[SANDBOX PROJECT ONBOARDING] KubeArmor

[amye]

Welcome to CNCF Project Onboarding! This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project. We would like to complete onboarding within one month of acceptance.

From the project side, please ensure that you:

• [x] Understand the project proposal process and reqs: https://github.com/cncf/toc/blob/main/process/project_proposals.adoc#introduction
• [x] Understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
• [x] Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
• [x] Review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
• [x] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
• [x] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
• [x] Has your project adopted open governance already? see http://opengovernance.dev
• [ ] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
• [x] Is your project in its own separate neutral github organization?
• [x] Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io
• [x] Create maintainer list + add to aggregated https://maintainers.cncf.io list by submitting a PR to it
• [x] Have added your project to https://github.com/cncf/contribute
• [x] Artwork: Submit a pull request to https://github.com/cncf/artwork with your artwork
• [x] -Domain: transfer domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63

Things that CNCF will need from the project:

• [x] Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk
• [x] Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
• [x] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership
• [x] GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
• [x] Website: ensure LF footer is there and website guidelines followed
• [x] Website: Analytics transferred to amye@linuxfoundation.org
• [x] CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en

Things that the CNCF will do or help the project to do:

• [x] Devstats: add to devstats https://devstats.cncf.io/
• [x] Insights: add to LFX Insights https://insights.v3.lfx.linuxfoundation.org/
• [x] Marketing: update relevant intro + slide decks
• [x] Events: update CFP + Registration + CFP Area forms
• [x] ServiceDesk: confirm maintainers have read https://www.cncf.io/services-for-projects/
• [x] CNCF Welcome Email Sent to confirm maintainer list access, welcome email has monthly project sync details
• [x] Create space for meetings/events on https://community.cncf.io, e.g., https://community.cncf.io/pravega-community/ - (https://github.com/cncf/communitygroups/blob/main/README.md#cncf-projects)
• [x] Adopt a license scanning tool, like FOSSA or Snyk

[amye]

@nyrahul has beaten me to inviting you all in, I have marked off 'contribute'!

[lukaszgryglicki]

DevStats page added.

[amye]

@nyrahul: Anything we can do to help here? We'd like to get everyone completely onboarded by December 15th.

[nyrahul]

@nyrahul: Anything we can do to help here? We'd like to get everyone completely onboarded by December 15th.

Thanks @amye. We should be able to handle by Dec 15th. (CC: @namdeirf)

We can tick following action items:

• Understand the project proposal process and reqs: main/process/project_proposals.adoc#introduction

• Understand the services available for your project at CNCF cncf.io/services-for-projects

• Review the online programs guidelines: cncf/foundation@master/online-programs-guidelines.md

• Understand the license allowlist: cncf/foundation@master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist

• Is your project in its own separate neutral github organization?

• Create maintainer list + add to aggregated maintainers.cncf.io list by submitting a PR to it (ref: cncf/foundation#257)

• Provide emails for the maintainers added to maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk

  • Rahul Jadhav (r@accuknox.com)
  • Asif Ali (a@accuknox.com)
  • Jaehyun Nam (jn@accuknox.com)

• GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership

  • sent invitation

[namdeirf]

@amye Thank you to everyone for moving so quickly!

I am working with the legal team on our side for the trademarks transfer, but when looking at the the pdfs here at cncf/foundation/agreements I do not see editable versions. I downloaded and viewed in Firefox and Preview, so perhaps it is a technical issue on my end? Please let me know if there is an editable version or Docusign version we can fill out.

[amye]

@amye Thank you to everyone for moving so quickly!

I am working with the legal team on our side for the trademarks transfer, but when looking at the the pdfs here at cncf/foundation/agreements I do not see editable versions. I downloaded and viewed in Firefox and Preview, so perhaps it is a technical issue on my end? Please let me know if there is an editable version or Docusign version we can fill out.

Correct, these are PDFs that can be loaded into docusign. Send me a signed copy from your side, I'll return a fully executed copy.

[nyrahul]

@amye, we can mark following tasks as done: CC: @namdeirf

• Ensure your project meets the CNCF IP Policy: cncf/foundation@master/charter.md#11-ip-policy
• Understand the trademark guidelines: linuxfoundation.org/en/trademark-usage
• Has your project adopted open governance already? see http://opengovernance.dev (Ref: kubearmor/KubeArmor#516)
• Have added your project to cncf/contribute (Ref: cncf/contribute#83)
• Artwork: Submit a pull request to cncf/artwork with your artwork (Ref: cncf/artwork#317)
• GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project (Comment: we have now mandated/automated DCO for all commits in the relevant repos)

Thanks

[idvoretskyi]

@nyrahul I'll check them for you.

