For what it's worth, the CNCF is not big on CLAs in general although, as far as I know, they don't specifically prohibit them. In general, they prefer to use a developer certificate of origin.
That's a bit surprising to read because here's what @cra of the Linux Foundation said a couple years ago:
It’s [a Developer Certificate of Origin] how the Linux kernel works, where basically it takes all the basic things that most CLAs do, which would be like, ‘Did I write this code? Did I not copy it elsewhere? Do I have the rights to give this to you, and you sign off on?’ It’s been a very successful model played out in the kernel and many other ecosystems. I’m generally not really supportive of having CLAs unless there’s a real strict business need."
FYI 99% of CNCF projects use DCO, only a handful still use CLA but we give projects a CHOICE in the matter. I prefer DCO personally because it's a lower barrier to entry for contributors (e.g., not formal legal agreement to sign and be reviewed by lawyers)
