owned this note changed 4 days ago
Linked with GitHub

External Secrets Community Meeting

Schedule

Meetings are on Zoom every other Wednesday 13:00 PM CEST. (invite is on https://www.cncf.io/calendar/)

Next Meeting link: https://zoom-lfx.platform.linuxfoundation.org/meeting/92843470602?password=b953d8fb-825b-48ae-8fd7-226e498cc316

Steps before starting the meeting:

  • Start Recording
  • Welcome everyone ;)
  • (Optional) Intros from new joiners
  • Mention COC

In meeting:

  • Go over action items from last meeting
  • Go over points
  • Go over previous meetings action items
  • Go quickly over some open PR
  • Backlog Items:
    • is there an easy to read changelog, blog etc to see what is new in each version ? For example, going from 0.8.x to 0.9.x (slack) [@Mark]

March 26th

Host

  • Gergely (@skarlso)

Community Meeting

Participants

  • Gustavo (@gusfcarvalho)

Agenda

  • Talk about Provider sunsetting https://github.com/external-secrets/external-secrets/issues/4593
    • @Skarlso Leave a comment on the issue about the decision / updated opinion
  • Promote ESO to V1, freeze new feature requests to the whole structure, create v2alpha1?
    • Provider Versioning Scheme separate others
    • Templating to target creation of none Kubernetes secret objects ( ConfigMap, OpenShift )
    • PushSecrets which simply cannot have all the nice things ExternalSEcrets can have.
    • Generators/ClsuterGenerators which are weird and not following same standards as SecretSTores/ClsuterSecretSTores
    • @gusfcarvalho to add these to the v1 tracking issues and ping the other maintainers about it. Start sync voting on next community meeting, and if not enough quorum, vote via lazy consensus on the issue.
  • Incubation issue is sleeping https://github.com/cncf/toc/issues/1486

March 12th

Host

  • Gergely (@skarlso)

Community Meeting

Agenda

Nothing important really.

A roadmap for ESO https://github.com/orgs/external-secrets/projects/2.

February 26th

Host

  • Gergely (@skarlso)

It was a test meeting to see if the new invite from CNCF and the Zoom meeting is working. And it was.

February 12th

Host

  • Gergely (@skarlso)

Community Meeting

Agenda

  • Old issues cleanup
    • Possibly reduce the stale bot number
    • Help people contribute and understand the codebase
    • Documentation on how to add providers
  • In-tree out of tree proposals PR #3634
    • Trilok Geer to take a look and review/re-evaluate
  • We really really need to update the AWS Provider SDK to v2 Issue
    • Put a bounty on it, so people pick it up ( look into this and decide on how to proceed )
  • Cannot seem to run e2e tests on this pull-request even though it was recreated
    • Try creating a bump PR ourselves and see if it works.
  • Ping Barath on https://github.com/external-secrets/external-secrets/issues/1038
    • Barath will comment on the issue so I can assign him to it
  • Incubating Process updates ? :)))
  • Kubecon EU Plans?
  • Injecting secrets into the pod directly as an environment variable?
    • If an organization hates secrets, they hate environment variables ( it's typically worse )

Action Items

  • Unnofficial Gathering for External Secrets Community (when, where - to decide @gusfcarvalho)
  • @skarlso talk to the maintainers about this process
  • Prodiver template creation esoctl -> create provider assignee -> @skarlso ( document in code on how to implement, bootstrap a provider )
  • Trilok to review / re-evaluate /re-propose out-of-tree providers
  • Bharath to tackle #1038
  • Close really old issues that lost meaning like #336
  • On old issues ask the person if the issue is still relevent / encourage them to contribute
  • Come up with a design proposal to inject secrets into pod directly
    • Before doing this, create an issue to gauge community desire for this kind of feature @skarlso

January 29th

Community Meeting

Agenda

Dec 18th

Community Meeting

Host

  • Gustavo

Agenda

  • stateful generators (#4203)
  • deprecate namespace name selector from ClusterExternalSecret? (ref: #4162)
    • Deprecate/Remove
  • helm olm operator - what is the present case from customer perspective?
  • Tag Security for Incubating (:party_hat:)
    • waiting for ESO presentation to be booked

Action Items

Dec 4th

Community Meeting

Host

  • Gustavo

Agenda

Action Items

  • @gusfcarvalho to notify people, open PRs, and change Release notes warning of the deprecation.

Sept 25th

Community Meeting

Host

Agenda

  • Discussions with CNCF
    • Moving docs to netlify
    • hugo + docsy
    • Mentorship program
    • google GSOC support
    • Workshop (service desk?)
    • google season of docs

Aug 28st

Community Meeting

Host

  • Lucas (@knela)

Attendees

  • Gustavo (@gusfcarvalho)
  • Gergely (@skarlso)

Agenda/Notes

Action items

  • First try to contact CNCF for google analytics access & using scarf.sh (@knelasevero)
  • Explore these with the current value on the collective:
    • Make Most Vodted by community issues - Attract/Reward contributions for it. (@gusfcarvalho)
    • First draft of Proposal - Maintainer Scholarship for newly onboarded maintainers (@gusfcarvalho)
  • Remove Sebagomez, Shuhei from the maintainers group (@knelasevero).
  • Create a Reviewers group (@knelasevero).

July 31st

Community Meeting

Host

  • Lucas

Attendees

  • Gustavo
  • Gergely
  • Lucas

Agenda/Notes

Action items

  • PR introducing better webhook posture (@gusfcarvalho) DONE
  • Add msg to error logs pointing to update secrets (@gusfcarvalho) DONE
  • Create issue "Problems with webhook provider on 0.10.x ?" and Pin it (@knelasevero)
  • Remove Sebagomez, Shuhei from the maintainers group (@knelasevero).
  • Create a Reviewers group (@knelasevero).
  • Remove PAUL (@knelasevero) :'(
  • Actually review #3699 (@gusfcarvalho @knelasevero) DONE

June 19

Community Meeting

Host

  • Lucas

Attendees

  • Moritz
  • Gergely
  • Iwan

Agenda/Notes

Action items

May 22

Community Meeting

Host

  • Lucas

Attendees

  • Lucas
  • Iwan

Agenda/Notes

  • Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515).
    • Check if provider separation (and future plugin solution) would help here
    • Check proposed solution in the issue (both from implementability perspective and if we would be ok with incorporating that into the project)
    • Vote on it

Action items

April 24

Community Meeting

Host

  • Gustavo

Attendees

  • Gustavo

Agenda/Notes

  • .

