Skip to main content

My LFX Mentorship Journey with CNCF: Kyverno - D N Siva Sathyaseelan

5 min · D N Siva Sathyaseelan - Github


















I have always wanted to participate in the LFX Mentorship program and here I am, graduated, writing this blog. These 3 months were amazing! This blog covers my experience in this mentorship.

What’s the LFX Mentorship?

“The Linux Foundation Mentorship Program is designed to help developers — many of whom are first-time open source contributors — with necessary skills and resources to learn, experiment, and contribute effectively to open source communities. By participating in a mentorship program, mentees have the opportunity to learn from experienced open source contributors as a segue to get internship and job opportunities upon graduation.”

If you are interested in participating in the LFX Mentorship programs, you can find more information at lfx.linuxfoundation.org/mentorship/guide.

My acceptance into the program

Once the application process began, I drafted a cover letter and I was contributing to kyverno for some time which I included in my cover letter, which I believe helped me stand out from other candidates.

I want to emphasize that contributions matter a lot. If you are interested in a particular organization, I encourage you to find ways to contribute to their community or projects. This is a great way to show your interest in the organization and your ability to add value.

I applied to 3 projects from Kyverno, and got accepted in CNCF - Kyverno: Verify Multiple Image Attestations (2024 Term 1), so my applications to the other two projects were no longer considered.

So, what did you do during mentorship?

I contributed to CNCF - Kyverno: Verify Multiple Image Attestations (2024 Term 1) project.



Kyverno’s Core maintainers Shuting Zhao and Vishal Choudhary were my mentors. I had weekly sync-up meetings with them. In this meeting, we reviewed the goals we set in our previous meetings, discussed the progress, reviewed PRs I made, and identified any new goals or objectives that I would like to work towards.


Stepwise progress:


Add support for default value into apiCall context variables:

Issue - #9723

PR - #9958


Before the changes in PR #9958, when an API call within a Kyverno policy rule failed, the policy execution would also fail, potentially causing unintended disruptions. This behavior could lead to policy enforcement issues, especially in scenarios where temporary API failures occurred. The need for a more resilient approach became evident, prompting the creation of issue #9723.


To address this problem, the PR introduces a default parameter inside the apiCall context. This parameter allows Kyverno to use a predefined default value when an API call returns an error, enabling the policy to continue its execution gracefully. Let's look at the key changes and how they fit into a typical policy.


Add support for condition validation across multiple image verification attestations or context entry:

Issue - #9456

PR - #9960


In Kyverno 1.11, support for conditions in every attestation entry was introduced. However, there was a limitation where the payload in one attestation couldn't be used while verifying another signed attestation. This PR aims to resolve this issue, enabling more flexible and robust attestation verification workflows.


The proposed solution in this pull request enhances Kyverno's attestation verification by enabling the use of payloads from one attestation during the verification of another signed attestation. This addresses a limitation noted in issue #9456. By allowing cross-referencing of attestation payloads, it ensures more robust and interconnected security checks. This improvement is demonstrated with practical examples, showing both successful and failed validation cases based on specific conditions, thereby validating the effectiveness and reliability of the new feature.


Note - All the results and behaviour of new features are mentioned in the PRs. Kindly check it out!

Is it difficult to get accepted into this?

I would say a big NO!!!

I personally started checking out the projects a few weeks before the applications started.

It is all about how willing are you to contribute to the community and learn new things which at the start might seem a little bit overwhelming. Before LFX, I was a beginner in GO but during my mentorship period, I worked on GO, Kubernetes, VEX, Cosign, Notary etc...

Don’t hesitate, give it a try. You will learn a lot!

If you’re interested in joining the LFX Mentorship like I was, submit your proposal here!

Graduation and concluding it all!

After 12 weeks, I successfully graduated from the program -


I’m really grateful to my mentors Shuting Zhao and Vishal Choudhary for helping me throughout the project!

I would like to express my sincere gratitude to the Kyverno, LFX, and CNCF communities. Without their support, neither this project nor this program would have been possible.

For doubts and questions feel free to contact me: LinkedIn | Gmail

Thank you for reading, hope you enjoyed the article! Follow me on Twitter | LinkedIn for more development-related posts. That’s all for today! Thank you for reading :)

Comments

Post a Comment