Updated September 3 17:15 BST with comment from Gustavo Carvalho.
A critical open source Kubernetes project put on hold over maintainer burnout issues is moving to CNCF incubation, with new maintainers now onboard.
As reported by The Stack last month, The External Secrets Operator (ESO) project paused releases and all support in August. Some 350 people have signed up to help build the project amid a flurry of publicity in the weeks since.
(ESO lets organisations running Kubernetes clusters integrate third-party secrets storage platforms, such as AWS Secrets Manager, for secure API key, password and token storage; something that is not natively straightforward with Kubernetes. It is widely used across Fortune 500 environments.)
In an update on Monday, the group said it had spoken to the Cloud Native Computing Foundation (CNCF) to create a new governance model and contribution ladder, with two interim maintainers also added.
However, maintainer Gustavo Carvalho said releases would remain paused, adding “we can only go back to release software when we are confident we have a healthy contribution lifecycle.”
He told The Stack: "Our path forward is leveraging the will from the community to help out the project... CNCF helped us structure that in a way people can help out according to their own capacity and skills (either more related to programming or more related to marketing).
"We are very new to all of this, but from what we've seen, things are for sure improving."
CNCF incubation is the goal
Carvalho said the project aimed to move to incubation within CNCF before restarting updates, citing the need to have a track record of releases and patches, a clear security policy, and a clear release policy.
To achieve this, the group of maintainers said a new contribution ladder would let contributors work up to member and reviewer level before becoming a maintainer.
Members will help with triaging issues, contributing to feature while reviewers will be able to review pull requests and design decisions.
The team also identified four tracks for support, covering continuous integration, testing, core development, and provider-specific implementations, with more to be added “as the project evolves.”
ESO is already a sandbox project at CNCF, the earliest stage of its project lifecycle, but moving to the incubating stage would serve as a signal of its stability.
The step above incubation is graduated projects, described as “highly mature, robust projects whose adopters have demonstrated their production-readiness.”
The link has been copied!
