Add AWS team and add Jeffwan to project-maintainers

[Jeffwan]

1. Add AWS team for internal discussion
2. Add Jeffwan@ to kubeflow/common team
3. Add kfctl to release-team scope.

[kubeflow-bot]

This change is 

[Jeffwan]

/cc @jlewi

[Jeffwan]

/cc @abhi-g

[jlewi]

We currently don't use teams or sync teams so adding an AWS team won't do anything.
Adding more folks to project-maintainers probably isn't scalable as it gives write access to all repositories. So we probably need to come up with a more sclable solution for access to projects.

[Jeffwan]

@jlewi Makes sense. Does repository owner automatically has write access to the repo? I think project maintainer's requirement is to create tag and cut release, sometime create remote branch. Do you think if there's a way to do that?

I think using teams is still a option. Each project can have a dedicate team which could have access to the target repo. it's a superset for kubeflow maintainers. The current problem is these teams doesn't own any repo which makes them useless. Another usage of team is to at team like @kubeflow/project-maintainers in issue triage, design review.

[jlewi]

@Jeffwan sorry for not being clear. Using GitHub teams in principle is fine; we probably just need to include teams in the automatic sync.

The "project maintainers" team was explicitly setup to grant all members write access to all repositories. The unscalable bit here is having a growing team with write access to all repos. The use of teams in itself isn't problematic. kubeflow/community#314 explains why we did this and the need for more scalable solutions.

It looks like I might have misspoken. I checked our peribolous config and its

           - /app/prow/cmd/peribolos/app.binary.runfiles/io_k8s_test_infra/prow/cmd/peribolos/linux_amd64_pure_stripped/app.binary  
            - --fix-teams 
            - --fix-team-members 
            - --fix-org-members 
            - --config-path=/src/kubeflow/internal-acls/github-orgs/kubeflow/org.yaml
            - --github-token-path=/secret/github-token/github_token
            - --required-admins=jlewi
            - --required-admins=abhi-g
            - --required-admins=google-admin
            - --required-admins=googlebot
            - --required-admins=richardsliu
            - --confirm=true

So we should be sync'ing team members.

[jlewi]

So in this PR feel free to define an AWS team. Unless you need write access to all Kanban boards please don't add yourself to project-maintainers.

Per kubeflow/kubeflow#5022 if you want to volunteer to be part of the release team for KF 1.1 then add yourself to release-team.

[jlewi]

If you join the release-team that should give you permission on the mxnet repo to cut releases.

[Jeffwan]

@jlewi

I don't need access to all Kanban boards, I will not request permission to project-maintainers.

The problem is release-team doesn't mxnet-operator and mpi-operator repo under the management. Anywhere we define the scope?

I am part of release team now.. Richard invited me for v1.0.2 release via Github directly I think. I should add a record here.

[jlewi]

@Jeffwan I granted release-team permissions manually for the 2 repos you mentioned mpi-operator and mxnet-operator so that should unblock things on that end as a short term solution.

Longer term solution is to ensure GitOps is auto sync'ing things
#228

[terrytangyuan]

@jlewi Could you add me to release-team manually as well since #247 has no effect? Once that's done, we can close #233 and just leave #228 open.

[jlewi]

@terrytangyuan I would like to fix the sync.

@Jeffwan see my comment in
#228 (comment)

The sync is broken right now because of the user ajayalfred so can you remove that user from the file to fix the sync?

[jlewi]

#250 should be submitted and merged first and then you will need to rebase this one.
#250 should fix the sync and also includes an update on team permissions.
Per #228 once #250 is merged we should start sync'ing team repos and that should give us a way to use GitOps to manage permissions on repositories.

[Jeffwan]

Just see this. Seems @terrytangyuan fix the problem. I will rebase the changes

[Jeffwan]

Updated changes:

• Add AWS team
• Add Jeffwan@ to kubeflow/common team
• Add kfctl to release-team scope.

[terrytangyuan]

/lgtm

[jlewi]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jlewi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• github-orgs/OWNERS [jlewi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment