owned this note
owned this note
Published
Linked with GitHub
# External Secrets Community Meeting
### Schedule
Meetings are on Jitsi Meet every other Wednesday 20:00 PM Berlin Time to 20:45 PM Berlin Time. (ask for an invite to be sure to have it on your calendar)
Next Meeting link: https://meet.jit.si/eso-community-meeting
<!-- previous meet link from Moritz: https://meet.google.com/uis-rfiz-rsa -->
<!-- previous meet link from lucas: meet.google.com/iek-etsm-jkk -->
Steps before starting the meeting:
- Start Recording
- Welcome everyone ;)
- (Optional) Intros from new joiners
- Mention COC
In meeting:
- Go over action items from last meeting
- Go over points
- Go over previous meetings action items
- Go quickly over some open PR
* Backlog Items:
* - is there an easy to read changelog, blog etc to see what is new in each version ? For example, going from 0.8.x to 0.9.x ([slack](https://kubernetes.slack.com/archives/C017BF84G2Y/p1699989700793419)) [@Mark]
*
*
## Dec 18th
### Community Meeting
#### Host
- Gustavo
#### Agenda
- stateful generators ([#4203](https://github.com/external-secrets/external-secrets/pull/4203))
- deprecate namespace name selector from ClusterExternalSecret? (ref: [#4162](https://github.com/external-secrets/external-secrets/pull/4162))
- Deprecate/Remove
- helm olm operator - what is the present case from customer perspective?
- Tag Security for Incubating (:party_hat:)
- waiting for ESO presentation to be booked
### Action Items
## Dec 4th
### Community Meeting
#### Host
- Gustavo
#### Agenda
- Deprecate OLM Release https://github.com/external-secrets/external-secrets/pull/4175
- Approved with 2 votes out of 2.
### Action Items
- @gusfcarvalho to notify people, open PRs, and change Release notes warning of the deprecation.
## Sept 25th
### Community Meeting
#### Host
#### Agenda
- Discussions with CNCF
- Moving docs to netlify
- hugo + docsy
- Mentorship program
- google GSOC support
- Workshop (service desk?)
- google season of docs
## Aug 28st
### Community Meeting
#### Host
- Lucas (@knela)
#### Attendees
- Gustavo (@gusfcarvalho)
- Gergely (@skarlso)
#### Agenda/Notes
- scarf (https://app.scarf.sh/) discussion
- Bounty to attract contributors
- Maintainer scholarship idea
- How do we feel about External Secrets Inc (www.externalsecrets.com) being a sponsor
- Provider Versioning
- We Need Maintainers (https://kubernetes.slack.com/archives/C047LA9MUPJ/p1724843557332789)
- Ditch Community Meetings at 20:00 CEST (always make them 13:00 CEST)
#### Action items
- First try to contact CNCF for google analytics access & using scarf.sh (@knelasevero)
- Explore these with the current value on the collective:
- Make Most Vodted by community issues - Attract/Reward contributions for it. (@gusfcarvalho)
- First draft of Proposal - Maintainer Scholarship for newly onboarded maintainers (@gusfcarvalho)
- Remove Sebagomez, Shuhei from the maintainers group (@knelasevero).
- Create a Reviewers group (@knelasevero).
## July 31st
### Community Meeting
#### Host
- Lucas
#### Attendees
- Gustavo
- Gergely
- Lucas
#### Agenda/Notes
- Breaking Changes to Webhook Provider
- Next release 0.10.0
- Long inactive members
- Long term support discussion
- Provider Versioning
- Support for custom resources (ConfigMaps) https://github.com/external-secrets/external-secrets/pull/3449
- Review [#3699](https://github.com/external-secrets/external-secrets/pull/3699)
#### Action items
- PR introducing better webhook posture (@gusfcarvalho) DONE
- Add msg to error logs pointing to update secrets (@gusfcarvalho) DONE
- Create issue "Problems with webhook provider on 0.10.x ?" and Pin it (@knelasevero)
- Remove Sebagomez, Shuhei from the maintainers group (@knelasevero).
- Create a Reviewers group (@knelasevero).
- Remove PAUL (@knelasevero) :'(
- Actually review [#3699](https://github.com/external-secrets/external-secrets/pull/3699) (@gusfcarvalho @knelasevero) DONE
## June 19
### Community Meeting
#### Host
- Lucas
#### Attendees
- Moritz
- Gergely
- Iwan
#### Agenda/Notes
- From last meeting: Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515).
- vote on: https://github.com/external-secrets/external-secrets/issues/2699
- did anyone notice problems with pushsecret recreating the secrets?
- https://github.com/external-secrets/external-secrets/pull/3600
#### Action items
- next community meeting discuss above issue
- next community meeting also vote on https://github.com/external-secrets/external-secrets/issues/2699
-
## May 22
### Community Meeting
#### Host
- Lucas
#### Attendees
- Lucas
- Iwan
#### Agenda/Notes
- Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515).
- Check if provider separation (and future plugin solution) would help here
- Check proposed solution in the issue (both from implementability perspective and if we would be ok with incorporating that into the project)
- Vote on it
#### Action items
- next community meeting discuss above issue
- next community meeting also vote on https://github.com/external-secrets/external-secrets/issues/2699
-
## April 24
### Community Meeting
#### Host
- Gustavo
#### Attendees
- Gustavo
#### Agenda/Notes
- .
#### Action items
- .
## March 13 [canceled ]
### Community Meeting
#### Host
- Lucas
#### Attendees
- Lucas
#### Agenda/Notes
- .
#### Action items
- .
## Jan 18
### Community Meeting
#### Host
- Gustavo (@gusfcarvalho)
#### Attendees
- Moritz
#### Agenda/Notes
- license scan issue / see also https://github.com/cncf/foundation/issues/109 / https://github.com/uw-labs/lichen
- depreciation policy https://github.com/external-secrets/external-secrets/issues/3030
- Deprecation of SecretStore - any updates on this?
- add provider for deprecated store https://github.com/external-secrets/external-secrets/pull/2993
- KCD BR ContribFest issues suggestions? (create the issue on External Generators)
- Good first issues.
- ClusterSecretStore - Concise way to trigger a refresh on a ClusterExternalSecret.
- Bump CRDs to v1 (just it would be cool) - deprecation of v1alpha1, prometheus, ConversionStrategy, template/v1
- Probes (helm chart extras)
- 1.0.0 (stable)
- Deprecation Policy
- Provider CRD be in.
- Project Yearly Review
- We want to do it with most maintainers on it.
- CNCF Incubation.
- Start the process? Talk to ToC members first as they need to champion us regardless.
#### Action items
- Find ToC members and talk to them
- create a new issue to discuss which tool to use over FOSSA
- Document implementation of Providers to allow for both SEcretStore or SecretStore.spec.provider deprecation. Ask for maintainers votes. [@gusfcarvalho]
- reach out to brendan about Paul [@knelasevero]
## Jan 3
### Community Meeting
#### Host
- Lucas
#### Attendees
- Lucas
- Moritz
#### Agenda/Notes
- codecov [slack thread](https://kubernetes.slack.com/archives/C047LA9MUPJ/p1703659594623499?thread_ts=1703655390.563569&cid=C047LA9MUPJ)
- let's do this, would be great to have it back!
- state of paul?
- fossa :/
- Deprecation of SecretStore
- Release process
#### Action items
- reach out to brendan about Paul [@knelasevero]
- fossa - reach out to cncf [@moolen]
## Dec 20th
### Community Meeting
#### Host
- Moritz
#### Attendees
- Moritz
- Roger
- Alec
#### Agenda/Notes
- briefly touched on [#2503](https://github.com/external-secrets/external-secrets/issues/2503), there's raising interest and alec would like to raise a PR with a design doc
#### Action Items
- check if Paul bot is working @moolen
## Dec 6th
### Community Meeting
#### Host
- Gustavo (@gusfcarvalho)
#### Attendees
- Shlomo Heigh (@szh, Dev @ CyberArk Conjur)
- @moolen
- @vsantos
#### Agenda/Notes
- (if we have quorum) Provider Versioning proposal [#2545](https://github.com/external-secrets/external-secrets/issues/2545)/[#694](https://github.com/external-secrets/external-secrets/issues/694)
- Question about provider [feature support matrix](https://external-secrets.io/main/introduction/stability-support/#provider-feature-support), general discussion about Conjur provider upgrades
#### Action Items
- Start vote async for SecretStore decision.
## Nov 22th
### Community Meeting
#### Host
- Moritz (@moolen)
#### Attendees
- Gergely Brautigam (@skarlso)
- Gustavo (@gusfcarvalho)
- Roger Tuma (@rogertuma)
#### Agenda/Notes
- KubeCon update (?)
- Multiple Kubernetes Secret from one External Secret.
- External Secret creating different targets than secret.