Do you need any assistance with the remaining items?

[nyrahul]

@nyrahul I'll check them for you.

Do you need any assistance with the remaining items?

Thanks @idvoretskyi , we are working on getting the domain transfer, trademark and logo asset transfer, analytics transferred. I am not sure how this works but my teammate @namdeirf is working on this and has been raising the doubts. @namdeirf, if you have any pending doubts please let know here. Thanks

[idvoretskyi]

@nyrahul Great!

[namdeirf]

@idvoretskyi Can add new checkmarks:

Complete

• [x] Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
• [x] GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
• [x] CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en
• [x] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
• [x] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
• [x] Has your project adopted open governance already? see http://opengovernance.dev
• [x] Have added your project to https://github.com/cncf/contribute | here
• [x] Artwork: Submit a pull request to https://github.com/cncf/artwork with your artwork | https://github.com/cncf/artwork/pull/317

In progress on LF's end

• [x] Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io | https://github.com/cncf/landscape/pull/2381
• [ ] Create space for meetings/events on https://community.cncf.io _ We are having some challenges filling out the form behind this link: https://servicedesk.cncf.io/ | @nyrahul

In progress on KubeArmor's end

• [ ] Website: ensure LF footer is there and website guidelines followed
• [ ] Adopt a license scanning tool, like FOSSA or Snyk
• [ ] Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
• [ ] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
• [ ] Website: Analytics transferred to amye@linuxfoundation.org

[idvoretskyi]

Thanks, @namdeirf!

_ We are having some challenges filling out the form behind this link: https://servicedesk.cncf.io/ | @nyrahul

What's your issue here? I may try to help.

[namdeirf]

Thanks @idvoretskyi, the instructions for projects on the community page have us go to this link

To request a community chapter for the CNCF project, please file a ticket to the CNCF ServiceDesk - https://servicedesk.cncf.io

It states it's meant for maintainers so I asked to @nyrahul create the space for us, however, he is getting an error message I shared in a screenshot.

We want to move our regular technical meetings and office hours to the community group as soon as we can.

Thank you for working with us on this!

[namdeirf]

@idvoretskyi, this came up on our internal call today that I could not answer, so I apologize if these are silly questions

License Scanning Tool ...

1. is there an existing CNCF license that we should leverage? or create our own.
2. is there any guidance on choosing between Snyk/FOSSA outside of preference, familiarity? - ie is geared towards one type of project vs. another. I suspect it is a 'it depends' answer.

If the above is easier to answer via a call, I am happy to do that.

[amye]

Access to servicedesk is fixed now!

Re: license, are you looking for https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy ?

[namdeirf]

Thank you @amye for addressing the service desk so quickly! and sorry for the confusion from me, rereading I see it is not as clear as I could be.

Regarding my question on license is was more along the lines of is there an official CNCF Snyk/FOSSA account we leverage for the KubeArmor project for license scanning, or do we simply create one on our own?

[amye]

Ohhhh, ok yes that is an @idvoretskyi question.

[idvoretskyi]

Regarding my question on license is was more along the lines of is there an official CNCF Snyk/FOSSA account we leverage for the KubeArmor project for license scanning, or do we simply create one on our own?

@namdeirf we can provide you with licenses for both tools, just whatever you prefer. Note that FOSSA is mostly a purely license-scanning tool (https://fossa.com/product/open-source-license-compliance), while Snyk is way more feature-rich with the focus on security&vulnerability scanning (https://snyk.io/product/open-source-security-management/), so you can use it for other purposes.

Once you decide, please fille a ServiceDesk ticket and I'll provide you with the further license details :)

[namdeirf]

Hope you have a good weekend @idvoretskyi, when you get back, doing the landscape steps: I got this error message https://github.com/cncf/landscape/pull/2385#issuecomment-991372632

Build failed because of: item KubeArmor has an invalid repo https://github.com/kubearmor/KubeArmor/

Anything you can do to point me in the right direction thank you!

[idvoretskyi]

@namdeirf please open an issue under the landscape repo, folks will follow up :)

[namdeirf]

@idvoretskyi / @amye Hope you all had a good weekend.

License scanning tool: The project leverages Apache SkyWalking Eyes. If this meets the requirements for the Sandbox project we can check that off, if not please let us know. Info in this tool can be found here.

Thanks!

[idvoretskyi]

@namdeirf can we see a license scanning report of this tool provided for your project?

[namdeirf]

@idvoretskyi here is our generated report: https://gist.github.com/daemon1024/3ed45e9294f5bd4f273d03d90d0a6549

If we need to make changes, etc happy to do it.