Action items

  • .

March 13 [canceled ]

Community Meeting

Host

  • Lucas

Attendees

  • Lucas

Agenda/Notes

  • .

Action items

  • .

Jan 18

Community Meeting

Host

  • Gustavo (@gusfcarvalho)

Attendees

  • Moritz

Agenda/Notes

Action items

  • Find ToC members and talk to them
  • create a new issue to discuss which tool to use over FOSSA
  • Document implementation of Providers to allow for both SEcretStore or SecretStore.spec.provider deprecation. Ask for maintainers votes. [@gusfcarvalho]
  • reach out to brendan about Paul [@knelasevero]

Jan 3

Community Meeting

Host

  • Lucas

Attendees

  • Lucas
  • Moritz

Agenda/Notes

  • codecov slack thread
    • let's do this, would be great to have it back!
  • state of paul?
  • fossa :/
  • Deprecation of SecretStore
  • Release process

Action items

  • reach out to brendan about Paul [@knelasevero]
  • fossa - reach out to cncf [@moolen]

Dec 20th

Community Meeting

Host

  • Moritz

Attendees

  • Moritz
  • Roger
  • Alec

Agenda/Notes

  • briefly touched on #2503, there's raising interest and alec would like to raise a PR with a design doc

Action Items

  • check if Paul bot is working @moolen

Dec 6th

Community Meeting

Host

  • Gustavo (@gusfcarvalho)

Attendees

  • Shlomo Heigh (@szh, Dev @ CyberArk Conjur)
  • @moolen
  • @vsantos

Agenda/Notes

  • (if we have quorum) Provider Versioning proposal #2545/#694
  • Question about provider feature support matrix, general discussion about Conjur provider upgrades

Action Items

  • Start vote async for SecretStore decision.

Nov 22th

Community Meeting

Host

  • Moritz (@moolen)

Attendees

  • Gergely Brautigam (@skarlso)
  • Gustavo (@gusfcarvalho)
  • Roger Tuma (@rogertuma)

Agenda/Notes

  • KubeCon update (?)
    • Multiple Kubernetes Secret from one External Secret.
    • External Secret creating different targets than secret.
  • Provider Versioning proposal #2545/#694
  • PushSecret generator proposal #2665
  • Latest commit from me has a failed license error? commit.

Action Items

  • versioning proposal: let's see until next community meeting if we're able to produce something tangible and drop it if it takes too much time implementing it
  • consider dropping FOSSA and replace it with snyk (@moolen create issue)

Oct 25th

Community Meeting

Host

  • Moritz (@moolen)

Attendees

  • Moritz (@moolen)
  • Lucas (@knelasevero)
  • Shuhei (@shuheiktgw)
  • Leonardo (@leomichalski)
  • Lais (@laisramos123)

Agenda/Notes

Action Items

  • dig CRD fields should be versioned @knela
  • open issue for AKS managed test suite @moolen
  • start async discussion about rotation for launching releases and for hosting meetings @knela

Oct 11th

Community Meeting

Host

  • Lucas (@knelasevero)

Attendees

  • Moritz (@moolen)

Agenda/Notes

Action Items

  • review the kubecon stuff (@knelasevero)

September 27th

Community Meeting

Host

  • Moritz

Attendees

  • Moritz (@moolen)

Agenda/Notes

  • KubeCon prep
  • review PRs

Action Items

September 13th

Community Meeting

Host

  • Gustavo

Attendees

  • Gustavo (@gusfcarvalho)

Agenda/Notes

Action Items

  • @moolen update docs, next meeting Sept 27th.
  • @knelasevero Double check if OLM release process can support configuration

August 30th

Community Meeting

Host

  • Moritz

Attendees

  • Moritz (@moolen)

Agenda/Notes

Meeting postponed as no one joined! Next meeting will be September, 13th.

Action Items

August 2nd

Community Meeting

Host

  • Gustavo

Attendees

  • Gustavo (@gusfcarvalho)
  • Moritz (@moolen)
  • Seb (@sebagomez)

Agenda/Notes

  • GA prep
  • release prep 0.9.2

Action Items

  • ask in slack regarding meeting time @moolen
  • create maintainer onboarding docs @moolen
  • Design how Provider Versioning Strategy would 'look like in theory' @gusfcarvalho
  • Secret Store v1 design (field changes, we can consider the minimal approach)
  • Create issues for design action items and for the missing bits that do not have action items. @gusfcarvalho
  • release 0.9.2 - @gusfcarvalho @sebagomez
  • review #2410 - @gusfcarvalho
  • write a comment on #2288 - we can proceed with it, and if we decide that this is a bad way of moving forward (and prefer dataFrom, we can push forward)
  • comm

July 21st

General Availability development missing bits

Attendees

  • Moritz
  • Gustavo
  • Lucas
  • Seb

Meeting Notes

Points:

  • Deprecation of ConversionPolicy (no issue yet)
  • Deprecation of prometheus annotations #1025
  • Standardize dataFrom.find (no issue yet)
  • Standardize MetadataPolicy (no issue yet - should we do it?)
  • Removal of v1alpha1 (no issue yet)
  • Deprecation of v1beta1 (no issue yet)
  • [BIG TASK] Provider versioning Strategy #694
    • Strategy one: have non-validated field with provider configuration, versioning done on code level (with validation needed as well)
    • Strategy two: Separate providers into new CRDs, reference CRDs on the SecretStore
      • Maybe deprecate the SecretStore and just leverage SourceRef on the External Secrets?
      • Make v1beta2 with new SecretStore
        • CRDs for providers would be v1beta1
  • [BIG TASK] Standardize SecretStore Providers #689 [we need design here - action item]
    • Close to Provider versioning
    • Conversion Webhook logic for upgrade path (v1beta1 -> v1)
    • how serviceAccounts and secrets are used
    • common fields like 'path' and 'server'?
      • common fields mean found more than 5 times across a file, or 10 times across the project.
    • root level provider structure should follow:
      • auth
      • server (find a better name - maybe target)
        • url
        • cabundle, caprovider
        • endpoint
    • After discussing, Standadization of fields seems way easier if we figure out provider versioning with CRDs.

