# External Secrets Community Meeting ### Schedule Meetings are on Zoom every other Wednesday 13:00 PM CEST. (invite is on https://www.cncf.io/calendar/) Next Meeting link: https://zoom-lfx.platform.linuxfoundation.org/meeting/92843470602?password=b953d8fb-825b-48ae-8fd7-226e498cc316 <!-- previous meet link https://meet.jit.si/eso-community-meeting --> <!-- previous meet link from Moritz: https://meet.google.com/uis-rfiz-rsa --> <!-- previous meet link from lucas: meet.google.com/iek-etsm-jkk --> Steps before starting the meeting: - Start Recording - Welcome everyone ;) - (Optional) Intros from new joiners - Mention COC In meeting: - Go over action items from last meeting - Go over points - Go over previous meetings action items - Go quickly over some open PR * Backlog Items: * - is there an easy to read changelog, blog etc to see what is new in each version ? For example, going from 0.8.x to 0.9.x ([slack](https://kubernetes.slack.com/archives/C017BF84G2Y/p1699989700793419)) [@Mark] * * # Community Meeting ## May 2025 ### 21st May ##### Host - Gustavo (@gusfcarvalho) ##### Participants - Gustavo Carvalho (@gusfcarvalho) - Gergely Brautigam (@skarlso) - Bharath B - Artur Ferfecki (@theartusz) ##### Agenda - Discuss Issues/ PRs tagged: - Fine Grained CRD Installation [#4788](https://github.com/external-secrets/external-secrets/issues/4788 - Lets follow with this. - @artur Ferfecki to create a PR for CRD flags. - CRD creation flags - processGenerators flag @gustavo to help out / do - - Impersonage Service Account for managing Secrets [#4704](https://github.com/external-secrets/external-secrets/issues/4704) - Init Containers on Helm Charts [#4745](https://github.com/external-secrets/external-secrets/pull/4745) - Voted for removing extra containers - not allow support for init contianers - AFTER we have docs on how users can safely install webhook providers. - (CSI provider, mount it as a CSI volume in external-secrets) - Support google workload identity federation [#4654](https://github.com/external-secrets/external-secrets/pull/4654) - v2 Generator / SecretStore Design [#4792](https://github.com/external-secrets/external-secrets/pull/4792) - If we decide for v2: Content on external-secrets v2 - help users onboard quickly. - v0.17.0 Post Moterm. Are there any lessons learned? Some Facts: - v1 to v1beta1 contains no changes. - the bump itself was expected to contain a breaking change (`v0.16 -> v0.17`) - Helm charts are not covered by our deprecation policies - v1beta1 still works if users just mark them `served: true` - Release notes and update process were clear - Time between releases was small Actions: - Document upgrade and deprecation process. (DEPRECATING.md and deprecating page on our website) - do not change current strategy - from 0.17 -> 1.0.0 :) ### 7th May ##### Host - Gergely (@skarlso) ##### Participants - AJ Wolski - Bharath B ##### Agenda - ESO v1 - https://github.com/external-secrets/external-secrets/pull/4628 1Password SDK - [ ] Pick up clusterGenerator cross-namespace access - https://github.com/external-secrets/external-secrets/pull/4484 AWS SDK 2 - https://github.com/external-secrets/external-secrets/issues/4747 -> update examples - [ ] Add the previous meeting list to the calendar invite @skarlso ## April ### Community Meeting #### Participants - Gergely (@skarlso) - Victor - Gustavo #### Host - Gergely (@skarlso) #### April 9th ##### Agenda - [x] Update the Youtube channel's description and pointed to past ZOOM events. - [x] Discuss the refreshing on demand https://github.com/external-secrets/external-secrets/pull/4594 - [x] ExternalSecrets V1, SecretStore V1, and external-secrets v1.0.0: - [x] Wait to merge when we are incubating so we get help from CNCF on marketing !! - [x] Voting Passed! 4/5 votes :) - [x] Proposed Scope: - [x] Remove ExternalSecret/v1alpha1, SecretStore/v1alpha1 - [x] Promote ExternalSecret/v1beta1, secretStore/v1beta1 to v1 - [x] Add Warnings for unmaintained providers on SecretStore Reconciler and validation webhooks. - [x] Remove Conversion Webhooks (hallelujah!) - [x] Remove Template/v1 - [x] Remove ValueMap from SecretStore Fake - [x] ? Remove ConversionStrategy - [x] Cross-namespace access for Generators the newest -> https://github.com/external-secrets/external-secrets/issues/4629 - [x] Let's de a maintainer vote - if not accepted clearly document why not - if accepted write up a proposal - [x] @skarlso create an issue to track the maintainer vote - [x] FOSSA license via CNCF ## March ... ### Community Meeting #### Participants #### Agenda - [ ] Discuss the refreshing on demand ## March 26th ### Host - Gergely (@skarlso) ### Community Meeting #### Participants - Gustavo (@gusfcarvalho) #### Agenda - [x] Talk about Provider sunsetting https://github.com/external-secrets/external-secrets/issues/4593 - [x] @Skarlso Leave a comment on the issue about the decision / updated opinion - [x] Promote ESO to V1, freeze new feature requests to the whole structure, create v2alpha1? - Provider Versioning Scheme separate others - Templating to target creation of none Kubernetes secret objects ( ConfigMap, OpenShift ) - PushSecrets which simply cannot have all the nice things ExternalSEcrets can have. - Generators/ClsuterGenerators which are weird and not following same standards as SecretSTores/ClsuterSecretSTores - [x] @gusfcarvalho to add these to the v1 tracking issues and ping the other maintainers about it. Start sync voting on next community meeting, and if not enough quorum, vote via lazy consensus on the issue. - [x] Incubation issue is sleeping https://github.com/cncf/toc/issues/1486 ## March 12th ### Host - Gergely (@skarlso) ### Community Meeting #### Agenda Nothing important really. A roadmap for ESO https://github.com/orgs/external-secrets/projects/2. ## February 26th ### Host - Gergely (@skarlso) It was a test meeting to see if the new invite from CNCF and the Zoom meeting is working. And it was. ## February 12th ### Host - Gergely (@skarlso) ### Community Meeting #### Agenda - [x] Old issues cleanup - Possibly reduce the stale bot number - Help people contribute and understand the codebase - Documentation on how to add providers - [x] In-tree out of tree proposals PR [#3634](https://github.com/external-secrets/external-secrets/pull/3634) - Trilok Geer to take a look and review/re-evaluate - [x] We really really need to update the AWS Provider SDK to v2 [Issue](https://github.com/external-secrets/external-secrets/issues/4310) - Put a bounty on it, so people pick it up ( look into this and decide on how to proceed ) - [x] Cannot seem to run e2e tests on this [pull-request](https://github.com/external-secrets/external-secrets/pull/4406) even though it was recreated - Try creating a bump PR ourselves and see if it works. - [x] Ping Barath on https://github.com/external-secrets/external-secrets/issues/1038 - Barath will comment on the issue so I can assign him to it - [x] Incubating Process updates ? :))) - [x] Kubecon EU Plans? - [x] Injecting secrets into the pod directly as an environment variable? - If an organization hates secrets, they hate environment variables ( it's typically worse ) ### Action Items - [ ] Unnofficial Gathering for External Secrets Community (when, where - to decide @gusfcarvalho) - [ ] @skarlso talk to the maintainers about this process - [ ] Prodiver template creation esoctl -> create provider assignee -> @skarlso ( document in code on how to implement, bootstrap a provider ) - [ ] Trilok to review / re-evaluate /re-propose out-of-tree providers - [ ] Bharath to tackle #1038 - [ ] Close really old issues that lost meaning like [#336](https://github.com/external-secrets/external-secrets/issues/336) - [ ] On old issues ask the person if the issue is still relevent / encourage them to contribute - [ ] Come up with a design proposal to inject secrets into pod directly - [ ] Before doing this, create an issue to gauge community desire for this kind of feature @skarlso ## January 29th ### Community Meeting #### Agenda - ([#4335](https://github.com/external-secrets/external-secrets/issues/4335)) Any assignees? - OLM support , there are bunch of things missing now. https://github.com/external-secrets/external-secrets-helm-operator/pull/79 ## Dec 18th ### Community Meeting #### Host - Gustavo #### Agenda - stateful generators ([#4203](https://github.com/external-secrets/external-secrets/pull/4203)) - deprecate namespace name selector from ClusterExternalSecret? (ref: [#4162](https://github.com/external-secrets/external-secrets/pull/4162)) - Deprecate/Remove - helm olm operator - what is the present case from customer perspective? - Tag Security for Incubating (:party_hat:) - waiting for ESO presentation to be booked ### Action Items ## Dec 4th ### Community Meeting #### Host - Gustavo #### Agenda - Deprecate OLM Release https://github.com/external-secrets/external-secrets/pull/4175 - Approved with 2 votes out of 2. ### Action Items - @gusfcarvalho to notify people, open PRs, and change Release notes warning of the deprecation. ## Sept 25th ### Community Meeting #### Host #### Agenda - Discussions with CNCF - Moving docs to netlify - hugo + docsy - Mentorship program - google GSOC support - Workshop (service desk?) - google season of docs ## Aug 28st ### Community Meeting #### Host - Lucas (@knela) #### Attendees - Gustavo (@gusfcarvalho) - Gergely (@skarlso) #### Agenda/Notes - scarf (https://app.scarf.sh/) discussion - Bounty to attract contributors - Maintainer