Tweet
Tweet

Slide 1

Slide 1 text

Managing the Kubernetes Contributor Community A peek behind the curtain Bob Killen @mrbobbytables Jeff Sica @jeefy

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

$ whoami - Jeff Jeffrey Sica jeef111x@gmail.com Senior Software Engineer @ CNCF Ambassador Github: @jeefy Twitter: @jeefy

Slide 4

Slide 4 text

$ whoami - Bob Bob Killen bob.killen@linux.com Senior Research Cloud Administrator CNCF Ambassador Github: @mrbobbytables Twitter: @mrbobbytables

Slide 5

Slide 5 text

tl;dr Kubernetes ● Open Source vendor-neutral container orchestration system initially created by Google in 2014 ● Donated as the inception project to the CNCF (Cloud Native Computing Foundation) in 2015 ● Grown to become the standard for container orchestration Image Source @jeefy @mrbobbytables

Slide 6

Slide 6 text

What is the Kubernetes Community #1 OSS project by developer activity* #2 project by Pull Requests* Source: devstats Community Stats (2020-02-21) Contributors 42,000+ Org Members 1,225 Repos 209 Pull Requests 148,000~ Slack 92,000+ * As of 2020-02-25 - Ref: CNCF Velocity Report @jeefy @mrbobbytables

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

@jeefy @mrbobbytables Distribution is better than centralization Community over product or company Automation over process Inclusive is better than exclusive Evolution is better than stagnation Source: http://git.k8s.io/community/values.md

Slide 12

Slide 12 text

The first contribution... @jeefy @mrbobbytables

Slide 13

Slide 13 text

The first contribution... @jeefy @mrbobbytables First interaction will be with our bots

Slide 14

Slide 14 text

A word on CI...Prow ● Prow ● Supports three types of jobs: ○ Periodics ○ Pre-submits ○ Post-submits ● Project CI is defined within one repo: test-infra ● Performs tests and merges PRs based on labels and rules

Slide 15

Slide 15 text

A word on CI...ProwJob presubmits: kubernetes/org: - name: pull-org-verify-all always_run: true decorate: true labels: preset-service-account: "true" preset-bazel-scratch-dir: "true" spec: Containers: - image: launcher.gcr.io/google/bazel:0.29.1 command: - ./hack/verify-all.sh annotations: testgrid-num-columns-recent: '30' testgrid-create-test-group: 'true'

Slide 16

Slide 16 text

A word on CI...Tests

Slide 17

Slide 17 text

The first contribution...labels @jeefy @mrbobbytables ● Provide verbose messages regarding PR ● Check state of PR ○ Check CLA ○ Check kind label (bug, feature, etc) ○ Check priority ○ Check commit message ○ Check for release notes in PR template ○ Applies group (SIG) labels based on files being updated (more on this later…)

Slide 18

Slide 18 text

...but first! The CLA

Slide 19

Slide 19 text

...but first! The CLA

Slide 20

Slide 20 text

The first contribution...assigning reviewers @jeefy @mrbobbytables ● Prow Plugin: Blunderbuss ● Reviewers are selected from OWNERS files ● Inspired by Chromium’s OWNERS files / GitHub’s CODEOWNERS files ● Each directory can contain an independent OWNERS file ○ If not found in current directory, it walks backwards up the directory tree till one is found ● Root of repo can contain a aliases to groups of contributors in an OWNERS_ALIASES file approvers: - alice - bob reviewers: - alice - carl - sig-foo # alias labels: - sig/foo OWNERS

Slide 21

Slide 21 text

The first contribution...assigning reviewers @jeefy @mrbobbytables ● Prow Plugin: Blunderbuss ● Reviewers are selected from OWNERS files ● Inspired by Chromium’s OWNERS files / GitHub’s CODEOWNERS files ● Each directory can contain an independent OWNERS file ○ If not found in current directory, it walks backwards up the directory tree till one is found ● Root of repo can contain a aliases to groups of contributors in an OWNERS_ALIASES file

Slide 22

Slide 22 text

All BEFORE tests are run

Slide 23

Slide 23 text

The first contribution...ok-to-test @jeefy @mrbobbytables ● /ok-to-test allows CI to be run for PRs proposed from non Kubernetes Org members. ● Any Org member may comment with /ok-to-test ● Commonly applied by reviewers after first pass a PR

Slide 24

Slide 24 text

The first contribution...ok-to-test ● /ok-to-test allows CI to be run for PRs proposed from non Kubernetes Org members. ● Any Org member may comment with /ok-to-test ● Commonly applied by reviewers after first pass a PR @jeefy @mrbobbytables

Slide 25

Slide 25 text

The first contribution...tests ● Testing Kubernetes is expensive ○ 1.5 - 2 hours to complete the full test suite ● Retesting of just failed jobs ● Flakes are sadly still common :( @jeefy @mrbobbytables

