├── README.md ├── CONTRIBUTORS.md ├── CODE_OF_CONDUCT.md ├── SECURITY.md ├── CONTRIBUTING.md ├── .gitvote.yml ├── MAINTAINERS.md ├── LICENSE └── GOVERNANCE.md /README.md: -------------------------------------------------------------------------------- 1 | # Kyverno Community 2 | 3 | This repository contains common community information for [Kyverno and its sub-projects](https://github.com/kyverno/.github/blob/main/profile/README.md#projects): 4 | 5 | * [Code of Conduct](./CODE_OF_CONDUCT.md) 6 | 7 | * [Governance](./GOVERNANCE.md) 8 | 9 | * [Security](./SECURITY.md) 10 | 11 | * [License](./LICENSE) 12 | 13 | * [Contributing](./CONTRIBUTING.md) 14 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | ## Contributors 2 | 3 | Contributors are those who have made enough contributions to the project as defined in the [Contributing guide](https://kyverno.io/community/#contributing). 4 | 5 | In order to add yourself as a contributor, please open a PR to add your information to the contributor list below, with a list of your contributions to the project in the PR description. 6 | 7 | | Contributor | GitHub ID | 8 | | --------------------- | ---------------------------------------------------------- | 9 | | Ved Ratan | [@VedRatan](https://github.com/VedRatan) | 10 | | Chandan DK | [@Chandan-DK](https://github.com/Chandan-DK) | 11 | | Swastik Gour | [@swastik959](https://github.com/swastik959) | 12 | | Amit Kumar | [@hackeramitkumar](https://github.com/hackeramitkumar) | 13 | | Khaled Emara | [@KhaledEmaraDev](https://github.com/KhaledEmaraDev) | 14 | | Anushka Mittal | [@anushkamittal2001](https://github.com/anushkamittal2001) | 15 | | Sanskar Gurdasani | [@Sanskarzz](https://github.com/Sanskarzz) | 16 | | D N Siva Sathyaseelan | [@sivasathyaseeelan](https://github.com/sivasathyaseeelan) | 17 | | Mohamed Asif S | [@mohamedasifs123](https://github.com/mohamedasifs123) | 18 | | Suruchi Kumari | [@coder12git](https://github.com/coder12git) | 19 | | Shubham Singh | [@1shubham7](https://github.com/1shubham7) | 20 | | Pradeep Narasimha | [@praddy26](https://github.com/praddy26) | 21 | | Sagar Kundral | [@nsagark](https://github.com/nsagark) | 22 | | Anudeep Nalla | [@anuddeeph1](https://github.com/anuddeeph1) | 23 | | Pratik Shah | [@shahpratikr](https://github.com/shahpratikr) | 24 | | Amarbir Singh | [@a-5ingh](https://github.com/A-5ingh) | 25 | | Ekambaram Pasham | [@epasham](https://github.com/epasham) | 26 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Kyverno Community Code of Conduct v1.0 2 | 3 | ## Contributor Code of Conduct 4 | 5 | As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities. 6 | 7 | We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality. 8 | 9 | Examples of unacceptable behavior by participants include: 10 | 11 | * The use of sexualized language or imagery 12 | * Personal attacks 13 | * Trolling or insulting/derogatory comments 14 | * Public or private harassment 15 | * Publishing other's private information, such as physical or electronic addresses, without explicit permission 16 | * Other unethical or unprofessional conduct. 17 | 18 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team. 19 | 20 | This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. 21 | 22 | Instances of abusive, harassing, or otherwise unacceptable behavior in Kubernetes may be reported by contacting the project maintainer(s). 23 | 24 | This Code of Conduct is adapted from the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) and the [Contributor Covenant](https://www.contributor-covenant.org/), [version 1.2.0](https://www.contributor-covenant.org/version/1/2/0/code-of-conduct/). 25 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | The Kyverno community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues. 4 | 5 | ## Security bulletins 6 | 7 | For information regarding the security of this project please join our [Slack channel](https://slack.k8s.io/#kyverno). 8 | 9 | ## Reporting a Vulnerability 10 | 11 | ### When you should? 12 | 13 | - You think you discovered a potential security vulnerability in Kyverno. 14 | - You are unsure how a vulnerability affects Kyverno. 15 | - You think you discovered a vulnerability in another project that Kyverno depends on. For projects with their own vulnerability reporting and disclosure process, please report it directly there. 16 | 17 | ### When you should not? 18 | 19 | - You need help tuning Kyverno components for security - please discuss this in the Kyverno [Slack channel](https://slack.k8s.io/#kyverno). 20 | - You need help applying security-related updates. 21 | - Your issue is not security-related. 22 | 23 | ### Please use the below process to report a vulnerability to the project: 24 | 25 | 1. Email the **Kyverno security group at kyverno-security@googlegroups.com** 26 | * Emails should contain: 27 | * description of the problem 28 | * precise and detailed steps (including screenshots) that created the problem 29 | * the affected version(s) 30 | * any possible mitigations, if known 31 | 2. The project security team will send an initial response to the disclosure in 3-5 days. Once the vulnerability and fix are confirmed, the team will plan to release the fix in 7 to 28 days based on the severity and complexity. 32 | 3. You may be contacted by a project maintainer to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is a vulnerability present. 33 | 34 | ## Supported Versions 35 | 36 | Kyverno versions follow [Semantic Versioning](https://semver.org/) terminology and are expressed as x.y.z: 37 | - where x is the major version 38 | - y is the minor version 39 | - and z is the patch version 40 | 41 | Security fixes are typically addressed in the main branch and may be backported to one prior minor release depending on severity and feasibility. Patch releases are built from prior branches periodically, and may be created on-demand for critical security fixes. -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines for Kyverno 2 | 3 | Thanks for your interest in contributing! We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out! 4 | 5 | These guidelines apply to [Kyverno and all of its sub-projects](https://github.com/kyverno#projects). 6 | 7 | Before you contribute, please take a moment to review and agree to abide by our community [Code of Conduct](./CODE_OF_CONDUCT.md). 8 | 9 | ## Engage with us 10 | 11 | The Kyverno website has the most updated information on [how to engage with the Kyverno community](https://kyverno.io/community/) including its maintainers and contributors. 12 | 13 | Join our community meetings to learn more about Kyverno and engage with maintainers, other contributors, and end users. 14 | 15 | ## Ways you can contribute 16 | 17 | ### 1. Report issues 18 | 19 | Issues to Kyverno help improve the project in multiple ways including the following: 20 | - Identify potential bugs 21 | - Request features 22 | - Request documentation and samples 23 | 24 | ### 2. Fix or Improve Documentation 25 | 26 | Good documentation is essential for the success of a project. Contributing to the documentation benefits others and enhances your knowledge and skills. 27 | 28 | ### 3. Code Changes 29 | 30 | New contributors may easily view all [open issues labeled as "good first issue"](https://github.com/orgs/kyverno/projects/10) allowing you to get started with code changes in an approachable manner. 31 | 32 | [Pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) (PRs) allow you to contribute back the changes you've made on your side enabling others in the community to benefit from your hard work. They are the main source by which all changes are made to this project and are a standard piece of GitHub operational flows. 33 | 34 | 35 | ## Developer Certificate of Origin (DCO) Sign off 36 | 37 | For contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project, we are requiring everyone to acknowledge this by signing their work which indicates you agree to the DCO found [here](https://developercertificate.org/). 38 | 39 | To sign your work, just add a line like this at the end of your commit message: 40 | 41 | ```sh 42 | Signed-off-by: Random J Developer 43 | ``` 44 | 45 | This can easily be done with the `-s` command line option to append this automatically to your commit message. 46 | 47 | ```sh 48 | git commit -s -m 'This is my commit message' 49 | ``` 50 | 51 | ## How to Create a PR 52 | 53 | Head over to the project repository on GitHub and click the **"Fork"** button. With the forked copy, you can try new ideas and implement changes to the project. 54 | 55 | 1. **Clone the repository to your device:** 56 | 57 | Get the link of your forked repository, paste it in your device terminal and clone it using the command. 58 | 59 | ```sh 60 | git clone https://hostname/YOUR-USERNAME/YOUR-REPOSITORY 61 | ``` 62 | 63 | 2. **Create a branch:** 64 | 65 | Create a new brach and navigate to the branch using this command. 66 | 67 | ```sh 68 | git checkout -b 69 | ``` 70 | 71 | Great, it's time to start hacking! You can now go ahead to make all the changes you want. 72 | 73 | 3. **Stage, Commit, and Push changes:** 74 | 75 | Now that we have implemented the required changes, use the command below to stage the changes and commit them. 76 | 77 | ```sh 78 | git add . 