- Provider Versioning proposal [#2545](https://github.com/external-secrets/external-secrets/issues/2545)/[#694](https://github.com/external-secrets/external-secrets/issues/694)
- PushSecret generator proposal [#2665](https://github.com/external-secrets/external-secrets/pull/2665)
- Latest commit from me has a failed license error? [commit](https://app.fossa.com/projects/git%2Bgithub.com%2Fexternal-secrets%2Fexternal-secrets/refs/branch/main/3fbe318582266db5eefbbb11ad9ba1c1b3b795b0/preview).
#### Action Items
- versioning proposal: let's see until next community meeting if we're able to produce something tangible and drop it if it takes too much time implementing it
- consider dropping FOSSA and replace it with snyk (@moolen create issue)
-
## Oct 25th
### Community Meeting
#### Host
- Moritz (@moolen)
#### Attendees
- Moritz (@moolen)
- Lucas (@knelasevero)
- Shuhei (@shuheiktgw)
- Leonardo (@leomichalski)
- Lais (@laisramos123)
#### Agenda/Notes
- KubeCon update (?)
- dataFrom[].transform [#2802](https://github.com/external-secrets/external-secrets/pull/2802)
- Azure AKS managed test suite unfinished
- discussed cert-manager integration PR: https://github.com/external-secrets/external-secrets/pull/2736
- rotation for launching releases and for hosting meetings
#### Action Items
- dig CRD fields should be versioned @knela
- open issue for AKS managed test suite @moolen
- start async discussion about rotation for launching releases and for hosting meetings @knela
## Oct 11th
### Community Meeting
#### Host
- Lucas (@knelasevero)
#### Attendees
- Moritz (@moolen)
#### Agenda/Notes
- KubeCon prep
- review PRs
- https://github.com/external-secrets/external-secrets/pull/2760
- https://github.com/external-secrets/external-secrets/pull/2763
- record release process
#### Action Items
- review the kubecon stuff (@knelasevero)
## September 27th
### Community Meeting
#### Host
- Moritz
#### Attendees
- Moritz (@moolen)
#### Agenda/Notes
- KubeCon prep
- review PRs
#### Action Items
-
## September 13th
### Community Meeting
#### Host
- Gustavo
#### Attendees
- Gustavo (@gusfcarvalho)
#### Agenda/Notes
- Brief update on [past PRs](https://github.com/external-secrets/external-secrets/compare/v0.9.4...main)
- PushSecret updatePolicy [PR](https://github.com/external-secrets/external-secrets/pull/2664/files)
- PushSecret generator integration [PR](https://github.com/external-secrets/external-secrets/pull/2665/files)
- Provider Versioning Strategy [PR](https://github.com/external-secrets/external-secrets/pull/2655)
- Github Provider, push only [ISSUE](https://github.com/external-secrets/external-secrets/issues/1727)
- meeting time :)
- json encode/decode bug https://github.com/external-secrets/external-secrets/pull/2681
- consider changing olm release process: [https://github.com/knelasevero/package-olm (similar to cert-manager)
- How do we onboard providers?, or how it is decided to implement them and the impact on the project
#### Action Items
- [ ] @moolen update docs, next meeting Sept 27th.
- [ ] @knelasevero Double check if OLM release process can support configuration
## August 30th
### Community Meeting
#### Host
- Moritz
### Attendees
- Moritz (@moolen)
#### Agenda/Notes
Meeting postponed as no one joined! Next meeting will be September, 13th.
- Brief update on [past PRs](https://github.com/external-secrets/external-secrets/compare/v0.9.4...main)
- PushSecret updatePolicy [PR](https://github.com/external-secrets/external-secrets/pull/2664/files)
- PushSecret generator integration [PR](https://github.com/external-secrets/external-secrets/pull/2665/files)
- json encode/decode bug https://github.com/external-secrets/external-secrets/pull/2681
#### Action Items
## August 2nd
### Community Meeting
#### Host
- Gustavo
#### Attendees
- Gustavo (@gusfcarvalho)
- Moritz (@moolen)
- Seb (@sebagomez)
#### Agenda/Notes
- GA prep
- https://github.com/orgs/external-secrets/projects/2
- Some work could be done at Container Solutions, but resources allocated there would be for learning purposes - those issues are probably not the best for it
- Better to have it then not have it.
- release prep 0.9.2
#### Action Items
- ask in slack regarding meeting time @moolen
- create maintainer onboarding docs @moolen
- Design how Provider Versioning Strategy would 'look like in theory' @gusfcarvalho
- Secret Store v1 design (field changes, we can consider the minimal approach)
- Create issues for design action items and for the missing bits that do not have action items. @gusfcarvalho
- release 0.9.2 - @gusfcarvalho @sebagomez
- review #2410 - @gusfcarvalho
- write a comment on #2288 - we can proceed with it, and if we decide that this is a bad way of moving forward (and prefer dataFrom, we can push forward)
- comm
## July 21st
### General Availability development missing bits
#### Attendees
- Moritz
- Gustavo
- Lucas
- Seb
#### Meeting Notes
Points:
- Deprecation of ConversionPolicy (no issue yet)
- Deprecation of prometheus annotations [#1025](https://github.com/external-secrets/external-secrets/issues/1025)
- Standardize dataFrom.find (no issue yet)
- Standardize MetadataPolicy (no issue yet - should we do it?)
- Removal of v1alpha1 (no issue yet)
- Deprecation of v1beta1 (no issue yet)
- [BIG TASK] Provider versioning Strategy [#694](https://github.com/external-secrets/external-secrets/issues/694)
- Strategy one: have non-validated field with provider configuration, versioning done on code level (with validation needed as well)
- Strategy two: Separate providers into new CRDs, reference CRDs on the SecretStore
- Maybe deprecate the SecretStore and just leverage SourceRef on the External Secrets?
- Make v1beta2 with new SecretStore
- CRDs for providers would be v1beta1
- [BIG TASK] Standardize SecretStore Providers [#689](https://github.com/external-secrets/external-secrets/issues/689) [we need design here - action item]
- Close to Provider versioning
- Conversion Webhook logic for upgrade path (v1beta1 -> v1)
- how serviceAccounts and secrets are used
- common fields like 'path' and 'server'?
- common fields mean found more than 5 times across a file, or 10 times across the project.
- root level provider structure should follow:
- auth
- server (find a better name - maybe target)
- url
- cabundle, caprovider
- endpoint
-
- After discussing, Standadization of fields seems way easier if we figure out provider versioning with CRDs.
#### Action Items
- Check resources for ESO GA last mile with Container Solutions @gusfcarvalho
- Check if @shuhei can help out with the Big Tasks that are important, but don't really add much value.
- Design how Provider Versioning Strategy would 'look like in theory'
- Secret Store v1 design (field changes, we can consider the minimal approach)
- Create issues for design action items and for the missing bits that do not have action items.
## July 5th
#### Host
- Lucas (@knelasevero)
#### Attendees
- Moritz (@moolen)
#### Agenda/Notes
- [gustavo] Community meeting time
- taking turns on times that work for americas and Asia
- [Fram Souza] Multiple Secret Generation with ExternalSecrets (see https://kubernetes.slack.com/archives/C017BF84G2Y/p1688483983064609)
- Other maintainers
- new providers on the horizon
- what needs to be done for GA?
- configmap sync
Action items:
- ask in slack regarding meeting time @moolen
- create maintainer onboarding docs @moolen
- document accounts we have etc.
- open thread in slack regarding "when do we stop onboarding new providers?" @moolen
- make a doodle for a meeting where we brainstorm on what needs to be done before GA (not mapped on the milestone, docs and all) @knelasevero
## June 21st
#### Host
- Gustavo (@gusfcarvalho)
#### Attendees
- Gustavo
- Moritz
#### Agenda/Notes
- plugin system / provider separation [#696](https://github.com/external-secrets/external-secrets/issues/696)
- Instead of plugins, go for build flags?
- We generate only the "full" image, and allow users to build images without the providers they don't need
- It is not a way to not have plugins, but to allow moving the project to GA without the plugin system in place (as a lot of refactor would be needed, etc.)
- Moritz ran some PoC on plugin system, and even though it is working, it would take some time to take it from alpha onto release to users.
- Plugin system could be a good idea for v2, as we could break existing users in the process of releasing it.
- for V1 - suggestion by both Moritz and Gustavo to go without plugins.
- release 0.9.0 (past community meeting action item) - Moritz is reviewing fixes and documentation PRs to be able to release 0.9.0
- Open PRs that need to be reviewed
#### Action Items
- Add Seb to manage youtube channel (@gusfcarvalho)
- Add poll to see other maintainers opinions on the issue (@gusfcarvalho)
- Review open PRs as the list is getting big!
## June 7th
#### Host
- Seb
#### Attendees
- Seb
- Moritz
- Gustavo
- Nima
- Ludovic
- Yuri
#### Agenda/Notes
- 0.8.x or 0.9 release (requested via [slack thread](https://kubernetes.slack.com/archives/C047LA9MUPJ/p1685729999663339))?
