# External Secrets Community Meeting ### Schedule Meetings are on Jitsi Meet every other Wednesday 11:30 AM EST to 12:00 PM EST. (ask for an invite to be sure to have it on your calendar) Next Meeting link: https://meet.jit.si/eso-community-meeting <!-- previous meet link from Moritz: https://meet.google.com/uis-rfiz-rsa --> <!-- previous meet link from lucas: meet.google.com/iek-etsm-jkk --> Steps before starting the meeting: - Start Recording - Welcome everyone ;) - (Optional) Intros from new joiners - Mention COC In meeting: - Go over action items from last meeting - Go over points - Go over previous meetings action items - Go quickly over some open PR ## November 23rd #### Attendees - Gustavo Carvalho - @gusfcarvalho - Moritz Johner - @moolen #### Agenda/Notes - Change Community Meeting time - Add clear hosting rotation - Add PR review rotation and commitment to the Governance - Promote IBM Cloud Secrets Manager to internally maintained - PR Reviews: - https://github.com/external-secrets/external-secrets/pull/1640 generic cache refactoring + feauture flag - https://github.com/external-secrets/external-secrets/pull/1315 looking for someone to help with the refactoring to implement clientmanager libraries. - https://github.com/external-secrets/external-secrets/issues/1733 - https://github.com/external-secrets/external-secrets/pull/1732 - being reviewed #### Action items - @gusfcarvalho Post a poll in #external-secrets-dev for Meeting Time, Hosting Rotation and PR review rotation - @gusfcarvalho Post a poll to promote IBM Cloud Secrest Manager ## November 9th #### Attendees - No maintainer attendees #### Agenda/Notes - Promote IBM Cloud Secrets Manager to internally maintained ## October 26th #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner @moolen #### Agenda/Notes - celebrate [GOVERNANCE.md](https://github.com/external-secrets/external-secrets/blob/main/GOVERNANCE.md) - consider making a patch release due to security vulnerabilities - Should we push approved PRs already? - What about Feature/ Generator? - Vault path fix [#1636](https://github.com/external-secrets/external-secrets/pull/1636) - Feature/ Generator [#1539](https://github.com/external-secrets/external-secrets/pull/1539) - Drop inline Ref (probably safer) and certificates use case with it :( - CloMonitor PR [#1656](https://github.com/external-secrets/external-secrets/pull/1656) - Removing Codesee due to security risks - generic cache [#1640](https://github.com/external-secrets/external-secrets/pull/1640) - - Push Secret [#1315](https://github.com/external-secrets/external-secrets/pull/1315) - Waiting Generator PR to get in - use client manager and update docs - We should register for small booth @ kubecon EU 2023 #### Action items - release 0.6.1 with #1636(https://github.com/external-secrets/external-secrets/pull/1636) - review #1640 @gusfcarvalho ## October 11th #### Attendees - Meeting postponed due to agenda conflicts! :( #### Agenda/Notes - PushSecret status update - Possible Deletion logic walk through - Generator first remarks - @knela_severo to check how to register for small booth. - @gusfcarvalho to take bumps ## September 28th #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho - Lucas Severo @knelasevero #### Agenda/Notes - CNCF status update - Governance Document - https://docs.google.com/document/d/1NP7_gG-9SeJ8vcSgJzVZAdiJUuWHCkwP16j29kuDVlo/edit#heading=h.yhtbyzmsytx - generator status update [#1539](https://github.com/external-secrets/external-secrets/pull/1539) - waiting for reviews - coordinate with push-secrets changes (docs?) - This PR first, PushSecret to merge and fix docs conflicts - migration towards own AWS account - vault cache [#1537](https://github.com/external-secrets/external-secrets/pull/1537) - multi-image builds + image signing/SBOM/provenance [#1574](https://github.com/external-secrets/external-secrets/pull/1574) - PushSecret status update - PR([#1315](https://github.com/external-secrets/external-secrets/pull/1315)) updated with requested changes - PushSecret controller tests using envtest - GCP tests using table driven approach - labelSelector to PushSecretStoreRef added (as opposed to replace it) - AWS SecretsManager/ParameterStore added - Hashicorp Vault code added - Still pending: - Secrets Deletion (finalizers/regular CR update) - update SetSecret method to PushSecret - secret-store-csi-driver integration proposal update - collective money #### Action items - Review [#1574](https://github.com/external-secrets/external-secrets/pull/1574) - make release 0.6.0 (non-rc) - ask for update in CNCF onboarding issue - Schedule call to setup AWS credentials - Sync up (hackathon?) on integration proposal update with SSCSID - brittleness / complex system issues - how to deal with authentication? - @moolen add comments to the docs ## September 14th Skipped due to conflicts :slightly_frowning_face: #### Agenda/Notes - [generator PR](https://github.com/external-secrets/external-secrets/pull/1539) ready to review - AWS Account