79 | ``` 80 | 81 | ```sh 82 | git commit -s -m "Commit message" 83 | ``` 84 | 85 | The `-s` signifies that you have signed off the commit. 86 | 87 | Go ahead and push your changes to GitHub using this command. 88 | 89 | ```sh 90 | git push 91 | ``` 92 | -------------------------------------------------------------------------------- /.gitvote.yml: -------------------------------------------------------------------------------- 1 | # GitVote configuration file 2 | # 3 | # GitVote will look for it in the following locations (in order of precedence): 4 | # 5 | # - At the root of the repository where the vote was created 6 | # - At the root of the .github repository, for organization wide configuration 7 | # 8 | 9 | # Automation (optional) 10 | # 11 | # Create votes automatically on PRs when any of the files affected by the PR 12 | # match any of the patterns provided. Patterns must follow the gitignore 13 | # format (https://git-scm.com/docs/gitignore#_pattern_format). 14 | # 15 | # Each automation rule must include a list of patterns and the profile to use 16 | # when creating the vote. This allows creating votes automatically using the 17 | # desired configuration based on the patterns matched. Rules are processed in 18 | # the order provided, and the first match wins. 19 | # 20 | # automation: 21 | # enabled: true 22 | # rules: 23 | # - patterns: 24 | # - "README.md" 25 | # - "*.txt" 26 | # profile: default 27 | # 28 | automation: 29 | enabled: false 30 | rules: 31 | - patterns: [] 32 | profile: profile1 33 | 34 | # Configuration profiles (required) 35 | # 36 | # A configuration profile defines some properties of a vote, like its duration, 37 | # the pass threshold or the users who have a binding vote. It's possible to 38 | # define multiple configuration profiles, each with a different set of settings. 39 | # 40 | profiles: 41 | # Default configuration profile 42 | # 43 | # This profile will be used with votes created with the /vote command 44 | default: 45 | # Voting duration (required) 46 | # 47 | # How long the vote will be open 48 | # 49 | # Units supported (can be combined as in 1hour 30mins): 50 | # 51 | # minutes | minute | mins | min | m 52 | # hours | hour | hrs | hrs | h 53 | # days | day | d 54 | # weeks | week | w 55 | # 56 | 57 | duration: 1w 58 | 59 | # Pass threshold (required) 60 | # 61 | # Percentage of votes in favor required to pass the vote 62 | # 63 | # The percentage is calculated based on the number of votes in favor and the 64 | # number of allowed voters (see allowed_voters field below for more details). 65 | pass_threshold: 66 66 | 67 | # Allowed voters (optional) 68 | # 69 | # List of GitHub teams and users who have binding votes 70 | # 71 | # If no teams or users are provided, all repository collaborators will be 72 | # allowed to vote. For organization-owned repositories, the list of 73 | # collaborators includes outside collaborators, organization members that 74 | # are direct collaborators, organization members with access through team 75 | # memberships, organization members with access through default organization 76 | # permissions, and organization owners. 77 | # 78 | # By default, teams' members with the maintainer role are allowed to vote 79 | # as well. By using the `exclude_team_maintainers` option, it's possible to 80 | # modify this behavior so that only teams' members with the member role are 81 | # considered allowed voters. Please note that this option only applies to 82 | # the teams explicitly listed in `allowed_voters/teams`. 83 | # 84 | # Teams names must be provided without the organization prefix. 85 | # 86 | # allowed_voters: 87 | # teams: 88 | # - team1 89 | # users: 90 | # - cynthia-sg 91 | # - tegioz 92 | # exclude_team_maintainers: false 93 | # 94 | allowed_voters: 95 | teams: [binding-votes] 96 | users: [] 97 | 98 | # Periodic status check 99 | #  100 | # GitVote allows checking the status of a vote in progress manually by 101 | # calling the /check-vote command. The periodic status check option makes 102 | # it possible to automate the execution of status checks periodically. The 103 | # vote status will be published to the corresponding issue or pull request, 104 | # the same way as if the /check-vote command would have been called 105 | # manually. 106 | # 107 | # When this option is enabled, while the vote is open, a status check will 108 | # be run automatically using the frequency configured. Please note that the 109 | # hard limit of one status check per day still applies, so if the command 110 | # has been called manually the automatic periodic run may be delayed. 