# External Secrets Community Meeting ### Schedule Meetings are on Google Meet every other Wednesday 11:30 AM EST to 12:00 PM EST. (ask for an invite to be sure to have it on your calendar) Next Meeting link: https://meet.jit.si/eso-community-meeting <!-- previous meet link from Moritz: https://meet.google.com/uis-rfiz-rsa --> <!-- previous meet link from lucas: meet.google.com/iek-etsm-jkk --> Steps before starting the meeting: - Start Recording - Welcome everyone ;) - (Optional) Intros from new joiners - Mention COC In meeting: - Go over points - Go over previous meetings action items ## Oct 13th, 2021 Attendees - Gustavo Carvalho (gusfcarvalho) - Sevi Karaköse (sevikarakose) - Sebastián Gómez - (sebagomez) - Oladipupo Ajayi - (DeeAjayi) - Opeyemi - (Eebru-gzy) Agenda/Notes - Release 0.3.6 with security patches is on - KES-ESO migration script - almost ready for AWS / GCP - Önsel and Sevi will be pairing on the Community Operators work - Serdar and Lucas got sonarCloud configuration set (local check investigation didn't move forward) ## Sept 29, 2021 Attendees - Lucas Severo (knelasevero) - Gustavo Carvalho (gusfcarvalho) Agenda/Notes - Sonar gates and configs (https://sonarcloud.io/organizations/external-secrets/projects) - Sonar trigger from fork PR - raise issue for local check (gusfcarvalho) - [#381](https://github.com/external-secrets/external-secrets/pull/381) leaked tokens - Follow up on the PR (knelasevero) - Cut a release possibly - will cut today or tomorrow (knelasevero) ## Sept 1, 2021 Attendees - Lucas Severo (knelasevero) - Moritz Johner (moolen) - Kian Kordtomeikel (KianTigger) Agenda/Notes - Migration script to go from KES to ESO - Plan what to do with donations - Gsuite? - look for other providers, jitsi - GH premium? - Trial (lucas) - investigate how premium seats work (lucas) - CSI project integration - Check with Kellin, see if he can join next community meeting (lucas) - SonarCube has coverage capabilities, maybe remove codecov? (check with Serdar about coverage) - Check how Sonar deals with coverage, ask Serdar about it (lucas) - External Sinc [#347](https://github.com/external-secrets/external-secrets/issues/347) - Secret Generation [#249](https://github.com/external-secrets/external-secrets/issues/249) - Create an evaluation of how this would affect the project technically and organizationally [consider separating project, having more than one binary from same project, or other options] (moolen) - Deleted secret isn't recreated until refresh [#344](https://github.com/external-secrets/external-secrets/issues/344) [#353](https://github.com/external-secrets/external-secrets/issues/353) - comment on the issue that is fine to add another field in status, hashed (moolen) - e2e test infra - Ask companies what they are whiling to host and then decide how tom manage real infra for specific e2e tests (lucas) ## Aug 18, 2021 Attendees - Lucas Severo (knelasevero) - Kian Kordtomeikel (KianTigger) - Elsa Chelala (ElsaChelala) Agenda/Notes - Migration script to go from KES to ESO - Plan what to do with donations - CSI project integration ## Aug 8, 2021 Attendees - Moritz Johner (moolen) - Sevi Karaköse (sevikarakose) - Joey Brayshaw (Jabray5) Agenda/Notes - celebrate donation ($20 / Andrew Tsai <3) - syncing metadata: opened [#305](https://github.com/external-secrets/external-secrets/issues/305) to keep track of it - vault e2e incoming: draft [#304](https://github.com/external-secrets/external-secrets/pull/304) - $cloud provider accounts sponsored by inovex - provide architecture draft + access matrix (@moolen) - need input: what do we have, who owns which account? (need to approach lucas for that) - once approved: setup infra - compute infra (openstack) sponsored by inovex - maybe for dedicated github actions runner - refresh interval issue: https://github.com/external-secrets/external-secrets/pull/303 - (joey) making progress on the gitlab project variables provider ## Jul 21, 2021 Attendees - Joey Brayshaw (Jabray5 ) - Kian Kordtomeikel (KianTigger) - Moritz Johner (moolen) - Ricardo Torres (ricardoptcosta) - Rodrigo Rios (rodrigorras) Agenda/Notes - Lucas and Moritz created an account in open collective and deposited some test funds. Someone already donated 100USD; - AWS/EKS