External Secrets Community Meeting

Schedule

Meetings are on Zoom every other Wednesday 13:00 PM CEST. (invite is on https://www.cncf.io/calendar/)

Next Meeting link: https://zoom-lfx.platform.linuxfoundation.org/meeting/92843470602?password=b953d8fb-825b-48ae-8fd7-226e498cc316

Steps before starting the meeting:

Start Recording
Welcome everyone ;)
(Optional) Intros from new joiners
Mention COC

In meeting:

Go over action items from last meeting
Go over points
Go over previous meetings action items
Go quickly over some open PR

Backlog Items:
- is there an easy to read changelog, blog etc to see what is new in each version ? For example, going from 0.8.x to 0.9.x (slack) [@Mark]

April

Community Meeting

Participants

Gergely (@skarlso)
Victor
Gustavo

Host

Gergely (@skarlso)

April 9th

Agenda

March …

Community Meeting

Participants

Agenda

Discuss the refreshing on demand

March 26th

Host

Gergely (@skarlso)

Community Meeting

Participants

Gustavo (@gusfcarvalho)

Agenda

Talk about Provider sunsetting https://github.com/external-secrets/external-secrets/issues/4593
- @Skarlso Leave a comment on the issue about the decision / updated opinion
Promote ESO to V1, freeze new feature requests to the whole structure, create v2alpha1?
- Provider Versioning Scheme separate others
- Templating to target creation of none Kubernetes secret objects ( ConfigMap, OpenShift )
- PushSecrets which simply cannot have all the nice things ExternalSEcrets can have.
- Generators/ClsuterGenerators which are weird and not following same standards as SecretSTores/ClsuterSecretSTores
- @gusfcarvalho to add these to the v1 tracking issues and ping the other maintainers about it. Start sync voting on next community meeting, and if not enough quorum, vote via lazy consensus on the issue.
Incubation issue is sleeping https://github.com/cncf/toc/issues/1486

March 12th

Host

Gergely (@skarlso)

Community Meeting

Agenda

Nothing important really.

A roadmap for ESO https://github.com/orgs/external-secrets/projects/2.

February 26th

Host

Gergely (@skarlso)

It was a test meeting to see if the new invite from CNCF and the Zoom meeting is working. And it was.

February 12th

Host

Gergely (@skarlso)

Community Meeting

Agenda

Old issues cleanup
- Possibly reduce the stale bot number
- Help people contribute and understand the codebase
- Documentation on how to add providers
In-tree out of tree proposals PR #3634
- Trilok Geer to take a look and review/re-evaluate
We really really need to update the AWS Provider SDK to v2 Issue
- Put a bounty on it, so people pick it up ( look into this and decide on how to proceed )
Cannot seem to run e2e tests on this pull-request even though it was recreated
- Try creating a bump PR ourselves and see if it works.
Ping Barath on https://github.com/external-secrets/external-secrets/issues/1038
- Barath will comment on the issue so I can assign him to it
Incubating Process updates ? :)))
Kubecon EU Plans?
Injecting secrets into the pod directly as an environment variable?
- If an organization hates secrets, they hate environment variables ( it's typically worse )

Action Items

Unnofficial Gathering for External Secrets Community (when, where - to decide @gusfcarvalho)
@skarlso talk to the maintainers about this process
Prodiver template creation esoctl -> create provider assignee -> @skarlso ( document in code on how to implement, bootstrap a provider )
Trilok to review / re-evaluate /re-propose out-of-tree providers
Bharath to tackle #1038
Close really old issues that lost meaning like #336
On old issues ask the person if the issue is still relevent / encourage them to contribute
Come up with a design proposal to inject secrets into pod directly
- Before doing this, create an issue to gauge community desire for this kind of feature @skarlso

January 29th

Community Meeting

Agenda

(#4335) Any assignees?
OLM support , there are bunch of things missing now. https://github.com/external-secrets/external-secrets-helm-operator/pull/79

Dec 18th

Community Meeting

Host

Gustavo

Agenda

stateful generators (#4203)
deprecate namespace name selector from ClusterExternalSecret? (ref: #4162)
- Deprecate/Remove
helm olm operator - what is the present case from customer perspective?
Tag Security for Incubating (:party_hat:)
- waiting for ESO presentation to be booked

Action Items

Dec 4th

Community Meeting

Host

Gustavo

Agenda

Deprecate OLM Release https://github.com/external-secrets/external-secrets/pull/4175
- Approved with 2 votes out of 2.

Action Items

@gusfcarvalho to notify people, open PRs, and change Release notes warning of the deprecation.

Sept 25th

Community Meeting

Host

Agenda

Discussions with CNCF
- Moving docs to netlify
- hugo + docsy
- Mentorship program
- google GSOC support
- Workshop (service desk?)
- google season of docs

Aug 28st

Community Meeting

Host

Lucas (@knela)

Attendees

Gustavo (@gusfcarvalho)
Gergely (@skarlso)

Agenda/Notes

scarf (https://app.scarf.sh/) discussion
Bounty to attract contributors
Maintainer scholarship idea
How do we feel about External Secrets Inc (www.externalsecrets.com) being a sponsor
Provider Versioning
We Need Maintainers (https://kubernetes.slack.com/archives/C047LA9MUPJ/p1724843557332789)
Ditch Community Meetings at 20:00 CEST (always make them 13:00 CEST)

Action items

First try to contact CNCF for google analytics access & using scarf.sh (@knelasevero)
Explore these with the current value on the collective:
- Make Most Vodted by community issues - Attract/Reward contributions for it. (@gusfcarvalho)
- First draft of Proposal - Maintainer Scholarship for newly onboarded maintainers (@gusfcarvalho)
Remove Sebagomez, Shuhei from the maintainers group (@knelasevero).
Create a Reviewers group (@knelasevero).

July 31st

Community Meeting

Host

Lucas

Attendees

Gustavo
Gergely
Lucas

Agenda/Notes

Breaking Changes to Webhook Provider
Next release 0.10.0
Long inactive members
Long term support discussion
Provider Versioning
Support for custom resources (ConfigMaps) https://github.com/external-secrets/external-secrets/pull/3449
Review #3699

Action items

PR introducing better webhook posture (@gusfcarvalho) DONE
Add msg to error logs pointing to update secrets (@gusfcarvalho) DONE
Create issue "Problems with webhook provider on 0.10.x ?" and Pin it (@knelasevero)
Remove Sebagomez, Shuhei from the maintainers group (@knelasevero).
Create a Reviewers group (@knelasevero).
Remove PAUL (@knelasevero) :'(
Actually review #3699 (@gusfcarvalho @knelasevero) DONE

June 19

Community Meeting

Host

Lucas

Attendees

Moritz
Gergely
Iwan

Agenda/Notes

From last meeting: Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515).
vote on: https://github.com/external-secrets/external-secrets/issues/2699
did anyone notice problems with pushsecret recreating the secrets?
https://github.com/external-secrets/external-secrets/pull/3600

Action items

next community meeting discuss above issue
next community meeting also vote on https://github.com/external-secrets/external-secrets/issues/2699

May 22

Community Meeting

Host

Lucas

Attendees

Lucas
Iwan

Agenda/Notes

Supporting not public secret stores (https://github.com/external-secrets/external-secrets/issues/3515).
- Check if provider separation (and future plugin solution) would help here
- Check proposed solution in the issue (both from implementability perspective and if we would be ok with incorporating that into the project)
- Vote on it