111 | # Automatic status checks won't be run if the vote will be closed within 112 | # the next hour. 113 | # 114 | # Units supported: 115 | # 116 | # - day / days 117 | # - week / weeks 118 | # 119 | # As an example, using a value of "5 days" would mean that 5 days after the 120 | # vote was created, and every 5 days after that, an automatic status check 121 | # will be run. 122 | # 123 | # periodic_status_check: "5 days" 124 | # 125 | periodic_status_check: null 126 | 127 | # Close on passing 128 | #  129 | # By default, votes remain open for the configured duration. Sometimes, 130 | # specially on votes that stay open for a long time, it may be preferable 131 | # to close a vote automatically once the passing threshold has been met. 132 | # The close on passing feature makes this possible. Open votes where this 133 | # feature has been enabled will be checked once daily and, if GitVote 134 | # detects that the vote has passed, it will automatically close it. 135 | #  136 | # close_on_passing: true 137 | # 138 | close_on_passing: true 139 | 140 | # Announcements 141 | # 142 | # GitVote can announce the results of a vote when it is closed on GitHub 143 | # discussions. This feature won't be enabled if this configuration section 144 | # is not provided. The slug of the category where the announcement will be 145 | # posted to must be specified (i.e. announcements). 146 | # 147 | # announcements: 148 | # discussions: 149 | # category: announcements 150 | # 151 | announcements: 152 | discussions: 153 | category: announcements 154 | 155 | # Additional configuration profiles 156 | # 157 | # In addition to the default configuration profile, it is possible to add more 158 | # to easily create votes with different settings. To create a vote that uses a 159 | # different profile you can use the command /vote-PROFILE. In the case below, 160 | # the command would be /vote-profile1 161 | # 162 | # Please note that each profile must contain all required fields. The default 163 | # profile is used when using the /vote command, but its values are not used as 164 | # default values when they are not provided on other profiles. 165 | # 166 | 167 | # profile1: 168 | # duration: 1m 169 | # pass_threshold: 75 170 | # allowed_voters: 171 | # teams: 172 | # - team1 173 | -------------------------------------------------------------------------------- /MAINTAINERS.md: -------------------------------------------------------------------------------- 1 | # Kyverno Maintainers 2 | 3 | Please refer to the [Project Governance](https://kyverno.io/community/#project-governance) for more information on the responsibilities and privileges of being a maintainer for the Kyverno project. 4 | 5 | ## Kyverno For Kubernetes Maintainers 6 | 7 | https://github.com/orgs/kyverno/teams/kyverno-maintainers 8 | 9 | | Maintainer | GitHub ID | Affiliation | 10 | |--------------------------|--------------------------------------------------------|---------------------------| 11 | | Jim Bugwadia | [@JimBugwadia](https://github.com/JimBugwadia) | Nirmata | 12 | | Shuting Zhao | [@realshuting](https://github.com/realshuting) | Nirmata | 13 | | Charles-Edouard Brétéché | [@eddycharly](https://github.com/eddycharly) | Nirmata | 14 | | Vishal Choudhary | [@vishal-chdhry](https://github.com/vishal-chdhry) | Nirmata | 15 | | Mariam Fahmy | [@MariamFahmy98](https://github.com/MariamFahmy98) | Nirmata | 16 | | Frank Jogeleit | [@fjogeleit](https://github.com/fjogeleit) | Nirmata | 17 | 18 | ## Kyverno JSON Maintainers 19 | 20 | https://github.com/orgs/kyverno/teams/kyverno-json-maintainers 21 | 22 | | Maintainer | GitHub ID | Affiliation | 23 | |--------------------------|--------------------------------------------------------|---------------------------| 24 | | Charles-Edouard Brétéché | [@eddycharly](https://github.com/eddycharly) | Nirmata | 25 | | Vishal Choudhary | [@vishal-chdhry](https://github.com/vishal-chdhry) | Nirmata | 26 | | Jim Bugwadia | [@JimBugwadia](https://github.com/JimBugwadia) | Nirmata | 27 | 28 | ## Kyverno Chainsaw Maintainers 29 | 30 | https://github.com/orgs/kyverno/teams/chainsaw-maintainers 31 | 32 | | Maintainer | GitHub ID | Affiliation | 33 | |--------------------------|--------------------------------------------------------|---------------------------| 34 | | Charles-Edouard Brétéché | [@eddycharly](https://github.com/eddycharly) | Nirmata | 35 | | Shubham Gupta | [@shubham-cmyk](https://github.com/shubham-cmyk) | - | 36 | | Mariam Fahmy | [@MariamFahmy98](https://github.com/MariamFahmy98) | Nirmata 