1 of 23

CNCF TOC Meeting

November 5, 2019

1

2 of 23

LF Antitrust Policy Notice

CNCF meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at CNCF meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

2

3 of 23

Meeting Logistics

Meeting Minutes / Planning Doc
Time: November 5, 2019 8AM (PT)
https://zoom.us/j/967220397
Or Telephone:

Dial:

+1 646 558 8656 (US Toll) or +1 408 638 0968 (US Toll)
+1 855 880 1246 (US Toll Free) or +1 877 369 0926 (US Toll Free)

Meeting ID: 967 220 397
International numbers: https://zoom.us/zoomconference

3

4 of 23

TOC - Members Present Today

Alexis Richardson <alexis@weave.works>
Brendan Burns <bburns@microsoft.com>
Brian Grant <briangrant@google.com>
Jeff Brewer <Jeff_Brewer@intuit.com>
Joe Beda <jbeda@vmware.com>
Liz Rice <liz@lizrice.com> [CHAIR]
Matt Klein <mklein@lyft.com>
Michelle Noorali <michelle.noorali@microsoft.com>
Xiang Li <x.li@alibaba-inc.com> [REGRETS]

Note: TOC meetings require a quorum of two-thirds of the TOC total members to take a vote or make any decision. If a TOC meeting fails to meet the quorum requirement, discussions may proceed, however there shall be no voting or decisions.

4

5 of 23

Agenda

Standard Agenda

Welcome
KubeCon + CloudNativeCon Reminders!
SIG Updates:

SIG-App Delivery
SIG-Storage
SIG-Runtime
SIG-Network

Harbor Graduation Review
Open Q&A

5

6 of 23

KubeCon + CloudNativeCon Reminders!

We are expecting 11,000+ attendees
Reminder to register for any additional colo events like EnvoyCon, Contributor Summit etc
PLEASE express interest on sched for talks you want to attend, helps with planning room sizes

6

7 of 23

SIG Updates - SIG-App Delivery

Presented projects:

Litmus: K8S Chaos Engineering project
Keptn: A message-driven control plane for application delivery

Proposed for CNCF sandbox project

Previously presented:

Argo family:

Proposed for CNCF Incubation

Operator Framework: for distributed systems authors to build and run Operators

Deliverables:

The Model of Application Delivery: a model to evaluate proposed projects in a unified manner

An example of using this model to evaluate Argo project.

Building Block for future landscape work

Welcome to KubeCon NA 2019 Session of SIG App Delivery

7

8 of 23

SIG Updates: SIG-Storage

Project review pending feedback: DragonFly (sandbox to incubation)

Content:

Database update to storage landscape whitepaper
Use case library with storage options
Performance and Benchmarking whitepaper - concepts, common pitfalls, tools for testing volumes and databases

(content items have delivery milestones for Kubecon)

Process reviews:

Document process for formalising the review of sandbox projects

8

9 of 23

SIG Updates: SIG Runtime

Formerly known as “Core and Applied Architectures”
Proposed mission: To enable widespread and successful execution of the full spectrum of workload types
Proposed scope: Workload execution and management systems, components and interfaces used in modern cloud-native environments, including:

generalized orchestration, autoscaling, scheduling, execution, container runtimes, sandboxing, virtualization, image packaging and distribution and
specialized architectures thereof, e.g.

those aimed specifically at Edge, IoT, Batch, Big Data, AI/ML, etc
those incorporating specialized computing elements beyond CPUs, including GPUs, TPUs, FPGAs, ASICs, etc

Proposed charter: bit.ly/cncf-sig-runtime-charter
Proposed existing projects to include: Kubernetes, Containerd, Harbor, Dragonfly, Virtual Kubelet, CRI-O, KubeEdge, KubeVirt
Example area for a new project: batch workload execution
Seeking co-chairs and participants

9

10 of 23

SIG Updates: SIG-Network

Formation

Charter reviewed. Comments addressed.
Init sig-network repo with PR pending.
Will seek formal vote this week.