integration tests - still need approval from Moritz's company to implement it - e2e TODOs #205-#209 - currently mostly succesful paths are tested - we should make clear issues that are missing in tests, and add them to acceptance criteria - @Moritz will pursue this - Moritz proposed a new release due to the recent merge regarding service account authenttication with AWS ([#251](https://github.com/external-secrets/external-secrets/pull/251)) - @Moritz will do the release - Kian and Joey are working on adding Oracle Cloud - [kes#798](https://github.com/external-secrets/kubernetes-external-secrets/issues/798) there was a issue opened on kubernetes/external-secrets asking for yandex. we will talk to the person who requested it to open in the main project. @Rodrigo will pursue this issue - We celebrated Joey's [first pull request](https://github.com/external-secrets/external-secrets/pull/275) 🎉 ## Jul 7, 2021 Attendees - Elsa Chelala (ElsaChelala) - Moritz Johner (moolen) - Lucas Severo (knelasevero) - Ricardo Torres (ricardoptcosta) Agenda/Notes - operatorhub.io [#244](https://github.com/external-secrets/external-secrets/issues/244) - Sevi investigating - https://opencollective.com/external-secrets-org - Will go forward with this - release with IBM Cloud Provider - Will be done by Lucas soon - label issues with beta: https://github.com/external-secrets/external-secrets/projects - Look for things that impact the CRD - AWS/EKS integration tests - Create issue - Check with Inovex for approval - Move secret generation discussion to a issue - TLS Vault auth - needing docs, will be added by Ricardo - after that the implementation - Ricardo gonna contact Kellin and Cameron ## Jun 23, 2021 Attendees - Moritz Johner (moolen) Agenda/Notes - Secret generation (discussion [195]([discussions/195](https://github.com/external-secrets/external-secrets/discussions/195))) - Resource Version Status [#189](https://github.com/external-secrets/external-secrets/pull/189) - Azure KeyVault enhancements [#215](https://github.com/external-secrets/external-secrets/pull/215) ## Jun 9, 2021 Attendees - Moritz Johner (moolen) - Lucas Severo (knelasevero) - Ricardo Torres (ricardoptcosta) Agenda/Notes - Azure KV merged - hardcoded key extraction ([see here](https://github.com/external-secrets/external-secrets/blob/95c8d054ac9274dbb24afbccd27d9b6e9b916d44/pkg/provider/azure/keyvault/keyvault.go#L209-L245)) issue: [#187](https://github.com/external-secrets/external-secrets/issues/187) - documentation (also GCP) - [#169](https://github.com/external-secrets/external-secrets/issues/169): bug when provider is slow - decide what is part of the deprecation policy (@moolen: open issue) - also draft the documentation - exclude controller tests in the unit test phase (because of old k8s components that kubebuilder provides) - add them when we have the kind cluster (with newer k8s versions) ready - remember to have a look over codecov ## May 26, 2021 Attendees - Lucas Severo (knelasevero) - Gabrielle Beyer (gabibeyer) - Ricardo Torres (ricardoptcosta) Agenda/Notes - Codecov [168](https://github.com/external-secrets/external-secrets/issues/168) - We should have something - Discuss other options on the issue - Scope access per namespace [163](https://github.com/external-secrets/external-secrets/issues/163) and [134](https://github.com/external-secrets/external-secrets/issues/134) - Need to discuss further - Immutable secrets [156](https://github.com/external-secrets/external-secrets/issues/156) - Shouldnt be hard. We probably can add this as an option - Support to trigger refresh instead of pull [129](https://github.com/external-secrets/external-secrets/issues/129) - Get in touch and see if he wants to implement it - Have a look over 0.2 milestone, remove/add stuff - just release with gcpsm and azure providers - e2e tests - maybe mobbing on this one - We got asked on slack about stability and chance of things changing https://kubernetes.io/docs/reference/using-api/deprecation-policy/ - Need to discuss further - Support level - Start by adding support notices to our readme (and maybe to a pinned discussion post on the gh discussion forum) - Invite other maintainers to mob programming ## May 12, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Lucas