Action Items

  • Check resources for ESO GA last mile with Container Solutions @gusfcarvalho
  • Check if @shuhei can help out with the Big Tasks that are important, but don't really add much value.
  • Design how Provider Versioning Strategy would 'look like in theory'
  • Secret Store v1 design (field changes, we can consider the minimal approach)
  • Create issues for design action items and for the missing bits that do not have action items.

July 5th

Host

  • Lucas (@knelasevero)

Attendees

  • Moritz (@moolen)

Agenda/Notes

Action items:

  • ask in slack regarding meeting time @moolen
  • create maintainer onboarding docs @moolen
  • document accounts we have etc.
  • open thread in slack regarding "when do we stop onboarding new providers?" @moolen
  • make a doodle for a meeting where we brainstorm on what needs to be done before GA (not mapped on the milestone, docs and all) @knelasevero

June 21st

Host

  • Gustavo (@gusfcarvalho)

Attendees

  • Gustavo
  • Moritz

Agenda/Notes

  • plugin system / provider separation #696
    • Instead of plugins, go for build flags?
    • We generate only the "full" image, and allow users to build images without the providers they don't need
      • It is not a way to not have plugins, but to allow moving the project to GA without the plugin system in place (as a lot of refactor would be needed, etc.)
    • Moritz ran some PoC on plugin system, and even though it is working, it would take some time to take it from alpha onto release to users.
    • Plugin system could be a good idea for v2, as we could break existing users in the process of releasing it.
    • for V1 - suggestion by both Moritz and Gustavo to go without plugins.
  • release 0.9.0 (past community meeting action item) - Moritz is reviewing fixes and documentation PRs to be able to release 0.9.0
  • Open PRs that need to be reviewed

Action Items

  • Add Seb to manage youtube channel (@gusfcarvalho)
  • Add poll to see other maintainers opinions on the issue (@gusfcarvalho)
  • Review open PRs as the list is getting big!

June 7th

Host

  • Seb

Attendees

  • Seb
  • Moritz
  • Gustavo
  • Nima
  • Ludovic
  • Yuri

Agenda/Notes

  • 0.8.x or 0.9 release (requested via slack thread)?
  • ESO Threat Model #2308
  • e2e tests enhancements #2376
  • eso threat model #2308
  • update on plugin system / provider separation #696

Action items:

  • @moolen + @seb to do the release

May 24th

Host

  • Moritz

Attendees

  • Moritz

Agenda/Notes

Meeting postponed as no one joined! Next meeting will be June, 7th.

  • 0.8.3 release / fix OpenShift #2342 & #34
  • ESO Threat Model #2308

May 10th

Host

  • Lucas

Attendees

  • Gustavo (@gusfcarvalho)
  • Seb (@sebagomez)
  • Scott Andrews (@scothis)
  • Andy Sadler (@sadlerap)
  • Mo Khan (@enj)
  • Anish Ramasekar (@aramase)

Agenda/Notes

April 26th

Host

  • Gustavo (@gusfcarvalho)

Attendees

  • Lucas Severo (@knelasevero)
  • sebagomez
  • moolen
  • Gaurav Dasson

Agenda/Notes

  • General Plans:

    • Docs improvement #2242 - @seb will work on it
    • Security Best Practices (@moolen to write up issue)
    • Plugin capability #696
    • CSI Secret Store interoperability #336
      • Go to their comm meeting - Help preparing a presentation and would be good to have 2 of us there at least - @gusfcarvalho
      • Host them at our next comm meeting and discuss their project and ideas
    • Cloud Events integration - need still better understand what we want to do here. Be just a source or a sink?
    • LTS Release Process #2155
    • Discuss PR #2208 @gaurav presented the logic. @gusfcarvalho to take a look
      • e2e tests in this PR?

  • 0.8.2 release?
    - LTS Release Process or Gitlab bugfix, whichever comes first.

  • ESO GA:

  • ESO CNCF Incubating

  • CNCF Project Update - Annie sent an email

  • Yuri Sa wants to contribute remaining missing features and help with open telemetry topics

    • Create an issue to implement open telemetry client

April 12th

Host

  • Lucas

Attendees

  • Gustavo (@gusfcarvalho)
  • Moritz
  • Seb

Agenda/Notes

Action Items:

  • add eso-examples repo - Fetch a single secret with GCP/AWS
    • Find and Extract with Vault
    • Generators
    • PushSecrets
    • Templates
  • All of them must run on a workload/federation authentication
  • Add ESO slides
  • Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
  • Take PR #1451 contributions into a new PR @gusfcarvalho
  • Take PR #1389 contributions and push it over the line if dacamposol cannot make it.

Agenda/Notes

March 29th

Host

  • Moritz (@moolen)

Attendees

  • Moritz (@moolen)
  • Lucas

Agenda/Notes

Action Items:

  • Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
  • Take PR #1451 contributions into a new PR @gusfcarvalho
  • Take PR #1389 contributions and push it over the line if dacamposol cannot make it.

March 15th

Host

  • Gustavo (@gusfcarvalho)

Attendees

  • Moritz (@moolen)
  • Sebastian @sebagomez

Agenda/Notes

  • 0.8.0 release
  • GA release double check
  • Kubecon Preparations
    • Talks
      • CRDs talk for CN Rejekts
        • Test audience with community <3
      • Kubecon talk <3
    • Booth
      • prep slidedeck
      • prep material (examples, use cases, etc) - better if in a live cluster?
      • schedule timeslots
    • .
  • Promote @sebagomez to a maintainer (if he wants to ;))
  • Go over open PRs
  • Event Driven (async) reconciliation (if we have audience)

Action Items:

  • ✓change meeting time in README and docs
  • Prepare rotation schedule sheet and share between people. @gusfcarvalho
  • Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
  • double check if Metadata Policy=Fetch behavior over providers is standardized.
  • Take PR #1451 contributions into a new PR @gusfcarvalho
  • Take PR #1389 contributions and push it over the line if dacamposol cannot make it.

March 1st (Canceled since we did not have quorum)

Host

  • Lucas (@knelasevero)

Attendees

  • .

Agenda/Notes

  • Release should be launched soon
  • Kubecon preparations
    • Talks
    • Booth
    • .

Feb 15 (cancelled)

  • .

February 1st

Host

  • Gustavo Carvalho (@gusfcarvalho)

Attendees

  • Ben Gurney
  • Moritz Johner

Agenda/Notes

  • PR #1389 - help/ strategy to move forward.
  • Missing features for GA!
    • Template Merge/Persistence issues (e.g. #1429)
    • Metadata Policy
  • Go over open PRs
  • Event Driven (async) reconciliation (if we have audience)
  • Incorporate Reloader to reload deployments (if we have audience)

Action Itens

  • PR #1953 - Build API spec documentation from CRDs - avoids the need to include so many examples in the API spec.
  • Take over #1451 if the contributor wnats the help
  • PR #1405 - contributor does not want to continue. Ping other involved if they want to, if not close it.
  • If Event Driven reconcile is moving forward, it will be driven by its own CRD (so we can release GA independently)
  • Marketing google docs - review it to prepare our GA release.

January 18th

Attendees

  • Gustavo Carvalho (@gusfcarvalho)

Host

  • Moritz Johner (@moolen)

Agenda/Notes

  • Event Driven (async) reconciliation
  • Incorporate Reloader to reload deployments
  • Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    new financial contributor: inetshell

Attendees

January 4th

Attendees

  • Moritz Johner (@moolen)
  • Gustavo Carvalho (@gusfcarvalho)

Host

  • Lucas Alves (@knelasevero)

Agenda/Notes

Action Itens

  • Next community meeting (trial): at 15:30 PM - Add it to README.md @moolen
  • Round robin for Host Rotation - 1st Lucas -> 2nd Moritz -> 3rd Gustavo (reminder on slack) @knelasevero
  • Add issues for GA milestone and tag with "help wanted"
  • from 0.8.0 forward, Alibaba provider is deprecated (no longer supported by Alicloud)
  • ask for a cncf booth (@knelasevero)

November 21st December

  • Meeting postponed as no one joined!
  • Next meeting will be January 4th

Attendees

  • Moritz Johner (@moolen)

Agenda/Notes

  • New community meeting time announcement
  • Write up Host rotation policy
  • Write up PR review rotation policy
  • Release 0.7.0
  • Templates From String
  • Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    doppler bronze sponsor
  • FOSSA report & MPL license #1820
  • alibaba RRSA support #1725
  • keeper provider #1768
  • generic cache implementation / pkg-level feature flags #1640
  • Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    happy holidays

Action Itens

November 7th December

Attendees

  • Gustavo Carvalho (@gusfcarvalho)

  • Meeting postponed as no one joined!

Agenda/Notes

  • New community meeting time announcement
  • Write up Host rotation policy
  • Write up PR review rotation policy
  • Release 0.7.0
  • Templates From String

Action Itens

November 23rd

Attendees

  • Gustavo Carvalho - @gusfcarvalho
  • Moritz Johner - @moolen

Agenda/Notes

Action items

  • @gusfcarvalho Post a poll in #external-secrets-dev for Meeting Time, Hosting Rotation and PR review rotation
  • @gusfcarvalho Post a poll to promote IBM Cloud Secrest Manager

November 9th

Attendees

  • No maintainer attendees

Agenda/Notes

  • Promote IBM Cloud Secrets Manager to internally maintained

October 26th

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Moritz Johner @moolen

Agenda/Notes

  • celebrate GOVERNANCE.md

  • consider making a patch release due to security vulnerabilities

    • Should we push approved PRs already?
    • What about Feature/ Generator?

  • Vault path fix #1636

  • Feature/ Generator #1539

    • Drop inline Ref (probably safer) and certificates use case with it :(

  • CloMonitor PR #1656

    • Removing Codesee due to security risks

  • generic cache #1640

  • Push Secret #1315

    • Waiting Generator PR to get in - use client manager and update docs

  • We should register for small booth @ kubecon EU 2023

Action items

October 11th

Attendees

  • Meeting postponed due to agenda conflicts! :(

Agenda/Notes

  • PushSecret status update
    • Possible Deletion logic walk through
  • Generator first remarks
  • @knela_severo to check how to register for small booth.
  • @gusfcarvalho to take bumps

September 28th

Attendees

  • Moritz Johner @moolen
  • Gustavo Carvalho @gusfcarvalho
  • Lucas Severo @knelasevero

Agenda/Notes

  • CNCF status update
  • generator status update #1539
    • waiting for reviews
    • coordinate with push-secrets changes (docs?)
      • This PR first, PushSecret to merge and fix docs conflicts
    • migration towards own AWS account
  • vault cache #1537
  • multi-image builds + image signing/SBOM/provenance #1574
  • PushSecret status update
    • PR(#1315) updated with requested changes
      • PushSecret controller tests using envtest
      • GCP tests using table driven approach
      • labelSelector to PushSecretStoreRef added (as opposed to replace it)
    • AWS SecretsManager/ParameterStore added
    • Hashicorp Vault code added
    • Still pending:
      • Secrets Deletion (finalizers/regular CR update)
      • update SetSecret method to PushSecret
  • secret-store-csi-driver integration proposal update
  • collective money

Action items

  • Review #1574
  • make release 0.6.0 (non-rc)
  • ask for update in CNCF onboarding issue
  • Schedule call to setup AWS credentials
  • Sync up (hackathon?) on integration proposal update with SSCSID
    • brittleness / complex system issues
    • how to deal with authentication?
    • @moolen add comments to the docs

