[Incubation] Meshery Incubation Application

[ctcarrier]

Meshery Incubation Application

v1.5 This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.

Project Repo(s): https://github.com/meshery/meshery Project Site: https://meshery.io/ Sub-Projects: https://github.com/meshery/schemas, https://github.com/meshery/meshkit, https://github.com/meshery/meshery-istio, https://github.com/meshery/meshsync, https://github.com/meshery/meshery-linkerd, https://github.com/meshery/meshery-operator Communication: https://slack.meshery.io/

Project points of contacts: Meshery Maintainers, maintainers@meshery.io

Incubation Criteria Summary for Meshery

Adoption Assertion

The project has been adopted by the following organizations in a testing and integration or production capacity:

https://github.com/meshery/meshery/blob/master/ADOPTERS.md

Application Process Principles

Suggested

N/A

Required

• [ ] Give a presentation and engage with the domain specific TAG(s) to increase awareness
  • This was completed and occurred on 04-Nov-2021, and can be discovered at https://www.youtube.com/watch?v=FPMde6EHcJU&t=3936s.

- [x] **TAG provides insight/recommendation of the project in the context of the landscape** https://docs.meshery.io/project/community - [x] **All project metadata and resources are [vendor-neutral](https://contribute.cncf.io/maintainers/community/vendor-neutrality/).** As an open source, vendor neutral project, Meshery was created out of the necessity to enable platform engineers, site reliability engineers, DevSecOps teams - all engineers to collaborate in the management of their infrastructure and workloads. - [ ] **Review and acknowledgement of expectations for [Sandbox](https://sandbox.cncf.io) projects and requirements for moving forward through the CNCF Maturity levels.** - Met during Project's application on 01-Mar-2024: https://github.com/cncf/toc/pull/1264 - [ ] **Due Diligence Review.** Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisfies the Due Diligence Review criteria. - [ ] **Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.** [Installation](https://docs.meshery.io/installation) [Concepts](https://docs.meshery.io/concepts) [Guides](https://docs.meshery.io/guides) [Contributing and Community](https://docs.meshery.io/project) [Reference](https://docs.meshery.io/reference) ## Governance and Maintainers Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy. ### Suggested - [x] **Clear and discoverable project governance documentation.** https://github.com/meshery/meshery/blob/master/GOVERNANCE.md - [x] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** - [x] **Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.** - [ ] **Governance clearly documents [vendor-neutrality](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) of project direction.** - [ ] **Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.** https://github.com/meshery/meshery/blob/master/GOVERNANCE.md https://docs.meshery.io/project/contributing https://docs.meshery.io/project/community - [ ] **Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).** https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#contributors https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#maintainership - [ ] **Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).** https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#becoming-a-maintainer https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#emeritus-maintainers - [ ] **Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.** - [ ] **If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.** https://github.com/meshery/meshery/blob/master/MAINTAINERS.md ### Required - [ ] **Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.** https://github.com/meshery/meshery/blob/master/MAINTAINERS.md - [x] **A number of active maintainers which is appropriate to the size and scope of the project.** - [x] **Code and Doc ownership in Github and elsewhere matches documented governance roles.** - [x] **Document agreement that project will adopt CNCF Code of Conduct.** https://github.com/meshery/meshery/blob/master/CODE_OF_CONDUCT.md - [x] **CNCF Code of Conduct is cross-linked from other governance documents.** https://github.com/meshery/meshery/blob/master/CODE_OF_CONDUCT.md - [ ] **All subprojects, if any, are listed.** ## Contributors and Community Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy. ### Suggested - [x] **Contributor ladder with multiple roles for contributors.** https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#contributors https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#maintainership ### Required - [x] **Clearly defined and discoverable process to submit issues or changes.** https://docs.meshery.io/project/contributing - [x] **Project must have, and document, at least one public communications channel for users and/or contributors.** Slack and mailing lists documented on website. - [x] **List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.** Documented on website. - [x] **Up-to-date public meeting schedulers and/or integration with CNCF calendar.** https://meshery.io/calendar - [x] **Documentation of how to contribute, with increasing detail as the project matures.** https://layer5.io/community/newcomers - [x] **Demonstrate contributor activity and recruitment.** ## Engineering Principles ### Suggested - [x] **Roadmap change process is documented.** https://github.com/meshery/meshery/blob/master/ROADMAP.md - [x] **History of regular, quality releases.** https://github.com/meshery/meshery/releases ### Required - [x] **Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently.** https://docs.meshery.io/project/overview - [x] **Document what the project does, and why it does it - including viable cloud native use cases.** https://docs.meshery.io/concepts/logical - [x] **Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.** https://github.com/meshery/meshery/blob/master/ROADMAP.md - [x] **Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation.** https://docs.meshery.io/concepts/architecture - [x] **Document the project's release process.** https://docs.meshery.io/project/contributing/build-and-release ## Security Note: this section may be augemented by a joint-assessment performed by TAG Security. ### Suggested N/A ### Required - [x] **Clearly defined and discoverable process to report security issues.** https://docs.meshery.io/project/security-vulnerabilities - [x] **Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)** https://github.com/meshery/meshery/blob/master/GOVERNANCE.md#github-project-administration - [x] **Document assignment of security response roles and how reports are handled.** https://docs.meshery.io/project/security-vulnerabilities - [x] **Document Security Self-Assessment.** https://docs.meshery.io/project/security-vulnerabilities#evaluation - [x] **Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.** https://www.bestpractices.dev/en/projects/3564 ## Ecosystem ### Suggested N/A ### Required - [x] **Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)** https://github.com/meshery/meshery/blob/master/ADOPTERS.md - [x] **Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)** The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation. - [ ] **TOC verification of adopters.** Refer to the Adoption portion of this document. - [x] **Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.** https://docs.meshery.io/extensibility/integrations ## Additional Information

[angellk]

@ctcarrier thank you for submitting Meshery's application for incubation. Your presentation to TAG Network was almost 3 years ago - please work with TAG Network and/or TAG Runtime to provide an update on Project meshery scope, architecture and community. cc: @leecalcote @raravena80

[angellk]

Note: replaces #1264

[craigbox]

@ctcarrier thank you for submitting Meshery's application for incubation. Your presentation to TAG Network was almost 3 years ago - please work with TAG Network and/or TAG Runtime to provide an update on Project meshery scope, architecture and community. cc: @leecalcote @raravena80

Reading the project website:

A self-service engineering platform, Meshery, is the open source, cloud native manager that enables the design and management of all Kubernetes-based infrastructure and applications (multi-cloud). Among other features, As an extensible platform, Meshery offers visual and collaborative GitOps, freeing you from the chains of YAML while managing Kubernetes multi-cluster deployments.

Would TAG App Delivery not be the appropriate group?