[idvoretskyi]

@namdeirf ideally, if you could add a badge to the project README, which can point out to the generated report (this is something that FOSSA allows, for instance).

[namdeirf]

Updates

Complete

• Website: ensure LF footer is there and website guidelines followed (see here)
• Website: Analytics transferred to amye@linuxfoundation.org (email sent)
• Create space for meetings/events (Ticket filed)

In progress:

• Adopt a license scanning tool, like FOSSA or Snyk (Based on guidance above - The group will most likely agree to adopt Snyk, we are using the opportunity to put our Governance rules to practice at our Thursday meeting)
• Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements (Document upload to docusign and waiting signatures, we initially had the wrong destination but since corrected)

[idvoretskyi]

Snyk is enabled, checking this off :)

[idvoretskyi]

@namdeirf only Slack and Trademarks are left to check out. I see your comment above on the trademarks, what about Slack?

[namdeirf]

re: Slack, @idvoretskyi . We are moving the admin/owner privileges over to me and I'll initiate the transfer ASAP.

[namdeirf]

I got the Slack message on the export side and uploaded to Drive. to import to CNCF to #kubearmor I do not see the import options so I will need to coordinate with someone who has import permissions to hand them off. We we will want to move all members and all messages from the General channel to the new CNCF channel.

[namdeirf]

Hey @amye / @idvoretskyi Hope you have a happy new year! Understand people are off for NYE, but when you all get back in, we are trying to resolve that kubearmor.com is 'down'

We transferred the domain name per the sandbox requirements but were intended to still maintain the site. Is this something we can get resolved quickly? Please let me know. If this will take a while can we get it redirected to https://github.com/kubearmor/KubeArmor.

[idvoretskyi]

@namdeirf if you have already transferred the website to LF/CNCF, can you please file a ticket to the LF support - http://support.linuxfoundation.org

[amye]

https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/37 may be your fastest way in! I am not seeing the domain transfer on our side, so this will need LFIT's help.

[amye]

I take it back, the error I see is "This domain is delegated to an alternate DNS and URL redirects are not supported. Please file a ticket at https://support.linuxfoundation.org if you would like to change the delegation."

What might have happened is that your domain registrar and DNS servers were the same thing, so when the domain moved to a registrar managed by LF, they dropped your nameservers. @namdeirf - does that ring a bell?

[namdeirf]

That is possible, I'll need to check on our end.

Thank you!

[amye]

Sorry for the trouble, but this is totally fixable!

[amye]

I got the Slack message on the export side and uploaded to Drive. to import to CNCF to #kubearmor I do not see the import options so I will need to coordinate with someone who has import permissions to hand them off. We we will want to move all members and all messages from the General channel to the new CNCF channel.

This is something that @idvoretskyi can help with!

Separately, I can help with getting trademarks transferred, that's the last two remaining things here. :)

[idvoretskyi]

@namdeirf regarding Slack - please file a ticket to the CNCF ServiceDesk, happy to help you there!

[amye]

@namdeirf - coming back in here, we can help with trademarks! https://github.com/cncf/foundation/tree/main/agreements has PDFs of no registered trademarks or registered trademarks.

We can also help get your slack channels migrated, or opening up new ones in CNCF slack.

[krook]

Added to LFX Insights

• Insights documentation
• Insights support
• Insights feedback

[krook]

Hello folks, looks like the very last task here is to work on the Slack migration. That will mark this onboarding complete, and then that task in turn can be marked complete in the Incubation Application.

Even though you have your own workspace linked from the #kubearmor channel, the benefit of joining the main CNCF workspace include:

• Our workspace is a paid account and doesn't have a user or message limit
• Joining the unified Slack helps users, contributors, and complementary projects find you

We've had larger Slack workspaces make the migration before and it's fairly straightforward.

When you're ready @RobertKielty and @idvoretskyi can help.

[nyrahul]

Sounds good. We will float this immediately to the KubeArmor community (to check for any comments/objections) and start preparing for migration. We certainly could use unlimited message limit. Thanks CC: @daemon1024 @delusionaloptimist

[RobertKielty]

@nyrahul @namdeirf reach out to me directly on Cloud Native Slack when your are ready to look at transfering over an export of your existing Slack Channels.

Like @krook says, it is fairly straight forward.

Here are some migration notes for the project based on past migrations.

• You are entering a shared workspace, so you will need to prefix channels with kubearmor- so that they can co-exist along side the other CNCF project channels. It would be super useful if you could rename channels before you export them on your existing workspace.
• When you do an export you get the full channel message history!
• When doing the import, Slack will attempt to match up existing users on your workspace with the cloud-native workspace joined by email address.