Since 2005, the Google Summer of Code (GSoC) program has accepted thousands of university students from around the world to spend their summer holiday writing code and learning about the open source community. This year GSoC accepted 1,276 students from 63 countries into the program to work with 201 open source organizations. Now celebrating its 15th year, the program has accepted more than 14,000 students from 109 countries who have collectively written more than 35 million lines of code for 651 open source projects.

Students who are accepted have the opportunity to work with a mentor and become part of an active open source community. CNCF is proud to be one of these communities, hosting 17 interns this summer – our largest class ever. Mentors from our community are paired with interns and work with them to help advance certain aspects of CNCF projects.

“CNCF is a big supporter of GSoC’s mission and we are excited to participate again this year with a record 17 interns showcasing a wide range of cloud native contributions. As open source continues to take over the world, this program has become an important catalyst for students to have an impact on future technologies that we all depend on.” – Chris Aniszczyk, CTO, Cloud Native Computing Foundation (CNCF)

Additional details on the CNCF projects, mentors, and students can be found below. Coding ended August 19th and we’ll report back on progress soon!  



Project: Falco engine performance analysis and optimization

Mattia Lavacca

Student: Mattia Lavacca, Politecnico di Torino (Italy)


This project aims to develop a system to trace and profile Falco Engine performance. First, it is necessary to monitor and document the existing performance constraints of Falco, then by using that information, we can potentially improve the performance by relaxing the impact of the discovered bottlenecks, performing an optimization of the Falco engine. Finally we’ll provide an analysis of the performance improvements and compare the obtained result to the initial one.


Project: Remote blob store for containerd

Yeshwanth Reddy Karnatakam

Student: Yeshwanth Reddy Karnatakam, Reva University (India)


This project aims to let containerd have remote blob store for image content (layer blobs).


Project: Support Source IP Based Query Block/Allow in CoreDNS

An Xiao

Student: An Xiao, Zhejiang University (China)


When CoreDNS serves DNS queries publicly or inside Kubernetes clusters, the source IP of the incoming DNS query is an important identity. For security considerations, only certain queries (from specific source-IP or CIDR block) should be allowed to prevent the server from being attacked. The goal of this project is to support a firewall-like source-IP based block/allow mechanism for CoreDNS. With our plugin (named as firewall) enabled, users are able to define ACLs for any DNS queries, i.e. allowing authorized queries to recurse or blocking unauthorized queries towards protected DNS zones.


Project: Implement volume snapshotting support into the external Manila provisioner

Róbert Vašek

Student: Róbert Vašek, University of Zilina (Slovakia)


OpenStack Manila manages shared file-systems across the cloud. Being able to create and access these with ease from the container world is showing to be quite useful – and that’s what csi-manila is for. One of the features that’s also in high demand when dealing with shared file-systems is taking snapshots as well as creating new shares from those snapshots from within Container Orchestrators like Kubernetes. csi-manila itself is quite a new piece of software and is missing certain features, like snapshots for an instance. This GSoC project will try to close this feature gap.


Project: Add Support for Custom Resource Definitions to the Dashboard

Elijah Oyekunle

Student: Elijah Oyekunle, Federal University of Technology Akure (Nigeria)


The Kubernetes dashboard previously supported Third Party Resources (TPR), but these were replaced in Kubernetes by Custom Resource Definitions (CRD). As a result, the original TPR support was removed in Dashboard, but CRD support has not yet been added. This proposal aims to provide a generic support for Custom Resource Definitions to the dashboard, similar to the previous TPR support.


Project: Run GPU sharing workloads with Kubernetes + Kubeflow

Jianbo Ma

Student: Jianbo Ma, Zhejiang University (China)


GPUSharing is an open source project which could share GPU by leveraging Kubernetes scheduling and Device Plugin extensibility. This project aims to integrate it with kubeflow/arena.


Project: Add Plugin Mechanism to the Dashboard

Ajat Prabha

Student: Ajat Prabha, Indian Institute of Technology, Jodhpur


This project aims to introduce a plugin mechanism to the Kubernetes Dashboard. It will deal with defining the plugin framework architecture, it’s scope, how it could enhance the Dashboard UI and make it possible to utilize third party APIs to extend its functionality.


