kedacore / governance Goto Github PK
View Code? Open in Web Editor NEWGovernance of KEDA
License: Apache License 2.0
Governance of KEDA
License: Apache License 2.0
We've seen a healthy adoption of KEDA by the community over time and received various contributions for running KEDA, operating it, and providing more scalers.
In the next couple of weeks, we will open a proposal to graduate to a CNCF Incubation project as we believe that we are approaching this next level in our project timeline.
Graduation process: https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc#incubating-stage
Publish Alibaba reference case on how and why they use KEDA.
Image pull metrics on GitHub Container Registry are ambiguous because GitHub measures all the pulls for the image signatures, which is noise to our interest.
Document eligibility criteria for Maintainers
See:
Setup WhiteSource Bolt for security scanning in conjunction with Snyk given not all vulnerabilities were caught as per kedacore/keda#2503.
Introduce "Contributors" group for frequent contributors so that we can assign the users/group to issues.
This should be documented in the repo when people are being considered to be added and what it means to become one.
Provide a Security Policy that helps customers and researchers to report security vulnerabilities.
We should provide:
Provide automated deployment of Azure resources used in end-to-end tests with Bicep so that things are automated and I'm not the bottleneck (or at least less).
This is because our Azure subscription is not accessible to everyone and should be just a PR away.
Switch default branches from master to main to be more inclusive.
Members will have to update their local environments (or forks).
git branch -m master <BRANCH>
git fetch origin
git branch -u origin/<BRANCH> <BRANCH>
git remote set-head origin -a
Next to Azure credits (#31), it would be nice to have access to resources on other cloud providers.
Because of that, we should request to onboard to the CNCF Cloud Credits program.
As an end-user it is easier if we would have a release schedule and ship every X period. This would allow them to more easily plan upgrades which would help maintainers to focus on more recent versions.
This issue is here for us to discuss if that makes sense for KEDA and what our cycles would look like.
For examples, see https://github.com/envoyproxy/envoy/blob/master/SECURITY.md etc
Introduce issue template to announce deprecations that follow our policy as per https://github.com/kedacore/governance/blob/main/DEPRECATIONS.md.
Follow-up for #68
We are having some growing pains & bugs for our documentation which are being tracked in this milestone:
https://github.com/kedacore/keda-docs/milestone/1
A request has been opened with CNCF to see if we can get some help on these.
Provide a policy around deprecations in KEDA to help end-users be aware of what to do, by when, what the impact is and how to migrate.
Also, it should set expectations on when KEDA is allowed to remove things and break end-users.
As KEDA grows, so does its community and we should consider introducing a community ladder to give credit to those who keep on contributing day-in, day-out (regardless of contribution type).
There are a few options we can consider:
This idea was initiated due to #29 which is a valid question.
We should send a message like this, but more polished.
Our community call starts in ~20mins, looking forward to see you there :slightly_smiling_face: https://keda.sh/community/
https://slack.com/resources/using-slack/how-to-use-reminders-in-slack
The global CNCF calendar has out of date information for KEDA's community calls.
It looks like the time on the calendar is an hour late, the meeting location has changed, the url still points to hackmd, and the hackmd link to find the meeting notes (via aka.ms) is broken.
Would be good to reach out and have the calendar event corrected.
Cheers!
Use a 3rd party to perform a security audit of KEDA.
CNCF provides this and can be requested.
What are the rules (or permissions required) in order to use the KEDA logo? For example to print on t-shirts, stickers or mugs and potentially selling said items with the KEDA logo on them? Where could explicit permission be obtained from?
CNCF is launching a Environmental Sustainability WG (https://github.com/cncf/wg-env-sustainability) to which we should see if we can help given we support scale-to-zero and ARM machines.
Setup Azure DevOps organization for automated tests of our scaler
Request Azure funds for open-source projects through new program:
https://cloudblogs.microsoft.com/opensource/2021/09/28/announcing-azure-credits-for-open-source-projects/
Introduce "Scaler Contributor" Credly badge for which scaler contributors can apply through an issue on this repo when they have met the requirements.
Relates to #30
ARM is becoming a major aspect for workloads such as edge and we've received requests to provide an ARM-based image (kedacore/keda#779).
GitHub Actions does not provide an ARM runner, but CNCF allows us to request a bare metal machine (link) on which we could run a self-hosted runner.
