Convert wg-k8s-infra to sig-k8s-infra (#5928)

* mv wg-k8s-infra sig-k8s-infra

* sigs.yaml: mv wg-k8s-infra to sig-k8s-infra

* sigs.yaml: update sig-k8s-infra

Specifically:

- update mission statement
- add k8s-infra-dns subproject
- add k8s-infra-groups subproject

* sigs.yaml: ran make

* manual search-replace of wg-k8s-infra

* slack-config: rename wg-k8s-infra channel

* sig-k8s-infra: update charter

Refresh the charter to:

- define in scope binaries, apps, and services
- explicitly spell out areas of collaboration that were previously
  implied
- drop aspirational goals around on-call and vetting that we haven't had
  bandwidth to implement
- drop WG-related governance terms or links

Author: spiffxp

OWNERS_ALIASES

@@ -48,6 +48,11 @@ aliases:
     - dashpole
     - ehashman
     - logicalhan
+  sig-k8s-infra-leads:
+    - ameukam
+    - dims
+    - spiffxp
+    - thockin
   sig-multicluster-leads:
     - jeremyot
     - pmorie
@@ -112,10 +117,6 @@ aliases:
     - cantbewong
     - cindyxing
     - dejanb
-  wg-k8s-infra-leads:
-    - ameukam
-    - dims
-    - spiffxp
   wg-multitenancy-leads:
     - srampal
     - tashimi

communication/slack-config/channels.yaml

@@ -418,7 +418,8 @@ channels:
   - name: wg-component-standard-mentorship
   - name: wg-data-protection
   - name: wg-iot-edge
-  - name: wg-k8s-infra
+  - name: sig-k8s-infra
+    id: CCK68P2Q2
   - name: wg-lts
     archived: true
   - name: wg-machine-learning

communication/youtube/youtube-guidelines.md

@@ -167,7 +167,6 @@ The following SIGs and groups are currently running splain.io:
 - [SIG Network](/sig-network/README.md)
 - [Steering Committee](/committee-steering/governance/README.md)
 - [WG Data Protection](/wg-data-protection/README.md)
-- [WG K8s Infra](/wg-k8s-infra/README.md)
 
 The main zoom admin account which holds Meet Our Contributors and others (if
 you log in to splain using this account, all of the other accounts will be
@@ -227,4 +226,4 @@ detailed information about streaming, see our [Streaming Config]
 [Streaming Config]: ./streaming-config.md
 [Subprojects]: /governance.md#subprojects
 [moderation guidelines]: /communication/moderation.md
-[zoom guidelines]:/communication/zoom-guidelines.md
+[zoom guidelines]:/communication/zoom-guidelines.md

liaisons.md

@@ -34,6 +34,7 @@ of SIGs, WGs and UGs.
 | [SIG Contributor Experience](sig-contributor-experience/README.md) | Bob Killen (**[@mrbobbytables](https://github.com/mrbobbytables)**) |
 | [SIG Docs](sig-docs/README.md) | Jordan Liggitt (**[@liggitt](https://github.com/liggitt)**) |
 | [SIG Instrumentation](sig-instrumentation/README.md) | Christoph Blecker (**[@cblecker](https://github.com/cblecker)**) |
+| [SIG K8s Infra](sig-k8s-infra/README.md) | Nikhita Raghunath (**[@nikhita](https://github.com/nikhita)**) |
 | [SIG Multicluster](sig-multicluster/README.md) | Paris Pittman (**[@parispittman](https://github.com/parispittman)**) |
 | [SIG Network](sig-network/README.md) | Derek Carr (**[@derekwaynecarr](https://github.com/derekwaynecarr)**) |
 | [SIG Node](sig-node/README.md) | Nikhita Raghunath (**[@nikhita](https://github.com/nikhita)**) |
@@ -51,7 +52,6 @@ of SIGs, WGs and UGs.
 | [WG Component Standard](wg-component-standard/README.md) | Christoph Blecker (**[@cblecker](https://github.com/cblecker)**) |
 | [WG Data Protection](wg-data-protection/README.md) | Paris Pittman (**[@parispittman](https://github.com/parispittman)**) |
 | [WG IoT Edge](wg-iot-edge/README.md) | Derek Carr (**[@derekwaynecarr](https://github.com/derekwaynecarr)**) |
-| [WG K8s Infra](wg-k8s-infra/README.md) | Nikhita Raghunath (**[@nikhita](https://github.com/nikhita)**) |
 | [WG Multitenancy](wg-multitenancy/README.md) | Jordan Liggitt (**[@liggitt](https://github.com/liggitt)**) |
 | [WG Naming](wg-naming/README.md) | Bob Killen (**[@mrbobbytables](https://github.com/mrbobbytables)**) |
 | [WG Policy](wg-policy/README.md) | Christoph Blecker (**[@cblecker](https://github.com/cblecker)**) |

