kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7249 from rficcaglia/rficcaglia-draft-annual 

wg-policy annual community report
This commit is contained in:
Kubernetes Prow Robot 2023-07-16 12:03:07 -07:00 committed by GitHub
parent cc4d2f0d02 245f82200a
commit 8c36f75603
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
wg-policy/annual-report-2022.md
View File

@ -5,40 +5,45 @@
1. What work did the WG do this year that should be highlighted?
For example, artifacts, reports, white papers produced this year.
-
-
-
- CR for PolicyReport being used more widely in other projects and by end users
- 2 whitepapers released
- 2 KubeCon talks NA + EU
2. What initiatives are you working on that aren't being tracked in KEPs?
-
-
-
- We are discussing a KEP for the PolicyReport CR but still pending
- Feedback from some of the sig leadership recommend NOT doing a KEP but just hosting the code in sig-auth or sig-security namespace
- Outside of that there has been a lot of community interest, and workgroup effort spent, on control mapping
and control-as-code implementation, eg OSCAL, that might be better served moved into its own workgroup or a
sandbox project
## Project health
1. What's the current roadmap until completion of the working group?
-
-
-
- Once the CR KEP is submitted or the sig decides yea or nay, we anticipate winding down the WG unless the community asks for new prototypes
- There seems limited/no interest in a corresponding CR for policy inputs/profiles
- One option is that many of the attendees are interested in compliance, so maybe a sig-security compliance WG is a follow on
- Also several of the concrete policy implementations can be carried over to SLEDGEHammer (which will be submitting a Sandbox application)
2. Does the group have contributors from multiple companies/affiliations?
-
- Yes (RedHat, IBM. Kyverno, Google, Fairwinds, Defense Unicorns, others)
3. Are there ways end users/companies can contribute that they currently are not?
If one of those ways is more full time support, what would they work on and why?
-
-
- Maintaining the PolicyReport API code
- Building out more PolicyReport API client code and examples
- Contributing more concrete policy library content (SLEDGEHammer will be committed to this)
- There is considerable interest in continuing the governance and assessment and lifecycle of policy and controls,
however as these necessarily cross boundaries, it seems like something that should either be re-homed to sig-security,
and/or hosted in a CNCF-level workgroup and/or moved into a relevant sandbox CNCF project
## Membership
- Primary slack channel member count:
- Primary mailing list member count:
- Primary meeting attendee count (estimated, if needed):
- Primary meeting participant count (estimated, if needed):
- Primary slack channel member count: 360
- Primary mailing list member count: 139
- Primary meeting attendee count (estimated, if needed): ~8
- Primary meeting participant count (estimated, if needed): ~6
Include any other ways you measure group membership
@ -46,15 +51,12 @@ Include any other ways you measure group membership
Operational tasks in [wg-governance.md]:
- [ ] [README.md] reviewed for accuracy and updated if needed
- [ ] WG leaders in [sigs.yaml] are accurate and active, and updated if needed
- [ ] Meeting notes and recordings for 2022 are linked from [README.md] and updated/uploaded if needed
- [ ] Updates provided to sponsoring SIGs in 2022
- [$sig-name](https://git.k8s.io/community/$sig-id/)
- links to email, meeting notes, slides, or recordings, etc
- [$sig-name](https://git.k8s.io/community/$sig-id/)
- links to email, meeting notes, slides, or recordings, etc
-
- [X] [README.md] reviewed for accuracy and updated if needed
- [X] WG leaders in [sigs.yaml] are accurate and active, and updated if needed
- [X] Meeting notes and recordings for 2022 are linked from [README.md] and updated/uploaded if needed
- [X] Updates provided to sponsoring SIGs in 2022
- [sig-auth](https://git.k8s.io/community/sig-auth/)
- TODO: JIM: links to email, meeting notes, slides, or recordings, etc
[wg-governance.md]: https://git.k8s.io/community/committee-steering/governance/wg-governance.md
[README.md]: https://git.k8s.io/community/wg-policy/README.md