migration status - celebrate donation from John Rinehart :tada: ## August 31th 2022 #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes - generator implementation - https://github.com/external-secrets/external-secrets/pull/1338 - @moolen opens draft PR with current status - CNCF status update - PushSecret status update - CSI Secret Store #### Action items - @moolen: add support matrix (see action items last meeting): https://github.com/external-secrets/external-secrets/pull/1508 - @gusfcarvalho: make release candidate release 0.6 with 1.24 PR (overran from previous meeting) - @gusfcarvalho Add notes to README.md about potential outage when migrating DNS servers. - ## August 18th 2022 #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes - generator proposal - ACR/ECR/GCR implementation - CNCF Onboarding sync - $CLOUD Accounts? - PushSecret status - Kubernetes v1.24 upgrade - GH Organization structure #### Action items - @moolen Secret Generation will not handle leases. Add that to design. - @moolen Start migrating AWS accounts to ESO-owned orgs -> https://github.com/external-secrets/infrastructure - make release candidate release 0.6 with 1.24 PR - add support matrix for: - ES dataFrom.find.name - ES dataFrom.find.tags - ES metadata sync - push secret - ES referent auth - ES floodgate / validate store - ✓ remove admins from GH Org except: - @moolen, @knelasevero, @gusfcarvalho, markus maga + Linux Foundation ## August 8th 2022 #### Attendees #### Agenda/Notes - Postponed due to no attendees. ## July 20th 2022 #### Attendees - Gustavo Carvalho @gusfcarvalho - Moritz Johner @moolen - Daniel Hix @adustyoldmuffin #### Agenda/Notes ##### Non-Technical - CNCF Sandbox application ##### Technical - Hashivault AWS Engine [#1211](https://github.com/external-secrets/external-secrets/pull/1211) - Proposal Draft for Secrets Generation [#1338](https://github.com/external-secrets/external-secrets/pull/1338) - ECR/GCR/ACR provider ##### Action Items - Come up with some quick designs possibilities for Generation within Providers () - ## July 06th 2022 #### Attendees - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes ##### Non-Technical ##### Technical - PushSecret Demo! [#1315](https://github.com/external-secrets/external-secrets/pull/1315) (if we have time) - Decoding Strategy PR [#1294](https://github.com/external-secrets/external-secrets/pull/1294) - Hashivault AWS Engine [#1211](https://github.com/external-secrets/external-secrets/pull/1211) ##### Action Items ## June 22th 2022 #### Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho #### Agenda/Notes ##### Non-Technical - Credit card from colletive is up, need to start using it in relevant - consider using 1password or bitwarden to manage shared secrets (for CI or personal test credentials) AI: @knela_severo - First ESO Meetup tomorrow 18:00 CET (https://www.meetup.com/container-solutions/events/swmbvsydcjbvb/) - Governance document ##### Technical - PushSecret status - Key rewrite proposal [#1188](https://github.com/external-secrets/external-secrets/pull/1188) - Fetch Tags [#305](https://github.com/external-secrets/external-secrets/issues/305) - Issues in General ##### Action Items - add stale bot to close @moolen ## June 8th 2022 #### Attendees - Moritz Johner @moolen - Daniel Hix @adustyoldmuffin - 1/2 Lucas @knelasevero #### Agenda/Notes ##### Non-Technical A couple of user question answered * what features are on the horizon? * where to put docs/examples around oracle cloud managed Kubernetes? ##### Technical ## May 25th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) #### Agenda/Notes ##### Non-Technical * Youtube/Podcasts update [gdocs](https://docs.google.com/spreadsheets/d/1vljX_YvPRvVQKpULQN81ZnB4FCq_6M3Xe7GdXJuQXjI/edit#gid=0) * Talks update - maybe having a gdocs as well * CNCF Application (!!!!) * sidenote: cncf toc mailinglist around sandbox applications [link](https://lists.cncf.io/g/cncf-toc/search?p=recentpostdate%2Fsticky%2C%2C%2C20%2C2%2C0%2C0&q=sandbox) ##### Technical * controller-tools@0.9.0 out monday (we can bump google grpc package now) * controller-runtime bump blocked by argocd dependencies. * Data from Key Rewrite becoming fairly requested by users [#975](https://github.com/external-secrets/external-secrets/issues/975). * (moolen) do a release? * (moolen) secret generator functionality: yep or nop? [#1179](https://github.com/external-secrets/external-secrets/issues/1179) * (moolen) prometheus rules in helm chart? [#1174](https://github.com/external-secrets/external-secrets/pull/1174) * rename SecretSink #### Action Items * e2e tests for AKS (@gusfcarvalho) * if argocd doesn't update for the next two community meetings, refactor. * review [#1176](https://github.com/external-secrets/external-secrets/pull/1176) * @moolen: add issue for Kubernetes Provider to support service account ## May 11th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) - Marcin Kubica (@marcinkubica) - Lucas Severo (@knelasevero) #### Agenda/Notes ##### Non-Technical * Add