 Good morning. How are you? Good. I thought I might be the first for once I've never done that, but it looks like you beat me by probably 10 seconds. If I can share screen and all that it's already recording so we might have to chop off. It's agenda. I have the presentation. I can't hear you if you're trying to speak. Hi Katie, Emily will give folks about three, four minutes and then we'll get started. Today we don't have any so it's just us. You pick this up already right. Let's let me go fix this. This is already you're good. Hello. I'm dropping in. Let me all like rock and roll. Open your eyes. I'll stop messing with this. I mean, we can look at like the, uh, who's outstanding at the end of this. Yeah, yeah. I was just browsing until you were curious. Of course. I don't know like they where are they? Yeah. Hi. Hello everybody. Welcome George. It's been a while. Hey Dems. So two of you are in Austin, right? Amy, you are there and Richie, you too. Uh, an Aaron should be dialing in as well. Oh, okay. Thanks. Thanks for doing the screen share. I was not sure how a hotel wifi was going to hold up, but. Ready to rock and roll. Yeah, no worries. I was planning for you not to be here. I know, I know, but that's why I was like, okay, I'm in the drop in just to be able to make sure everything goes well. Uh, let's give 30 more seconds and we can get started. No worries Katie. Okay. We don't have quorum, but we also don't need quorum for this one. So. Okay. So, uh, let me get started. Uh, hi everyone. Today is June 21st. And this is the CNCF. To see meeting. Um, We'll be mostly looking at annual reviews today. Um, here is the antitrust policy notice. And as usual, uh, meeting logistics, uh, if you need it. Um, and we'll fill this up with the quorum, et cetera, later. And the agenda. So today we'll be doing annual reviews, like I said before, and let's start with the first one. Um, Justin, Justin did not make it today. Let me go over some notes that Justin had left here. There was also some notes that were there in private chat. So I'm going to pull them up too. So the goal of Cuba, Cuba OBM this year was to increase diversity in both contributors and adoption. Um, they've done some good work. Um, they have integrated with, uh, Cuba, Selim, Submariner. And I believe this is metal LB, uh, to provide a whole network solution. Improve user experience, document more things, host more events. Um, so it looks like they are trying to do all the right set of things. And a few other things that were there in private notes were around, um, hey, um, what slack are you using and these, uh, it wouldn't, would you all consider, um, moving to a different slack. Um, like the cuban is one or the CNCF one so that you know you can pull in more people from our communities. More cross pollination, et cetera. Um, the other one was, I don't think we found a good governance process. So I think we need to get the QBP and folks to talk to the six contributor strategy to pick one of the options that that are there or pick one option and then modify it to their needs. Um, and again, the usual culprit we have, we have issues around security. Um, we need to do better there, basically look at things that are being done in the community, whether it is cuban it is or continuity or some of the other things that a tax security can point them out to. That would be necessary as well. In addition to the things that are mentioned here, which is the more diversity in adoption and contributors. Um, and the other important feedback was, um, why do you need cuban when there are other things, what is the specific use cases. I think the documentation needs to be clearer there. Um, so some of these notes, we will end up typing it out in the pull request as well. But in case you are you all are watching cuban, that's what we're expecting you to do. So just to be clear, there is nobody from cuban here now. Is there. Not seeing anybody. Yeah, so any other observations from other to see members. No, one comment I want to add is, I think that project actually mostly position itself as a breach of the traditional software defined networking with the existing content based networking ecosystem. I think we need to ask them to highlight this clearly in their documentation. They do have added value here I can see but I think we need to ask them to add them this kind of message in their documentation. For example, I saw there are user cases in their local ecosystem that you think could be open to launch your work machines with containers together. This is all these are all I think value that cases. Yeah. Okay, sounds good. Thank you. I saw Justin pop up there, but he's not here so let's move on to the next one. Curie fence. Emily, could you please walk us through Curie fence. Yeah, I'm first if I want to see if there are any Curie fence maintainers or contributors on the call that would like to start talking about the project. If not, that's fine. Okay. So Curie fence is an API first DevOps oriented web defense HTTP filter adapter for envoy and engine X, and provides multiple security technologies such as web application firewalls application layer, distributed in a service protection bot management and a lot of other things along with real time traffic monitoring and transparency. Overall, the project has a pretty solid look of themselves they know where their areas are for growth. They only have a few projects and other and a few companies that are using them in a production ready capacity with more and more coming on board for development and testing purposes. The only recommendations that I can really find