37 | 38 | 39 | ## Kyverno Policy Reporter Maintainers 40 | 41 | https://github.com/orgs/kyverno/teams/policy-reporter-maintainers 42 | 43 | | Maintainer | GitHub ID | Affiliation | 44 | |--------------------------|--------------------------------------------------------|---------------------------| 45 | | Frank Jogeleit | [@fjogeleit](https://github.com/fjogeleit) | Nirmata 46 | 47 | 48 | 49 | ## Kyverno Website Maintainers 50 | 51 | https://github.com/orgs/kyverno/teams/website-maintainers 52 | 53 | | Maintainer | GitHub ID | Affiliation | 54 | |--------------------------|--------------------------------------------------------|---------------------------| 55 | | Jim Bugwadia | [@JimBugwadia](https://github.com/JimBugwadia) | Nirmata | 56 | | Shuting Zhao | [@realshuting](https://github.com/realshuting) | Nirmata | 57 | | Charles-Edouard Brétéché | [@eddycharly](https://github.com/eddycharly) | Nirmata | 58 | | Vishal Choudhary | [@vishal-chdhry](https://github.com/vishal-chdhry) | Nirmata | 59 | | Mariam Fahmy | [@MariamFahmy98](https://github.com/MariamFahmy98) | Nirmata 60 | 61 | ## Kyverno Sample Policies Repository Maintainers 62 | 63 | https://github.com/orgs/kyverno/teams/policies-maintainers 64 | 65 | 66 | | Maintainer | GitHub ID | Affiliation | 67 | |--------------------------|--------------------------------------------------------|---------------------------| 68 | | Jim Bugwadia | [@JimBugwadia](https://github.com/JimBugwadia) | Nirmata | 69 | | Shuting Zhao | [@realshuting](https://github.com/realshuting) | Nirmata | 70 | | Charles-Edouard Brétéché | [@eddycharly](https://github.com/eddycharly) | Nirmata | 71 | | Vishal Choudhary | [@vishal-chdhry](https://github.com/vishal-chdhry) | Nirmata | 72 | | Mariam Fahmy | [@MariamFahmy98](https://github.com/MariamFahmy98) | Nirmata 73 | 74 | ## Kyverno Envoy Plugin Maintainers 75 | 76 | https://github.com/orgs/kyverno/teams/kyverno-envoy-plugin-maintainers 77 | 78 | | Maintainer | GitHub ID | Affiliation | 79 | |--------------------------|--------------------------------------------------------|---------------------------| 80 | | Charles-Edouard Brétéché | [@eddycharly](https://github.com/eddycharly) | Nirmata | 81 | | Anushka Mittal | [@anushkamittal20](https://github.com/anushkamittal20) | Chainguard | 82 | 83 | ## Kyverno Backstage Policy Reporter 84 | 85 | https://github.com/orgs/kyverno/teams/backstage-policy-reporter-maintainers 86 | 87 | | Maintainer | GitHub ID | Affiliation | 88 | |--------------------------|--------------------------------------------------------|---------------------------| 89 | | Jonas Beck | [@Jonas-Beck](https://github.com/Jonas-Beck) | VELUX | 90 | | Jacob Lorenzen | [@Jaxwood](https://github.com/Jaxwood) | VELUX | 91 | 92 | 93 | ## Maintainers Emeritus 94 | 95 | | Maintainer | GitHub ID | Affiliation | 96 | |--------------------------|--------------------------------------------------------|---------------------------| 97 | | Vyankatesh Kudtarkar | [@vyankyGH](https://github.com/vyankyGH) | | 98 | | Prateek Pandey | [@prateekpandey14](https://github.com/prateekpandey14) | | 99 | | Sambhav Kothari | [@sambhav](https://github.com/sambhav) | Bloomberg | 100 | | Trey Dockendorf | [@treydock](https://github.com/treydock) | Ohio Supercomputer Center | 101 | | Marcel Müller | [@MarcelMue](https://github.com/MarcelMue) | Giant Swarm GmbH | 102 | | Chip Zoller | [@chipzoller](https://github.com/chipzoller) | Stackwatch (Kubecost) | 103 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /GOVERNANCE.md: -------------------------------------------------------------------------------- 1 | # Kyverno Governance 2 | 3 | This document defines governance policies for the [Kyverno and its sub-projects](https://github.com/kyverno#projects): 4 | 5 | - [Kyverno Governance](#kyverno-governance) 6 | - [Principles](#principles) 7 | - [Code of Conduct](#code-of-conduct) 8 | - [Vendor Neutrality](#vendor-neutrality) 9 | - [Meetings](#meetings) 10 | - [Project Roles](#project-roles) 11 | - [Summary of Roles](#summary-of-roles) 12 | - [Contributors](#contributors) 13 | - [Maintainers](#maintainers) 14 | - [Mapping Project Roles to GitHub Roles](#mapping-project-roles-to-github-roles) 15 | - [Off-boarding Guidance](#off-boarding-guidance) 16 | - [Maintainer Areas](#maintainer-areas) 17 | - [Kyverno Projects](#kyverno-projects) 18 | - [Projects areas](#projects-areas) 19 | - [Conflict Resolutions](#conflict-resolutions) 20 | - [Changes](#changes) 21 | - [Credits](#credits) 22 | 23 | ## Principles 24 | 25 | The Kyverno community adheres to the following principles: 26 | 27 | - **Open**: The Kyverno community strives to be open, accessible and welcoming to everyone. Anyone may contribute, and contributions are available to all users according to open-source values and licenses. 