Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Incubation] Kubewarden Incubation Application #1497

Open
32 of 47 tasks
jvanz opened this issue Nov 28, 2024 · 0 comments
Open
32 of 47 tasks

[Incubation] Kubewarden Incubation Application #1497

jvanz opened this issue Nov 28, 2024 · 0 comments
Labels
incubation tag-security

Comments

@jvanz
Copy link
Contributor

jvanz commented Nov 28, 2024

Kubewarden Incubation Application

v1.6
This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.

Project Repo(s): https://github.com/kubewarden/community
Project Site: https://kubewarden.io
Sub-Projects: https://github.com/kubewarden/community?tab=readme-ov-file#repositories
Communication: #kubewarden on Kubernetes Slack, #kubewarden-dev on Kubernetes Slack, cncf-kubewarden-maintainers as mail username at lists.cncf.io.

Project points of contacts: https://github.com/orgs/kubewarden/teams/maintainers or cncf-kubewarden-maintainers as mail username at lists.cncf.io.

Incubation Criteria Summary for Kubewarden

Application Level Assertion

  • This project is currently Sandbox, accepted on 2022-06-14, and applying to Incubation.
  • This project is applying to join the CNCF at the Incubation level.

Adoption Assertion

The project has been adopted by the following organizations in a testing and integration or production capacity:

List adopters in ADOPTERS.md

Application Process Principles

Suggested

N/A

Required

  • Engage with the domain specific TAG(s) to increase awareness through a presentation or completing a General Technical Review.
    • This was completed and occurred on DD-MMM-YYYY, and can be discovered at $LINK.
  • TAG provides insight/recommendation of the project in the context of the landscape
  • Review and acknowledgement of expectations for Sandbox projects and requirements for moving forward through the CNCF Maturity levels.
  • Met during Project's application on 14-07-2022

cncf/sandbox#213

https://lists.cncf.io/g/cncf-toc/topic/results_from_sandbox/91754161?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,91754161,previd%3D1655255497954310253,nextid%3D1653320044101394801&previd=1655255497954310253&nextid=1653320044101394801

  • Due Diligence Review.

Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisfies the Due Diligence Review criteria.

  • Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.

https://docs.kubewarden.io/
https://github.com/kubewarden/community

Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

  • Clear and discoverable project governance documentation.

https://github.com/kubewarden/community/blob/main/GOVERNANCE.md

  • Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.

  • Governance is up to date with actual project activities, including any meetings, elections, leadership, or approval processes.

  • Governance clearly documents vendor-neutrality of project direction.

  • Document how the project makes decisions on leadership, contribution acceptance, requests to the CNCF, and changes to governance or project goals.

https://github.com/kubewarden/community/blob/main/GOVERNANCE.md

  • Document how role, function-based members, or sub-teams are assigned, onboarded, and removed for specific teams (example: Security Response Committee).

In the Kubewarden team we have only two roles that are applied for the whole project. These roles definition are defined in the GOVERNANCE.md file

  • Document a complete maintainer lifecycle process (including roles, onboarding, offboarding, and emeritus status).

https://github.com/kubewarden/community/blob/main/GOVERNANCE.md

  • Demonstrate usage of the maintainer lifecycle with outcomes, either through the addition or replacement of maintainers as project events have required.
  • If the project has subprojects: subproject leadership, contribution, maturity status documented, including add/remove process.

All the Kubewarden subprojects follow the same governance and processes describe in all the topics listed in this submission.

Required

  • Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.

https://github.com/kubewarden/community/blob/main/MAINTAINERS.md

  • A number of active maintainers which is appropriate to the size and scope of the project.

https://github.com/kubewarden/community/blob/main/MAINTAINERS.md

  • Code and Doc ownership in Github and elsewhere matches documented governance roles.

We use the CODEOWNERS file in all of the repositories. Some examples:
https://github.com/kubewarden/kubewarden-controller/blob/main/CODEOWNERS
https://github.com/kubewarden/docs/blob/main/CODEOWNERS

  • Document agreement that project will adopt CNCF Code of Conduct.

https://github.com/kubewarden/community/blob/main/CODE_OF_CONDUCT.md

  • CNCF Code of Conduct is cross-linked from other governance documents.

https://github.com/kubewarden/community/blob/main/CODE_OF_CONDUCT.md

  • All subprojects, if any, are listed.

https://github.com/kubewarden/community?tab=readme-ov-file#repositories

Contributors and Community

Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.