with the project because overall it's it's pretty solid and their documentation is great is more around driving that contributor growth and particular looking through their documentation the read me is a little bit light on content and it's more it's focused more on the use of the project. Rather than around the community management so there there should be a good balance between both of those within the read me, as well as making it more accessible to find information about community meetings so they used to have them in 2021 looks they dropped off so establishing a consistent ongoing community meeting if it's once a month once every two months, publishing publishing that making it more accessible to your users, leveraging the slack channels a little bit more so right now they've primarily been used as a support communication mechanism, so certainly driving more folks to attend those meetings develop more contributions that way and bringing a lot of that content back forward because it's it's deep in the in the GitHub is I think it's a couple of clicks through on the wiki to be able to find that they actually had them. That's pretty much it. Oh, Tim's is muted on purpose so awesome. That was great. Thank you. Sorry, you were muted on purpose. I saw you shouting at another corner so clearly, clearly. All right. Thanks Emily. Any questions from anybody else. Nice. Okay. For the next one distribution. Ricardo. I'll give I'll give this a can you hear me. Yeah. I'm in a noisy love love you without headphones. Alright, so distribution. So that's the core component for many registry operators. These things like Docker have container registry for GitHub and good lab, harbor with different flavors. So the interest is very high, obviously behind all these projects, but they realize the container engagement has been a problem. So there was one at it, but having a look at the list of maintainers which is quite extensive it seems that most are inactive. So this is something to look at. And aside from adoption. The question about the move to incubation. The project stated that they are waiting for the V3 release before applying for incubation. So here I had a couple of comments, which was this seems to be the main core of the work ongoing, but it is not reflected in the roadmap. If you take into the project page is not very clear. So I think I think that's something that could help bit days to review the roadmap, which hasn't been updated for a while, and especially describe the path to incubation. I think it's something that given the importance of the project, it would be really nice to work on. And the same for for the maintainers. One thing that I found a bit hard to find, or I couldn't actually find is the how to engage more with the project, like regular meetings for the project there's some pointers for things like contributing issues and PRs but there's not really a pointer on how to like go and listen to what the project is doing and where people can help things like this. And finally, for how the science staff and the TOC could help the project mentions that it's been helpful for project development, especially with integration with other components of the ecosystem. They give a couple of examples here with it helps cut you out and fuzzy system. I think the question here is really how can we help to get the project in a state that it cannot apply for incubation. So with getting more maintainers. So those would be questions for the project. I think you're muted Tim. Sorry. So the usual answer we have is, you know, look at the CNCF service desk and see if things are available there. If it's not there then we can figure out how to get them added there's a bunch of things that are available here. And yeah, so that that's basically what we will tell them. So come ask us on the TOC channel if you can't figure out how to get help with the things that you need to do essentially any other observations from the TOC members. Okay, next one we have is a service mission to face. SMI Dave, are you here? Yeah, you're here. Yeah, I'm here. I'm just walking down the street with my kids from school so let me know if it's too noisy right now make you talk for me. So I don't have anybody from SMI is on the call I wanted to give them a little bit of time to talk. And then my kind of big takeaways are on this slide but I'll pause for a second. I don't think anybody is here so please go ahead and I'll I'll just say some stuff and then they can correct me on slide or somewhere else. Overall the review looked good. There are a lot of like interesting and like big and small names in the in the review and like around their pages with companies and projects that are using this that are using SMI. And the hard thing with SMI is that it's a spec and most of our like rules and guidelines are written around projects that are like, I don't know what to call like actually built executable as opposed to specs. So, it looks pretty good. But they had a few questions that I kind of have the same questions of like what does it mean to apply for incubation when you are a spec. So I think we as a TOC and obviously anybody from the kind of community around should have that conversation of what it means to move to the stages of spec I think this isn't the first spec we've done this with like I think like if the inspire come to mind for me and there are probably others, but I think SMI is going to need some help navigating incubation like understanding when they're ready and then actually applying once they're ready as a spec, rather than as a, I don't know what to call it like a regular type