Moving beyond 'boring' Kubernetes, CNCF frenzy follows Project Istio graduation

  • Project Istio from the Cloud Native Computing Foundation (CNCF) graduated in July.

  • Despite this achievement, "There’s still plenty of work to be done both below the Kubernetes level (CRI-O) and above it," CNCF's Jeffrey Sica told Silverlinings.

  • Other CNCF work includes CRI-O, which is publicly adopted by Lyft and Reddit, and Flux 2.0.

Following the long-awaited graduation of Istio, the open-source nonprofit Cloud Native Computing Foundation (CNCF) has wasted no time in pushing out additional project updates — all supporting the larger Kubernetes ecosystem. 

Headline moves include the graduation of CRI-O, the Flux project announcing general availability (GA) with the release of Flux version 2.0 and the CNCF Technical Oversight Committee (TOC) voting to accept Kubeflow as a new incubating project.

"While Kubernetes may be ‘boring’ these days, the cloud-native ecosystem as a whole is still expanding, both in maturity and in scope. There’s still plenty of work to be done both below the Kubernetes level (CRI-O) and above it," CNCF Head of Projects Jeffrey Sica told Silverlinings.

The TOC has been hard at work, as “each project journey is different,” he continued. “Some may have license exceptions that need to be worked through, others might not have well-defined governance.”

Still, Sica says the most important challenge within each project is to bring guidance and suggestions not only to meet the CNCF’s standards but to “ensure that the people behind the projects understand why. At the end of the day, Open Source is made of people, not just technology.”

CRI-O next in line at graduation

CRI-O was first created by Red Hat in 2016 and serves as an integral component to the container runtime infrastructure of Kubernetes. The project was handed over to CNCF in April of 2019, and since then the nonprofit confidently has reported strong maturation in operation and adoption. 

Lyft, Reddit, Digital Science and several others have joined as public adopters of the project. A CNCF release stated that CRI-O currently “runs on tens of thousands of clusters and has released 11 new minor versions, around 100 patch releases and has had more than 4,000 commits to the main branch.”

Red Hat Senior Software Engineer and CRI-O Maintainer Peter Hunt told Silverlinings that it will continue to evolve with future Kubernetes features. “This implicitly drives innovation by encouraging container runtime maintainers to work more closely together,” he said.  

Hunt added that the most difficult piece to securing CRI-O’s graduation was finding a third-party security audit. “We were pretty confident in the security posture of CRI-O, but there were a lot of bureaucratic hurdles to overcome finding an audit. We are incredibly appreciative of the CNCF, OSTIF, Ada Logics and Chainguard for coming together to help us with it.”

CNCF noted that the project’s roadmap will focus on improved upstream documentation, increased pod density, release process automation and more.

“One might think that most of the work has been already done. But looking at recent development efforts beginning at the Linux Kernel level up to full Kubernetes features convinces us that the container runtime itself is one of the most integral parts of a modern application delivery stack,” Hunt explained. “We're proud to be part of that development.”

Opening up Flux 2.0 to all

Next up in the frenzy was Flux 2.0. The project was originally developed and made open source in 2016 by Weaveworks — a software company specializing in container networking and Kubernetes — to address delivery challenges in Kubernetes environments. It was accepted by the CNCF in 2019.

Announcing GA through Flux 2.0 — which is fully integrated with Kubernetes Workload Identity for AWS, Azure and Google Cloud — shows the project “is now a mature, proven world-leading project at the CNCF top level,” according to Alexis Richardson, CEO of Weaveworks.

Richardson told Silverlinings that “a big below-the-waterline topic” for the project before taking it to GA was sustainability and maintainability.

"The team spent time corralling dependencies and making sure they were all in shape for a release marked GA,” Richardson explained. “When this is not the case, the software is hard to support long term so it was a critical value.”

As an example, he noted that the Flux project made enhancements to go-git, “a go-based alternative Git library implementation, and were able to remove libgit2 without compromising any significant features in Flux’s end-user experience.”

While many users were using Flux2 before its GA announcement, Richardson remarked that some won’t adopt the project without a GA release and backward compatibility guarantees. “Flux v2 provides that,” he said. 

Kubeflow now an incubation project

Meanwhile, Kubeflow was voted in as a new incubating project.

Started in 2017 by Google, Kubeflow is an open-source platform designed to help deploy, manage and scale machine learning (ML) workloads on Kubernetes. Google officially announced its application to the CNCF late last year.

Product Manager for Kubeflow Community Josh Bottum told Silverlinings that he suspected project members had “concerns about changing an established, complicated project that supports thousands of users and that adheres to a new release policy” but that ultimately “everyone associated with the project” recognized the value of growing Kubeflow with CNCF, especially as a Kubernetes-native project.

Google Software Engineer James Liu noted to Silverlinings that the project’s donation has been a “common wish” amongst Google and Kubeflow communities.

Because Kubeflow is native to the Kubernetes ecosystem, the project is already well-meshed with CNCF and ML communities, and it simplifies Kubernete's “installation, scalability, service mesh, security and workflow management,” according to a press release.

Now officially under CNCF’s wing, the project’s version 1.8 roadmap, set for release in October, will be the top focus. The “major work items include integration, testing and documentation, which are all advanced,” Bottum said, adding “The community has done [this] 15+ times.”

He explained that one of Kubeflow’s code contributors, Arrikto, stopped operations during the 1.8 release cycle, with a majority of its employees ending up at HPE and Canonical. But “we have managed through that transition," he said.

All Kubeflow working groups have been involved in weekly release team meetings and the project is on track for an August 2 feature freeze until the 1.8 release.

“Some features might slip out but the vast majority, including the most important enhancements, [such as] Kubeflow Pipeline v2.0, are feature complete now," Bottum concluded.