[Incubation] kubegateway Incubation Application

[ilevine]

K8sGateway Incubation Application

v1.6
This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.

Project Repo(s): https://github.com/k8sgateway/k8sgateway, https://github.com/k8sgateway/community

Project Site: https://k8sgateway.io

Sub-Projects: NA

Communication: https://cloud-native.slack.com/archives/C080D3PJMS4

Project points of contacts: Idit Levine, Lin Sun, Yuval Kohavi

• (Post Incubation only) Book a meeting with CNCF staff to understand project benefits and event resources.

Incubation Criteria Summary for K8sGateway

Application Level Assertion

• This project is currently Sandbox, accepted on YYYYMMDD, and applying to Incubation.
• This project is applying to join the CNCF at the Incubation level.

Adoption Assertion

The project has been adopted by the following organizations in a testing and integration or production capacity:

• https://k8sgateway.io/#users

Application Process Principles

Suggested

N/A

Required

• Engage with the domain specific TAG(s) to increase awareness through a presentation or completing a General Technical Review.
  • This was completed and occurred on DD-MMM-YYYY, and can be discovered at $LINK.

• TAG provides insight/recommendation of the project in the context of the landscape

• All project metadata and resources are vendor-neutral.

• Review and acknowledgement of expectations for Sandbox projects and requirements for moving forward through the CNCF Maturity levels.
• Met during Project's application on DD-MMM-YYYY.

• Due Diligence Review.

Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisfies the Due Diligence Review criteria.

• Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.

Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

• Clear and discoverable project governance documentation.

• Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.

• Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.

• Governance clearly documents vendor-neutrality of project direction.

• Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.

• Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).

• Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).

• Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.

• If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.

Required

• Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.

• Code and Doc ownership in Github and elsewhere matches documented governance roles.

• Document agreement that project will adopt CNCF Code of Conduct.

  • https://github.com/k8sgateway/community/blob/main/CODE-OF-CONDUCT.md

• CNCF Code of Conduct is cross-linked from other governance documents.

Contributors and Community

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

• Contributor ladder with multiple roles for contributors.

Required

• Clearly defined and discoverable process to submit issues or changes.

  • https://github.com/k8sgateway/community/blob/main/CONTRIBUTING.md

• Project must have, and document, at least one public communications channel for users and/or contributors.

  • https://github.com/k8sgateway/community?tab=readme-ov-file#communication-channels

• List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.

  • https://github.com/k8sgateway/community?tab=readme-ov-file#communication-channels
  • https://k8sgateway.io/docs/reference/vulnerabilities/#-where-to-report

• Up-to-date public meeting schedulers and/or integration with CNCF calendar.

  • We use a google calendar to track the community meeting schedule, https://calendar.google.com/calendar/u/1?cid=ZDI0MzgzOWExMGYwMzAxZjVkYjQ0YTU0NmQ1MDJmODA5YTBjZDcwZGI4ZTBhZGNhMzIwYWRlZjJkOTQ4MzU5Y0Bncm91cC5jYWxlbmRhci5nb29nbGUuY29t

• Documentation of how to contribute, with increasing detail as the project matures.

  • https://github.com/k8sgateway/community/blob/main/CONTRIBUTING.md

• Demonstrate contributor activity and recruitment.

Engineering Principles

Suggested

• Roadmap change process is documented.

  • https://github.com/k8sgateway/community/blob/main/ROADMAP.md#updating-the-roadmap

• History of regular, quality releases.

  • https://github.com/k8sgateway/k8sgateway/releases

Required

• Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently. This can also be satisfied by completing a General Technical Review.

  • https://github.com/k8sgateway/k8sgateway?tab=readme-ov-file#what-makes-k8sgateway-unique

• Document what the project does, and why it does it - including viable cloud native use cases. This can also be satisfied by completing a General Technical Review.

  • https://k8sgateway.io/docs/about/overview/

• Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.

  • https://github.com/k8sgateway/community/blob/main/ROADMAP.md

• Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation. This can also be satisfied by completing a General Technical Review and capturing the output in the project's documentation.

  • https://k8sgateway.io/docs/about/architecture/ (architecture)
  • https://k8sgateway.io/docs/about/deployment-patterns/ (use cases)

• Document the project's release process.

Security

Note: this section may be augmented by a joint-assessment performed by TAG Security.

Suggested

N/A

Required

• Clearly defined and discoverable process to report security issues.

  • https://k8sgateway.io/docs/reference/vulnerabilities/

• Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)

  • k8sgateway requires 2 factor authentication for the entire

• Document assignment of security response roles and how reports are handled.