- ESO Threat Model [#2308](https://github.com/external-secrets/external-secrets/pull/2308)
- e2e tests enhancements [#2376](https://github.com/external-secrets/external-secrets/pull/2376)
- eso threat model [#2308](https://github.com/external-secrets/external-secrets/pull/2308)
- update on plugin system / provider separation [#696](https://github.com/external-secrets/external-secrets/issues/696)
Action items:
- @moolen + @seb to do the release
-
## May 24th
#### Host
- Moritz
#### Attendees
- Moritz
#### Agenda/Notes
Meeting postponed as no one joined! Next meeting will be June, 7th.
- 0.8.3 release / fix OpenShift [#2342](https://github.com/external-secrets/external-secrets/issues/2342) & [#34](https://github.com/external-secrets/external-secrets-helm-operator/pull/34)
- ESO Threat Model [#2308](https://github.com/external-secrets/external-secrets/pull/2308)
## May 10th
#### Host
- Lucas
#### Attendees
- Gustavo (@gusfcarvalho)
- Seb (@sebagomez)
- Scott Andrews (@scothis)
- Andy Sadler (@sadlerap)
- Mo Khan (@enj)
- Anish Ramasekar (@aramase)
#### Agenda/Notes
- Secret Store CSI joint discussion - SSCSI secret sync controller presentation ([issue #336](https://github.com/external-secrets/external-secrets/issues/336)) - https://kubernetes.slack.com/archives/C013PUP2WRK/p1682354854859329
- SSCSID presented their project
- Gustavo asked if we could consider ESO the controller they would use to sync secrets
- We need to make sure APIs adhere to sig-auth standards
- We need to make sure ESO users and also SSCSID users are not disrupted with breaking changes
- ESO to show up a quick intro and a proposition on Secret Store CSI on SSCSI community meeting
- ServiceBinding support [PR #2263](https://github.com/external-secrets/external-secrets/pull/2263)
- Discution around the open PR and the changes
- Gustavo worried about the 'type' field of the Kind Secret in the example
- That field is not used, it is just an example and recommendation of documentation
- Other chore stuff from the PR to address
- metrics via otl initial work - also discuss plugin next plans
- https://github.com/external-secrets/external-secrets/pull/2291
- Concern with the future of plugin structure
- Decided to just go forward with this change and adapt when we decide on a approach
- security best practices
- https://github.com/external-secrets/external-secrets/pull/2290/files#diff-02ba52c48ce1559953c6eb5bc954ddbf63caffed6f49a945804b17ad256deb8f PR is fine but merging it might mean releasing 0.8.2
- LTS https://github.com/external-secrets/external-secrets/pull/2155
- Seb to review
- Failing dependency checks on [PR #2208](https://github.com/external-secrets/external-secrets/pull/2208)
- Gustavo will help with the FOSSA check and the check-diff check
## April 26th
#### Host
- Gustavo (@gusfcarvalho)
#### Attendees
- Lucas Severo (@knelasevero)
- sebagomez
- moolen
- Gaurav Dasson
#### Agenda/Notes
- General Plans:
- Docs improvement [#2242](https://github.com/external-secrets/external-secrets/issues/2242) - @seb will work on it
- Security Best Practices (@moolen to write up issue)
- Plugin capability [#696](https://github.com/external-secrets/external-secrets/issues/696)
- CSI Secret Store interoperability [#336](https://github.com/external-secrets/external-secrets/issues/336)
- Go to their comm meeting - Help preparing a presentation and would be good to have 2 of us there at least - @gusfcarvalho
- Host them at our next comm meeting and discuss their project and ideas
- Cloud Events integration - need still better understand what we want to do here. Be just a source or a sink?
- LTS Release Process [#2155](https://github.com/external-secrets/external-secrets/pull/2155)
- Discuss PR [#2208](https://github.com/external-secrets/external-secrets/pull/2208) @gaurav presented the logic. @gusfcarvalho to take a look
- e2e tests in this PR?
- 0.8.2 release?
- LTS Release Process or Gitlab bugfix, whichever comes first.
- ESO GA:
- What is missing?
- LTS Release Process
- https://github.com/orgs/external-secrets/projects/2/views/1 captures the things we need to do for GA.
- update the docs for Metadata Policy = Fetch
- ESO CNCF Incubating
- We have some relevant projects now that could sponsor us: https://github.com/external-secrets/external-secrets/pull/2262
- Should we take the process? Orlin is happy to help with it.
- We would be more comfortable after a GA release, or if we had more maintainers/ or having a company officialy sponsoring it.
- CNCF Project Update - Annie sent an email
- Yuri Sa wants to contribute remaining missing features and help with open telemetry topics
- Create an issue to implement open telemetry client
-
## April 12th
#### Host
- Lucas
#### Attendees
- Gustavo (@gusfcarvalho)
- Moritz
- Seb
#### Agenda/Notes
- kubecon prep
- [KubeCon schedule sheet](https://docs.google.com/spreadsheets/d/1P0pxIEBo-WYDmaG2el2jwlSZvnarKv4z7DEdTQCx9zc/edit#gid=0) review
- slides? anything else?
- CN rejekts Talk rehersal (won't be recorded)
- https://docs.google.com/presentation/d/1NDXHIi_TEfoh_iEYsZtAUitQCkd-uchwX3bH_RKuvKk/edit#slide=id.p
-
#### Action Items:
- add eso-examples repo - Fetch a single secret with GCP/AWS
- Find and Extract with Vault
- Generators
- PushSecrets
- Templates
- All of them must run on a workload/federation authentication
- Add ESO slides
- Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
- Take PR #1451 contributions into a new PR @gusfcarvalho
- Take PR #1389 contributions and push it over the line if dacamposol cannot make it.
#### Agenda/Notes
## March 29th
#### Host
- Moritz (@moolen)
#### Attendees
- Moritz (@moolen)
- Lucas
#### Agenda/Notes
- LTS Release Process
- [KubeCon schedule sheet](https://docs.google.com/spreadsheets/d/1P0pxIEBo-WYDmaG2el2jwlSZvnarKv4z7DEdTQCx9zc/edit#gid=0)
Action Items:
- Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
- Take PR #1451 contributions into a new PR @gusfcarvalho
- Take PR #1389 contributions and push it over the line if dacamposol cannot make it.
## March 15th
#### Host
- Gustavo (@gusfcarvalho)
#### Attendees
- Moritz (@moolen)
- Sebastian @sebagomez
#### Agenda/Notes
- 0.8.0 release
- https://github.com/external-secrets/external-secrets/issues/2125
- GA release double check
- Look at issues in https://github.com/orgs/external-secrets/projects/2/views/1
- Any other issue we should include to this board?
- Template issues are covered in [#2115](https://github.com/external-secrets/external-secrets/pull/2115)
- Metadata Policy being hugely implemented (shout out to @sebagomez)
- Kubecon Preparations
- Talks
- CRDs talk for CN Rejekts
- Test audience with community <3
- Kubecon talk <3
- Booth
- prep slidedeck
- prep material (examples, use cases, etc) - better if in a live cluster?
- schedule timeslots
- .
- Promote @sebagomez to a maintainer (if he wants to ;))
- Go over open PRs
- Event Driven (async) reconciliation (if we have audience)
Action Items:
- ✓change meeting time in README and docs
- Prepare rotation schedule sheet and share between people. @gusfcarvalho
- Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
- double check if Metadata Policy=Fetch behavior over providers is standardized.
- Take PR #1451 contributions into a new PR @gusfcarvalho
- Take PR #1389 contributions and push it over the line if dacamposol cannot make it.
## March 1st (Canceled since we did not have quorum)
#### Host
- Lucas (@knelasevero)
#### Attendees
- .
#### Agenda/Notes
- Release should be launched soon
- Kubecon preparations
- Talks
- Booth
- .
## Feb 15 (cancelled)
- .
## February 1st
#### Host
- Gustavo Carvalho (@gusfcarvalho)
#### Attendees
- Ben Gurney
- Moritz Johner
#### Agenda/Notes
- PR [#1389](https://github.com/external-secrets/external-secrets/pull/1389) - help/ strategy to move forward.
- Missing features for GA!
- Template Merge/Persistence issues (e.g. [#1429](https://github.com/external-secrets/external-secrets/pull/1429))
- Metadata Policy
- Go over open PRs
- Event Driven (async) reconciliation (if we have audience)
- Incorporate Reloader to reload deployments (if we have audience)
#### Action Itens
- PR #1953 - Build API spec documentation from CRDs - avoids the need to include so many examples in the API spec.
- Take over #1451 if the contributor wnats the help
- PR #1405 - contributor does not want to continue. Ping other involved if they want to, if not close it.
