From 2fe6318a996609222a8ee1d4f6735fb9a557ba01 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Tue, 23 Jan 2024 15:25:59 +0800 Subject: [PATCH 1/4] add kyverno 2024 project ideas Signed-off-by: ShutingZhao --- .../2024/01-Mar-May/project_ideas.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md index 8dc4dacd..337928dc 100644 --- a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md +++ b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md @@ -89,3 +89,45 @@ - Pierangelo Di Pilato (@pierdipi, pierdipi@redhat.com) - Upstream Issue: https://github.com/knative/eventing/issues/7530 +### Kyverno + +#### Kyverno for Envoy Authorization + +- Description: Build an Envoy plugin to support authorisation based on Kyverno policies. +- Expected Outcome: Enable users to perform autorisation with similar concepts as kyverno and kyverno-JSON using policies. +- Recommended Skills: Golang, Kubernetes, Envoy +- Mentor(s): + - Charles-Edouard Brétéché (@eddycharly, charles.edouard@nirmata.com) +- Upstream Issue: https://github.com/kyverno/kyverno/issues/9488 + +#### Kyverno VPA Recommender + +- Description: A common pain-point heard from users is improper resource allocations, and if Kyverno policies can help with that. This is an exploratory project to see if Kyverno can work with Kubernetes Vertical Pod Autoscalers (VPA). +- Expected Outcome: Kyverno policies that work with VPA recommender. +- Recommended Skills: Golang, Kubernetes +- Mentor(s): + - Jim Bugwadia (@jimbugwadia, jim@nirmata.com) + - Khaled Emara (@KhaledEmaraDev, khaled.emara@nirmata.com) +- Upstream Issue: https://github.com/kyverno/kyverno/issues/9429 + + +#### Convert Kubernetes Best Practices Policies to CEL + +- Description: Kubernetes Best Practices policies are written using Kyverno patterns and JMESPath, which means they cannot be executed as ValidatingAdmissionPolicy resources in the API server. This project aims to convert Kubernetes Best Practices policies, and other validating policies, to CEL wherever possible. +- Expected Outcome: Convert Kyverno policies for Kubernetes best practices to CEL. +- Recommended Skills: Kubernetes, Kyverno policies, CEL +- Mentor(s): + - Anusha Hegde (@anusha94, anusha.hegde@nirmata.com) + - Mariam Fahmy (@MariamFahmy98, mariam.fahmy@nirmata.com) +- Upstream Issue: https://github.com/kyverno/policies/issues/891 + +#### Kyverno OpenVEX Integration + +- Description: Currently one cannot use the payload in an attestation and use it while verifying a different signed attestation through Kyverno image verification policy. +- Expected Outcome: Support condition validation across multiple image verification attestations or context entry. +- Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary +- Mentor(s): + - Vishal Choudhary (@vishal-chdhry, vishal.choudhary@nirmata.com) + - Shuting Zhao (@realshuting, shuting@nirmata.com) +- Upstream Issue: https://github.com/kyverno/kyverno/issues/9456 + From efd81b72f9da50fb06a5c0dddaa55cbf8afaba38 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Tue, 23 Jan 2024 15:49:49 +0800 Subject: [PATCH 2/4] updates Signed-off-by: ShutingZhao --- programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md index 337928dc..3f4b52bc 100644 --- a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md +++ b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md @@ -121,9 +121,9 @@ - Mariam Fahmy (@MariamFahmy98, mariam.fahmy@nirmata.com) - Upstream Issue: https://github.com/kyverno/policies/issues/891 -#### Kyverno OpenVEX Integration +#### Verify Multiple Image Attestations -- Description: Currently one cannot use the payload in an attestation and use it while verifying a different signed attestation through Kyverno image verification policy. +- Description: Currently Kyverno cannot verify data across multiple attestations e.g. an image vulnerability scan report and a OpenVEX document. This project will enhance the image verification rules to support flexible checks across multiple attestations. - Expected Outcome: Support condition validation across multiple image verification attestations or context entry. - Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary - Mentor(s): From dd44fa1f1d42756ef580cb019f008d1ff8317ca1 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Wed, 24 Jan 2024 22:58:08 +0800 Subject: [PATCH 3/4] add mentor Signed-off-by: ShutingZhao --- programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md index 0ca22de5..31e9ff57 100644 --- a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md +++ b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md @@ -160,6 +160,7 @@ - Recommended Skills: Golang, Kubernetes, Envoy - Mentor(s): - Charles-Edouard Brétéché (@eddycharly, charles.edouard@nirmata.com) + - Anushka Mittal (@anushkamittal2001, anushka@nirmata.com) - Upstream Issue: https://github.com/kyverno/kyverno/issues/9488 #### Kyverno VPA Recommender From f1dd299943e33f3995fdb652dfa64950cc824611 Mon Sep 17 00:00:00 2001 From: Ali Ok Date: Wed, 24 Jan 2024 23:50:31 +0300 Subject: [PATCH 4/4] Move Kyverno project ideas above --- .../2024/01-Mar-May/project_ideas.md | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md index 0ed9d07d..e161b7ab 100644 --- a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md +++ b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md @@ -230,6 +230,49 @@ - Zhongpei Qiao(@chivalryq, chivalry.pp@gmail.com) - Upstream Issue: https://github.com/kubevela/kubevela/issues/6435 +### Kyverno + +#### Kyverno for Envoy Authorization + +- Description: Build an Envoy plugin to support authorisation based on Kyverno policies. +- Expected Outcome: Enable users to perform autorisation with similar concepts as kyverno and kyverno-JSON using policies. +- Recommended Skills: Golang, Kubernetes, Envoy +- Mentor(s): + - Charles-Edouard Brétéché (@eddycharly, charles.edouard@nirmata.com) + - Anushka Mittal (@anushkamittal2001, anushka@nirmata.com) +- Upstream Issue: https://github.com/kyverno/kyverno/issues/9488 + +#### Kyverno VPA Recommender + +- Description: A common pain-point heard from users is improper resource allocations, and if Kyverno policies can help with that. This is an exploratory project to see if Kyverno can work with Kubernetes Vertical Pod Autoscalers (VPA). +- Expected Outcome: Kyverno policies that work with VPA recommender. +- Recommended Skills: Golang, Kubernetes +- Mentor(s): + - Jim Bugwadia (@jimbugwadia, jim@nirmata.com) + - Khaled Emara (@KhaledEmaraDev, khaled.emara@nirmata.com) +- Upstream Issue: https://github.com/kyverno/kyverno/issues/9429 + + +#### Convert Kubernetes Best Practices Policies to CEL + +- Description: Kubernetes Best Practices policies are written using Kyverno patterns and JMESPath, which means they cannot be executed as ValidatingAdmissionPolicy resources in the API server. This project aims to convert Kubernetes Best Practices policies, and other validating policies, to CEL wherever possible. +- Expected Outcome: Convert Kyverno policies for Kubernetes best practices to CEL. +- Recommended Skills: Kubernetes, Kyverno policies, CEL +- Mentor(s): + - Anusha Hegde (@anusha94, anusha.hegde@nirmata.com) + - Mariam Fahmy (@MariamFahmy98, mariam.fahmy@nirmata.com) +- Upstream Issue: https://github.com/kyverno/policies/issues/891 + +#### Verify Multiple Image Attestations + +- Description: Currently Kyverno cannot verify data across multiple attestations e.g. an image vulnerability scan report and a OpenVEX document. This project will enhance the image verification rules to support flexible checks across multiple attestations. +- Expected Outcome: Support condition validation across multiple image verification attestations or context entry. +- Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary +- Mentor(s): + - Vishal Choudhary (@vishal-chdhry, vishal.choudhary@nirmata.com) + - Shuting Zhao (@realshuting, shuting@nirmata.com) +- Upstream Issue: https://github.com/kyverno/kyverno/issues/9456 + ### Prometheus #### Client_golang CI/CD improvements @@ -300,46 +343,3 @@ - Hung-Ying Tai (@hydai, hydai@secondstate.io) - dm4 (@dm4, dm4@secondstate.io) - Upstream Issue: https://github.com/WasmEdge/WasmEdge/issues/3172 - -### Kyverno - -#### Kyverno for Envoy Authorization - -- Description: Build an Envoy plugin to support authorisation based on Kyverno policies. -- Expected Outcome: Enable users to perform autorisation with similar concepts as kyverno and kyverno-JSON using policies. -- Recommended Skills: Golang, Kubernetes, Envoy -- Mentor(s): - - Charles-Edouard Brétéché (@eddycharly, charles.edouard@nirmata.com) - - Anushka Mittal (@anushkamittal2001, anushka@nirmata.com) -- Upstream Issue: https://github.com/kyverno/kyverno/issues/9488 - -#### Kyverno VPA Recommender - -- Description: A common pain-point heard from users is improper resource allocations, and if Kyverno policies can help with that. This is an exploratory project to see if Kyverno can work with Kubernetes Vertical Pod Autoscalers (VPA). -- Expected Outcome: Kyverno policies that work with VPA recommender. -- Recommended Skills: Golang, Kubernetes -- Mentor(s): - - Jim Bugwadia (@jimbugwadia, jim@nirmata.com) - - Khaled Emara (@KhaledEmaraDev, khaled.emara@nirmata.com) -- Upstream Issue: https://github.com/kyverno/kyverno/issues/9429 - - -#### Convert Kubernetes Best Practices Policies to CEL - -- Description: Kubernetes Best Practices policies are written using Kyverno patterns and JMESPath, which means they cannot be executed as ValidatingAdmissionPolicy resources in the API server. This project aims to convert Kubernetes Best Practices policies, and other validating policies, to CEL wherever possible. -- Expected Outcome: Convert Kyverno policies for Kubernetes best practices to CEL. -- Recommended Skills: Kubernetes, Kyverno policies, CEL -- Mentor(s): - - Anusha Hegde (@anusha94, anusha.hegde@nirmata.com) - - Mariam Fahmy (@MariamFahmy98, mariam.fahmy@nirmata.com) -- Upstream Issue: https://github.com/kyverno/policies/issues/891 - -#### Verify Multiple Image Attestations - -- Description: Currently Kyverno cannot verify data across multiple attestations e.g. an image vulnerability scan report and a OpenVEX document. This project will enhance the image verification rules to support flexible checks across multiple attestations. -- Expected Outcome: Support condition validation across multiple image verification attestations or context entry. -- Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary -- Mentor(s): - - Vishal Choudhary (@vishal-chdhry, vishal.choudhary@nirmata.com) - - Shuting Zhao (@realshuting, shuting@nirmata.com) -- Upstream Issue: https://github.com/kyverno/kyverno/issues/9456