CNCF Project Onboarding Guide: A Step-by-Step Checklist

by Alex Johnson 56 views

Congratulations on your project's acceptance into the CNCF Sandbox! This guide provides a detailed checklist and essential information to ensure a smooth onboarding process. The goal is to complete the onboarding within one month of acceptance, so let’s dive in.

Understanding CNCF Onboarding

This article will serve as your roadmap for navigating the CNCF onboarding process. Onboarding your project involves several crucial steps, from legal agreements to technical integrations, all designed to set your project up for success within the Cloud Native Computing Foundation (CNCF). Before proceeding, it's essential to understand the foundational documents and policies that govern CNCF projects. This includes the CNCF IP Policy, which ensures compliance with licensing standards, and the CNCF Third Party License Policy, which regulates the licenses used by third-party libraries within your project. Make sure your project uses the Apache 2.0 license for inbound contributions, aligning with CNCF requirements. Familiarize yourself with the LF trademark guidelines to ensure your project's branding aligns with Linux Foundation standards. These steps not only ensure legal compliance but also lay a solid foundation for your project's future growth and acceptance within the CNCF ecosystem. Additionally, transferring any existing trademarks and logo assets to the Linux Foundation via the Contribution Agreement is a critical step. CNCF staff will send this document to the contact emails listed in the Sandbox application, so keep an eye out for it. By addressing these prerequisites early, you'll streamline the onboarding process and set your project up for long-term success within the CNCF.

Essential Documents and Policies

Before embarking on the onboarding journey, it’s crucial to familiarize yourself with key CNCF documents and policies. The Technical Leadership Principles provide a framework for expected behavior among maintainers in leadership roles, fostering a collaborative and respectful environment. Understanding these principles ensures your project's leadership aligns with the CNCF's values, promoting effective communication and decision-making. Review the project proposal process and requirements to gain insights into how projects are evaluated and accepted into the CNCF, which can inform your project's long-term strategy and development. Knowing the criteria for project graduation can help you plan for future milestones and align your efforts with CNCF expectations. Explore the services available for your project at the CNCF, ranging from marketing support to infrastructure resources, to leverage the full range of benefits the CNCF offers. Familiarizing yourself with these resources early on allows you to take full advantage of the CNCF's support network. The online program guidelines ensure your project's online presence and activities align with CNCF standards, covering aspects such as webinars, meetups, and online events. Compliance with these guidelines helps maintain a consistent and professional image for the CNCF ecosystem. Lastly, understand the telemetry data collection and usage policy to be informed about how project data is collected and utilized by the CNCF. This understanding ensures transparency and allows you to make informed decisions about data sharing and privacy. Optionally, you can book time with CNCF staff to discuss available resources, address onboarding tasks together, or ask any questions you may have. This personalized support can be invaluable in navigating the onboarding process efficiently and effectively.

  • [ ] Review and understand the CNCF IP Policy. Ensure you are using a CNCF compatible license; inbound projects must use the Apache 2.0 license. Licenses for dependencies are covered separately below.
  • [ ] Review and understand the CNCF Third Party License Policy. This policy governs the licenses used by third party libraries in your project. CNCF FOSSA or CNCF Snyk are configured to check that projects are in compliance with this policy. Let us know which service you would prefer to use.
  • [ ] Review and understand the LF trademark guidelines. Let the TOC know if you plan to change your project name.
  • [ ] Transfer any trademark and logo assets to the Linux Foundation via the Contribution Agreement. CNCF staff will send this document to the contact emails listed in the Sandbox application.

Contribute and Transfer Materials to CNCF

Contributing your project's assets and materials to the CNCF ecosystem is a vital step in the onboarding process. Moving your project to its own separate, neutral GitHub organization is paramount, as this facilitates its transfer to the CNCF's GitHub Enterprise account. This ensures that the project is hosted under a neutral umbrella, fostering community trust and collaboration. If your project is already in another GHE account, you'll need to remove it from that account first. Once moved, accept the invite to join the CNCF GitHub Enterprise account. The CNCF will then add thelinuxfoundation as an organization owner, further solidifying the neutral hosting of your project. Migrating your Slack channels, if any, to the Kubernetes or CNCF Slack workspace is essential for consolidating community engagement. This allows project communities to be more discoverable, enables the CNCF to enforce its Code of Conduct, and provides unlimited message retention, ensuring a comprehensive archive of project communications. Joining the #maintainers-circle Slack channel is another crucial step, as it connects you with other project teams within the CNCF ecosystem. This channel serves as a valuable platform for finding and sharing knowledge, best practices, and collaborative opportunities. Transferring your domain(s) to the CNCF, if they exist, ensures consistent branding and domain management within the foundation. Use the designated channels and procedures to initiate this transfer, with projects@cncf.io as the LF Stakeholder email and CNCF as the Project. Submitting a pull request with your project's artwork, if available, to the CNCF artwork repository helps showcase your project's visual identity within the broader CNCF landscape. If you lack existing artwork, the CNCF can provide design assistance, ensuring your project has a visually appealing presence. Finally, transferring website analytics, if they exist, by making projects@cncf.io an admin of your existing Google Analytics org account, allows the CNCF to maintain a holistic view of project performance and user engagement. By diligently completing these steps, you'll contribute to the vibrancy and coherence of the CNCF ecosystem while ensuring your project benefits from its resources and support.

  • [ ] Move your project to its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account. If it's already in another GHE account, you will need to remove it from that first.
  • [ ] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project.
  • [ ] Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace. CNCF staff can help. This allows project communities to be more discoverable, allows the CNCF to enforce its Code of Conduct, and enables unlimited message retention.
  • [ ] Join the #maintainers-circle Slack channel to find and share knowledge with other project teams.
  • [ ] Transfer your domain(s) to the CNCF if they exist. The "LF Stakeholder email" is projects@cncf.io. The "Project" is CNCF.
  • [ ] Submit a pull request with your artwork if it exists. If you don't have artwork, CNCF can help design some.
  • [ ] Transfer website analytics if they exist. Make projects@cncf.io an admin of your existing Google Analytics org account so that we can move it to a CNCF-managed account.

Updating and Documenting Project Details

Updating and documenting your project's details ensures transparency, maintainability, and community engagement within the CNCF ecosystem. Creating a maintainer list and adding it to the aggregated CNCF maintainer list via pull request is essential for identifying key project contributors and their roles. This list serves as a central reference point for the community and the CNCF, facilitating communication and coordination. Providing maintainer emails to project-onboarding@cncf.io grants access to the mailing list and Service Desk, enabling maintainers to stay informed about project-related discussions and seek support when needed. It's important to note that these emails are not publicly shared in the spreadsheet, ensuring privacy while maintaining efficient communication channels. Ensuring that DCO (Developer Certificate of Origin) checks are enabled for all GitHub repositories of the project is a critical step in safeguarding intellectual property rights and maintaining clear contribution guidelines. You may also choose to use a CLA (Contributor License Agreement) for further legal protection. Verifying that the CNCF Code of Conduct, or your adopted version, is explicitly referenced in the project's README.md on GitHub underscores your commitment to fostering an inclusive and respectful community environment. This makes it clear to all contributors and users what standards of behavior are expected. Similarly, ensuring the LF footer is on your website and that guidelines are followed, or adopting those guidelines for your README.md file if you don't have a dedicated website, maintains a consistent brand identity and user experience across the CNCF ecosystem. Start working on written, open governance and consider adding this to a GOVERNANCE.md file at the root of your repo to provide clarity on project decision-making processes and community participation. This document enhances transparency and fosters trust among contributors. Initiating the development of a security policy and adding it to a SECURITY.md file at the root of your repo is crucial for outlining how security vulnerabilities are handled and ensuring the project remains secure. This proactive approach builds confidence among users and contributors. Embarking on the journey to earn an OpenSSF Best Practices Badge demonstrates your commitment to software supply chain security and best practices. This badge serves as a credible indicator of your project's dedication to quality and security. Finally, importing all project repos into your chosen license scanning service, either CNCF FOSSA or CNCF Snyk, ensures compliance with licensing policies and mitigates potential legal risks. This proactive measure helps maintain the integrity and legality of your project's codebase.