Slide 26

Slide 26 text

The first contribution...lgtm ● Prow Plugin: LGTM ● Any org Member may apply the lgtm label ● Commonly applied by reviewers after comments or by those they loop in ● Signals the PR should be good for final review from an approver @jeefy @mrbobbytables

Slide 27

Slide 27 text

The first contribution...approve approvers: - alice - bob reviewers: - alice - carl - sig-foo # alias labels: - sig/foo OWNERS @jeefy @mrbobbytables ● Prow Plugin: Approvers ● Only approvers listed in an OWNERS file may approve

Slide 28

Slide 28 text

The first contribution...approve ● Prow Plugin: Approvers ● Only approvers listed in an OWNERS file may approve ● Requires /approve from each area the PR touches or a higher level approver. @jeefy @mrbobbytables

Slide 29

Slide 29 text

The first contribution...approve ● Prow Plugin: Approvers ● Only approvers listed in an OWNERS file may approve ● Requires /approve from each area the PR touches or a higher level approver. @jeefy @mrbobbytables PR will now be merged \o/

Slide 30

Slide 30 text

Finding Your Place in the Community

Slide 31

Slide 31 text

Community Groups Special Interest Group Primary organizational unit of the Kubernetes Project. Code developed by the project must be owned by a SIG. Working Group Short lived groups to tackle cross-cutting SIG efforts. Code is owned by one or more of the sponsoring SIGs. User Group Provide a means for end users to collaborate along with a unifying voice to drive specific features. Cannot own code. Committee Handle sensitive topics (security, Code of Conduct etc) No open membership; Members are elected or appointed @jeefy @mrbobbytables

Slide 32

Slide 32 text

Release Contributor Experience PM Docs Testing API Machinery CLI UI Multicluster Windows Auth Apps Autoscaling Cluster Lifecycle Instrumentation Network Node Scalability Scheduling Service Catalog Storage Resource Management Steering Project Horizontal Vertical Architecture Code of Conduct Product Security Big Data Cloud Provider Component Standard IoT Edge K8s infra Machine Learning Multitenancy Policy Security Audit LTS Apply Usability Applications Resource Management Infrastructure Working group SIG Committee User group VMware Data Protection Community Group Structure

Slide 33

Slide 33 text

The Community Repo ● Community groups are managed in the kubernetes/community repo. ● Each group has a directory that contains information about the group itself ○ Charter ○ README @jeefy @mrbobbytables

Slide 34

Slide 34 text

Source of truth...sigs.yaml ● Metadata regarding the group is stored in sigs.yaml ● Human friendly version: sig-list.md ● Community Group READMEs are rendered using go template using the information from sigs.yaml

Slide 35

Slide 35 text

Getting involved...Zoom ● Every SIG/WG/UG has regularly scheduled meetings ● All meetings are uploaded to the Kubernetes Community YouTube Channel ○ In process of being automated via splain.io Zoom -> Youtube bridge @jeefy @mrbobbytables

Slide 36

Slide 36 text

Getting involved...Zoom ● Every SIG/WG/UG has regularly scheduled meetings ● All meetings are uploaded to the Kubernetes Community YouTube Channel ○ In process of being automated via splain.io Zoom -> Youtube bridge @jeefy @mrbobbytables ...sometimes we get a little slap happy

Slide 37

Slide 37 text

The ladder @jeefy @mrbobbytables Subproject Owner - Set priorities and approve proposals for subproject - Responsibility and leadership for entire repository/directory Approver - Approve contributions for acceptance - Highly experienced reviewer and contributor in subproject Reviewer - History of reviewing; reviews frequently - Authorship in subproject Member - Active contributor to the project - Sponsored by two Reviewers Non-member Contributors

Slide 38

Slide 38 text

Becoming an Org Member It’s about building trust... @jeefy @mrbobbytables

Slide 39

Slide 39 text

Becoming an Org Member ● Community Membership Requirements ● Be active within the community ● Find two sponsors (a reviewer or approver from different companies) ● File a GitHub Issue That’s It! @jeefy @mrbobbytables

Slide 40

Slide 40 text

Peribolos ● Prow Plugin: Peribolos ● GitOps for GitHub management ● Defines base org settings ● Org Membership ● GitHub Teams name: Kubernetes description: Kubernetes default_repository_permission: read has_organization_projects: true has_repository_projects: true members_can_create_repositories: false billing_email: github@kubernetes.io admins: - cblecker ... members: - 27149chen ... teams: metrics-admins: description: Admin access to the metrics repo members: - DirectXMan12 ... privacy: closed @jeefy @mrbobbytables

Slide 41

Slide 41 text

Peribolos Team management can be delegated... @jeefy @mrbobbytables teams: sig-architecture-api-reviews: description: ... members: - bgrant0607 - liggitt - smarterclayton privacy: closed sig-architecture-bugs: description: ... members: - bgrant0607 privacy: closed ...

