From c5c3ff3695a2216d9c3ed380bfcfd631748abb9f Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Thu, 30 Nov 2023 17:12:06 +0800 Subject: [PATCH 1/6] initial commit Signed-off-by: ShutingZhao add intro Signed-off-by: ShutingZhao add links Signed-off-by: ShutingZhao add DD recommendations Signed-off-by: ShutingZhao update proposal Signed-off-by: Jim Bugwadia update proposal Signed-off-by: Jim Bugwadia update proposal Signed-off-by: Jim Bugwadia fix typo Signed-off-by: ShutingZhao update stats Signed-off-by: ShutingZhao update stats Signed-off-by: ShutingZhao --- proposals/graduation/kyverno.md | 62 +++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 proposals/graduation/kyverno.md diff --git a/proposals/graduation/kyverno.md b/proposals/graduation/kyverno.md new file mode 100644 index 000000000..d6836f4fd --- /dev/null +++ b/proposals/graduation/kyverno.md @@ -0,0 +1,62 @@ +# Kyverno Graduation Proposal + +[Kyverno](https://kyverno.io/) is a Kubernetes policy engine that was created to validate, mutate, generate, and cleanup Kubernetes resources, including custom resources. Kyverno also offers built-in image verification rules to help secure the software supply chain by verifying signatures and attestations in either Sigstore Cosign and CNCF Notation formats. + +Kyverno policies are managed as Kubernetes resources and no new language is required to write policies. Kyverno also uses Kubernetes API objects for policy reporting and managing policy exceptions, making it a popular choice for platform teams using Kubernetes. + +Kyverno was accepted as a CNCF Sandbox project in November 2020, and graduated to Incubating status in July 2022. The GitHub stars for Kyverno itself has experienced an impressive [growth](https://kyverno.devstats.cncf.io/d/81/community-health?orgId=1&var-repo_name=Kyverno&var-metric=Stargazers&var-table=swatchers&var-pref=&var-met1=watch&var-met2=watch&from=1656604800000&to=now) from 2537 to [4700](https://github.com/kyverno/kyverno), and there are 2,500+ members registered for the [Kyverno community Slack](https://main.kyverno.io/community/#slack-channel). The Kyverno organization has [1452](https://kyverno.devstats.cncf.io/d/18/overall-project-statistics-table?orgId=1&var-period_name=Last%20decade&var-repogroup_name=All) contributors from [280+](https://kyverno.devstats.cncf.io/d/5/companies-table?orgId=1&var-period_name=Last%20decade&var-metric=contributions) companies. Kyverno is used in production and at scale by several end user organizations like Deutsche Telekom, Spotify, The US Department of Defense, LinkedIn, Vodafone, and Yahoo. + +The project maintainers believe that Kyverno meets the requirements for Graduation status as detailed below: + +## Graduation State Criteria + +### * Have committers from at least two organizations. + +Kyverno has maintainers from 4 different organizations, see [maintainers.md](https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md). + +1. Nirmata +2. Stackwatch (Kubecost) +3. Giant Swarm GmbH +4. Ohio Supercomputer Center + +### * Have achieved and maintained a [Core Infrastructure Initiative Best Practices Badge](https://bestpractices.coreinfrastructure.org/). + +Kyverno has achieved an [OpenSSF Best Practices Badge](https://www.bestpractices.dev/en/projects/5327). + +### * Have completed an independent and third party security audit with results published of similar scope and quality as [this example](https://github.com/envoyproxy/envoy#security-audit) which includes all critical vulnerabilities and all critical vulnerabilities need to be addressed before graduation. + +Kyverno completed a [fuzzing security audit](https://kyverno.io/blog/2023/09/06/kyverno-completes-fuzzing-security-audit/) and a [third-party security review](https://kyverno.io/blog/2023/11/28/kyverno-completes-third-party-security-audit/). + +The security review was conducted in collaboration with the [CNCF](https://www.cncf.io/), [Ada Logics](https://adalogics.com/) and [OSTIF](https://ostif.org/). The Kyverno project has addressed all issues from the audits. + +### * Explicitly define a project governance and committer process. The committer process should cover the full committer lifecycle including onboarding and offboarding or emeritus criteria. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers. + +The Kyverno project governance policies are documented in [GOVERNANCE.md](https://github.com/kyverno/kyverno/blob/main/GOVERNANCE.md). + +The committer process in Kyverno is defined in project roles [Contributors](https://main.kyverno.io/community/#contributors) and [Code Owners](https://main.kyverno.io/community/#code-owners) documents, which includes the full committer lifecycle, onboarding, offboarding, and emeritus criteria. The committers are listed in [OWNERS.md](https://github.com/kyverno/kyverno/blob/main/OWNERS.md). + +### * Explicitly define the criteria, process and offboarding or emeritus conditions for project maintainers; or those who may interact with the CNCF on behalf of the project. The list of maintainers should be preferably be stored in a MAINTAINERS.md file and audited at a minimum of an annual cadence. + +The project role [maintainers](https://main.kyverno.io/community/#maintainers) covers the criteria, process, offboarding and emeritus conditions. Maintainers may be subject to removal, based on a public vote, if they have made less than 30 contributions over a span of 6 months. Maintainers who are removed will be moved to an emeritus status. + +The current maintainers list can be found in [MAINTAINERS.md](https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md). + +### * Have a public list of Project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the Project website). For a specification, have a list of adopters for the implementation(s) of the spec. Refer to [FAQs](https://github.com/cncf/toc/blob/main/FAQ.md#what-is-the-definition-of-an-adopter) for guidelines on identifying adopters. + +The list of organizations and users that have publicly shared how they are using Kyverno is managed at [ADOPTERS.md](https://github.com/kyverno/kyverno/blob/main/ADOPTERS.md). + +## Incubation Details + +### * Link to Incubation Due Diligence(DD) Document + +* [Incubation proposal](https://github.com/cncf/toc/pull/784) +* [Incubation Due Diligence](https://docs.google.com/document/d/18dWgOd2MUQz3RXI1R9vKntL3ULyZhOD1HEtijGOeaWg/edit#heading=h.amgfsmvtn6jy) + +### * Address any concerns or recommendations from the TAG and/or TOC sponsor(s) from the DD Document + +There are no outstanding issues from the Incubation level due diligence. The only issue identified, and its resolution, are detailed below: + +#### Use the official CNCF Kyverno Zoom account + +An official Kyverno Zoom account was requested from the CNCF and all project meetings now use this account. + From acfeafd3b755bd77eeaad6b210b2e358f6133268 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Mon, 10 Jun 2024 23:53:31 +0800 Subject: [PATCH 2/6] add Kyverno graduation application Signed-off-by: ShutingZhao --- .github/ISSUE_TEMPLATE/graduation.md | 379 +++++++++++++++++++++++++++ 1 file changed, 379 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/graduation.md diff --git a/.github/ISSUE_TEMPLATE/graduation.md b/.github/ISSUE_TEMPLATE/graduation.md new file mode 100644 index 000000000..70b1fd6aa --- /dev/null +++ b/.github/ISSUE_TEMPLATE/graduation.md @@ -0,0 +1,379 @@ +--- +name: Project Graduation Application +about: This template provides the project with a framework to inform the TOC of their conformance to the Graduation Level Criteria. +title: "[Graduation] $PROJECT Graduation Application" +labels: graduation +--- + +# Kyverno Graduation Application + +Project Repo(s): https://github.com/kyverno/kyverno (subprojects are under https://github.com/kyverno) +Project Site: https://kyverno.io/ +Sub-Projects: kyverno-json, chainsaw, policy-reporter, reports-server, kyverno-envoy-plugin, playground +Communication: #kyverno, #kyverno-dev on Kubernetes Slack, #kyverno on CNCF slack, [community meetings](https://kyverno.io/community/#community-meetings), mailing list (cncf-kyverno-maintainers@lists.cncf.io) + +Project points of contacts: +* Shuting Zhao, shuting@nirmata.com +* Jim Bugwadia, jim@nirmata.com +* Kyverno maintainers mailing list: cncf-kyverno-maintainers@lists.cncf.io +* #kyverno-dev channel on Kubernetes Slack + +## Graduation Criteria Summary for Kyverno + +### Adoption Assertion + +_The project has been adopted by the following organizations in a testing and integration or production capacity:_ + +### Criteria + +## Application Process Principles + +### Suggested + +N/A + +### Required + +- [ ] **Give a presentation and engage with the domain specific TAG(s) to increase awareness** + - [ ] TAG Security + - [ ] TAG Contributor Strategy + + + +- [ ] **TAG provides insight/recommendation of the project in the context of the landscape** + + + +- [x] **All project metadata and resources are [vendor-neutral](https://contribute.cncf.io/maintainers/community/vendor-neutrality/).** + + + +- [x] **Review and acknowledgement of expectations for graduated projects and requirements for moving forward through the CNCF Maturity levels.