28 | - **Transparent and accessible**: Any changes to the Kyverno source code and collaborations on the project are publicly accessible (GitHub issues, PRs, and discussions). 29 | - **Merit**: Ideas and contributions are accepted according to their technical merit and alignment with project objectives, scope, and design principles. 30 | 31 | ## Code of Conduct 32 | 33 | Kyverno follows the [Code of Conduct](CODE_OF_CONDUCT.md), which is aligned with the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). 34 | 35 | ## Vendor Neutrality 36 | 37 | Kyverno follows the CNCF vendor neutrality guidelines documented at: 38 | 39 | https://contribute.cncf.io/maintainers/community/vendor-neutrality/ 40 | 41 | ## Meetings 42 | 43 | Kyverno community meetings follow a defined [schedule](https://kyverno.io/community/#community-meetings). 44 | 45 | The maintainers may also have closed meetings to discuss security reports or Code of Conduct violations. Such meetings should be scheduled by any maintainer on receipt of a security issue or CoC report. All current Maintainers must be invited to such closed meetings, except for any maintainer who is accused of a CoC violation. 46 | 47 | ## Project Roles 48 | 49 | The Kyverno community welcomes all contributors and has well-defined roles detailed below. 50 | 51 | This document highlights the roles and responsibilities for the Kyverno community members. It also outlines the requirements for anyone who is looking to take on leadership roles in the Kyverno project. The following governance applies to all Kyverno subprojects. 52 | 53 | **Note:** Please make sure to read the CNCF [Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). 54 | 55 | ### Summary of Roles 56 | 57 | The table below summarizes project roles and responsibilities. Details are provided in the sections following the table: 58 | 59 | | Role | Requirements | Ongoing Responsibilities | Defined by | 60 | | ------------ | -------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | 61 | | Contributors | At least five (5) contributions to any sub-project. | None | CONTRIBUTORS.md | 62 | | Maintainer | At least ten (10) contributions to a sub-project + Highly experienced and active contributor + Voted in by Kyverno maintainers. | Monitor project growth, set direction and priorities for a subproject. | Voted in by the Kyverno maintainers, listing in `MAINTAINERS.md`, GitHub organization member, and repository owner. | 63 | 64 | #### Contributors 65 | 66 | Contributors are individuals who have made at least five (5) contributions to the project; by authoring PRs, commenting on issues and pull requests, and participating in community discussions on Slack or the mailing list. 67 | 68 | **Checklist before becoming a Contributor** 69 | 70 | - Have at least five (5) PRs successfully merged for any repositories under the Kyverno organization 71 | - Member of the kyverno channel on Kubernetes and/or CNCF Slack 72 | - Attended one (1) Contributors Meeting as documented 73 | - Registered for the Kyverno [mailing list](https://groups.google.com/g/kyverno) 74 | 75 | **Privileges of a Contributor** 76 | 77 | - Listed in the file in at least one (1) organization repository 78 | - Kyverno contributor badge issued 79 | 80 | To join the Kyverno project as a Contributor create a Pull Request (PR) in the [Kyverno repository](https://github.com/kyverno/kyverno) with the following: 81 | 1. Changes to add yourself to the [CONTRIBUTORS.md](https://github.com/kyverno/kyverno/blob/main/CONTRIBUTORS.md) file. 82 | 2. Links to your prior contributions (at least five). 83 | 3. Links to slack discussions, issue comments, etc. 84 | 85 | #### Maintainers 86 | 87 | Maintainers are individuals who have shown good technical judgement in feature design/development in the past. Maintainers have overall knowledge of the project and features in the project. They can read, clone, and push to the repository. They can also manage issues, pull requests, and some repository settings. 88 | 89 | Maintainers are the technical authority for a subproject and are considered leaders for the organization as a whole. They must have demonstrated both good judgement and responsibility towards the health of the subproject. Maintainers must set technical direction and make or approve design decisions for their subproject, either directly or through delegation of these responsibilities. Unlike contributors, maintainers have the highest degree of responsibility and ownership for the project. Maintainer status may be subject to a vote and, if the minimum level of activity is not maintained, may be moved to an _emeritus_ status. 