k8s provider as internaly maintained * implement e2e tests + a setup similar to what we do with vault * Add Azure KeyVault as internally maintained * Ping Carla and Katie regarding more info around cncf sandbox * Youtube/Podcast update [gdocs](https://docs.google.com/spreadsheets/d/1vljX_YvPRvVQKpULQN81ZnB4FCq_6M3Xe7GdXJuQXjI/edit#gid=0) / ask for read access if you want * Kubecon Get Together (!!!) ##### Technical * RFI: SecretStores Capabilities (related to SecretSink). * flux/argo e2e tests [#1041](https://github.com/external-secrets/external-secrets/pull/1041) * aws cli / e2e-managed-aws failure * google grpc bumps * (optional) discuss how we handle provider upgrades for the future [912](https://github.com/external-secrets/external-secrets/issues/912). #### Action Items * ✓ (@moolen) add Azure KV as internally maintained / ping maintainers for that * ✓ (@moolen) add azure kv e2e tests issue * ✓ add k8s provider as internally maintained (@knelasevero) * add e2e tests for k8s provider (initially me, but will look to onboard someone new with this issue @knelasevero) * ✓ ping Carla/Katie (@knelasevero) [but Kubecon atendees can try to talk with both in person] * ✓ review flux/argo e2e (@knelasevero) ## April 27th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Tom Godkin (@BooleanCat) - Moritz Johner (@moolen) - Marcin Kubica (@marcinkubica) #### Agenda/Notes ##### Non-Technical * Make a fix release for ESO. * Inception for Secret Sink (or any other feature?) * Trunk-based contributions * If you want to work on Secret Sink, you are welcome! ##### Technical #### Action Items ## April 13th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Lucas Alves (@knelasevero) - Moritz Johner (@moolen) - Tom Godkin (@BooleanCat) #### Agenda/Notes ##### Non-Technical * ESO Online Meetups * We can try to do it startung out with zoom - we can try out some different ideas (specially around freqyuency ) * cloud account expenses * create * project board / release planning * CNCF contact and discuss applying already * create document with questions (knelasevero) * https://cryptpad.uncloud.do/pad/#/2/pad/edit/220JlYNSJlP03R5Kz19i-CtP/embed/ * schedule a meeting with Katie and Carla (knelasevero) * ESO blog about sponsorships and big changes * plan what to talk about and who would write it * Collaborations w/ youtubers/podcasts * Potential contributions from EngineerBetter ##### Technical * 1pass provider * * [dataFrom key rewrite](https://github.com/external-secrets/external-secrets/issues/975) and [ExternalSecrets Decoding strategy](https://github.com/external-secrets/external-secrets/issues/920) * Spec them out as a design document? Yes we should do that. * Discuss Validate() general behaviour * [#961](https://github.com/external-secrets/external-secrets/issues/961) vs [#948](https://github.com/external-secrets/external-secrets/issues/961) considering the [Gitlab implementation](https://github.com/external-secrets/external-secrets/pull/960) of Validate() #### Action Items * Create ESO accounts (this can be hard) * Afterwards migrate from current infra * @moolen create small writeup how Release Board should work ## March 30th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) - Daniel Hix (@ADustyOldMuffin) #### Agenda/Notes * GCP Performance Leak Issues ([#818](https://github.com/external-secrets/external-secrets/issues/818) and [#834](https://github.com/external-secrets/external-secrets/issues/834)) * Release 0.5.0 * [#719](https://github.com/external-secrets/external-secrets/issues/719) closed only pending to do [#912](https://github.com/external-secrets/external-secrets/issues/912) * GetAllSecrets for AWS Merged * GetAllSecrets for Azure KeyVault ready to be Merged. * Secret Sink #### Action Items * Release 0.5.0 once DeletionPolicy gets merged and some documentation around GetAllSecrets is available. After released, let some time to fix any bugs users might report. * Probably announce release because of the milestone it represents. * https://github.com/github/release-radar ## March 16th 2022 #### Attendees - Gustavo Carvalho (@gusfcarvalho) - Moritz Johner (@moolen) - Daniel Hix (@ADustyOldMuffin) #### Agenda/Notes * Release 0.5.0 * Performance / Leak issues with GCP Provider: [#818](https://github.com/external-secrets/external-secrets/issues/818) and [#834](https://github.com/external-secrets/external-secrets/issues/834) * Azure WI [#738](https://github.com/external-secrets/external-secrets/pull/738) * GetAllSecrets for AWS [#820](https://github.com/external-secrets/external-secrets/pull/820) * GetAllSecrets for Azure KeyVault [#805](https://github.com/external-secrets/external-secrets/pull/805) * Secret Sink proposal * Kubecon #### Action Items * Organize first ESO meetup @ kubecon! (from past meeting) * Add ESO to Digital Oceans’ 1-click apps (from past meeting) * @gusfcarvalho to troubleshoot #818 and #834 * @gusfcarvalho to ping user working on Secret Sink * focus on the cleanup tasks for conversion webhooks [719](https://github.com/external-secrets/external-secrets/issues/719). ## March 2nd 2022 Attendees * Moritz Johner * Gustavo Carvalho * Daniel Hix #### Agenda/Notes * Several Community supported providers missing `Validate` and `ValidateStore` * `GetAllSecrets` implementation * There are a lot of 'feels weird' around implementing GetAllSecrets as discussed in [698](https://github.com/external-secrets/external-secrets/issues/698) * Addition of a `path` to spec? * Key collision * merge validating webhook [#750](https://github.com/external-secrets/external-secrets/pull/750) #### Action Items * Create issues for Validate implementation. * Create issues for ValidateStore implementation. * Document specificities of GetAllSecrets per provider. * Follow up Key collision - unicode seems a little bit weird. * Check if it is possible to remove api definitions from sonar cloud duplication tests. * Organize first ESO meetup! * Add ESO to Digital Oceans' [1-click apps](https://github.com/digitalocean/marketplace-kubernetes/blob/master/CONTRIBUTING.md) ## Feb 16th 2022 Attendees * Moritz Johner * Gustavo Carvalho (@gusfcarvalho) * DanG #### Agenda/Notes * `GetAllSecrets()` * coordinate provider implementations * limitations: key collision & no version support * disable client cache for secrets [#729](https://github.com/external-secrets/external-secrets/pull/729) * promote aws/azure providers [#709](https://github.com/external-secrets/external-secrets/pull/706) * TPL Engine v2 [#701](https://github.com/external-secrets/external-secrets/pull/701) * azure kv provider refactoring [#703](https://github.com/external-secrets/external-secrets/pull/703) * Discuss [Deletion Policy](https://github.com/external-secrets/external-secrets/issues/695) implementation * Review [design docs for v1beta1](https://github.com/external-secrets/external-secrets/blob/main/design/001-design-crd-v1beta1.md) * ClusterSecretStores with no events or status(?) #### Action Items - Add PR to include Deletion Policy on the crd-v1beta1. @gusfcarvalho - review #701 @knelasevero - review #701 @knelasevero - ## Feb 4th, 2022 v2 Hack Session Attendees * Moritz Johner * Gustavo Carvalho @gusfcarvalho #### Topics recording is available @knelasevero ##### SecretStore Controller * we want a validation webhook for the SecretStore resource to do static validation * ~~we should add a interface method ("validate") to check if the store configuration can be considered "valid"~~ - will be done in the [#466](https://github.com/external-secrets/external-secrets/pull/466) ##### Breaking Changes * figure out how versions are managed/stored in etcd and how they're converted * we want to draft a "final" version for the CRD before we actually implement the features themselves - that gives us the flexibility to continuously do releases and not block a release until everything is implemented. ##### v1beta1 ExternalSecret Scope * find & extract (Azure / GetAll mechanic) * template engine version * ~~decodeStrategy~~ see https://github.com/external-secrets/external-secrets/pull/674 * ?? ##### v1beta1 SecretStore -> not going to tackle that right now * We first need to figure out how to implement the decodeStrategy thing, because it touches a lot of points in the codebase. * path standardization doesn't really justify a whole new version ##### Deprecation Policy - we basically want to treat our `alpha` as `beta`: provide a upgrade path - we want to promote to beta1 asap when the CRD and scope is defined - want to get to GA in 9 months (2nd birthday: 23th November) - deprecate alpha1 when we release GA - wait a couple more release then deprecate beta1 aswell ##### Organisational Stuff * we want to keep track of relevant features for `v1beta1` in the [GitHub Project](https://github.com/external-secrets/external-secrets/projects/3) ## Feb 2nd, 2022 Attendees - Moritz Johner @moolen - Lucas Severo @knelasevero Agenda/Notes - prep release 0.4 ([release outlook](https://github.com/external-secrets/external-secrets/pull/664#issuecomment-1027168598)) - we're having a planning meeting on friday to discuss mid/long term goals of the project - setup multi-version support before merging breaking-changes (#664, #638, #515) - discuss the approach and goals on friday - we got some stale contributor PRs, we try to take them over if needed Action Items - @moolen ask @ADustyOldMuffin and @gusfcarvalho for sync regarding PR [#542](https://github.com/external-secrets/external-secrets/pull/542) to discuss details - @moolen add docs for community-operators-prod; also consolidate docs `RELEASE.md` / `external-secrets.io` and [helm-op docs](https://github.com/external-secrets/external-secrets-helm-operator/blob/main/docs/release.md) - @gustavo/@knelasevero ping or take over some of the PRs that could be quick to fix - @moolen takes over [Reporter PR](https://github.com/external-secrets/external-secrets/pull/466) ## Jan 19th, 2022 Attendees - Moritz Johner @moolen - Gustavo Carvalho @gusfcarvalho - Lucas Severo @knelasevero Agenda/Notes - (moolen) e2e@aws: need account for CI - (moolen) planning session for the next ~12 months? - celebrate donation by $anon! :tada: - Breaking changes - Azure key vault getAll() (dataFrom) - templating changes to avoid problems with []byte - Standardization of HashiVault provider Action Items: - @knelasevero add credentials for aws account in repo secrets - @moolen create doodle to find some time for us (for the planning meeting) - @knelasevero propose a process for something similar to KEPs in our project and comment in the issues that are proposing stuff (https://github.com/external-secrets/external-secrets/issues/347 / https://github.com/external-secrets/external-secrets/pull/542) - @moolen taking care of the PR for anchore examples - @moolen add community meeting date+time+details in readme and docs - @moolen document processes in contribution guidelines - PR assignee - Proposal process - close PR after ## Dec 8th, 2021 Attendees - Moritz Johner @moolen - Ope Agenda/Notes - OLM is work in progress, thanks to @slopezz - going forward with `decodeStrategy` proposal: - (1) implementing it on the provider level in a generic, reusable way ([#515](https://github.com/external-secrets/external-secrets/pull/515)) - (2) adding it to the external secret which may take precedence over provider flag - TODO: add community meeting schedule + call to docs/repo - switch to a alternating timezone schedule - make a poll (@slack) and ask for timezone preferences ## Nov 24th, 2021 Attendees - Moritz Johner @moolen - Lucas Severo @knelasevero Agenda/Notes - AWS Provider graduation? - e2e pod identity automation + other tests [#469](https://github.com/external-secrets/external-secrets/pull/469) - CRD graduation? Whats still missing: azure / get-all secrets [#498](https://github.com/external-secrets/external-secrets/issues/498) - we do not want to graduate right now, we first want to take a look at #498 - @moolen wants to take care of the operatorhub topic [#244](https://github.com/external-secrets/external-secrets/issues/244) [#493](https://github.com/external-secrets/external-secrets/issues/493) - @moolen takes over PR kes2eso [#1](https://github.com/external-secrets/kes-to-eso/pull/1) - Coverage - @knelasevero taking over if Serdar does not have time ## Nov 10th, 2021 Attendees - Sevi Karaköse (sevikarakose) - Moritz Johner (moolen) Agenda/Notes - Discussion about Azure getAllSecrets [discussions/470](https://github.com/external-secrets/external-secrets/discussions/470)- https://github.com/external-secrets/external-secrets/issues/426 - @moolen wants to reply in the thread, didn't have time to unfortunately - Community Operator hub progress - Önsel and Sevi have been working on this for a while now. They're planning to get back on track, too busy with client work unfortunately. - We need to review https://github.com/external-secrets/kes-to-eso/pull/1 already - @moolen took a look. Looks promising, minor things need to be addressed (comment incoming) - ok-to-test failing to report back to PR https://github.com/external-secrets/external-secrets/runs/4167322917?check_suite_focus=true - https://github.com/external-secrets/external-secrets/issues/426 - https://github.com/external-secrets/external-secrets/pull/480 - Check with Serdar about Coverage tool - Serdar will take a look as soon as possible - Unfortunately GH does not let us pay for less subs than the amount of people in the org... (see img below)  ## Oct 27th, 2021 Attendees - Gustavo Carvalho (gusfcarvalho) - Lucas Severo (knelasevero) - Moritz Johner (moolen) Agenda * Migration script updates * Almost done!!! * need to test with edge cases and have more eyes on the PR (moolen knelasevero) * Code coverage issues * Need to check with Serdar the status here and push this forward (knelasevero) * We need to remember to set threashold tolerance to minor cov decrease (Serdar or we take over) * E2E for cloud specific tests * We need to have a new dir with IaC, a new workflow gh-actions file, and configure spawn and destroy of infra for specific cloud e2e * Set monitoring of costs and add infracost to terraform analysis (Open issue with these details) * e2e tests documentation needs to be improved (lucas) * e2e tests issue when not setting all provider creds (moolen) * Donations * Pay gh premium (knelasevero) * csi-secrets-store * Add details to issue (knelasevero) * SecretSinks * Add details to issue (knelasevero) * Secret generation * Tell people to use crossplane. (knelasevero) * Add docs to our site about using crossplane together with ESO (knelasevero) * Continue using Paul, Prow is to dificult to maintain, and to add dedicated infra would be hard as well * OperatorHub should be prioritized a bit more because of requests * Check with Sevi and Onsel the status (knelasevero) * Moritz wants to take over if they are too busy (moolen) Notes ## Oct 13th, 2021 Attendees - Gustavo Carvalho (gusfcarvalho) - Sevi Karaköse (sevikarakose) - Sebastián Gómez - (sebagomez) - Oladipupo Ajayi - (DeeAjayi) - Opeyemi - (Eebru-gzy) Agenda/Notes - Release 0.3.6 with security patches is on - KES-ESO migration script - almost ready for AWS / GCP - Önsel and Sevi will be pairing on the Community Operators work - Serdar and Lucas got sonarCloud configuration set (local check investigation didn't move forward) ## Sept 29, 2021 Attendees - Lucas Severo (knelasevero) - Gustavo Carvalho (gusfcarvalho) Agenda/Notes - Sonar gates and configs (https://sonarcloud.io/organizations/external-secrets/projects) - Sonar trigger from fork PR - raise issue for local check (gusfcarvalho) - [#381](https://github.com/external-secrets/external-secrets/pull/381) leaked tokens - Follow up on the PR (knelasevero) - Cut a release possibly - will cut today or tomorrow (knelasevero) ## Sept 1, 2021 Attendees - Lucas Severo (knelasevero) - Moritz Johner (moolen) - Kian Kordtomeikel (KianTigger) Agenda/Notes - Migration script to go from KES to ESO - Plan what to do with donations - Gsuite? - look for other providers, jitsi - GH premium? - Trial (lucas) - investigate how premium seats work (lucas) - CSI project integration - Check with Kellin, see if he can join next community meeting (lucas) - SonarCube has coverage capabilities, maybe remove codecov? (check with Serdar about coverage) - Check how Sonar deals with coverage, ask Serdar about it (lucas) - External Sinc [#347](https://github.com/external-secrets/external-secrets/issues/347) - Secret Generation [#249](https://github.com/external-secrets/external-secrets/issues/249) - Create an evaluation of how this would affect the project technically and organizationally [consider separating project, having more than one binary from same project, or other options] (moolen) - Deleted secret isn't recreated until refresh [#344](https://github.com/external-secrets/external-secrets/issues/344) [#353](https://github.com/external-secrets/external-secrets/issues/353) - comment on the issue that is fine to add another field in status, hashed (moolen) - e2e test infra - Ask companies what they are whiling to host and then decide how tom manage real infra for specific e2e tests (lucas) ## Aug 18, 2021 Attendees - Lucas Severo (knelasevero) - Kian Kordtomeikel (KianTigger) - Elsa Chelala (ElsaChelala) Agenda/Notes - Migration script to go from KES to ESO - Plan what to do with donations - CSI project integration ## Aug 8, 2021 Attendees - Moritz Johner (moolen) - Sevi Karaköse (sevikarakose) - Joey Brayshaw (Jabray5) Agenda/Notes - celebrate donation ($20 / Andrew Tsai <3) - syncing metadata: opened [#305](https://github.com/external-secrets/external-secrets/issues/305) to keep track of it - vault e2e incoming: draft [#304](https://github.com/external-secrets/external-secrets/pull/304) - $cloud provider accounts sponsored by inovex - provide architecture draft + access matrix (@moolen) - need input: what do we have, who owns which account? (need to approach lucas for that) - once approved: setup infra - compute infra (openstack) sponsored by inovex - maybe for dedicated github actions runner - refresh interval issue: https://github.com/external-secrets/external-secrets/pull/303 - (joey) making progress on the gitlab project variables provider ## Jul 21, 2021 Attendees - Joey Brayshaw (Jabray5 ) - Kian Kordtomeikel (KianTigger) - Moritz Johner (moolen) - Ricardo Torres (ricardoptcosta) - Rodrigo Rios (rodrigorras) Agenda/Notes - Lucas and Moritz created an account in open collective and deposited some test funds. Someone already donated 100USD; - AWS/EKS integration tests - still need approval from Moritz's company to implement it - e2e TODOs #205-#209 - currently mostly succesful paths are tested - we should make clear issues that are missing in tests, and add them to acceptance criteria - @Moritz will pursue this - Moritz proposed a new release due to the recent merge regarding service account authenttication with AWS ([#251](https://github.com/external-secrets/external-secrets/pull/251)) - @Moritz will do the release - Kian and Joey are working on adding Oracle Cloud - [kes#798](https://github.com/external-secrets/kubernetes-external-secrets/issues/798) there was a issue opened on kubernetes/external-secrets asking for yandex. we will talk to the person who requested it to open in the main project. @Rodrigo will pursue this issue - We celebrated Joey's [first pull request](https://github.com/external-secrets/external-secrets/pull/275) 🎉 ## Jul 7, 2021 Attendees - Elsa Chelala (ElsaChelala) - Moritz Johner (moolen) - Lucas Severo (knelasevero) - Ricardo Torres (ricardoptcosta) Agenda/Notes - operatorhub.io [#244](https://github.com/external-secrets/external-secrets/issues/244) - Sevi investigating - https://opencollective.com/external-secrets-org - Will go forward with this - release with IBM Cloud Provider - Will be done by Lucas soon - label issues with beta: https://github.com/external-secrets/external-secrets/projects - Look for things that impact the CRD - AWS/EKS integration tests - Create issue - Check with Inovex for approval - Move secret generation