k8s.io/groups/sig-apps/groups.yaml at 7a3a9678044cd7d12321ae24a8c7d54f3534c832 · jaideepr97/k8s.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
groups:

  #
  # Mailing lists
  #
  # Each group here represents a mailing list for the SIG or its subprojects,
  # and is not intended to govern access to infrastructure
  #

  #
  # k8s-staging write access for SIG-owned subprojects
  #
  # Each group here represents privileged access to a staging project,
  # allowing the members to directly write to GCS and GCR within the
  # project, as well as trigger Cloud Build within the project. Ideally
  # this level access is used solely for troubleshooting purposes.
  #
  # Membership should correspond roughly to subproject owners for the set of
  # subproject artifacts being stored in a given staging project
  #

  - email-id: sig-apps-leads@kubernetes.io
    name: sig-apps-leads
    description: |-
      sig-apps leads
    owners:
      - chiachenk@google.com
      - kowens0826@gmail.com
      - soltysh@gmail.com
    settings:
      AllowWebPosting: "true"
      ReconcileMembers: "true"
      WhoCanPostMessage: "ANYONE_CAN_POST"
      WhoCanViewGroup: "ALL_MEMBERS_CAN_VIEW"
      WhoCanModerateContent: "OWNERS_AND_MANAGERS"
      MessageModerationLevel: "MODERATE_NONE"

  - email-id: sig-apps@kubernetes.io
    name: sig-apps
    description: |-
      SIG apps general discussion group
    owners:
      - chiachenk@google.com
      - kowens0826@gmail.com
      - soltysh@gmail.com
    settings:
      WhoCanJoin: "ANYONE_CAN_JOIN"
      WhoCanViewGroup: "ANYONE_CAN_VIEW"
      WhoCanDiscoverGroup: "ANYONE_CAN_DISCOVER"
      WhoCanPostMessage: "ANYONE_CAN_POST"
      MessageModerationLevel: "MODERATE_NON_MEMBERS"
      WhoCanViewMembership: "ALL_MANAGERS_CAN_VIEW"
      WhoCanModerateMembers: "OWNERS_AND_MANAGERS"
      WhoCanModerateContent: "OWNERS_AND_MANAGERS"
      MembersCanPostAsTheGroup: "false"
      ReconcileMembers: "false"

  - email-id: k8s-infra-staging-agent-sandbox@kubernetes.io
    name: k8s-infra-staging-agent-sandbox
    description: |-
      ACL for staging Agent Sandbox
    settings:
      ReconcileMembers: "true"
    members:
      - chiachenk@google.com
      - justinsb@google.com
      - soltysh@gmail.com

  - email-id: k8s-infra-staging-mcp-lifecycle-op@kubernetes.io
    name: k8s-infra-staging-mcp-lifecycle-op
    description: |-
      ACL for staging MCP Lifecycle Operator
    settings:
      ReconcileMembers: "true"
    members:
      - eduardoa@nvidia.com
      - brownwm@us.ibm.com

  - email-id: k8s-infra-staging-jobset@kubernetes.io
    name: k8s-infra-staging-jobset
    description: |-
      ACL for staging jobset
    settings:
      ReconcileMembers: "true"
    members:
      - danielvm@google.com
      - ahg@google.com

  - email-id: k8s-infra-staging-lws@kubernetes.io
    name: k8s-infra-staging-lws
    description: |-
      ACL for staging leaderworkerset
    settings:
      ReconcileMembers: "true"
    members:
      - ahg@google.com
      - rupliu@google.com

  - email-id: k8s-infra-staging-examples@kubernetes.io
    name: k8s-infra-staging-examples
    description: |-
      ACL for staging example artifacts.
    settings:
      ReconcileMembers: "true"
    members:
      - ihor@cncf.io # github:idvoretskyi
      - justinsb@google.com # github:justinsb
      - runseb@gmail.com # github:sebgoa

  #
  # k8s-infra gcs write access
  #
  # TODO: where is the bucket? is this prod or staging?
  #
  # Each group here governs access to one GCS bucket. Ideally this level of
  # access is used solely for troubleshooting purposes.
  #
  # Membership should correspond roughly to subproject owners for the set of
  # subproject artifacts being stored in the GCS bucket
  #

  #
  # k8s-infra owners for sig-owned subprojects
  #
  # Each group here represents highly privileged access to kubernetes project
  # infrastructure owned or managed by this SIG. A high level of trust is
  # required for membership in these groups.
  #


  # RBAC groups:
  # - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster
  # - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW"
  # - must be members of gke-security-groups@kubernetes.io