Date   

Re: OPA to graduation

Joe Searcy
 

I can't speak for everyone, but we are, and have been for the last 2+ years, been making great use of OPA in production across our entire fleet of Kubernetes clusters and several other ecosystem components. While I do agree that some folks associate OPA with Gatekeeper, OPA is much more ubiquitous. The admission controller model with OPA is very popular, but other example of how we use it are:

- Custom authorization policies within Envoy/Gloo
- Generic RBAC for several in-house built tools/apps
- Custom Token validation
- Generic CI/CD conformance 
- Kubernetes Fleet conformance (cross-cluster policy)

We run 100's of OPA instances as both containers and as embedded libraries.

Use cases like Conftest come to mind as well.


Re: [VOTE] Open Policy Agent from incubating to graduated

John Belamaric
 

+1 nb


Re: OPA to graduation

John Belamaric
 

+1 nb

On Mon, Sep 28, 2020 at 11:44 AM Andrés Vega <andresvega1@...> wrote:
Working in synchronicity from the authentication problem space adjacent to authorization, it has been fascinating to watch OPA evolve and grow in both adoption and maturity. 

In every SPIFFE and SPIRE conversation, OPA always surfaces as the best architectural fit for a comprehensive identity and authorization solution. While there is a learning curve to Rego, people do manage to wrap their heads around it as it pays dividends in return.

As Joe, I'd like to see overtime further standardization of the APIs. 

+1 NB


Andres


Re: OPA to graduation

Liz Rice
 

I really like OPA, and the project is doing tons of things really well, but I am struggling to add a +1 on the voting thread for it. When we move something to graduation, the TOC is sending a strong message that we think it's ready for end users to run in production - but to me it's not exactly clear what we're recommending. Anecdotally it seems to me that for a lot of folks in our community, OPA is synonymous with Gatekeeper. And that's a really useful component, and I don't want to do a disservice to the great work being done on it, but I don't think it's necessarily true that webhook + Gatekeeper is a robust, scalable solution that end users can assume they can deploy today with little-to-no risk.  

I am very open to hearing why my concern is misplaced - for example am I missing messaging about other situations where OPA is being widely used, or how Gatekeeper is positioned? 


Re: [VOTE] Open Policy Agent from incubating to graduated

Klaus Ma
 

+1 nb :)

On Wed, Dec 9, 2020 at 6:27 AM Jakub Scholz <jakub@...> wrote:
+1 (non-binding)

On Wed, Sep 30, 2020 at 6:06 PM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] Open Policy Agent from incubating to graduated

Jakub Scholz <jakub@...>
 

+1 (non-binding)

On Wed, Sep 30, 2020 at 6:06 PM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] Open Policy Agent from incubating to graduated

Emily Fox
 

+1 NB
~Emily Fox
@TheMoxieFox


On Tue, Dec 8, 2020 at 12:58 PM kensipe <kensipe@...> wrote:
+1 NB

On Dec 8, 2020, at 11:10 AM, Isaac Mosquera via lists.cncf.io <isaac=armory.io@...> wrote:

+1 NB 



On Tue, Dec 8, 2020 5:08 PM, Brandon Lum lumjjb@... wrote:
+1 NB


On Tue, Dec 8, 2020 at 12:05 PM Ricardo Aravena <raravena80@...> wrote:
+1 nb


On Wed, Sep 30, 2020 at 9:01 AM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281 

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

-- 
Amye Scavarda Perrin | Program Manager | amye@...






#velocity,

I S A A C  M O S Q U E R A
Chief Technology Officer
p: 703.795.5322


Re: [VOTE] Open Policy Agent from incubating to graduated

kensipe
 

+1 NB

On Dec 8, 2020, at 11:10 AM, Isaac Mosquera via lists.cncf.io <isaac=armory.io@...> wrote:

+1 NB 



On Tue, Dec 8, 2020 5:08 PM, Brandon Lum lumjjb@... wrote:
+1 NB


On Tue, Dec 8, 2020 at 12:05 PM Ricardo Aravena <raravena80@...> wrote:
+1 nb


On Wed, Sep 30, 2020 at 9:01 AM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281 

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

-- 
Amye Scavarda Perrin | Program Manager | amye@...