Project: Kubernetes with hardware devices topology awareness at node level

Junjun Li

Student: Junjun Li, Zhejiang University (China)


This project aims to improve current Kubernetes topology manager to become aware of generic hardware device topology at node level.This will make it so Deep Learning training can be improved significantly due to data inter-connection between NVIDIA GPU devices on the node.

Linkerd and Envoy Proxy

Project: Multi-mesh performance benchmark tool

Shahriyar Mammadov

Student: Shahriyar Mammadov, International Technological University – ITU (USA)


Benchmarks continuously strive to improve performance standards in order to stay relevant in the market, and play an important role in better customer loyalty, SEO ranking and more. Meanwhile there are various factors affecting performance. Having a high performance proxy in front of web servers is very important and can be achieved by continuous performance measurements and improvements.

Open Policy Agent (OPA)

Project: IPTables Integration with OPEN POLICY AGENT(OPA)

Urvil Patel

Student: Urvil Patel, L.D. College of Engineering (India)


This project involves designing the layout of IPTable rules using OPA’s policy language Rego, implementing the algorithms that generate IPTables from that policy, and writing the code that populates the generated IPTables rules into Linux host.


Project: Extending Prombench and adding rule formatting for Prometheus

Hrishikesh Barman

Student: Hrishikesh Barman, Girijananda Chowdhury Institute Of Management And Technology (India)


Prombench, the benchmarking tool for Prometheus, will be extended to support even more tests, newer components, and metrics, which will help both developers and users in terms of identifying bugs and scalability tests. Another task we aim to solve is the longstanding issue of Prometheus rule formatting.


Project: GitHub integrated benchmarking tool for Prometheus TSDB

Vladimir Masarik

Student: Vladimir Masarik, Masaryk University (Czech Republic)


This project aims to make it easier to discover database performance problems. Newly introduced performance flaws are hard to notice, and the process of discovering them is cumbersome if done manually. Since Prometheus TSDB does not yet have such a feature, this project is intended to be the solution. The plan is to develop detailed performance tests and automate the process of testing using Prow, the Kubernetes based CI/CD system with GitHub integration. Moreover, for easy analysis, the results of the benchmarked pull request will be compared against the master branch test results. Fortunately, the foundation for implementing the benchmarks partially exists, and so do some benchmarking tests, which make an excellent start for the project.


Project: Optimize Prometheus queries using regex matchers for set lookups & Postings compression 

Zhiqi Wang

Student: Zhiqi Wang, Carnegie Mellon University (USA)


A common use case for regex matchers is to use them to query all series matching a set of label values, e.g. up{instance=~”foo|bar|baz”}. Grafana’s template variables feature is a big user of this pattern. Our goal is to catch and split it into three different matchers, each selecting the three cases, whichwould make the templated queries produced by Grafana much faster. Postings is a lists of numbers which are references to series that contain a given label pair, andare used as a reference table to get the requested series. This project aims to research and implement compression for these features.


Project: Continue the work on low hanging issues in Prombench

Nikita Kokitkar

Student: Nikita Kokitkar, Pune Institute of Computer Technology (India)


This project aims to help with work that needs to be done to check whether Prow can be replaced by Github actions, getting metrics without any gaps and other low hanging fruit labeled issues.


Project: Add support for the OCI runtime spec by implementing a runc stage2

Alejandro Germain

Student: Alejandro Germain, University of Hertfordshire (UK)


rkt implements the App Container Executor specification of the appc Container Specification and uses systemd unit properties to implement its features. To implement the OCI runtime spec, systemd unit properties are not suitable since they differ from what the spec defines. The aim of this project is to replace systemd unit properties by runc to implement the OCI runtime spec.


Project: Enable multiple network interfaces for Rook storage providers

Giovan Isa Musthofa

Student: Giovan Isa Musthofa, University of Indonesia


This project aims to create a new API to enable multiple network interfaces for Rook storage providers. Currently, Rook providers only choice is to use hostNetwork or not. The new API will be used to define networks resource for Rook clusters. Rook operators will be able to consume those definitions and manage them, therefore enabling more fine-grained control over storage providers network access.


Project: Proposal for Auto-tune RocksDB

Yuanli Wang

Student: Yuanli Wang, University of Minnesota (USA)


This project aims to use a machine learning method to tune database configurations automatically.