scholarship idea - How do we feel about External Secrets Inc (www.externalsecrets.com) being a sponsor - Provider Versioning - We Need Maintainers (https://kubernetes.slack.com/archives/C047LA9MUPJ/p1724843557332789) - Ditch Community Meetings at 20:00 CEST (always make them 13:00 CEST) #### Action items - First try to contact CNCF for google analytics access & using scarf.sh (@knelasevero) - Explore these with the current value on the collective: - Make Most Vodted by community issues - Attract/Reward contributions for it. (@gusfcarvalho) - First draft of Proposal - Maintainer Scholarship for newly onboarded maintainers (@gusfcarvalho) - Remove Sebagomez, Shuhei from the maintainers group (@knelasevero). - Create a Reviewers group (@knelasevero). ## July 31st ### Community Meeting #### Host - Lucas #### Attendees - Gustavo - Gergely - Lucas #### Agenda/Notes - Breaking Changes to Webhook Provider - Next release 0.10.0 - Long inactive members - Long term support discussion - Provider Versioning - Support for custom resources (ConfigMaps) https://github.com/external-secrets/external-secrets/pull/3449 - Review [#3699](https://github.com/external-secrets/external-secrets/pull/3699) #### Action items - PR introducing better webhook posture (@gusfcarvalho) DONE - Add msg to error logs pointing to update secrets (@gusfcarvalho) DONE - Create issue "Problems with webhook provider on 0.10.x ?" and Pin it (@knelasevero) - Remove Sebagomez, Shuhei from the maintainers group (@knelasevero). - Create a Reviewers group (@knelasevero). - Remove PAUL (@knelasevero) :'( - Actually review [#3699](https://github.com/external-secrets/external-secrets/pull/3699) (@gusfcarvalho @knelasevero) DONE ## June 19 ### Community Meeting #### Host - Lucas #### Attendees - Moritz - Gergely - Iwan #### Agenda/Notes - From last meeting: Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515). - vote on: https://github.com/external-secrets/external-secrets/issues/2699 - did anyone notice problems with pushsecret recreating the secrets? - https://github.com/external-secrets/external-secrets/pull/3600 #### Action items - next community meeting discuss above issue - next community meeting also vote on https://github.com/external-secrets/external-secrets/issues/2699 - ## May 22 ### Community Meeting #### Host - Lucas #### Attendees - Lucas - Iwan #### Agenda/Notes - Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515). - Check if provider separation (and future plugin solution) would help here - Check proposed solution in the issue (both from implementability perspective and if we would be ok with incorporating that into the project) - Vote on it #### Action items - next community meeting discuss above issue - next community meeting also vote on https://github.com/external-secrets/external-secrets/issues/2699 - ## April 24 ### Community Meeting #### Host - Gustavo #### Attendees - Gustavo #### Agenda/Notes - . #### Action items - . ## March 13 [canceled ] ### Community Meeting #### Host - Lucas #### Attendees - Lucas #### Agenda/Notes - . #### Action items - . ## Jan 18 ### Community Meeting #### Host - Gustavo (@gusfcarvalho) #### Attendees - Moritz #### Agenda/Notes - license scan issue / see also https://github.com/cncf/foundation/issues/109 / https://github.com/uw-labs/lichen - depreciation policy https://github.com/external-secrets/external-secrets/issues/3030 - Deprecation of SecretStore - any updates on this? - add provider for deprecated store https://github.com/external-secrets/external-secrets/pull/2993 - KCD BR ContribFest issues suggestions? (create the issue on External Generators) - Good first issues. - ClusterSecretStore - Concise way to trigger a refresh on a ClusterExternalSecret. - Bump CRDs to v1 (just it would be cool) - deprecation of v1alpha1, prometheus, ConversionStrategy, template/v1 - Probes (helm chart extras) - 1.0.0 (stable) - Deprecation Policy - Provider CRD be in. - Project Yearly Review - We want to do it with most maintainers on it. - CNCF Incubation. - Start the process? Talk to ToC members first as they need to champion us regardless. #### Action items - Find ToC members and talk to them - create a new issue to discuss which tool to use over FOSSA - Document implementation of Providers to allow for both SEcretStore or SecretStore.spec.provider deprecation. Ask for maintainers votes. [@gusfcarvalho] - reach out to brendan about Paul [@knelasevero] ## Jan 3 ### Community Meeting #### Host - Lucas #### Attendees - Lucas - Moritz #### Agenda/Notes - codecov [slack thread](https://kubernetes.slack.com/archives/C047LA9MUPJ/p1703659594623499?thread_ts=1703655390.563569&cid=C047LA9MUPJ) - let's do this, would be great to have it back! - state of paul? - fossa :/ - Deprecation of SecretStore - Release process #### Action items - reach out to brendan about Paul [@knelasevero] - fossa - reach out to cncf [@moolen] ## Dec 20th ### Community Meeting #### Host - Moritz #### Attendees - Moritz - Roger - Alec #### Agenda/Notes - briefly touched on [#2503](https://github.com/external-secrets/external-secrets/issues/2503), there's raising interest and alec would like to raise a PR with a design doc #### Action Items - check if Paul bot is working @moolen ## Dec 6th ### Community Meeting #### Host - Gustavo (@gusfcarvalho) #### Attendees - Shlomo Heigh (@szh, Dev @ CyberArk Conjur) - @moolen - @vsantos #### Agenda/Notes - (if we have quorum) Provider Versioning proposal [#2545](https://github.com/external-secrets/external-secrets/issues/2545)/[#694](https://github.com/external-secrets/external-secrets/issues/694) - Question about provider [feature support matrix](https://external-secrets.io/main/introduction/stability-support/#provider-feature-support), general discussion about Conjur provider upgrades #### Action Items - Start vote async for SecretStore decision. ## Nov 22th ### Community Meeting #### Host - Moritz (@moolen) #### Attendees - Gergely Brautigam (@skarlso) - Gustavo (@gusfcarvalho) - Roger Tuma (@rogertuma) #### Agenda/Notes - KubeCon update (?) - Multiple Kubernetes Secret from one External Secret. - External Secret creating different targets than secret. - Provider Versioning proposal [#2545](https://github.com/external-secrets/external-secrets/issues/2545)/[#694](https://github.com/external-secrets/external-secrets/issues/694) - PushSecret generator proposal [#2665](https://github.com/external-secrets/external-secrets/pull/2665) - Latest commit from me has a failed license error? [commit](https://app.fossa.com/projects/git%2Bgithub.com%2Fexternal-secrets%2Fexternal-secrets/refs/branch/main/3fbe318582266db5eefbbb11ad9ba1c1b3b795b0/preview). #### Action Items - versioning proposal: let's see until next community meeting if we're able to produce something tangible and drop it if it takes too much time implementing it - consider dropping FOSSA and replace it with snyk (@moolen create issue) - ## Oct 25th ### Community Meeting #### Host - Moritz (@moolen) #### Attendees - Moritz (@moolen) - Lucas (@knelasevero) - Shuhei (@shuheiktgw) - Leonardo (@leomichalski) - Lais (@laisramos123) #### Agenda/Notes - KubeCon update (?) - dataFrom[].transform [#2802](https://github.com/external-secrets/external-secrets/pull/2802) - Azure AKS managed test suite unfinished - discussed cert-manager integration PR: https://github.com/external-secrets/external-secrets/pull/2736 - rotation for launching releases and for hosting meetings #### Action Items - dig CRD fields should be versioned @knela - open issue for AKS managed test suite @moolen - start async discussion about rotation for launching releases and for hosting meetings @knela ## Oct 11th ### Community Meeting #### Host - Lucas (@knelasevero) #### Attendees - Moritz (@moolen) #### Agenda/Notes - KubeCon prep - review PRs - https://github.com/external-secrets/external-secrets/pull/2760 - https://github.com/external-secrets/external-secrets/pull/2763 - record release process #### Action Items - review the kubecon stuff (@knelasevero) ## September 27th ### Community Meeting #### Host - Moritz #### Attendees - Moritz (@moolen) #### Agenda/Notes - KubeCon prep - review PRs #### Action Items - ## September 13th ### Community Meeting #### Host - Gustavo #### Attendees - Gustavo (@gusfcarvalho) #### Agenda/Notes - Brief update on [past PRs](https://github.com/external-secrets/external-secrets/compare/v0.9.4...main) - PushSecret updatePolicy [PR](https://github.com/external-secrets/external-secrets/pull/2664/files) - PushSecret generator integration [PR](https://github.com/external-secrets/external-secrets/pull/2665/files) - Provider Versioning Strategy [PR](https://github.com/external-secrets/external-secrets/pull/2655) - Github Provider, push only [ISSUE](https://github.com/external-secrets/external-secrets/issues/1727) - meeting time :) - json encode/decode bug https://github.com/external-secrets/external-secrets/pull/2681 - consider changing olm release process: [https://github.com/knelasevero/package-olm (similar to cert-manager) - How do we onboard providers?, or how it is decided to implement them and the impact on the project #### Action Items - [ ] @moolen update docs, next meeting Sept 27th. - [ ] @knelasevero Double check if OLM release process can support configuration ## August 30th ### Community Meeting #### Host - Moritz ### Attendees - Moritz (@moolen) #### Agenda/Notes Meeting postponed as no one joined! Next meeting will be September, 13th. - Brief update on [past