#velocity,

I S A A C  M O S Q U E R A
Chief Technology Officer
p: 703.795.5322


Re: [VOTE] Open Policy Agent from incubating to graduated

Jon Mittelhauser
 

+1 nb

 

From: <cncf-toc@...> on behalf of "Isaac Mosquera via lists.cncf.io" <isaac=armory.io@...>
Reply-To: <isaac@...>
Date: Tuesday, December 8, 2020 at 9:10 AM
To: Brandon Lum <lumjjb@...>
Cc: Ricardo Aravena <raravena80@...>, Amye Scavarda Perrin <ascavarda@...>, CNCF TOC <cncf-toc@...>
Subject: Re: [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated

 

+1 NB 

 

 

On Tue, Dec 8, 2020 5:08 PM, Brandon Lum lumjjb@... wrote:

+1 NB

 

 

On Tue, Dec 8, 2020 at 12:05 PM Ricardo Aravena <raravena80@...> wrote:

+1 nb

 

 

On Wed, Sep 30, 2020 at 9:01 AM Amye Scavarda Perrin <ascavarda@...> wrote:

The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

 

--

Amye Scavarda Perrin | Program Manager | amye@...

 

#velocity,

 

I S A A C  M O S Q U E R A

Chief Technology Officer

p: 703.795.5322


Re: [VOTE] Open Policy Agent from incubating to graduated

Isaac Mosquera
 

+1 NB 



On Tue, Dec 8, 2020 5:08 PM, Brandon Lum lumjjb@... wrote:
+1 NB


On Tue, Dec 8, 2020 at 12:05 PM Ricardo Aravena <raravena80@...> wrote:
+1 nb


On Wed, Sep 30, 2020 at 9:01 AM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...



#velocity,

I S A A C  M O S Q U E R A
Chief Technology Officer
p: 703.795.5322


Re: [VOTE] Open Policy Agent from incubating to graduated

Brandon Lum
 

+1 NB


On Tue, Dec 8, 2020 at 12:05 PM Ricardo Aravena <raravena80@...> wrote:
+1 nb


On Wed, Sep 30, 2020 at 9:01 AM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] Open Policy Agent from incubating to graduated

Ricardo Aravena
 

+1 nb


On Wed, Sep 30, 2020 at 9:01 AM Amye Scavarda Perrin <ascavarda@...> wrote:
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated

Tim St. Clair
 

+1 Non-binding


From: cncf-toc@... <cncf-toc@...> on behalf of Davanum Srinivas via lists.cncf.io <davanum=gmail.com@...>
Sent: Tuesday, December 8, 2020 10:48 AM
To: bburns@... <bburns@...>
Cc: CNCF TOC <cncf-toc@...>; ascavarda@... <ascavarda@...>
Subject: Re: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated
 
+1 Non-binding

On Tue, Dec 8, 2020 at 11:45 AM Brendan Burns via lists.cncf.io <bburns=microsoft.com@...> wrote:
+1, Binding



From: cncf-toc@... <cncf-toc@...> on behalf of Amye Scavarda Perrin via lists.cncf.io <ascavarda=linuxfoundation.org@...>
Sent: Wednesday, September 30, 2020 9:00 AM
To: CNCF TOC <cncf-toc@...>
Subject: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated
 
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...



--
Davanum Srinivas :: https://twitter.com/dims


Re: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated

Davanum Srinivas
 

+1 Non-binding

On Tue, Dec 8, 2020 at 11:45 AM Brendan Burns via lists.cncf.io <bburns=microsoft.com@...> wrote:
+1, Binding



From: cncf-toc@... <cncf-toc@...> on behalf of Amye Scavarda Perrin via lists.cncf.io <ascavarda=linuxfoundation.org@...>
Sent: Wednesday, September 30, 2020 9:00 AM
To: CNCF TOC <cncf-toc@...>
Subject: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated
 
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...



