Results from Sandbox Inclusion Meeting, September 13
The following projects were included into the sandbox:
Serverless Devs - Passes with a majority vote of the TOC
ContainerSSH - Passes with a majority vote of the TOC
OpenFGA - Passes with a majority vote of the TOC
Kured - Passes with a majority vote of the TOC
Carvel - Passes with a majority vote of the TOC
Lima - Passes with a majority vote of the TOC
Not included:
Unikraft
Kubescape
- TOC requests that the project decouple Saas from the open source project, both in naming and functionality
Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB
Our next sandbox review meeting will be November 22nd, 2022.
The TOC met today to review applications at sandbox.cncf.io.
The following projects were included into the sandbox:
Serverless Devs - Passes with a majority vote of the TOC
ContainerSSH - Passes with a majority vote of the TOC
OpenFGA - Passes with a majority vote of the TOC
Kured - Passes with a majority vote of the TOC
Carvel - Passes with a majority vote of the TOC
Lima - Passes with a majority vote of the TOC
Not included:
Unikraft- Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889
Kubescape
- TOC requests that the project decouple Saas from the open source project, both in naming and functionality
Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB
Our next sandbox review meeting will be November 22nd, 2022.--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
If our understanding is wrong, please point us to any evidence that the request was to move from where they are to CNCF. (like a vote or discussion or something?) please let us know, we will be happy to reconsider. If you want a quick back and forth if the request is not clear, please hit us up on #toc slack channel
The TOC met today to review applications at sandbox.cncf.io.
The following projects were included into the sandbox:
Serverless Devs - Passes with a majority vote of the TOC
ContainerSSH - Passes with a majority vote of the TOC
OpenFGA - Passes with a majority vote of the TOC
Kured - Passes with a majority vote of the TOC
Carvel - Passes with a majority vote of the TOC
Lima - Passes with a majority vote of the TOC
Not included:
Unikraft- Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889
Kubescape
- TOC requests that the project decouple Saas from the open source project, both in naming and functionality
Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB
Our next sandbox review meeting will be November 22nd, 2022.--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
Hi,
Ben here, one of the maintainers of Kubescape and CTO of ARMO. Thanks for defining the main items the TOC needs clarifications about Kubescape and our application for Sandbox.
Regarding the separation of Kubescape as an open source and ARMO’s SaaS offering. Both the Kubescape CLI and service can be run as a complete stand-alone solution against or in the local k8s cluster.
Both the CLI and the service are storing results locally and enabling access to the data in standard formats (JSON, Prometheus exporter API, etc.). If the user wants to send the data to ARMO's SaaS solution it needs to be explicitly enabled (it is not the default).
You can use Kubescape as an independent component with no connection to the ARMO SaaS offering and it is already used by many users. Some examples include:
CNCF Cloud Native Network Function WG, as part of the CNF Testsuite (https://github.com/cncf/cnf-testsuite/search?q=kubescape)
GitPod and Prometheus-operator using Kubescape and contributing Kubescape Prometheus integration (https://github.com/prometheus-operator/kube-prometheus)
ValidKube uses Kubescape as its engine for scanning YAMLs - https://validkube.com/
These are just a few examples, Kubescape has over 100K downloads and is being used weekly by over 5000 users based on our research and the inputs we are getting.
Regarding the configuration separation. Kubescape can send data to an endpoint if configured to do so. Today, this endpoint is hardcoded and points to ARMO’s SaaS solution. We believe that as part of becoming a CNCF project, this configuration has to be vendor-neutral. This is going to be implemented during the onboarding (due to resource limitations). The same applies to any “leftover” references to ARMO both in the code and the documentation.
Regarding the naming of ARMO’s SaaS offering. We will comply with the trademark policies set out by the Linux foundation. We would like to take the same approach as above and make this change as part of the onboarding process. We believe that part will be easier for us than other cases the CNCF dealt with in which even the company name and the project name were the same.
Please feel free to contact us if you need any further clarification. We look forward to the next steps.
Thank you,
Ben
A bit more color on Kubescape request.- Can someone run the service in a local k8s cluster (without any link to SaaS services provided by ARMO)- Can the CLI talk to the service in the local cluster by default (without needing to require accessing the SaaS services?)- The SaaS product is also named Kubescape? ( https://cloud.armosec.io/account/login?redirectUrl=%2Fdashboard ), Can the product and the open source project be separated? (named differently)Also please see the recording when it becomes available, as we were scratching our heads quite a bit.thanks,DimsOn Tue, Sep 13, 2022 at 2:01 PM Amye Scavarda Perrin <ascavarda@...> wrote:The TOC met today to review applications at sandbox.cncf.io.
The following projects were included into the sandbox:
Serverless Devs - Passes with a majority vote of the TOC
ContainerSSH - Passes with a majority vote of the TOC
OpenFGA - Passes with a majority vote of the TOC
Kured - Passes with a majority vote of the TOC
Carvel - Passes with a majority vote of the TOC
Lima - Passes with a majority vote of the TOC
Not included:
Unikraft- Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889
Kubescape
- TOC requests that the project decouple Saas from the open source project, both in naming and functionality
Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB
Our next sandbox review meeting will be November 22nd, 2022.--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...--Davanum Srinivas :: https://twitter.com/dims