Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposing Keptn to become an Incubation project

Merged
merged 30 commits into from Jul 13, 2022
Merged

Conversation

jetzlstorfer
Copy link
Contributor

@jetzlstorfer jetzlstorfer commented Jun 15, 2021

This is a proposal to consider Keptn as a CNCF Incubation project.

Since joining the CNCF Sandbox, Keptn has made substantial progress in various dimensions, including user adoption, feature set, ecosystem growth, and community growth, as described in detail in the proposal document.

If anything is missing, please let me know and I'm happy to provide more details!

jetzlstorfer and others added 29 commits Jun 8, 2021
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: Johannes <johannes.braeuer@dynatrace.com>
Signed-off-by: Johannes <johannes.braeuer@dynatrace.com>
Signed-off-by: Johannes <johannes.braeuer@dynatrace.com>
Update of feature set, roadmap, and fixed typos
Signed-off-by: Johannes <johannes.braeuer@dynatrace.com>
Added an additional block to the roadmap
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: Johannes <johannes.braeuer@dynatrace.com>
Signed-off-by: Johannes <johannes.braeuer@dynatrace.com>
Added a paragraph about Keptn CloudEvents
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
@amye amye added this to Needs TAG Review & Recommendation in Incubation Projects Backlog Jun 15, 2021
Signed-off-by: jetzlstorfer <juergen.etzlstorfer@dynatrace.com>
@amye amye moved this from Needs TAG Review & Recommendation to In Public Comment Period in Incubation Projects Backlog Jul 1, 2021
@amye amye moved this from In Public Comment Period to Needs TAG Review & Recommendation in Incubation Projects Backlog Jul 1, 2021
Copy link

@Jenniferstrej Jenniferstrej left a comment

Could you provide a link to a resource that fulfills the following requirement of the Incubating Stage - "Clearly documented security processes explaining how to report security issues to the project, and describing how the project provides updated releases or patches to resolve security vulnerabilities". Thanks!


### Have a healthy number of committers

Keptn currently has contributions from [more than 15 different organizations](https://keptn.devstats.cncf.io/d/5/companies-table?orgId=1&var-period_name=Last%20decade&var-metric=commits) and a [total of 50+ individual contributors](https://github.com/keptn/keptn/graphs/contributors) to the core project.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Were these contributions in the form of commits on Github? I have looked at the closed PRs (currently at 2,794) and over 2000 are from one organization (Dynatrace) + Robots. Could you give me a few examples of collaborations within different orgs/community?

Copy link
Contributor Author

@jetzlstorfer jetzlstorfer Aug 10, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is based on the official statistics from CNCF devstats. It is true that most contributions are affiliated with Dynatrace, however, the project has profound contributions by other companies including ERT, Garner Cop, ChaosNative/LitmusChaos, VMWare, and Kitopi as well.

I am referencing some PRs from different organizations that have been substantially contributing to the project:


### Document that it is being used successfully in production by at least three independent end users which, in the TOC’s judgement, are of adequate quality and scope

1. [Schlumberger](https://slb.com/), an oilfield services company working in more than 120 countries, has currently 4 applications evaluated with Keptn quality gates. Evaluations make use of 10-20 SLIs, one of them even 90 SLIs per quality gate evaluation. Their integration triggers Keptn quality gates via Azure DevOps automation daily. It has been [presented it in a Keptn user group](https://youtu.be/9YYjk1e9ZGE).

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re Schlumberger - According to the definition of end-user, I’m not sure Schlumberger qualifies under "but do not sell any cloud native services externally", given they are also a Software vendor: https://partners.amazonaws.com/partners/001E000000xHbWRIA0/Schlumberger https://www.slb.com/newsroom/press-release/2021/pr-2021-0629-slb-ibm-osdu

I emailed info@cncf.io and will verify with the TOC if that's the case.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I verified and this submission has at least three other companies that I would qualify as end users, so the project is still fulfilling this requirement.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified that Schlumberger here qualifies as an end user. 👍

Copy link
Contributor

@amye amye Aug 9, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've responded but just to follow up here, the definition of end-user is only applied for CNCF members.
Here, what's needed is adopters of the project, and the video's a good example.

