28 September, 2023
May 29, 2022
Contributed by Scott Rosenberg, Practice Leader, Cloud Technologies and Automation, following his attendance at KubeCon & CloudNativeCon Europe 2022.
One of the wonderful talks at KubeCon this year was given by John McBride, from VMware. I have known John for about a year now, as he is an active maintainer on Tanzu Community Edition and a truly awesome guy.
In his talk, “The Risks of Single Maintainer Dependencies,” John discussed one of the key challenges facing the Open-Source ecosystem these days.
John is a single maintainer for Cobra, which is a Go Library used in nearly every CLI tool, including Kubectl, Helm, Tanzu CLI, Pinniped, Kustomize, Terraform, Vault, etc.
Cobra is a core piece of technology, on which many companies build their tooling, and on which they are fully relying to support their products. Yet, no one is willing to put in the effort and time to maintain it. John is just one example in the OSS (open-source software) community of a lone person who, essentially out of the goodness of his heart, contributes and helps maintain OSS tools such as Cobra, during their free time. Similar challenges exist in other key components of the CNCF landscape, such as Ingress NGINX and even ETCD, which (only since the last critical bug was found) have started to get engineering hours allocated from companies that are investing in Kubernetes.
I truly believe that the main reason behind these cases is that all the backend and behind-the-scenes work is not viewed by upper management in many companies as worthy of investment. It isn’t seen as “cool” tech. While I understand the need for new features, both from the user and the business perspectives, the fact remains that without a strong backend and vibrant and active community maintaining the backend pieces, we will all risk backing ourselves into a corner and finding that our tech stack is full of vulnerabilities and problems.
A similar topic arose at the Contributor Summit on the Monday before the conference, where the challenges of making Kubernetes a sustainable project in the long term were discussed. The forum included a wide range of Kubernetes contributors from all different companies and backgrounds. Some of the key challenges that were raised were related to the lack of interest and effort put into testing and CI signaling by different Special Interest Groups (SIGs) within the Kubernetes project.
Again, in my opinion, this is a result of the same problem: everyone wants to spend their time and effort on the shiny new tech and not on doing the “boring” – but critical – parts that go along with it. I had many hallway conversations with people at the conference on this subject and it seems that this is one of the key takeaways for many people from the week in Valencia. While the situation of single maintainer projects appears to be simply a fact of life at the moment, seeing it come up as a pain point during multiple sessions at the conference gives me hope that this is an issue that will be tackled broadly soon.
I feel privileged to work for a company like TeraSky, that truly and deeply understands the need for helping and contributing to open-source projects, even if they aren’t the glamorous ones or the ones we sell directly! Having the ability to work on OSS technology as part of my position at TeraSky reaffirms our company’s commitment to the CNCF landscape as a whole and the Kubernetes ecosystem in particular. I truly hope to see this subject meaningfully addressed over the next few months, and to see the calls to action from these talks come to fruition for a more sustainable and maintainable ecosystem.