After an exciting Spring term, 36 interns have graduated from the latest LFX mentorship program funded by CNCF! 15 of CNCF’s Graduated, Incubating, and Sandbox projects joined this round with projects including Chaos Mesh, Kubernetes, KubeEdge and Pixie.
Additional details on the CNCF projects, mentors, and students who successfully completed the program can be found below and on GitHub.
Intern profile highlights
Cluster API Google Cloud Platform (CAPG)
The mentorship was about adding GPU support for CAPG. For Google Cloud Platform it is NVIDIA GPU that it supports as of now. So, We first started with planning our road map about what are the steps that are required for adding the GPU support. The first thing we decided to do is create a GPU driver-enabled OS image that can take advantage of the GPUs in the VM. For that, we created this PR. Here we mostly added packer config files so that it will create the OS image with NVIDIA GPU drivers.The next thing that we did was to make changes in the CAPG API so that we can declare the fields that are required to create the VMs with GPU in the GCP. After that, we added the validations and webhooks for the new API changes so that incoming requests will be validated properly. Finally, we added the unit tests and end-to-end tests so that we have fully tested software in the main branch.
Mentee: Aniruddha Basak (Blog on internship experience)
Mentor: Davanum Srinivas, Carlos Tadeu Panato Junior, Richard Case
“I never thought of doing LFX a few months back. The thing that kept me motivated and kept me contributing was the awesome community and the projects. In the beginning, to get familiar with the project, my mentors gave me the task to spin a normal Kubernetes managed cluster in the GCP using Cluster API and reading the documentation. Throughout the mentorship, all my mentors Dims, Richard, and Carlos helped me overcome all kinds of challenges to complete the task, and also they gave me the motivation and enthusiasm to push my boundaries and learn new things every day. This mentorship not only helped me to become a better developer with cloud native technologies but also helped me a better thinker in terms of solving real-world engineering problems. In two words my overall experience with LFX mentorship is fabulous and wonderful. And last but not least all of the above would be incomplete if I didn’t have my co-mentee Subhasmita.”
Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project
Mentee: Rupesh Gelal
Mentor: Ren Hongcai
“During the LFX mentorship period, I researched and read a lot of legacy code on the subject matter. Likewise, I refactored my code numerous times along with writing code. This significantly improved my programming skills.
Favorite part: – contributing to the project remotely – flexible working hours – gaining new skills (communication, creative thinking, problem-solving) – getting a chance to work independently
Challenging part: – time management – sometimes miscommunication – need to keep yourself motivated during the entire period”
Karmada dashboard is a general-purpose, web-based control panel for Karmada. I was expected to design three web pages which were FederatedResourceQuota, SearchRegistry, and MultiClusterIngress pages for the dashboard in Figma and improving them with multiple iterations based on feedbacks and then develop them as well by creating reusable UI components in ReactJS.
Mentee: Shwet Khatri (blog on internship experience)
Mentor: Hongcai Ren and Chinmay Mehta
“I had a great time with the Karmada community, with the amazing members supporting and helping me throughout the journey. It was such a great experience working remotely and collaborately worldwide to build an open-source software. I learnt a lot from them during this short period of time and will surely continue learning and contributing.The LFX Mentorship Program is truely designed to help developers — many of whom are first-time open source contributors — with necessary skills and resources to learn, experiment, and contribute effectively to open source communities.”
I worked on the KubeArmor probe utility. The purpose for this probe utility is to provide various information on KubeArmor depending on the current environment. Information such as whether KubeArmor is supported in the current environment, KubeArmor current running mode, the enforcer used by KubeArmor, the pods in the environment being handled by KubeArmor, the policies being applied to the pods etc.
Mentee: Esther Adenekan (blog on internship experience)
Mentor: Rahul Jadhav, Barun Archarya, Ankur Kothiwal
“This is my first experience with open source contribution and I must say, I had an amazing experience. When I started, I had very little understanding of the project, but the mentors were super helpful and supportive, also the documentations were superb, So with that, I was able to take off. Also, the Slack community is the most responsive one I’ve seen, they answer questions and fix bugs as soon as possible. It made the experience cool for me and I decided to continue contributing to this project.”
KubeArmor is a cloud-native runtime security enforcement system that restricts the behavior (such as process execution, file access, and networking operations) of containers and nodes (VMs) at the system level. KubeArmor leverages Linux security modules (LSMs) such as AppArmor, SELinux, or BPF-LSM. Objective of the mentorship was to make KubeArmor compatible with the Redhat Openshift Container Platform. KubeArmor needs to communicate with the machine of the cluster via container runtime running on them. KubeArmor supports container runtime such as docker, containerd, and k3s, but it doesn’t support cri-o container runtime which is there in RHEL machines. Redhat Openshift Container Platform runs on RHEL machines and to communicate with machines we need to support cri-o.
Mentee: Vikas Verma
Mentor: Rahul Jadhav, Barun Acharya, Ankur Kothiwal
“Mentorship experience was fantastic. I got the chance to work with mentors on open source project whose primary focus is on security. I started mentorship just after clearing CKS, so I got a chance to explore more kubernetes in terms of security. I got a chance to learn Golang, the Openshift platform, RHEL OS, container runtimes, and LSMs. Mentors were great, very patient and supportive, had great brain storming sessions with them. These past 3 months were amazing.”
Pod Security admission (PSa) is a built-in solution that applies different isolation levels of Pod Security Standards for Pods. With the release of Kubernetes v1.25 (08/2022), one major change is the removal of PodSecurityPolicy and the graduation of Pod Security Admission to stable.
