Primary aim: This template helps a project to prepare for a presentation to the SIG, and then helps the SIG share the collated information with the TOC.
Authors:
Link to TOC PR
Link to Presentation
Link to GitHub project
Does the project have a clear and well defined scope
Does the project have a clear value add to the current project ecosystem. How does it relate to other projects with overlapping capabilities.
Does the project align and actively collaborate with other CNCF projects?
Does the project require any specific versions of projects (or APIs) to interoperate? (e.g. K8s API, CSI, CNI, CRI)?
Does the project augment or benefit other CNCF projects?
What problems does the project solve?
Does the project align with the SIG CNCF reference model and which capabilities does it require/provide at each level of the reference model.
Describe the overall architecture of the project. Feel free to add diagrams.
Document that the project fulfills the requirements as documented in the CNCF graduation criteria for sandbox
Are there any anticipated issues with any of the criteria ?
Becoming a sandbox project requires adoption of the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
Note: there is a grace period after becoming a sandbox period to enable projects to adopt the policy, however, some prep is required to ensure there are no major blockers.
Has the IP policy been reviewed?
List the repos for the project and their current license
List any dependent repos (upstream/downstream) that are required to build the project (including but not limited to libraries, commercial tools, plugins)
What actions are required to be compliant with the IP policy?
- Collect a standard set of information for each project
- Provides a point in time capture of the state of the project which makes it easier to track progress at future reviews and / or promotion
- Help projects to prepare for SIG and TOC presentation
- Allow the SIG to review the project and perform due diligence for incubation
- Provide the TOC with the information required to accept sponsorship of a project and/or votes
- Identify and rectify any significant issues / blockers prior to presenting to the TOC and acceptance as a CNCF project
Does the project meet the definition of Cloud Native? The CNCF charter states:
“Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.
“These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.”
Are there any metrics around code quality? Are there good examples of code reviews? Are there enforced coding standards?
What are the performance goals and results? What performance tradeoffs have been made? What is the resource cost?
What is the CI/CD system? Are there code coverage metrics? What types of tests exist?
Is there documentation?
How is it deployed?
How is it orchestrated?
How will the project benefit from acceptance into the CNCF?
Has a security assessment by the security SIG been done? If not, what is the status/progress of the assessment?
How are committers chosen?
How are architectural and roadmap decisions made?
How many decision makers are outside the sponsoring organization.
Who are the current maintainers?
How long has the project been developed for?
Is there a commercial version of the project or a primary commercial sponsor ?
Is the project used in production? If so, please list some of the accounts.
Does the project participate in a CNCF User Group?
Is the project reasonably independent from the sponsoring vendor?
Are all communication channels and project resources hosted just for this project or with other CNCF projects/resources?
Is all code that is part of the project hosted and part of the CNCF managed orgs and repos?
Are all defaults for upstream reporting either unset or community hosted infrastructure (i.e. doesn’t point to vendor hosted SaaS control plane or analytics server for usage data)? Is all project naming independent of vendors?
Relevant Assets regarding vendor independence