project. And then my other big thing was just that in the health that they get from the CNCS section, they had written a few things that they had already gotten from the CNCS. And I wanted to tell us things we haven't done for them, but they think we could. I don't have anything else to add. Right, should we wait for them to reach the stage where they want to incubate, or do we need to do this earlier that I can reach out to them, or just put it in the PR because they wrote in their annual review. I don't know what it said, I don't have any front of me now but I think they wrote something along the lines of like, we think we're pretty much ready for incubation, but we're not quite sure what that means because we're a spec. So it'll probably be good for us to kind of get that conversation moving, even if it's extremely slow moving. Okay. And I can at least start that in the PR. Yes, absolutely. Dave, thanks for volunteering there. Thank you. Yeah, okay. Have a good walk back from school. Next one is Katie K8 GB. Yes, so disclaimer, I'm on the fifth floor but I have builders outside so it can get very noisy and sometimes swearing so if that happens I apologize and it's not it's not me. Back to, I'm not sure if there's anyone from KGB here. But this is a project that pretty much provides a GS will be a global global service load balancing. Multiple solutions are available how are they are vendor bound. There is nothing open source well case to be it's actually serving the problem so I think it's still a very relevant project. I think throughout their contributors actual maintainers, they have six maintainers five of which are from the same organization. So an advice is definitely kind of to improve that to get a bit more diversity and a bit more contributions from different organizations and yeah, kind of different industries as well. So the next one is, this is an upside donated project so they have a production use case with this case at KGB. So, it's great for that organization they have our doctors but there's no use cases is going to help to actually showcase a bit more of that. So definitely celebrate your successes and actually get those stories out. They do their latest achievements, it's looking quite good they try to integrate with different hubs, such as operator hub and artifact which is great for their visibility and kind of increase their transparency. So I think they're doing very good there. However, I haven't found the roadmap I looked through the project GitHub organization I can find a roadmap so please correct me. I will link it to the PR, if there is one. It's going to be great to see one of those. And in terms of the commits. This project was developed on a spike basis so it had a lot of commits at in one go. They still have some commits and PR is available now. However, it's definitely declined since that ginormous fight they had in the beginning. So again, kind of enforces the same thing they need more contributions and more people to look at. In terms of where they're moving. They're looking into integrating with other clusters of providers. Sorry. So currently they have integrations with AWS, but they're looking for other providers which I think is going to help again to increase the I still think it's a very good project, considering that it's an open source GSLB, but they just need that more kind of visibility and maybe collaborating and finding the right peers to integrate with our providers is going to help that. So, I think that's everything I wanted to say around this one. Yeah, overall, I haven't seen anything towards incubation movement but if they would like to move to the next stage. I would recommend increase your like diversify your contributor base. Actually celebrate your success. Do you have people that adopted your tool kind of write something about it and put it on the page as well. And I think, yeah, definitely it's more than they said. Thank you Katie. Any other observations from TSE members. Let's go to the next one. Qvela Harry. Yeah, so this project in general is in good shape. And we, we observe there are a lot of contributors and end users engaged in the ecosystem. Overall, this project position itself as an application delivery control plan. It naturally work with existing CI CD and give up a system along that you need to deploy applications. Of course multiple environments like stanging production or multiple cloud so basically it's more like a application deliver system that focus on multiple clustered multiple environments. This is a unique value. The highlight is this project indeed has serious design on minimizing user privilege, you know when you try to manage multiple clusters it has a five grand user impersonation and I back system to make sure that that those clustered cannot be abused. And the community growth is also solid. It's basically have doubled its contributors to, I think the 150 also after the sandbox and the contribution companies also going very fast. Well, I think this project still needs some improvements in its documentation for example. Although it's blog says it can work with our goal CD with Jenkins with a lot of virus systems but they barely provide documentation for that. And those blocks are easy to become all stated so I will say that they add these all of these integrations and formal documentation and samples and part of their website. Instead of just put them inside of the blog so overall I think this project in the good shape that they are asking for incubation planning for that I think they're on good track. You're doing that new thing again. Sorry. I'm just going