Pending vote, first official meeting this Thursday, Nov. 7th.

Meet 1st and 3rd Thursday of every month at 11am Pacific.
Zoom - https://zoom.us/my/cncfsignetwork.

Intro and deep-dive at KubeCon

Tuesday, November 19 • 3:20pm - 3:55pm

10

11 of 23

New SIGS!

From October 1st meeting: SIG-Serverless

11

12 of 23

Harbor Graduation Review

Michael Michael

TOC Sponsor: Joe Beda

Technical Due Diligence: Xiang Li

12

13 of 23

Harbor - goharbor.io

Open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted

Security & Compliance
Performance
Interoperability
Consistent image management for Kubernetes

Mission - To be the most secure, performant, scalable, and available cloud native repository for Kubernetes

13

14 of 23

Why run your own registry?

Security & Compliance

Comprehensive Policy
Registry and Data ownership
Identity Federation with built-in Multitenancy

Infrastructure

Deploy on any infrastructure (private, public, hosted, edge)
Data locality
Kubernetes and Docker compliant

Scale & Control

Control access to artifacts
Replicate resources based on business needs

Automation & Extensibility

Plug-n-Play with existing investments in infrastructure and services

Replicate Harbor artifacts to Harbor, Docker Registry, Docker Hub, Huawei Cloud, AWS, Azure, GCP, Alibaba Cloud

Vulnerability Scanning
CVE Exceptions
Image Signing
Quotas
Retention
OIDC/LDAP Integration w/ RBAC & CLI secrets
Project Isolation

Syslog integration
Webhooks
REST API
Robot Accounts

14

15 of 23

Architecture

15

16 of 23

Harbor Project Overview

Started in June 2014 at VMware
Donated to CNCF in July 2018
Incubating at CNCF since November 2018

20+

Product Implementations

115+

Contributing Organizations

300+

Community Members

16

17 of 23

Harbor Community

9.7k

GitHub Stars

170+ Contributors

14 Maintainers

700+

Slack members

12k

Slack messages

1230

Twitter followers

4 releases since CNCF donation

2.8k

Forks

60k

Downloads (Nov’19-Feb’20)

8398

Commits

6 Blogs

3 Webinars

4666

PRs

95

Contributing

Companies

71k

GitHub

Views

13k GitHub

Unique Visitors

Contributing Companies and Developers

17

18 of 23

Extensibility - Pluggable scanners in Harbor

Use your preferred scanner

Per-project configuration

Scanner API

Harbor core

Scanner adapters

Image registry

Async scan jobs

Other scanners...

engine & enterprise

Pull layers for scanning

Harbor API

Scan data store

Scan store

Scanner registry

Scan controller

Launch scanning

Scanner config

Start scan

18

19 of 23

Roadmap

Webhooks++

Signing Policy

Replication

Proxy Cache

Perf & Scale

Metadata

Management

Interrogation Service

Kubernetes

Operator

Image

Distribution

Extensibility

P2P Distribution

Cloud Native Artifact Management

Management

Observability

OCI conformance

19

20 of 23

Customer Profile - Hyland Software, a leader in content services platforms

2400

21 of 23

Customer Profile - vPay, a leading payment solutions provider

Harbor In Production

21

22 of 23

Harbor - Graduation Criteria

CNCF TOC PR: https://github.com/cncf/toc/pull/311
Project Stats: https://harbor.devstats.cncf.io �
Used successfully in production by at least three independent end users of sufficient scale and quality.

25+ listed in the ADOPTERS file
Customer testimonials from JD.com, China Mobile, 360 Total Security and many more
Supported by VMware as part of Enterprise PKS, Essential PKS, and VIC

Have a healthy number of committers.

14 maintainers with a healthy distribution of technical ownership (across 6 entities)
104 contributors, 346 authors of pull requests, 171 committers

Demonstrate a substantial ongoing flow of commits and merged contributions

New releases approximately once every 3 months
Over 1780 PRs merged in the last year

22

23 of 23

Questions?

23