sig-contributor-experience/README.md

@@ -114,10 +114,6 @@ Manages and controls Github permissions, repos, and groups, including Org Member
   - GitHub Administration Subproject: [Thursdays at 09:30 PT (Pacific Time)](https://zoom.us/j/442435463?pwd=Rk1PWWpSSTJDaWJKdzRYb2EyTlkvZz09) (Monthly on 4th Thursday). [Convert to your timezone](http://www.thetimezoneconverter.com/?t=09:30&tz=PT%20%28Pacific%20Time%29).
     - [Meeting notes and Agenda](https://docs.google.com/document/d/1IiVrr1hcFWmbboExk971FsMUGfr2Wp68mdMribCuzLs/edit).
     - [Meeting recordings](https://www.youtube.com/playlist?list=PL69nYSiGNLP2x_48wbOPO0vXQgNTm_xxr).
-### k8s.io
-Creates and maintains shortcuts and automation apps running in the k8s.io domain.
-- **Owners:**
-  - [kubernetes/k8s.io](https://github.com/kubernetes/k8s.io/blob/main/OWNERS)
 ### mentoring
 Oversees and develops programs for helping contributors ascend the contributor ladder, including the New Contributor Workshops, Meet Our Contributors, and other programs.
 - **Owners:**

wg-k8s-infra/OWNERS renamed to sig-k8s-infra/OWNERS

@@ -1,8 +1,8 @@
 # See the OWNERS docs at https://go.k8s.io/owners
 
 reviewers:
-  - wg-k8s-infra-leads
+  - sig-k8s-infra-leads
 approvers:
-  - wg-k8s-infra-leads
+  - sig-k8s-infra-leads
 labels:
-  - wg/k8s-infra
+  - sig/k8s-infra