to leave it on. Hi. Did you look at their security and governance stuff. How does it look, given that growing a lot right like so, putting some structures into place for governance would be important. I just mentioned that they do have a serious design in security part, because they, this project actually will, will manage multiple cluster and deliver application on that it's easy for them to ignore, you know, the user privileges. I think the highlight is that they do they have a very vibrant user impersonation system, in case the privilege becomes abused so I do think their security design is sunny. And speaking of governance they adopted the typical Kubernetes governance model basically reviewer poor container so very simple. So I don't think there any risk back with that part. Okay. Thank you. Any questions from other teams members. I have a quote. If you go and wander through the TOC, kind of like overall space. You will notice that cube Vela is still in onboarding. This is because the trademark agreement is still running out there. However, legal counsel has advised me that could take years. So, don't, don't have that be a hold up for incubation for them. Mark is not a blocker. That is exactly what I meant. Thank you. Thank you. Okay. Next is Matt. Let's talk about Brigade. Yeah, let's talk about Brigade so Brigade is basically event based scripting built on top of Kubernetes. The project isn't in great shape. They note that themselves their adoption for their V2 version as their API servers only had, you know, 2700 poles from Docker hub and outside of that they really haven't seen adoption from people picking it up. If you go and expand in the adoption side right now, there's only four maintainers and only one of them actively contributes to it. Two of them are doing reviews and two of them are no longer actively involved at all. And so they're just, there aren't people contributing to it very much. They don't really have users and they're aware of this problem. In fact, the one maintainer who's been actively involved is, you know, going to be even stepping back from that. And so they've been considering in fact the maintainers themselves got together and said hey, given that it's not getting uptake should this be archived. And once they had already decided to make that suggestion. They had somebody in the community who hasn't really contributed right say I'm I might be interested in taking it over. I'm not somebody who's been actively involved or any of that and so they're actually looking for input from the TOC and staff on how to move forward do they hand it off to somebody who they don't really know whether they'll carry it on, or do they just recommend to be archived because it's not it's not getting uptake. And that that's kind of where they're at decision wise with us. Yeah, so for me it feels like let's give it one more chance for the new person who is willing to help. And if it still doesn't work, then we can archive it. You know, that that's the way I would go about it. What does everybody else think. Yeah, and I will say that the person who's interested in taking it over needs to rally people around it. And they haven't been involved enough that by any governance means that they were ready to just hand off the keys they wanted our input before they handed it off, so to speak, because they don't know the people well enough to make that judgment call to hand off on their own. So it's that kind of disconnected relationship with somebody taking it over. Right. Okay. But the sense I got dims was this person wants to fork an experiment. I'm not even sure they want to try and contribute it to see and see if. Oh, this is one of the current four maintainers who will be kind of breaking away from it is just talking about doing a personal fork and playing with it with experimenting. But yeah, this would not be something to go back upstream they don't plan on being actively involved in. Yeah. The person who wants to fork and turn it into a personal project they can do whatever they want. Our, you know, thought here is if somebody wants to step up. If they could be brought on board and given some guidance for a period of time. And if that doesn't still work out then we archive it. So should we say, okay. Say, give them time until until the next annual release and at that time, if things haven't moved in a good direction then we archive it. I'm actually going to give you a shorter timeline I would like to see progress and changes by keep calm Detroit. Works for me. Because like, if, if all just like, if it's not going to work out like that, let us make that call early rather than giving another annual review cycle. Yeah, then life support and torture. And that's not no no no it's fine to be able to say this was a great idea. It is now archives. That is great. It's okay to archive things. Oh, very much so. Yeah. So. All right, I'll take the action to reach out to them and tie off on this. Thank you. See where it goes right. Yeah, thank you. Thanks Matt. Next one is Cuba healthy Richie. I dropped the bonus. Okay. No, I added the goals. Yeah, okay. Okay. Let's take a look at this one. This is our healthy primary maintainer low volume of issues and code reviews. It is growing. Having trouble growing the adopters list. There's lots of pull requests. They're ramping up in stars and frequencies. This is like Google search unique visitors. So we're going to make sense to increase the number of maintainers. Yes. Let's please do that. Yes. You should, you should not be the bottleneck here. Give the keys to somebody else. Milestones are out of date. To