[Incubation] K3s Incubation Application

[OrlinVasilev]

Review Project Moving Level Evaluation

• I have reviewed the TOC's moving level readiness triage guide, ensured the criteria for my project are met before opening this issue, and understand that unmet criteria will result in the project's application being closed.

K3s Incubation Application

v1.6
This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.

Project Repo(s): https://github.com/k3s-io/k3s/
Project Site: https://k3s.io/
Sub-Projects: https://github.com/k3s-io
Communication: https://rancher-users.slack.com/archives/CGGQEHPPW , https://cloud-native.slack.com/archives/C0196ULKX8S

Project points of contacts:

• Orlin Vasilev, orlin.vasilev@suse.com - @OrlinVasilev

• Chris Wayne, chris.wayne@suse.com - @cwayne18

• Manuel Buil, mbuil@suse.com - @manuelbuil

• Brad Davidson, brad.davidson@suse.com - @brandond

• (Post Incubation only) Book a meeting with CNCF staff to understand project benefits and event resources.

Incubation Criteria Summary for K3s

Application Level Assertion

• This project is currently Sandbox, accepted on 2020/08/19, and applying to Incubation.
  Adding k3s to sandbox #514
• This project is applying to join the CNCF at the Incubation level.

Adoption Assertion

The project has been adopted by the following organizations in a testing and integration or production capacity:
Adopters: https://github.com/k3s-io/k3s/blob/master/ADOPTERS.md
Community site: https://k3s.io/community#k3s-adopters

• ayedo - https://ayedo.de/
• External Secrets - https://externalsecrets.com/
• Uffizzi - https://www.uffizzi.com/
• Kairos project - https://kairos.io/
• SUSE - https://suse.com
• CRC - https://childrescuecoalition.org/

Application Process Principles

Suggested

N/A

Required

• Engage with the domain specific TAG(s) to increase awareness through a presentation or completing a General Technical Review.
  • This was completed and occurred on DD-MMM-YYYY, and can be discovered at $LINK.

• TAG provides insight/recommendation of the project in the context of the landscape

• All project metadata and resources are vendor-neutral.

• Review and acknowledgement of expectations for Sandbox projects and requirements for moving forward through the CNCF Maturity levels.
• Met during Project's application on DD-MMM-YYYY.

• Due Diligence Review.

Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisfies the Due Diligence Review criteria.

• Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.
• Installation: https://docs.k3s.io/installation
• Architecture: https://docs.k3s.io/architecture?_highlight=archite
• Known Issues: https://docs.k3s.io/known-issues

Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

• Clear and discoverable project governance documentation.

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md

• Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.
  Community Improvement track issue: Community Improvement Effort tracking issue k3s-io/k3s#12090
  Accepting Governance: Add K3s GOVERNANCE.md k3s-io/k3s#12466

• Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md#voting-and-decision-making
Community Page: https://k3s.io/community

• Governance clearly documents vendor-neutrality of project direction.

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md#values

• Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md#voting-and-decision-making

• Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).
  https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md#voting-and-decision-making
  Add Community in README.md k3s-io/k3s#12091
  Add Community Management  k3s-io/k3s#11926

• Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md#maintainers

• Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.
  Add Community Management  k3s-io/k3s#11926

Required

• Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.

https://github.com/k3s-io/k3s/blob/master/MAINTAINERS

• A number of active maintainers which is appropriate to the size and scope of the project.

https://github.com/k3s-io/k3s/blob/master/MAINTAINERS

• Code and Doc ownership in Github and elsewhere matches documented governance roles.

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md

• Document adoption of the CNCF Code of Conduct

https://github.com/k3s-io/k3s/blob/master/CODE_OF_CONDUCT.md

• CNCF Code of Conduct is cross-linked from other governance documents.

https://github.com/k3s-io/k3s/blob/master/CODE_OF_CONDUCT.md

• All subprojects, if any, are listed.
• The K3s-io GitHub organization contains the list of subprojects: https://github.com/k3s-io

Contributors and Community

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

• Contributor ladder with multiple roles for contributors.

https://github.com/k3s-io/k3s/blob/master/GOVERNANCE.md#community-ladder

Required

• Clearly defined and discoverable process to submit issues or changes.

https://github.com/k3s-io/k3s/blob/main/CONTRIBUTING.md

• Project must have, and document, at least one public communications channel for users and/or contributors.

https://k3s.io/community
https://github.com/k3s-io/k3s/blob/main/CONTRIBUTING.md

• List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.

https://k3s.io/community
https://www.linkedin.com/company/k3sio/
https://bsky.app/profile/k3sio.bsky.social

• Up-to-date public meeting schedulers and/or integration with CNCF calendar.