** + - [x] Met during Project's application on 08-12-2023, initial Graduation PR [Proposal: Kyverno to Graduation #1217](https://github.com/cncf/toc/pull/1217) + + + +Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisifies the Due Diligence Review criteria. + +- [x] **Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.** + + + +## Governance and Maintainers + +Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy. + +### Suggested + +- [x] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** + + + +The strategies for major Project Governance were discussed and refined during the Kyverno maintainers' meeting. You can find the meeting notes [here](https://docs.google.com/document/d/1I_GWsz32gLw8sQyuu_Wv0-WQrtRLjn9FuX2KGNkvUY4/edit): +* 05-21-2024 +* 02-20-2024 +* 12-05-2023 + +The Governance page has been maintained and updated through Kyverno website's Github repo, history: + +https://github.com/kyverno/website/commits/main/content/en/community/_index.md + +### Required + +- [ ] **Clear and discoverable project governance documentation.** + + + +* [Project Governance](https://kyverno.io/community/#project-governance). +* https://github.com/kyverno/kyverno/blob/main/GOVERNANCE.md + +- [x] **Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.** + + + +Governance docs are up to date and available at https://kyverno.io/community/. + +- [ ] **Governance clearly documents [vendor-neutrality](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) of project direction.** + + + +- [ ] **Document how the project makes decisions on leadership roles, contribution acceptance, requests to the CNCF, and changes to governance or project goals.** + + + +- [x] **Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).** + + + +[Project roles](https://kyverno.io/community/#project-roles). + +- [x] **Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.** + + + +[Maintainers](https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md). + +- [x] **A number of active maintainers which is appropriate to the size and scope of the project.** + + + +The Kyverno project currently has eight (8) maintainers from four (4) affiliations. + +- [x] **Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).** + + + +This is documented under [Maintainers](https://kyverno.io/community/#maintainers) section. + +- [x] **Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.** + + + +The process of onboarding a maintainer is initiated by submitting a pull request. + +For example, [feat: add myself (vishal-chdhry) to maintainers list #9125](https://github.com/kyverno/kyverno/pull/9125). + +The same with offboarding process, and emeritus maintainers are listed at: + +https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md#maintainers-emeritus + + +- [x] **Project maintainers from at least 2 organizations that demonstrates survivability.** + + + +Currently maintainers are from four (4) organizations including Nirmata, Stackwatch, Ohio Supercomputer Center, Giant Swarm GmbH. + +- [ ] **Code and Doc ownership in Github and elsewhere matches documented governance roles.** + - [x] [CODEOWNERS](https://github.com/kyverno/kyverno/blob/main/CODEOWNERS) + - [ ] doc owners? + + + +- [x] **Document agreement that project will adopt CNCF Code of Conduct.** + + + +Kyverno follows the [Code of Conduct](https://github.com/kyverno/kyverno/blob/main/CODE_OF_CONDUCT.md), which is aligned with the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). + + +- [x] **CNCF Code of Conduct is cross-linked from other governance documents.** + + + +This is documented on Github [Code of Conduct](https://github.com/kyverno/kyverno/blob/main/GOVERNANCE.md#code-of-conduct) and Kyverno website under Project Governance, see [here](https://kyverno.io/community/#project-governance). + +- [ ] **All subprojects, if any, are listed.** + + + + +- [ ] **If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.** + + + + +## Contributors and Community + +Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy. + +### Suggested + +- [x] **Contributor ladder with multiple roles for contributors.** + + + +This is defined in [Project Roles](https://kyverno.io/community/#project-roles). + +### Required + +- [x] **Clearly defined and discoverable process to submit issues or changes.** + + + +This is documented in [contributing guidelines](https://github.com/kyverno/kyverno/blob/main/CONTRIBUTING.md#contributing-guidelines-for-kyverno). + +- [x] **Project must have, and document, at least one public communications channel for users and/or contributors.** + + + +This is documented in the [Slack Channel](https://kyverno.io/community/#slack-channel) section. + + +- [x] **List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.