DEV Community

Nikhil Jathar
Nikhil Jathar

Posted on

A Week Contributing to CNCF Projects: What I Fixed and What I Learned

I spent last month contributing to Cloud Native Computing Foundation projects, on purpose and in the open. Not a hackathon, not a single big feature, but a deliberate sweep across many projects: fixing what was actually broken, filing what was genuinely missing, and reviewing other people's work where I had something useful to say. Here is what that looked like, and what I took away from it.

The rule I set for myself

One rule mattered above all: every contribution had to be real. Cloud native projects get a lot of low effort noise, and maintainers can spot a padding contribution instantly. A whitespace only pull request or a fake fix does not just get closed, it burns your credibility. So the bar was simple. If a change was not genuinely useful, I did not open it. Every defect I touched, I verified against the actual source first, and for code fixes I reproduced the bug before and after the change.

That rule shaped everything else.

Where I contributed

The work spread across a dozen projects: Kubernetes, Prometheus, Argo, Backstage, Falco, Kyverno, OPA, and the Sigstore projects (cosign and rekor), plus the CNCF Glossary. The contributions fell into a few buckets.

Documentation that was wrong, not just imperfect. A surprising amount of high value work is fixing docs that actively mislead. A Kyverno install snippet pointed at a release asset with the wrong filename, so the documented wget command returned a 404. A Sigstore guide still told users to set an environment variable that has been unnecessary since cosign v2. Broken links, dead anchors, duplicated words in reference pages. None of these are glamorous, but each one wastes real people's time, and fixing them is immediately useful.

Code fixes with tests. Two contributions were actual bug fixes. In OPA, a page of OAuth and OIDC policy examples failed to compile on any current release, because they used pre v1 Rego syntax and an undefined built in. In cosign, the dockerfile verify command panicked on a Dockerfile whose FROM line used an unresolvable build argument: the value expanded to empty, and the parser indexed past the start of an empty list. Both fixes came with regression tests that fail on the old code and pass on the new, because a fix without a test is just a hope.

Substantive issues and reviews. Where the right fix needed a maintainer decision, I filed a well researched issue instead of guessing. And I reviewed other contributors' open pull requests where I could add a specific point: a stray debug print left in a code path, a documented metrics endpoint that named a service that does not exist, a library function whose description said it returned an object when it actually returned a string.

Localization. I translated several core cloud native terms (eBPF, microservices architecture, chaos engineering) into Hindi for the CNCF Glossary. This one is personal. A huge number of engineers learn these concepts more comfortably in their first language, and there is far less cloud native content in Hindi than there should be.

What I learned

Small and correct beats big and shaky. The contributions that landed fastest were the smallest ones that were obviously right. A one line fix to a broken command merges in days. A sprawling change invites debate.

Verification is the real work. Finding a plausible bug is easy. Proving it is a bug, reproducing it, confirming nobody else has already fixed it, and writing a test that pins the behavior: that is where the time goes, and that is what separates a contribution from noise.

Maintainers are generous with their attention when you respect it. Follow the contributing guide, sign your commits, keep the change focused, and explain your reasoning, and people meet you halfway. The friction I saw was almost always self inflicted: a pull request title that did not match the project's format, or a change that touched a generated file it should not have.

Docs are underrated leverage. The next person to hit a broken example will copy it exactly. Fixing it once helps everyone who comes after. For anyone who thinks they cannot contribute to a big project, this is the doorway.

If you want to start

Pick one project you actually use. Read its contributing guide end to end. Then look for the smallest real thing you can fix: a command that does not work as documented, an example that does not compile, a link that 404s. Verify it, fix it, test it if it is code, and open a focused pull request that explains why. Respond to review comments quickly. That single loop, done honestly a few times, is how you become a contributor.

The cloud native ecosystem runs on exactly this kind of participation. Most of it is not heroic. It is just people fixing real things, in the open, and leaving the projects a little better than they found them.

Top comments (0)