September 14th

Skipped due to conflicts

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Agenda/Notes

  • generator PR ready to review
  • AWS Account migration status
  • celebrate donation from John Rinehart
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

August 31th 2022

Attendees

  • Moritz Johner @moolen
  • Gustavo Carvalho @gusfcarvalho

Agenda/Notes

Action items

August 18th 2022

Attendees

  • Moritz Johner @moolen
  • Gustavo Carvalho @gusfcarvalho

Agenda/Notes

  • generator proposal
    • ACR/ECR/GCR implementation
  • CNCF Onboarding sync
  • $CLOUD Accounts?
  • PushSecret status
  • Kubernetes v1.24 upgrade
  • GH Organization structure

Action items

  • @moolen Secret Generation will not handle leases. Add that to design.
  • @moolen Start migrating AWS accounts to ESO-owned orgs -> https://github.com/external-secrets/infrastructure
  • make release candidate release 0.6 with 1.24 PR
  • add support matrix for:
    • ES dataFrom.find.name
    • ES dataFrom.find.tags
    • ES metadata sync
    • push secret
    • ES referent auth
    • ES floodgate / validate store
  • ✓ remove admins from GH Org except:
    • @moolen, @knelasevero, @gusfcarvalho, markus maga + Linux Foundation

August 8th 2022

Attendees

Agenda/Notes

  • Postponed due to no attendees.

July 20th 2022

Attendees

  • Gustavo Carvalho @gusfcarvalho
  • Moritz Johner @moolen
  • Daniel Hix @adustyoldmuffin

Agenda/Notes

Non-Technical
  • CNCF Sandbox application
Technical
  • Hashivault AWS Engine #1211
  • Proposal Draft for Secrets Generation #1338
  • ECR/GCR/ACR provider
Action Items
  • Come up with some quick designs possibilities for Generation within Providers ()

July 06th 2022

Attendees

  • Gustavo Carvalho @gusfcarvalho

Agenda/Notes

Non-Technical
Technical

(if we have time)

  • Decoding Strategy PR #1294
  • Hashivault AWS Engine #1211
Action Items

June 22th 2022

Attendees

  • Moritz Johner @moolen
  • Gustavo Carvalho @gusfcarvalho

Agenda/Notes

Non-Technical
Technical
  • PushSecret status
  • Key rewrite proposal #1188
  • Fetch Tags #305
  • Issues in General
Action Items
  • add stale bot to close @moolen

June 8th 2022

Attendees

  • Moritz Johner @moolen
  • Daniel Hix @adustyoldmuffin
  • 1/2 Lucas @knelasevero

Agenda/Notes

Non-Technical

A couple of user question answered

  • what features are on the horizon?
  • where to put docs/examples around oracle cloud managed Kubernetes?
Technical

May 25th 2022

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Moritz Johner (@moolen)

Agenda/Notes

Non-Technical
  • Youtube/Podcasts update gdocs
  • Talks update - maybe having a gdocs as well
  • CNCF Application (!!!)
    • sidenote: cncf toc mailinglist around sandbox applications link
Technical
  • controller-tools@0.9.0 out monday (we can bump google grpc package now)
  • controller-runtime bump blocked by argocd dependencies.
  • Data from Key Rewrite becoming fairly requested by users #975.
  • (moolen) do a release?
  • (moolen) secret generator functionality: yep or nop? #1179
  • (moolen) prometheus rules in helm chart? #1174
  • rename SecretSink

Action Items

  • e2e tests for AKS (@gusfcarvalho)
  • if argocd doesn't update for the next two community meetings, refactor.
  • review #1176
  • @moolen: add issue for Kubernetes Provider to support service account

May 11th 2022

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Moritz Johner (@moolen)
  • Marcin Kubica (@marcinkubica)
  • Lucas Severo (@knelasevero)

Agenda/Notes

Non-Technical
  • Add k8s provider as internaly maintained
    • implement e2e tests + a setup similar to what we do with vault
  • Add Azure KeyVault as internally maintained
  • Ping Carla and Katie regarding more info around cncf sandbox
  • Youtube/Podcast update gdocs / ask for read access if you want
  • Kubecon Get Together (!!!)
Technical
  • RFI: SecretStores Capabilities (related to SecretSink).
  • flux/argo e2e tests #1041
  • aws cli / e2e-managed-aws failure
  • google grpc bumps
  • (optional) discuss how we handle provider upgrades for the future 912.

Action Items

  • ✓ (@moolen) add Azure KV as internally maintained / ping maintainers for that
  • ✓ (@moolen) add azure kv e2e tests issue
  • ✓ add k8s provider as internally maintained (@knelasevero)
  • add e2e tests for k8s provider (initially me, but will look to onboard someone new with this issue @knelasevero)
  • ✓ ping Carla/Katie (@knelasevero) [but Kubecon atendees can try to talk with both in person]
  • ✓ review flux/argo e2e (@knelasevero)

April 27th 2022

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Tom Godkin (@BooleanCat)
  • Moritz Johner (@moolen)
  • Marcin Kubica (@marcinkubica)

Agenda/Notes

Non-Technical
  • Make a fix release for ESO.
  • Inception for Secret Sink (or any other feature?)
  • Trunk-based contributions
  • If you want to work on Secret Sink, you are welcome!
Technical

Action Items

April 13th 2022

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Lucas Alves (@knelasevero)
  • Moritz Johner (@moolen)
  • Tom Godkin (@BooleanCat)

Agenda/Notes

Non-Technical
  • ESO Online Meetups
    • We can try to do it startung out with zoom - we can try out some different ideas (specially around freqyuency )
  • cloud account expenses
    • create
  • project board / release planning
  • CNCF contact and discuss applying already
  • ESO blog about sponsorships and big changes
    • plan what to talk about and who would write it
  • Collaborations w/ youtubers/podcasts
  • Potential contributions from EngineerBetter
Technical

Action Items

  • Create ESO accounts (this can be hard)
    • Afterwards migrate from current infra
  • @moolen create small writeup how Release Board should work

March 30th 2022

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Moritz Johner (@moolen)
  • Daniel Hix (@ADustyOldMuffin)

Agenda/Notes

  • GCP Performance Leak Issues (#818 and #834)
  • Release 0.5.0
    • #719 closed only pending to do #912
    • GetAllSecrets for AWS Merged
    • GetAllSecrets for Azure KeyVault ready to be Merged.
  • Secret Sink

Action Items

  • Release 0.5.0 once DeletionPolicy gets merged and some documentation around GetAllSecrets is available. After released, let some time to fix any bugs users might report.
  • Probably announce release because of the milestone it represents.