90 | 91 | **Checklist before becoming a Maintainer:** 92 | 93 | - Have at least ten (10) significant PRs successfully merged for any combination of repositories under the Kyverno organization 94 | - Member of the `#kyverno` and `#kyverno-dev` channels on Kubernetes Slack workspace and the `#kyverno` channel on the CNCF Slack workspace 95 | - Regularly attends Kyverno [Maintainers and Community Meetings](https://kyverno.io/community/#community-meetings) 96 | - Registered for the Kyverno [mailing list](https://groups.google.com/g/kyverno) 97 | - Create a pull request to add self to `CODEOWNERS` file in at least one (1) repository 98 | - Attained the super majority vote (66%) from maintainers 99 | - Respond to reviews from maintainers on pull requests 100 | - Proficient in GitHub, YAML, Markdown, and Git 101 | - Exhibits strong attention to detail when reviewing commits and provides generous guidance and feedback 102 | - Helps others achieve their goals with open-source and community contributions 103 | - Understands the workflow of the Issues and Pull Requests 104 | - Makes consistent contributions to the Kyverno project 105 | - Consistently initiates and participates in [Kyverno discussions](https://slack.k8s.io/#kyverno) 106 | - Has knowledge and interest that aligns with the overall project goals, specifications, and design principles of the Kyverno project 107 | - Makes contributions that are considered notable 108 | - Demonstrates ability to help troubleshoot and resolve user issues 109 | - Has achieved the Kyverno Certification or demonstrated an equivalent mastery of Kyverno 110 | - Maintains a consistent level of activity with contributions to the project 111 | 112 | **Responsibilities of a Maintainer** 113 | 114 | - Tracks and ensures adequate health of the modules and subprojects they are in charge of 115 | - Ensures adequate test coverage to confidently release new features and fixes 116 | - Ensures that tests are passing reliably (i.e. not flaky) and are fixed when they fail 117 | - Mentors and guides code owners, reviewers, and contributors 118 | - Actively participates in the processes for discussion and decision making in the project 119 | - Merges Pull Requests and helps prepare releases 120 | - Makes and approves technical design decisions for the subproject 121 | - Helps define milestones and releases 122 | - Decides on when PRs are merged to control the release scope 123 | - Works with other maintainers to maintain the project's overall health and success holistically 124 | 125 | **Privileges of a Maintainer** 126 | 127 | - Listed as an organization member 128 | - Listed in `CODEOWNERS` in at least one (1) repository 129 | - Member of the https://lists.cncf.io/g/cncf-kyverno-maintainers mailing list 130 | - Have issues assigned to them 131 | - Have PRs assigned to them 132 | - Receives a Kyverno Maintainer Badge 133 | - Listed in `MAINTAINERS.md` 134 | 135 | **On-boarding Criteria** 136 | 137 | - Voted in by a majority of current maintainers, raised in a PR by the proposed member to add themselves to `MAINTAINERS.md`, during a voting period lasting at least three (3) working days 138 | 139 | **Off-boarding Criteria** 140 | 141 | An off-boarding vote may be called by any maintainer if any of the following criteria are met: 142 | - A maintainer has made less than 30 contributions over a span of 6 months. 143 | - Contributions can be tracked using the [DevStats dashboard](https://kyverno.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1&var-period_name=Last%206%20months&var-metric=contributions&var-repogroup_name=All&var-country_name=All&from=1522810884223&to=1680577284223&var-companies=All). 144 | - Other relevant data will be collected and evaluated to assess the maintainer's contributions. This includes their involvement in discussions, conversations on Slack, and any other relevant interactions. 145 | 146 | The off-boarding process includes the following steps: 147 | - The off-boarding process is initiated by any currently active maintainer who conducts a review of the maintainers list and proceeds to initialize the off-boarding process if the above criteria are met. 148 | - The plans of off-boarding process is sent in a private Slack message or email to the candidate. 149 | - If the candidate for removal states plans to continue participating, another 6 months will be granted to the candidate to make contributions and the new cycle starts. No action is taken and this process terminates. 150 | - If the candidate fails to meet the criteria during the second attempt to make contributions, the off-boarding process continues. 151 | - A pull request (PR) proposing movement of the candidate is sent, initiating the public voting phase. 152 | - The vote passes if a majority of current maintainers vote yes during a voting period lasting five (5) working days. 153 | - A positive vote will result in movement to an _emeritus_ status within `MAINTAINERS.md` and removal from organization membership. 154 | 155 | #### Mapping Project Roles to GitHub Roles 156 | 157 | The roles used in this document are custom roles mapped according to the [GitHub roles and responsibilities](https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization). 158 | 159 | | Project Role | GitHub Role | 160 | | -------------- | -------------- | 161 | | Contributor | Triage | 162 | | Maintainer | Maintain | 163 | 164 | ### Off-boarding Guidance 165 | 166 | If any of the above roles hasn't contributed in any phases (including, but not limited to: code changes, doc updates, issue discussions) in 3 months, the administrator needs to inform the member and remove one's roles and GitHub permissions. 167 | 168 | ## Maintainer Areas 169 | 170 | The Kyverno projects code base cover many areas and project maintainers are not required to know everything about a project. 171 | For this reason, maintainers can be specific to one (or more) area of the code base, every area representing a specific aspect. 172 | 173 | ### Kyverno Projects 174 | 175 | - [Kyverno](https://github.com/kyverno/kyverno) 176 | - [Kyverno Website](https://github.com/kyverno/website) 177 | - [Kyverno Policies](https://github.com/kyverno/policies) 178 | - [Kyverno JSON](https://github.com/kyverno/kyverno-json) 179 | - [Kyverno Chainsaw](https://github.com/kyverno/chainsaw) 180 | - [Kyverno Playground](https://github.com/kyverno/playground) 181 | - [Kyverno Policy Reporter](https://github.com/kyverno/policy-reporter) 182 | - [Kyverno Reports Server](https://github.com/kyverno/reports-server) 183 | - [Kyverno Backstage Policy Reporter](https://github.com/VELUX/backstage-policy-reporter-plugin) 184 | 185 | ### Projects areas 186 | 187 | This list is not exhaustive and is subject to modifications as the project evolves over time. 188 | 189 | | Project | Area | Description | 190 | |---|---|---| 191 | | Kyverno | `website` | Kyverno projects website and docs | 192 | | Kyverno | `policies-catalog` | Kyverno currated policies | 193 | | Kyverno | `helm-chart` | Kyverno Helm chart | 194 | | Kyverno | `engine` | Kyverno policy engine | 195 | | Kyverno | `cli` | Kyverno CLI | 196 | | Kyverno | `report-system` | Kyverno reporting system | 197 | | Kyverno JSON | -- | Kyverno JSON project | 198 | | Kyverno Chainsaw | -- | Kyverno Chainsaw project | 199 | | Kyverno Playground | `frontend` | Kyverno Playground frontend | 200 | | Kyverno Playground | `backend` | Kyverno Playground backend | 201 | | Kyverno Playground | `helm-chart` | Kyverno Playground Helm chart | 202 | | Kyverno Policy Reporter | `frontend` | Kyverno Policy Reporter frontend | 203 | | Kyverno Policy Reporter | `backend` | Kyverno Policy Reporter backend | 204 | | Kyverno Policy Reporter | `helm-chart` | Kyverno Policy Reporter Helm chart | 205 | | Kyverno Reports Server | -- | Kyverno Reports Server project | 206 | | Kyverno Backstage Policy Reporter | `frontend` | Kyverno Backstage Policy Reporter frontend | 207 | | Kyverno Backstage Policy Reporter | `backend` | Kyverno Backstage Policy Reporter backend | 208 | 209 | ## Conflict Resolutions 210 | 211 | Typically, it is assumed that disputes will be resolved amicably by those involved. However, if the situation becomes more serious, conflicts will be resolved through a voting process. A supermajority of votes from project maintainers is required to make a decision, and the project lead has the final say in the ruling. 212 | 213 | ## Changes 214 | 215 | This Project Governance is a living document. All key project changes including changes in project governance can be proposed by a GitHub PR and then reviewed and voted on by project maintainers. 216 | 217 | ## Credits 218 | 219 | Sections of this document have been borrowed from the [CoreDNS](https://github.com/coredns/coredns/blob/master/GOVERNANCE.md) and [fluxcd](https://github.com/fluxcd/community/blob/main/GOVERNANCE.md) projects. 220 | --------------------------------------------------------------------------------