Slide 1

Slide 1 text

如何選擇適當的 CNCF Project 來使用 Cloud Native Taiwan User Group 2023/11 Meetup Phil Huang CNCF Ambassador / Senior Cloud Solution Architect, Microsoft 2023/11/29

Slide 2

Slide 2 text

© 2023 Cloud Native Computing Foundation 2 Credited by Slide: Navigating Open Source Project Hurdles to Achieve Community Empowerment - or how the heck do you get through graduation? YouTube: https://www.youtube.com/watch?v=9jTZR7GLvzo

Slide 3

Slide 3 text

CNCF's Mission "Make cloud native computing ubiquitous."

Slide 4

Slide 4 text

© 2023 Cloud Native Computing Foundation 4 CNCF is part of the Linux Foundation The Linux Foundation is much more than Linux today We are helping global privacy and security through a program to encrypt the entire internet. Security Networking We are creating ecosystems around networking to improve agility in the evolving software- defined datacenter. Cloud We are creating a portability layer for the cloud, driving de facto standards and developing the orchestration layer for all clouds. Automotive We are creating the platform for infotainment in the auto industry that can be expanded into instrument clusters and telematics systems. Blockchain We are creating a permanent, secure distributed ledger that makes it easier to create cost- efficient, decentralized business networks. We are regularly adding projects; for the most up-to-date listing of all projects visit tlfprojects.org Web Node.js and other projects are the application development framework for next generation web, mobile, serverless, and IoT applications.

Slide 5

Slide 5 text

© 2023 Cloud Native Computing Foundation 5 Containers Cloud Native From Virtualization to Cloud Native ●Cloud native computing uses an open source software stack to: ○ segment applications into microservices, ○ package each part into its own container ○ and dynamically orchestrate those containers to optimize resource utilization Open Source IaaS PaaS Open Source PaaS Virtualiza- tion 2000 2001 2006 2009 2010 2011 Non- Virtualized Hardware 2013 2015 IaaS

Slide 6

Slide 6 text

Check Landscape v2.0 https://cncf.landscape2.io

Slide 7

Slide 7 text

Top 30 projects Velocity

Slide 8

Slide 8 text

Linux Foundation Project Velocity

Slide 9

Slide 9 text

CNCF Project Velocity

Slide 10

Slide 10 text

© 2023 Cloud Native Computing Foundation 10 創新者 “技術為主” 早期多數 “實用主義者” 落後者 “懷疑論者” “鴻溝” 晚期多數 “保守派” SANDBOX GRADUATED INCUBATING 早前採用者 “有遠見的人” CNCF Project Maturities

Slide 11

Slide 11 text

© 2023 Cloud Native Computing Foundation 11 CNCF Technical Oversight Committee (TOC) 1. Adoption by end users 2. Healthy rate of changes 3. Committers from multiple organizations 4. CNCF Code of Conduct 5. Maintained the OpenSSF Best Practices Badge Ref: https://github.com/cncf/toc/tree/main/process

Slide 12

Slide 12 text

© 2022 Cloud Native Computing Foundation 12 Sandbox Project "Joined CNCF"

Slide 13

Slide 13 text

© 2023 Cloud Native Computing Foundation 13 INNOVATORS “TECHIES” EARLY MAJORITY “PRAGMATISTS” LAGGARDS “SKEPTICS” “THE CHASM” LATE MAJORITY “CONSERVATIVES” SANDBOX EARLY ADOPTERS “VISIONARIES” CNCF Project Maturities: SANDBOX

Slide 14

Slide 14 text

© 2023 Cloud Native Computing Foundation 14 Sandbox Projects

Slide 15

Slide 15 text

© 2023 Cloud Native Computing Foundation 15 Governance Requirement • IP Policy requirements (遵循 CNCF 知識 產權規則) • Adopt CNCF Code of Conduct (遵守 CNCF 行為準則) • Discoverable and simple project governance Ref: https://github.com/cncf/foundation/blob/main/code-of-conduct.md • Sandbox • Incubating • Graduated

Slide 16

Slide 16 text

© 2023 Cloud Native Computing Foundation 16 Technical Documentation • Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases • Need to have demos, getting started guides, and how to install and use • Sandbox • Incubating • Graduated