March 16th 2022

Attendees

  • Gustavo Carvalho (@gusfcarvalho)
  • Moritz Johner (@moolen)
  • Daniel Hix (@ADustyOldMuffin)

Agenda/Notes

  • Release 0.5.0
  • Performance / Leak issues with GCP Provider: #818 and #834
  • Azure WI #738
  • GetAllSecrets for AWS #820
  • GetAllSecrets for Azure KeyVault #805
  • Secret Sink proposal
  • Kubecon

Action Items

  • Organize first ESO meetup @ kubecon! (from past meeting)
  • Add ESO to Digital Oceans’ 1-click apps (from past meeting)
  • @gusfcarvalho to troubleshoot #818 and #834
  • @gusfcarvalho to ping user working on Secret Sink
  • focus on the cleanup tasks for conversion webhooks 719.

March 2nd 2022

Attendees

  • Moritz Johner
  • Gustavo Carvalho
  • Daniel Hix

Agenda/Notes

  • Several Community supported providers missing Validate and ValidateStore
  • GetAllSecrets implementation
    • There are a lot of 'feels weird' around implementing GetAllSecrets as discussed in 698
    • Addition of a path to spec?
    • Key collision
  • merge validating webhook #750

Action Items

  • Create issues for Validate implementation.
  • Create issues for ValidateStore implementation.
  • Document specificities of GetAllSecrets per provider.
  • Follow up Key collision - unicode seems a little bit weird.
  • Check if it is possible to remove api definitions from sonar cloud duplication tests.
  • Organize first ESO meetup!
  • Add ESO to Digital Oceans' 1-click apps

Feb 16th 2022

Attendees

  • Moritz Johner
  • Gustavo Carvalho (@gusfcarvalho)
  • DanG

Agenda/Notes

  • GetAllSecrets()
    • coordinate provider implementations
    • limitations: key collision & no version support
  • disable client cache for secrets #729
  • promote aws/azure providers #709
  • TPL Engine v2 #701
  • azure kv provider refactoring #703
  • Discuss Deletion Policy implementation
  • Review design docs for v1beta1
  • ClusterSecretStores with no events or status(?)

Action Items

  • Add PR to include Deletion Policy on the crd-v1beta1. @gusfcarvalho
  • review #701 @knelasevero
  • review #701 @knelasevero

Feb 4th, 2022 v2 Hack Session

Attendees

  • Moritz Johner
  • Gustavo Carvalho @gusfcarvalho

Topics

recording is available @knelasevero

SecretStore Controller
  • we want a validation webhook for the SecretStore resource to do static validation
  • we should add a interface method ("validate") to check if the store configuration can be considered "valid" - will be done in the #466
Breaking Changes
  • figure out how versions are managed/stored in etcd and how they're converted
  • we want to draft a "final" version for the CRD before we actually implement the features themselves - that gives us the flexibility to continuously do releases and not block a release until everything is implemented.
v1beta1 ExternalSecret Scope
v1beta1 SecretStore

-> not going to tackle that right now

  • We first need to figure out how to implement the decodeStrategy thing, because it touches a lot of points in the codebase.
  • path standardization doesn't really justify a whole new version
Deprecation Policy
  • we basically want to treat our alpha as beta: provide a upgrade path
  • we want to promote to beta1 asap when the CRD and scope is defined
  • want to get to GA in 9 months (2nd birthday: 23th November)
  • deprecate alpha1 when we release GA
  • wait a couple more release then deprecate beta1 aswell
Organisational Stuff
  • we want to keep track of relevant features for v1beta1 in the GitHub Project

Feb 2nd, 2022

Attendees

  • Moritz Johner @moolen
  • Lucas Severo @knelasevero

Agenda/Notes

  • prep release 0.4 (release outlook)
  • we're having a planning meeting on friday to discuss mid/long term goals of the project
  • setup multi-version support before merging breaking-changes (#664, #638, #515)
    • discuss the approach and goals on friday
  • we got some stale contributor PRs, we try to take them over if needed

Action Items

  • @moolen ask @ADustyOldMuffin and @gusfcarvalho for sync regarding PR #542 to discuss details
  • @moolen add docs for community-operators-prod; also consolidate docs RELEASE.md / external-secrets.io and helm-op docs
  • @gustavo/@knelasevero ping or take over some of the PRs that could be quick to fix
  • @moolen takes over Reporter PR

Jan 19th, 2022

Attendees

  • Moritz Johner @moolen
  • Gustavo Carvalho @gusfcarvalho
  • Lucas Severo @knelasevero

Agenda/Notes

  • (moolen) e2e@aws: need account for CI
  • (moolen) planning session for the next ~12 months?
  • celebrate donation by $anon!
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
  • Breaking changes
    • Azure key vault getAll() (dataFrom)
    • templating changes to avoid problems with []byte
    • Standardization of HashiVault provider

Action Items:

Dec 8th, 2021

Attendees

  • Moritz Johner @moolen
  • Ope

Agenda/Notes

  • OLM is work in progress, thanks to @slopezz
  • going forward with decodeStrategy proposal:
    • (1) implementing it on the provider level in a generic, reusable way (#515)
    • (2) adding it to the external secret which may take precedence over provider flag
  • TODO: add community meeting schedule + call to docs/repo
    • switch to a alternating timezone schedule
    • make a poll (@slack) and ask for timezone preferences

Nov 24th, 2021

Attendees

  • Moritz Johner @moolen
  • Lucas Severo @knelasevero

Agenda/Notes

  • AWS Provider graduation?
    • e2e pod identity automation + other tests #469
  • CRD graduation? Whats still missing: azure / get-all secrets #498
    • we do not want to graduate right now, we first want to take a look at #498
  • @moolen wants to take care of the operatorhub topic #244 #493
  • @moolen takes over PR kes2eso #1
  • Coverage
    • @knelasevero taking over if Serdar does not have time

Nov 10th, 2021

Attendees

  • Sevi Karaköse (sevikarakose)
  • Moritz Johner (moolen)

Agenda/Notes

Oct 27th, 2021

Attendees

  • Gustavo Carvalho (gusfcarvalho)
  • Lucas Severo (knelasevero)
  • Moritz Johner (moolen)

Agenda

  • Migration script updates
    • Almost done!!!
    • need to test with edge cases and have more eyes on the PR (moolen knelasevero)
  • Code coverage issues
    • Need to check with Serdar the status here and push this forward (knelasevero)
    • We need to remember to set threashold tolerance to minor cov decrease (Serdar or we take over)
  • E2E for cloud specific tests
    • We need to have a new dir with IaC, a new workflow gh-actions file, and configure spawn and destroy of infra for specific cloud e2e
    • Set monitoring of costs and add infracost to terraform analysis (Open issue with these details)
  • e2e tests documentation needs to be improved (lucas)
  • e2e tests issue when not setting all provider creds (moolen)
  • Donations
    • Pay gh premium (knelasevero)
  • csi-secrets-store
    • Add details to issue (knelasevero)
  • SecretSinks
    • Add details to issue (knelasevero)
  • Secret generation
    • Tell people to use crossplane. (knelasevero)
    • Add docs to our site about using crossplane together with ESO (knelasevero)
  • Continue using Paul, Prow is to dificult to maintain, and to add dedicated infra would be hard as well
  • OperatorHub should be prioritized a bit more because of requests
    • Check with Sevi and Onsel the status (knelasevero)
    • Moritz wants to take over if they are too busy (moolen)

Notes

Oct 13th, 2021

Attendees

  • Gustavo Carvalho (gusfcarvalho)
  • Sevi Karaköse (sevikarakose)
  • Sebastián Gómez - (sebagomez)
  • Oladipupo Ajayi - (DeeAjayi)
  • Opeyemi - (Eebru-gzy)

Agenda/Notes

  • Release 0.3.6 with security patches is on
  • KES-ESO migration script
    • almost ready for AWS / GCP
  • Önsel and Sevi will be pairing on the Community Operators work
  • Serdar and Lucas got sonarCloud configuration set (local check investigation didn't move forward)

Sept 29, 2021

Attendees

  • Lucas Severo (knelasevero)
  • Gustavo Carvalho (gusfcarvalho)

Agenda/Notes

Sept 1, 2021

Attendees

  • Lucas Severo (knelasevero)
  • Moritz Johner (moolen)
  • Kian Kordtomeikel (KianTigger)

Agenda/Notes

  • Migration script to go from KES to ESO
  • Plan what to do with donations
    • Gsuite?
      • look for other providers, jitsi
    • GH premium?
      • Trial (lucas)
      • investigate how premium seats work (lucas)
  • CSI project integration
    • Check with Kellin, see if he can join next community meeting (lucas)
  • SonarCube has coverage capabilities, maybe remove codecov? (check with Serdar about coverage)
    • Check how Sonar deals with coverage, ask Serdar about it (lucas)
  • External Sinc #347
    • Secret Generation #249
    • Create an evaluation of how this would affect the project technically and organizationally [consider separating project, having more than one binary from same project, or other options] (moolen)
  • Deleted secret isn't recreated until refresh #344 #353
    • comment on the issue that is fine to add another field in status, hashed (moolen)
  • e2e test infra
    • Ask companies what they are whiling to host and then decide how tom manage real infra for specific e2e tests (lucas)

Aug 18, 2021

Attendees

  • Lucas Severo (knelasevero)
  • Kian Kordtomeikel (KianTigger)
  • Elsa Chelala (ElsaChelala)

Agenda/Notes

  • Migration script to go from KES to ESO
  • Plan what to do with donations
  • CSI project integration

Aug 8, 2021

Attendees

  • Moritz Johner (moolen)
  • Sevi Karaköse (sevikarakose)
  • Joey Brayshaw (Jabray5)

Agenda/Notes

  • celebrate donation ($20 / Andrew Tsai <3)
  • syncing metadata: opened #305 to keep track of it
  • vault e2e incoming: draft #304
  • $cloud provider accounts sponsored by inovex
    • provide architecture draft + access matrix (@moolen)
      • need input: what do we have, who owns which account? (need to approach lucas for that)
    • once approved: setup infra
  • compute infra (openstack) sponsored by inovex
    • maybe for dedicated github actions runner
  • refresh interval issue: https://github.com/external-secrets/external-secrets/pull/303
  • (joey) making progress on the gitlab project variables provider

Jul 21, 2021

Attendees

  • Joey Brayshaw (Jabray5 )
  • Kian Kordtomeikel (KianTigger)
  • Moritz Johner (moolen)
  • Ricardo Torres (ricardoptcosta)
  • Rodrigo Rios (rodrigorras)

Agenda/Notes

  • Lucas and Moritz created an account in open collective and deposited some test funds. Someone already donated 100USD;

  • AWS/EKS integration tests

    • still need approval from Moritz's company to implement it

  • e2e TODOs #205-#209

    • currently mostly succesful paths are tested
    • we should make clear issues that are missing in tests, and add them to acceptance criteria
    • @Moritz will pursue this

  • Moritz proposed a new release due to the recent merge regarding service account authenttication with AWS (#251) - @Moritz will do the release

  • Kian and Joey are working on adding Oracle Cloud

  • kes#798 there was a issue opened on kubernetes/external-secrets asking for yandex. we will talk to the person who requested it to open in the main project. @Rodrigo will pursue this issue