** + + + +[Kyverno Slack](https://kyverno.io/community/#slack-channel): +* #kyverno, #kyverno-dev under Kubernetes workspace +* #kyverno under CNCF workspace + +[Kyverno Chainsaw Slack](https://github.com/kyverno/chainsaw?tab=readme-ov-file#slack-channels): +* #kyverno-chainsaw under Kubernetes workspaceunder Kubernetes workspace + +- [ ] **Up-to-date public meeting schedulers and/or integration with CNCF calendar.** + + + +Meeting schedule can be found [here](https://kyverno.io/community/#community-meetings). I have reached out to CNCF to add weekly community meetings. + +- [x] **Documentation of how to contribute, with increasing detail as the project matures.** + + + +[Contributing Guidelines](https://github.com/kyverno/kyverno/blob/main/CONTRIBUTING.md#contributing-guidelines-for-kyverno). + +- [ ] **Demonstrate contributor activity and recruitment.** + +The contributor's list is actively growing: https://github.com/kyverno/kyverno/blob/main/CONTRIBUTORS.md. + + + +## Engineering Principles + +- [] **Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently.** + + + +>Kubernetes Native Policy Management + + +- [x] **Document what the project does, and why it does it - including viable cloud native use cases.** + + + +Comprehensive documentation can be found here https://kyverno.io/. + +- [x] **Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.** + +The roadmap is available in the Kyverno Github repo: https://github.com/kyverno/kyverno/blob/main/ROADMAP.md. + + + +- [ ] **Roadmap change process is documented.** + + + +- [x] **Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation.** + + + +This is available on the introduction page [here](https://kyverno.io/docs/introduction/). + +- [x] **Document the project's release process and guidelines publicly in a RELEASES.md or equivalent file that defines:** + + - [x] Release expectations (scheduled or based on feature implementation) + - [x] Tagging as stable, unstable, and security related releases + - [x] Information on branch and tag strategies + - [x] Branch and platform support and length of support + - [x] Artifacts included in the release. + - Additional information on topics such as LTS and edge releases are optional. Release expectations are a social contract between the project and its end users and hence changes to these should be well thought out, discussed, socialized and as necessary agreed upon by project leadership before getting rolled out. + + + +The release process is documented on the Kyverno website [release page](https://kyverno.io/docs/releases/). + +- [x] **History of regular, quality releases.** + + + +Supported releases https://kyverno.io/docs/installation/#compatibility-matrix. + +## Security + +Note: this section may be augemented by a joint-assessment performed by TAG Security. + +### Suggested + +- [x] **Achieving OpenSSF Best Practices silver or gold badge.** + + + +[Kyverno](https://www.bestpractices.dev/en/projects?q=kyverno) passes the OpenSSF Best Practices evaluation at 135% (tiered). + +### Required + +- [x] **Clearly defined and discoverable process to report security issues.** + + + +This is documented in [SECURITY.md](https://github.com/kyverno/kyverno/blob/main/SECURITY.md). + +- [x] **Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)** + + + +2FA required for GitHub org members. + +- [x] **Document assignment of security response roles and how reports are handled.** + + + +This is documented in [SECURITY.md](https://github.com/kyverno/kyverno/blob/main/SECURITY.md). + +- [ ] **Document Security Self-Assessment.** + + + +- [x] **Third Party Security Review.** + + - [x] Moderate and low findings from the Third Party Security Review are planned/tracked for resolution as well as overall thematic findings, such as: improving project contribution guide providing a PR review guide to look for memory leaks and other vulnerabilities the project may be susceptible to by design or language choice ensuring adequate test coverage on all PRs. + + + +Kyverno completed the third-party security audit conducted by Ada logics: + +https://kyverno.io/blog/2023/11/28/kyverno-completes-third-party-security-audit/ + +- [x] **Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.** + + + +Achieved https://www.bestpractices.dev/en/projects/5327. + +## Ecosystem + +### Suggested + +N/A + +### Required + +- [x] **Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)** + + + +Public adopters are listed in [ADOPTERS.md](https://github.com/kyverno/kyverno/blob/main/ADOPTERS.md). + +- [x] **Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)** + + + +The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation. + +- [ ] **TOC verification of adopters.** + + + +Refer to the Adoption portion of this document. + +- [ ] **Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.** + + + +#### Adoption + +##### Adopter 1 - $COMPANY/$INDUSTRY + +_If the Adopting organization needs to remain anonymous, stating the industry vertical is sufficient._ +MONTH YEAR + +##### Adopter 2 - $COMPANY/$INDUSTRY + +_If the Adopting organization needs to remain anonymous, stating the industry vertical is sufficient._ +MONTH YEAR + +##### Adopter 3 - $COMPANY/$INDUSTRY + +_If the Adopting organization needs to remain anonymous, stating the industry vertical is sufficient._ +MONTH YEAR From 0ab92cdeaf85a4ad960d7d87080b8f9988dcd828 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Mon, 10 Jun 2024 23:56:20 +0800 Subject: [PATCH 3/6] remove old application Signed-off-by: ShutingZhao --- proposals/graduation/kyverno.md | 62 --------------------------------- 1 file changed, 62 deletions(-) delete mode 100644 proposals/graduation/kyverno.md diff --git a/proposals/graduation/kyverno.md b/proposals/graduation/kyverno.md deleted file mode 100644 index d6836f4fd..000000000 --- a/proposals/graduation/kyverno.md +++ /dev/null @@ -1,62 +0,0 @@ -# Kyverno Graduation Proposal - -[Kyverno](https://kyverno.io/) is a Kubernetes policy engine that was created to validate, mutate, generate, and cleanup Kubernetes resources, including custom resources. Kyverno also offers built-in image verification rules to help secure the software supply chain by verifying signatures and attestations in either Sigstore Cosign and CNCF Notation formats. - -Kyverno policies are managed as Kubernetes resources and no new language is required to write policies. Kyverno also uses Kubernetes API objects for policy reporting and managing policy exceptions, making it a popular choice for platform teams using Kubernetes. - -Kyverno was accepted as a CNCF Sandbox project in November 2020, and graduated to Incubating status in July 2022. The GitHub stars for Kyverno itself has experienced an impressive [growth](https://kyverno.devstats.cncf.io/d/81/community-health?orgId=1&var-repo_name=Kyverno&var-metric=Stargazers&var-table=swatchers&var-pref=&var-met1=watch&var-met2=watch&from=1656604800000&to=now) from 2537 to [4700](https://github.com/kyverno/kyverno), and there are 2,500+ members registered for the [Kyverno community Slack](https://main.kyverno.io/community/#slack-channel). The Kyverno organization has [1452](https://kyverno.devstats.cncf.io/d/18/overall-project-statistics-table?orgId=1&var-period_name=Last%20decade&var-repogroup_name=All) contributors from [280+](https://kyverno.devstats.cncf.io/d/5/companies-table?orgId=1&var-period_name=Last%20decade&var-metric=contributions) companies. Kyverno is used in production and at scale by several end user organizations like Deutsche Telekom, Spotify, The US Department of Defense, LinkedIn, Vodafone, and Yahoo. - -The project maintainers believe that Kyverno meets the requirements for Graduation status as detailed below: - -## Graduation State Criteria - -### * Have committers from at least two organizations. - -Kyverno has maintainers from 4 different organizations, see [maintainers.md](https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md). - -1. Nirmata -2. Stackwatch (Kubecost) -3. Giant Swarm GmbH -4. Ohio Supercomputer Center - -### * Have achieved and maintained a [Core Infrastructure Initiative Best Practices Badge](https://bestpractices.coreinfrastructure.org/). - -Kyverno has achieved an [OpenSSF Best Practices Badge](https://www.bestpractices.dev/en/projects/5327). - -### * Have completed an independent and third party security audit with results published of similar scope and quality as [this example](https://github.com/envoyproxy/envoy#security-audit) which includes all critical vulnerabilities and all critical vulnerabilities need to be addressed before graduation. - -Kyverno completed a [fuzzing security audit](https://kyverno.io/blog/2023/09/06/kyverno-completes-fuzzing-security-audit/) and a [third-party security review](https://kyverno.io/blog/2023/11/28/kyverno-completes-third-party-security-audit/). - -The security review was conducted in collaboration with the [CNCF](https://www.cncf.io/), [Ada Logics](https://adalogics.com/) and [OSTIF](https://ostif.org/). The Kyverno project has addressed all issues from the audits. - -### * Explicitly define a project governance and committer process. The committer process should cover the full committer lifecycle including onboarding and offboarding or emeritus criteria. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers. - -The Kyverno project governance policies are documented in [GOVERNANCE.md](https://github.com/kyverno/kyverno/blob/main/GOVERNANCE.md). - -The committer process in Kyverno is defined in project roles [Contributors](https://main.kyverno.io/community/#contributors) and [Code Owners](https://main.kyverno.io/community/#code-owners) documents, which includes the full committer lifecycle, onboarding, offboarding, and emeritus criteria. The committers are listed in [OWNERS.md](https://github.com/kyverno/kyverno/blob/main/OWNERS.md). - -### * Explicitly define the criteria, process and offboarding or emeritus conditions for project maintainers; or those who may interact with the CNCF on behalf of the project. The list of maintainers should be preferably be stored in a MAINTAINERS.md file and audited at a minimum of an annual cadence. - -The project role [maintainers](https://main.kyverno.io/community/#maintainers) covers the criteria, process, offboarding and emeritus conditions. Maintainers may be subject to removal, based on a public vote, if they have made less than 30 contributions over a span of 6 months. Maintainers who are removed will be moved to an emeritus status. - -The current maintainers list can be found in [MAINTAINERS.md](https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md). - -### * Have a public list of Project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the Project website). For a specification, have a list of adopters for the implementation(s) of the spec. Refer to [FAQs](https://github.com/cncf/toc/blob/main/FAQ.md#what-is-the-definition-of-an-adopter) for guidelines on identifying adopters. - -The list of organizations and users that have publicly shared how they are using Kyverno is managed at [ADOPTERS.md](https://github.com/kyverno/kyverno/blob/main/ADOPTERS.md). - -## Incubation Details - -### * Link to Incubation Due Diligence(DD) Document - -* [Incubation proposal](https://github.com/cncf/toc/pull/784) -* [Incubation Due Diligence](https://docs.google.com/document/d/18dWgOd2MUQz3RXI1R9vKntL3ULyZhOD1HEtijGOeaWg/edit#heading=h.amgfsmvtn6jy) - -### * Address any concerns or recommendations from the TAG and/or TOC sponsor(s) from the DD Document - -There are no outstanding issues from the Incubation level due diligence. The only issue identified, and its resolution, are detailed below: - -#### Use the official CNCF Kyverno Zoom account - -An official Kyverno Zoom account was requested from the CNCF and all project meetings now use this account. - From 875f64c597bd74e0d007420446f10505d3c402b3 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Tue, 11 Jun 2024 15:00:19 +0800 Subject: [PATCH 4/6] updates Signed-off-by: ShutingZhao --- .github/ISSUE_TEMPLATE/graduation.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/graduation.md b/.github/ISSUE_TEMPLATE/graduation.md index 70b1fd6aa..d4b12c393 100644 --- a/.github/ISSUE_TEMPLATE/graduation.md +++ b/.github/ISSUE_TEMPLATE/graduation.md @@ -204,6 +204,8 @@ This is documented in the [Slack Channel](https://kyverno.io/community/#slack-ch +Public channels: + [Kyverno Slack](https://kyverno.io/community/#slack-channel): * #kyverno, #kyverno-dev under Kubernetes workspace * #kyverno under CNCF workspace @@ -211,6 +213,9 @@ This is documented in the [Slack Channel](https://kyverno.io/community/#slack-ch [Kyverno Chainsaw Slack](https://github.com/kyverno/chainsaw?tab=readme-ov-file#slack-channels): * #kyverno-chainsaw under Kubernetes workspaceunder Kubernetes workspace +Private channels: +* #kyverno-maintainers under CNCF workspace + - [ ] **Up-to-date public meeting schedulers and/or integration with CNCF calendar.** @@ -225,6 +230,8 @@ Meeting schedule can be found [here](https://kyverno.io/community/#community-mee - [ ] **Demonstrate contributor activity and recruitment.** +New contributors are onboarded once they meet the requirements. We have integrated a welcome bot into the GitHub repository for their initial contributions. + The contributor's list is actively growing: https://github.com/kyverno/kyverno/blob/main/CONTRIBUTORS.md. From a6bb7be5e308300f96c1b207dca240394043285a Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Tue, 11 Jun 2024 15:29:16 +0800 Subject: [PATCH 5/6] updates Signed-off-by: ShutingZhao --- .github/ISSUE_TEMPLATE/graduation.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/graduation.md b/.github/ISSUE_TEMPLATE/graduation.md index d4b12c393..bc3be602c 100644 --- a/.github/ISSUE_TEMPLATE/graduation.md +++ b/.github/ISSUE_TEMPLATE/graduation.md @@ -168,10 +168,11 @@ This is documented on Github [Code of Conduct](https://github.com/kyverno/kyvern -- [ ] **If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.