Over the past week, there has been a lot of noise/upset/angst in the cloud-native ecosystem, primarily from a change the Linkerd project has made regarding how they provide their OSS software to the market.
If you are not aware of this, Bouyant (the company behind the Linkerd project) is saying that if you want to use "stable" versions of Linkerd, you must switch from using the binaries provided by the CNCF-backed OSS project and instead use Buoyant Enterprise for Linkerd (BEL), the commercial offering from Buoyant. Further, if you use it in production (and a company of more than 50 employees), you must pay for a license to use it beyond the 90-day grace period. The OSS project will only provide binaries for "edge" / "unstable" releases and should be deemed unsuitable for productive use.
One key thing to note here, once an OSS project is donated to CNCF, you hand over the trademark (but the donating company often retains the code copyright), and also the operational governance to the CNCF. In return, the CNCF assists (significantly) with the project's marketing, provides credits to run the systems that underpin the project's maintenance, and helps obtain external contributors and maintainers. Notably, the CNCF does NOT provide direct financial support for the ongoing development/release of the project; this is expected to be provided by the array of volunteer contributors and maintainers.
In the case of Linkerd, Bouyant has remained the primary contributor to and maintainer of Linkerd, and as a result, they can choose where to spend their time (and, therefore, their investors $). In this regard, Bouyant is entitled to say, "We want to spend our time building our commercial version." As there are no other significant contributors to the OSS project, no one else will take over the time/effort involved in shipping stable releases of Linkerd. Again, the CNCF doesn't fund anyone to develop the product and release binaries; the community supporting the project is expected to do so at their own cost. Usually, this wouldn't be an issue, but it's almost always the case for CNCF "graduated" projects.
The fact that one company is almost entirely responsible for a graduated CNCF project seems to be completely abnormal, as the criteria for becoming graduated is that the project has a healthy community of contributors. The question of "how did this happen?" should be asked of the CNCF, not Bouyant. Again, if Bouyant is in all practicality the sole contributor to Linkerd, then that is not a healthy and diverse community, and nor is it long-term sustainable. I think the key here is that while "to the letter of the law" regarding the graduated criteria, Linkerd does have more than 1 contributor, the second contributor is insignificant compared to Buoyant. The criteria should be linked to the percentage of code contributions from each contributor, not just the fact that more than one company is contributing.
Buoyant needs a way to recover its development costs, and as they are fundamentally covering all development costs of the OSS version, it's expected they would try to find ways to monetize. Should they be making the changes they have? That's up for debate, but they are within their rights. The real issue here is simply that there is insufficient diversity of maintainers. This has been left to continue for too long, and as a result, one company is carrying too much of the cost.
So, suppose you want 100% assurances that your decision to adopt a fully open CNCF-based platform won't get thrown into disarray due to decisions made by a single commercial entity. In that case, you need to check the project's maintainers and contributors and validate they come from an array of vendors. Only then will you get assurance of independence. You cannot rely on the "graduated" status alone for this indicator.
End of the day, if a CNCF project is not independently maintained, then you (as the user of that project) are no better off than if it was not a CNCF project.
These are my thoughts; what are yours?
Neil
As a side note, Portainer is a member of the CNCF, but we have not donated Portainer-CE to the foundation.
COMMENTS