Suggested

  • Contributor ladder with multiple roles for contributors.

Required

  • Clearly defined and discoverable process to submit issues or changes.

We use GitHub for submitting issues and changes via PRs. Contributors can get in contact with us at #kubewarden-dev on the Kubernetes Slack server, as well as [email protected]. We also have the CONTRIBUTING.md file

  • Project must have, and document, at least one public communications channel for users and/or contributors.

We use #kubewarden-dev, #kubewarden on the Kubernetes Slack server, as well as [email protected]. These are linked in https://kubewarden.io. We also describe how to contribute to the project in the CONTRIBUTING.md file

  • List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.

https://github.com/kubewarden/community/tree/main?tab=readme-ov-file#community

  • Up-to-date public meeting schedulers and/or integration with CNCF calendar.

We have our community calls listed in the CNCF calendar and in our community repository

  • Documentation of how to contribute, with increasing detail as the project matures.

https://github.com/kubewarden/community/blob/main/CONTRIBUTING.md
https://github.com/kubewarden/kubewarden-controller/blob/main/CONTRIBUTING.md

  • Demonstrate contributor activity and recruitment.

https://kubewarden.devstats.cncf.io/
https://kubewarden.devstats.cncf.io/d/74/contributions-chart?orgId=1

Engineering Principles

Suggested

  • Roadmap change process is documented.
  • History of regular, quality releases.

We follow a montly release cadence. All the releases can be found in the Github repositories, including the release candidates. We also write a blog post for each release.
https://github.com/kubewarden/kubewarden-controller/releases
https://github.com/kubewarden/policy-server/releases
https://github.com/kubewarden/kwctl/releases
https://github.com/kubewarden/audit-scanner/releases

Required

  • Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently. This can also be satisfied by completing a General Technical Review.
  • Document what the project does, and why it does it - including viable cloud native use cases. This can also be satisfied by completing a General Technical Review.
  • Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.

We use Github milestones to define the roadmap for future releases. This can be found in the project board at the "Milestone" tab
https://github.com/orgs/kubewarden/projects/6/views/1

  • Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation. This can also be satisfied by completing a General Technical Review and capturing the output in the project's documentation.

https://docs.kubewarden.io/explanations/architecture

  • Document the project's release process.

https://github.com/kubewarden/helm-charts/blob/main/CONTRIBUTING.md
https://github.com/kubewarden/kubewarden-controller/blob/main/CONTRIBUTING.md#kubewarden-release-template

Security

Note: this section may be augmented by a joint-assessment performed by TAG Security.

Suggested

N/A

Required

  • Clearly defined and discoverable process to report security issues.

https://github.com/kubewarden/community/blob/main/SECURITY.md
https://docs.kubewarden.io/disclosure

  • Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)

As a Github hosted project, we rely on the Github authentication mechanisms. Most of the maintainers use two factor authentication and sign commits and tags with GPG keys

  • Document assignment of security response roles and how reports are handled.

This is described at the SECURITY.md file

  • Document Security Self-Assessment.

  • Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.

All the MUST and SHOULD must be achieved. See criteria in https://www.bestpractices.dev/en/criteria/0.
Current progress in https://www.bestpractices.dev/en/users/23101.

Ecosystem

Suggested

N/A

Required

  • Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)

https://github.com/kubewarden/community/blob/main/ADOPTERS.md

  • Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)

The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation: https://github.com/kubewarden/community/blob/main/ADOPTERS.md

  • TOC verification of adopters.

Refer to the Adoption portion of this document.

  • Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.

Docs page listing the dependencies used: https://docs.kubewarden.io/reference/dependency-matrix

Additional Information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
incubation tag-security
Projects
CNCF TOC Board
Status: New
Milestone
No milestone
Development

No branches or pull requests
2 participants
@angellk @jvanz