sig-k8s-infra/README.md

@@ -0,0 +1,68 @@
+<!---
+This is an autogenerated file!
+
+Please do not edit this file directly, but instead make changes to the
+sigs.yaml file in the project root.
+
+To understand how this file is generated, see https://git.k8s.io/community/generator/README.md
+--->
+# K8s Infra Special Interest Group
+
+SIG K8s Infra is interested in the successful migration of ownership and management of all Kubernetes project infrastructure from the google.com GCP Organization (or elsewhere) to the CNCF, such that the Kubernetes project is able to sustainably operate itself without direct assistance from external vendors or entities.
+In other words, we seek to eradicate usage of the phrase "oh that's something that only an employee of Vendor X can do, we're blocked until they respond."
+
+The [charter](charter.md) defines the scope and governance of the K8s Infra Special Interest Group.
+
+## Meetings
+* Regular SIG Meeting: [Wednesdays at 20:00 UTC](https://zoom.us/j/93109963352?pwd=SHJTcFR2bVg1akYxSDREUWQzaldrQT09) (bi-weekly). [Convert to your timezone](http://www.thetimezoneconverter.com/?t=20:00&tz=UTC).
+  * [Meeting notes and Agenda](http://bit.ly/sig-k8s-infra-notes).
+  * [Meeting recordings](http://bit.ly/sig-k8s-infra-playlist).
+
+## Leadership
+
+### Chairs
+The Chairs of the SIG run operations and processes governing the SIG.
+
+* Arnaud Meukam (**[@ameukam](https://github.com/ameukam)**), Alter Way
+* Davanum Srinivas (**[@dims](https://github.com/dims)**), VMware
+
+### Technical Leads
+The Technical Leads of the SIG establish new subprojects, decommission existing
+subprojects, and resolve cross-subproject technical issues and decisions.
+
+* Aaron Crickenberger (**[@spiffxp](https://github.com/spiffxp)**), Google
+* Tim Hockin (**[@thockin](https://github.com/thockin)**), Google
+
+## Emeritus Leads
+
+* Bart Smykla (**[@bartsmykla](https://github.com/bartsmykla)**)
+
+## Contact
+- Slack: [#sig-k8s-infra](https://kubernetes.slack.com/messages/sig-k8s-infra)
+- [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-k8s-infra)
+- [Open Community Issues/PRs](https://github.com/kubernetes/community/labels/sig%2Fk8s-infra)
+- GitHub Teams:
+    - [@kubernetes/sig-k8s-infra](https://github.com/orgs/kubernetes/teams/sig-k8s-infra) - active contributors in sig-k8s-infra
+    - [@kubernetes/sig-k8s-infra-leads](https://github.com/orgs/kubernetes/teams/sig-k8s-infra-leads) - sig-k8s-infra chairs and tech leads
+- Steering Committee Liaison: Nikhita Raghunath (**[@nikhita](https://github.com/nikhita)**)
+
+## Subprojects
+
+The following [subprojects][subproject-definition] are owned by sig-k8s-infra:
+### k8s-infra-dns
+Code and configuration to manage DNS records for domains owned by the Kubernetes project such as k8s.io and kubernetes.io
+- **Owners:**
+  - [kubernetes/k8s.io/dns](https://github.com/kubernetes/k8s.io/blob/main/dns/OWNERS)
+### k8s-infra-groups
+Code and configuration to manage Google Groups for domains owned by the Kubernetes project such kubernetes.io
+- **Owners:**
+  - [kubernetes/k8s.io/groups](https://github.com/kubernetes/k8s.io/blob/main/groups/OWNERS)
+### k8s.io
+Code and configuration to manage Kubernetes project infrastructure, including various *.k8s.io sites
+- **Owners:**
+  - [kubernetes/k8s.io](https://github.com/kubernetes/k8s.io/blob/main/OWNERS)
+
+[subproject-definition]: https://github.com/kubernetes/community/blob/master/governance.md#subprojects
+<!-- BEGIN CUSTOM CONTENT -->
+
+<!-- END CUSTOM CONTENT -->

wg-k8s-infra/annual-report-2020.md renamed to sig-k8s-infra/annual-report-2020.md

@@ -168,7 +168,7 @@ What remains (TODO: we need to update our issues to reflect this)
 **Have you produced any artifacts, reports, white papers to date?**
 
 We provide a [publicly viewable billing report](https://datastudio.google.com/u/0/reporting/14UWSuqD5ef9E4LnsCD9uJWTPv8MHOA3e)
-accessible to members of kubernetes-wg[email protected].
+accessible to members of kubernetes-sig[email protected].
 The project was given $3M/yr for 3 years, and our third year started ~August 2020.
 Our spend over the past 28 days has been ~$109K, which works out to ~$1.42M/yr.
 A very rough breakdown of the $109k:
@@ -179,7 +179,7 @@ A very rough breakdown of the $109k:
 **Is everything in your readme accurate? posting meetings on youtube?**
 
 Our community
-[readme](https://github.com/kubernetes/community/tree/master/wg-k8s-infra) is
+[readme](https://github.com/kubernetes/community/tree/master/sig-k8s-infra) is
 accurate if sparse. The
 [readme](https://github.com/kubernetes/k8s.io/blob/main/README.md) in k8s.io,
 which houses most of the actual infrastructure, is terse and slightly out of

