toc/FAQ.md

CNCF TOC FAQ

A FAQ geared towards CNCF TOC and project issues.

How do I join the TOC?

The TOC is a body elected by a variety of constituents. There is a public election schedule: https://github.com/cncf/toc/blob/main/process/election-schedule.md

The best way to get involved is to start attending TOC meetings and become an official TOC Contributor: https://github.com/cncf/toc/blob/main/CONTRIBUTORS.md

If you have specific focus areas, CNCF TAG meetings are good opportunity to dive in: https://github.com/cncf/toc/tree/main/tags

What are CNCF TAGs?

The CNCF Technical Advisory Groups (TAGs) scale contributions by the CNCF technical and user community, while retaining integrity and increasing quality in support of our mission.

https://github.com/cncf/toc/tree/main/tags

What type of governance is my CNCF project expected to follow?

CNCF does not require its hosted projects to follow any specific governance model by default.

Instead, CNCF specifies that graduated projects need to "[e]xplicitly define a project governance and committer process."

This varied and open governance approach has led to different projects defining what is best and optimized for their community:

• https://github.com/containerd/project/blob/master/GOVERNANCE.md
• https://github.com/coredns/coredns/blob/master/GOVERNANCE.md
• https://github.com/envoyproxy/envoy/blob/main/GOVERNANCE.md
• https://github.com/helm/community/blob/master/governance/governance.md
• https://github.com/kubernetes/community/blob/master/governance.md
• https://prometheus.io/governance/
• https://thanos.io/governance.md/

All project assets like trademarks, domains, builds, registries, github are neutrally owned by the foundation members versus a single vendor.

Does the CNCF TOC control CNCF projects in anyway?

Neither the CNCF Governing Board (GB) nor the Technical Oversight Committee (TOC) is responsible for managing CNCF-hosted projects.

Instead, the maintainers of those projects manage them; this includes defining the governance process. The GB is responsible for the budget.

TOC members are available to provide guidance and conflict resolution if desired to the projects but do not control them. The TOC also helps mature projects through the various CNCF project maturity levels to ensure projects meet the expected graduation criteria. To date, we have had no meaningful disagreements between the TOC and project maintainers.

Please see the TOC Principles for more details.

What type of support do CNCF projects receive?

The CNCF provides a variety of services that are accessible by maintainers via the ServiceDesk: https://github.com/cncf/servicedesk

What is the definition of an adopter?

Adopters of a CNCF project are any organization that successfully leverages that project in the manner it was intended or repackages it as a core component of a service offering.

The TOC’s intent of identifying adopters is to better understand the operational or production-level use of a given project (which can also be a specification) by its operators or users. We do this to ascertain the level of maturity the project has reached, its interactions with adopters, and its likelihood to continue growing within and supporting the ecosystem.

Cloud native project adopters may be any one of the following or a combination thereof :

• A CNCF End-User member - Companies and organizations who are End User members of the CNCF (https://www.cncf.io/enduser/ & https://landscape.cncf.io/card-mode?enduser=yes)
• Another project - an open source project that leverages a CNCF project as part of their solution, integrates with for compatibility and interoperability, or is used in the supply chain of another project
• A Service Provider - a service provider is a organization that repackages an open source project as a core component of a service offering, sells cloud native services externally
  • APIs
  • SaaS
  • A service provider’s customers are considered transitive adopters and should be excluded from identification within the ADOPTERS.md file.
  • Examples of service providers (and not end users) include cloud providers (e.g., Alibaba Cloud, AWS, Google Cloud, Microsoft Azure), consulting firms (e.g., Accenture, Booz Allen), infrastructure software vendors (e.g., SUSE, Red Hat), and telecom operators (e.g., AT&T, China Mobile). Refer to the vendor category on the landscape for more examples.
• End users - companies and organizations that are not CNCF End-User members that use the project and cloud native technologies internally, or build upon a cloud native open source project but do not sell the cloud native project externally as a service offering (those are service providers)
• Consultancy - an entity whose purpose is to assist other organizations in developing a solution leveraging cloud native technology. They may be embedded in the end user team and is responsible for the execution of the service. They may also package cloud native technologies for reuse as part of their offerings. These function as proxies for an end user.
  • For the purposes of identifying adopters of a project, consultancies are not recommended for inclusion in the ADOPTERS.md file

Projects may leverage the above guidelines to list organizations in their ADOPTERS.md file within their repo.

If you’re not sure if your organization falls into any of these categories you can email info@cncf.io and we’ll help you.

What does CNCF do with its events revenues, especially for projects?

CNCF uses revenues from events first and foremost to cover the cost of events. The remaining money, which can be thought of as the events’ profits, are used to directly support CNCF’s hosted projects. Two recent examples of this include funding $250,000 for the Kubernetes security audit and funding nearly $100,000 for Jepsen testing of etcd. The services CNCF provides to its hosted projects are detailed in the CNCF Annual Report and the Project Journey Reports for Kubernetes and Envoy.

So CNCF invests all events revenues back into the events or to support its hosted projects?

Yes! In fact, CNCF invests both all events profits and a significant portion of its membership revenue in support of its hosted projects.

Does CNCF make decisions based on “pay-to-play” considerations?

No. CNCF’s charter Section 3(c) explicitly calls out fairness as a core value and requires us to ‘avoid undue influence, bad behavior or “pay-to-play” decision-making.’ Also projects are openly governed and technical participation never requires any form of membership. The correct way to view this is that CNCF members PAY TO SUSTAIN and govern the shared budget which goes to sustain project activities such as events,scholarships and security audits.

Does membership or sponsorship level ever affect project-related decisions?

No. All project-related decisions are made by the project maintainers. Maintainership and governance processes are decided by the projects without regard to CNCF membership. Here’s more detail on open governance.

Why do members join if they don’t get to control CNCF and its projects?

The main member benefit is to support the cloud native ecosystem and to be publicly seen supporting it. You can see other benefits on the Join page, but none of them involve control over projects. The governing board has ultimate control over CNCF, but CNCF is managed through a written charter and it consists of many disparate and competing interests. As a result, decision-making is consensus-based.