discussion to a issue - TLS Vault auth - needing docs, will be added by Ricardo - after that the implementation - Ricardo gonna contact Kellin and Cameron ## Jun 23, 2021 Attendees - Moritz Johner (moolen) Agenda/Notes - Secret generation (discussion [195]([discussions/195](https://github.com/external-secrets/external-secrets/discussions/195))) - Resource Version Status [#189](https://github.com/external-secrets/external-secrets/pull/189) - Azure KeyVault enhancements [#215](https://github.com/external-secrets/external-secrets/pull/215) ## Jun 9, 2021 Attendees - Moritz Johner (moolen) - Lucas Severo (knelasevero) - Ricardo Torres (ricardoptcosta) Agenda/Notes - Azure KV merged - hardcoded key extraction ([see here](https://github.com/external-secrets/external-secrets/blob/95c8d054ac9274dbb24afbccd27d9b6e9b916d44/pkg/provider/azure/keyvault/keyvault.go#L209-L245)) issue: [#187](https://github.com/external-secrets/external-secrets/issues/187) - documentation (also GCP) - [#169](https://github.com/external-secrets/external-secrets/issues/169): bug when provider is slow - decide what is part of the deprecation policy (@moolen: open issue) - also draft the documentation - exclude controller tests in the unit test phase (because of old k8s components that kubebuilder provides) - add them when we have the kind cluster (with newer k8s versions) ready - remember to have a look over codecov ## May 26, 2021 Attendees - Lucas Severo (knelasevero) - Gabrielle Beyer (gabibeyer) - Ricardo Torres (ricardoptcosta) Agenda/Notes - Codecov [168](https://github.com/external-secrets/external-secrets/issues/168) - We should have something - Discuss other options on the issue - Scope access per namespace [163](https://github.com/external-secrets/external-secrets/issues/163) and [134](https://github.com/external-secrets/external-secrets/issues/134) - Need to discuss further - Immutable secrets [156](https://github.com/external-secrets/external-secrets/issues/156) - Shouldnt be hard. We probably can add this as an option - Support to trigger refresh instead of pull [129](https://github.com/external-secrets/external-secrets/issues/129) - Get in touch and see if he wants to implement it - Have a look over 0.2 milestone, remove/add stuff - just release with gcpsm and azure providers - e2e tests - maybe mobbing on this one - We got asked on slack about stability and chance of things changing https://kubernetes.io/docs/reference/using-api/deprecation-policy/ - Need to discuss further - Support level - Start by adding support notices to our readme (and maybe to a pinned discussion post on the gh discussion forum) - Invite other maintainers to mob programming ## May 12, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Lucas Severo Alves (knelasevero) - Gabi Beyer (gabibeyer) - Jonatas Baldin (jonatasbaldin) Agenda/Notes - Can't install helm chart on different k8s flavor? - https://github.com/external-secrets/external-secrets/issues/142#issuecomment-839867167 - secret-store-csi-driver community meeting, what discussions should we bring there? - SecretObject as separate CRD from Provider CRD - Check with them if they have goals around secret synchronization without mounting - 0.2.0: What do we plan to include in the next release - Increase provider coverage (Azure/GCP) - e2e tests - docs for current providers - 4 weeks release workflow - Decide if minor or patch release depending on the changes - Leverage TokenRequest API - https://github.com/external-secrets/external-secrets/issues/137 - Plugin Style Providers - Would be interesting, but not a priority right now ## April 28, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Riccardo Cefala (riccardomc) Agenda/Notes - Helm Chart needs to be done before release - vault Docs still missing - e2e tests, initial iteration done with localstack and local vault, but followup issue needed - CS infra, we need to add maintainers into the accounts Action Items: * helm chart release workflow @moolen * vault docs * merging e2e [done] ## April 14, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Jonatas Baldin (jonatasbaldin) - Riccardo Cefala (riccardomc) Agenda/Notes - Discussion on previous agenda notes - Review of [metrics PR](https://github.com/external-secrets/external-secrets/pull/110) - [Change dependabot frequency to weekly](https://github.com/external-secrets/external-secrets/pull/112) – merged - Push YAML artifacts on pipeline to GitHub – tracking [here](https://github.com/external-secrets/external-secrets/issues/43) - [Use External Secrets Operator name for Helm Charts](https://github.com/external-secrets/external-secrets/issues/105#issuecomment-819641753) - Release a v0.1 when merging #110, #69 and #106 at least – @jojo added a release/v0.1 tag to these PRs - 1Password released their own operator... we will start a discussion to merge efforts as well. @jojo dropped [this issue](https://github.com/1Password/onepassword-operator/issues/22) there ## March 31, 2021 Attendees - Kellin McAvoy (mcavoyk) - Lucas Severo