PRs](https://github.com/external-secrets/external-secrets/compare/v0.9.4...main) - PushSecret updatePolicy [PR](https://github.com/external-secrets/external-secrets/pull/2664/files) - PushSecret generator integration [PR](https://github.com/external-secrets/external-secrets/pull/2665/files) - json encode/decode bug https://github.com/external-secrets/external-secrets/pull/2681 #### Action Items ## August 2nd ### Community Meeting #### Host - Gustavo #### Attendees - Gustavo (@gusfcarvalho) - Moritz (@moolen) - Seb (@sebagomez) #### Agenda/Notes - GA prep - https://github.com/orgs/external-secrets/projects/2 - Some work could be done at Container Solutions, but resources allocated there would be for learning purposes - those issues are probably not the best for it - Better to have it then not have it. - release prep 0.9.2 #### Action Items - ask in slack regarding meeting time @moolen - create maintainer onboarding docs @moolen - Design how Provider Versioning Strategy would 'look like in theory' @gusfcarvalho - Secret Store v1 design (field changes, we can consider the minimal approach) - Create issues for design action items and for the missing bits that do not have action items. @gusfcarvalho - release 0.9.2 - @gusfcarvalho @sebagomez - review #2410 - @gusfcarvalho - write a comment on #2288 - we can proceed with it, and if we decide that this is a bad way of moving forward (and prefer dataFrom, we can push forward) - comm ## July 21st ### General Availability development missing bits #### Attendees - Moritz - Gustavo - Lucas - Seb #### Meeting Notes Points: - Deprecation of ConversionPolicy (no issue yet) - Deprecation of prometheus annotations [#1025](https://github.com/external-secrets/external-secrets/issues/1025) - Standardize dataFrom.find (no issue yet) - Standardize MetadataPolicy (no issue yet - should we do it?) - Removal of v1alpha1 (no issue yet) - Deprecation of v1beta1 (no issue yet) - [BIG TASK] Provider versioning Strategy [#694](https://github.com/external-secrets/external-secrets/issues/694) - Strategy one: have non-validated field with provider configuration, versioning done on code level (with validation needed as well) - Strategy two: Separate providers into new CRDs, reference CRDs on the SecretStore - Maybe deprecate the SecretStore and just leverage SourceRef on the External Secrets? - Make v1beta2 with new SecretStore - CRDs for providers would be v1beta1 - [BIG TASK] Standardize SecretStore Providers [#689](https://github.com/external-secrets/external-secrets/issues/689) [we need design here - action item] - Close to Provider versioning - Conversion Webhook logic for upgrade path (v1beta1 -> v1) - how serviceAccounts and secrets are used - common fields like 'path' and 'server'? - common fields mean found more than 5 times across a file, or 10 times across the project. - root level provider structure should follow: - auth - server (find a better name - maybe target) - url - cabundle, caprovider - endpoint - - After discussing, Standadization of fields seems way easier if we figure out provider versioning with CRDs. #### Action Items - Check resources for ESO GA last mile with Container Solutions @gusfcarvalho - Check if @shuhei can help out with the Big Tasks that are important, but don't really add much value. - Design how Provider Versioning Strategy would 'look like in theory' - Secret Store v1 design (field changes, we can consider the minimal approach) - Create issues for design action items and for the missing bits that do not have action items. ## July 5th #### Host - Lucas (@knelasevero) #### Attendees - Moritz (@moolen) #### Agenda/Notes - [gustavo] Community meeting time - taking turns on times that work for americas and Asia - [Fram Souza] Multiple Secret Generation with ExternalSecrets (see https://kubernetes.slack.com/archives/C017BF84G2Y/p1688483983064609) - Other maintainers - new providers on the horizon - what needs to be done for GA? - configmap sync Action items: - ask in slack regarding meeting time @moolen - create maintainer onboarding docs @moolen - document accounts we have etc. - open thread in slack regarding "when do we stop onboarding new providers?" @moolen - make a doodle for a meeting where we brainstorm on what needs to be done before GA (not mapped on the milestone, docs and all) @knelasevero ## June 21st #### Host - Gustavo (@gusfcarvalho) #### Attendees - Gustavo - Moritz #### Agenda/Notes - plugin system / provider separation [#696](https://github.com/external-secrets/external-secrets/issues/696) - Instead of plugins, go for build flags? - We generate only the "full" image, and allow users to build images without the providers they don't need - It is not a way to not have plugins, but to allow moving the project to GA without the plugin system in place (as a lot of refactor would be needed, etc.) - Moritz ran some PoC on plugin system, and even though it is working, it would take some time to take it from alpha onto release to users. - Plugin system could be a good idea for v2, as we could break existing users in the process of releasing it. - for V1 - suggestion by both Moritz and Gustavo to go without plugins. - release 0.9.0 (past community meeting action item) - Moritz is reviewing fixes and documentation PRs to be able to release 0.9.0 - Open PRs that need to be reviewed #### Action Items - Add Seb to manage youtube channel (@gusfcarvalho) - Add poll to see other maintainers opinions on the issue (@gusfcarvalho) - Review open PRs as the list is getting big! ## June 7th #### Host - Seb #### Attendees - Seb - Moritz - Gustavo - Nima - Ludovic - Yuri #### Agenda/Notes - 0.8.x or 0.9 release (requested via [slack thread](https://kubernetes.slack.com/archives/C047LA9MUPJ/p1685729999663339))? - ESO Threat Model [#2308](https://github.com/external-secrets/external-secrets/pull/2308) - e2e tests enhancements [#2376](https://github.com/external-secrets/external-secrets/pull/2376) - eso threat model [#2308](https://github.com/external-secrets/external-secrets/pull/2308) - update on plugin system / provider separation [#696](https://github.com/external-secrets/external-secrets/issues/696) Action items: - @moolen + @seb to do the release - ## May 24th #### Host - Moritz #### Attendees - Moritz #### Agenda/Notes Meeting postponed as no one joined! Next meeting will be June, 7th. - 0.8.3 release / fix OpenShift [#2342](https://github.com/external-secrets/external-secrets/issues/2342) & [#34](https://github.com/external-secrets/external-secrets-helm-operator/pull/34) - ESO Threat Model [#2308](https://github.com/external-secrets/external-secrets/pull/2308) ## May 10th #### Host - Lucas #### Attendees - Gustavo (@gusfcarvalho) - Seb (@sebagomez) - Scott Andrews (@scothis) - Andy Sadler (@sadlerap) - Mo Khan (@enj) - Anish Ramasekar (@aramase) #### Agenda/Notes - Secret Store CSI joint discussion - SSCSI secret sync controller presentation ([issue #336](https://github.com/external-secrets/external-secrets/issues/336)) - https://kubernetes.slack.com/archives/C013PUP2WRK/p1682354854859329 - SSCSID presented their project - Gustavo asked if we could consider ESO the controller they would use to sync secrets - We need to make sure APIs adhere to sig-auth standards - We need to make sure ESO users and also SSCSID users are not disrupted with breaking changes - ESO to show up a quick intro and a proposition on Secret Store CSI on SSCSI community meeting - ServiceBinding support [PR #2263](https://github.com/external-secrets/external-secrets/pull/2263) - Discution around the open PR and the changes - Gustavo worried about the 'type' field of the Kind Secret in the example - That field is not used, it is just an example and recommendation of documentation - Other chore stuff from the PR to address - metrics via otl initial work - also discuss plugin next plans - https://github.com/external-secrets/external-secrets/pull/2291 - Concern with the future of plugin structure - Decided to just go forward with this change and adapt when we decide on a approach - security best practices - https://github.com/external-secrets/external-secrets/pull/2290/files#diff-02ba52c48ce1559953c6eb5bc954ddbf63caffed6f49a945804b17ad256deb8f PR is fine but merging it might mean releasing 0.8.2 - LTS https://github.com/external-secrets/external-secrets/pull/2155 - Seb to review - Failing dependency checks on [PR #2208](https://github.com/external-secrets/external-secrets/pull/2208) - Gustavo will help with the FOSSA check and the check-diff check ## April 26th #### Host - Gustavo (@gusfcarvalho) #### Attendees - Lucas Severo (@knelasevero) - sebagomez - moolen - Gaurav Dasson #### Agenda/Notes - General Plans: - Docs improvement [#2242](https://github.com/external-secrets/external-secrets/issues/2242) - @seb will work on it - Security Best Practices (@moolen to write up issue) - Plugin capability [#696](https://github.com/external-secrets/external-secrets/issues/696) - CSI Secret Store interoperability [#336](https://github.com/external-secrets/external-secrets/issues/336) - Go to their comm meeting - Help preparing a presentation and would be good to have 2 of us there at least - @gusfcarvalho - Host them at our next comm meeting and discuss their project and ideas - Cloud Events integration - need still better understand what we want to do here. Be just a source or a sink? - LTS Release Process [#2155](https://github.com/external-secrets/external-secrets/pull/2155) - Discuss PR [#2208](https://github.com/external-secrets/external-secrets/pull/2208) @gaurav presented the logic. @gusfcarvalho to take a look - e2e tests in this PR? - 0.8.2 release? - LTS Release Process or Gitlab bugfix, whichever comes first. - ESO GA: - What is missing? - LTS Release Process - https://github.com/orgs/external-secrets/projects/2/views/1 captures the things we need to do for GA. - update the docs for Metadata Policy = Fetch - ESO CNCF Incubating - We have some relevant projects now that could sponsor us: https://github.com/external-secrets/external-secrets/pull/2262 - Should we take the process? Orlin is happy to help with it. - We would be more comfortable after a GA release, or if we had more maintainers/ or having a company officialy sponsoring it. - CNCF Project Update - Annie sent an email - Yuri Sa wants to contribute remaining missing features and help with open telemetry topics - Create an issue to implement open telemetry client - ## April 12th #### Host - Lucas #### Attendees - Gustavo (@gusfcarvalho) - Moritz - Seb #### Agenda/Notes - kubecon prep - [KubeCon schedule sheet](https://docs.google.com/spreadsheets/d/1P0pxIEBo-WYDmaG2el2jwlSZvnarKv4z7DEdTQCx9zc/edit#gid=0) review - slides? anything else? - CN rejekts Talk rehersal (won't be recorded) - https://docs.google.com/presentation/d/1NDXHIi_TEfoh_iEYsZtAUitQCkd-uchwX3bH_RKuvKk/edit#slide=id.p - #### Action Items: - add eso-examples repo - Fetch a single secret with GCP/AWS - Find and Extract with Vault - Generators - PushSecrets - Templates - All of them must run on a workload/federation authentication - Add ESO slides - Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho - Take PR #1451 contributions into a new PR @gusfcarvalho - Take PR #1389 contributions and push it over the line if dacamposol cannot make it. #### Agenda/Notes ## March 29th #### Host - Moritz (@moolen) #### Attendees - Moritz (@moolen) - Lucas #### Agenda/Notes - LTS Release Process - [KubeCon schedule sheet](https://docs.google.com/spreadsheets/d/1P0pxIEBo-WYDmaG2el2jwlSZvnarKv4z7DEdTQCx9zc/edit#gid=0) Action Items: - Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho - Take PR #1451 contributions into a new PR @gusfcarvalho - Take PR #1389 contributions and push it over the line if dacamposol cannot make it. ## March 15th #### Host - Gustavo (@gusfcarvalho) #### Attendees - Moritz (@moolen) - Sebastian @sebagomez #### Agenda/Notes - 0.8.0 release - https://github.com/external-secrets/external-secrets/issues/2125 - GA release double check - Look at issues in https://github.com/orgs/external-secrets/projects/2/views/1 - Any other issue we should include to this board? - Template issues are covered in [#2115](https://github.com/external-secrets/external-secrets/pull/2115) - Metadata Policy being hugely implemented (shout out to @sebagomez) - Kubecon Preparations - Talks - CRDs talk for CN Rejekts - Test audience with community <3 - Kubecon talk <3 - Booth - prep slidedeck - prep material (examples, use cases, etc) - better if in a live cluster? - schedule timeslots - . - Promote @sebagomez to a maintainer (if he wants to ;)) - Go over open PRs - Event Driven (async) reconciliation (if we have audience) Action Items: - ✓change meeting time in README and docs - Prepare rotation schedule sheet and share between people. @gusfcarvalho - Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho - double check if Metadata Policy=Fetch behavior over providers is standardized. - Take PR #1451 contributions into a new PR @gusfcarvalho - Take PR #1389 contributions and push it over the line if dacamposol cannot make it. ## March 1st (Canceled since we did not have quorum) #### Host - Lucas (@knelasevero) #### Attendees - . #### Agenda/Notes - Release should be launched soon - Kubecon preparations - Talks - Booth - . ## Feb 15 (cancelled) - . ## February 1st #### Host - Gustavo Carvalho (@gusfcarvalho) #### Attendees - Ben Gurney - Moritz Johner #### Agenda/Notes - PR [#1389](https://github.com/external-secrets/external-secrets/pull/1389) - help/ strategy to move forward. - Missing features for GA! - Template Merge/Persistence issues (e.g. [#1429](https://github.com/external-secrets/external-secrets/pull/1429)) - Metadata Policy - Go over open PRs - Event Driven (async) reconciliation (if we have audience) - Incorporate Reloader to reload deployments (if we have audience) #### Action Itens - PR #1953 - Build API spec documentation from CRDs - avoids the need to include so many examples in the API spec. - Take over #1451 if the contributor wnats the help - PR #1405 - contributor does not want to continue. Ping other involved if they want to, if not close it. - If Event Driven reconcile is moving forward, it will be driven by its own CRD (so we can release GA independently) - Marketing google docs - review it to prepare our GA release. ## January 18th #### Attendees - Gustavo Carvalho (@gusfcarvalho) #### Host - Moritz Johner (@moolen) #### Agenda/Notes - Event Driven (async) reconciliation - Incorporate Reloader to reload deployments - :tada: new financial contributor: `inetshell` #### Attendees - ## January 4th #### Attendees - Moritz Johner (@moolen) - Gustavo Carvalho (@gusfcarvalho) #### Host - Lucas Alves (@knelasevero) #### Agenda/Notes - New community meeting time announcement - Write up Host rotation policy - Write up PR review rotation policy - Release 0.7.1 - ~~[Templates From String](https://github.com/external-secrets/external-secrets/pull/1748)~~ - :tada: doppler bronze sponsor & contribution from Colin Wilson ([check out his blog post on ESO](https://colinwilson.uk/2022/08/22/secrets-management-with-external-secrets-argo-cd-and-gitops/)) - FOSSA report & MPL license [#1820](https://github.com/external-secrets/external-secrets/issues/1820) - go over [Open PRs](https://github.com/external-secrets/external-secrets/pulls), consider merging before release - also: ESO/OLM: [open PR to add permissions for service monitor](https://github.com/external-secrets/external-secrets-helm-operator/pull/23#issuecomment-1370338727) - Vault PushSecret not really compliant - need to review it - issue: https://github.com/external-secrets/external-secrets/issues/1840 - Missing features for GA! (DeletionPolicy, referent Auth, Metadata Policy, PushSecret) - Hashicorp meeting - Template Orphaned keys - need to take that up (issue[#1721](https://github.com/external-secrets/external-secrets/issues/1721)) - kubecon #### Action Itens - Next community meeting (trial): at 15:30 PM - Add it to README.md @moolen - Round robin for Host Rotation - 1st Lucas -> 2nd Moritz -> 3rd Gustavo (reminder on slack) @knelasevero - Add issues for GA milestone and tag with "help wanted" - from 0.8.0 forward, Alibaba provider is deprecated (no longer supported by Alicloud) - ask for a cncf booth (@knelasevero) ## November 21st December * Meeting postponed as no one joined! * Next meeting will be January 4th #### Attendees - Moritz Johner (@moolen) #### Agenda/Notes - New community meeting time announcement - Write up Host rotation policy - Write up PR review rotation policy - Release 0.7.0 - [Templates From String](https://github.com/external-secrets/external-secrets/pull/1748) - :tada: doppler bronze sponsor - FOSSA report & MPL license [#1820](https://github.com/external-secrets/external-secrets/issues/1820) - alibaba RRSA support [#1725](https://github.com/external-secrets/external-secrets/pull/1752) - keeper provider [#1768](https://github.com/external-secrets/external-secrets/pull/1768) - generic cache implementation / pkg-level feature flags [#1640](https://github.com/external-secrets/external-secrets/pull/1640) - :christmas_tree: happy holidays #### Action Itens ## November 7th December #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Meeting postponed as no one joined! #### Agenda/Notes - New community meeting time announcement - Write up Host rotation policy - Write up PR review rotation policy - Release 0.7.0 - [Templates From String](https://github.com/external-secrets/external-secrets/pull/1748) #### Action Itens ## November 23rd #### Attendees - Gustavo Carvalho - @gusfcarvalho - Moritz Johner - @moolen #### Agenda/Notes - Change Community Meeting time - Add clear hosting rotation - Add PR review rotation and commitment to the Governance - Promote IBM Cloud Secrets Manager to internally maintained - PR Reviews: - https://github.com/external-secrets/external-secrets/pull/1640 generic cache refactoring + feauture flag - https://github.com/external-secrets/external-secrets/pull/1315 looking for someone to help with the refactoring to implement clientmanager libraries. - https://github.com/external-secrets/external-secrets/issues/1733 - https://github.com/external-secrets/external-secrets/pull/1732 - being reviewed #### Action items - @gusfcarvalho Post a poll in #external-secrets-dev for Meeting Time, Hosting Rotation and PR review rotation - @gusfcarvalho Post a poll to promote IBM Cloud Secrest Manager ## November 9th #### Attendees - No maintainer attendees #### Agenda/Notes - Promote IBM Cloud Secrets Manager to internally maintained ## October 26th #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner @moolen #### Agenda/Notes - celebrate [GOVERNANCE.md](https://github.com/external-secrets/external-secrets/blob/main/GOVERNANCE.md) - consider making a patch release due to security vulnerabilities - Should we push approved PRs already? - What about Feature/ Generator? - Vault path fix [#1636](https://github.com/external-secrets/external-secrets/pull/1636) - Feature/ Generator [#1539](https://github.com/external-secrets/external-secrets/pull/1539) - Drop inline Ref (probably safer) and certificates use case with it :( - CloMonitor PR [#1656](https://github.com/external-secrets/external-secrets/pull/1656) - Removing Codesee due to security risks - generic cache [#1640](https://github.com/external-secrets/external-secrets/pull/1640) - - Push Secret [#1315](https://github.com/external-secrets/external-secrets/pull/1315) - Waiting Generator PR to get in - use client manager and update docs - We should register for small booth @ kubecon EU 2023 #### Action items - release 0.6.1 with #1636(https://github.com/external-secrets/external-secrets/pull/1636) - review #1640 @gusfcarvalho ## October 11th #### Attendees - Meeting postponed due to agenda conflicts! :( #### Agenda/Notes - PushSecret status update - Possible Deletion logic walk through - Generator first remarks - @knela_severo to check how to register for small booth. - @gusfcarvalho to take bumps ## September 28th #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho - Lucas Severo @knelasevero #### Agenda/Notes - CNCF status update - Governance Document - https://docs.google.com/document/d/1NP7_gG-9SeJ8vcSgJzVZAdiJUuWHCkwP16j29kuDVlo/edit#heading=h.yhtbyzmsytx - generator status update [#1539](https://github.com/external-secrets/external-secrets/pull/1539) - waiting for reviews - coordinate with push-secrets changes (docs?) - This PR first, PushSecret to merge and fix docs conflicts - migration towards own AWS account - vault cache [#1537](https://github.com/external-secrets/external-secrets/pull/1537) - multi-image builds + image signing/SBOM/provenance [#1574](https://github.com/external-secrets/external-secrets/pull/1574) - PushSecret status update - PR([#1315](https://github.com/external-secrets/external-secrets/pull/1315)) updated with requested changes - PushSecret controller tests using envtest - GCP tests using table driven approach - labelSelector to PushSecretStoreRef added (as opposed to replace it) - AWS SecretsManager/ParameterStore added - Hashicorp Vault code added - Still pending: - Secrets Deletion (finalizers/regular CR update) - update SetSecret method to PushSecret - secret-store-csi-driver integration proposal update - collective money #### Action items - Review [#1574](https://github.com/external-secrets/external-secrets/pull/1574) - make release 0.6.0 (non-rc) - ask for update in CNCF onboarding issue - Schedule call to setup AWS credentials - Sync up (hackathon?) on integration proposal update with SSCSID - brittleness / complex system issues - how to deal with authentication? - @moolen add comments to the docs ## September 14th Skipped due to conflicts :slightly_frowning_face: #### Agenda/Notes - [generator PR](https://github.com/external-secrets/external-secrets/pull/1539) ready to review - AWS Account migration status - celebrate donation from John Rinehart :tada: ## August 31th 2022 #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes - generator implementation - https://github.com/external-secrets/external-secrets/pull/1338 - @moolen opens draft PR with current status - CNCF status update - PushSecret status update - CSI Secret Store #### Action items - @moolen: add support matrix (see action items last meeting): https://github.com/external-secrets/external-secrets/pull/1508 - @gusfcarvalho: make release candidate release 0.6 with 1.24 PR (overran from previous meeting) - @gusfcarvalho Add notes to README.md about potential outage when migrating DNS servers. - ## August 18th 2022 #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes - generator proposal - ACR/ECR/GCR implementation - CNCF Onboarding sync - $CLOUD Accounts? - PushSecret status - Kubernetes v1.24 upgrade - GH Organization structure #### Action items - @moolen Secret Generation will not handle leases. Add that to design. - @moolen Start migrating AWS accounts to ESO-owned orgs -> https://github.com/external-secrets/infrastructure - make release candidate release 0.6 with 1.24 PR - add support matrix for: - ES dataFrom.find.name - ES dataFrom.find.tags - ES metadata sync - push secret - ES referent auth - ES floodgate / validate store - ✓ remove admins from GH Org except: - @moolen, @knelasevero, @gusfcarvalho, markus maga + Linux Foundation ## August 8th 2022 #### Attendees #### Agenda/Notes - Postponed due to no attendees. ## July 20th 2022 #### Attendees - Gustavo Carvalho @gusfcarvalho - Moritz Johner @moolen - Daniel Hix @adustyoldmuffin #### Agenda/Notes ##### Non-Technical - CNCF Sandbox application ##### Technical - Hashivault AWS Engine [#1211](https://github.com/external-secrets/external-secrets/pull/1211) - Proposal Draft for Secrets Generation [#1338](https://github.com/external-secrets/external-secrets/pull/1338) - ECR/GCR/ACR provider ##### Action Items - Come up with some quick designs possibilities for Generation within Providers () - ## July 06th 2022 #### Attendees - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes ##### Non-Technical ##### Technical - PushSecret Demo! [#1315](https://github.com/external-secrets/external-secrets/pull/1315) (if we have time) - Decoding Strategy PR [#1294](https://github.com/external-secrets/external-secrets/pull/1294) - Hashivault AWS Engine [#1211](https://github.com/external-secrets/external-secrets/pull/1211) ##### Action Items ## June 22th 2022 #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes ##### Non-Technical - Credit card from colletive is up, need to start using it in relevant - consider using 1password or bitwarden to manage shared secrets (for CI or personal test credentials) AI: @knela_severo - First ESO Meetup tomorrow 18:00 CET (https://www.meetup.com/container-solutions/events/swmbvsydcjbvb/) - Governance document ##### Technical - PushSecret status - Key rewrite proposal [#1188](https://github.com/external-secrets/external-secrets/pull/1188) - Fetch Tags [#305](https://github.com/external-secrets/external-secrets/issues/305) - Issues in General ##### Action Items - add stale bot to close @moolen ## June 8th 2022 #### Attendees - Moritz Johner @moolen - Daniel Hix @adustyoldmuffin - 1/2 Lucas @knelasevero #### Agenda/Notes ##### Non-Technical A couple of user question answered * what features are on the horizon? * where to put docs/examples around oracle cloud managed Kubernetes? ##### Technical ## May 25th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) #### Agenda/Notes ##### Non-Technical * Youtube/Podcasts update [gdocs](https://docs.google.com/spreadsheets/d/1vljX_YvPRvVQKpULQN81ZnB4FCq_6M3Xe7GdXJuQXjI/edit#gid=0) * Talks update - maybe having a gdocs as well * CNCF Application (!!!!) * sidenote: cncf toc mailinglist around sandbox applications [link](https://lists.cncf.io/g/cncf-toc/search?p=recentpostdate%2Fsticky%2C%2C%2C20%2C2%2C0%2C0&q=sandbox) ##### Technical * controller-tools@0.9.0 out monday (we can bump google grpc package now) * controller-runtime bump blocked by argocd dependencies. * Data from Key Rewrite becoming fairly requested by users [#975](https://github.com/external-secrets/external-secrets/issues/975). * (moolen) do a release? * (moolen) secret generator functionality: yep or nop? [#1179](https://github.com/external-secrets/external-secrets/issues/1179) * (moolen) prometheus rules in helm chart? [#1174](https://github.com/external-secrets/external-secrets/pull/1174) * rename SecretSink #### Action Items * e2e tests for AKS (@gusfcarvalho) * if argocd doesn't update for the next two community meetings, refactor. * review [#1176](https://github.com/external-secrets/external-secrets/pull/1176) * @moolen: add issue for Kubernetes Provider to support service account ## May 11th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) - Marcin Kubica (@marcinkubica) - Lucas Severo (@knelasevero) #### Agenda/Notes ##### Non-Technical * Add k8s provider as internaly maintained * implement e2e tests + a setup similar to what we do with vault * Add Azure KeyVault as internally maintained * Ping Carla and Katie regarding more info around cncf sandbox * Youtube/Podcast update [gdocs](https://docs.google.com/spreadsheets/d/1vljX_YvPRvVQKpULQN81ZnB4FCq_6M3Xe7GdXJuQXjI/edit#gid=0) / ask for read access if you want * Kubecon Get Together (!!!) ##### Technical * RFI: SecretStores Capabilities (related to SecretSink). * flux/argo e2e tests [#1041](https://github.com/external-secrets/external-secrets/pull/1041) * aws cli / e2e-managed-aws failure * google grpc bumps * (optional) discuss how we handle provider upgrades for the future [912](https://github.com/external-secrets/external-secrets/issues/912). #### Action Items * ✓ (@moolen) add Azure KV as internally maintained / ping maintainers for that * ✓ (@moolen) add azure kv e2e tests issue * ✓ add k8s provider as internally maintained (@knelasevero) * add e2e tests for k8s provider (initially me, but will look to onboard someone new with this issue @knelasevero) * ✓ ping Carla/Katie (@knelasevero) [but Kubecon atendees can try to talk with both in person] * ✓ review flux/argo e2e (@knelasevero) ## April 27th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Tom Godkin (@BooleanCat) - Moritz Johner (@moolen) - Marcin Kubica (@marcinkubica) #### Agenda/Notes ##### Non-Technical * Make a fix release for ESO. * Inception for Secret Sink (or any other feature?) * Trunk-based contributions * If you want to work on Secret Sink, you are welcome! ##### Technical #### Action Items ## April 13th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Lucas Alves (@knelasevero) - Moritz Johner (@moolen) - Tom Godkin (@BooleanCat) #### Agenda/Notes ##### Non-Technical * ESO Online Meetups * We can try to do it startung out with zoom - we can try out some different ideas (specially around freqyuency ) * cloud account expenses * create * project board / release planning * CNCF contact and discuss applying already * create document with questions (knelasevero) * https://cryptpad.uncloud.do/pad/#/2/pad/edit/220JlYNSJlP03R5Kz19i-CtP/embed/ * schedule a meeting with Katie and Carla (knelasevero) * ESO blog about sponsorships and big changes * plan what to talk about and who would write it * Collaborations w/ youtubers/podcasts * Potential contributions from EngineerBetter ##### Technical * 1pass provider * * [dataFrom key rewrite](https://github.com/external-secrets/external-secrets/issues/975) and [ExternalSecrets Decoding strategy](https://github.com/external-secrets/external-secrets/issues/920) * Spec them out as a design document? Yes we should do that. * Discuss Validate() general behaviour * [#961](https://github.com/external-secrets/external-secrets/issues/961) vs [#948](https://github.com/external-secrets/external-secrets/issues/961) considering the [Gitlab implementation](https://github.com/external-secrets/external-secrets/pull/960) of Validate() #### Action Items * Create ESO accounts (this can be hard) * Afterwards migrate from current infra * @moolen create small writeup how Release Board should work ## March 30th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) - Daniel Hix (@ADustyOldMuffin) #### Agenda/Notes * GCP Performance Leak Issues ([#818](https://github.com/external-secrets/external-secrets/issues/818) and [#834](https://github.com/external-secrets/external-secrets/issues/834)) * Release 0.5.0 * [#719](https://github.com/external-secrets/external-secrets/issues/719) closed only pending to do [#912](https://github.com/external-secrets/external-secrets/issues/912) * GetAllSecrets for AWS Merged * GetAllSecrets for Azure KeyVault ready to be Merged. * Secret Sink #### Action Items * Release 0.5.0 once DeletionPolicy gets merged and some documentation around GetAllSecrets is available. After released, let some time to fix any bugs users might report. * Probably announce release because of the milestone it represents. * https://github.com/github/release-radar ## March 16th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) - Daniel Hix (@ADustyOldMuffin) #### Agenda/Notes * Release 0.5.0 * Performance / Leak issues with GCP Provider: [#818](https://github.com/external-secrets/external-secrets/issues/818) and [#834](https://github.com/external-secrets/external-secrets/issues/834) * Azure WI [#738](https://github.com/external-secrets/external-secrets/pull/738) * GetAllSecrets for AWS [#820](https://github.com/external-secrets/external-secrets/pull/820) * GetAllSecrets for Azure KeyVault [#805](https://github.com/external-secrets/external-secrets/pull/805) * Secret Sink proposal * Kubecon #### Action Items * Organize first ESO meetup @ kubecon! (from past meeting) * Add ESO to Digital Oceans’ 1-click apps (from past meeting) * @gusfcarvalho to troubleshoot #818 and #834 * @gusfcarvalho to ping user working on Secret Sink * focus on the cleanup tasks for conversion webhooks [719](https://github.com/external-secrets/external-secrets/issues/719). ## March 2nd 2022 Attendees * Moritz Johner * Gustavo Carvalho * Daniel Hix #### Agenda/Notes * Several Community supported providers missing `Validate` and `ValidateStore` * `GetAllSecrets` implementation * There are a lot of 'feels weird' around implementing GetAllSecrets as discussed in [698](https://github.com/external-secrets/external-secrets/issues/698) * Addition of a `path` to spec? * Key collision * merge validating webhook [#750](https://github.com/external-secrets/external-secrets/pull/750) #### Action Items * Create issues for Validate implementation. * Create issues for ValidateStore implementation. * Document specificities of GetAllSecrets per provider. * Follow up Key collision - unicode seems a little bit weird. * Check if it is possible to remove api definitions from sonar cloud duplication tests. * Organize first ESO meetup! * Add ESO to Digital Oceans' [1-click apps](https://github.com/digitalocean/marketplace-kubernetes/blob/master/CONTRIBUTING.md) ## Feb 16th 2022 Attendees * Moritz Johner * Gustavo Carvalho (@gusfcarvalho) * DanG #### Agenda/Notes * `GetAllSecrets()` * coordinate provider implementations * limitations: key collision & no version support * disable client cache for secrets [#729](https://github.com/external-secrets/external-secrets/pull/729) * promote aws/azure providers [#709](https://github.com/external-secrets/external-secrets/pull/706) * TPL Engine v2 [#701](https://github.com/external-secrets/external-secrets/pull/701) * azure kv provider refactoring [#703](https://github.com/external-secrets/external-secrets/pull/703) * Discuss [Deletion Policy](https://github.com/external-secrets/external-secrets/issues/695) implementation * Review [design docs for v1beta1](https://github.com/external-secrets/external-secrets/blob/main/design/001-design-crd-v1beta1.md) * ClusterSecretStores with no events or status(?) #### Action Items - Add PR to include Deletion Policy on the crd-v1beta1. @gusfcarvalho - review #701 @knelasevero - review #701 @knelasevero - ## Feb 4th, 2022 v2 Hack Session Attendees * Moritz Johner * Gustavo Carvalho @gusfcarvalho #### Topics recording is available @knelasevero ##### SecretStore Controller * we want a validation webhook for the SecretStore resource to do static validation * ~~we should add a interface method ("validate") to check if the store configuration can be considered "valid"~~ - will be done in the [#466](https://github.com/external-secrets/external-secrets/pull/466) ##### Breaking Changes * figure out how versions are managed/stored in etcd and how they're converted * we want to draft a "final" version for the CRD before we actually implement the features themselves - that gives us the flexibility to continuously do releases and not block a release until everything is implemented. ##### v1beta1 ExternalSecret Scope * find & extract (Azure / GetAll mechanic) * template engine version * ~~decodeStrategy~~ see https://github.com/external-secrets/external-secrets/pull/674 * ?? ##### v1beta1 SecretStore -> not going to tackle that right now * We first need to figure out how to implement the decodeStrategy thing, because it touches a lot of points in the codebase. * path standardization doesn't really justify a whole new version ##### Deprecation Policy - we basically want to treat our `alpha` as `beta`: provide a upgrade path - we want to promote to beta1 asap when the CRD and scope is defined - want to get to GA in 9 months (2nd birthday: 23th November) - deprecate alpha1 when we release GA - wait a couple more release then deprecate beta1 aswell ##### Organisational Stuff * we want to keep track of relevant features for `v1beta1` in the [GitHub Project](https://github.com/external-secrets/external-secrets/projects/3) ## Feb 2nd, 2022 Attendees - Moritz Johner @moolen - Lucas Severo @knelasevero Agenda/Notes - prep release 0.4 ([release outlook](https://github.com/external-secrets/external-secrets/pull/664#issuecomment-1027168598)) - we're having a planning meeting on friday to discuss mid/long term goals of the project - setup multi-version support before merging breaking-changes (#664, #638, #515) - discuss the approach and goals on friday - we got some stale contributor PRs, we try to take them over if needed Action Items - @moolen ask @ADustyOldMuffin and @gusfcarvalho for sync regarding PR [#542](https://github.com/external-secrets/external-secrets/pull/542) to discuss details - @moolen add docs for community-operators-prod; also consolidate docs `RELEASE.md` / `external-secrets.io` and [helm-op docs](https://github.com/external-secrets/external-secrets-helm-operator/blob/main/docs/release.md) - @gustavo/@knelasevero ping or take over some of the PRs that could be quick to fix - @moolen takes over [Reporter PR](https://github.com/external-secrets/external-secrets/pull/466) ## Jan 19th, 2022 Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho - Lucas Severo @knelasevero Agenda/Notes - (moolen) e2e@aws: need account for CI - (moolen) planning session for the next ~12 months? - celebrate donation by $anon! :tada: - Breaking changes - Azure key vault getAll() (dataFrom) - templating changes to avoid problems with []byte - Standardization of HashiVault provider Action Items: - @knelasevero add credentials for aws account in repo secrets - @moolen create doodle to find some time for us (for the planning meeting) - @knelasevero propose a process for something similar to KEPs in our project and comment in the issues that are proposing stuff (https://github.com/external-secrets/external-secrets/issues/347 / https://github.com/external-secrets/external-secrets/pull/542) - @moolen taking care of the PR for anchore examples - @moolen add community meeting date+time+details in readme and docs - @moolen document processes in contribution guidelines - PR assignee - Proposal process - close PR after ## Dec 8th, 2021 Attendees - Moritz Johner @moolen - Ope Agenda/Notes - OLM is work in progress, thanks to @slopezz - going forward with `decodeStrategy` proposal: - (1) implementing it on the