Closed dave-tucker closed 1 day ago
This is an interesting project in the ebpf ecosystem. Do you have any endorsement or integration with the opensource projects you've named?
Hiya @mauilion!!! In the past we've worked with a number of communities and have even written some integration bits for many of them (some are stale now but easily revivable):
Additionally I've also had great conversations with the inspektor-gadget community at kubecon and are excited to work with them in the future around standardizing how we actually can package eBPF programs into OCI container images.
In short we also hope to continue to integrate with more projects and have already been actively doing so :)
TAG-CS Note, bpfman currently has:
Follow up from today's Sandbox Review (2024-06-11), the project can move forward to a vote, but @mauilion has some specific follow up questions. I'll assign him to chime in with those 👍 /vote
@mrbobbytables has called for a vote on [Sandbox] bpfman
(#76).
The members of the following teams have binding votes: | Team |
---|---|
@cncf/cncf-toc |
Non-binding votes are also appreciated as a sign of support!
You can cast your vote by reacting to this
comment. The following reactions are supported:
In favor | Against | Abstain |
---|---|---|
👍 | 👎 | 👀 |
Please note that voting for multiple options is not allowed and those votes won't be counted.
The vote will be open for 2months 30days 2h 52m 48s
. It will pass if at least 66%
of the users with binding votes vote In favor 👍
. Once it's closed, results will be published here as a new comment.
I will be abstaining due to a conflict of interest.
I don't have a binding vote, but big support from me :vulcan_salute:
Big thumbs up over here, though also non-binding.
/check-vote
So far 18.18%
of the users with binding vote are in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
2 | 0 | 0 | 9 |
User | Vote | Timestamp |
---|---|---|
angellk | In favor | 2024-06-11 21:53:55.0 +00:00:00 |
rochaporto | In favor | 2024-06-12 9:12:01.0 +00:00:00 |
@dims | Pending | |
@mauilion | Pending | |
@linsun | Pending | |
@dzolotusky | Pending | |
@kevin-wangzefeng | Pending | |
@cathyhongzhang | Pending | |
@nikhita | Pending | |
@TheFoxAtWork | Pending | |
@kgamanji | Pending |
/check-vote
So far 81.82%
of the users with binding vote are in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
9 | 0 | 1 | 1 |
User | Vote | Timestamp |
---|---|---|
TheFoxAtWork | Abstain | 2024-06-18 17:36:24.0 +00:00:00 |
linsun | In favor | 2024-06-18 15:18:19.0 +00:00:00 |
angellk | In favor | 2024-06-11 21:53:55.0 +00:00:00 |
rochaporto | In favor | 2024-06-12 9:12:01.0 +00:00:00 |
cathyhongzhang | In favor | 2024-06-17 18:39:11.0 +00:00:00 |
kevin-wangzefeng | In favor | 2024-06-18 12:06:09.0 +00:00:00 |
dims | In favor | 2024-06-18 14:15:15.0 +00:00:00 |
dzolotusky | In favor | 2024-06-18 5:14:19.0 +00:00:00 |
nikhita | In favor | 2024-06-18 4:34:34.0 +00:00:00 |
kgamanji | In favor | 2024-06-18 6:41:10.0 +00:00:00 |
@mauilion | Pending |
The vote passed! 🎉
81.82%
of the users with binding vote were in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
9 | 0 | 1 | 1 |
User | Vote | Timestamp |
---|---|---|
@TheFoxAtWork | Abstain | 2024-06-18 17:36:24.0 +00:00:00 |
@kevin-wangzefeng | In favor | 2024-06-18 12:06:09.0 +00:00:00 |
@angellk | In favor | 2024-06-11 21:53:55.0 +00:00:00 |
@nikhita | In favor | 2024-06-18 4:34:34.0 +00:00:00 |
@dims | In favor | 2024-06-18 14:15:15.0 +00:00:00 |
@rochaporto | In favor | 2024-06-12 9:12:01.0 +00:00:00 |
@cathyhongzhang | In favor | 2024-06-17 18:39:11.0 +00:00:00 |
@kgamanji | In favor | 2024-06-18 6:41:10.0 +00:00:00 |
@linsun | In favor | 2024-06-18 15:18:19.0 +00:00:00 |
@dzolotusky | In favor | 2024-06-18 5:14:19.0 +00:00:00 |
Hello and congrats on being accepted as a CNCF Sandbox project!