sig-k8s-infra/charter.md

@@ -0,0 +1,209 @@
+# SIG K8s Infra Charter
+
+This charter adheres to the conventions described in the
+[Kubernetes Charter README] and uses the Roles and Organization Management
+outlined in [sig-governance].
+
+## Scope
+
+The successful migration of ownership and management of all Kubernetes
+project infrastructure from the google.com GCP Organization 
+(or other IaaS vendor-owned locations) to the CNCF, such that the Kubernetes
+project is able to sustainably operate itself without direct assistance from
+external vendors or entities.
+
+In other words, we seek to eradicate usage of the phrase "oh that's
+something that only an employee of Vendor X can do, we're blocked until
+they respond."
+
+### In scope
+
+Within this document, "infrastructure" is used to refer to cloud resources
+managed through an "infrastructure as a service" offering. This includes
+more than just raw compute, storage, and networking resources, since many
+cloud services provide a rich variety of resources for API-driven management.
+
+#### Code, Binaries and Services
+
+Code, data and policies necessary to provision, update, decommission and
+otherwise manage all project infrastructure as provisioned through
+infrastructure-as-a-service (IaaS) offerings. This includes more than raw
+compute, storage, and network resources traditionally bucketed under IaaS,
+since many cloud offerings provide a rich variety of resources via API-driven
+management. This may also include code and binaries which run on top of the
+IaaS offerings to provide services to the Kubernetes project.
+
+Given that this is a broad scope, we prefer (where possible) to delegate
+ownership and operation of the code / infrastructure to more directly
+responsible SIGs or Committees. This is largely how the SIG operated during
+its lifetime as a WG, driving the policies and tooling upon which SIG-owned
+infrastructure operates.
+
+Areas of responsibility include:
+
+- Policy definition and enforcement for areas related to project
+  infrastructure, including:
+  - What is in-scope/out-of-scope for project infrastructure
+  - Who should be allowed access to which parts of project infrastructure,
+    e.g. team definition, vetting criteria, etc.
+  - How infrastructure should be managed, e.g. naming schemes, acceptable
+    tooling or practices, on-call or escalation policies, etc.
+- Configuration management of all resources and service usage within the
+  kubernetes.io GCP Organization, including, but not limited to:
+  - API / Service enablement
+  - BigQuery datasets
+  - DNS records, e.g. for k8s.io, kubernetes.io, and other project-owned domains
+  - GCB usage
+  - GCP projects, instances, images
+  - GCR repositories
+  - GCS buckets
+  - GKE clusters, e.g. community infra cluster, prow build clusters
+  - GSM secrets
+  - Google Groups
+  - IAM roles, service accounts, and policies
+  - KMS keys
+  - Managed Certificates, e.g. for k8s.io, kubernetes.io, and other project-owned
+    domains
+- Reports on infrastructure operation, including:
+  - Anonymized traffic reports to show which parts of our infrastructure
+    are seeing the most use
+  - Auditing reports to show the current configuration of the community's
+    infrastructure
+  - Billing reports to show where the community's infrastructure budget is
+    being spent
+
+In terms of subprojects, this means we own kubernetes/k8s.io and are an
+escalation point of last resort for more tightly scoped subprojects that
+live within this repo.
+
+#### Cross-cutting and Externally Facing Processes
+
+We prefer (where possible) to delegate ownership, operation and policy
+definition to SIGs that are more directly responsible for a given area
+of the project. However, we reserve the right to halt infrastructure or
+roll back changes if the project as a whole is being negatively impacted.
+
+Some examples for illustrative purposes
+
+##### Access Policies
+
+- We are responsible for ensuring the appropriate members of a SIG have
+  sufficient permissions to troubleshoot and manage their app or
+  infrastructure.
+- However, we will NOT grant overly broad permissions to an overly broad
+  group of people. We will collaborate with SIGs to ensure access is
+  appropriately scoped.
+- We WILL ensure the appropriate set of CNCF staff have access to act as
+  an escalation path of last resort
+- We MAY revoke access in the event of a security-related incident
+
+e.g. SIG Release is responsible for who gets what level of access to
+infrastructure used by the release-engineering subproject to cut a Kubernetes
+release
+
+##### Artifact Hosting
+