--
Davanum Srinivas :: https://twitter.com/dims


Re: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated

Brendan Burns
 

+1, Binding



From: cncf-toc@... <cncf-toc@...> on behalf of Amye Scavarda Perrin via lists.cncf.io <ascavarda=linuxfoundation.org@...>
Sent: Wednesday, September 30, 2020 9:00 AM
To: CNCF TOC <cncf-toc@...>
Subject: [EXTERNAL] [cncf-toc] [VOTE] Open Policy Agent from incubating to graduated
 
The Open Policy Agent project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due diligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit
 
Brendan Burns has called for public comment: https://lists.cncf.io/g/cncf-toc/message/5281

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...


[RFC] Refining the way we communicate deprecations/wide-reaching changes to the project

Stephen Augustus
 

Forwarding here as well, if anyone is interested in leaving feedback.

-- Stephen

---------- Forwarded message ---------
From: Stephen Augustus <stephen.k8s@...>
Date: Wed, Dec 2, 2020, 22:56
Subject: [k8s-steering] [RFC] Refining the way we communicate deprecations/wide-reaching changes to the project
To: Kubernetes developer/contributor discussion <kubernetes-dev@...>
Cc: steering <steering@...>


Hey Kubernetes Community,

tl;dr -- words are hard sometimes and we should take some time and care to assess the way we wield them.

---

As we go through deprecations and infrastructure changes in the project, it might be a worthwhile exercise to assess and refine the way we communicate them.

I can think of a few recent examples that caused some panic and required additional lift from contributors to reframe or contort/extend support to accommodate:
We should consider what it means to turn down a service, piece of functionality, or kubernetes/kubernetes-adjacent system and type of impact it may have for consumers.

Without policing contributors, as maintainers of the project, we also have a responsibility to users to be careful and deliberate with our communications outside of the project, whether it be Twitter, Hacker News, etc., etc.

So how can we improve?

I think depending on the scope of a change, the following SIGs should be involved in crafting comms:
  • SIG Architecture
  • SIG Release
  • SIG Docs
With SIG ContribEx to assist with consistent delivery across our properties.

I'm curious to hear everyone's thoughts here.

-- Stephen

--
You received this message because you are subscribed to the Google Groups "steering" group.
To unsubscribe from this group and stop receiving emails from it, send an email to steering+unsubscribe@....
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CAOqU-DRtVQRC79v1xM5zVpQ11hWoyqdhgrhOamkVQ3%2B5kJw44A%40mail.gmail.com.


Agenda for 12/1

Amye Scavarda Perrin
 

Hi all, 
We'll be meeting tomorrow: 
Optional SIG Updates
New Training Course on Diversity in Open Source
Moved: Security Scanning for projects to December 15th when Liz is able to make the meeting 


Thanks! 

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] Buildpacks to move to incubation

Isaac Mosquera
 

+1 NB



On Wed, Nov 18, 2020 12:49 PM, Archy k ayrat.khayretdinov@... wrote:
+1 NB

On Wed, Oct 7, 2020 at 5:21 PM Amye Scavarda Perrin <ascavarda@...> wrote:
Cloud Native Buildpacks has applied to move from sandbox to incubation. (https://github.com/cncf/toc/pull/338)

Justin Cormack is the TOC sponsor for this project, he has performed Due Diligence (https://docs.google.com/document/d/1tb3mK5cJmaQLO8xR__9NaH2GMrdn3WPjAZFBJYsXrxY/edit) and called for public comment. (https://lists.cncf.io/g/cncf-toc/message/5317)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...



