[Incubation] Metal3.io Incubation Application

[kashifest]

Metal3.io Incubation Application

Project Repo(s): https://github.com/metal3-io Project Site: https://metal3.io/ Sub-Projects: NA Communication: https://github.com/metal3-io/community?tab=readme-ov-file#socializing

Project points of contacts: Adam Rozman, adam.rozman@est.tech Dmitry Tantsur, dtantsur@redhat.com Kashif Khan, kashif.khan@est.tech Tuomo Tanskanen, tuomo.tanskanen@est.tech Zane Bitter, zbitter@redhat.com

Incubation Criteria Summary for Metal3.io

Adoption Assertion

The project has been adopted by the following organizations in a testing and integration or production capacity:

• Metal3.io Adopters are tracked here https://github.com/metal3-io/community/blob/main/ADOPTERS.md

Other open source projects that are utilizing Metal3:

• Airship
• Cluster API
• DT Technik "Das SCHIFF"
• OpenShift
• Sylvia-Projects
• Kanod
• Medik8s

Furthermore maintainers have noticed that there are many more companies that are actively using Metal3, as representatives of said companies are opening issues, writing proposals and in general contribute to the project but have not registered themselves as official adopters.

Application Process Principles

Suggested

N/A

Required

• [x] Give a presentation and engage with the domain specific TAG(s) to increase awareness
• Presented on tag-runtime meeting for 18-07-2024, and can be discovered at https://www.youtube.com/watch?v=YhGOd9jhWog&t=932s.

