cncf-toc@lists.cncf.io | Results from Sandbox Inclusion Meeting, September 13

Home Messages Hashtags Subgroups

Date Date 1 - 4 of 4

Results from Sandbox Inclusion Meeting, September 13

Ben Hirschberg #7591 Hi, Ben here, one of the maintainers of Kubescape and CTO of ARMO. Thanks for defining the main items the TOC needs clarifications about Kubescape and our application for Sandbox. Regarding the separation of Kubescape as an open source and ARMO’s SaaS offering. Both the Kubescape CLI and service can be run as a complete stand-alone solution against or in the local k8s cluster. Both the CLI and the service are storing results locally and enabling access to the data in standard formats (JSON, Prometheus exporter API, etc.). If the user wants to send the data to ARMO's SaaS solution it needs to be explicitly enabled (it is not the default). You can use Kubescape as an independent component with no connection to the ARMO SaaS offering and it is already used by many users. Some examples include: CNCF Cloud Native Network Function WG, as part of the CNF Testsuite (https://github.com/cncf/cnf-testsuite/search?q=kubescape) GitPod and Prometheus-operator using Kubescape and contributing Kubescape Prometheus integration (https://github.com/prometheus-operator/kube-prometheus) ValidKube uses Kubescape as its engine for scanning YAMLs - https://validkube.com/ These are just a few examples, Kubescape has over 100K downloads and is being used weekly by over 5000 users based on our research and the inputs we are getting. Regarding the configuration separation. Kubescape can send data to an endpoint if configured to do so. Today, this endpoint is hardcoded and points to ARMO’s SaaS solution. We believe that as part of becoming a CNCF project, this configuration has to be vendor-neutral. This is going to be implemented during the onboarding (due to resource limitations). The same applies to any “leftover” references to ARMO both in the code and the documentation. Regarding the naming of ARMO’s SaaS offering. We will comply with the trademark policies set out by the Linux foundation. We would like to take the same approach as above and make this change as part of the onboarding process. We believe that part will be easier for us than other cases the CNCF dealt with in which even the company name and the project name were the same. Please feel free to contact us if you need any further clarification. We look forward to the next steps. Thank you, Ben toggle quoted message Show quoted text On Tue, Sep 13, 2022 at 9:44 PM Davanum Srinivas <davanum@...> wrote: A bit more color on Kubescape request. - Can someone run the service in a local k8s cluster (without any link to SaaS services provided by ARMO) - Can the CLI talk to the service in the local cluster by default (without needing to require accessing the SaaS services?) - The SaaS product is also named Kubescape? ( https://cloud.armosec.io/account/login?redirectUrl=%2Fdashboard ), Can the product and the open source project be separated? (named differently) Also please see the recording when it becomes available, as we were scratching our heads quite a bit. thanks, Dims On Tue, Sep 13, 2022 at 2:01 PM Amye Scavarda Perrin <ascavarda@...> wrote: The TOC met today to review applications at sandbox.cncf.io. The following projects were included into the sandbox: Serverless Devs - Passes with a majority vote of the TOC ContainerSSH - Passes with a majority vote of the TOC OpenFGA - Passes with a majority vote of the TOC Kured - Passes with a majority vote of the TOC Carvel - Passes with a majority vote of the TOC Lima - Passes with a majority vote of the TOC Not included: Unikraft - Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889 Kubescape - TOC requests that the project decouple Saas from the open source project, both in naming and functionality Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB Our next sandbox review meeting will be November 22nd, 2022. -- Amye Scavarda Perrin \| Director of Developer Programs, CNCF \| amye@... -- Davanum Srinivas :: https://twitter.com/dims
More All Messages By This Member
Davanum Srinivas #7506 Additional color for Unikraft: We believe the ask from them was for the project to be under BOTH foundations. Which is not possible currently, but we are exploring it in the url, Amye pointed to already. If our understanding is wrong, please point us to any evidence that the request was to move from where they are to CNCF. (like a vote or discussion or something?) please let us know, we will be happy to reconsider. If you want a quick back and forth if the request is not clear, please hit us up on #toc slack channel Also note that the TOC now prioritizes resubmissions when looking at the queue, So the process would be to resubmit (and please mention that it is a resubmission). -- Dims toggle quoted message Show quoted text On Tue, Sep 13, 2022 at 2:01 PM Amye Scavarda Perrin <ascavarda@...> wrote: The TOC met today to review applications at sandbox.cncf.io. The following projects were included into the sandbox: Serverless Devs - Passes with a majority vote of the TOC ContainerSSH - Passes with a majority vote of the TOC OpenFGA - Passes with a majority vote of the TOC Kured - Passes with a majority vote of the TOC Carvel - Passes with a majority vote of the TOC Lima - Passes with a majority vote of the TOC Not included: Unikraft - Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889 Kubescape - TOC requests that the project decouple Saas from the open source project, both in naming and functionality Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB Our next sandbox review meeting will be November 22nd, 2022. -- Amye Scavarda Perrin \| Director of Developer Programs, CNCF \| amye@... -- Davanum Srinivas :: https://twitter.com/dims
More All Messages By This Member
Davanum Srinivas #7502 A bit more color on Kubescape request. - Can someone run the service in a local k8s cluster (without any link to SaaS services provided by ARMO) - Can the CLI talk to the service in the local cluster by default (without needing to require accessing the SaaS services?) - The SaaS product is also named Kubescape? ( https://cloud.armosec.io/account/login?redirectUrl=%2Fdashboard ), Can the product and the open source project be separated? (named differently) Also please see the recording when it becomes available, as we were scratching our heads quite a bit. thanks, Dims toggle quoted message Show quoted text On Tue, Sep 13, 2022 at 2:01 PM Amye Scavarda Perrin <ascavarda@...> wrote: The TOC met today to review applications at sandbox.cncf.io. The following projects were included into the sandbox: Serverless Devs - Passes with a majority vote of the TOC ContainerSSH - Passes with a majority vote of the TOC OpenFGA - Passes with a majority vote of the TOC Kured - Passes with a majority vote of the TOC Carvel - Passes with a majority vote of the TOC Lima - Passes with a majority vote of the TOC Not included: Unikraft - Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889 Kubescape - TOC requests that the project decouple Saas from the open source project, both in naming and functionality Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB Our next sandbox review meeting will be November 22nd, 2022. -- Amye Scavarda Perrin \| Director of Developer Programs, CNCF \| amye@... -- Davanum Srinivas :: https://twitter.com/dims
More All Messages By This Member
Amye Scavarda Perrin #7501 The TOC met today to review applications at sandbox.cncf.io. The following projects were included into the sandbox: Serverless Devs - Passes with a majority vote of the TOC ContainerSSH - Passes with a majority vote of the TOC OpenFGA - Passes with a majority vote of the TOC Kured - Passes with a majority vote of the TOC Carvel - Passes with a majority vote of the TOC Lima - Passes with a majority vote of the TOC Not included: Unikraft - Already a Linux Foundation project, we do not yet have a way to share projects between foundations, but there is an open issue to do so! https://github.com/cncf/toc/issues/889 Kubescape - TOC requests that the project decouple Saas from the open source project, both in naming and functionality Recording will be made available on the CNCF TOC YouTube playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB Our next sandbox review meeting will be November 22nd, 2022. -- Amye Scavarda Perrin \| Director of Developer Programs, CNCF \| amye@...
More All Messages By This Member

1 - 4 of 4

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms