Ref: https://github.com/cncf/foundation/blob/main/code-of-conduct.md • Sandbox • Incubating • Graduated

16. © 2023 Cloud Native Computing Foundation 16 Technical Documentation •

    Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases • Need to have demos, getting started guides, and how to install and use • Sandbox • Incubating • Graduated

17. © 2023 Cloud Native Computing Foundation 17 Security Requirements •

    Document and enforce access control rules • includes 2FA, CI Infra, GitHub, Google Workspace permissions • Reporting + Triage process for security vulnerabilities • Sandbox • Incubating • Graduated

18. © 2023 Cloud Native Computing Foundation 18 Who Sponsor /

    Support The Projects

19. © 2022 Cloud Native Computing Foundation 19 Incubating Project "Start

    of survey or early adoption"

20. © 2023 Cloud Native Computing Foundation 20 EARLY MAJORITY “PRAGMATISTS”

    LAGGARDS “SKEPTICS” “THE CHASM” LATE MAJORITY “CONSERVATIVES” INCUBATING CNCF Project Maturities: INCUBATING • Production case studies • Contributor docs and processes • More stability and roadmap

21. © 2023 Cloud Native Computing Foundation 21 Incubating Projects

22. © 2023 Cloud Native Computing Foundation 22 Governance Requirement •

    Public documented communication channel • Up-to-date meeting schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Sandbox • Incubating • Graduated

23. © 2023 Cloud Native Computing Foundation 23 Technical Documentation •

    Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases • What does the project do and why • Overview of project architecture & software design • Maintain roadmap / tracking mechanism • Project release process • Regular scan or implement CI check to prevent importing dependencies with an incompatible license • Sandbox • Incubating • Graduated Ref: https://clomonitor.io/projects/cncf/keycloak#keycloak_license

24. © 2023 Cloud Native Computing Foundation 24 Security Requirements •

    Document and enforce access control rules • includes 2FA, CI Infra, GitHub, Google Workspace permissions • Security vulnerability report / triage process • Achieve a passing score of the Open SSF (Open Source Security Foundation) "Best Practices" badge • Perform and document a Security Self- Assessment • Sandbox • Incubating • Graduated Ref: https://openssf.org/blog/2022/09/08/show-off-your-security-score-announcing-scorecards- badges/

25. © 2022 Cloud Native Computing Foundation 25 Graduated Project "Use

    It"

26. © 2023 Cloud Native Computing Foundation 26 EARLY MAJORITY “PRAGMATISTS”

    LAGGARDS “SKEPTICS” LATE MAJORITY “CONSERVATIVES” GRADUATED CNCF Project Maturities: GRADUATED • Committer and vendor diversity • Full committer lifecycle, emeritus members

27. © 2023 Cloud Native Computing Foundation 27 Graduated Projects

28. © 2023 Cloud Native Computing Foundation 28 Governance Requirement •

    Public documented communication channel • Up-to-date meeting schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Subproject leadership process documented • Sandbox • Incubating • Graduated

29. © 2023 Cloud Native Computing Foundation 29 Technical Documentation •

    Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases • What does the project do and why • Overview of project architecture & software design • Maintain roadmap / tracking mechanism • Project release process • Regular scan or implement CI check to prevent importing dependencies with an incompatible license • Roadmap change process • Sandbox • Incubating • Graduated Ref: https://clomonitor.io/projects/cncf/keycloak#keycloak_license

30. © 2023 Cloud Native Computing Foundation 30 Security Requirements •

    Document and enforce access control rules • includes 2FA, CI Infra, GitHub, Google Workspace permissions • Security vulnerability report / triage process • Achieve a passing score of the Open SSF (Open Secure Security Foundation) "Best Practices" badge • Perform and document a Security Self- Assessment • Third Party Security Audit • Resolve all High & Critical Flaws Discovered in Security Audit • Sandbox • Incubating • Graduated Ref: https://openssf.org/blog/2022/09/08/show-off-your-security-score-announcing-scorecards- badges/

31. Thanks