** +- [x] **If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.** +This is clarified in the [Project Governance section](https://main.kyverno.io/community/#project-governance). ## Contributors and Community From 1e36c82bbfe38af0548225a44d2288919a88fe21 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Mon, 26 Aug 2024 16:19:34 +0800 Subject: [PATCH 6/6] feat: update project details Signed-off-by: ShutingZhao --- .github/ISSUE_TEMPLATE/graduation.md | 30 ++++++++++++++++------------ 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/graduation.md b/.github/ISSUE_TEMPLATE/graduation.md index bc3be602c..6da7d42e5 100644 --- a/.github/ISSUE_TEMPLATE/graduation.md +++ b/.github/ISSUE_TEMPLATE/graduation.md @@ -46,6 +46,8 @@ N/A - [x] **All project metadata and resources are [vendor-neutral](https://contribute.cncf.io/maintainers/community/vendor-neutrality/).** +Kyverno follows the CNCF vendor neutrality guidelines, [link](https://github.com/kyverno/community/blob/main/GOVERNANCE.md#vendor-neutrality). + - [x] **Review and acknowledgement of expectations for graduated projects and requirements for moving forward through the CNCF Maturity levels.** @@ -74,18 +76,18 @@ The strategies for major Project Governance were discussed and refined during th * 02-20-2024 * 12-05-2023 -The Governance page has been maintained and updated through Kyverno website's Github repo, history: +The Governance page has been maintained and updated through kyverno/community Github repo, link: -https://github.com/kyverno/website/commits/main/content/en/community/_index.md +https://github.com/kyverno/community/blob/main/GOVERNANCE.md ### Required -- [ ] **Clear and discoverable project governance documentation.** +- [x] **Clear and discoverable project governance documentation.** -* [Project Governance](https://kyverno.io/community/#project-governance). -* https://github.com/kyverno/kyverno/blob/main/GOVERNANCE.md +* [Project Governance](https://main.kyverno.io/community/#project-governance). +* https://github.com/kyverno/community/blob/main/GOVERNANCE.md - [x] **Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.** @@ -93,7 +95,9 @@ https://github.com/kyverno/website/commits/main/content/en/community/_index.md Governance docs are up to date and available at https://kyverno.io/community/. -- [ ] **Governance clearly documents [vendor-neutrality](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) of project direction.** +- [x] **Governance clearly documents [vendor-neutrality](https://contribute.cncf.io/maintainers/community/vendor-neutrality/) of project direction.** + +Kyverno follows the CNCF vendor neutrality guidelines, [link](https://github.com/kyverno/community/blob/main/GOVERNANCE.md#vendor-neutrality). @@ -117,7 +121,7 @@ Governance docs are up to date and available at https://kyverno.io/community/. -The Kyverno project currently has eight (8) maintainers from four (4) affiliations. +The Kyverno project had eight (8) maintainers from (4) affiliations at the time this PR was created, but with recent changes now has five (5) maintainers from one (1) affiliation. We are in actively discussing this situation to determine the best path forward. - [x] **Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).** @@ -135,18 +139,18 @@ For example, [feat: add myself (vishal-chdhry) to maintainers list #9125](https: The same with offboarding process, and emeritus maintainers are listed at: -https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md#maintainers-emeritus +https://github.com/kyverno/kyverno/blob/main/MAINTAINERS.md#maintainers -- [x] **Project maintainers from at least 2 organizations that demonstrates survivability.** +- [ ] **Project maintainers from at least 2 organizations that demonstrates survivability.** -Currently maintainers are from four (4) organizations including Nirmata, Stackwatch, Ohio Supercomputer Center, Giant Swarm GmbH. +Currently maintainers are from one (1) organizations, Nirmata. -- [ ] **Code and Doc ownership in Github and elsewhere matches documented governance roles.** +- [x] **Code and Doc ownership in Github and elsewhere matches documented governance roles.** - [x] [CODEOWNERS](https://github.com/kyverno/kyverno/blob/main/CODEOWNERS) - - [ ] doc owners? + - [x] [Doc Owners](https://github.com/kyverno/website/blob/main/OWNERS.md) @@ -172,7 +176,7 @@ This is documented on Github [Code of Conduct](https://github.com/kyverno/kyvern -This is clarified in the [Project Governance section](https://main.kyverno.io/community/#project-governance). +This is clarified in the [Project Governance section](https://github.com/kyverno/community/blob/main/GOVERNANCE.md). ## Contributors and Community