Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LFX menthorship: add Kyverno project ideas #1122

Merged
merged 6 commits into from
Jan 24, 2024
Merged

LFX menthorship: add Kyverno project ideas #1122

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2fe6318
add kyverno 2024 project ideas
realshuting Jan 23, 2024
efd81b7
updates
realshuting Jan 23, 2024
e9a5999
merge main
realshuting Jan 24, 2024
dd44fa1
add mentor
realshuting Jan 24, 2024
dbac7e7
merge main
realshuting Jan 24, 2024
f1dd299
Move Kyverno project ideas above
aliok Jan 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,49 @@
- Zhongpei Qiao(@chivalryq, chivalry.pp@gmail.com)
- Upstream Issue: https://github.com/kubevela/kubevela/issues/6435

### Kyverno

#### Kyverno for Envoy Authorization

- Description: Build an Envoy plugin to support authorisation based on Kyverno policies.
- Expected Outcome: Enable users to perform autorisation with similar concepts as kyverno and kyverno-JSON using policies.
- Recommended Skills: Golang, Kubernetes, Envoy
- Mentor(s):
- Charles-Edouard Brétéché (@eddycharly, charles.edouard@nirmata.com)
- Anushka Mittal (@anushkamittal2001, anushka@nirmata.com)
- Upstream Issue: https://github.com/kyverno/kyverno/issues/9488

#### Kyverno VPA Recommender

- Description: A common pain-point heard from users is improper resource allocations, and if Kyverno policies can help with that. This is an exploratory project to see if Kyverno can work with Kubernetes Vertical Pod Autoscalers (VPA).
- Expected Outcome: Kyverno policies that work with VPA recommender.
- Recommended Skills: Golang, Kubernetes
- Mentor(s):
- Jim Bugwadia (@jimbugwadia, jim@nirmata.com)
- Khaled Emara (@KhaledEmaraDev, khaled.emara@nirmata.com)
- Upstream Issue: https://github.com/kyverno/kyverno/issues/9429


#### Convert Kubernetes Best Practices Policies to CEL

- Description: Kubernetes Best Practices policies are written using Kyverno patterns and JMESPath, which means they cannot be executed as ValidatingAdmissionPolicy resources in the API server. This project aims to convert Kubernetes Best Practices policies, and other validating policies, to CEL wherever possible.
- Expected Outcome: Convert Kyverno policies for Kubernetes best practices to CEL.
- Recommended Skills: Kubernetes, Kyverno policies, CEL
- Mentor(s):
- Anusha Hegde (@anusha94, anusha.hegde@nirmata.com)
- Mariam Fahmy (@MariamFahmy98, mariam.fahmy@nirmata.com)
- Upstream Issue: https://github.com/kyverno/policies/issues/891

#### Verify Multiple Image Attestations

- Description: Currently Kyverno cannot verify data across multiple attestations e.g. an image vulnerability scan report and a OpenVEX document. This project will enhance the image verification rules to support flexible checks across multiple attestations.
- Expected Outcome: Support condition validation across multiple image verification attestations or context entry.
- Recommended Skills: Golang, Kubernetes, VEX, Cosign, Notary
- Mentor(s):
- Vishal Choudhary (@vishal-chdhry, vishal.choudhary@nirmata.com)
- Shuting Zhao (@realshuting, shuting@nirmata.com)
- Upstream Issue: https://github.com/kyverno/kyverno/issues/9456

### Prometheus

#### Client_golang CI/CD improvements
Expand Down