#velocity,

I S A A C  M O S Q U E R A
Chief Technology Officer
p: 703.795.5322


Apologies

Liz Rice
 

I'm sorry folks, I have a conflict coming up on Tuesday 1st, and I am going to have to skip the TOC meeting

Liz


[RESULT] etcd for graduation

Amye Scavarda Perrin
 

The etcd project has been approved for graduation. (https://lists.cncf.io/g/cncf-toc/message/5452)
+1 Binding 
9/10
Matt Klein: https://lists.cncf.io/g/cncf-toc/message/5453
Brendan Burns: https://lists.cncf.io/g/cncf-toc/message/5461
Saad Ali: https://lists.cncf.io/g/cncf-toc/message/5473
Sheng Liang: https://lists.cncf.io/g/cncf-toc/message/5474
Xiang Li: https://lists.cncf.io/g/cncf-toc/message/5477
Alena Prokharchyk: https://lists.cncf.io/g/cncf-toc/message/5478
Dave Zolotusky: https://lists.cncf.io/g/cncf-toc/message/5482  
Justin Cormack: https://lists.cncf.io/g/cncf-toc/message/5495
Liz Rice: https://lists.cncf.io/g/cncf-toc/message/5496    

+1 NB
Lee Calcote: https://lists.cncf.io/g/cncf-toc/message/5454
Bartłomiej Płotka: https://lists.cncf.io/g/cncf-toc/message/5455
John Hillegass: https://lists.cncf.io/g/cncf-toc/message/5456
Tim St. Clair: https://lists.cncf.io/g/cncf-toc/message/5457
Barak Stout: https://lists.cncf.io/g/cncf-toc/message/5458
Kevin Ryan: https://lists.cncf.io/g/cncf-toc/message/5459
Bhaarat Sharma: https://lists.cncf.io/g/cncf-toc/message/5460
Yin Ding: https://lists.cncf.io/g/cncf-toc/message/5462
Ken Owens: https://lists.cncf.io/g/cncf-toc/message/5463
Archy K: https://lists.cncf.io/g/cncf-toc/message/5464
Ken Sipe: https://lists.cncf.io/g/cncf-toc/message/5465
Ricardo Aravena: https://lists.cncf.io/g/cncf-toc/message/5466
Andrew Aitken: https://lists.cncf.io/g/cncf-toc/message/5467
Katie Gamanji: https://lists.cncf.io/g/cncf-toc/message/5468
Ido Samuelson: https://lists.cncf.io/g/cncf-toc/message/5469
Frederick Kautz: https://lists.cncf.io/g/cncf-toc/message/5470
Oleg Chornyi: https://lists.cncf.io/g/cncf-toc/message/5471
Keith Burdis: https://lists.cncf.io/g/cncf-toc/message/5472
alexis richardson: https://lists.cncf.io/g/cncf-toc/message/5475
Suresh Krishnan: https://lists.cncf.io/g/cncf-toc/message/5476
Kiran Mova: https://lists.cncf.io/g/cncf-toc/message/5479
Alois Reitbauer: https://lists.cncf.io/g/cncf-toc/message/5480
Romaric Philogène: https://lists.cncf.io/g/cncf-toc/message/5481
Bob Wise: https://lists.cncf.io/g/cncf-toc/message/5483
Stephen Augustus: https://lists.cncf.io/g/cncf-toc/message/5484
Golfen Guo: https://lists.cncf.io/g/cncf-toc/message/5485
Benjamin Texier: https://lists.cncf.io/g/cncf-toc/message/5486
Richard Hartmann: https://lists.cncf.io/g/cncf-toc/message/5487
Philippe Robin: https://lists.cncf.io/g/cncf-toc/message/5488
Xu Wang: https://lists.cncf.io/g/cncf-toc/message/5489
Alex Chircop: https://lists.cncf.io/g/cncf-toc/message/5490
Thomas Schuetz: https://lists.cncf.io/g/cncf-toc/message/5491
Isaac Mosquera: https://lists.cncf.io/g/cncf-toc/message/5492
Sunny Raskar: https://lists.cncf.io/g/cncf-toc/message/5493
Tzury Bar Yochay: https://lists.cncf.io/g/cncf-toc/message/5494
Robert Wilkins III: https://lists.cncf.io/g/cncf-toc/message/5497

--
Amye Scavarda Perrin | Program Manager | amye@...

1501 - 1520 of 7042