Slide 42

Slide 42 text

Becoming an Org Member @jeefy @mrbobbytables

Slide 43

Slide 43 text

Growing your role

Slide 44

Slide 44 text

Slack ● 92,000+ Users ● 36 regions represented @jeefy @mrbobbytables ● 380+ Channels ● 700+ Custom Emojis

Slide 45

Slide 45 text

Slack ● 92,000+ Users ● 36 regions represented @jeefy @mrbobbytables ● 380+ Channels ● 700+ Custom Emojis ...We do like our emojis

Slide 46

Slide 46 text

Slack...complications ● No audit trail without contacting slack ● Users cannot block other users ● Handles are free-text and can have duplicates ● Have to use 3rd party app for “open” sign-up ● Undocumented or inconsistent APIs @jeefy @mrbobbytables ..BUT it’s the standard because folks use it for $dayjob

Slide 47

Slide 47 text

Making Slack Safe for Open Communities ● Slack-Infra Tools ○ Slack-welcomer - Sends a welcome message to every new user who joins Slack ○ Slack-event-log - Global event logging for Slack ○ Slack-report-message - Enables Slack users to report messages; sending them to a channel ○ Slack-moderator - Allows an Admin or Owner to inactive a user and delete their content. ○ Tempelis - GitOps for Slack channels and User Groups @jeefy @mrbobbytables Katharine Berry

Slide 48

Slide 48 text

Slack Reporter @jeefy @mrbobbytables

Slide 49

Slide 49 text

Slack Reporter @jeefy @mrbobbytables ¯\_(ツ)_/¯

Slide 50

Slide 50 text

Tempelis ● Manages channels and usergroups ○ Create / Update / Archive ● Management can be delegated by use of restrictions @jeefy @mrbobbytables restrictions: ... - path: "sig-docs/*.yaml" channels: - "^kubernetes-docs-[a-z]{2}$" - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ...

Slide 51

Slide 51 text

Tempelis @jeefy @mrbobbytables restrictions: ... - path: "sig-docs/*.yaml" channels: - "^kubernetes-docs-[a-z]{2}$" - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ... ● Manages channels and usergroups ○ Create / Update / Archive ● Management can be delegated by use of restrictions

Slide 52

Slide 52 text

Tempelis Channel Delegation @jeefy @mrbobbytables

Slide 53

Slide 53 text

Tempelis User Groups @jeefy @mrbobbytables users: alejandrox1: U6AS37R50 aleksandra-malinowska: U357LUPHS bubblemelon: U7K9C643G calebamiles: U1ZDD4CUR castrojo: U1W1Q6PRQ ... sumitranr: UCQN13L9H tpepper: U6UB5V4TX Tunde: UAY977ENN

Slide 54

Slide 54 text

Tempelis User Groups @jeefy @mrbobbytables restrictions: ... - path: "sig-release/*.yaml" channels: - "^sig-release$" - "^release-" usergroups: - "^release-" ...

Slide 55

Slide 55 text

K8s.io: Google Group Membership ● Project: k8s.io/groups ● GitOps for Gsuite Google Group Management ○ Manages 70 *@kubernetes.io accounts ○ NOT used for community group accounts (SIG/WG/UG) ● Token is secured in repo via git-crypt groups: ... - email-id: community@kubernetes.io name: community description: |- settings: WhoCanPostMessage: "ANYONE_CAN_POST" ReconcileMembers: "true" owners: - ihor@cncf.io - jorgec@vmware.com - killen.bob@gmail.com - parispittman@google.com managers: - pal.nabarun95@gmail.com members: - dgiles@linuxfoundation.com - jberkus@redhat.com

Slide 56

Slide 56 text

K8s.io: Domains ● Project: k8s.io/dns ● Use GitHub’s ocotoDNS to manage all Kubernetes owned domains ● All domains / url rewrites are managed via source control

Slide 57

Slide 57 text

Contributor Summits 8 Events since 2014 Currently spanning EU, APAC, and NA Contributor-focused content New Contributor Workshops for onboarding Pre-summit socials “When you’re Kubernetes, you’re family” - Ancient Proverb

Slide 58

Slide 58 text

Steering and Elections ● Steering Committee oversees project governance and defines the overall project values and structure ○ NOT the technical direction of the project ○ 7 Members ○ 2 year term staggered by 4 / 3 split ● Voting Requirements ○ 50 DevStats recorded contributions within the past year ○ Exceptions allowed and vetted by election committee

Slide 59

Slide 59 text

DevStats ● Devstats project ● https://devstats.cncf.io/ ● Toolset to visualize GitHub archives (GitHub events) using Grafana dashboards ● Data available for every CNCF project ● Exportable for further analysis

Slide 60

Slide 60 text

No content

Slide 61

Slide 61 text

Automation is meant to help people.

Slide 62

Slide 62 text

Thank you!