provider level in a generic, reusable way ([#515](https://github.com/external-secrets/external-secrets/pull/515)) - (2) adding it to the external secret which may take precedence over provider flag - TODO: add community meeting schedule + call to docs/repo - switch to a alternating timezone schedule - make a poll (@slack) and ask for timezone preferences ## Nov 24th, 2021 Attendees - Moritz Johner @moolen - Lucas Severo @knelasevero Agenda/Notes - AWS Provider graduation? - e2e pod identity automation + other tests [#469](https://github.com/external-secrets/external-secrets/pull/469) - CRD graduation? Whats still missing: azure / get-all secrets [#498](https://github.com/external-secrets/external-secrets/issues/498) - we do not want to graduate right now, we first want to take a look at #498 - @moolen wants to take care of the operatorhub topic [#244](https://github.com/external-secrets/external-secrets/issues/244) [#493](https://github.com/external-secrets/external-secrets/issues/493) - @moolen takes over PR kes2eso [#1](https://github.com/external-secrets/kes-to-eso/pull/1) - Coverage - @knelasevero taking over if Serdar does not have time ## Nov 10th, 2021 Attendees - Sevi Karaköse (sevikarakose) - Moritz Johner (moolen) Agenda/Notes - Discussion about Azure getAllSecrets [discussions/470](https://github.com/external-secrets/external-secrets/discussions/470)- https://github.com/external-secrets/external-secrets/issues/426 - @moolen wants to reply in the thread, didn't have time to unfortunately - Community Operator hub progress - Önsel and Sevi have been working on this for a while now. They're planning to get back on track, too busy with client work unfortunately. - We need to review https://github.com/external-secrets/kes-to-eso/pull/1 already - @moolen took a look. Looks promising, minor things need to be addressed (comment incoming) - ok-to-test failing to report back to PR https://github.com/external-secrets/external-secrets/runs/4167322917?check_suite_focus=true - https://github.com/external-secrets/external-secrets/issues/426 - https://github.com/external-secrets/external-secrets/pull/480 - Check with Serdar about Coverage tool - Serdar will take a look as soon as possible - Unfortunately GH does not let us pay for less subs than the amount of people in the org... (see img below)  ## Oct 27th, 2021 Attendees - Gustavo Carvalho (gusfcarvalho) - Lucas Severo (knelasevero) - Moritz Johner (moolen) Agenda * Migration script updates * Almost done!!! * need to test with edge cases and have more eyes on the PR (moolen knelasevero) * Code coverage issues * Need to check with Serdar the status here and push this forward (knelasevero) * We need to remember to set threashold tolerance to minor cov decrease (Serdar or we take over) * E2E for cloud specific tests * We need to have a new dir with IaC, a new workflow gh-actions file, and configure spawn and destroy of infra for specific cloud e2e * Set monitoring of costs and add infracost to terraform analysis (Open issue with these details) * e2e tests documentation needs to be improved (lucas) * e2e tests issue when not setting all provider creds (moolen) * Donations * Pay gh premium (knelasevero) * csi-secrets-store * Add details to issue (knelasevero) * SecretSinks * Add details to issue (knelasevero) * Secret generation * Tell people to use crossplane. (knelasevero) * Add docs to our site about using crossplane together with ESO (knelasevero) * Continue using Paul, Prow is to dificult to maintain, and to add dedicated infra would be hard as well * OperatorHub should be prioritized a bit more because of requests * Check with Sevi and Onsel the status (knelasevero) * Moritz wants to take over if they are too busy (moolen) Notes ## Oct 13th, 2021 Attendees - Gustavo Carvalho (gusfcarvalho) - Sevi Karaköse (sevikarakose) - Sebastián Gómez - (sebagomez) - Oladipupo Ajayi - (DeeAjayi) - Opeyemi - (Eebru-gzy) Agenda/Notes - Release 0.3.6 with security patches is on - KES-ESO migration script - almost ready for AWS / GCP - Önsel and Sevi will be pairing on the Community Operators work - Serdar and Lucas got sonarCloud configuration set (local check investigation didn't move forward) ## Sept 29, 2021 Attendees - Lucas Severo (knelasevero) - Gustavo Carvalho (gusfcarvalho) Agenda/Notes - Sonar gates and configs (https://sonarcloud.io/organizations/external-secrets/projects) - Sonar trigger from fork PR - raise issue for local check (gusfcarvalho) - [#381](https://github.com/external-secrets/external-secrets/pull/381) leaked tokens - Follow up on the PR (knelasevero) - Cut a release possibly - will cut today or tomorrow (knelasevero) ## Sept 1, 2021 Attendees - Lucas Severo (knelasevero) - Moritz Johner (moolen) - Kian Kordtomeikel (KianTigger) Agenda/Notes - Migration script to go from KES to ESO - Plan what to do with donations - Gsuite? - look for other providers, jitsi - GH premium? - Trial (lucas) - investigate how premium seats work (lucas) - CSI project integration - Check with Kellin, see if he can join next community meeting (lucas) - SonarCube has coverage capabilities, maybe remove codecov? (check with Serdar about coverage) - Check how Sonar deals with coverage, ask Serdar about it (lucas) - External Sinc [#347](https://github.com/external-secrets/external-secrets/issues/347) - Secret Generation [#249](https://github.com/external-secrets/external-secrets/issues/249) - Create an evaluation of how this would affect the project technically and organizationally [consider separating project, having more than one binary from same project, or other options] (moolen) - Deleted secret isn't recreated until refresh [#344](https://github.com/external-secrets/external-secrets/issues/344) [#353](https://github.com/external-secrets/external-secrets/issues/353) - comment on the issue that is fine to add another field in status, hashed (moolen) - e2e test infra - Ask companies what they are whiling to host and then decide how tom manage real infra for specific e2e tests (lucas) ## Aug 18, 2021 Attendees - Lucas Severo (knelasevero) - Kian Kordtomeikel (KianTigger) - Elsa Chelala (ElsaChelala) Agenda/Notes - Migration script to go from KES to ESO - Plan what to do with donations - CSI project integration ## Aug 8, 2021 Attendees - Moritz Johner (moolen) - Sevi Karaköse (sevikarakose) - Joey Brayshaw (Jabray5) Agenda/Notes - celebrate donation ($20 / Andrew Tsai <3) - syncing metadata: opened [#305](https://github.com/external-secrets/external-secrets/issues/305) to keep track of it - vault e2e incoming: draft [#304](https://github.com/external-secrets/external-secrets/pull/304) - $cloud provider accounts sponsored by inovex - provide architecture draft + access matrix (@moolen) - need input: what do we have, who owns which account? (need to approach lucas for that) - once approved: setup infra - compute infra (openstack) sponsored by inovex - maybe for dedicated github actions runner - refresh interval issue: https://github.com/external-secrets/external-secrets/pull/303 - (joey) making progress on the gitlab project variables provider ## Jul 21, 2021 Attendees - Joey Brayshaw (Jabray5 ) - Kian Kordtomeikel (KianTigger) - Moritz Johner (moolen) - Ricardo Torres (ricardoptcosta) - Rodrigo Rios (rodrigorras) Agenda/Notes - Lucas and Moritz created an account in open collective and deposited some test funds. Someone already donated 100USD; - AWS/EKS integration tests - still need approval from Moritz's company to implement it - e2e TODOs #205-#209 - currently mostly succesful paths are tested - we should make clear issues that are missing in tests, and add them to acceptance criteria - @Moritz will pursue this - Moritz proposed a new release due to the recent merge regarding service account authenttication with AWS ([#251](https://github.com/external-secrets/external-secrets/pull/251)) - @Moritz will do the release - Kian and Joey are working on adding Oracle Cloud - [kes#798](https://github.com/external-secrets/kubernetes-external-secrets/issues/798) there was a issue opened on kubernetes/external-secrets asking for yandex. we will talk to the person who requested it to open in the main project. @Rodrigo will pursue this issue - We celebrated Joey's [first pull request](https://github.com/external-secrets/external-secrets/pull/275) 🎉 ## Jul 7, 2021 Attendees - Elsa Chelala (ElsaChelala) - Moritz Johner (moolen) - Lucas Severo (knelasevero) - Ricardo Torres (ricardoptcosta) Agenda/Notes - operatorhub.io [#244](https://github.com/external-secrets/external-secrets/issues/244) - Sevi investigating - https://opencollective.com/external-secrets-org - Will go forward with this - release with IBM Cloud Provider - Will be done by Lucas soon - label issues with beta: https://github.com/external-secrets/external-secrets/projects - Look for things that impact the CRD - AWS/EKS integration tests - Create issue - Check with Inovex for approval - Move secret generation discussion to a issue - TLS Vault auth - needing docs, will be added by Ricardo - after that the implementation - Ricardo gonna contact Kellin and Cameron ## Jun 23, 2021 Attendees - Moritz Johner (moolen) Agenda/Notes - Secret generation (discussion [195]([discussions/195](https://github.com/external-secrets/external-secrets/discussions/195))) - Resource Version Status [#189](https://github.com/external-secrets/external-secrets/pull/189) - Azure KeyVault enhancements [#215](https://github.com/external-secrets/external-secrets/pull/215) ## Jun 