@jetzlstorfer
Copy link
Contributor Author

jetzlstorfer commented Aug 10, 2021

Could you provide a link to a resource that fulfills the following requirement of the Incubating Stage - "Clearly documented security processes explaining how to report security issues to the project, and describing how the project provides updated releases or patches to resolve security vulnerabilities". Thanks!

Hi @Jenniferstrej please find our security process here https://github.com/keptn/keptn/blob/master/SECURITY.md and our published vulnerability bulletins can be found here https://keptn.sh/docs/news/vulnerability_bulletins/

@jetzlstorfer
Copy link
Contributor Author

jetzlstorfer commented Aug 10, 2021

@amye amye moved this from Needs TAG Review & Recommendation to Needs TOC Review & Sponsor in Incubation Projects Backlog Aug 26, 2021
@cdavisafc
Copy link

cdavisafc commented Sep 28, 2021

I will be TOC sponsor. Will begin post Kubecon

@amye amye moved this from Needs TOC Review & Sponsor to In Due Diligence in Incubation Projects Backlog Nov 1, 2021
@oleg-nenashev
Copy link
Contributor

oleg-nenashev commented Nov 24, 2021

Hi @cdavisafc! Just to follow up on the emails I've sent, I will be coordinating this proposal on the Keptn community side. It would be great to sync-up with you and check the current status together. I see the formal incubation requirements but I'm not yet familiar with the CNCF practices

@oleg-nenashev
Copy link
Contributor

oleg-nenashev commented Jan 4, 2022

Just a few updates to address the topics brought up during the previous conversations with the TOC:

  • Adoption. Growing Keptn adoption is our priority and my main responsibility at Dynatrace. Currently we have 14 company adopters whose names we can share. We also have 64 running Keptn Instances regularly receiving updates from the public update centers, there are also airgapped instances. There are multiple other companies evaluating Keptn now.
  • Roadmap. We updated the Keptn Roadmap to include initiatives beyond project features. Now the roadmap includes user and developer community growth initiatives, as well as other items like onboarding documentation and messaging updates. We are adjusting the feedback based on feedback from the adopters, and we use Keptn user group meetings to collect feedback from users on the current state and the roadmap.
  • Ecosystem. We extend integrations with other CNCF projects, including but not limited to Helm, Prometheus, CloudEvents, OpenTelemetry, Crossplane. We introduced generic Webhook and Job Executor services to enable custom integrations created by users. We also contribute to the Continuous Delivery Foundation Events SIG that is working on the CD Events standard based on CloudEvents. All these initiatives allow to facilitate Keptn adoption and to provide seamless integration into environment following the CNCF best practices.
  • Sustainability. We prioritized Keptn long-term sustainability, and we are committed to fostering a diverse and vendor neutral community. Effective January, there will be a non-Dynatrace core maintainer in the project. We are also working on onboarding more contributors from other companies. We adjust community processes to enable other companies and vendors to participate. Hopefully, we will have another Keptn vendor joining the community by Kubecon.
  • Security. Keptn’s 3rd party security audit by the CNCF partner is scheduled to February. I am also working on making available results of the internal audit and aligning the security processes with the standards defined in the Core Infrastructure Initiative requirements. We also work on strengthening the projects security, including the ongoing work on RBAC support in the project. See KEP-60: KEP 60 - Role-based Access Control (RBAC) keptn/enhancement-proposals#60

@abdennour
Copy link

abdennour commented Mar 3, 2022

Appreciated guys! Thanks for the open source SRE tool

@amye amye moved this from In Due Diligence to In Public Comment Period in Incubation Projects Backlog Apr 20, 2022
@amye amye moved this from In Public Comment Period to In TOC Vote in Incubation Projects Backlog Jun 2, 2022
@amye amye merged commit e213efc into cncf:main Jul 13, 2022
@amye amye moved this from In TOC Vote to Done in Incubation Projects Backlog Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

None yet

7 participants