  • [ ] Create a maintainer list and add it to the aggregated CNCF maintainer list via pull request.
  • [ ] Provide maintainer emails to get access to the mailing list and Service Desk. Send them to project-onboarding@cncf.io. These aren't shared publicly in the spreadsheet above which is why they must be emailed to us.
  • [ ] Ensure that DCO are enabled for all GitHub repositories of the project. You may also choose to use a CLA.
  • [ ] Ensure that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced in the project's README.md on GitHub.
  • [ ] Ensure the LF footer is on your website and guidelines are followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README.md file).
  • [ ] Start working on written, open governance and consider adding this to a GOVERNANCE.md file at the root of your repo.
  • [ ] Start working on a security policy and consider adding this to a SECURITY.md file at the root of your repo.
  • [ ] Start working on an OpenSSF Best Practices Badge.
  • [ ] Import all project repos into your chosen license scanning service (CNCF FOSSA or CNCF Snyk).

CNCF Staff Tasks to Support Your Project

The CNCF staff plays a crucial role in supporting your project's onboarding process by performing several key tasks. Adding your project to DevStats provides comprehensive metrics and analytics, enabling you to track project activity, contributions, and community engagement. DevStats offers valuable insights into project health and growth, helping you make data-driven decisions. Integrating your project with CLOmonitor ensures compliance with CNCF policies and procedures, providing automated monitoring and reporting. This helps maintain project integrity and adherence to best practices. Including your project in LFX Insights offers a holistic view of project contributions, contributors, and community dynamics, leveraging data to inform project strategy and development. This platform provides a wealth of information for understanding your project's ecosystem. Listing your project in the Cloud Native Landscape places it within the broader context of the cloud-native ecosystem, enhancing its visibility and discoverability among potential users and contributors. The Cloud Native Landscape serves as a valuable resource for anyone looking to explore cloud-native technologies. Activating your project in the LFX Project Control Center streamlines administrative tasks, providing a centralized hub for managing project resources, access controls, and governance processes. The LFX Project Control Center simplifies project administration and enhances operational efficiency. Adding the maintainers team to a license scanner service, either CNCF FOSSA or CNCF Snyk, ensures ongoing monitoring of license compliance and helps mitigate potential legal risks. This proactive approach safeguards your project's codebase. Creating a groups.io project maintainer list in PCC (Project Control Center) and subsequently adding this list to maintainers@cncf.io facilitates efficient communication among project maintainers and CNCF staff. These mailing lists serve as crucial channels for announcements, discussions, and coordination. Furthermore, adding your project's groups.io cncf-sandbox-projects list to cncf-sandbox-projects@cncf.io keeps the broader CNCF community informed about your project's progress and activities within the Sandbox program. Finally, sending a welcome email to confirm maintainer list access ensures that maintainers are aware of their roles and responsibilities and can effectively engage with the CNCF ecosystem. By entrusting these tasks to the CNCF staff, you can focus on your project's technical development and community engagement, knowing that the foundation provides essential operational support.

Conclusion

Successfully onboarding your project into the CNCF Sandbox is a significant milestone. By following this comprehensive guide, you'll ensure a smooth transition and set your project up for success within the cloud-native ecosystem. Remember to complete each step diligently and leverage the resources and support available from the CNCF staff and community. Your dedication to these tasks will not only benefit your project but also contribute to the vibrancy and growth of the CNCF as a whole. For more detailed information on cloud-native technologies and the CNCF, visit the CNCF website.

Related Issue: This onboarding issue was automatically created after the community vote was completed in issue #396.