added wg-policy-spotlight blog #534
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @arujjval! |
k8s-ci-robot
added
the
size/L
Co-authored-by: Arvind <[email protected]>
Co-authored-by: Arvind <[email protected]>
|
@ArvindParekh updated as per your comments. |
|
Please update the date. After that, I'll lgtm and approve and we'll get this published. |
|
/hold We'd usually mirror this kind of article to the main blog. Are we happy to hold off to allow for that? OK to unhold if we don't want mirroring. |
k8s-ci-robot
added
the
do-not-merge/hold
|
Yes, we should mirror (thank you, vacation brain is real). |
|
Do we need to do anything in particular for the mirroring? @arujjval we need to get a new publish date for this, right? |
|
Needs a contributor to open a k/website PR that mirrors this one. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: arujjval, bashlion The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Ping, any updates here @arujjval? Help needed? |
|
@kaslin been a little busy lately. Have we decided on which date this should be posted? |
|
I suggest aiming for publication in late February, because SIG Docs is struggling with blog team capacity (it's mostly me). |
|
@sftim sure. Please update me about the day chosen. I will make changes to the publication date. |
| layout: blog | ||
| title: "Spotlight on Policy Working Group" | ||
| slug: wg-policy-spotlight-2024 | ||
| date: 2024-09-25 |
There was a problem hiding this comment.
Please update the date, below is only a suggestion
| date: 2024-09-25 | |
| date: 2025-02-26 |
There was a problem hiding this comment.
How about adding draft: true. Then we can [aim to] merge it as a draft and later send in a small PR to get the article published.
There was a problem hiding this comment.
Should I put the date as 9th March now?
There was a problem hiding this comment.
Set this as draft and then we can worry about the actual publication date once the draft has merged OK.
|
@arujjval checking in on this. Looks like there are some comments to address. |
|
|
||
| In the complex world of Kubernetes, policies play a crucial role in managing and securing clusters. But have you ever wondered how these policies are developed, implemented, and standardized across the Kubernetes ecosystem? To answer that, let's put the spotlight on the Policy Working Group. | ||
|
|
||
| The Policy Working Group is dedicated to a critical mission: providing an overall architecture that encompasses both current policy-related implementations and future policy proposals in Kubernetes. Their goal is ambitious yet essential - to create a universal view of policy architecture that serves both developers and end-users alike. |
There was a problem hiding this comment.
Their goal is ambitious yet essential - to create a universal view of policy architecture that serves both developers and end-users alike.
Maybe this sentence could be polished as follow:
Their goal is both ambitious and essential: to develop a universal policy architecture that benefits developers and end-users alike.
| **Andy Suderman**: My name is Andy Suderman and I am the CTO of Fairwinds, a managed Kubernetes-as-a-Service provider. I began working with Kubernetes in 2016 building a web conferencing platform. I am an author and/or maintainer of several Kubernetes-related open-source projects such as Goldilocks, Pluto, and Polaris. Polaris is a JSON-schema-based policy engine, which started Fairwinds' journey into the policy space and my involvement in the Policy Working Group. | ||
|
|
||
| **Poonam Lamba**: My name is Poonam Lamba, and I currently work as a Product Manager for Google Kubernetes Engine (GKE) at Google. My journey with Kubernetes began back in 2017 when I was building an SRE platform for a large enterprise, using a private cloud built on Kubernetes. Intrigued by its potential to revolutionize the way we deployed and managed applications at the time, I dove headfirst into learning everything I could about it. | ||
|
|
There was a problem hiding this comment.
Remove this space if the sentence below is the last part of the Poonam answer.
| ## About Working Groups | ||
|
|
||
| **One thing even I am not aware of is the difference between a working group and a SIG. Can you help us understand what a working group is and how it is different from a SIG?** | ||
| Unlike SIGs, working groups are temporary and focused on tackling specific, cross-cutting issues or projects that may involve multiple SIGs. Their lifespan is defined, and they disband once they've achieved their objective. Generally, working groups don't own code or have long-term responsibility for managing a particular area of the Kubernetes project. |
There was a problem hiding this comment.