- [ ] **TAG provides insight/recommendation of the project in the context of the landscape** - To be done by Tag Runtime - [X] **All project metadata and resources are [vendor-neutral](https://contribute.cncf.io/maintainers/community/vendor-neutrality/).** - Yes. Metal3.io is utilizing CNCF provided vendor neutral resources for communication, testing , hosting and governance. - [X] **Review and acknowledgement of expectations for [Sandbox](https://sandbox.cncf.io) projects and requirements for moving forward through the CNCF Maturity levels.** - Met during [Project's application](https://github.com/cncf/toc/pull/408) on 08-09-2020. - [ ] **Due Diligence Review.** - To be done by TOC Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisifies the Due Diligence Review criteria. - [X] **Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.** - Installation documentation - https://book.metal3.io/developer_environment/tryit - End user documentation- https://book.metal3.io/ - Blog posts - https://metal3.io/blog/index.html ## Governance and Maintainers Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy. ### Suggested - [X] **Clear and discoverable project governance documentation.** - [Project Governance](https://github.com/metal3-io/community/tree/main) - [Community healthcheck and governance repository](https://github.com/metal3-io/community/tree/main) - [X] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** - Metal3.io project Governance has iterated organically as it has gained experienced over the years. Contributor Roles and contributor ladder processes are streamlined over the past years as well as team member onboarding/offboarding process is well defined. The Project has currently 17 maintainers and it has received contributions from 426 contributors who come from 60 different companies. - [X] **Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.** - Yes, governance repository is kept up to date according to project activities. List of PRs that keep these documents and repository up to date can be found here https://github.com/metal3-io/community/pulls?q=is%3Apr+is%3Aclosed - [X] **Governance clearly documents [vendor-neutrality](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) of project direction.** - [Metal3 Vendor neutrality document](https://github.com/metal3-io/community/blob/main/VENDOR_NEUTRALITY.md) - [X] **Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.** - [Maintainer governance](https://github.com/metal3-io/community/blob/main/maintainers/README.md) - [Contributor Roles ](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-ROLE.md) - [Contributor ladder ](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-LADDER.md) - [Contributing guide](https://github.com/metal3-io/community/blob/main/CONTRIBUTING.md) - [X] **Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).** - [Maintainer governance](https://github.com/metal3-io/community/blob/main/maintainers/README.md) - [Contributor Roles ](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-ROLE.md) - [Contributor ladder ](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-LADDER.md) - [X] **Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).** - [Maintainer governance](https://github.com/metal3-io/community/blob/main/maintainers/README.md) - [Contributor Roles ](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-ROLE.md) - [Contributor ladder ](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-LADDER.md) - [X] **Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.** - Here are some examples: Adding maintainer: https://github.com/metal3-io/metal3-dev-env/commit/da6b2a9915b5716951bd3af37f11a7eb690f7e38 Moving maintainer to emeritus: https://github.com/metal3-io/baremetal-operator/commit/75c649d72c53bd2389fff3f6d0ced22c9624e1f8 - [X] **If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.** - NA ### Required - [X] **Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.** - [Metal3.io Maintainers ](https://github.com/metal3-io/community/blob/main/maintainers/ALL-OWNERS) - [Maintainer Processes](https://github.com/metal3-io/community/tree/main/maintainers) - [X] **A number of active maintainers which is appropriate to the size and scope of the project.** - Metal3.io has 17 active maintainers - [X] **Code and Doc ownership in Github and elsewhere matches documented governance roles.** - [DCO](https://github.com/metal3-io/community/blob/main/DCO) - [Contributor Guide](https://github.com/metal3-io/community/blob/main/CONTRIBUTING.md) - [X] **Document agreement that project will adopt CNCF Code of Conduct.** - [Metal3.io follows CNCF Code of Conduct](https://github.com/metal3-io/community/blob/main/CODE_OF_CONDUCT.md) - [X] **CNCF Code of Conduct is cross-linked from other governance documents.** Yes. https://github.com/metal3-io/community/blob/main/GOVERNANCE.md - [X] **All subprojects, if any, are listed.** NA ## Contributors and Community Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy. ### Suggested - [X] **Contributor ladder with multiple roles for contributors.** - [Contributor ladder](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-LADDER.md) ### Required - [X] **Clearly defined and discoverable process to submit issues or changes.** - [Example issue template](https://github.com/metal3-io/cluster-api-provider-metal3/tree/main/.github/ISSUE_TEMPLATE) - [Example Contributing Guide](https://github.com/metal3-io/cluster-api-provider-metal3/blob/main/CONTRIBUTING.md) - [X] **Project must have, and document, at least one public communications channel for users and/or contributors.** - [X] **List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.** - [Communication channels](https://github.com/metal3-io/community?tab=readme-ov-file#socializing) - [X] **Up-to-date public meeting schedulers and/or integration with CNCF calendar.** - Project has applied to be integrated with CNCF calendar - [X] **Documentation of how to contribute, with increasing detail as the project matures.** - [Example Contributing Guide](https://github.com/metal3-io/cluster-api-provider-metal3/blob/main/CONTRIBUTING.md) - [X] **Demonstrate contributor activity and recruitment.** - [Metal3.io devstat dashboard](https://metal3.devstats.cncf.io/d/8/dashboards?orgId=1&refresh=15m&search=open) - Metal3 has had [426 individual contributors](https://metal3.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1) on the project’s GitHub repositories from [60 different organizations.](https://metal3.devstats.cncf.io/d/5/companies-table?orgId=1) - The project has [906 Stargazers/Watchers and 455 forks](https://metal3.devstats.cncf.io/d/18/overall-project-statistics-table?orgId=1) across its repositories. - [DevStats graph](https://metal3.devstats.cncf.io/d/8/dashboards?orgId=1&editPanel=2&from=now-1y&to=now-1h) shows that we have a fairly consistent number of contributions throughout the past year. - [CloMonitor stats](https://clomonitor.io/projects/cncf/metal3-io) also shows Metal3 is doing fairly well in CNCF best practice metrics. - In addition, we have a very high number of downloads of our container images from quay.io. Since the download statistics is not publicly visible, we are not adding any link. As an example of our traction the aggregated number of container image downloads from the Metal3's container repository from 20-11-2023 to 19-12-2023 was on average 14830 and the peak was 40,584 during a single day. ## Engineering Principles ### Suggested - [X] **Roadmap change process is documented.** - [Community Roadmap](https://github.com/metal3-io/community/blob/main/ROADMAP.md) - [X] **History of regular, quality releases.** We started releasing major components even before we were accepted as Sandbox and since then we have stream lined the release process and added more component releases from different repositories across the organizations. Here are the release pages - [Cluster API Provider Metal3](https://github.com/metal3-io/cluster-api-provider-metal3/releases) - [Baremetal Operator](https://github.com/metal3-io/baremetal-operator/releases) - [IP Address Manager](https://github.com/metal3-io/ip-address-manager/releases) - [Ironic Image](https://github.com/metal3-io/ironic-image/releases) ### Required - [X] **Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently.** - [Project Goal](https://book.metal3.io/#metal%C2%B3) - [X] **Document what the project does, and why it does it - including viable cloud native use cases.** - [Metal³ user-guide](https://book.metal3.io/#metal%C2%B3) - [X] **Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.** - [Project Roadmap](https://github.com/orgs/metal3-io/projects/8) - [Roadmap Process Documentation](https://github.com/metal3-io/community/blob/main/ROADMAP.md) - [X] **Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation.** - [Metal³ user-guide](https://book.metal3.io/#metal%C2%B3) - [X] **Document the project's release process.** - [Release Process](https://github.com/metal3-io/metal3-docs/blob/main/processes/releasing.md) ## Security Note: this section may be augemented by a joint-assessment performed by TAG Security. ### Suggested N/A ### Required - [X] **Clearly defined and discoverable process to report security issues.** - [Project security policy](https://book.metal3.io/security_policy) - [X] **Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)** - Two factor authentication is enforced. - [X] **Document assignment of security response roles and how reports are handled.** - [Project security policy](https://book.metal3.io/security_policy) - [Security team](https://github.com/metal3-io/community/blob/main/CONTRIBUTOR-ROLE.md#security-team) - [X] **Document Security Self-Assessment.** - WIP https://github.com/metal3-io/metal3-docs/pull/456 - [X] **Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.** - [OpenSSF Best Practices passing badge](https://www.bestpractices.dev/en/projects/9160) ## Ecosystem ### Suggested N/A ### Required - [X] **Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)** Metal3.io Adopters are tracked here https://github.com/metal3-io/community/blob/main/ADOPTERS.md Other open source projects that are utilizing Metal3: - [Airship](https://github.com/airshipit) - [Cluster API](https://github.com/kubernetes-sigs/cluster-api) - [DT Technik "Das SCHIFF"](https://github.com/telekom/das-schiff) - [OpenShift](https://github.com/openshift) - [Sylvia-Projects](https://gitlab.com/sylva-projects/sylva-elements/helm-charts/sylva-capi-cluster) - [Kanod](https://gitlab.com/Orange-OpenSource/kanod) - [Medik8s](https://github.com/medik8s?q=metal3&type=all&language=&sort=) Furthermore maintainers have noticed that there are many more companies that are actively using Metal3, as representatives of said companies are opening issues, writing proposals and in general contribute to the project but have not registered themselves as official adopters. - [X] **Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)** The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation. - [ ] **TOC verification of adopters.** - To be done by TOC Refer to the Adoption portion of this document. - [X] **Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.** - The Metal3 stack integrates into Kubernetes Cluster API which is a CNCF project. - Metal3's IPAM is also used by cluster-api-provider-vsphere's CI. Cluster-api-provider-vsphere is a sub-project of sig-cluster-lifecycle and is a CNCF supported project. Other open source projects that are utilizing Metal3: - [Airship](https://github.com/airshipit) - [Cluster API](https://github.com/kubernetes-sigs/cluster-api) - [DT Technik "Das SCHIFF"](https://github.com/telekom/das-schiff) - [OpenShift](https://github.com/openshift) - [Openstack Ironic](https://wiki.openstack.org/wiki/Ironic) - [Sylvia-Projects](https://gitlab.com/sylva-projects/sylva-elements/helm-charts/sylva-capi-cluster) - [Kanod](https://gitlab.com/Orange-OpenSource/kanod) - [Medik8s](https://github.com/medik8s?q=metal3&type=all&language=&sort=) ## Additional Information

[kashifest]

This issue is opened with reference to our incubation proposal opened earlier last year here https://github.com/cncf/toc/pull/1231

[Rozzii]

Just adding some example that was left out from the "Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required."

Adding maintainer: https://github.com/metal3-io/metal3-dev-env/commit/da6b2a9915b5716951bd3af37f11a7eb690f7e38 Moving maintainer to emeritus: https://github.com/metal3-io/baremetal-operator/commit/75c649d72c53bd2389fff3f6d0ced22c9624e1f8

[angellk]

@kashifest Thank you for re-submitting the application with the new template. Moving this to Metal3's current place in the queue on the project board.

[racedo]

@angellk is there any other input we can provide to help moving this forward? Thanks!

[TheFoxAtWork]

This is ideally next for TOC assignment contingent on expertise alignment of TOC members

[angellk]

@kashifest @racedo @Rozzii In preparation for Metal3.io to be picked up by a TOC member after the KubeCon freeze period -- and prior to TOC member assignment -- please:

• review the definition of an adopter
• verify 5-7 project adopters that can and are willing to be interviewed by the TOC reviewer(s) and
• submit information for each adopter to the Adopter Interview Questionnaire form.
• complete the in-progress Security Self Assessment

[kashifest]

@angellk thanks a lot for the heads up, we are already working on the steps you suggested.

[tuminoid]

• complete the in-progress Security Self Assessment

https://github.com/metal3-io/metal3-docs/pull/456 has been completed and merged in metal3-docs.

[rochaporto]

@angellk thanks a lot for the heads up, we are already working on the steps you suggested.

Ping us here when you've submitted the adopter information, you're next in the queue.

[kashifest]

Ping us here when you've submitted the adopter information, you're next in the queue.

We have submitted 4 Adopter's contact information now, for the 5th we are gathering the contact information as we speak.

[kashifest]

Ping us here when you've submitted the adopter information, you're next in the queue.

We have submitted 4 Adopter's contact information now, for the 5th we are gathering the contact information as we speak.

And now we have submitted 5th Adopter information as well.

[angellk]

@rochaporto confirmed the Adopter information is captured in the sheet - Metal3.io is ready to be picked up for Due Diligence post freeze.