TL; DR: The vast of code contributions to each CNCF projects outside of Kubernetes come from a small subset of users and companies.
While Kubernetes is by far the most well-known project to find at home at the Cloud Native Compute Foundation (CNCF), there are a variety of other projects that address various aspects of Cloud Native computing that are either incubating or in a sandbox at the CNCF.
In this analysis we take a closer look at the other CNCF projects, and where the majority of the contributions to each project are originating. It is fair to say that for almost of the projects in the CNCF specific vendors account for most of the development work being done.
This is not to say that this is a bad thing, it is not – it is just a statement of reality. While the broad community around the projects may be large, the number of significant core contributors is relatively small, and the number of truly independent contributors is smaller still. This pattern is common across many open source projects.
Perhaps the most striking illustration is in the following graphs – we firstly look at the overall percentage commits and issues contributions to each project by the top ten commercial contributors, and then by the top two commercial contributors (for several projects there is a split at the top, with two companies jointly leading contributions.
For clarification purposes on these numbers – if a significant contributor has set up a solo entity focused on primarily providing services around a project (e.g. with Prometheus) we count these as commercial contributions. Due to the amount of contributions that a single contributor makes to CoreDNS we have also included his data as a non-independent entity.
Update, April 4th: The CNCF have asked us to point out their DevStats tool as a way to drill into the various projects hosted at the CNCF. We did not use data from this tool in our analysis.
A Closer Look at the Projects
The CNCF has three tiers of projects, graduated, incubating and sandbox. The criteria for each tier is set out at in the CNCF graduation criteria document. At the time of writing only Kubernetes has graduated and is excluded from this analysis.
After Kubernetes, Prometheus is the most well-known of the CNCF projects. Having recently reached version 2.0. Prometheus was originally developed at Soundcloud and a number of the original engineers working on the project have moved on to other companies or work as independent consultants.
Prometheus, unsurprisingly given the popularity of the project, has the most diverse community of any of the incubating projects at the CNCF, and this is highlighted in the distribution of issues raised by the community.
For our analysis of OpenTracing we have looked at two separate groupings. Firstly, we looked at the specification work, and secondly the various language specific APIs.
In both cases Lightspeed makes the majority of the contributions.
Unsurprisingly given its origins, gRPC is dominated by contributions from Google. We also looked at the wider ecosystem around gRPC which shows a more diverse set of contributions, reflecting the widespread usage of the gRPC project.
RKT & Containerd
We group container runtimes together for the purposes of our analysis.
RKT and Containerd originated at CoreOS and Docker. There is a lot of history here, which is far beyond the scope of this piece to delve into – but suffice to say that the vast majority of contributions to the respective projects come from the originating companies. This is not surprising.
The bulk of the work on Containerd to now has been completed by Docker.
Contributions here include a number from Berlin based company Kinvolk. It is worth noting that Kinvolk have had a very close relationship with CoreOS from their incorporation, with a number of the engineers also working closely with CoreOS in their previous roles.
The CNI project has seen the majority of its contributions coming from CoreOS, but has one of the more diverse contributor bases of the CNCF projects.
Jaeger is a tracing project which originated at Uber, and Uber continue to be by far the largest contributor to the project.
Notary & The Update Framework
Notary is an implementation of “The Update Framework”, which originated at Docker. Docker still dominate contributions to Notary.
Notary has come in for some significant criticism in recent times, and we are watching the ongoing development of the project with interest. While “The Update Framework” specification has been donated the CNCF, the activity on the project is limited, so we have not done any additional analysis.
Vitess is a project focusing on horizontal scaling of MySQL. The project originated at YouTube. For the purposes of this analysis we have classified YouTube engineers as working for Google.
A number of the core engineers moved to a newly formed startup Planet Scale Data early in 2018.
Envoy has become a very popular servicemesh since its launch, and is now a core component of Istio. The project originated at Lyft, and the main contributors come from Lyft and Google. There is a wider community creating issues.
The CoreDNS project is heavily dependent on a single core contributor, Miek Gieben. The project has diversified over the last year, but a huge percentage of all contributions come from Miek. Infoblox are the largest commercial contributor.
NATS has been recently accepted into the CNCF. The project originated at Apcera, but its main contributor, Derek Collison has since started a new company Synadia, which a number of Apcera engineers have moved. We discovered some anomalies in our data for NATS just before publishing this piece, and will update it shortly.
Linkerd originated out of work at Twitter on the Finagle project, and the majority of the work on the project is done by Buoyant
Rook is storage project focused on solving some of the (many) storage problems for Cloud Native computing. The project originated at Quantum, and a number of the core developers have since moved to a new start up, Upbound. The vast majority of the development work to now has been completed by Quantum.
SPIFFE & Spire
SPIFFE has recently joined the CNCF, and is a project focused on creating a “secure production identity framework”. This is a great example of a project which is required, addresses a very difficult problem and is far from trivial to solve. Spire is a runtime environment for SPIFFE.
Open Policy Agent
The Open Policy Agent is a project which aims to provide a generic policy engine for use in cloud native environments.
The bulk of contributions to the Open Policy Agent project come from Styra. There is limited public information available on Styra beyond some presentations at Kubecon North America last year.
Notes on this analysis: Github data was pulled in late March 2018. For significant contributors we complete an extra set of mapping to ensure activity is allocated to the relevant commercial entities. As always in such analysis there may be some gaps. Please let us know if there is something significant which needs to be addressed.
Disclaimers: Google, Red Hat, IBM, AWS, Microsoft, CoreOS, Docker, Treasure Data, Bitnami and The Linux Foundation (home of the CNCF) are all current RedMonk clients.