Add CNCF community related documents (v6d-io#144)

CODE_OF_CONDUCT.md

@@ -0,0 +1,5 @@
+# Vineyard Community Code of Conduct
+
+Vineyard follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
+
+In cases of abusive, harassing, or any unacceptable behaviors, please don't hesitate to contact the project team at [email protected].

GOVERNANCE.md

@@ -0,0 +1,70 @@
+# Governance
+
+The governance model adopted in Vineyard is influenced by many CNCF projects.
+
+## Principles
+
+- **Open**: Vineyard is open source community. See [Contributor License Agreement](https://cla-assistant.io/alibaba/libvineyard).
+- **Welcoming and respectful**: See [Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
+- **Transparent and accessible**: Work and collaboration should be done in public.
+- **Merit**: Ideas and contributions are accepted according to their technical merit
+ and alignment with project objectives, scope and design principles.
+
+## Project Maintainers
+
+* Classify GitHub issues and perform pull request reviews for other maintainers and the community.
+
+* During GitHub issue classification, apply all applicable [labels](https://github.com/alibaba/libvineyard/labels)
+ to each new issue. Use your best judgement to apply labels, since they are extremely useful for follow-up of future issues. 
+
+* Maintainers are expected to respond to assigned Pull Requests in a reasonable time frame.
+
+* Participate when called upon in the security release process. Note
+ that although this should be a rare occurrence, if a serious vulnerability is found, the process
+ may take up to several full days of work to implement.
+
+* In general continue to be willing to spend at least 20% of your time working on Vineyard (1 day per week).
+
+## Process of becoming a maintainer
+
+* Talk to one of the existing project [maintainers](MAINTAINERS.md) to show your interest in becoming a
+ maintainer. Becoming a maintainer generally means that you are going to be spending substantial
+ time (>20%) on Vineyard for the foreseeable future. 
+
+* We will expect you to start contributing increasingly complicated PRs, under the guidance of the existing maintainers.
+
+* We may ask you to do some PRs from our backlog. As you gain experience with the code base and our standards, 
+ we will ask you to do code reviews for incoming PRs.
+
+* After a period of approximately 3 months of working together and making sure we see eye to eye, the existing
+ maintainers will confer and decide whether to grant maintainer status or not. 
+ We make no guarantees on the length of time this will take, but 3 months is an approximate goal.
+
+## When does a maintainer lose maintainer status
+
+* If a maintainer is no longer interested or cannot perform the maintainer duties listed above, they
+ should volunteer to be moved to emeritus status. 
+
+* The Vineyard community will never forcefully remove a current Maintainer, unless a maintainer fails to meet 
+ the principles of Vineyard community.
+
+## Decision making process
+
+Decisions are made based on consensus between maintainers. In extreme cases, a simple majority voting process is invoked 
+where each maintainer receives one vote.
+
+Proposals and ideas can either be submitted for agreement via a github issue or PR,
+or by sending an email to `[email protected]`.
+
+In general, we prefer that technical issues and maintainer membership are amicably worked out between the persons involved.
+If a dispute cannot be decided independently, get a third-party maintainer (e.g. a mutual contact with some background
+on the issue, but not involved in the conflict) to intercede and the final decision will be made.
+Decision making process should be transparent to adhere to the principles of Vineyard project.
+
+## Code of Conduct
+
+The Vineyard [Code of Conduct](CODE_OF_CONDUCT.md) is aligned with the CNCF Code of Conduct.
+
+## Credits
+
+Some contents in this documents have been borrowed from [BFE](https://github.com/bfenetworks/bfe/blob/develop/GOVERNANCE.md) and [OpenYurt](https://github.com/alibaba/openyurt/blob/master/GOVERNANCE.md).

MAINTAINERS.md

@@ -0,0 +1,12 @@
+# The Vineyard Maintainers
+
+This file lists the maintainers of the Vineyard project. The responsibilities of maintainers are listed in the [GOVERNANCE.md](GOVERNANCE.md) file.
+
+## Project Maintainers
+| Name | GitHub ID | Affiliation |
+| ---- | --------- | ----------- |
+| [Tao He](mailto:[email protected]) | [sighingnow](https://github.com/sighingnow) | Alibaba |
+| [Wenyuan Yu](mailto:[email protected]) | [wenyuanyu](https://github.com/wenyuanyu) | Alibaba |
+| [Weibin Zeng](mailto:[email protected]) | [acezen](https://github.com/acezen) | Alibaba |
+| [Siyuan Zhang](mailto:[email protected]) | [siyuan0322](https://github.com/siyuan0322) | Alibaba |
+| [Diwen Zhu](mailto:[email protected]) | [andydiwenzhu](https://github.com/andydiwenzhu) | Alibaba |

OWNERS

@@ -0,0 +1,13 @@
+# See: https://go.k8s.io/owners
+approvers:
+ - acezen
+ - andydiwenzhu 
+ - sighingnow
+ - siyuan0322
+ - wenyuanyu
+reviewers:
+ - acezen
+ - andydiwenzhu 
+ - sighingnow
+ - siyuan0322
+ - wenyuanyu

SECURITY.md

@@ -0,0 +1,22 @@
+# Security Policies and Procedures
+The Vineyard community takes all security bugs seriously. Thank you for improving the security quality of vineyard. 
+We adopt a private disclosure process for security issues.
+
+### Private Disclosure Process
+If you find a bug, a security vulnerability or any security related issues,
+please DO NOT file a public issue. Do not create a Github issue.
+Instead, send your report privately to [email protected].
+Security reports are greatly appreciated and we will publicly thank you for it.
+
+Please provide as much information as possible, so we can react quickly.
+For instance, that could include:
+- Description of the location and potential impact of the vulnerability;
+- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us)
+- Whatever else you think we might need to identify the source of this vulnerability
+
+One of our maintainers will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the maintainers will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+