Action items

next community meeting discuss above issue
next community meeting also vote on https://github.com/external-secrets/external-secrets/issues/2699

April 24

Community Meeting

Host

Gustavo

Attendees

Gustavo

Agenda/Notes

Action items

March 13 [canceled ]

Community Meeting

Host

Lucas

Attendees

Lucas

Agenda/Notes

Action items

Jan 18

Community Meeting

Host

Gustavo (@gusfcarvalho)

Attendees

Moritz

Agenda/Notes

license scan issue / see also https://github.com/cncf/foundation/issues/109 / https://github.com/uw-labs/lichen
depreciation policy https://github.com/external-secrets/external-secrets/issues/3030
Deprecation of SecretStore - any updates on this?
add provider for deprecated store https://github.com/external-secrets/external-secrets/pull/2993
KCD BR ContribFest issues suggestions? (create the issue on External Generators)
- Good first issues.
- ClusterSecretStore - Concise way to trigger a refresh on a ClusterExternalSecret.
- Bump CRDs to v1 (just it would be cool) - deprecation of v1alpha1, prometheus, ConversionStrategy, template/v1
- Probes (helm chart extras)
1.0.0 (stable)
- Deprecation Policy
- Provider CRD be in.
Project Yearly Review
- We want to do it with most maintainers on it.
CNCF Incubation.
- Start the process? Talk to ToC members first as they need to champion us regardless.

Action items

Find ToC members and talk to them
create a new issue to discuss which tool to use over FOSSA
Document implementation of Providers to allow for both SEcretStore or SecretStore.spec.provider deprecation. Ask for maintainers votes. [@gusfcarvalho]
reach out to brendan about Paul [@knelasevero]

Jan 3

Community Meeting

Host

Lucas

Attendees

Lucas
Moritz

Agenda/Notes

codecov slack thread
- let's do this, would be great to have it back!
state of paul?
fossa :/
Deprecation of SecretStore
Release process

Action items

reach out to brendan about Paul [@knelasevero]
fossa - reach out to cncf [@moolen]

Dec 20th

Community Meeting

Host

Moritz

Attendees

Moritz
Roger
Alec

Agenda/Notes

briefly touched on #2503, there's raising interest and alec would like to raise a PR with a design doc

Action Items

check if Paul bot is working @moolen

Dec 6th

Community Meeting

Host

Gustavo (@gusfcarvalho)

Attendees

Shlomo Heigh (@szh, Dev @ CyberArk Conjur)
@moolen
@vsantos

Agenda/Notes

(if we have quorum) Provider Versioning proposal #2545/#694
Question about provider feature support matrix, general discussion about Conjur provider upgrades

Action Items

Start vote async for SecretStore decision.

Nov 22th

Community Meeting

Host

Moritz (@moolen)

Attendees

Gergely Brautigam (@skarlso)
Gustavo (@gusfcarvalho)
Roger Tuma (@rogertuma)

Agenda/Notes

KubeCon update (?)
- Multiple Kubernetes Secret from one External Secret.
- External Secret creating different targets than secret.
Provider Versioning proposal #2545/#694
PushSecret generator proposal #2665
Latest commit from me has a failed license error? commit.

Action Items

versioning proposal: let's see until next community meeting if we're able to produce something tangible and drop it if it takes too much time implementing it
consider dropping FOSSA and replace it with snyk (@moolen create issue)

Oct 25th

Community Meeting

Host

Moritz (@moolen)

Attendees

Moritz (@moolen)
Lucas (@knelasevero)
Shuhei (@shuheiktgw)
Leonardo (@leomichalski)
Lais (@laisramos123)

Agenda/Notes

KubeCon update (?)
dataFrom[].transform #2802
Azure AKS managed test suite unfinished
discussed cert-manager integration PR: https://github.com/external-secrets/external-secrets/pull/2736
rotation for launching releases and for hosting meetings

Action Items

dig CRD fields should be versioned @knela
open issue for AKS managed test suite @moolen
start async discussion about rotation for launching releases and for hosting meetings @knela

Oct 11th

Community Meeting

Host

Lucas (@knelasevero)

Attendees

Moritz (@moolen)

Agenda/Notes

KubeCon prep
review PRs
- https://github.com/external-secrets/external-secrets/pull/2760
- https://github.com/external-secrets/external-secrets/pull/2763
record release process

Action Items

review the kubecon stuff (@knelasevero)

September 27th

Community Meeting

Host

Moritz

Attendees

Moritz (@moolen)

Agenda/Notes

KubeCon prep
review PRs

Action Items

September 13th

Community Meeting

Host

Gustavo

Attendees

Gustavo (@gusfcarvalho)

Agenda/Notes

Brief update on past PRs
PushSecret updatePolicy PR
PushSecret generator integration PR
Provider Versioning Strategy PR
Github Provider, push only ISSUE
meeting time :)
json encode/decode bug https://github.com/external-secrets/external-secrets/pull/2681
consider changing olm release process: [https://github.com/knelasevero/package-olm (similar to cert-manager)
How do we onboard providers?, or how it is decided to implement them and the impact on the project

Action Items

@moolen update docs, next meeting Sept 27th.
@knelasevero Double check if OLM release process can support configuration

August 30th

Community Meeting

Host

Moritz

Attendees

Moritz (@moolen)

Agenda/Notes

Meeting postponed as no one joined! Next meeting will be September, 13th.

Brief update on past PRs
PushSecret updatePolicy PR
PushSecret generator integration PR
json encode/decode bug https://github.com/external-secrets/external-secrets/pull/2681

Action Items

August 2nd

Community Meeting

Host

Gustavo

Attendees

Gustavo (@gusfcarvalho)
Moritz (@moolen)
Seb (@sebagomez)

Agenda/Notes

GA prep
- https://github.com/orgs/external-secrets/projects/2
- Some work could be done at Container Solutions, but resources allocated there would be for learning purposes - those issues are probably not the best for it
  - Better to have it then not have it.
release prep 0.9.2

Action Items

ask in slack regarding meeting time @moolen
create maintainer onboarding docs @moolen
Design how Provider Versioning Strategy would 'look like in theory' @gusfcarvalho
Secret Store v1 design (field changes, we can consider the minimal approach)
Create issues for design action items and for the missing bits that do not have action items. @gusfcarvalho
release 0.9.2 - @gusfcarvalho @sebagomez
review #2410 - @gusfcarvalho
write a comment on #2288 - we can proceed with it, and if we decide that this is a bad way of moving forward (and prefer dataFrom, we can push forward)
comm

July 21st

General Availability development missing bits

Attendees

Moritz
Gustavo
Lucas
Seb

Meeting Notes

Points:

Deprecation of ConversionPolicy (no issue yet)
Deprecation of prometheus annotations #1025
Standardize dataFrom.find (no issue yet)
Standardize MetadataPolicy (no issue yet - should we do it?)
Removal of v1alpha1 (no issue yet)
Deprecation of v1beta1 (no issue yet)
[BIG TASK] Provider versioning Strategy #694
- Strategy one: have non-validated field with provider configuration, versioning done on code level (with validation needed as well)
- Strategy two: Separate providers into new CRDs, reference CRDs on the SecretStore
  - Maybe deprecate the SecretStore and just leverage SourceRef on the External Secrets?
  - Make v1beta2 with new SecretStore
    - CRDs for providers would be v1beta1
[BIG TASK] Standardize SecretStore Providers #689 [we need design here - action item]
- Close to Provider versioning
- Conversion Webhook logic for upgrade path (v1beta1 -> v1)
- how serviceAccounts and secrets are used
- common fields like 'path' and 'server'?
  - common fields mean found more than 5 times across a file, or 10 times across the project.
- root level provider structure should follow:
  - auth
  - server (find a better name - maybe target)
    - url
    - cabundle, caprovider
    - endpoint
- After discussing, Standadization of fields seems way easier if we figure out provider versioning with CRDs.