- If Event Driven reconcile is moving forward, it will be driven by its own CRD (so we can release GA independently)
- Marketing google docs - review it to prepare our GA release.
## January 18th
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
#### Host
- Moritz Johner (@moolen)
#### Agenda/Notes
- Event Driven (async) reconciliation
- Incorporate Reloader to reload deployments
- :tada: new financial contributor: `inetshell`
#### Attendees
-
## January 4th
#### Attendees
- Moritz Johner (@moolen)
- Gustavo Carvalho (@gusfcarvalho)
#### Host
- Lucas Alves (@knelasevero)
#### Agenda/Notes
- New community meeting time announcement
- Write up Host rotation policy
- Write up PR review rotation policy
- Release 0.7.1
- ~~[Templates From String](https://github.com/external-secrets/external-secrets/pull/1748)~~
- :tada: doppler bronze sponsor & contribution from Colin Wilson ([check out his blog post on ESO](https://colinwilson.uk/2022/08/22/secrets-management-with-external-secrets-argo-cd-and-gitops/))
- FOSSA report & MPL license [#1820](https://github.com/external-secrets/external-secrets/issues/1820)
- go over [Open PRs](https://github.com/external-secrets/external-secrets/pulls), consider merging before release
- also: ESO/OLM: [open PR to add permissions for service monitor](https://github.com/external-secrets/external-secrets-helm-operator/pull/23#issuecomment-1370338727)
- Vault PushSecret not really compliant - need to review it
- issue: https://github.com/external-secrets/external-secrets/issues/1840
- Missing features for GA! (DeletionPolicy, referent Auth, Metadata Policy, PushSecret)
- Hashicorp meeting
- Template Orphaned keys - need to take that up (issue[#1721](https://github.com/external-secrets/external-secrets/issues/1721))
- kubecon
#### Action Itens
- Next community meeting (trial): at 15:30 PM - Add it to README.md @moolen
- Round robin for Host Rotation - 1st Lucas -> 2nd Moritz -> 3rd Gustavo (reminder on slack) @knelasevero
- Add issues for GA milestone and tag with "help wanted"
- from 0.8.0 forward, Alibaba provider is deprecated (no longer supported by Alicloud)
- ask for a cncf booth (@knelasevero)
## November 21st December
* Meeting postponed as no one joined!
* Next meeting will be January 4th
#### Attendees
- Moritz Johner (@moolen)
#### Agenda/Notes
- New community meeting time announcement
- Write up Host rotation policy
- Write up PR review rotation policy
- Release 0.7.0
- [Templates From String](https://github.com/external-secrets/external-secrets/pull/1748)
- :tada: doppler bronze sponsor
- FOSSA report & MPL license [#1820](https://github.com/external-secrets/external-secrets/issues/1820)
- alibaba RRSA support [#1725](https://github.com/external-secrets/external-secrets/pull/1752)
- keeper provider [#1768](https://github.com/external-secrets/external-secrets/pull/1768)
- generic cache implementation / pkg-level feature flags [#1640](https://github.com/external-secrets/external-secrets/pull/1640)
- :christmas_tree: happy holidays
#### Action Itens
## November 7th December
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Meeting postponed as no one joined!
#### Agenda/Notes
- New community meeting time announcement
- Write up Host rotation policy
- Write up PR review rotation policy
- Release 0.7.0
- [Templates From String](https://github.com/external-secrets/external-secrets/pull/1748)
#### Action Itens
## November 23rd
#### Attendees
- Gustavo Carvalho - @gusfcarvalho
- Moritz Johner - @moolen
#### Agenda/Notes
- Change Community Meeting time
- Add clear hosting rotation
- Add PR review rotation and commitment to the Governance
- Promote IBM Cloud Secrets Manager to internally maintained
- PR Reviews:
- https://github.com/external-secrets/external-secrets/pull/1640 generic cache refactoring + feauture flag
- https://github.com/external-secrets/external-secrets/pull/1315 looking for someone to help with the refactoring to implement clientmanager libraries.
- https://github.com/external-secrets/external-secrets/issues/1733
- https://github.com/external-secrets/external-secrets/pull/1732 - being reviewed
#### Action items
- @gusfcarvalho Post a poll in #external-secrets-dev for Meeting Time, Hosting Rotation and PR review rotation
- @gusfcarvalho Post a poll to promote IBM Cloud Secrest Manager
## November 9th
#### Attendees
- No maintainer attendees
#### Agenda/Notes
- Promote IBM Cloud Secrets Manager to internally maintained
## October 26th
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Moritz Johner @moolen
#### Agenda/Notes
- celebrate [GOVERNANCE.md](https://github.com/external-secrets/external-secrets/blob/main/GOVERNANCE.md)
- consider making a patch release due to security vulnerabilities
- Should we push approved PRs already?
- What about Feature/ Generator?
- Vault path fix [#1636](https://github.com/external-secrets/external-secrets/pull/1636)
- Feature/ Generator [#1539](https://github.com/external-secrets/external-secrets/pull/1539)
- Drop inline Ref (probably safer) and certificates use case with it :(
- CloMonitor PR [#1656](https://github.com/external-secrets/external-secrets/pull/1656)
- Removing Codesee due to security risks
- generic cache [#1640](https://github.com/external-secrets/external-secrets/pull/1640)
-
- Push Secret [#1315](https://github.com/external-secrets/external-secrets/pull/1315)
- Waiting Generator PR to get in - use client manager and update docs
- We should register for small booth @ kubecon EU 2023
#### Action items
- release 0.6.1 with #1636(https://github.com/external-secrets/external-secrets/pull/1636)
- review #1640 @gusfcarvalho
## October 11th
#### Attendees
- Meeting postponed due to agenda conflicts! :(
#### Agenda/Notes
- PushSecret status update
- Possible Deletion logic walk through
- Generator first remarks
- @knela_severo to check how to register for small booth.
- @gusfcarvalho to take bumps
## September 28th
#### Attendees
- Moritz Johner @moolen
- Gustavo Carvalho @gusfcarvalho
- Lucas Severo @knelasevero
#### Agenda/Notes
- CNCF status update
- Governance Document
- https://docs.google.com/document/d/1NP7_gG-9SeJ8vcSgJzVZAdiJUuWHCkwP16j29kuDVlo/edit#heading=h.yhtbyzmsytx
- generator status update [#1539](https://github.com/external-secrets/external-secrets/pull/1539)
- waiting for reviews
- coordinate with push-secrets changes (docs?)
- This PR first, PushSecret to merge and fix docs conflicts
- migration towards own AWS account
- vault cache [#1537](https://github.com/external-secrets/external-secrets/pull/1537)
- multi-image builds + image signing/SBOM/provenance [#1574](https://github.com/external-secrets/external-secrets/pull/1574)
- PushSecret status update
- PR([#1315](https://github.com/external-secrets/external-secrets/pull/1315)) updated with requested changes
- PushSecret controller tests using envtest
- GCP tests using table driven approach
- labelSelector to PushSecretStoreRef added (as opposed to replace it)
- AWS SecretsManager/ParameterStore added
- Hashicorp Vault code added
- Still pending:
- Secrets Deletion (finalizers/regular CR update)
- update SetSecret method to PushSecret
- secret-store-csi-driver integration proposal update
- collective money
#### Action items
- Review [#1574](https://github.com/external-secrets/external-secrets/pull/1574)
- make release 0.6.0 (non-rc)
- ask for update in CNCF onboarding issue
- Schedule call to setup AWS credentials
- Sync up (hackathon?) on integration proposal update with SSCSID
- brittleness / complex system issues
- how to deal with authentication?
- @moolen add comments to the docs
## September 14th
Skipped due to conflicts :slightly_frowning_face:
#### Agenda/Notes
- [generator PR](https://github.com/external-secrets/external-secrets/pull/1539) ready to review
- AWS Account migration status
- celebrate donation from John Rinehart :tada:
## August 31th 2022
#### Attendees
- Moritz Johner @moolen
- Gustavo Carvalho @gusfcarvalho
#### Agenda/Notes
- generator implementation
- https://github.com/external-secrets/external-secrets/pull/1338
- @moolen opens draft PR with current status
- CNCF status update
- PushSecret status update
- CSI Secret Store
#### Action items
- @moolen: add support matrix (see action items last meeting): https://github.com/external-secrets/external-secrets/pull/1508
- @gusfcarvalho: make release candidate release 0.6 with 1.24 PR (overran from previous meeting)
- @gusfcarvalho Add notes to README.md about potential outage when migrating DNS servers.
-
## August 18th 2022
#### Attendees
- Moritz Johner @moolen
- Gustavo Carvalho @gusfcarvalho
#### Agenda/Notes
- generator proposal
- ACR/ECR/GCR implementation
- CNCF Onboarding sync
- $CLOUD Accounts?