  • We celebrated Joey's first pull request 🎉

Jul 7, 2021

Attendees

  • Elsa Chelala (ElsaChelala)
  • Moritz Johner (moolen)
  • Lucas Severo (knelasevero)
  • Ricardo Torres (ricardoptcosta)

Agenda/Notes

Jun 23, 2021

Attendees

  • Moritz Johner (moolen)

Agenda/Notes

  • Secret generation (discussion 195)
  • Resource Version Status #189
  • Azure KeyVault enhancements #215

Jun 9, 2021

Attendees

  • Moritz Johner (moolen)
  • Lucas Severo (knelasevero)
  • Ricardo Torres (ricardoptcosta)

Agenda/Notes

  • Azure KV merged
    • hardcoded key extraction (see here) issue: #187
    • documentation (also GCP)
  • #169: bug when provider is slow
  • decide what is part of the deprecation policy (@moolen: open issue)
    • also draft the documentation
  • exclude controller tests in the unit test phase (because of old k8s components that kubebuilder provides)
    • add them when we have the kind cluster (with newer k8s versions) ready
  • remember to have a look over codecov

May 26, 2021

Attendees

  • Lucas Severo (knelasevero)
  • Gabrielle Beyer (gabibeyer)
  • Ricardo Torres (ricardoptcosta)

Agenda/Notes

  • Codecov 168
    • We should have something
    • Discuss other options on the issue
  • Scope access per namespace 163 and 134
    • Need to discuss further
  • Immutable secrets 156
    • Shouldnt be hard. We probably can add this as an option
  • Support to trigger refresh instead of pull 129
    • Get in touch and see if he wants to implement it
  • Have a look over 0.2 milestone, remove/add stuff
    • just release with gcpsm and azure providers
  • e2e tests
    • maybe mobbing on this one
  • We got asked on slack about stability and chance of things changing https://kubernetes.io/docs/reference/using-api/deprecation-policy/
    • Need to discuss further
  • Support level
    • Start by adding support notices to our readme (and maybe to a pinned discussion post on the gh discussion forum)
  • Invite other maintainers to mob programming

May 12, 2021

Attendees

  • Kellin McAvoy (mcavoyk)
  • Moritz Johner (moolen)
  • Lucas Severo Alves (knelasevero)
  • Gabi Beyer (gabibeyer)
  • Jonatas Baldin (jonatasbaldin)

Agenda/Notes

April 28, 2021

Attendees

  • Kellin McAvoy (mcavoyk)
  • Moritz Johner (moolen)
  • Riccardo Cefala (riccardomc)

Agenda/Notes

  • Helm Chart needs to be done before release
  • vault Docs still missing
  • e2e tests, initial iteration done with localstack and local vault, but followup issue needed
  • CS infra, we need to add maintainers into the accounts

Action Items:

  • helm chart release workflow @moolen
  • vault docs
  • merging e2e [done]

April 14, 2021

Attendees

  • Kellin McAvoy (mcavoyk)
  • Moritz Johner (moolen)
  • Jonatas Baldin (jonatasbaldin)
  • Riccardo Cefala (riccardomc)

Agenda/Notes

March 31, 2021

Attendees

  • Kellin McAvoy (mcavoyk)
  • Lucas Severo Alves (knelasevero)
  • Aziz (1aziz)

Agenda/Notes

  • CLA (#96)
  • CRD Spec repo (#97)
  • Add E2E testing (31)
  • Create Helm chart repo
    • Something like charts.external-secrets.io (#105)
  • Clean up milestone/Project board

March 17, 2021

Attendees

  • just me, Moritz Johner (moolen)

Agenda/Notes

  • aws refactoring(#57)
  • split interface: Provider/SecretsClient (#55)
  • PTAL: AWS Parameter Store (#59)
  • PTAL: Vault Provider (#47)
  • refresh interval (#48)
  • Security Policy (#60)
  • Code of Conduct (#46)
  • docs are hosted using cname (#56)
  • paul bot configuration (#49)
  • cleanup lint stage (#54)

PRs to discuss or need attention

Action Items

  • TBD

March 3, 2021

(https://everytimezone.com/s/8dbf346e)

Attendees

  • Lucas Severo Alves (knelasevero)
  • Kellin McAvoy (mcavoyk)
  • Moritz Johner (moolen)
  • Chaitanya Kandagatla (ckandag)

Agenda/Notes

PRs to discuss or need attention

  • [Please add any PRs that need attention, with your name, below]

Action Items

  • Look into kubernetes-sigs/external-dns ownership as a reference for this project (@mcavoyk)
  • Setup Paul in the project (@knelasevero)
  • Apex domain config (@knelasevero)
  • Enable Discussions on github repo (@knelasevero)
  • Setup CLA assistant (reachout to sigs-network to decide if it is necessary) ?

February 17, 2021

(https://everytimezone.com/s/712e40fe)

Attendees

  • Lucas Severo Alves
  • Kellin McAvoy
  • Moritz Johner
  • Riccardo Cefala

Agenda/Notes

PRs to discuss or need attention

  • [Please add any PRs that need attention, with your name, below]

Action Items

  • Look into CLA - Lucas and Kellin
  • Get in touch with contacts at Azure, Google and AWS regarding credits for integration tests - Riccardo
  • Merge a draft for the doc first pass, and we will iterate further - Moritz
  • Look into using https://doc.crds.dev/ , if we have a problem Kellin will contact Dan to have a look
  • Look into having a Code of Conduct, both for contributions and meetings - Lucas
  • Add a script to the start of the meeting document to always mention the COC and remember to record

February 03, 2021

Attendees

  • Lucas Severo Alves
  • Kellin McAvoy
  • Moritz Johner

Agenda/Notes

PRs to discuss or need attention

  • [Please add any PRs that need attention, with your name, below]

Action Items

September 12, 2020

What happened?

  • We merged the Provider interface PR (thanks Moritz!)
  • Jonatas working on the Control Loop
  • Lucas working on the CI/CD

Action items

  • Finish the Control Loop (@jonatasbaldin) – blocker for the Provider implementation
  • Still need to work on the Issues templates on GitHub
  • Mircea will pickup an issue on GitHub to work on
Select a repo