falcosecurity · poiana · May 12, 2020 · May 4, 2020 · May 4, 2020 · May 4, 2020
diff --git a/proposals/20200506-artifacts-scope-part-1.md b/proposals/20200506-artifacts-scope-part-1.md
@@ -0,0 +1,114 @@
+# Falco Artifacts Scope - Part 1
+
+The **Falco Artifact Scope** proposal is divided in two parts:
+1. the Part 1 - *this document*: the State of Art of Falco artifacts
+2. the [Part 2](./20200506-artifacts-scope-part-2.md): the intended state moving forward
+
+## Summary 
+
+As a project we would like to support the following artifacts.
+
+Everything else will be moved to [contrib](https://github.com/falcosecurity/contrib).
+
+As a project we will build, change, rename, and move files, documents, scripts, configurations according to the new state of the art described into [Part 2](./20200506-artifacts-scope-part-2.md).
+
+Inspired by many previous issues and many of the weekly community calls.
+
+## Terms
+
+**falco** 
+
+*The Falco binary*
+
+**driver**
+
+*System call provider from the Linux kernel. Either (`bpf`, `module`)*
+
+**falco-driver-loader**
+
+*The bash script found [here](https://github.com/falcosecurity/falco/blob/master/scripts/falco-driver-loader) that tries to compile else download the driver (kernel module or eBPF probe).*
+
+**package**
+
+*An installable artifact that is operating system specific. All packages MUST be hosted on bintray.*
+
+**image**
+
+*OCI compliant container image hosted on dockerhub with tags for every release and the current master branch.*
+
+
+# Packages
+
+List of currently official packages (for x86 64bits only):
+
+- `falco-x.y.z-x86_64.deb` for debian like systems, it installs the kernel module by default
+- `falco-x.y.z-x86_64.rpm` for rpm like systems, it installs the kernel module by default
+- `falco-x.y.z-x86_64.tar.gz` for binary installation, it contains `falco` binary, `falco-driver-loader` script, drivers source, and related dependencies
+
+
+# Images
+
+List of currently official container images (for X86 64bits only):
+
+| Name | Directory | Description |
+|---|---|---|
+| [falcosecurity/falco:latest](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:master](https://hub.docker.com/repository/docker/falcosecurity/falco) | docker/stable | Falco (DEB built from git tag or from the master) with all the building toolchain. | 
+| [falcosecurity/falco:latest-slim](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:_tag_-slim](https://hub.docker.com/repository/docker/falcosecurity/falco),[falcosecurity/falco:master-slim](https://hub.docker.com/repository/docker/falcosecurity/falco) | docker/slim | Falco (DEB build from git tag or from the master) without the building toolchain. | 
+| [falcosecurity/falco-driver-loader:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader), [falcosecurity/falco-driver-loader:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader), [falcosecurity/falco-driver-loader:master](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader) | docker/driver-loader | `falco-driver-loader` as entrypoint with the building toolchain. | 
+| [falcosecurity/falco-builder:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-builder) | docker/builder | The complete build tool chain for compiling Falco from source. See [the documentation](https://falco.org/docs/source/) for more details on building from source. Used to build Falco (CI). | 
+| [falcosecurity/falco-tester:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-tester) | docker/tester | Container image for running the Falco test suite. Used to run Falco integration tests (CI). | 
+| _to not be published_ | docker/local | Built on-the-fly and used by falco-tester. |
+
+**Note**: `falco-builder`, `falco-tester` (and the `docker/local` image which it's built on the fly by the `falco-tester` one) are not integrated into the release process because they are development and CI tools that need to be manually pushed only when updated.
+
+
+# Falco Project Evolution
+
+We will modeling a loosely defined adoption of the Kubernetes and CNCF incubator efforts.
+
+The criteria will remain loose, and tighten as needed at the discretion of the Falco open source community.
+
+### contrib
+
+"_Sandbox level_"
+
+This new [contrib](https://github.com/falcosecurity/contrib) repository will be equivalent to the `Falco Sandbox` and serves as a place for the community to `test-drive` ideas/projects/code.
+
+### repository
+
+"_Incubating level_" projects such as [falco-exporter](https://github.com/falco-exporter) can be promoted from `contrib` to their own repository. 
+
+This is done as needed, and can best be measured by the need to cut a release and use the GitHub release features. Again, this is at the discretion of the Falco open source community.
+
+### official support
+
+As the need for a project grows, it can ultimately achieve the highest and most coveted status within The Falco Project. "_Offical support_."
+
+The artifacts listed above are part of the official Falco release process. These artifact will be refined and amended by the [Part 2](./20200506-artifacts-scope-part-2.md).
+
+# Action
+
+The *Part 1* is mainly intended as a cleanup process.
+For each item not listed above, ask if it needs to be moved or deleted.
+After the cleanup process, all items will match the *Part 1* of this proposal.
+
+
+### Action Items
+
+Here are SOME of the items that would need to be done, for example:
+
+ - Remove `minimal` from `falco` repository (it's almost similar to `slim`, we don't need two images for the same purpose)
+ - Rename `driverloader` image to `falco-driver-loader` (since it has not been release yet, we can rename it without breaking things)
+ - Move everything else to contrib
+     - Move [/integrations](https://github.com/falcosecurity/falco/tree/master/integrations) to contrib
+     - Move [/examples](https://github.com/falcosecurity/falco/tree/master/examples) to contrib
+     - Old documentation
+
+### Documentation
+
+Update documentation in [falco-website#184](https://github.com/falcosecurity/falco-website/pull/184).