If we want to, we can request one but the following requirements apply:
- Code being run must be 100 percent open source and must not include any sensitive data.
- Testing should involve cloud native computing, meaning containerization, microservices, orchestration or some combination.
- You agree to write a blog post later about your experiences with the CIL.
- Priority is given first to CNCF projects, then to developers from CNCF member companies and then to any open source developer.
- Resources are limited so we may ask you to reduce your usage when there is high demand for the available credits from Equinix Metal ($1,000,000 per year).
What do you think?
I've recently opened a few issues for integration with other technologies:
Azure Service Operator: Azure/azure-service-operator#1377
Crossplane:
I was thinking, would it make sense to document in a page what the tools are that we integrate with and they can use KEDA with?
This could be in our docs, in this repo or in something like kedacore/integrations
.
Provide automation to merge documentation PRs when the feature PR was merged so that we don't have to manually keep track of them.
Optionally this could be through slash commands.
Document criteria and process for removing Maintainers other than inactivity such as code of conduct violation.
See:
The TOC has requested your annual review. This review has a deadline of two months of this notification, April 9, but we do have a review session coming up on March 9th if you'd like to complete this now.
How to complete your annual review:
Your annual review should answer the following questions:
Write proposal for KEDA to graduate to CNCF Graduated project
Provide bot for managing issues so that we automatically close stale issues.
Clean up old issues
No response
CloMonitor is a new tool by the CNCF to show the health of projects and provide tips and guidance on how to improve.
There are a few things that we should improve to align with the traditional approach of OSS communities.
Current results: https://clomonitor.io/projects/keda/keda
Adopters
file with link to our overview and how to be addedRoadmap
file with link to our roadmap
Governance
file with link to our governance repoCODE_OF_CONDUCT
file
.github
repo; see cncf/clomonitor#68Example: kubernetes/kubernetes#108110
Improve FOSSA project setup given it was not running from the correct GitHub repo.
Hi!
I'm lover of KEDA because I think that it covers an existing gap in Kubernetes autoscaling and open the doors to a lot of several event-driven scenarios from nowadays.
If you could consider me as a KEDA maintainer, it'd be amazing
Thank you for your time!
Request keda-dev channel in Kubernetes Slack so people contributing can talk to each other and our current keda is mainly focussed on other chatter.
Opening this issue to request to step down from the role of a Maintainer from KEDA org. This is to reduce the number of maintainers from Microsoft (Currently they are 3 including me) and also not being able to give enough time.
Follow-up for #38
Last week we've added the Azure Durable Functions Scaler to our org which is not shipped as part of KEDA core runtime but more of an add-on scaler.
Personally I'm a fan of this model given our core would become too big and not everybody needs this scaler.
We should define some governance around this and answer questions such as:
Maybe this is something that should be in https://github.com/kedacore/governance or so to decouple it from here?
Code of Conduct is not discoverable as it is hidden in kedacore/.github
to bring it to all GitHub repos automatically; but it is not referred to nor available explicitly in this repo.
See:
We've discussed it in the past (see kedacore/keda#995) but I think it's time to migrate our Docker images to GitHub Container Registry which brings our artifacts closer to our GitHub repos and gives us more insights on the adoption (# of pulls per tag, instead of vague total pull count).
We are dry-running this for our HTTP add-on and it's fairly straightforward.
Here is how people can discover them:
Per Docker image, you can then see the pull count per tag:
I've used this on other projects as well and it gives you a lot more insights than Docker Hub, and would never move back.
⚠ If we do this, then we should move all Docker images to our new registry for sake of completeness, but keep the old ones on Docker Hub.
We require CNCF projects to go through this badging process:
https://bestpractices.coreinfrastructure.org/en
Now that we are part of CNCF we should publish our standups to their YouTube account similar to other projects.
Today, we use HackMD to take notes for our standup and @jeffhollan has setup a Zoom meeting that we are joining.
However, we are facing some issues:
Because of that, we have decided that we will:
Setup container scanning for published images in Docker Hub with Snyk.
Provide release plan governance that talks about when we ship, what our release cadence is, etc.
We should compare our current DCO approach with easyCLA to see:
Once we know that, we should decide which option is the easiest with ease-of-contribution in mind.
Provide more mature roadmap so we can better manage work and provide a better way of consuming the information for end-users to set expectations.
The new GitHub Projects will be used to bring our backlog to life.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.