+- We are not responsible for promoting into production artifacts that belong
+  to subprojects owned by other SIGs.
+- However, we MAY revert changes that prevent artifact promotion from
+  functioning.
+
+e.g. SIG Storage is responsible for declaring which CSI-related images should
+be promoted to production, SIG Release is responsible for ensuring those
+images make it to production, and SIG K8s Infra is responsible for ensuring
+that production exists in the first place
+
+##### Community Infra Cluster
+
+- We are responsible for ensuring a community-owned GKE cluster is available
+  to run apps owned by other SIGs.
+- However, we are NOT responsible for ensuring proper functionality of those
+  apps. That is left to the SIGs.
+
+e.g. SIG Scalability is responsible for ensuring perfdash.k8s.io displays
+valid data
+
+##### Project Infrastructure Budget
+
+- We are responsible for enforcing policy on what is considered in-scope and
+  out-of-scope for project infrastructure (and thus, where we spend our
+  infrastructure budget)
+- Crafting such policy is done in collaboration with the Steering Committee
+  (owns project spending) and SIG Architecture (owns Kubernetes definition)
+- We MAY delete or scope down infrastructure in the event of unexpected or
+  undue spend
+
+e.g. SIG K8s Infra will deny requests to host artifacts for projects that are
+formerly part of or adjacent to the Kubernetes project (e.g. helm, cri-o)
+
+##### Public Names
+
+- We are responsible for enforcing policy on what is considered appropriate
+  or inappropriate for the names of public-facing entities such as DNS
+  records and Google Group names
+- Crafting such policy is done in collaboration with the Steering Committee,
+  SIG Architecture, and SIG Contributor Experience
+
+e.g. Group names that are used to communicate upon behalf of the project such
+as `[email protected]` are vetted by SIG Contributor Experience,
+group names that are used for RBAC or IAM bindings are vetted by SIG K8s Infra.
+
+##### Secrets and Credentials
+
+- We are responsible for ensuring secure storage and retrieval of secrets
+  such as passwords, tokens, keys, etc.
+- However, we are NOT responsible for ensuring the value of those secrets
+  is valid.
+- We MAY delete or deactivate secrets in the event of a security-related
+  incident
+
+e.g. SIG Contributor Experience is responsible for ensuring valid Slack API
+credentials exist for proper functioning of slack-infra
+
+##### Security Response
+
+- Overriding all of the above, we MAY revoke, delete, or deactivate
+  infrastructure, services or access in the event of a security-related
+  incident.
+- This depends on responsiveness of the owning SIG, and urgency and severity
+  of the incident being responded to
+
+e.g. SIG K8s Infra may force rotation of prow build cluster credentials if
+appropriately credentialed members of SIG Testing are not available
+
+### Out of scope
+
+We are not resonsible for code that runs _on_ project infrastructure, with
+the exception of:
+
+- subprojects of this SIG (as listed in [`sigs.yaml`], which is more likely
+  to be kept up to date than this charter)
+- code we share responsibility for (as listed in the [Cross-cutting and
+  Externally Facing Processes] section)
+
+We are not responsible for the management of nor in the escalation path for
+supporting non-IaaS offerings used by the Kubernetes project that are
+managed by other subprojects under other SIGs. For example, problems with
+GitHub should be routed to SIG Contributor Experience.
+
+We are not responsible for managing infrastructure which has not yet been
+migrated to the CNCF. For example, problems with prow.k8s.io should be routed
+to SIG Testing.
+
+## Roles and Organization Management
+
+This sig adheres to the Roles and Organization Management outlined in
+[sig-governance] and opts-in to updates and modifications to [sig-governance].
+
+We may revise this portion of the charter when it comes time to talk about
+providing a level of support and responsiveness that one might reasonably
+expect from a globally distributed open source project.
+
+[sig-governance]: https://git.k8s.io/community/committee-steering/governance/sig-governance.md
+[Kubernetes Charter README]: https://git.k8s.io/community/committee-steering/governance/README.md
+[lazy consensus]: http://en.osswiki.info/concepts/lazy_consensus
+
+[kubernetes-dev@]: https://groups.google.com/forum/#!forum/kubernetes-dev
+[sig-k8s-infra@]: https://groups.google.com/forum/#!forum/kubernetes-sig-k8s-infra
+[kubernetes/k8s.io]: https://git.k8s.io/k8s.io
+[`sigs.yaml`]: https://git.k8s.io/community/sigs.yaml