Alves (knelasevero) - Aziz (1aziz) Agenda/Notes - CLA ([#96](https://github.com/external-secrets/external-secrets/issues/96)) - CRD Spec repo ([#97](https://github.com/external-secrets/external-secrets/issues/97)) - Add E2E testing ([31](https://github.com/external-secrets/external-secrets/issues/31)) - Create Helm chart repo - Something like `charts.external-secrets.io` ([#105](https://github.com/external-secrets/external-secrets/issues/105)) - Clean up milestone/Project board ## March 17, 2021 Attendees - just me, Moritz Johner (moolen) Agenda/Notes - aws refactoring([#57](https://github.com/external-secrets/external-secrets/pull/57)) - split interface: Provider/SecretsClient ([#55](https://github.com/external-secrets/external-secrets/pull/55)) - PTAL: AWS Parameter Store ([#59](https://github.com/external-secrets/external-secrets/pull/59)) - PTAL: Vault Provider ([#47](https://github.com/external-secrets/external-secrets/pull/47)) - refresh interval ([#48](https://github.com/external-secrets/external-secrets/pull/48)) - Security Policy ([#60](https://github.com/external-secrets/external-secrets/pull/60)) - Code of Conduct ([#46](https://github.com/external-secrets/external-secrets/pull/46)) - docs are hosted using cname ([#56](https://github.com/external-secrets/external-secrets/pull/56)) - paul bot configuration ([#49](https://github.com/external-secrets/external-secrets/pull/49)) - cleanup lint stage ([#54](https://github.com/external-secrets/external-secrets/pull/54)) PRs to discuss or need attention - i think we should merge [crd-spec#7](https://github.com/external-secrets/crd-spec/pull/7) - Azure KV needs some attention to get the spec done: [crd-spec#6](https://github.com/external-secrets/crd-spec/pull/6) Action Items - TBD ## March 3, 2021 (https://everytimezone.com/s/8dbf346e) Attendees - Lucas Severo Alves (knelasevero) - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Chaitanya Kandagatla (ckandag) Agenda/Notes - Repo automation bot - Release workflow - Change cadence of the meetings now that most of the project is already bootstraped and steered - domain https://www.external-secrets.io/ - https://github.com/cla-assistant/cla-assistant (maybe require it only if person is contributing during work time, and trust them?) - https://github.com/external-secrets/external-secrets/pull/46 CoC PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items - Look into kubernetes-sigs/external-dns ownership as a reference for this project (@mcavoyk) - External-dns is owned by [sigs-network](https://github.com/kubernetes/community/tree/master/sig-network) - Setup Paul in the project (@knelasevero) - Apex domain config (@knelasevero) - Enable Discussions on github repo (@knelasevero) - Setup CLA assistant (reachout to sigs-network to decide if it is necessary) ? ## February 17, 2021 (https://everytimezone.com/s/712e40fe) Attendees - Lucas Severo Alves - Kellin McAvoy - Moritz Johner - Riccardo Cefala Agenda/Notes - add awssm support PR in V2 [#34](https://github.com/external-secrets/external-secrets/pull/34) - support azure keyvault provider PR in V2 [#22](https://github.com/external-secrets/external-secrets/pull/22) - add provider-specific instructions to remoteRef PR in V2 spec [#4](https://github.com/external-secrets/crd-spec/pull/4) - Colab Blog Doc - https://docs.google.com/document/d/1H7leHCaQeJcur4E-Xi8croyl_FbDuzlJeVJIdGuIu6M/edit - documentation first pass: https://moolen.github.io/external-secrets/ PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items - Look into CLA - Lucas and Kellin - Get in touch with contacts at Azure, Google and AWS regarding credits for integration tests - Riccardo - Merge a draft for the doc first pass, and we will iterate further - Moritz - Look into using https://doc.crds.dev/ , if we have a problem Kellin will contact Dan to have a look - Look into having a Code of Conduct, both for contributions and meetings - Lucas - Add a script to the start of the meeting document to always mention the COC and remember to record ## February 03, 2021 Attendees - Lucas Severo Alves - Kellin McAvoy - Moritz Johner Agenda/Notes - Merge in main controller loop (@knelasevero) - Vault provider PR should be available in the next week (@mcavoyk) - ExternalSecret logo - https://drive.google.com/drive/folders/1_1kTEu4QZ453ce6ZrSUPJmOvfvCghNHJ - Discussion on the current kubernetes-external-secrets project regarding templating ExternalSecrets - https://github.com/external-secrets/kubernetes-external-secrets/discussions/605 - concerns about supporting the template language in JS and Golang PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items ## September 12, 2020 ### What happened? - We merged the Provider interface PR (thanks Moritz!) - Jonatas working on the Control Loop - Lucas working on the CI/CD ### Action items - Finish the Control Loop (@jonatasbaldin) – blocker for the Provider implementation - Still need to work on the Issues templates on GitHub - Mircea will pickup an issue on GitHub to work on