- PushSecret status
- Kubernetes v1.24 upgrade
- GH Organization structure
#### Action items
- @moolen Secret Generation will not handle leases. Add that to design.
- @moolen Start migrating AWS accounts to ESO-owned orgs -> https://github.com/external-secrets/infrastructure
- make release candidate release 0.6 with 1.24 PR
- add support matrix for:
- ES dataFrom.find.name
- ES dataFrom.find.tags
- ES metadata sync
- push secret
- ES referent auth
- ES floodgate / validate store
- ✓ remove admins from GH Org except:
- @moolen, @knelasevero, @gusfcarvalho, markus maga + Linux Foundation
## August 8th 2022
#### Attendees
#### Agenda/Notes
- Postponed due to no attendees.
## July 20th 2022
#### Attendees
- Gustavo Carvalho @gusfcarvalho
- Moritz Johner @moolen
- Daniel Hix @adustyoldmuffin
#### Agenda/Notes
##### Non-Technical
- CNCF Sandbox application
##### Technical
- Hashivault AWS Engine [#1211](https://github.com/external-secrets/external-secrets/pull/1211)
- Proposal Draft for Secrets Generation [#1338](https://github.com/external-secrets/external-secrets/pull/1338)
- ECR/GCR/ACR provider
##### Action Items
- Come up with some quick designs possibilities for Generation within Providers ()
-
## July 06th 2022
#### Attendees
- Gustavo Carvalho @gusfcarvalho
#### Agenda/Notes
##### Non-Technical
##### Technical
- PushSecret Demo! [#1315](https://github.com/external-secrets/external-secrets/pull/1315)
(if we have time)
- Decoding Strategy PR [#1294](https://github.com/external-secrets/external-secrets/pull/1294)
- Hashivault AWS Engine [#1211](https://github.com/external-secrets/external-secrets/pull/1211)
##### Action Items
## June 22th 2022
#### Attendees
- Moritz Johner @moolen
- Gustavo Carvalho @gusfcarvalho
#### Agenda/Notes
##### Non-Technical
- Credit card from colletive is up, need to start using it in relevant
- consider using 1password or bitwarden to manage shared secrets (for CI or personal test credentials) AI: @knela_severo
- First ESO Meetup tomorrow 18:00 CET (https://www.meetup.com/container-solutions/events/swmbvsydcjbvb/)
- Governance document
##### Technical
- PushSecret status
- Key rewrite proposal [#1188](https://github.com/external-secrets/external-secrets/pull/1188)
- Fetch Tags [#305](https://github.com/external-secrets/external-secrets/issues/305)
- Issues in General
##### Action Items
- add stale bot to close @moolen
## June 8th 2022
#### Attendees
- Moritz Johner @moolen
- Daniel Hix @adustyoldmuffin
- 1/2 Lucas @knelasevero
#### Agenda/Notes
##### Non-Technical
A couple of user question answered
* what features are on the horizon?
* where to put docs/examples around oracle cloud managed Kubernetes?
##### Technical
## May 25th 2022
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Moritz Johner (@moolen)
#### Agenda/Notes
##### Non-Technical
* Youtube/Podcasts update [gdocs](https://docs.google.com/spreadsheets/d/1vljX_YvPRvVQKpULQN81ZnB4FCq_6M3Xe7GdXJuQXjI/edit#gid=0)
* Talks update - maybe having a gdocs as well
* CNCF Application (!!!!)
* sidenote: cncf toc mailinglist around sandbox applications [link](https://lists.cncf.io/g/cncf-toc/search?p=recentpostdate%2Fsticky%2C%2C%2C20%2C2%2C0%2C0&q=sandbox)
##### Technical
* controller-tools@0.9.0 out monday (we can bump google grpc package now)
* controller-runtime bump blocked by argocd dependencies.
* Data from Key Rewrite becoming fairly requested by users [#975](https://github.com/external-secrets/external-secrets/issues/975).
* (moolen) do a release?
* (moolen) secret generator functionality: yep or nop? [#1179](https://github.com/external-secrets/external-secrets/issues/1179)
* (moolen) prometheus rules in helm chart? [#1174](https://github.com/external-secrets/external-secrets/pull/1174)
* rename SecretSink
#### Action Items
* e2e tests for AKS (@gusfcarvalho)
* if argocd doesn't update for the next two community meetings, refactor.
* review [#1176](https://github.com/external-secrets/external-secrets/pull/1176)
* @moolen: add issue for Kubernetes Provider to support service account
## May 11th 2022
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Moritz Johner (@moolen)
- Marcin Kubica (@marcinkubica)
- Lucas Severo (@knelasevero)
#### Agenda/Notes
##### Non-Technical
* Add k8s provider as internaly maintained
* implement e2e tests + a setup similar to what we do with vault
* Add Azure KeyVault as internally maintained
* Ping Carla and Katie regarding more info around cncf sandbox
* Youtube/Podcast update [gdocs](https://docs.google.com/spreadsheets/d/1vljX_YvPRvVQKpULQN81ZnB4FCq_6M3Xe7GdXJuQXjI/edit#gid=0) / ask for read access if you want
* Kubecon Get Together (!!!)
##### Technical
* RFI: SecretStores Capabilities (related to SecretSink).
* flux/argo e2e tests [#1041](https://github.com/external-secrets/external-secrets/pull/1041)
* aws cli / e2e-managed-aws failure
* google grpc bumps
* (optional) discuss how we handle provider upgrades for the future [912](https://github.com/external-secrets/external-secrets/issues/912).
#### Action Items
* ✓ (@moolen) add Azure KV as internally maintained / ping maintainers for that
* ✓ (@moolen) add azure kv e2e tests issue
* ✓ add k8s provider as internally maintained (@knelasevero)
* add e2e tests for k8s provider (initially me, but will look to onboard someone new with this issue @knelasevero)
* ✓ ping Carla/Katie (@knelasevero) [but Kubecon atendees can try to talk with both in person]
* ✓ review flux/argo e2e (@knelasevero)
## April 27th 2022
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Tom Godkin (@BooleanCat)
- Moritz Johner (@moolen)
- Marcin Kubica (@marcinkubica)
#### Agenda/Notes
##### Non-Technical
* Make a fix release for ESO.
* Inception for Secret Sink (or any other feature?)
* Trunk-based contributions
* If you want to work on Secret Sink, you are welcome!
##### Technical
#### Action Items
## April 13th 2022
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Lucas Alves (@knelasevero)
- Moritz Johner (@moolen)
- Tom Godkin (@BooleanCat)
#### Agenda/Notes
##### Non-Technical
* ESO Online Meetups
* We can try to do it startung out with zoom - we can try out some different ideas (specially around freqyuency )
* cloud account expenses
* create
* project board / release planning
* CNCF contact and discuss applying already
* create document with questions (knelasevero)
* https://cryptpad.uncloud.do/pad/#/2/pad/edit/220JlYNSJlP03R5Kz19i-CtP/embed/
* schedule a meeting with Katie and Carla (knelasevero)
* ESO blog about sponsorships and big changes
* plan what to talk about and who would write it
* Collaborations w/ youtubers/podcasts
* Potential contributions from EngineerBetter
##### Technical
* 1pass provider
*
* [dataFrom key rewrite](https://github.com/external-secrets/external-secrets/issues/975) and [ExternalSecrets Decoding strategy](https://github.com/external-secrets/external-secrets/issues/920)
* Spec them out as a design document? Yes we should do that.
* Discuss Validate() general behaviour
* [#961](https://github.com/external-secrets/external-secrets/issues/961) vs [#948](https://github.com/external-secrets/external-secrets/issues/961) considering the [Gitlab implementation](https://github.com/external-secrets/external-secrets/pull/960) of Validate()
#### Action Items
* Create ESO accounts (this can be hard)
* Afterwards migrate from current infra
* @moolen create small writeup how Release Board should work
## March 30th 2022
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Moritz Johner (@moolen)
- Daniel Hix (@ADustyOldMuffin)
#### Agenda/Notes
* GCP Performance Leak Issues ([#818](https://github.com/external-secrets/external-secrets/issues/818) and [#834](https://github.com/external-secrets/external-secrets/issues/834))
* Release 0.5.0
* [#719](https://github.com/external-secrets/external-secrets/issues/719) closed only pending to do [#912](https://github.com/external-secrets/external-secrets/issues/912)
* GetAllSecrets for AWS Merged
* GetAllSecrets for Azure KeyVault ready to be Merged.
* Secret Sink
#### Action Items
* Release 0.5.0 once DeletionPolicy gets merged and some documentation around GetAllSecrets is available. After released, let some time to fix any bugs users might report.
* Probably announce release because of the milestone it represents.
