REQUEST: New repository kubernetes-sigs/seccomp-operator

[saschagrunert]

New Repo, Staging Repo, or migrate existing

Migrate saschagrunert/seccomp-operator. 🙃

Requested name for new repository

seccomp-operator

Which Organization should it reside

kubernetes-sigs

If not a staging repo, who should have admin access

@saschagrunert
@pjbgf
@hasheddan
@evrardjp

If not a staging repo, who should have write access

The admins

If not a staging repo, who should be listed as approvers in OWNERS

The admins

If not a staging repo, who should be listed in SECURITY_CONTACTS

The admins

What should the repo description be

The seccomp-operator should be an out-of-tree enhancement to iterate faster on possible security related enhancements to Kubernetes.

The full RFC can be found here:
https://github.com/saschagrunert/seccomp-operator/blob/master/RFC.md

We're planning to stay aligned with the current plans of seccomp - as laid out on in-flight KEPs (for example the promotion of seccomp to GA in 1.19). All of our work should stay in sync with the Kubernetes project and will bring valuable benefits into the main Kubernetes repository.

What SIG and subproject does this fall under in sigs.yaml

sig-node

Approvals

I'm kindly asking @dchen1107 and @derekwaynecarr for the approval. We pitched the idea in the regular SIG node meeting and want to utilize community resources like prow to integrate well into the overall ecosystem. 😇

[mrbobbytables]

/assign @dchen1107 @derekwaynecarr
for sign off 👍

[pjbgf]

ping @dchen1107 @derekwaynecarr - do you mind having a look at this issue please?

[derekwaynecarr]

i don't recall us coming to a conclusion on this in sig-node meeting.

@dchen1107 did i miss this discussion?

[pjbgf]

@derekwaynecarr we presented our vision and current state for the operator last week again. @dchen1107 then suggested we present it also to sig-auth, which we will be doing tomorrow.

[tallclair]

From a sig-auth perspective, we're happy with the direction of this. We do agree that this should be under sig-node though.

Putting on my sig-node hat, I like this direction. I do think we still need some upstream improvements to the local profiles, but that should be complementary to this out-of-core operator, and shouldn't block progress.

[saschagrunert]

Kindly pinging again for SIG node approval from @dchen1107 and @derekwaynecarr. We discussed it in the last SIG node meeting and agreed that this can live under SIG node.

[derekwaynecarr]

@saschagrunert apologies for lag. i caught up on the currrent state of the linked repo, and look forward to your work in the sig to make this optional add-on successful for the broadest set of users.

I approve as SIG Node lead.

/lgtm
/approve

[saschagrunert]

@nikhita @mrbobbytables may I ask you to support me with the repository migration? Should I create a dummy org where both of you have admin access or do we already have something like this?

[nikhita]

@saschagrunert yes, we'll need to move it to a dummy org first. I'll reach out to you on slack to coordinate this :)