Action Items

Check resources for ESO GA last mile with Container Solutions @gusfcarvalho
Check if @shuhei can help out with the Big Tasks that are important, but don't really add much value.
Design how Provider Versioning Strategy would 'look like in theory'
Secret Store v1 design (field changes, we can consider the minimal approach)
Create issues for design action items and for the missing bits that do not have action items.

July 5th

Host

Lucas (@knelasevero)

Attendees

Moritz (@moolen)

Agenda/Notes

[gustavo] Community meeting time
- taking turns on times that work for americas and Asia
[Fram Souza] Multiple Secret Generation with ExternalSecrets (see https://kubernetes.slack.com/archives/C017BF84G2Y/p1688483983064609)
Other maintainers
new providers on the horizon
what needs to be done for GA?
configmap sync

Action items:

ask in slack regarding meeting time @moolen
create maintainer onboarding docs @moolen
document accounts we have etc.
open thread in slack regarding "when do we stop onboarding new providers?" @moolen
make a doodle for a meeting where we brainstorm on what needs to be done before GA (not mapped on the milestone, docs and all) @knelasevero

June 21st

Host

Gustavo (@gusfcarvalho)

Attendees

Gustavo
Moritz

Agenda/Notes

plugin system / provider separation #696
- Instead of plugins, go for build flags?
- We generate only the "full" image, and allow users to build images without the providers they don't need
  - It is not a way to not have plugins, but to allow moving the project to GA without the plugin system in place (as a lot of refactor would be needed, etc.)
- Moritz ran some PoC on plugin system, and even though it is working, it would take some time to take it from alpha onto release to users.
- Plugin system could be a good idea for v2, as we could break existing users in the process of releasing it.
- for V1 - suggestion by both Moritz and Gustavo to go without plugins.
release 0.9.0 (past community meeting action item) - Moritz is reviewing fixes and documentation PRs to be able to release 0.9.0
Open PRs that need to be reviewed

Action Items

Add Seb to manage youtube channel (@gusfcarvalho)
Add poll to see other maintainers opinions on the issue (@gusfcarvalho)
Review open PRs as the list is getting big!

June 7th

Host

Attendees

Seb
Moritz
Gustavo
Nima
Ludovic
Yuri

Agenda/Notes

0.8.x or 0.9 release (requested via slack thread)?
ESO Threat Model #2308
e2e tests enhancements #2376
eso threat model #2308
update on plugin system / provider separation #696

Action items:

@moolen + @seb to do the release

May 24th

Host

Moritz

Attendees

Moritz

Agenda/Notes

Meeting postponed as no one joined! Next meeting will be June, 7th.

0.8.3 release / fix OpenShift #2342 & #34
ESO Threat Model #2308

May 10th

Host

Lucas

Attendees

Gustavo (@gusfcarvalho)
Seb (@sebagomez)
Scott Andrews (@scothis)
Andy Sadler (@sadlerap)
Mo Khan (@enj)
Anish Ramasekar (@aramase)

Agenda/Notes

Secret Store CSI joint discussion - SSCSI secret sync controller presentation (issue #336) - https://kubernetes.slack.com/archives/C013PUP2WRK/p1682354854859329
- SSCSID presented their project
- Gustavo asked if we could consider ESO the controller they would use to sync secrets
  - We need to make sure APIs adhere to sig-auth standards
  - We need to make sure ESO users and also SSCSID users are not disrupted with breaking changes
- ESO to show up a quick intro and a proposition on Secret Store CSI on SSCSI community meeting
ServiceBinding support PR #2263
- Discution around the open PR and the changes
- Gustavo worried about the 'type' field of the Kind Secret in the example
- That field is not used, it is just an example and recommendation of documentation
- Other chore stuff from the PR to address
metrics via otl initial work - also discuss plugin next plans
- https://github.com/external-secrets/external-secrets/pull/2291
- Concern with the future of plugin structure
- Decided to just go forward with this change and adapt when we decide on a approach
security best practices
- https://github.com/external-secrets/external-secrets/pull/2290/files#diff-02ba52c48ce1559953c6eb5bc954ddbf63caffed6f49a945804b17ad256deb8f PR is fine but merging it might mean releasing 0.8.2
- LTS https://github.com/external-secrets/external-secrets/pull/2155
  - Seb to review
Failing dependency checks on PR #2208
- Gustavo will help with the FOSSA check and the check-diff check

April 26th

Host

Gustavo (@gusfcarvalho)

Attendees

Lucas Severo (@knelasevero)
sebagomez
moolen
Gaurav Dasson

Agenda/Notes

General Plans:
- Docs improvement #2242 - @seb will work on it
- Security Best Practices (@moolen to write up issue)
- Plugin capability #696
- CSI Secret Store interoperability #336
  - Go to their comm meeting - Help preparing a presentation and would be good to have 2 of us there at least - @gusfcarvalho
  - Host them at our next comm meeting and discuss their project and ideas
- Cloud Events integration - need still better understand what we want to do here. Be just a source or a sink?
- LTS Release Process #2155
- Discuss PR #2208 @gaurav presented the logic. @gusfcarvalho to take a look
  - e2e tests in this PR?
0.8.2 release?
- LTS Release Process or Gitlab bugfix, whichever comes first.
ESO GA:
- What is missing?
  - LTS Release Process
- https://github.com/orgs/external-secrets/projects/2/views/1 captures the things we need to do for GA.
- update the docs for Metadata Policy = Fetch
ESO CNCF Incubating
- We have some relevant projects now that could sponsor us: https://github.com/external-secrets/external-secrets/pull/2262
- Should we take the process? Orlin is happy to help with it.
- We would be more comfortable after a GA release, or if we had more maintainers/ or having a company officialy sponsoring it.
CNCF Project Update - Annie sent an email
Yuri Sa wants to contribute remaining missing features and help with open telemetry topics
- Create an issue to implement open telemetry client

April 12th

Host

Lucas

Attendees

Gustavo (@gusfcarvalho)
Moritz
Seb

Agenda/Notes

kubecon prep
- KubeCon schedule sheet review
- slides? anything else?
CN rejekts Talk rehersal (won't be recorded)
- https://docs.google.com/presentation/d/1NDXHIi_TEfoh_iEYsZtAUitQCkd-uchwX3bH_RKuvKk/edit#slide=id.p

Action Items:

add eso-examples repo - Fetch a single secret with GCP/AWS
- Find and Extract with Vault
- Generators
- PushSecrets
- Templates
All of them must run on a workload/federation authentication
Add ESO slides
Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
Take PR #1451 contributions into a new PR @gusfcarvalho
Take PR #1389 contributions and push it over the line if dacamposol cannot make it.

Agenda/Notes

March 29th

Host

Moritz (@moolen)

Attendees

Moritz (@moolen)
Lucas

Agenda/Notes

LTS Release Process
KubeCon schedule sheet

Action Items:

Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
Take PR #1451 contributions into a new PR @gusfcarvalho
Take PR #1389 contributions and push it over the line if dacamposol cannot make it.

