KubeCon + CloudNativeCon San Diego | November 18 – 21 | Learn more

TOC Approves CNCF SIGs and Creates Security and Storage SIGs

Earlier this year, the Technical Oversight Committee (TOC) voted to create CNCF Special Interest Groups (SIGs). CNCF SIGs are currently being bootstrapped in various focus areas and primarily led by recognized experts and supported by contributors. They report directly to the TOC and we encourage developers and end users to get involved in the formation:

Name (to be finalised) Area Current CNCF Projects
Traffic networking, service discovery, load balancing, service mesh, RPC, pubsub, etc. Envoy, Linkerd, NATS, gRPC, CoreDNS, CNI
Observability monitoring, logging, tracing, profiling, etc. Prometheus, OpenTracing, Fluentd, Jaeger, Cortex, OpenMetrics,
Governance authentication, authorization, auditing, policy enforcement, compliance, GDPR, cost management, etc SPIFFE, SPIRE, Open Policy Agent, Notary, TUF,  Falco,
App Delivery PaaS, Serverless, Operators,… CI/CD,  Conformance, Chaos Eng, Scalability and Reliability measurement etc. Helm, CloudEvents, Telepresence, Buildpacks, (CNCF CI)
Core and Applied Architectures orchestration, scheduling, container runtimes, sandboxing technologies, packaging and distribution, specialized architectures thereof (e.g. Edge, IoT, Big Data, AI/ML, etc). Kubernetes, containerd, rkt, Harbor, Dragonfly, Virtual Kubelet

The TOC and CNCF Staff will start drafting an initial set of charters for the above SIGs, and solicit suitable chairs. Visit the CNCF SIG page for more information.

Security SIG

Approved by the TOC earlier this month, the Security SIG’s mission is to reduce risk that cloud native applications expose end user data or allow other unauthorized access.

While there are many open source security projects, security has generally received less attention than other areas of the cloud native landscape. The visibility of these projects’ internals has been limited, and their integration into cloud native tooling as well. There is also a lack of security experts focused on the ecosystem. All of this has contributed to an uncertainty on how to securely set up and operate cloud native architectures.

It is essential to design common architectural patterns to improve overall security in cloud native systems.

The TOC has defined three objectives for this SIG. This will complete what is currently being done by CNCF’s security-related projects:

  • Protection of heterogeneous, distributed and fast changing systems, while providing needed access
  • Common understanding and common tooling to help developers meet security requirements
  • Common tooling for audit and reasoning about system properties.

Security must be addressed at all levels of the stack and across the entire ecosystem. As a result, the Security SIG is looking for participation and membership from a diverse range of roles, industries, companies and organizations. See the Security SIG Charter for more information.

TOC Liaisons: Liz Rice and Joe Beda

Co-Chairs: Sarah Allen, Dan Shaw, Jeyappragash JJ

Storage SIG

The Storage SIG was approved in late May, and aims to enable widespread and successful storage of persistent state in cloud native environments. The group focuses on storage systems and approaches suitable for and commonly used in modern cloud native environments, including:

  • Storage systems that differ significantly from systems and approaches previously commonly used in traditional enterprise data center environments,
  • Those that are not already adequately covered by other groups within the CNCF
  • Block stores, file systems, object stores, databases, key-value stores, and related caching mechanisms.

The Storage SIG strives to understand the fundamental characteristics of different storage approaches with respect to availability, scalability, performance, durability, consistency, ease-of-use, cost and operational complexity. The goal then is to clarify suitability for various cloud native use cases.  

If you are interested in participating in the Storage SIG, check out the Charter for more information.