Slide 17

Slide 17 text

© 2023 Cloud Native Computing Foundation 17 Security Requirements • Document and enforce access control rules • includes 2FA, CI Infra, GitHub, Google Workspace permissions • Reporting + Triage process for security vulnerabilities • Sandbox • Incubating • Graduated

Slide 18

Slide 18 text

© 2023 Cloud Native Computing Foundation 18 Who Sponsor / Support The Projects

Slide 19

Slide 19 text

© 2022 Cloud Native Computing Foundation 19 Incubating Project "Start of survey or early adoption"

Slide 20

Slide 20 text

© 2023 Cloud Native Computing Foundation 20 EARLY MAJORITY “PRAGMATISTS” LAGGARDS “SKEPTICS” “THE CHASM” LATE MAJORITY “CONSERVATIVES” INCUBATING CNCF Project Maturities: INCUBATING • Production case studies • Contributor docs and processes • More stability and roadmap

Slide 21

Slide 21 text

© 2023 Cloud Native Computing Foundation 21 Incubating Projects

Slide 22

Slide 22 text

© 2023 Cloud Native Computing Foundation 22 Governance Requirement • Public documented communication channel • Up-to-date meeting schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Sandbox • Incubating • Graduated

Slide 23

Slide 23 text

© 2023 Cloud Native Computing Foundation 23 Technical Documentation • Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases • What does the project do and why • Overview of project architecture & software design • Maintain roadmap / tracking mechanism • Project release process • Regular scan or implement CI check to prevent importing dependencies with an incompatible license • Sandbox • Incubating • Graduated Ref: https://clomonitor.io/projects/cncf/keycloak#keycloak_license

Slide 24

Slide 24 text

© 2023 Cloud Native Computing Foundation 24 Security Requirements • Document and enforce access control rules • includes 2FA, CI Infra, GitHub, Google Workspace permissions • Security vulnerability report / triage process • Achieve a passing score of the Open SSF (Open Source Security Foundation) "Best Practices" badge • Perform and document a Security Self- Assessment • Sandbox • Incubating • Graduated Ref: https://openssf.org/blog/2022/09/08/show-off-your-security-score-announcing-scorecards- badges/

Slide 25

Slide 25 text

© 2022 Cloud Native Computing Foundation 25 Graduated Project "Use It"

Slide 26

Slide 26 text

© 2023 Cloud Native Computing Foundation 26 EARLY MAJORITY “PRAGMATISTS” LAGGARDS “SKEPTICS” LATE MAJORITY “CONSERVATIVES” GRADUATED CNCF Project Maturities: GRADUATED • Committer and vendor diversity • Full committer lifecycle, emeritus members

Slide 27

Slide 27 text

© 2023 Cloud Native Computing Foundation 27 Graduated Projects

Slide 28

Slide 28 text

© 2023 Cloud Native Computing Foundation 28 Governance Requirement • Public documented communication channel • Up-to-date meeting schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Subproject leadership process documented • Sandbox • Incubating • Graduated

Slide 29

Slide 29 text

© 2023 Cloud Native Computing Foundation 29 Technical Documentation • Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases • What does the project do and why • Overview of project architecture & software design • Maintain roadmap / tracking mechanism • Project release process • Regular scan or implement CI check to prevent importing dependencies with an incompatible license • Roadmap change process • Sandbox • Incubating • Graduated Ref: https://clomonitor.io/projects/cncf/keycloak#keycloak_license

Slide 30

Slide 30 text

© 2023 Cloud Native Computing Foundation 30 Security Requirements • Document and enforce access control rules • includes 2FA, CI Infra, GitHub, Google Workspace permissions • Security vulnerability report / triage process • Achieve a passing score of the Open SSF (Open Secure Security Foundation) "Best Practices" badge • Perform and document a Security Self- Assessment • Third Party Security Audit • Resolve all High & Critical Flaws Discovered in Security Audit • Sandbox • Incubating • Graduated Ref: https://openssf.org/blog/2022/09/08/show-off-your-security-score-announcing-scorecards- badges/

Slide 31

Slide 31 text

Thanks