After an exciting Spring term, 36 interns have graduated from the latest LFX mentorship program funded by CNCF! 15 of CNCF’s Graduated, Incubating, and Sandbox projects joined this round with projects including Chaos Mesh, Kubernetes, KubeEdge and Pixie. 

Additional details on the CNCF projects, mentors, and students who successfully completed the program can be found below and on GitHub

Intern profile highlights

Cluster API Google Cloud Platform (CAPG)

The mentorship was about adding GPU support for CAPG. For Google Cloud Platform it is NVIDIA GPU that it supports as of now. So, We first started with planning our road map about what are the steps that are required for adding the GPU support. The first thing we decided to do is create a GPU driver-enabled OS image that can take advantage of the GPUs in the VM. For that, we created this PR. Here we mostly added packer config files so that it will create the OS image with NVIDIA GPU drivers.The next thing that we did was to make changes in the CAPG API so that we can declare the fields that are required to create the VMs with GPU in the GCP. After that, we added the validations and webhooks for the new API changes so that incoming requests will be validated properly. Finally, we added the unit tests and end-to-end tests so that we have fully tested software in the main branch. 

Mentee: Aniruddha Basak (Blog on internship experience)

Mentor:  Davanum Srinivas, Carlos Tadeu Panato Junior, Richard Case 

“I never thought of doing LFX a few months back. The thing that kept me motivated and kept me contributing was the awesome community and the projects. In the beginning, to get familiar with the project, my mentors gave me the task to spin a normal Kubernetes managed cluster in the GCP using Cluster API and reading the documentation. Throughout the mentorship, all my mentors Dims, Richard, and Carlos helped me overcome all kinds of challenges to complete the task, and also they gave me the motivation and enthusiasm to push my boundaries and learn new things every day. This mentorship not only helped me to become a better developer with cloud native technologies but also helped me a better thinker in terms of solving real-world engineering problems. In two words my overall experience with LFX mentorship is fabulous and wonderful. And last but not least all of the above would be incomplete if I didn’t have my co-mentee Subhasmita.”

Karmada

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project

Mentee: Rupesh Gelal

Mentor: Ren Hongcai

“During the LFX mentorship period, I researched and read a lot of legacy code on the subject matter. Likewise, I refactored my code numerous times along with writing code. This significantly improved my programming skills.

Favorite part: – contributing to the project remotely – flexible working hours – gaining new skills (communication, creative thinking, problem-solving) – getting a chance to work independently

Challenging part: – time management – sometimes miscommunication – need to keep yourself motivated during the entire period”

Karmada

Karmada dashboard is a general-purpose, web-based control panel for Karmada. I was expected to design three web pages which were FederatedResourceQuota, SearchRegistry, and MultiClusterIngress pages for the dashboard in Figma and improving them with multiple iterations based on feedbacks and then develop them as well by creating reusable UI components in ReactJS. 

Mentee: Shwet Khatri (blog on internship experience)

Mentor: Hongcai Ren and Chinmay Mehta

“I had a great time with the Karmada community, with the amazing members supporting and helping me throughout the journey. It was such a great experience working remotely and collaborately worldwide to build an open-source software. I learnt a lot from them during this short period of time and will surely continue learning and contributing.The LFX Mentorship Program is truely designed to help developers — many of whom are first-time open source contributors — with necessary skills and resources to learn, experiment, and contribute effectively to open source communities.”

KubeArmor

I worked on the KubeArmor probe utility. The purpose for this probe utility is to provide various information on KubeArmor depending on the current environment. Information such as whether KubeArmor is supported in the current environment, KubeArmor current running mode, the enforcer used by KubeArmor, the pods in the environment being handled by KubeArmor, the policies being applied to the pods etc. 

Mentee: Esther Adenekan (blog on internship experience)

Mentor: Rahul Jadhav, Barun Archarya, Ankur Kothiwal

“This is my first experience with open source contribution and I must say, I had an amazing experience. When I started, I had very little understanding of the project, but the mentors were super helpful and supportive, also the documentations were superb, So with that, I was able to take off. Also, the Slack community is the most responsive one I’ve seen, they answer questions and fix bugs as soon as possible. It made the experience cool for me and I decided to continue contributing to this project.”

KubeArmor

KubeArmor is a cloud-native runtime security enforcement system that restricts the behavior (such as process execution, file access, and networking operations) of containers and nodes (VMs) at the system level. KubeArmor leverages Linux security modules (LSMs) such as AppArmor, SELinux, or BPF-LSM. Objective of the mentorship was to make KubeArmor compatible with the Redhat Openshift Container Platform. KubeArmor needs to communicate with the machine of the cluster via container runtime running on them. KubeArmor supports container runtime such as docker, containerd, and k3s, but it doesn’t support cri-o container runtime which is there in RHEL machines. Redhat Openshift Container Platform runs on RHEL machines and to communicate with machines we need to support cri-o.

Mentee: Vikas Verma 

Mentor: Rahul Jadhav, Barun Acharya, Ankur Kothiwal

“Mentorship experience was fantastic. I got the chance to work with mentors on open source project whose primary focus is on security. I started mentorship just after clearing CKS, so I got a chance to explore more kubernetes in terms of security. I got a chance to learn Golang, the Openshift platform, RHEL OS, container runtimes, and LSMs. Mentors were great, very patient and supportive, had great brain storming sessions with them. These past 3 months were amazing.”