+
+### Adjusting projects
+
+ - YAML manifest documentation to be moved to `contrib`
+ - Minkube, Kind, Puppet, Ansible, etc documentation to be moved to `contrib`
diff --git a/proposals/20200506-artifacts-scope-part-2.md b/proposals/20200506-artifacts-scope-part-2.md
@@ -0,0 +1,139 @@
+# Falco Artifacts Scope - Part 2
+
+The **Falco Artifact Scope** proposal is divided in two parts:
+1. the [Part 1](./20200506-artifacts-scope-part-1.md): the State of Art of Falco artifacts
+2. the Part 2 - *this document*: the intended state moving forward
+
+## Summary 
+
+See [Part 1](./20200506-artifacts-scope-part-1.md).
+
+## Terms
+
+See [Part 1](./20200506-artifacts-scope-part-1.md).
+
+## Packages
+
+Official packages for x86 64bits only.
+
+The following convention MUST be used for all packages.
+
+_All package names MUST contain a version._
+
+_If a package installs the Falco kernel module it MUST contain `module`._
+
+_If a package installs the Falco BPF probe it MUST contain `bpf`._
+
+_In general, if a package installs a Falco driver it MUST contain the driver name._
+
+
+### .deb
+
+ Falco running in debian like systems that will default to the kernel module.
+
+- falco-*x.y.z*-amd64.deb
+     - alias to ` falco-*x.y.z*-module-amd64.deb`
+ - falco-*x.y.z*-module-amd64.deb
+     - `falco` and `module`
+ - falco-*x.y.z*-bpf-amd64.deb
+     - `falco` and `bpf`
+
+
+We reserve the right to change the naming convention of deb packages accordingly to deb conventions.
+
+### .rpm
+
+ Falco running in rpm like systems that will default to the kernel module.
+
+- falco-*x.y.z*-x86_64.rpm
+     - alias to ` falco-*x.y.z*-module-x86_64.rpm`
+ - falco-*x.y.z*-module-x86_64.rpm
+     - `falco` and `module`
+ - falco-*x.y.z*-bpf-x86_64.rpm
+     - `falco` and `bpf`
+
+We reserve the right to change the naming convention of rpm packages accordingly to rpm conventions.
+
+### .tar.gz
+
+- falco-bin-x86.tar.gz
+    - `falco` binary, `falco-loader-script`, drivers source, and related dependencies
+    - `INSTALL` file
+    - `Makefile` file
+- falco-src-x86.tar.gz
+    - No binaries
+    - `INSTALL` file
+- falco-module-src-x86.tar.gz
+    - `module` sources with `Makefile`
+    - `INSTALL` file
+- falco-bpf-src-x86.tar.gz
+    - `bpf` sources with `Makefile`
+    - `INSTALL` file
+
+## Images
+
+The following convention MUST be used for all container images.
+
+
+ - falcosecurity/falco:TAG
+     - First runs `falco-driver-loader` and then runs `falco`
+     - Can be run with `--privileged`
+     - Can be run with `-e SKIP_DRIVER_LOADER=true` to skip the execution of `falco-driver-loader`
+     - TAG can be `latest` to refer to the latest release
+     - TAG can be `master` to refer to the latest master
+     - TAG can be `x.y.z` to refer to a specific release
+ - falcosecurity/falco-driver-loader:TAG
+     - Runs `falco-driver-loader` and exit
+     - Needs to be run with `--privileged`
+ - falcosecurity/falco-no-driver
+     - Runs `falco` (only userspace)
+ - falcosecurity/falco-tester:TAG 
+     - Runs the Falco integration test suite
+ - falcosecurity/falco-builder:TAG
+     - Contains the Falco tool chain for development
+
+The image usage MUST be documented in the Dockerfile and in the [website](https://falco.org/docs/).
+If an image does not take any action by default, a command usage MUST printed out.
+We reserve the right to add image aliases if it was needed.
+
+## Official support
+
+These artifacts will be amended to the ones listed above, and will become a part of the official Falco release process.
+
+## Action
+
+For each item, ask if this already exists. If so we need to rename, and update it to match this new convention. If does not exist, add it.
+
+
+### Action Items
+
+Here are SOME of the items that would need to be done for example:
+
+ - Rename package accordingly 
+ - Rename docker images accordingly 
+     - Evaluate how to call what's currently called `falcosecurity/falco:latest-slim`
+ - Documentation in all packages with `INSTALL` file
+ - Add `Makefile` where needed
+ - Implement missing packages
+    - Rename `SKIP_MODULE_LOAD` environment variable of docker images to `SKIP_DRIVER_LOADER`
+    - Create `usage` commands for every docker image
+
+### Documentation
+
+Update documentation in [falco-website](https://github.com/falcosecurity/falco-website/)
+
+#### Note:
+
+This could break the current helm chart, and maybe other dependencies.
+
+We owe existing users of the Falco project some courtesy if we will break their usage of how Falco has traditionally been advertised. 
+
+Some things we owe the community.
+
+ - Announcement on Falco mailing list
+ - Issues/Pull Request to Helm chart
+     - Note: At the very least open an issue and document how to make the existing helm chart work with the new changes if needed. [Nova Volunteers]
+     - We should at least open a PR and update the helm chart with these new expectations if needed. [Nova Volunteers]
+     - We should revisit the helm chart OWNERS
+ - Twitter
+ - Documentation