TOC Liaisons: Xiang Li

Co-Chairs: Alex Chircop, Quinton Hoole


TOC 批准 CNCF SIG 并创建安全和存储 SIG

今年早些时候,技术监督委员会 (TOC) 投票决定创建 CNCF 特别兴趣小组 (SIG)。CNCF SIG 目前正在各个重点领域稳步发展,主要由知名专家领导,并得到了贡献者的广泛支持。他们直接向 TOC 报告,我们鼓励开发人员和最终用户积极参与小组组建:

Name (to be finalised) Area Current CNCF Projects
名称(待敲定) 区域 当前 CNCF 项目
Traffic networking, service discovery, load balancing, service mesh, RPC, pubsub, etc. Envoy, Linkerd, NATS, gRPC, CoreDNS, CNI
流量 网络、服务发现、负载均衡、服务网格、RPC、pubsub 等 Envoy、Linkerd、NATS、gRPC、CoreDNS、CNI
Observability monitoring, logging, tracing, profiling, etc. Prometheus, OpenTracing, Fluentd, Jaeger, Cortex, OpenMetrics,
可观察性 监控、记录、跟踪、分析等 Prometheus、OpenTracing、Fluentd、Jaeger、Cortex、OpenMetrics
Governance authentication, authorization, auditing, policy enforcement, compliance, GDPR, cost management, etc SPIFFE, SPIRE, Open Policy Agent, Notary, TUF,  Falco,
治理 认证、授权、审计、策略执行、合规、GDPR、成本管理等 SPIFFE、SPIRE、开放策略代理、Notary、TUF、Falco
App Delivery PaaS, Serverless, Operators,… CI/CD,  Conformance, Chaos Eng, Scalability and Reliability measurement etc. Helm, CloudEvents, Telepresence, Buildpacks, (CNCF CI)
应用交付 PaaS、无服务器、运营商……CI/CD、合规、混沌引擎、可扩展性和可靠性衡量等 Helm、CloudEvents、Telepresence、Buildpack、(CNCF CI)
Core and Applied Architectures orchestration, scheduling, container runtimes, sandboxing technologies, packaging and distribution, specialized architectures thereof (e.g. Edge, IoT, Big Data, AI/ML, etc). Kubernetes, containerd, rkt, Harbor, Dragonfly, Virtual Kubelet
核心和应用架构 编排、调度、容器运行时、沙盒技术、封装和分发、专业架构(例如 Edge、物联网、大数据,人工智能/机器学习 等)。 Kubernetes、containerd、rkt、Harbour、Dragonfly、Virtual Kubelet

TOC 和 CNCF 员工将开始为上述 SIG 起草一套初步章程,并招募合适的主席。如需了解更多信息,请访问 CNCF SIG 页面。

安全 SIG

本月初,安全 SIG 通过了 TOC 审批。其使命是降低云原生应用 泄露最终用户数据或允许其他未授权访问的风险。

尽管有许多开源安全项目,但安全重视程度通常低于云原生环境的其他领域。这些项目内部结构的可视性受到限制,并集成至云原生工具中。此外,它们还缺少专注于生态系统的安全专家。上述所有因素均造成了如何安全设置并运行云原生架构的不确定性。

设计通用架构模式来提高云原生系统的整体安全性至关重要。

TOC 为此 SIG 设定了以下三个目标。这将完成 CNCF 安全相关项目目前正在进行的工作:

  • 保护异构、分布式、快速变化的系统,同时提供所需访问权限
  • 达成共识,并确定通用工具,以帮助开发人员满足安全要求
  • 确定用于审计和推理系统属性的通用工具。

必须在所有堆栈层级及整个生态系统中解决安全问题。因此,安全 SIG 正在寻求不同角色、行业、公司和组织成员的积极参与。更多信息,请参阅安全 SIG 章程

TOC 联络人:Liz RiceJoe Beda

联合主席:Sarah AllenDan ShawJeyappragash JJ

存储 SIG

存储 SIG 于 5 月底获批,致力于在云原生环境中广泛、成功地实现持久状态存储。该小组专注于适合并常用于现代云原生环境的存储系统和方法,包括:

  • 与以前常用于传统企业数据中心环境的系统和方法显著不同的存储系统
  • CNCF 内其他小组尚未充分涉及的系统和方法
  • 数据块存储、文件系统、对象存储、数据库、键值存储及相关缓存机制。

存储 SIG 致力于了解不同存储方法在可用性、可扩展性、性能、耐用性、一致性、易用性、成本和运营复杂性方面的基本特征。其目标是阐明各种云原生用例的适用性。  

如果您有兴趣参加存储 SIG,请查看章程了解更多信息。

TOC 联络人:Xiang Li

联合主席:Alex ChircopQuinton Hoole