Here is the link to your onboarding task list: https://github.com/cncf/toc/issues/1375
Feel free to reach out with any questions you might have!
Application contact emails
datucker@redhat.com
Project Summary
eBPF Program Management built for Linux and Kubernetes
Project Description
Since eBPF is gaining in popularity, we are building tools that make it easier for developers and operations teams to securely deploy and manage eBPF programs in various environments.
bpfman is a suite of eBPF program management tooling that includes:
This suite is available as binaries or RPMs for Linux, and packaged as an Operator for Kubernetes.
Org repo URL (provide if all repos under the org are in scope of the application)
N/A
Project repo URL in scope of application
https://github.com/bpfman/bpfman
Additional repos in scope of the application
No response
Website URL
https://bpfman.io
Roadmap
https://github.com/bpfman/bpfman/milestones
Roadmap context
We use GitHub Milestones to plan our roadmap - 3 months at a time. This planning is done with input from the community during our weekly meetings. Version 0.3 was released on Oct 15, 2023 and our next release, 0.4 is planned for Q1 2024.
Contributing Guide
https://github.com/bpfman/bpfman/blob/main/CONTRIBUTING.md
Code of Conduct (CoC)
https://github.com/bpfman/bpfman/blob/main/CODE_OF_CONDUCT.md
Adopters
No response
Contributing or Sponsoring Org
Red Hat
Maintainers file
https://github.com/bpfman/bpfman/blob/main/MAINTAINERS.md
IP Policy
Trademark and accounts
Why CNCF?
Having open governance is important to us and our potential contributors and we hope joining an open foundation will help make it easier to field contributions from outside Red Hat. We have had a few, but large organizations have more concerns about contributing to a project that is not held independently.
We want to donate bpfman specifically to the CNCF since it is home to several popular eBPF projects with which we’d love to work more closely. We believe that the discoverability offered by the CNCF ecosystem will both enhance contributions as well as introduce us to new opportunities to expand the value of bpfman.
Benefit to the Landscape
bpfman benefits the landscape by providing a secure way of loading eBPF programs on Kubernetes clusters, and by providing observability of the use of eBPF to Kubernetes admins.
Existing eBPF-based projects in the CNCF ecosystem are usually deployed as a privileged pod or daemon set. We’re on a mission to remove the need to proliferate these privileges since they present a security risk. In addition, we integrate with container-based supply chain security tooling, as well as Kubernetes RBAC to provide additional security guarantees.
Cloud Native 'Fit'
bpfman is a cloud native solution since:
Not only that, but bpfman provides a consistent experience across public, private and hybrid clouds, whether you choose to use K8s as your orchestrator or bring your own.
There is no existing solution in a cloud native stack to securely deploy eBPF enabled applications, as well as making the eBPF-enabled app development process simpler. We believe that bpfman would fit into either TAG runtime or TAG security.
Cloud Native 'Integration'
We’ve presented to sig-network, sig-node and sig-security in the Kubernetes community about what we’re building. Several times it has been suggested that “this could be part of kubelet” and we agree that it could, someday, however right now it’s not currently on the agenda for Kubernetes.
We’d like to build this project in the CNCF, with collaboration from others, to help get this integrated into other CNCF projects first where we see an opportunity to collaborate with them and build something that works for everyone.
There are many eBPF projects in the landscape that bpfman could complement, for example:
Cloud Native Overlap
Of the projects listed above that we could complement, you may also consider that we might overlap a little with Inspektor Gadget:
While both projects deploy eBPF programs, bpfman seeks to be a complete runtime solution for eBPF programs whereas Inspektor Gadget is more observability focussed.
This overlap could easily be addressed with some collaboration between the two projects.
Similar projects
Landscape
No
Business Product or Service to Project separation
N/A
Project presentations
No TAGs as yet, but we have presented to sig-network, sig-node and sig-security (see above).
Project champions
No response
Additional information
With the exception of eBPF code, everything is distributed under the terms of the Apache License (version 2.0).
All eBPF code is distributed under the terms either:
The terms of the GNU General Public License, Version 2 The terms of the GNU General Public License, Version 2 OR the BSD 2 Clause license, at your option.
The SPDX headers in each of the files in the files containing eBPF code show exactly which license is in use:
This is required since eBPF programs use GPL-licensed helpers in the Linux Kernel, but we also wish to retain a permissive license to facilitate code reuse.
Both of these licenses in use for eBPF code are permitted for CNCF projects under the recently granted License Exception for eBPF.