Please Stop Using Helm v2 With Tiller

When I read about the use of Tiller in the article on SAP AI vulnerabilities, I was a bit surprised. The article came out around three and a half years after Helm v2 - which includes Tiller - reached its end of life. It had been even longer since the last Helm v2 release.

Looking at the downloads of Tiller, I was surprised to find tens of thousands of downloads each week. The image blew is the downloads from the last 3 versions of Tiller. If I look beyond those 3 versions I can see even more downloads each week.

Tiller Downloads

Helm v2 with Tiller still seems to get some decent use.

Why Are CNCF Contributors Down

There are fewer contributors to CNCF projects than there were a few years ago. During that time, there has been an increase in the number of projects in the CNCF. I’ve been wondering what the data can tell us about what’s going on. Here’s what I’ve found from my preliminary review of the data.

CNCF Sandbox: Know Before You Submit

Every month, new projects are submitted to the CNCF Sandbox in hopes of having their project join the CNCF. But, there’s a bunch of things that often escape the attention of companies and project maintainers when they submit their projects. It’s all in the fine print but, how often do we read that and realize what it means. With that in mind, let’s take a look at some things worth knowing and realizing before submitting any new project to the CNCF.

Retrospective After Two Years On The CNCF TOC

I just finished a two year term on the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC). Being too busy to dedicate the time it deserves, I didn’t run for another term. Before I put the TOC out of my mind, I wanted to take some time and do a retrospective. I’m hopeful this is useful for the future TOC members and the broader cloud native community who doesn’t have deep insight into how the TOC works and what it does.

The CNCF For Developers

Over the years, I’ve been asked a lot of questions about why the Cloud Native Computing Foundation (CNCF) has done things the way it has. I’ve also seen people speculate about things that are going on and reasons for it. Quite often, developers are missing some context or understanding about what the CNCF is or how it operates.

The CNCF often doesn’t operate the way project developers expect. This isn’t a good or a bad thing. It has a lot to do with its mission and goals which are different than those of the projects. Given that, here are some contextual things I’ve learned along the way.