Kyverno

Pod Security admission (PSa) is a built-in solution that applies different isolation levels of Pod Security Standards for Pods. With the release of Kubernetes v1.25 (08/2022), one major change is the removal of PodSecurityPolicy and the graduation of Pod Security Admission to stable.

Once PSa is enabled for namespaces, a configured level of Privileged, Baseline, or Restricted applies to all pods and workloads within the namespace. The level is configured as a label on the namespace. There is no option to select specific pods or control, for granular policies.

My task was to create a new Kyverno rule that can be integrated with PSa, and extend its ability by providing fine grained checks and other functions.

Mentee: Hyok Il KIM (blog on internship experience)

Mentor: Shuting ZHAO

“It was an insightful and challenging experience to work on this project. Big thanks again to all Kyverno maintainers for their help and warm support. I consider this mentorship program as the starting point of my open source journey and will definitely continue to contribute Kyverno and other projects.”

OpenELB

OpenELB is an open-source load balancer implementation designed for exposing the LoadBalancer type of Kubernetes services in bare metal, edge, and virtualization environments. This project aims to support for BGP policy in OpenELB by leveraging the GoBGP policy feature for controlling the route advertisement. This feature might also be referred to as Route Map in other BGP implementations.

Amal Thundiyil

Mentee: Amal Thundiyil (blog on internship experience)

Mentor: Chauncey Jiang, Yunkang Ren, and Feynman Zhou

“It was awesome fun working on K8 controllers, CRDs, and a project which involved networking concepts. There were twists and turns along the way but somehow managed to consolidate everything and bring it to fruition. All the mentors were extremely helpful and responsive all along the way, and I truly thank them for putting in the time and effort for mentoring me to make this project happen 🚀. See you later with new PRs and new updates 😁. 再见 👋.”

Below is the full list of successful interns:

Mentoring ProjectMentor(s)Mentee
CNCF – Crossplane: Document and add automated testing for pulling packages from private registriesDaniel Mangum, Jared WattsParul Sahoo
CNCF – Crossplane: Report breaking changes in CustomResourceDefinition schemas for Pull RequestsJared Watts, Muvaffak OnuşRuhika Bulani
CNCF – Devfile: Add Compose file support in the spec APIMario LoriedoIshan Shanware
CNCF – Devfile: Add some syntax sugar to speficy the components that are deployed at startupMario LoriedoRajib Mitra
CNCF – Karmada: Cluster Resource modelingRen HongcaiDezhi Yu
CNCF – Karmada: Design & Develop FederatedResourceQuota, SearchRegistry & MultiClusterIngressRen Hongcai, Chinmay MehtaShwet Khatri
CNCF – Karmada: Develop Override policy, Resource Binding, Work PageRen Hongcai, Chinmay MehtaJun Xiang
CNCF – Karmada: Develop Propagation policy, Settings, About PagesRen Hongcai, Chinmay MehtaRupesh Gelal
CNCF – KubeArmor: Extend kArmor to include KubeArmor configurationRahul Jadhav, Ankur Kothiwal, Barun AcharyaEsther Oluwatomi Adenekan
CNCF – KubeArmor: Support for OpenShiftRahul Jadhav, Ankur Kothiwal, Barun AcharyaVikas Verma
CNCF – Kubernetes: Add GPU support to Cluster API Provider GCP (CAPG)Richard Case, Carlos Panato, Davanum SrinivasAniruddha Basak
CNCF – Kubernetes: Cluster API Provider GCPRichard Case, Carlos Panato, Davanum SrinivasSubhasmita Swain
CNCF – Kyverno: CLI test schema and enhancementsChip Zoller, Vyankatesh KudtarkarPrateek Nandle
CNCF – Kyverno: Integrate Kubernetes Pod Security with KyvernoShuting ZhaoHyokil Kim
CNCF – Kyverno: Kyverno SLSA 3Jim BugwadiaZahid Ur Rehman
CNCF – Meshery: Cloud Native PlaygroundLee Calcote, Aditya ChatterjeeDebopriya Bhattacharjee
CNCF – Meshery: Design ConfiguratorLee Calcote, Ashish TiwariAritra Sur
CNCF – OpenELB: Provide the OpenELB Web UI for managing EIP and IP poolFeynman Zhou, Changjiang Li, Yunkang RenAnurag Pathak
CNCF – OpenELB: Support BGP policy in OpenELBFeynman Zhou, Chauncey Jiang, Yunkang RenAmal Thundiyil
CNCF – Service Mesh Performance: Implementation of MeshMarkLee Calcote, Abhishek KumarGaurav Chadha
CNCF – Thanos: Implement Unified Endpoint DiscoveryBartlomiej Płotka, Saswata MukherjeeSrushti Sapkale
CNCF – Tremor: Hygenic error handling and validation for pipelinesHeinz Gies, Matthias WahlCarol Geng
CNCF – Tremor: Pluggable loggingDarach Ennis, Ramona ŁuczkiewiczRebecca Abli
CNCF – Volcano: Official Website Docs EnhancementLei Wu, Liang TangJiaojiao Wu
CNCF – Volcano: Volcano scalability enhancementLei Wu, Liang TangJiahuan Chen
CNCF – WasmEdge: Create a Tokio-like async runtime in WasmEdgeMichael YuanHeng Zhang
CNCF – WasmEdge: Support Durable Objects (DO) in WasmEdgeMichael YuanRichard Chien