Calendar: https://zoom-lfx.platform.linuxfoundation.org/meetings/k3s
Meeting Notes: https://hackmd.io/4vQRkKNsTL6jd4R47DMPrw

• Documentation of how to contribute, with increasing detail as the project matures.
  https://github.com/k3s-io/k3s/blob/master/CONTRIBUTING.md
  https://github.com/k3s-io/k3s/blob/master/docs/contrib/git_workflow.md
  https://github.com/k3s-io/k3s/blob/master/docs/contrib/code_conventions.md
  https://github.com/k3s-io/k3s/blob/master/docs/contrib/continuous_integration.md
  https://github.com/k3s-io/k3s/blob/master/docs/contrib/development.md

https://github.com/k3s-io/k3s/blob/master/docs/release/release.md

• Demonstrate contributor activity and recruitment.
  https://k3s.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1
  https://insights.linuxfoundation.org/project/k3s?timeRange=past365days&start=2024-08-04&end=2025-08-04
  https://insights.linuxfoundation.org/project/k3s/contributors?timeRange=past365days&start=2024-08-04&end=2025-08-04
  +30K GitHub Stars - https://www.star-history.com/#k3s/k3s&k3s-io/k3s&Date
  +2500 GitHub Forks - https://github.com/k3s-io/k3s/forks

Engineering Principles

Suggested

• Roadmap change process is documented.
  https://github.com/k3s-io/k3s/blob/master/ROADMAP.md
  K3s Backlog
  K3s Development (view)

• History of regular, quality releases.
  https://github.com/k3s-io/k3s/releases

Required

• Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently. This can also be satisfied by completing a General Technical Review.

Documented in https://docs.k3s.io/ and in https://docs.k3s.io/faq

• Document what the project does, and why it does it - including viable cloud native use cases. This can also be satisfied by completing a General Technical Review.

Documentation Home page: https://docs.k3s.io/

• Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.
  https://github.com/k3s-io/k3s/blob/master/ROADMAP.md
  K3s Backlog
  K3s Development (view)

• Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation. This can also be satisfied by completing a General Technical Review and capturing the output in the project's documentation.

• Architecture: https://docs.k3s.io/architecture?_highlight=archite

• Document the project's release process.
  https://github.com/k3s-io/k3s/blob/main/docs/release/release.md
  https://github.com/k3s-io/k3s?tab=readme-ov-file#release-cadence

Security

Note: this section may be augmented by a joint-assessment performed by TAG Security.

Suggested

N/A

Required

• Clearly defined and discoverable process to report security issues.

https://github.com/k3s-io/k3s?tab=security-ov-file#readme

• Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)

All the Committers have 2FA enabled

• Document assignment of security response roles and how reports are handled.

https://github.com/k3s-io/k3s?tab=security-ov-file#readme

• Document Security Self-Assessment.

PR: cncf/tag-security#1500
When merged: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/k3s/self-assessment.md

• Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.
  
  
  
  

Ecosystem

Suggested

N/A

Required

• Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)

https://github.com/k3s-io/k3s/blob/main/ADOPTERS.md
https://k3s.io/community#k3s-adopters

• Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)

https://github.com/k3s-io/k3s/blob/main/ADOPTERS.md
https://k3s.io/community#k3s-adopters

The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation.

• TOC verification of adopters.

Refer to the Adoption portion of this document.

Refer to the Adoption portion of this document.

• Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.

• Kairos - https://github.com/kairos-io/kairos

• k3d - https://k3d.io/stable/

• k3k - https://github.com/rancher/k3k

• k8sup - https://github.com/alexellis/k3sup

• Rancher/ Rancher Desktop

Additional Information

N/A