March 15th

Host

Gustavo (@gusfcarvalho)

Attendees

Moritz (@moolen)
Sebastian @sebagomez

Agenda/Notes

0.8.0 release
- https://github.com/external-secrets/external-secrets/issues/2125
GA release double check
- Look at issues in https://github.com/orgs/external-secrets/projects/2/views/1
- Any other issue we should include to this board?
- Template issues are covered in #2115
- Metadata Policy being hugely implemented (shout out to @sebagomez)
Kubecon Preparations
- Talks
  - CRDs talk for CN Rejekts
    - Test audience with community <3
  - Kubecon talk <3
- Booth
  - prep slidedeck
  - prep material (examples, use cases, etc) - better if in a live cluster?
  - schedule timeslots
- .
Promote @sebagomez to a maintainer (if he wants to ;))
Go over open PRs
Event Driven (async) reconciliation (if we have audience)

Action Items:

✓change meeting time in README and docs
Prepare rotation schedule sheet and share between people. @gusfcarvalho
Add @sebagomez to the maintainer list/email/cncf spreadsheets and repos @gusfcarvalho
double check if Metadata Policy=Fetch behavior over providers is standardized.
Take PR #1451 contributions into a new PR @gusfcarvalho
Take PR #1389 contributions and push it over the line if dacamposol cannot make it.

March 1st (Canceled since we did not have quorum)

Host

Lucas (@knelasevero)

Attendees

Agenda/Notes

Release should be launched soon
Kubecon preparations
- Talks
- Booth
- .

Feb 15 (cancelled)

February 1st

Host

Gustavo Carvalho (@gusfcarvalho)

Attendees

Ben Gurney
Moritz Johner

Agenda/Notes

PR #1389 - help/ strategy to move forward.
Missing features for GA!
- Template Merge/Persistence issues (e.g. #1429)
- Metadata Policy
Go over open PRs
Event Driven (async) reconciliation (if we have audience)
Incorporate Reloader to reload deployments (if we have audience)

Action Itens

PR #1953 - Build API spec documentation from CRDs - avoids the need to include so many examples in the API spec.
Take over #1451 if the contributor wnats the help
PR #1405 - contributor does not want to continue. Ping other involved if they want to, if not close it.
If Event Driven reconcile is moving forward, it will be driven by its own CRD (so we can release GA independently)
Marketing google docs - review it to prepare our GA release.

January 18th

Attendees

Gustavo Carvalho (@gusfcarvalho)

Host

Moritz Johner (@moolen)

Agenda/Notes

Event Driven (async) reconciliation
Incorporate Reloader to reload deployments
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
new financial contributor: inetshell

Attendees

January 4th

Attendees

Moritz Johner (@moolen)
Gustavo Carvalho (@gusfcarvalho)

Host

Lucas Alves (@knelasevero)

Agenda/Notes

New community meeting time announcement
Write up Host rotation policy
Write up PR review rotation policy
Release 0.7.1
~~Templates From String~~
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
doppler bronze sponsor & contribution from Colin Wilson (check out his blog post on ESO)
FOSSA report & MPL license #1820
go over Open PRs, consider merging before release
also: ESO/OLM: open PR to add permissions for service monitor
Vault PushSecret not really compliant - need to review it
- issue: https://github.com/external-secrets/external-secrets/issues/1840
Missing features for GA! (DeletionPolicy, referent Auth, Metadata Policy, PushSecret)
Hashicorp meeting
Template Orphaned keys - need to take that up (issue#1721)
kubecon

Action Itens

Next community meeting (trial): at 15:30 PM - Add it to README.md @moolen
Round robin for Host Rotation - 1st Lucas -> 2nd Moritz -> 3rd Gustavo (reminder on slack) @knelasevero
Add issues for GA milestone and tag with "help wanted"
from 0.8.0 forward, Alibaba provider is deprecated (no longer supported by Alicloud)
ask for a cncf booth (@knelasevero)

November 21st December

Meeting postponed as no one joined!
Next meeting will be January 4th

Attendees

Moritz Johner (@moolen)

Agenda/Notes

New community meeting time announcement
Write up Host rotation policy
Write up PR review rotation policy
Release 0.7.0
Templates From String
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
doppler bronze sponsor
FOSSA report & MPL license #1820
alibaba RRSA support #1725
keeper provider #1768
generic cache implementation / pkg-level feature flags #1640
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
happy holidays

Action Itens

November 7th December

Attendees

Gustavo Carvalho (@gusfcarvalho)
Meeting postponed as no one joined!

Agenda/Notes

New community meeting time announcement
Write up Host rotation policy
Write up PR review rotation policy
Release 0.7.0
Templates From String

Action Itens

November 23rd

Attendees

Gustavo Carvalho - @gusfcarvalho
Moritz Johner - @moolen

Agenda/Notes

Change Community Meeting time
Add clear hosting rotation
Add PR review rotation and commitment to the Governance
Promote IBM Cloud Secrets Manager to internally maintained
PR Reviews:
- https://github.com/external-secrets/external-secrets/pull/1640 generic cache refactoring + feauture flag
- https://github.com/external-secrets/external-secrets/pull/1315 looking for someone to help with the refactoring to implement clientmanager libraries.
- https://github.com/external-secrets/external-secrets/issues/1733
- https://github.com/external-secrets/external-secrets/pull/1732 - being reviewed

Action items

@gusfcarvalho Post a poll in #external-secrets-dev for Meeting Time, Hosting Rotation and PR review rotation
@gusfcarvalho Post a poll to promote IBM Cloud Secrest Manager

November 9th

Attendees

No maintainer attendees

Agenda/Notes

Promote IBM Cloud Secrets Manager to internally maintained

October 26th

Attendees

Gustavo Carvalho (@gusfcarvalho)
Moritz Johner @moolen

Agenda/Notes

celebrate GOVERNANCE.md
consider making a patch release due to security vulnerabilities
- Should we push approved PRs already?
- What about Feature/ Generator?
Vault path fix #1636
Feature/ Generator #1539
- Drop inline Ref (probably safer) and certificates use case with it :(
CloMonitor PR #1656
- Removing Codesee due to security risks
generic cache #1640
Push Secret #1315
- Waiting Generator PR to get in - use client manager and update docs
We should register for small booth @ kubecon EU 2023

Action items

release 0.6.1 with #1636(https://github.com/external-secrets/external-secrets/pull/1636)
review #1640 @gusfcarvalho

October 11th

Attendees

Meeting postponed due to agenda conflicts! :(

Agenda/Notes

PushSecret status update
- Possible Deletion logic walk through
Generator first remarks
@knela_severo to check how to register for small booth.
@gusfcarvalho to take bumps

September 28th

Attendees

Moritz Johner @moolen
Gustavo Carvalho @gusfcarvalho
Lucas Severo @knelasevero

Agenda/Notes

CNCF status update
- Governance Document
- https://docs.google.com/document/d/1NP7_gG-9SeJ8vcSgJzVZAdiJUuWHCkwP16j29kuDVlo/edit#heading=h.yhtbyzmsytx
generator status update #1539
- waiting for reviews
- coordinate with push-secrets changes (docs?)
  - This PR first, PushSecret to merge and fix docs conflicts
- migration towards own AWS account
vault cache #1537
multi-image builds + image signing/SBOM/provenance #1574
PushSecret status update
- PR(#1315) updated with requested changes
  - PushSecret controller tests using envtest
  - GCP tests using table driven approach
  - labelSelector to PushSecretStoreRef added (as opposed to replace it)
- AWS SecretsManager/ParameterStore added
- Hashicorp Vault code added
- Still pending:
  - Secrets Deletion (finalizers/regular CR update)
  - update SetSecret method to PushSecret
secret-store-csi-driver integration proposal update
collective money

