feat: oscal compass project supported demos #112
Conversation
Signed-off-by: Chris Butler <[email protected]>
Signed-off-by: Chris Butler <[email protected]>
| ## Proposal | ||
|
|
||
| 1. Reference demonstrations are not included in the [`oscal-compass`](https://github.com/oscal-compass) organization. Demonstrations are confined the `oscal-compass-demos` organization. | ||
| 2. Due to the nature of Oscal-compass, demonstrations are likely to span multiple repositories. Each demonstration should at least have a descriptive name which is the root repository of the demonstration that includes documentation: |
There was a problem hiding this comment.
To enforce this consistency, would compliance-trestle-agile-authoring be the creator and manager of our demo content? If this could be fully automated (perhaps this could be a future phase or stretch goal), the request for new demo content could be through a PR to a catalog of use cases under oscal-compass-demos and Agile Authoring could be triggered to create it on PR merge.
There was a problem hiding this comment.
I think that's a good aspirational goal. My focus was more on how do we demonstrate some different functionalities in a prescribed scenario. e.g. for Kubecon Japan @yana1205 and I have been working on a scenario that will require a user to deploy manifests to a k8s cluster.
In that scenario We'd need at least two repos - one for the component definition (to connect c2p and kyverno to a cluster) and one for the cluster manifiests / argoCD applications.
There was a problem hiding this comment.
We recently created a set of repo's for an e2e demo anchored here: e2e-demo. The initial use was for KubeCon EU 2025 (last week).
The demo video show two aspects:
- compliance-as-code -> agile authoring
- policy-as-code -> c2p and automated posture calculation of a Ubuntu VM
The user can easily run part 2 by downloading the posture repo and running make demo. Pre-req's are Virtual Box and Vagrant. Cloning the repo's and setting up for agile authoring for part 1 is a bit more complex.
I suggest that adding kyverno/kubernetes as another target of compliance should be done here, or we somehow merge.
Signed-off-by: Chris Butler <[email protected]>
|
@jpower432 ready to review properly. |
| ### Impact and desired outcome | ||
|
|
||
| - Avoiding creating a dumping zone: Organizations which have 100's or 1000's of garbage projects which have been thrown into the wild. | ||
| - W |
There was a problem hiding this comment.
Was it unintentional to keep this bullet?
|
|
||
| ## Implementation Details (Optional) | ||
|
|
||
| 1. Setup the organization via the CNCF with the correct set of permissions. |
There was a problem hiding this comment.
It might good to look at existing projects for norms around this use case to define whether the demos should be part of the core OSCAL Compass project or a separate downstream of the OSCAL Compass project. We would need to go through certain steps of the on-boarding process again to add another organization to the CNCF provided infrastructure.
There was a problem hiding this comment.
I looked at perhaps a dozen or so CNCF incubator level projects and found none with a separate org for demos/examples. Many projects have many repos in the org, one had 135. Some have demo repos, some have examples embedded in the core repos themselves. I do agree that the e2e-demos could be named better for clarity. The e2e-demos are not meant for KubeCon only, though that was the first use, but are general purpose for showing off our CNCF OSCAL Compass wares. I do agree there should be a process for adding repos/demos and there should be a process for insuring that demos are viable as progress ensues in the core repos.
3 participants
Signed-off-by: Chris Butler [email protected]