A year of improving kubernetes security from the inside!

Recent Kubernetes v1.24 release is my 3rd consecutive release where I was fortunate to implement incremental security improvements. I started with a dream to "Make Kubernetes Secure for All" & my biggest regret is not joining the community sooner. Here's why:

So many community members have dreams to make Kubernetes better. Some of those are security related. So we help each other make those dreams come true. This may sound really fuzzy and too good to be true so it might help to share a few examples.

In v1.22, I worked with SIG Architecture to remove an unmaintained dependency. This PR taught me that if you are doing the right thing, even the busiest people in the community will find time to help you! 

In the same release, SIG Testing asked for help on a failing test from new contributors. I raised my hand up and we got it done. This taught me to how to lead and create opportunities for new contributors to step up & recognize them publicly! 

Around that time, Implementing vulnerability scanning for Kubernetes introduced me to SIG K8s Infra folks who are truly our everyday heroes keeping the lights on for all of us. You can find how it works here.

Next Release v1.23, I had a chance to work closely with SIG Docs on the Tutorials for Pod Security. Their attention to detail and sheer thoughtfulness in comments during PR reviews blew my mind away.

In the same release, I became acquainted with SIG Release and their artifact promotion process. I learnt a lot from them by participating in their slack channel, attending/watching their zoom meetings. I started applying it to how I led SIG Security Tooling sub-project. 

Slowly but surely, many folks joined & made meaningful contributions by raising their hand up on issues labelled as help wanted. This made me realize that now I am in a position where I can give back to the community.

In v1.24, collaboration with SIG Release grew stronger and we ended up implementing Release Image Signing and Verification. SIG Docs jumped in again and helped craft this wonderful how-to guide.

In summary, I was pleasantly surprised by how much everyone cares about the project. And there is ton of work with only pre-requisite being perseverance + passion. I know there are many great guides on how to get started in the community, but they can get overwhelming.

So I will keep this simple:

1. Join https://kubernetes.slack.com 
2. Invite yourself from https://slack.k8s.io/
3. Pick a sig-* channel (e.g. sig-contribex)
4. Share your dreams
5. Find ways to help other people's dreams come true
6. Be Excellent to Each Other!

Looking forward to more cross SIG magic in v1.25 & beyond!

Note: There were times when I was getting knocked down by life circumstances. At that time, I learnt to have the grace to take it slow, ask for help and take a step back. Taking care of myself when I was down helped me take care of others when they needed my help.