Action items

Review #1574
make release 0.6.0 (non-rc)
ask for update in CNCF onboarding issue
Schedule call to setup AWS credentials
Sync up (hackathon?) on integration proposal update with SSCSID
- brittleness / complex system issues
- how to deal with authentication?
- @moolen add comments to the docs

September 14th

Skipped due to conflicts

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

Agenda/Notes

generator PR ready to review
AWS Account migration status
celebrate donation from John Rinehart
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →

August 31th 2022

Attendees

Moritz Johner @moolen
Gustavo Carvalho @gusfcarvalho

Agenda/Notes

generator implementation
- https://github.com/external-secrets/external-secrets/pull/1338
- @moolen opens draft PR with current status
CNCF status update
PushSecret status update
CSI Secret Store

Action items

@moolen: add support matrix (see action items last meeting): https://github.com/external-secrets/external-secrets/pull/1508
@gusfcarvalho: make release candidate release 0.6 with 1.24 PR (overran from previous meeting)
@gusfcarvalho Add notes to README.md about potential outage when migrating DNS servers.

August 18th 2022

Attendees

Moritz Johner @moolen
Gustavo Carvalho @gusfcarvalho

Agenda/Notes

generator proposal
- ACR/ECR/GCR implementation
CNCF Onboarding sync
$CLOUD Accounts?
PushSecret status
Kubernetes v1.24 upgrade
GH Organization structure

Action items

@moolen Secret Generation will not handle leases. Add that to design.
@moolen Start migrating AWS accounts to ESO-owned orgs -> https://github.com/external-secrets/infrastructure
make release candidate release 0.6 with 1.24 PR
add support matrix for:
- ES dataFrom.find.name
- ES dataFrom.find.tags
- ES metadata sync
- push secret
- ES referent auth
- ES floodgate / validate store
✓ remove admins from GH Org except:
- @moolen, @knelasevero, @gusfcarvalho, markus maga + Linux Foundation

August 8th 2022

Attendees

Agenda/Notes

Postponed due to no attendees.

July 20th 2022

Attendees

Gustavo Carvalho @gusfcarvalho
Moritz Johner @moolen
Daniel Hix @adustyoldmuffin

Agenda/Notes

Non-Technical

CNCF Sandbox application

Technical

Hashivault AWS Engine #1211
Proposal Draft for Secrets Generation #1338
ECR/GCR/ACR provider

Action Items

Come up with some quick designs possibilities for Generation within Providers ()

July 06th 2022

Attendees

Gustavo Carvalho @gusfcarvalho

Agenda/Notes

Non-Technical

Technical

PushSecret Demo! #1315

(if we have time)

Decoding Strategy PR #1294
Hashivault AWS Engine #1211

Action Items

June 22th 2022

Attendees

Moritz Johner @moolen
Gustavo Carvalho @gusfcarvalho

Agenda/Notes

Non-Technical

Credit card from colletive is up, need to start using it in relevant
- consider using 1password or bitwarden to manage shared secrets (for CI or personal test credentials) AI: @knela_severo
First ESO Meetup tomorrow 18:00 CET (https://www.meetup.com/container-solutions/events/swmbvsydcjbvb/)
Governance document

Technical

PushSecret status
Key rewrite proposal #1188
Fetch Tags #305
Issues in General

Action Items

add stale bot to close @moolen

June 8th 2022

Attendees

Moritz Johner @moolen
Daniel Hix @adustyoldmuffin
1/2 Lucas @knelasevero

Agenda/Notes

Non-Technical

A couple of user question answered

what features are on the horizon?
where to put docs/examples around oracle cloud managed Kubernetes?

Technical

May 25th 2022

Attendees

Gustavo Carvalho (@gusfcarvalho)
Moritz Johner (@moolen)

Agenda/Notes

Non-Technical

Youtube/Podcasts update gdocs
Talks update - maybe having a gdocs as well
CNCF Application (!!!)
- sidenote: cncf toc mailinglist around sandbox applications link

Technical

controller-tools@0.9.0 out monday (we can bump google grpc package now)
controller-runtime bump blocked by argocd dependencies.
Data from Key Rewrite becoming fairly requested by users #975.
(moolen) do a release?
(moolen) secret generator functionality: yep or nop? #1179
(moolen) prometheus rules in helm chart? #1174
rename SecretSink

Action Items

e2e tests for AKS (@gusfcarvalho)
if argocd doesn't update for the next two community meetings, refactor.
review #1176
@moolen: add issue for Kubernetes Provider to support service account

May 11th 2022

Attendees

Gustavo Carvalho (@gusfcarvalho)
Moritz Johner (@moolen)
Marcin Kubica (@marcinkubica)
Lucas Severo (@knelasevero)

Agenda/Notes

Non-Technical

Add k8s provider as internaly maintained
- implement e2e tests + a setup similar to what we do with vault
Add Azure KeyVault as internally maintained
Ping Carla and Katie regarding more info around cncf sandbox
Youtube/Podcast update gdocs / ask for read access if you want
Kubecon Get Together (!!!)

Technical

RFI: SecretStores Capabilities (related to SecretSink).
flux/argo e2e tests #1041
aws cli / e2e-managed-aws failure
google grpc bumps
(optional) discuss how we handle provider upgrades for the future 912.

Action Items

✓ (@moolen) add Azure KV as internally maintained / ping maintainers for that
✓ (@moolen) add azure kv e2e tests issue
✓ add k8s provider as internally maintained (@knelasevero)
add e2e tests for k8s provider (initially me, but will look to onboard someone new with this issue @knelasevero)
✓ ping Carla/Katie (@knelasevero) [but Kubecon atendees can try to talk with both in person]
✓ review flux/argo e2e (@knelasevero)

April 27th 2022

Attendees

Gustavo Carvalho (@gusfcarvalho)
Tom Godkin (@BooleanCat)
Moritz Johner (@moolen)
Marcin Kubica (@marcinkubica)

Agenda/Notes

Non-Technical

Make a fix release for ESO.
Inception for Secret Sink (or any other feature?)
Trunk-based contributions
If you want to work on Secret Sink, you are welcome!