Once PSa is enabled for namespaces, a configured level of Privileged, Baseline, or Restricted applies to all pods and workloads within the namespace. The level is configured as a label on the namespace. There is no option to select specific pods or control, for granular policies.
My task was to create a new Kyverno rule that can be integrated with PSa, and extend its ability by providing fine grained checks and other functions.
Mentee: Hyok Il KIM (blog on internship experience)
Mentor: Shuting ZHAO
“It was an insightful and challenging experience to work on this project. Big thanks again to all Kyverno maintainers for their help and warm support. I consider this mentorship program as the starting point of my open source journey and will definitely continue to contribute Kyverno and other projects.”
OpenELB is an open-source load balancer implementation designed for exposing the LoadBalancer type of Kubernetes services in bare metal, edge, and virtualization environments. This project aims to support for BGP policy in OpenELB by leveraging the GoBGP policy feature for controlling the route advertisement. This feature might also be referred to as Route Map in other BGP implementations.
Mentee: Amal Thundiyil (blog on internship experience)
Mentor: Chauncey Jiang, Yunkang Ren, and Feynman Zhou
“It was awesome fun working on K8 controllers, CRDs, and a project which involved networking concepts. There were twists and turns along the way but somehow managed to consolidate everything and bring it to fruition. All the mentors were extremely helpful and responsive all along the way, and I truly thank them for putting in the time and effort for mentoring me to make this project happen 🚀. See you later with new PRs and new updates 😁. 再见 👋.”
Below is the full list of successful interns:
|CNCF – Crossplane: Document and add automated testing for pulling packages from private registries||Daniel Mangum, Jared Watts||Parul Sahoo|
|CNCF – Crossplane: Report breaking changes in CustomResourceDefinition schemas for Pull Requests||Jared Watts, Muvaffak Onuş||Ruhika Bulani|
|CNCF – Devfile: Add Compose file support in the spec API||Mario Loriedo||Ishan Shanware|
|CNCF – Devfile: Add some syntax sugar to speficy the components that are deployed at startup||Mario Loriedo||Rajib Mitra|
|CNCF – Karmada: Cluster Resource modeling||Ren Hongcai||Dezhi Yu|
|CNCF – Karmada: Design & Develop FederatedResourceQuota, SearchRegistry & MultiClusterIngress||Ren Hongcai, Chinmay Mehta||Shwet Khatri|
|CNCF – Karmada: Develop Override policy, Resource Binding, Work Page||Ren Hongcai, Chinmay Mehta||Jun Xiang|
|CNCF – Karmada: Develop Propagation policy, Settings, About Pages||Ren Hongcai, Chinmay Mehta||Rupesh Gelal|
|CNCF – KubeArmor: Extend kArmor to include KubeArmor configuration||Rahul Jadhav, Ankur Kothiwal, Barun Acharya||Esther Oluwatomi Adenekan|
|CNCF – KubeArmor: Support for OpenShift||Rahul Jadhav, Ankur Kothiwal, Barun Acharya||Vikas Verma|
|CNCF – Kubernetes: Add GPU support to Cluster API Provider GCP (CAPG)||Richard Case, Carlos Panato, Davanum Srinivas||Aniruddha Basak|
|CNCF – Kubernetes: Cluster API Provider GCP||Richard Case, Carlos Panato, Davanum Srinivas||Subhasmita Swain|
|CNCF – Kyverno: CLI test schema and enhancements||Chip Zoller, Vyankatesh Kudtarkar||Prateek Nandle|
|CNCF – Kyverno: Integrate Kubernetes Pod Security with Kyverno||Shuting Zhao||Hyokil Kim|
|CNCF – Kyverno: Kyverno SLSA 3||Jim Bugwadia||Zahid Ur Rehman|
|CNCF – Meshery: Cloud Native Playground||Lee Calcote, Aditya Chatterjee||Debopriya Bhattacharjee|
|CNCF – Meshery: Design Configurator||Lee Calcote, Ashish Tiwari||Aritra Sur|
|CNCF – OpenELB: Provide the OpenELB Web UI for managing EIP and IP pool||Feynman Zhou, Changjiang Li, Yunkang Ren||Anurag Pathak|
|CNCF – OpenELB: Support BGP policy in OpenELB||Feynman Zhou, Chauncey Jiang, Yunkang Ren||Amal Thundiyil|
|CNCF – Service Mesh Performance: Implementation of MeshMark||Lee Calcote, Abhishek Kumar||Gaurav Chadha|
|CNCF – Thanos: Implement Unified Endpoint Discovery||Bartlomiej Płotka, Saswata Mukherjee||Srushti Sapkale|
|CNCF – Tremor: Hygenic error handling and validation for pipelines||Heinz Gies, Matthias Wahl||Carol Geng|
|CNCF – Tremor: Pluggable logging||Darach Ennis, Ramona Łuczkiewicz||Rebecca Abli|
|CNCF – Volcano: Official Website Docs Enhancement||Lei Wu, Liang Tang||Jiaojiao Wu|
|CNCF – Volcano: Volcano scalability enhancement||Lei Wu, Liang Tang||Jiahuan Chen|
|CNCF – WasmEdge: Create a Tokio-like async runtime in WasmEdge||Michael Yuan||Heng Zhang|
|CNCF – WasmEdge: Support Durable Objects (DO) in WasmEdge||Michael Yuan||Richard Chien|