-
Notifications
You must be signed in to change notification settings - Fork 635
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Submitting Kyverno projects for approval
Signed-off-by: Nate W <[email protected]>
- Loading branch information
1 parent
a0b3551
commit 298d7ce
Showing
2 changed files
with
47 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -417,8 +417,54 @@ We want to leverage the above for creating a plugin which will allow users to se | |
| - Recommended Skills: Go, Kubernetes | ||
| - Mentor(s): | ||
| - Fog Dong (@FogDong, [email protected]) | ||
| - Zhongpei Qiao(@chivalryq, [email protected]) | ||
| - Zhongpei Qiao (@chivalryq, [email protected]) | ||
| - Upstream Issue: https://github.com/kubevela/kubevela/issues/6435 | ||
| - LFX URL: https://mentorship.lfx.linuxfoundation.org/project/acfbadbd-46c2-4647-a489-0db80c709740 | ||
|
|
||
| ### Kyverno | ||
|
|
||
| #### Kyverno for Envoy Authorization | ||
|
|
||
| - Description: Build an Envoy plugin to support authorisation based on Kyverno policies. | ||
| - Expected Outcome: Enable users to perform autorisation with similar concepts as kyverno and kyverno-JSON using policies. | ||
| - Recommended Skills: Golang, Kubernetes, Envoy | ||
| - Mentor(s): | ||
| - Charles-Edouard Brétéché (@eddycharly, [email protected]) | ||
| - Anushka Mittal (@anushkamittal2001, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/kyverno/issues/9488 | ||
| - LFX URL: https://mentorship.lfx.linuxfoundation.org/project/5da34595-8dd2-4045-a77d-e86d4c64fbc3 | ||
|
|
||
| #### Kyverno VPA Recommender | ||
|
|
||
| - Description: A common pain-point heard from users is improper resource allocations, and if Kyverno policies can help with that. This is an exploratory project to see if Kyverno can work with Kubernetes Vertical Pod Autoscalers (VPA). | ||
| - Expected Outcome: Kyverno policies that work with VPA recommender. | ||
| - Recommended Skills: Golang, Kubernetes | ||
| - Mentor(s): | ||
| - Jim Bugwadia (@jimbugwadia, [email protected]) | ||
| - Khaled Emara (@KhaledEmaraDev, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/kyverno/issues/9429 | ||
| - LFX URL: https://mentorship.lfx.linuxfoundation.org/project/e0124d13-1a8e-4dd9-a77e-d6de227d5163 | ||
|
|
||
| #### Convert Kubernetes Best Practices Policies to CEL | ||
|
|
||
| - Description: Kubernetes Best Practices policies are written using Kyverno patterns and JMESPath, which means they cannot be executed as ValidatingAdmissionPolicy resources in the API server. This project aims to convert Kubernetes Best Practices policies, and other validating policies, to CEL wherever possible. | ||
| - Expected Outcome: Convert Kyverno policies for Kubernetes best practices to CEL. | ||
| - Recommended Skills: Kubernetes, Kyverno policies, CEL | ||
| - Mentor(s): | ||
| - Anusha Hegde (@anusha94, [email protected]) | ||
| - Mariam Fahmy (@MariamFahmy98, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/policies/issues/891 | ||
| - LFX URL: https://mentorship.lfx.linuxfoundation.org/project/521122b6-aed0-475d-93de-fb2cbfff85d2 | ||
|
|
||
| #### Verify Multiple Image Attestations | ||
|
|
||
| - Description: Currently Kyverno cannot verify data across multiple attestations e.g. an image vulnerability scan report and a OpenVEX document. This project will enhance the image verification rules to support flexible checks across multiple attestations. | ||
| - Expected Outcome: Support condition validation across multiple image verification attestations or context entry. | ||
| - Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary | ||
| - Mentor(s): | ||
| - Vishal Choudhary (@vishal-chdhry, [email protected]) | ||
| - Shuting Zhao (@realshuting, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/kyverno/issues/9456 | ||
| - LFX URL: https://mentorship.lfx.linuxfoundation.org/project/f1041093-65f3-4169-8c70-187a0f286aa4 | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,53 +18,6 @@ | |
|
|
||
| ## Proposed Project ideas | ||
|
|
||
| ### Kyverno | ||
|
|
||
| #### Kyverno for Envoy Authorization | ||
|
|
||
| - Description: Build an Envoy plugin to support authorisation based on Kyverno policies. | ||
| - Expected Outcome: Enable users to perform autorisation with similar concepts as kyverno and kyverno-JSON using policies. | ||
| - Recommended Skills: Golang, Kubernetes, Envoy | ||
| - Mentor(s): | ||
| - Charles-Edouard Brétéché (@eddycharly, [email protected]) | ||
| - Anushka Mittal (@anushkamittal2001, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/kyverno/issues/9488 | ||
| - LFX URL: | ||
|
|
||
| #### Kyverno VPA Recommender | ||
|
|
||
| - Description: A common pain-point heard from users is improper resource allocations, and if Kyverno policies can help with that. This is an exploratory project to see if Kyverno can work with Kubernetes Vertical Pod Autoscalers (VPA). | ||
| - Expected Outcome: Kyverno policies that work with VPA recommender. | ||
| - Recommended Skills: Golang, Kubernetes | ||
| - Mentor(s): | ||
| - Jim Bugwadia (@jimbugwadia, [email protected]) | ||
| - Khaled Emara (@KhaledEmaraDev, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/kyverno/issues/9429 | ||
| - LFX URL: | ||
|
|
||
|
|
||
| #### Convert Kubernetes Best Practices Policies to CEL | ||
|
|
||
| - Description: Kubernetes Best Practices policies are written using Kyverno patterns and JMESPath, which means they cannot be executed as ValidatingAdmissionPolicy resources in the API server. This project aims to convert Kubernetes Best Practices policies, and other validating policies, to CEL wherever possible. | ||
| - Expected Outcome: Convert Kyverno policies for Kubernetes best practices to CEL. | ||
| - Recommended Skills: Kubernetes, Kyverno policies, CEL | ||
| - Mentor(s): | ||
| - Anusha Hegde (@anusha94, [email protected]) | ||
| - Mariam Fahmy (@MariamFahmy98, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/policies/issues/891 | ||
| - LFX URL: | ||
|
|
||
| #### Verify Multiple Image Attestations | ||
|
|
||
| - Description: Currently Kyverno cannot verify data across multiple attestations e.g. an image vulnerability scan report and a OpenVEX document. This project will enhance the image verification rules to support flexible checks across multiple attestations. | ||
| - Expected Outcome: Support condition validation across multiple image verification attestations or context entry. | ||
| - Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary | ||
| - Mentor(s): | ||
| - Vishal Choudhary (@vishal-chdhry, [email protected]) | ||
| - Shuting Zhao (@realshuting, [email protected]) | ||
| - Upstream Issue: https://github.com/kyverno/kyverno/issues/9456 | ||
| - LFX URL: | ||
|
|
||
| ### K8sGPT | ||
|
|
||
| #### Enhance K8sGPT's analyzers Unit Test Coverage | ||
|
|
||