9, 2021 Attendees - Moritz Johner (moolen) - Lucas Severo (knelasevero) - Ricardo Torres (ricardoptcosta) Agenda/Notes - Azure KV merged - hardcoded key extraction ([see here](https://github.com/external-secrets/external-secrets/blob/95c8d054ac9274dbb24afbccd27d9b6e9b916d44/pkg/provider/azure/keyvault/keyvault.go#L209-L245)) issue: [#187](https://github.com/external-secrets/external-secrets/issues/187) - documentation (also GCP) - [#169](https://github.com/external-secrets/external-secrets/issues/169): bug when provider is slow - decide what is part of the deprecation policy (@moolen: open issue) - also draft the documentation - exclude controller tests in the unit test phase (because of old k8s components that kubebuilder provides) - add them when we have the kind cluster (with newer k8s versions) ready - remember to have a look over codecov ## May 26, 2021 Attendees - Lucas Severo (knelasevero) - Gabrielle Beyer (gabibeyer) - Ricardo Torres (ricardoptcosta) Agenda/Notes - Codecov [168](https://github.com/external-secrets/external-secrets/issues/168) - We should have something - Discuss other options on the issue - Scope access per namespace [163](https://github.com/external-secrets/external-secrets/issues/163) and [134](https://github.com/external-secrets/external-secrets/issues/134) - Need to discuss further - Immutable secrets [156](https://github.com/external-secrets/external-secrets/issues/156) - Shouldnt be hard. We probably can add this as an option - Support to trigger refresh instead of pull [129](https://github.com/external-secrets/external-secrets/issues/129) - Get in touch and see if he wants to implement it - Have a look over 0.2 milestone, remove/add stuff - just release with gcpsm and azure providers - e2e tests - maybe mobbing on this one - We got asked on slack about stability and chance of things changing https://kubernetes.io/docs/reference/using-api/deprecation-policy/ - Need to discuss further - Support level - Start by adding support notices to our readme (and maybe to a pinned discussion post on the gh discussion forum) - Invite other maintainers to mob programming ## May 12, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Lucas Severo Alves (knelasevero) - Gabi Beyer (gabibeyer) - Jonatas Baldin (jonatasbaldin) Agenda/Notes - Can't install helm chart on different k8s flavor? - https://github.com/external-secrets/external-secrets/issues/142#issuecomment-839867167 - secret-store-csi-driver community meeting, what discussions should we bring there? - SecretObject as separate CRD from Provider CRD - Check with them if they have goals around secret synchronization without mounting - 0.2.0: What do we plan to include in the next release - Increase provider coverage (Azure/GCP) - e2e tests - docs for current providers - 4 weeks release workflow - Decide if minor or patch release depending on the changes - Leverage TokenRequest API - https://github.com/external-secrets/external-secrets/issues/137 - Plugin Style Providers - Would be interesting, but not a priority right now ## April 28, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Riccardo Cefala (riccardomc) Agenda/Notes - Helm Chart needs to be done before release - vault Docs still missing - e2e tests, initial iteration done with localstack and local vault, but followup issue needed - CS infra, we need to add maintainers into the accounts Action Items: * helm chart release workflow @moolen * vault docs * merging e2e [done] ## April 14, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Jonatas Baldin (jonatasbaldin) - Riccardo Cefala (riccardomc) Agenda/Notes - Discussion on previous agenda notes - Review of [metrics PR](https://github.com/external-secrets/external-secrets/pull/110) - [Change dependabot frequency to weekly](https://github.com/external-secrets/external-secrets/pull/112) – merged - Push YAML artifacts on pipeline to GitHub – tracking [here](https://github.com/external-secrets/external-secrets/issues/43) - [Use External Secrets Operator name for Helm Charts](https://github.com/external-secrets/external-secrets/issues/105#issuecomment-819641753) - Release a v0.1 when merging #110, #69 and #106 at least – @jojo added a release/v0.1 tag to these PRs - 1Password released their own operator... we will start a discussion to merge efforts as well. @jojo dropped [this issue](https://github.com/1Password/onepassword-operator/issues/22) there ## March 31, 2021 Attendees - Kellin McAvoy (mcavoyk) - Lucas Severo Alves (knelasevero) - Aziz (1aziz) Agenda/Notes - CLA ([#96](https://github.com/external-secrets/external-secrets/issues/96)) - CRD Spec repo ([#97](https://github.com/external-secrets/external-secrets/issues/97)) - Add E2E testing ([31](https://github.com/external-secrets/external-secrets/issues/31)) - Create Helm chart repo - Something like `charts.external-secrets.io` ([#105](https://github.com/external-secrets/external-secrets/issues/105)) - Clean up milestone/Project board ## March 17, 2021 Attendees - just me, Moritz Johner (moolen) Agenda/Notes - aws refactoring([#57](https://github.com/external-secrets/external-secrets/pull/57)) - split interface: Provider/SecretsClient ([#55](https://github.com/external-secrets/external-secrets/pull/55)) - PTAL: AWS Parameter Store ([#59](https://github.com/external-secrets/external-secrets/pull/59)) - PTAL: Vault Provider ([#47](https://github.com/external-secrets/external-secrets/pull/47)) - refresh interval ([#48](https://github.com/external-secrets/external-secrets/pull/48)) - Security Policy ([#60](https://github.com/external-secrets/external-secrets/pull/60)) - Code of Conduct ([#46](https://github.com/external-secrets/external-secrets/pull/46)) - docs are hosted using cname ([#56](https://github.com/external-secrets/external-secrets/pull/56)) - paul bot configuration ([#49](https://github.com/external-secrets/external-secrets/pull/49)) - cleanup lint stage ([#54](https://github.com/external-secrets/external-secrets/pull/54)) PRs to discuss or need attention - i think we should merge [crd-spec#7](https://github.com/external-secrets/crd-spec/pull/7) - Azure KV needs some attention to get the spec done: [crd-spec#6](https://github.com/external-secrets/crd-spec/pull/6) Action Items - TBD ## March 3, 2021 (https://everytimezone.com/s/8dbf346e) Attendees - Lucas Severo Alves (knelasevero) - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Chaitanya Kandagatla (ckandag) Agenda/Notes - Repo automation bot - Release workflow - Change cadence of the meetings now that most of the project is already bootstraped and steered - domain https://www.external-secrets.io/ - https://github.com/cla-assistant/cla-assistant (maybe require it only if person is contributing during work time, and trust them?) - https://github.com/external-secrets/external-secrets/pull/46 CoC PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items - Look into kubernetes-sigs/external-dns ownership as a reference for this project (@mcavoyk) - External-dns is owned by [sigs-network](https://github.com/kubernetes/community/tree/master/sig-network) - Setup Paul in the project (@knelasevero) - Apex domain config (@knelasevero) - Enable Discussions on github repo (@knelasevero) - Setup CLA assistant (reachout to sigs-network to decide if it is necessary) ? ## February 17, 2021 (https://everytimezone.com/s/712e40fe) Attendees - Lucas Severo Alves - Kellin McAvoy - Moritz Johner - Riccardo Cefala Agenda/Notes - add awssm support PR in V2 [#34](https://github.com/external-secrets/external-secrets/pull/34) - support azure keyvault provider PR in V2 [#22](https://github.com/external-secrets/external-secrets/pull/22) - add provider-specific instructions to remoteRef PR in V2 spec [#4](https://github.com/external-secrets/crd-spec/pull/4) - Colab Blog Doc - https://docs.google.com/document/d/1H7leHCaQeJcur4E-Xi8croyl_FbDuzlJeVJIdGuIu6M/edit - documentation first pass: https://moolen.github.io/external-secrets/ PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items - Look into CLA - Lucas and Kellin - Get in touch with contacts at Azure, Google and AWS regarding credits for integration tests - Riccardo - Merge a draft for the doc first pass, and we will iterate further - Moritz - Look into using https://doc.crds.dev/ , if we have a problem Kellin will contact Dan to have a look - Look into having a Code of Conduct, both for contributions and meetings - Lucas - Add a script to the start of the meeting document to always mention the COC and remember to record ## February 03, 2021 Attendees - Lucas Severo Alves - Kellin McAvoy - Moritz Johner Agenda/Notes - Merge in main controller loop (@knelasevero) - Vault provider PR should be available in the next week (@mcavoyk) - ExternalSecret logo - https://drive.google.com/drive/folders/1_1kTEu4QZ453ce6ZrSUPJmOvfvCghNHJ - Discussion on the current kubernetes-external-secrets project regarding templating ExternalSecrets - https://github.com/external-secrets/kubernetes-external-secrets/discussions/605 - concerns about supporting the template language in JS and Golang PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items ## September 12, 2020 ### What happened? - We merged the Provider interface PR (thanks Moritz!) - Jonatas working on the Control Loop - Lucas working on the CI/CD ### Action items - Finish the Control Loop (@jonatasbaldin) – blocker for the Provider implementation - Still need to work on the Issues templates on GitHub - Mircea will pickup an issue on GitHub to work on