* https://github.com/github/release-radar
## March 16th 2022
#### Attendees
- Gustavo Carvalho (@gusfcarvalho)
- Moritz Johner (@moolen)
- Daniel Hix (@ADustyOldMuffin)
#### Agenda/Notes
* Release 0.5.0
* Performance / Leak issues with GCP Provider: [#818](https://github.com/external-secrets/external-secrets/issues/818) and [#834](https://github.com/external-secrets/external-secrets/issues/834)
* Azure WI [#738](https://github.com/external-secrets/external-secrets/pull/738)
* GetAllSecrets for AWS [#820](https://github.com/external-secrets/external-secrets/pull/820)
* GetAllSecrets for Azure KeyVault [#805](https://github.com/external-secrets/external-secrets/pull/805)
* Secret Sink proposal
* Kubecon
#### Action Items
* Organize first ESO meetup @ kubecon! (from past meeting)
* Add ESO to Digital Oceans’ 1-click apps (from past meeting)
* @gusfcarvalho to troubleshoot #818 and #834
* @gusfcarvalho to ping user working on Secret Sink
* focus on the cleanup tasks for conversion webhooks [719](https://github.com/external-secrets/external-secrets/issues/719).
## March 2nd 2022
Attendees
* Moritz Johner
* Gustavo Carvalho
* Daniel Hix
#### Agenda/Notes
* Several Community supported providers missing `Validate` and `ValidateStore`
* `GetAllSecrets` implementation
* There are a lot of 'feels weird' around implementing GetAllSecrets as discussed in [698](https://github.com/external-secrets/external-secrets/issues/698)
* Addition of a `path` to spec?
* Key collision
* merge validating webhook [#750](https://github.com/external-secrets/external-secrets/pull/750)
#### Action Items
* Create issues for Validate implementation.
* Create issues for ValidateStore implementation.
* Document specificities of GetAllSecrets per provider.
* Follow up Key collision - unicode seems a little bit weird.
* Check if it is possible to remove api definitions from sonar cloud duplication tests.
* Organize first ESO meetup!
* Add ESO to Digital Oceans' [1-click apps](https://github.com/digitalocean/marketplace-kubernetes/blob/master/CONTRIBUTING.md)
## Feb 16th 2022
Attendees
* Moritz Johner
* Gustavo Carvalho (@gusfcarvalho)
* DanG
#### Agenda/Notes
* `GetAllSecrets()`
* coordinate provider implementations
* limitations: key collision & no version support
* disable client cache for secrets [#729](https://github.com/external-secrets/external-secrets/pull/729)
* promote aws/azure providers [#709](https://github.com/external-secrets/external-secrets/pull/706)
* TPL Engine v2 [#701](https://github.com/external-secrets/external-secrets/pull/701)
* azure kv provider refactoring [#703](https://github.com/external-secrets/external-secrets/pull/703)
* Discuss [Deletion Policy](https://github.com/external-secrets/external-secrets/issues/695) implementation
* Review [design docs for v1beta1](https://github.com/external-secrets/external-secrets/blob/main/design/001-design-crd-v1beta1.md)
* ClusterSecretStores with no events or status(?)
#### Action Items
- Add PR to include Deletion Policy on the crd-v1beta1. @gusfcarvalho
- review #701 @knelasevero
- review #701 @knelasevero
-
## Feb 4th, 2022 v2 Hack Session
Attendees
* Moritz Johner
* Gustavo Carvalho @gusfcarvalho
#### Topics
recording is available @knelasevero
##### SecretStore Controller
* we want a validation webhook for the SecretStore resource to do static validation
* ~~we should add a interface method ("validate") to check if the store configuration can be considered "valid"~~ - will be done in the [#466](https://github.com/external-secrets/external-secrets/pull/466)
##### Breaking Changes
* figure out how versions are managed/stored in etcd and how they're converted
* we want to draft a "final" version for the CRD before we actually implement the features themselves - that gives us the flexibility to continuously do releases and not block a release until everything is implemented.
##### v1beta1 ExternalSecret Scope
* find & extract (Azure / GetAll mechanic)
* template engine version
* ~~decodeStrategy~~ see https://github.com/external-secrets/external-secrets/pull/674
* ??
##### v1beta1 SecretStore
-> not going to tackle that right now
* We first need to figure out how to implement the decodeStrategy thing, because it touches a lot of points in the codebase.
* path standardization doesn't really justify a whole new version
##### Deprecation Policy
- we basically want to treat our `alpha` as `beta`: provide a upgrade path
- we want to promote to beta1 asap when the CRD and scope is defined
- want to get to GA in 9 months (2nd birthday: 23th November)
- deprecate alpha1 when we release GA
- wait a couple more release then deprecate beta1 aswell
##### Organisational Stuff
* we want to keep track of relevant features for `v1beta1` in the [GitHub Project](https://github.com/external-secrets/external-secrets/projects/3)
## Feb 2nd, 2022
Attendees
- Moritz Johner @moolen
- Lucas Severo @knelasevero
Agenda/Notes
- prep release 0.4 ([release outlook](https://github.com/external-secrets/external-secrets/pull/664#issuecomment-1027168598))
- we're having a planning meeting on friday to discuss mid/long term goals of the project
- setup multi-version support before merging breaking-changes (#664, #638, #515)
- discuss the approach and goals on friday
- we got some stale contributor PRs, we try to take them over if needed
Action Items
- @moolen ask @ADustyOldMuffin and @gusfcarvalho for sync regarding PR [#542](https://github.com/external-secrets/external-secrets/pull/542) to discuss details
- @moolen add docs for community-operators-prod; also consolidate docs `RELEASE.md` / `external-secrets.io` and [helm-op docs](https://github.com/external-secrets/external-secrets-helm-operator/blob/main/docs/release.md)
- @gustavo/@knelasevero ping or take over some of the PRs that could be quick to fix
- @moolen takes over [Reporter PR](https://github.com/external-secrets/external-secrets/pull/466)
## Jan 19th, 2022
Attendees
- Moritz Johner @moolen
- Gustavo Carvalho @gusfcarvalho
- Lucas Severo @knelasevero
Agenda/Notes
- (moolen) e2e@aws: need account for CI
- (moolen) planning session for the next ~12 months?
- celebrate donation by $anon! :tada:
- Breaking changes
- Azure key vault getAll() (dataFrom)
- templating changes to avoid problems with []byte
- Standardization of HashiVault provider
Action Items:
- @knelasevero add credentials for aws account in repo secrets
- @moolen create doodle to find some time for us (for the planning meeting)
- @knelasevero propose a process for something similar to KEPs in our project and comment in the issues that are proposing stuff (https://github.com/external-secrets/external-secrets/issues/347 / https://github.com/external-secrets/external-secrets/pull/542)
- @moolen taking care of the PR for anchore examples
- @moolen add community meeting date+time+details in readme and docs
- @moolen document processes in contribution guidelines
- PR assignee
- Proposal process
- close PR after
## Dec 8th, 2021
Attendees
- Moritz Johner @moolen
- Ope
Agenda/Notes
- OLM is work in progress, thanks to @slopezz
- going forward with `decodeStrategy` proposal:
- (1) implementing it on the provider level in a generic, reusable way ([#515](https://github.com/external-secrets/external-secrets/pull/515))
- (2) adding it to the external secret which may take precedence over provider flag
- TODO: add community meeting schedule + call to docs/repo
- switch to a alternating timezone schedule
- make a poll (@slack) and ask for timezone preferences
## Nov 24th, 2021
Attendees
- Moritz Johner @moolen
- Lucas Severo @knelasevero
Agenda/Notes
- AWS Provider graduation?
- e2e pod identity automation + other tests [#469](https://github.com/external-secrets/external-secrets/pull/469)
- CRD graduation? Whats still missing: azure / get-all secrets [#498](https://github.com/external-secrets/external-secrets/issues/498)
- we do not want to graduate right now, we first want to take a look at #498
- @moolen wants to take care of the operatorhub topic [#244](https://github.com/external-secrets/external-secrets/issues/244) [#493](https://github.com/external-secrets/external-secrets/issues/493)
- @moolen takes over PR kes2eso [#1](https://github.com/external-secrets/kes-to-eso/pull/1)
- Coverage
- @knelasevero taking over if Serdar does not have time
## Nov 10th, 2021
Attendees
- Sevi Karaköse (sevikarakose)
- Moritz Johner (moolen)
Agenda/Notes
- Discussion about Azure getAllSecrets [discussions/470](https://github.com/external-secrets/external-secrets/discussions/470)- https://github.com/external-secrets/external-secrets/issues/426
- @moolen wants to reply in the thread, didn't have time to unfortunately
- Community Operator hub progress
- Önsel and Sevi have been working on this for a while now. They're planning to get back on track, too busy with client work unfortunately.