Adding an empty line between the questions and the answers could improve readibility.
Then here you can add the link to the SiG's list (https://github.com/kubernetes/community/blob/master/sig-list.md) to let the readers aware of all the groups available.
| **One thing even I am not aware of is the difference between a working group and a SIG. Can you help us understand what a working group is and how it is different from a SIG?** | ||
| Unlike SIGs, working groups are temporary and focused on tackling specific, cross-cutting issues or projects that may involve multiple SIGs. Their lifespan is defined, and they disband once they've achieved their objective. Generally, working groups don't own code or have long-term responsibility for managing a particular area of the Kubernetes project. | ||
|
|
||
| **As you mentioned Working groups involve multiple SIGS, what SIGS are you closely involved with and How do you coordinate with them?** |
There was a problem hiding this comment.
Remove the capital letter at "How" if there is the same sentence.
| **Can you tell us about the main objectives of the Policy Working Group and some of your key accomplishments so far? Also, what are your plans for the future?** | ||
| The charter of the Policy WG is to help standardize policy management for Kubernetes and educate the community on best practices. | ||
|
|
||
| To accomplish this we have updated the Kubernetes documentation ([Policies | Kubernetes](https://kubernetes.io/docs/concepts/policy)), produced several whitepapers ([Kubernetes Policy Management](https://github.com/kubernetes/sig-security/blob/main/sig-security-docs/papers/policy/CNCF_Kubernetes_Policy_Management_WhitePaper_v1.pdf), [Kubernetes GRC](https://github.com/kubernetes/sig-security/blob/main/sig-security-docs/papers/policy_grc/Kubernetes_Policy_WG_Paper_v1_101123.pdf)), and created the Policy Reports API ([API reference](https://htmlpreview.github.io/?https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/policy-report/docs/index.html)) which standardizes reporting across different various tools. Several popular tools such as Falco, Trivy, Kyverno, kube-bench, and others support the Policy Report API. A major milestone for the Policy WG will be to help promote the Policy Reports API to a SIG-level API or find another stable home for it. |
There was a problem hiding this comment.
... which standardizes reporting across different various tools.
Keep just one between "different" and "various" becouse keeping boths could sounds like a redundance.
|
|
||
| To accomplish this we have updated the Kubernetes documentation ([Policies | Kubernetes](https://kubernetes.io/docs/concepts/policy)), produced several whitepapers ([Kubernetes Policy Management](https://github.com/kubernetes/sig-security/blob/main/sig-security-docs/papers/policy/CNCF_Kubernetes_Policy_Management_WhitePaper_v1.pdf), [Kubernetes GRC](https://github.com/kubernetes/sig-security/blob/main/sig-security-docs/papers/policy_grc/Kubernetes_Policy_WG_Paper_v1_101123.pdf)), and created the Policy Reports API ([API reference](https://htmlpreview.github.io/?https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/policy-report/docs/index.html)) which standardizes reporting across different various tools. Several popular tools such as Falco, Trivy, Kyverno, kube-bench, and others support the Policy Report API. A major milestone for the Policy WG will be to help promote the Policy Reports API to a SIG-level API or find another stable home for it. | ||
|
|
||
| Beyond that, as ValidatingAdmissionPolicy and MutatingAdmissionPolicy become GA in Kubernetes, we intend to guide and educate the community on the tradeoffs and appropriate usage patterns for these built-in API objects and other CNCF policy management solutions like OPA/Gatekeeper and Kyverno. |
There was a problem hiding this comment.
You can add a link to Validating Admission Policy (https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/) and Mutating Admission Policy(https://kubernetes.io/docs/reference/access-authn-authz/mutating-admission-policy/) docs here
|
@graz-dev for reported speech, we don't suggest rewordings unless there are obvious problems or we think the original speaker may have been misquoted. |
closes #533