KubeCon + CloudNativeCon Virtual | August 17-20, 2020 | Don’t Miss Out | Learn more



CNCF Maintainer Spotlight: Torin Sandall of OPA

By | Blog, Spotlight

Project Post

This month, we’re shining a spotlight on Torin Sandall, co-creator and maintainer of Open Policy Agent, an incubating project in CNCF. 

OPA has many recent developments to highlight: The v0.19 release includes a new parser for OPA’s language (Rego), which reduces memory allocations and improves performance by about 100x. New features have been launched in the playground to “help new users kick the tires, e.g., a catalogue of example policies, bundle serving, and better support for external context,” says Torin. Plus, the project has recently completed a security audit with the help of Trail of Bits, removed the use of finalizers, and added support for standalone audits of Kubernetes clusters.

Torin took time to answer a few questions about all the buzz around OPA.

Tell us a bit about your background.

I’ve spent most of my career building libraries, tools, and services for other developers. Eventually I became interested in helping organizations efficiently manage their stacks using more general-purpose technology. Declarative systems like Kubernetes and OPA are a key part of that story. I joined Styra as an early employee and co-created OPA (along with Tim Hinrichs and Teemu Koponen) to provide a building block that unifies policy and authorization across a range of technology. I’ve been maintaining OPA actively since inception.

What do you think is the most important part of being a maintainer?

Excellent question! I think there are many ways to be a great maintainer. Obviously it’s nice if you can ship the right features for your users as efficiently as possible. However, I think it’s equally (if not more) important to ensure that users and other contributors have a positive experience when they interact with the project. This goes way beyond just writing code. You need to care about developer experience, documentation, testing, support, process, communication, and so on. In the end, I think it comes down to focusing on quality (whatever that means to you) in as many areas as possible.

Any messages or shoutouts you’d like to give to the OPA community?

The OPA community is growing quickly. We’ve received a lot of positive feedback about the experience people have when they join Slack, post on GitHub or Stack Overflow, etc. So, as the community gets bigger, let’s continue to treat new users kindly and be conscious of the fact that people have differing experiences, points of view, and goals and sometimes those don’t align with our own. Hopefully OPA can continue to meet as many needs as possible.

I’d like to give shoutouts to the other OPA maintainers that keep the project going: Tim Hinrichs, Ash Narkar, Patrick East, Rita Zhang, Max Smythe, Sertaç Özercan, and Craig Tabita. I’d also like to recognize Stephan Renatus from Chef who has consistently supported new community members over the past two years.

How has being part of CNCF been beneficial to the project? What else can we do for you?

At a very high level, CNCF gives OPA a vendor-neutral home that is aligned with our goal of providing reusable building blocks to end users as well as vendors. More specifically, CNCF provides valuable funding for things like security audits as well as advice and support around project governance and community engagement. Also, CNCF helps us out with messy infrastructure needs like artifact signing. Keep up the good work!

Any final thoughts?

We’re always looking for new integrations between OPA and other software systems. If you’re interested in contributing code to the OPA community, this is a great way to get started. For example, we’ve recently seen end users contribute new integrations for projects like Kong and Kafka. Please reach out if this sounds interesting to you.

Project Spotlight: etcd 

By | Blog, Spotlight

Project Post

We’re kicking off our first project spotlight with etcd, which recently completed a security audit with Jepsen

A CNCF incubating project, etcd is a distributed, reliable key-value store for critical data in a distributed system. As part of a security audit, the etcd team worked with Jepsen to verify etcd v3.4.3’s key-value operations, locks, and watches. The report, which was released earlier this year, concluded that there were no problems with key-value operations or watches. However, a theoretical risk discovered with the locks — that they could not guarantee mutual exclusion in asynchronous networks — led the etcd team to do further work on documentation around safety guarantees.

“Besides Jepsen analysis, the etcd community always welcomes contributions related to correctness and reliability,” says etcd co-creator Xiang Li. “We are excited about the results of this testing, and will remain vigilant while building a well engineered and correct product.”

Congratulations to the etcd team!

CNCF Ambassador Spotlight: Queeny Jin of TiKV

By | Blog, Spotlight

Project Post

Our first ambassador spotlight goes to Queeny Jin, who has been spreading the word about the incubating CNCF project TiKV since its inception in 2016. She’s been working at PingCAP, the company that created the project, since May 2016, and “I am very lucky to witness the birth, the development, and the evolution of TiKV, both in terms of the project and the community,” she says. “It’s so exciting to see how popular TiKV is after it became part of the CNCF community. Now it has 7.2k stars and 230 contributors all over the world.”

As a contributor to TiKV, Queeny says, “I have witnessed the importance and influence of the CNCF community,” so she became an ambassador to “make a difference together in the Chinese open source community and CNCF ecosystem.”

Indeed, one of Queeny’s biggest accomplishments has been making the content created about TiKV by Chinese contributors available to a wider English-speaking audience. “I see the potential of TiKV being the foundation of future cloud native infrastructure all around the world, so I decided to organize a team of transcreators (not just translators),” she says. “The content published on the TiKV website, such as the documentation and the blogs, are all from this team.” (One of the blogs was the 4th most popular post in CNCF’s 2019 annual report, with 13,859 page views: Building a Large-Scale Distributed Storage System Based on Raft.) 

Here’s a quick interview with Queeny about her work with TiKV.

What do you want the public to know about TiKV?

The TiKV project aims to enable and empower the next generation of databases by providing a reliable, high quality, practical storage foundation. We are in the process of graduating and would really love to have your support.

Do you have any shoutouts for the TiKV community?

Thank you, my beloved contributors, committers, maintainers, adopters, and especially the great CNCF community, for your great contribution and support in the past! I believe we are on the right track to make TiKV the foundation of next-generation infrastructure and have a very promising future ahead of us. Together we can go further!

Is there anything else you’re working on?

I would also like to advocate for another project, chaos mesh, a Chaos Engineering Platform for Kubernetes. Chaos Mesh is a versatile Chaos Engineering platform that features all-around fault injection methods for complex systems on Kubernetes, covering faults in Pod, network, file system, and even the kernel. It’s in the process of being reviewed for the CNCF sandbox

What’s the best part of being an ambassador?

Exposure to all these cutting-edge cloud native technologies (a lot of them!) and meet other cloud native people with the same vision.