be good to bring it back. How see and see if can help. Okay. Paid Docker hub account. Yes, we can do that. And there is already something where Docker hub. You know, you can talk to Docker hub and say that this is a CNC project and they'll, they'll remove the rate limits on on the project. So, yes, if you need more people, then you need to move to totally take care of that. That's fine. That's a service test ticket. The second piece in here where like the improved logo yes. However, this is still a sandbox project and we still do not provide marketing for sandbox projects. So I'm thinking that the, the item of funding funding like swag and all of that is when you apply for incubation, then, then yes, yes. We're passing for incubation. Okay. So, yes, we agree that it is not ready for incubation yet. Yes. Perfect. Please do all the things that you can do to increase the footprint of the number of maintainers and, you know, increase the momentum I think there is, you know, a bunch of things happening people want to use it so go for it and ask us on hash to see if you need anything more. Richie any other thoughts while going through this. Okay, sounds good. Any other TSE members. Okay, let's go to the next one. Schooner, Erin. Can you guys hear me through my mask. Yes. Not really. Okay, I'm at OSS. So, Schooner. I think we need to update that on our side so the dev metrics show up correctly, but they're going through a transformation of rebranding, even the repos and everything else. Right now they have seven maintainers that I counted, but they're all from indeed not that that's, you know, a limitation certainly in sandbox but as we move to graduation we'd like to see a little more diversity in terms of the numbers across companies. I don't see a documented governance process today. Within there, they may have it, it might be called something else but when I went through the project and get I couldn't find that. One of their requests to the TOC was recruiting more contributors. I don't really see a process by which they can get engaged either through Slack or have meetups I just didn't see kind of any sort of community opportunities there so you know be happy to help advise and ways they could grow it through that that that was one thing that I saw that they need to help on. They also needed help for external demos. I don't know that we do that, Amy. I haven't had that request before. We can see. Okay. Right. And then, again, they asked for marketing. Again, we don't do that for sandbox so I will, you know, add that into my comments to the PR just to indicate that's at sandbox level that's not really appropriate. And then they also wanted help visibility of who might be using the project. So, I couldn't really find any user stats or pull requests or anything to indicate like it has an active cadence additionally I couldn't find a roadmap or, you know, proposed features that are happening so that's the status of Schooner. So it looks like they have a bunch of things to take care of. And I'm hoping that they can turn it around by the next annual review. Any other observations from other key members. Okay, the next one, which is trickster. Yep. So trickster does have a well established governance, licensing all those things that we would expect would be, you know, well documented. They only have three maintainers but they have several new contributors and the project seems to be on a healthy cadence and growing very quickly. They have a roadmap, and they have I think 10 features planned for their next release. Right now they're not looking to move to incubation they're, they're fine staying with sandbox. So I think we just revisit them later on in the years we look to incubation it looks like a project that I don't today have a lot of concerns around. I haven't asked for anything in particular from the CNCF from the TOC. They're just looking to continue to grow the team, get more contributors and apply for incubation sometime later I think they're going GA with their project. I think it was next year in 2023, the roadmap goes into there so maybe at that point in the spring we can review again and see where things are. Sounds good to me. Thanks, Erin. You're welcome. Any other TOC members. Any questions for Erin. Support this is actually quite. We can hear you here so. I think that was intentional. I think that was intentional. I couldn't hear what he said. Yeah. I just wanted to support the trickster is actually quite healthy. Okay. Yeah. I'm glad that you said that because it seemed to be so very awesome. Sounds good. So we are done with all the annual reviews for today. We do have let's take stock of who's working on what from the TOC side for the different movements of the projects between levels. I see three are in voting. So, Amy, those three, they're kind of done right there. They're kind of working on being able to like make sure that like the press releases and all of that so nothing really currently outstanding as far as the voting groups. If we've still got Ricardo on the line. I know that there was a availability for cloud custodian to move into public comment. I'm still here. Yeah, cool. Okay, come on in. I think the other summary for custodian. I think it's pretty much ready for public comment. So, unless there are some last things, I would probably open it tomorrow. Yes, give me today and I will. Thanks. And then the other bit for search manager, I have to end user interviews set. So there should be some progress as well in the next couple of days. Okay, sounds good. Dave, Dave is next up I think is to in both artifact time. If we took