- We need to review https://github.com/external-secrets/kes-to-eso/pull/1 already
- @moolen took a look. Looks promising, minor things need to be addressed (comment incoming)
- ok-to-test failing to report back to PR https://github.com/external-secrets/external-secrets/runs/4167322917?check_suite_focus=true
- https://github.com/external-secrets/external-secrets/issues/426
- https://github.com/external-secrets/external-secrets/pull/480
- Check with Serdar about Coverage tool
- Serdar will take a look as soon as possible
- Unfortunately GH does not let us pay for less subs than the amount of people in the org... (see img below)
![](https://i.imgur.com/I0yHlCq.png)
## Oct 27th, 2021
Attendees
- Gustavo Carvalho (gusfcarvalho)
- Lucas Severo (knelasevero)
- Moritz Johner (moolen)
Agenda
* Migration script updates
* Almost done!!!
* need to test with edge cases and have more eyes on the PR (moolen knelasevero)
* Code coverage issues
* Need to check with Serdar the status here and push this forward (knelasevero)
* We need to remember to set threashold tolerance to minor cov decrease (Serdar or we take over)
* E2E for cloud specific tests
* We need to have a new dir with IaC, a new workflow gh-actions file, and configure spawn and destroy of infra for specific cloud e2e
* Set monitoring of costs and add infracost to terraform analysis (Open issue with these details)
* e2e tests documentation needs to be improved (lucas)
* e2e tests issue when not setting all provider creds (moolen)
* Donations
* Pay gh premium (knelasevero)
* csi-secrets-store
* Add details to issue (knelasevero)
* SecretSinks
* Add details to issue (knelasevero)
* Secret generation
* Tell people to use crossplane. (knelasevero)
* Add docs to our site about using crossplane together with ESO (knelasevero)
* Continue using Paul, Prow is to dificult to maintain, and to add dedicated infra would be hard as well
* OperatorHub should be prioritized a bit more because of requests
* Check with Sevi and Onsel the status (knelasevero)
* Moritz wants to take over if they are too busy (moolen)
Notes
## Oct 13th, 2021
Attendees
- Gustavo Carvalho (gusfcarvalho)
- Sevi Karaköse (sevikarakose)
- Sebastián Gómez - (sebagomez)
- Oladipupo Ajayi - (DeeAjayi)
- Opeyemi - (Eebru-gzy)
Agenda/Notes
- Release 0.3.6 with security patches is on
- KES-ESO migration script
- almost ready for AWS / GCP
- Önsel and Sevi will be pairing on the Community Operators work
- Serdar and Lucas got sonarCloud configuration set (local check investigation didn't move forward)
## Sept 29, 2021
Attendees
- Lucas Severo (knelasevero)
- Gustavo Carvalho (gusfcarvalho)
Agenda/Notes
- Sonar gates and configs (https://sonarcloud.io/organizations/external-secrets/projects)
- Sonar trigger from fork PR
- raise issue for local check (gusfcarvalho)
- [#381](https://github.com/external-secrets/external-secrets/pull/381) leaked tokens
- Follow up on the PR (knelasevero)
- Cut a release possibly
- will cut today or tomorrow (knelasevero)
## Sept 1, 2021
Attendees
- Lucas Severo (knelasevero)
- Moritz Johner (moolen)
- Kian Kordtomeikel (KianTigger)
Agenda/Notes
- Migration script to go from KES to ESO
- Plan what to do with donations
- Gsuite?
- look for other providers, jitsi
- GH premium?
- Trial (lucas)
- investigate how premium seats work (lucas)
- CSI project integration
- Check with Kellin, see if he can join next community meeting (lucas)
- SonarCube has coverage capabilities, maybe remove codecov? (check with Serdar about coverage)
- Check how Sonar deals with coverage, ask Serdar about it (lucas)
- External Sinc [#347](https://github.com/external-secrets/external-secrets/issues/347)
- Secret Generation [#249](https://github.com/external-secrets/external-secrets/issues/249)
- Create an evaluation of how this would affect the project technically and organizationally [consider separating project, having more than one binary from same project, or other options] (moolen)
- Deleted secret isn't recreated until refresh [#344](https://github.com/external-secrets/external-secrets/issues/344) [#353](https://github.com/external-secrets/external-secrets/issues/353)
- comment on the issue that is fine to add another field in status, hashed (moolen)
- e2e test infra
- Ask companies what they are whiling to host and then decide how tom manage real infra for specific e2e tests (lucas)
## Aug 18, 2021
Attendees
- Lucas Severo (knelasevero)
- Kian Kordtomeikel (KianTigger)
- Elsa Chelala (ElsaChelala)
Agenda/Notes
- Migration script to go from KES to ESO
- Plan what to do with donations
- CSI project integration
## Aug 8, 2021
Attendees
- Moritz Johner (moolen)
- Sevi Karaköse (sevikarakose)
- Joey Brayshaw (Jabray5)
Agenda/Notes
- celebrate donation ($20 / Andrew Tsai <3)
- syncing metadata: opened [#305](https://github.com/external-secrets/external-secrets/issues/305) to keep track of it
- vault e2e incoming: draft [#304](https://github.com/external-secrets/external-secrets/pull/304)
- $cloud provider accounts sponsored by inovex
- provide architecture draft + access matrix (@moolen)
- need input: what do we have, who owns which account? (need to approach lucas for that)
- once approved: setup infra
- compute infra (openstack) sponsored by inovex
- maybe for dedicated github actions runner
- refresh interval issue: https://github.com/external-secrets/external-secrets/pull/303
- (joey) making progress on the gitlab project variables provider
## Jul 21, 2021
Attendees
- Joey Brayshaw (Jabray5 )
- Kian Kordtomeikel (KianTigger)
- Moritz Johner (moolen)
- Ricardo Torres (ricardoptcosta)
- Rodrigo Rios (rodrigorras)
Agenda/Notes
- Lucas and Moritz created an account in open collective and deposited some test funds. Someone already donated 100USD;
- AWS/EKS integration tests
- still need approval from Moritz's company to implement it
- e2e TODOs #205-#209
- currently mostly succesful paths are tested
- we should make clear issues that are missing in tests, and add them to acceptance criteria
- @Moritz will pursue this
- Moritz proposed a new release due to the recent merge regarding service account authenttication with AWS ([#251](https://github.com/external-secrets/external-secrets/pull/251)) - @Moritz will do the release
- Kian and Joey are working on adding Oracle Cloud
- [kes#798](https://github.com/external-secrets/kubernetes-external-secrets/issues/798) there was a issue opened on kubernetes/external-secrets asking for yandex. we will talk to the person who requested it to open in the main project. @Rodrigo will pursue this issue
- We celebrated Joey's [first pull request](https://github.com/external-secrets/external-secrets/pull/275) 🎉
## Jul 7, 2021
Attendees
- Elsa Chelala (ElsaChelala)
- Moritz Johner (moolen)
- Lucas Severo (knelasevero)
- Ricardo Torres (ricardoptcosta)
Agenda/Notes
- operatorhub.io [#244](https://github.com/external-secrets/external-secrets/issues/244)
- Sevi investigating
- https://opencollective.com/external-secrets-org
- Will go forward with this
- release with IBM Cloud Provider
- Will be done by Lucas soon
- label issues with beta: https://github.com/external-secrets/external-secrets/projects
- Look for things that impact the CRD
- AWS/EKS integration tests
- Create issue
- Check with Inovex for approval
- Move secret generation discussion to a issue
- TLS Vault auth - needing docs, will be added by Ricardo - after that the implementation
- Ricardo gonna contact Kellin and Cameron
## Jun 23, 2021
Attendees
- Moritz Johner (moolen)
Agenda/Notes
- Secret generation (discussion [195]([discussions/195](https://github.com/external-secrets/external-secrets/discussions/195)))
- Resource Version Status [#189](https://github.com/external-secrets/external-secrets/pull/189)
- Azure KeyVault enhancements [#215](https://github.com/external-secrets/external-secrets/pull/215)
## Jun 9, 2021
Attendees
- Moritz Johner (moolen)
- Lucas Severo (knelasevero)
- Ricardo Torres (ricardoptcosta)
Agenda/Notes
- Azure KV merged
- hardcoded key extraction ([see here](https://github.com/external-secrets/external-secrets/blob/95c8d054ac9274dbb24afbccd27d9b6e9b916d44/pkg/provider/azure/keyvault/keyvault.go#L209-L245)) issue: [#187](https://github.com/external-secrets/external-secrets/issues/187)
- documentation (also GCP)
- [#169](https://github.com/external-secrets/external-secrets/issues/169): bug when provider is slow
- decide what is part of the deprecation policy (@moolen: open issue)
- also draft the documentation
- exclude controller tests in the unit test phase (because of old k8s components that kubebuilder provides)
- add them when we have the kind cluster (with newer k8s versions) ready
- remember to have a look over codecov
## May 26, 2021
Attendees
- Lucas Severo (knelasevero)
- Gabrielle Beyer (gabibeyer)
- Ricardo Torres (ricardoptcosta)
Agenda/Notes
- Codecov [168](https://github.com/external-secrets/external-secrets/issues/168)
- We should have something
- Discuss other options on the issue
- Scope access per namespace [163](https://github.com/external-secrets/external-secrets/issues/163) and [134](https://github.com/external-secrets/external-secrets/issues/134)
- Need to discuss further
- Immutable secrets [156](https://github.com/external-secrets/external-secrets/issues/156)
- Shouldnt be hard. We probably can add this as an option
- Support to trigger refresh instead of pull [129](https://github.com/external-secrets/external-secrets/issues/129)
- Get in touch and see if he wants to implement it
- Have a look over 0.2 milestone, remove/add stuff
- just release with gcpsm and azure providers
- e2e tests
- maybe mobbing on this one
- We got asked on slack about stability and chance of things changing https://kubernetes.io/docs/reference/using-api/deprecation-policy/
- Need to discuss further
- Support level
- Start by adding support notices to our readme (and maybe to a pinned discussion post on the gh discussion forum)
- Invite other maintainers to mob programming
## May 12, 2021
Attendees
- Kellin McAvoy (mcavoyk)
- Moritz Johner (moolen)
- Lucas Severo Alves (knelasevero)
- Gabi Beyer (gabibeyer)
- Jonatas Baldin (jonatasbaldin)
Agenda/Notes
- Can't install helm chart on different k8s flavor?
