search

falcosecurity / evolution

Evolution process of The Falco Project
Apache License 2.0
46 stars 37 forks source link

Create new repo `cncf-green-review-testing` for CNCF TAG Environmental Sustainability - Green Reviews WG Testing Integration #345

Closed incertum closed 6 months ago

incertum commented 7 months ago

Motivation

Create a dedicated repository at https://github.com/falcosecurity/cncf-green-review-testing. This repository will serve as the hosting platform for the Falco daemonset configurations for CNCF TAG Environmental Sustainability CNCF Green Reviews WG testing integration, which will be utilized in the following repository https://github.com/cncf-tags/green-reviews-tooling/tree/main, leveraging the Flux framework. The daemonset templates will resemble existing templates https://github.com/falcosecurity/deploy-kubernetes/tree/main/kubernetes, but they will be customized to serve the specific purpose. This customization will include specifying concrete namespace names and labels, as well as implementing the desired spec.nodeSelector and spec.affinity configurations tailored for the Green Reviews WG effort.

The initial directory structure could resemble the following, subject to evolution over time:

├── kustomize
│   ├── driver-bpf
│   ├── driver-kmod
│   ├── driver-modern-bpf
│   │   ├── configmap.yaml
│   │   ├── ...
│   │   └── daemonset.yaml
│   ├── kustomization.yaml
│   └── templates
│       ├── ...
│       └── serviceaccount.yaml
├── LICENSE
└── README.md

Since https://github.com/cncf-tags/green-reviews-tooling/tree/main would utilize a Flux watch, there might not be a need for CI. Nevertheless, we still need to investigate how to utilize/consume the metrics results.

In addition to hosting the Falco deployment, this repository may also accommodate microservices test applications or stress test applications. Their purpose would be to simulate realistic workloads within the CNCF testbed, enabling us to derive meaningful performance metrics.

References:

leogr commented 7 months ago

:+1: from me

I'd start assigning this repo the "sandbox" level and the "infra" scope. /kind sandbox

Also, count me as a repo maintainer if this works for you!

cc @falcosecurity/test-infra-maintainers @falcosecurity/core-maintainers

Andreagit97 commented 7 months ago

+1

nikimanoledaki commented 6 months ago

Thank you @incertum! This repository would help the WG Green Reviews deploy Falco on our infrastructure. Since we aim to support more CNCF Projects in the future, it would help tremendously if we could delegate the maintenance of project-specific configuration to the project maintainers.

To summarise our discussion, for isolation between CNCF Projects, we can start with the following basic namespace/node isolation:

zuc commented 6 months ago

+1!

FedeDP commented 6 months ago

+1 from my side!

LucaGuerra commented 6 months ago

+1

maxgio92 commented 6 months ago

+1

cpanato commented 6 months ago

+1

leogr commented 6 months ago

Awesome, we can move forward with this. Is anyone willing to be included in this repo's OWNERS file? :thinking:

maxgio92 commented 6 months ago

You can count me in @leogr ✋

LucaGuerra commented 6 months ago

I can also help with reviews

leogr commented 6 months ago

Great!

So, I'm starting to prepare the repo in the org. I'll keep you posted.