Technical

Action Items

April 13th 2022

Attendees

Gustavo Carvalho (@gusfcarvalho)
Lucas Alves (@knelasevero)
Moritz Johner (@moolen)
Tom Godkin (@BooleanCat)

Agenda/Notes

Non-Technical

ESO Online Meetups
- We can try to do it startung out with zoom - we can try out some different ideas (specially around freqyuency )
cloud account expenses
- create
project board / release planning
CNCF contact and discuss applying already
- create document with questions (knelasevero)
  - https://cryptpad.uncloud.do/pad/#/2/pad/edit/220JlYNSJlP03R5Kz19i-CtP/embed/
- schedule a meeting with Katie and Carla (knelasevero)
ESO blog about sponsorships and big changes
- plan what to talk about and who would write it
Collaborations w/ youtubers/podcasts
Potential contributions from EngineerBetter

Technical

1pass provider
*
dataFrom key rewrite and ExternalSecrets Decoding strategy
- Spec them out as a design document? Yes we should do that.
Discuss Validate() general behaviour
- #961 vs #948 considering the Gitlab implementation of Validate()

Action Items

Create ESO accounts (this can be hard)
- Afterwards migrate from current infra
@moolen create small writeup how Release Board should work

March 30th 2022

Attendees

Gustavo Carvalho (@gusfcarvalho)
Moritz Johner (@moolen)
Daniel Hix (@ADustyOldMuffin)

Agenda/Notes

GCP Performance Leak Issues (#818 and #834)
Release 0.5.0
- #719 closed only pending to do #912
- GetAllSecrets for AWS Merged
- GetAllSecrets for Azure KeyVault ready to be Merged.
Secret Sink

Action Items

Release 0.5.0 once DeletionPolicy gets merged and some documentation around GetAllSecrets is available. After released, let some time to fix any bugs users might report.
Probably announce release because of the milestone it represents.
- https://github.com/github/release-radar

March 16th 2022

Attendees

Gustavo Carvalho (@gusfcarvalho)
Moritz Johner (@moolen)
Daniel Hix (@ADustyOldMuffin)

Agenda/Notes

Release 0.5.0
Performance / Leak issues with GCP Provider: #818 and #834
Azure WI #738
GetAllSecrets for AWS #820
GetAllSecrets for Azure KeyVault #805
Secret Sink proposal
Kubecon

Action Items

Organize first ESO meetup @ kubecon! (from past meeting)
Add ESO to Digital Oceans’ 1-click apps (from past meeting)
@gusfcarvalho to troubleshoot #818 and #834
@gusfcarvalho to ping user working on Secret Sink
focus on the cleanup tasks for conversion webhooks 719.

March 2nd 2022

Attendees

Moritz Johner
Gustavo Carvalho
Daniel Hix

Agenda/Notes

Several Community supported providers missing Validate and ValidateStore
GetAllSecrets implementation
- There are a lot of 'feels weird' around implementing GetAllSecrets as discussed in 698
- Addition of a path to spec?
- Key collision
merge validating webhook #750

Action Items

Create issues for Validate implementation.
Create issues for ValidateStore implementation.
Document specificities of GetAllSecrets per provider.
Follow up Key collision - unicode seems a little bit weird.
Check if it is possible to remove api definitions from sonar cloud duplication tests.
Organize first ESO meetup!
Add ESO to Digital Oceans' 1-click apps

Feb 16th 2022

Attendees

Moritz Johner
Gustavo Carvalho (@gusfcarvalho)
DanG

Agenda/Notes

GetAllSecrets()
- coordinate provider implementations
- limitations: key collision & no version support
disable client cache for secrets #729
promote aws/azure providers #709
TPL Engine v2 #701
azure kv provider refactoring #703
Discuss Deletion Policy implementation
Review design docs for v1beta1
ClusterSecretStores with no events or status(?)

Action Items

Add PR to include Deletion Policy on the crd-v1beta1. @gusfcarvalho
review #701 @knelasevero
review #701 @knelasevero

Feb 4th, 2022 v2 Hack Session

Attendees

Moritz Johner
Gustavo Carvalho @gusfcarvalho

Topics

recording is available @knelasevero

SecretStore Controller

we want a validation webhook for the SecretStore resource to do static validation
~~we should add a interface method ("validate") to check if the store configuration can be considered "valid"~~ - will be done in the #466

Breaking Changes

figure out how versions are managed/stored in etcd and how they're converted
we want to draft a "final" version for the CRD before we actually implement the features themselves - that gives us the flexibility to continuously do releases and not block a release until everything is implemented.

v1beta1 ExternalSecret Scope

find & extract (Azure / GetAll mechanic)
template engine version
~~decodeStrategy~~ see https://github.com/external-secrets/external-secrets/pull/674
??

v1beta1 SecretStore

-> not going to tackle that right now

We first need to figure out how to implement the decodeStrategy thing, because it touches a lot of points in the codebase.
path standardization doesn't really justify a whole new version

Deprecation Policy

we basically want to treat our alpha as beta: provide a upgrade path
we want to promote to beta1 asap when the CRD and scope is defined
want to get to GA in 9 months (2nd birthday: 23th November)
deprecate alpha1 when we release GA
wait a couple more release then deprecate beta1 aswell

Organisational Stuff

we want to keep track of relevant features for v1beta1 in the GitHub Project

Feb 2nd, 2022

Attendees

Moritz Johner @moolen
Lucas Severo @knelasevero

Agenda/Notes

prep release 0.4 (release outlook)
we're having a planning meeting on friday to discuss mid/long term goals of the project
setup multi-version support before merging breaking-changes (#664, #638, #515)
- discuss the approach and goals on friday
we got some stale contributor PRs, we try to take them over if needed

Action Items

@moolen ask @ADustyOldMuffin and @gusfcarvalho for sync regarding PR #542 to discuss details
@moolen add docs for community-operators-prod; also consolidate docs RELEASE.md / external-secrets.io and helm-op docs
@gustavo/@knelasevero ping or take over some of the PRs that could be quick to fix
@moolen takes over Reporter PR

Jan 19th, 2022

Attendees

Moritz Johner @moolen
Gustavo Carvalho @gusfcarvalho
Lucas Severo @knelasevero

Agenda/Notes

(moolen) e2e@aws: need account for CI
(moolen) planning session for the next ~12 months?
celebrate donation by $anon!
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Breaking changes
- Azure key vault getAll() (dataFrom)
- templating changes to avoid problems with []byte
- Standardization of HashiVault provider

Action Items:

@knelasevero add credentials for aws account in repo secrets
@moolen create doodle to find some time for us (for the planning meeting)
@knelasevero propose a process for something similar to KEPs in our project and comment in the issues that are proposing stuff (https://github.com/external-secrets/external-secrets/issues/347 / https://github.com/external-secrets/external-secrets/pull/542)
@moolen taking care of the PR for anchore examples
@moolen add community meeting date+time+details in readme and docs
@moolen document processes in contribution guidelines
- PR assignee
- Proposal process
- close PR after

Dec 8th, 2021

Attendees

Moritz Johner @moolen
Ope

Agenda/Notes

OLM is work in progress, thanks to @slopezz
going forward with decodeStrategy proposal:
- (1) implementing it on the provider level in a generic, reusable way (#515)
- (2) adding it to the external secret which may take precedence over provider flag
TODO: add community meeting schedule + call to docs/repo
- switch to a alternating timezone schedule
- make a poll (@slack) and ask for timezone preferences

Nov 24th, 2021

Attendees

Moritz Johner @moolen
Lucas Severo @knelasevero

Agenda/Notes

AWS Provider graduation?
- e2e pod identity automation + other tests #469
CRD graduation? Whats still missing: azure / get-all secrets #498
- we do not want to graduate right now, we first want to take a look at #498
@moolen wants to take care of the operatorhub topic #244 #493
@moolen takes over PR kes2eso #1
Coverage
- @knelasevero taking over if Serdar does not have time

Nov 10th, 2021

Attendees

Sevi Karaköse (sevikarakose)
Moritz Johner (moolen)