  • https://k8sgateway.io/docs/reference/vulnerabilities/

• Document Security Self-Assessment.

• Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.

Ecosystem

Suggested

N/A

Required

• Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)

  • https://k8sgateway.io/#users

• Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)

The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation.

• TOC verification of adopters.

Refer to the Adoption portion of this document.

• Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.
  • https://k8sgateway.io/docs/integrations/

Additional Information

[BenTheElder]

As an Individual on the Kubernetes Steering Committee: This name "K8sGateway" seems confusing, as a project not associated with the Kubernetes organization, and overlapping with the upstream Kubernetes Gateway project.

[justaugustus]

Another Kubernetes Steering member checking in...
+1 to the naming confusion.

I'm also curious to know if there was any work done to collaborate with the upstream Gateway API contributors?

[caniszczyk]

Hey, from a CNCF Trademark perspective, we run into this issue quite a bit when projects use a CNCF trademark term in a project, we have guidelines here that we expect everyone to follow: https://www.linuxfoundation.org/legal/trademark-usage

A simple fix here would be to call the project "kubegateway" or some variation of that of a term that isn't trademarked: https://www.linuxfoundation.org/legal/trademarks

Thanks!

[justaugustus]

A simple fix here would be to call the project "kubegateway" or some variation of that of a term that isn't trademarked: https://www.linuxfoundation.org/legal/trademarks

I would still posit that any name that bears similarity with the official Kubernetes Gateway API subproject is going to lead to confusion.

I feel this is less about trademark and more about respecting the work of the active Gateway API maintainers.

[caniszczyk]

Thanks @justaugustus - I just wanted to ensure people were aware of the legal line that happens quite a bit when projects get proposed both inside and outside of CNCF. The community line is a separate issue and I encourage both communities to talk to each other as this proposal makes it way through the open and transparency CNCF TOC project proposal process

[shaneutt]

As a Kubernetes SIG Network chair and Gateway API maintainer, I also see some potential for confusion with the name. This name might insinuate a strong affiliation with both Kubernetes and Gateway API, however this project is not from Kubernetes SIG Network. Very happy to have a conversation and hear your thoughts about the naming.

[dims]

would be good for folks proposing this to head over to SIG Network / Gateway API meeting after kubecon. You can add an item to the agenda beforehand as well.

https://github.com/kubernetes/community/blob/master/sig-network/README.md#meetings

thanks!

[robscott]

As another Gateway API maintainer, I agree the proposed name would be confusing, and also that any variation of "Kubernetes" as the only prefix here would be confusing. I'm assuming the goal is not to be a SIG-Network subproject, so I'd recommend finding a more unique name here.

[MikeZappa87]

As a Kubernetes SIG Network chair and Gateway API maintainer, I also see some potential for confusion with the name. This name might insinuate a strong affiliation with both Kubernetes and Gateway API, however this project is not from Kubernetes SIG Network. Very happy to have a conversation and hear your thoughts about the naming.

I want to second this as a sig-network chair. Giving the benefit of the doubt the name was given without any ill intent. Willing to sync up and discuss and come up with a plan. I believe kubeGateway was proposed.

[dims]

Looks like there was already a rebranding from gloo to k8sgateway just 2 days ago!
kgateway-dev/kgateway#10336

and there is still a gloo repository under solo-io's github org forked from the above repo:
https://github.com/solo-io/gloo

[mlavacca]

any variation of "Kubernetes" as the only prefix here would be confusing. I'm assuming the goal is not to be a SIG-Network subproject, so I'd recommend finding a more unique name here.

As yet another Gateway API maintainer, +1 to this. If the project doesn't aim at being a SIG-Network subproject, I'd recommend finding a peculiar name, instead of any variations implicitly implying any kind of blessing or recommendation from SIG-Network.

[ilevine]

This really wasn’t the reaction we were hoping for :-(

We put a lot of thought into choosing a descriptive name and initially settled on “kgateway,” only to discover that it was already taken. We even reached out to the owner of the repository but unfortunately didn’t have any luck.

Looking at the CNCF landscape, we noticed projects like “k8sGPT”, “K8GB”, “k8up” which led us to believe that “k8sgateway” might also be acceptable. That said, no worries at all—we’re absolutely fine with changing the name to “kubegateway,” as @caniszczyk suggested. Thank you so much for the feedback!

We’re excited to work closely with the relevant SIG Networking groups moving forward.