that Dave. Sorry, yeah, I still got Dave. Come on in. Yes. Yeah, I guess I kind of want to check with Matt. I feel like we haven't done much of anything here in a while, and I'm not sure if we're still even trying to get artifact time to keep moving through the levels. We, yeah, what had happened was we talked about we needed to define who and adopter was and what that means. And I, I know on our side we've been a little delinquent I should say in the TOC side we've been a little delinquent in documenting that I think a few of us said we'll go off and do it we haven't done it yet. And then on the artifact hub side, they have started up picking up trying to document in the traditional sense who the adopters are to see what that is because there's the criteria for three adopters. And so we, we need to tackle that from both directions so I think that's still sitting there waiting for us to take some action. Okay, that makes sense I think it might be good if we didn't delay artifact hub on the TOC's like inability to define this. And then just figure out with artifact hub like who the who the adopters are and then maybe within the TOC just decide if that I don't know qualifies or not or feed that into our making the definition. Okay, we'll do. Feel free to yell at me that I'm wrong dims or. No, that's fine. Let's ask them who they think that end users are and adopt any amendments on our side to include that. That sounds like a good idea. So it'll unblock them at least right from the current more as they are in. Yeah, yeah, that was exactly why I was suggesting it. So that sounds good. At least I don't remember covering Istio but I would happily cover Istio quickly now and then if I end up disappearing for a bit that is completely fine we are nearly wrapped go ahead. Okay, cool. So Istio is moving along. I think the DD doc is pretty good and Craig and I have gone back and forth a bit on some little things but I think that a big job with it. The next step with Istio is just figuring out end users to interview and they sent me a few and I'm kind of looking around at their general list of end users to decide if I'm going to stick with one of the what some of the water. A few of the ones they suggested or pick other ones, and then I have to figure out like between my summer plans and when they have time to figure out when to actually do that. But I think right now the biggest blocker is really just me finding more time to interview people and figuring out when to do it. Thanks for doing this Dave. I wish you more bandwidth there. Take your vacation and do this Dave. I wish you more bandwidth there. That is my wish for you. I think the last one I'm not sure if you've still got Erin on the line for key cloak. Yep, I'm here. I reached out to the key cloak team. There was some, I think confusion whether or not I was the sponsor now that we've cleared that up I think we're going to be full steam ahead. But I need to just see where we are with the project and look back I know they're still interested in incubation they've been at this a while so you know I definitely want to put my focus on it and make sure they get the attention they deserve. And I think, like we stopped to finish the due diligence. Alright we've got the last bits down here. I know, I know where we know where our go is but leave there's anything like the update in there. I think we can move on. And spiffy spire. I have the last end user interview this week. Once that's done, I'll get that typed up and then I will open it up and for internal discussion. Excellent. I'm skipping g rpc because we do not have a session online. Sounds good. Okay, project ratings for sponsors. Oh, we've got some time go ahead. So we have 17 minutes so we have open EBS open yard, shimsy and open cruise for often that are available for some some folks to pick up. I might go ahead and pick up open year, I think. Let me do a little bit of a research there. The use cases seems important. So I'll pick that up. Anybody interested in any of the other things. Let's talk. Or if anybody wants to volunteer right now. That's an option to. I can pick up the open cruise and also I can help open yard if you know they have some Chinese and the users, and I can actually help to interview those and the user. So, perfect. So let me do my research and then we can pair up. And I can take open EBS. Richie. Okay. Open EBS. Okay. Yeah, so I'm not going to formalize right now. You know, let me give you the date to think about it and tomorrow I will add the names in those. Is that okay. Sounds great. Cool. Glad to be able to see this one move forward. So, we do have a few community folks here. In case they wanted to talk about anything. Anita Malini. Ricardo Raveena. Welcome to our little neck of the woods. Thank you. Hey, I just was curious, is there any action and Kubernetes for intent based scheduling, especially security intense. So, this crew won't know. Okay, so the better, you know, place to ask this question is sick sick. Sorry, sick or sick security channels on Kubernetes Slack. And worst case, we drop in on one of the meetings and ask them that way. Okay, thank you dims. Unless Emily has some idea. Nope, I would recommend sick off and sick security as well for those discussions. Thank you, Emily. Okay, anybody else. I just wanted to throw it out there. Just in case you need any just reminder case you need any help with the tax for free to reach out. Happy to help. Awesome. Yeah, I think thank you Ricardo. Yeah, thanks Ricardo. Okay. Thanks a lot everybody, and I give you back 14 minutes of your day. Bye everyone. Thank you. Take care.