Agenda/Notes

Discussion about Azure getAllSecrets discussions/470- https://github.com/external-secrets/external-secrets/issues/426
- @moolen wants to reply in the thread, didn't have time to unfortunately
Community Operator hub progress
- Önsel and Sevi have been working on this for a while now. They're planning to get back on track, too busy with client work unfortunately.
We need to review https://github.com/external-secrets/kes-to-eso/pull/1 already
- @moolen took a look. Looks promising, minor things need to be addressed (comment incoming)
ok-to-test failing to report back to PR https://github.com/external-secrets/external-secrets/runs/4167322917?check_suite_focus=true
- https://github.com/external-secrets/external-secrets/issues/426
- https://github.com/external-secrets/external-secrets/pull/480
Check with Serdar about Coverage tool
- Serdar will take a look as soon as possible
Unfortunately GH does not let us pay for less subs than the amount of people in the org… (see img below)

Oct 27th, 2021

Attendees

Gustavo Carvalho (gusfcarvalho)
Lucas Severo (knelasevero)
Moritz Johner (moolen)

Agenda

Migration script updates
- Almost done!!!
- need to test with edge cases and have more eyes on the PR (moolen knelasevero)
Code coverage issues
- Need to check with Serdar the status here and push this forward (knelasevero)
- We need to remember to set threashold tolerance to minor cov decrease (Serdar or we take over)
E2E for cloud specific tests
- We need to have a new dir with IaC, a new workflow gh-actions file, and configure spawn and destroy of infra for specific cloud e2e
- Set monitoring of costs and add infracost to terraform analysis (Open issue with these details)
e2e tests documentation needs to be improved (lucas)
e2e tests issue when not setting all provider creds (moolen)
Donations
- Pay gh premium (knelasevero)
csi-secrets-store
- Add details to issue (knelasevero)
SecretSinks
- Add details to issue (knelasevero)
Secret generation
- Tell people to use crossplane. (knelasevero)
- Add docs to our site about using crossplane together with ESO (knelasevero)
Continue using Paul, Prow is to dificult to maintain, and to add dedicated infra would be hard as well
OperatorHub should be prioritized a bit more because of requests
- Check with Sevi and Onsel the status (knelasevero)
- Moritz wants to take over if they are too busy (moolen)

Notes

Oct 13th, 2021

Attendees

Gustavo Carvalho (gusfcarvalho)
Sevi Karaköse (sevikarakose)
Sebastián Gómez - (sebagomez)
Oladipupo Ajayi - (DeeAjayi)
Opeyemi - (Eebru-gzy)

Agenda/Notes

Release 0.3.6 with security patches is on
KES-ESO migration script
- almost ready for AWS / GCP
Önsel and Sevi will be pairing on the Community Operators work
Serdar and Lucas got sonarCloud configuration set (local check investigation didn't move forward)

Sept 29, 2021

Attendees

Lucas Severo (knelasevero)
Gustavo Carvalho (gusfcarvalho)

Agenda/Notes

Sonar gates and configs (https://sonarcloud.io/organizations/external-secrets/projects)
Sonar trigger from fork PR
- raise issue for local check (gusfcarvalho)
#381 leaked tokens
- Follow up on the PR (knelasevero)
Cut a release possibly
- will cut today or tomorrow (knelasevero)

Sept 1, 2021

Attendees

Lucas Severo (knelasevero)
Moritz Johner (moolen)
Kian Kordtomeikel (KianTigger)

Agenda/Notes

Migration script to go from KES to ESO
Plan what to do with donations
- Gsuite?
  - look for other providers, jitsi
- GH premium?
  - Trial (lucas)
  - investigate how premium seats work (lucas)
CSI project integration
- Check with Kellin, see if he can join next community meeting (lucas)
SonarCube has coverage capabilities, maybe remove codecov? (check with Serdar about coverage)
- Check how Sonar deals with coverage, ask Serdar about it (lucas)
External Sinc #347
- Secret Generation #249
- Create an evaluation of how this would affect the project technically and organizationally [consider separating project, having more than one binary from same project, or other options] (moolen)
Deleted secret isn't recreated until refresh #344 #353
- comment on the issue that is fine to add another field in status, hashed (moolen)
e2e test infra
- Ask companies what they are whiling to host and then decide how tom manage real infra for specific e2e tests (lucas)

Aug 18, 2021

Attendees

Lucas Severo (knelasevero)
Kian Kordtomeikel (KianTigger)
Elsa Chelala (ElsaChelala)

Agenda/Notes

Migration script to go from KES to ESO
Plan what to do with donations
CSI project integration

Aug 8, 2021

Attendees

Moritz Johner (moolen)
Sevi Karaköse (sevikarakose)
Joey Brayshaw (Jabray5)

Agenda/Notes

celebrate donation ($20 / Andrew Tsai <3)
syncing metadata: opened #305 to keep track of it
vault e2e incoming: draft #304
$cloud provider accounts sponsored by inovex
- provide architecture draft + access matrix (@moolen)
  - need input: what do we have, who owns which account? (need to approach lucas for that)
- once approved: setup infra
compute infra (openstack) sponsored by inovex
- maybe for dedicated github actions runner
refresh interval issue: https://github.com/external-secrets/external-secrets/pull/303
(joey) making progress on the gitlab project variables provider

Jul 21, 2021

Attendees

Joey Brayshaw (Jabray5 )
Kian Kordtomeikel (KianTigger)
Moritz Johner (moolen)
Ricardo Torres (ricardoptcosta)
Rodrigo Rios (rodrigorras)

Agenda/Notes

Lucas and Moritz created an account in open collective and deposited some test funds. Someone already donated 100USD;
AWS/EKS integration tests
- still need approval from Moritz's company to implement it
e2e TODOs #205-#209
- currently mostly succesful paths are tested
- we should make clear issues that are missing in tests, and add them to acceptance criteria
- @Moritz will pursue this
Moritz proposed a new release due to the recent merge regarding service account authenttication with AWS (#251) - @Moritz will do the release
Kian and Joey are working on adding Oracle Cloud
kes#798 there was a issue opened on kubernetes/external-secrets asking for yandex. we will talk to the person who requested it to open in the main project. @Rodrigo will pursue this issue
We celebrated Joey's first pull request 🎉

Jul 7, 2021

Attendees

Elsa Chelala (ElsaChelala)
Moritz Johner (moolen)
Lucas Severo (knelasevero)
Ricardo Torres (ricardoptcosta)

Agenda/Notes

operatorhub.io #244
- Sevi investigating
https://opencollective.com/external-secrets-org
- Will go forward with this
release with IBM Cloud Provider
- Will be done by Lucas soon
label issues with beta: https://github.com/external-secrets/external-secrets/projects
- Look for things that impact the CRD
AWS/EKS integration tests
- Create issue
- Check with Inovex for approval
Move secret generation discussion to a issue
TLS Vault auth - needing docs, will be added by Ricardo - after that the implementation
- Ricardo gonna contact Kellin and Cameron

Jun 23, 2021

Attendees

Moritz Johner (moolen)

Agenda/Notes

Secret generation (discussion 195)
Resource Version Status #189
Azure KeyVault enhancements #215

Jun 9, 2021

Attendees

Moritz Johner (moolen)
Lucas Severo (knelasevero)
Ricardo Torres (ricardoptcosta)

Agenda/Notes

Azure KV merged
- hardcoded key extraction (see here) issue: #187
- documentation (also GCP)
#169: bug when provider is slow
decide what is part of the deprecation policy (@moolen: open issue)
- also draft the documentation
exclude controller tests in the unit test phase (because of old k8s components that kubebuilder provides)
- add them when we have the kind cluster (with newer k8s versions) ready
remember to have a look over codecov

May 26, 2021

Attendees

Lucas Severo (knelasevero)
Gabrielle Beyer (gabibeyer)
Ricardo Torres (ricardoptcosta)