- https://github.com/external-secrets/external-secrets/issues/142#issuecomment-839867167
- secret-store-csi-driver community meeting, what discussions should we bring there?
- SecretObject as separate CRD from Provider CRD
- Check with them if they have goals around secret synchronization without mounting
- 0.2.0: What do we plan to include in the next release
- Increase provider coverage (Azure/GCP)
- e2e tests
- docs for current providers
- 4 weeks release workflow
- Decide if minor or patch release depending on the changes
- Leverage TokenRequest API
- https://github.com/external-secrets/external-secrets/issues/137
- Plugin Style Providers
- Would be interesting, but not a priority right now
## April 28, 2021
Attendees
- Kellin McAvoy (mcavoyk)
- Moritz Johner (moolen)
- Riccardo Cefala (riccardomc)
Agenda/Notes
- Helm Chart needs to be done before release
- vault Docs still missing
- e2e tests, initial iteration done with localstack and local vault, but followup issue needed
- CS infra, we need to add maintainers into the accounts
Action Items:
* helm chart release workflow @moolen
* vault docs
* merging e2e [done]
## April 14, 2021
Attendees
- Kellin McAvoy (mcavoyk)
- Moritz Johner (moolen)
- Jonatas Baldin (jonatasbaldin)
- Riccardo Cefala (riccardomc)
Agenda/Notes
- Discussion on previous agenda notes
- Review of [metrics PR](https://github.com/external-secrets/external-secrets/pull/110)
- [Change dependabot frequency to weekly](https://github.com/external-secrets/external-secrets/pull/112) – merged
- Push YAML artifacts on pipeline to GitHub – tracking [here](https://github.com/external-secrets/external-secrets/issues/43)
- [Use External Secrets Operator name for Helm Charts](https://github.com/external-secrets/external-secrets/issues/105#issuecomment-819641753)
- Release a v0.1 when merging #110, #69 and #106 at least – @jojo added a release/v0.1 tag to these PRs
- 1Password released their own operator... we will start a discussion to merge efforts as well. @jojo dropped [this issue](https://github.com/1Password/onepassword-operator/issues/22) there
## March 31, 2021
Attendees
- Kellin McAvoy (mcavoyk)
- Lucas Severo Alves (knelasevero)
- Aziz (1aziz)
Agenda/Notes
- CLA ([#96](https://github.com/external-secrets/external-secrets/issues/96))
- CRD Spec repo ([#97](https://github.com/external-secrets/external-secrets/issues/97))
- Add E2E testing ([31](https://github.com/external-secrets/external-secrets/issues/31))
- Create Helm chart repo
- Something like `charts.external-secrets.io` ([#105](https://github.com/external-secrets/external-secrets/issues/105))
- Clean up milestone/Project board
## March 17, 2021
Attendees
- just me, Moritz Johner (moolen)
Agenda/Notes
- aws refactoring([#57](https://github.com/external-secrets/external-secrets/pull/57))
- split interface: Provider/SecretsClient ([#55](https://github.com/external-secrets/external-secrets/pull/55))
- PTAL: AWS Parameter Store ([#59](https://github.com/external-secrets/external-secrets/pull/59))
- PTAL: Vault Provider ([#47](https://github.com/external-secrets/external-secrets/pull/47))
- refresh interval ([#48](https://github.com/external-secrets/external-secrets/pull/48))
- Security Policy ([#60](https://github.com/external-secrets/external-secrets/pull/60))
- Code of Conduct ([#46](https://github.com/external-secrets/external-secrets/pull/46))
- docs are hosted using cname ([#56](https://github.com/external-secrets/external-secrets/pull/56))
- paul bot configuration ([#49](https://github.com/external-secrets/external-secrets/pull/49))
- cleanup lint stage ([#54](https://github.com/external-secrets/external-secrets/pull/54))
PRs to discuss or need attention
- i think we should merge [crd-spec#7](https://github.com/external-secrets/crd-spec/pull/7)
- Azure KV needs some attention to get the spec done: [crd-spec#6](https://github.com/external-secrets/crd-spec/pull/6)
Action Items
- TBD
## March 3, 2021
(https://everytimezone.com/s/8dbf346e)
Attendees
- Lucas Severo Alves (knelasevero)
- Kellin McAvoy (mcavoyk)
- Moritz Johner (moolen)
- Chaitanya Kandagatla (ckandag)
Agenda/Notes
- Repo automation bot
- Release workflow
- Change cadence of the meetings now that most of the project is already bootstraped and steered
- domain https://www.external-secrets.io/
- https://github.com/cla-assistant/cla-assistant (maybe require it only if person is contributing during work time, and trust them?)
- https://github.com/external-secrets/external-secrets/pull/46 CoC
PRs to discuss or need attention
- [Please add any PRs that need attention, with your name, below]
Action Items
- Look into kubernetes-sigs/external-dns ownership as a reference for this project (@mcavoyk)
- External-dns is owned by [sigs-network](https://github.com/kubernetes/community/tree/master/sig-network)
- Setup Paul in the project (@knelasevero)
- Apex domain config (@knelasevero)
- Enable Discussions on github repo (@knelasevero)
- Setup CLA assistant (reachout to sigs-network to decide if it is necessary) ?
## February 17, 2021
(https://everytimezone.com/s/712e40fe)
Attendees
- Lucas Severo Alves
- Kellin McAvoy
- Moritz Johner
- Riccardo Cefala
Agenda/Notes
- add awssm support PR in V2 [#34](https://github.com/external-secrets/external-secrets/pull/34)
- support azure keyvault provider PR in V2 [#22](https://github.com/external-secrets/external-secrets/pull/22)
- add provider-specific instructions to remoteRef PR in V2 spec [#4](https://github.com/external-secrets/crd-spec/pull/4)
- Colab Blog Doc
- https://docs.google.com/document/d/1H7leHCaQeJcur4E-Xi8croyl_FbDuzlJeVJIdGuIu6M/edit
- documentation first pass: https://moolen.github.io/external-secrets/
PRs to discuss or need attention
- [Please add any PRs that need attention, with your name, below]
Action Items
- Look into CLA - Lucas and Kellin
- Get in touch with contacts at Azure, Google and AWS regarding credits for integration tests - Riccardo
- Merge a draft for the doc first pass, and we will iterate further - Moritz
- Look into using https://doc.crds.dev/ , if we have a problem Kellin will contact Dan to have a look
- Look into having a Code of Conduct, both for contributions and meetings - Lucas
- Add a script to the start of the meeting document to always mention the COC and remember to record
## February 03, 2021
Attendees
- Lucas Severo Alves
- Kellin McAvoy
- Moritz Johner
Agenda/Notes
- Merge in main controller loop (@knelasevero)
- Vault provider PR should be available in the next week (@mcavoyk)
- ExternalSecret logo
- https://drive.google.com/drive/folders/1_1kTEu4QZ453ce6ZrSUPJmOvfvCghNHJ
- Discussion on the current kubernetes-external-secrets project regarding templating ExternalSecrets
- https://github.com/external-secrets/kubernetes-external-secrets/discussions/605
- concerns about supporting the template language in JS and Golang
PRs to discuss or need attention
- [Please add any PRs that need attention, with your name, below]
Action Items
## September 12, 2020
### What happened?
- We merged the Provider interface PR (thanks Moritz!)
- Jonatas working on the Control Loop
- Lucas working on the CI/CD
### Action items
- Finish the Control Loop (@jonatasbaldin) – blocker for the Provider implementation
- Still need to work on the Issues templates on GitHub
- Mircea will pickup an issue on GitHub to work on