Agenda/Notes

Codecov 168
- We should have something
- Discuss other options on the issue
Scope access per namespace 163 and 134
- Need to discuss further
Immutable secrets 156
- Shouldnt be hard. We probably can add this as an option
Support to trigger refresh instead of pull 129
- Get in touch and see if he wants to implement it
Have a look over 0.2 milestone, remove/add stuff
- just release with gcpsm and azure providers
e2e tests
- maybe mobbing on this one
We got asked on slack about stability and chance of things changing https://kubernetes.io/docs/reference/using-api/deprecation-policy/
- Need to discuss further
Support level
- Start by adding support notices to our readme (and maybe to a pinned discussion post on the gh discussion forum)
Invite other maintainers to mob programming

May 12, 2021

Attendees

Kellin McAvoy (mcavoyk)
Moritz Johner (moolen)
Lucas Severo Alves (knelasevero)
Gabi Beyer (gabibeyer)
Jonatas Baldin (jonatasbaldin)

Agenda/Notes

Can't install helm chart on different k8s flavor?
- https://github.com/external-secrets/external-secrets/issues/142#issuecomment-839867167
secret-store-csi-driver community meeting, what discussions should we bring there?
- SecretObject as separate CRD from Provider CRD
- Check with them if they have goals around secret synchronization without mounting
0.2.0: What do we plan to include in the next release
- Increase provider coverage (Azure/GCP)
- e2e tests
- docs for current providers
4 weeks release workflow
- Decide if minor or patch release depending on the changes
Leverage TokenRequest API
- https://github.com/external-secrets/external-secrets/issues/137
Plugin Style Providers
- Would be interesting, but not a priority right now

April 28, 2021

Attendees

Kellin McAvoy (mcavoyk)
Moritz Johner (moolen)
Riccardo Cefala (riccardomc)

Agenda/Notes

Helm Chart needs to be done before release
vault Docs still missing
e2e tests, initial iteration done with localstack and local vault, but followup issue needed
CS infra, we need to add maintainers into the accounts

Action Items:

helm chart release workflow @moolen
vault docs
merging e2e [done]

April 14, 2021

Attendees

Kellin McAvoy (mcavoyk)
Moritz Johner (moolen)
Jonatas Baldin (jonatasbaldin)
Riccardo Cefala (riccardomc)

Agenda/Notes

Discussion on previous agenda notes
Review of metrics PR
Change dependabot frequency to weekly – merged
Push YAML artifacts on pipeline to GitHub – tracking here
Use External Secrets Operator name for Helm Charts
Release a v0.1 when merging #110, #69 and #106 at least – @jojo added a release/v0.1 tag to these PRs
1Password released their own operator… we will start a discussion to merge efforts as well. @jojo dropped this issue there

March 31, 2021

Attendees

Kellin McAvoy (mcavoyk)
Lucas Severo Alves (knelasevero)
Aziz (1aziz)

Agenda/Notes

CLA (#96)
CRD Spec repo (#97)
Add E2E testing (31)
Create Helm chart repo
- Something like charts.external-secrets.io (#105)
Clean up milestone/Project board

March 17, 2021

Attendees

just me, Moritz Johner (moolen)

Agenda/Notes

aws refactoring(#57)
split interface: Provider/SecretsClient (#55)
PTAL: AWS Parameter Store (#59)
PTAL: Vault Provider (#47)
refresh interval (#48)
Security Policy (#60)
Code of Conduct (#46)
docs are hosted using cname (#56)
paul bot configuration (#49)
cleanup lint stage (#54)

PRs to discuss or need attention

i think we should merge crd-spec#7
Azure KV needs some attention to get the spec done: crd-spec#6

Action Items

March 3, 2021

(https://everytimezone.com/s/8dbf346e)

Attendees

Lucas Severo Alves (knelasevero)
Kellin McAvoy (mcavoyk)
Moritz Johner (moolen)
Chaitanya Kandagatla (ckandag)

Agenda/Notes

Repo automation bot
Release workflow
Change cadence of the meetings now that most of the project is already bootstraped and steered
domain https://www.external-secrets.io/
https://github.com/cla-assistant/cla-assistant (maybe require it only if person is contributing during work time, and trust them?)
https://github.com/external-secrets/external-secrets/pull/46 CoC

PRs to discuss or need attention

[Please add any PRs that need attention, with your name, below]

Action Items

Look into kubernetes-sigs/external-dns ownership as a reference for this project (@mcavoyk)
- External-dns is owned by sigs-network
Setup Paul in the project (@knelasevero)
Apex domain config (@knelasevero)
Enable Discussions on github repo (@knelasevero)
Setup CLA assistant (reachout to sigs-network to decide if it is necessary) ?

February 17, 2021

(https://everytimezone.com/s/712e40fe)

Attendees

Lucas Severo Alves
Kellin McAvoy
Moritz Johner
Riccardo Cefala

Agenda/Notes

add awssm support PR in V2 #34
support azure keyvault provider PR in V2 #22
add provider-specific instructions to remoteRef PR in V2 spec #4
Colab Blog Doc
- https://docs.google.com/document/d/1H7leHCaQeJcur4E-Xi8croyl_FbDuzlJeVJIdGuIu6M/edit
documentation first pass: https://moolen.github.io/external-secrets/

PRs to discuss or need attention

[Please add any PRs that need attention, with your name, below]

Action Items

Look into CLA - Lucas and Kellin
Get in touch with contacts at Azure, Google and AWS regarding credits for integration tests - Riccardo
Merge a draft for the doc first pass, and we will iterate further - Moritz
Look into using https://doc.crds.dev/ , if we have a problem Kellin will contact Dan to have a look
Look into having a Code of Conduct, both for contributions and meetings - Lucas
Add a script to the start of the meeting document to always mention the COC and remember to record

February 03, 2021

Attendees

Lucas Severo Alves
Kellin McAvoy
Moritz Johner

Agenda/Notes

Merge in main controller loop (@knelasevero)
Vault provider PR should be available in the next week (@mcavoyk)
ExternalSecret logo
- https://drive.google.com/drive/folders/1_1kTEu4QZ453ce6ZrSUPJmOvfvCghNHJ
Discussion on the current kubernetes-external-secrets project regarding templating ExternalSecrets
- https://github.com/external-secrets/kubernetes-external-secrets/discussions/605
- concerns about supporting the template language in JS and Golang

PRs to discuss or need attention

[Please add any PRs that need attention, with your name, below]

Action Items

September 12, 2020

What happened?

We merged the Provider interface PR (thanks Moritz!)
Jonatas working on the Control Loop
Lucas working on the CI/CD

Action items

Finish the Control Loop (@jonatasbaldin) – blocker for the Provider implementation
Still need to work on the Issues templates on GitHub
Mircea will pickup an issue on GitHub to work on

Kellin

2021/03/03 17:45:38

(reachout to sigs-network to decide if it is necessary)

Their repo is covered by kubernetes CLA - https://github.com/kubernetes-sigs/external-dns/pull/1985#issuecomment-788957413 (Edited)

Guest Massey2025/02/01 03:23:44

+917619304351

Lucas Severo

2021/03/03 17:59:14

Oh yeah, makes sense... everything on their saide has this, right.... I will try to setup something eith the CLA assistant. In their case they use the linux foundation integration with github for signing the CLA, right? We will need something specific for us for now I think (Edited)

Guest Massey2025/02/01 03:24:34

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.