Severo Alves (knelasevero) - Gabi Beyer (gabibeyer) - Jonatas Baldin (jonatasbaldin) Agenda/Notes - Can't install helm chart on different k8s flavor? - https://github.com/external-secrets/external-secrets/issues/142#issuecomment-839867167 - secret-store-csi-driver community meeting, what discussions should we bring there? - SecretObject as separate CRD from Provider CRD - Check with them if they have goals around secret synchronization without mounting - 0.2.0: What do we plan to include in the next release - Increase provider coverage (Azure/GCP) - e2e tests - docs for current providers - 4 weeks release workflow - Decide if minor or patch release depending on the changes - Leverage TokenRequest API - https://github.com/external-secrets/external-secrets/issues/137 - Plugin Style Providers - Would be interesting, but not a priority right now ## April 28, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Riccardo Cefala (riccardomc) Agenda/Notes - Helm Chart needs to be done before release - vault Docs still missing - e2e tests, initial iteration done with localstack and local vault, but followup issue needed - CS infra, we need to add maintainers into the accounts Action Items: * helm chart release workflow @moolen * vault docs * merging e2e [done] ## April 14, 2021 Attendees - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Jonatas Baldin (jonatasbaldin) - Riccardo Cefala (riccardomc) Agenda/Notes - Discussion on previous agenda notes - Review of [metrics PR](https://github.com/external-secrets/external-secrets/pull/110) - [Change dependabot frequency to weekly](https://github.com/external-secrets/external-secrets/pull/112) – merged - Push YAML artifacts on pipeline to GitHub – tracking [here](https://github.com/external-secrets/external-secrets/issues/43) - [Use External Secrets Operator name for Helm Charts](https://github.com/external-secrets/external-secrets/issues/105#issuecomment-819641753) - Release a v0.1 when merging #110, #69 and #106 at least – @jojo added a release/v0.1 tag to these PRs - 1Password released their own operator... we will start a discussion to merge efforts as well. @jojo dropped [this issue](https://github.com/1Password/onepassword-operator/issues/22) there ## March 31, 2021 Attendees - Kellin McAvoy (mcavoyk) - Lucas Severo Alves (knelasevero) - Aziz (1aziz) Agenda/Notes - CLA ([#96](https://github.com/external-secrets/external-secrets/issues/96)) - CRD Spec repo ([#97](https://github.com/external-secrets/external-secrets/issues/97)) - Add E2E testing ([31](https://github.com/external-secrets/external-secrets/issues/31)) - Create Helm chart repo - Something like `charts.external-secrets.io` ([#105](https://github.com/external-secrets/external-secrets/issues/105)) - Clean up milestone/Project board ## March 17, 2021 Attendees - just me, Moritz Johner (moolen) Agenda/Notes - aws refactoring([#57](https://github.com/external-secrets/external-secrets/pull/57)) - split interface: Provider/SecretsClient ([#55](https://github.com/external-secrets/external-secrets/pull/55)) - PTAL: AWS Parameter Store ([#59](https://github.com/external-secrets/external-secrets/pull/59)) - PTAL: Vault Provider ([#47](https://github.com/external-secrets/external-secrets/pull/47)) - refresh interval ([#48](https://github.com/external-secrets/external-secrets/pull/48)) - Security Policy ([#60](https://github.com/external-secrets/external-secrets/pull/60)) - Code of Conduct ([#46](https://github.com/external-secrets/external-secrets/pull/46)) - docs are hosted using cname ([#56](https://github.com/external-secrets/external-secrets/pull/56)) - paul bot configuration ([#49](https://github.com/external-secrets/external-secrets/pull/49)) - cleanup lint stage ([#54](https://github.com/external-secrets/external-secrets/pull/54)) PRs to discuss or need attention - i think we should merge [crd-spec#7](https://github.com/external-secrets/crd-spec/pull/7) - Azure KV needs some attention to get the spec done: [crd-spec#6](https://github.com/external-secrets/crd-spec/pull/6) Action Items - TBD ## March 3, 2021 (https://everytimezone.com/s/8dbf346e) Attendees - Lucas Severo Alves (knelasevero) - Kellin McAvoy (mcavoyk) - Moritz Johner (moolen) - Chaitanya Kandagatla (ckandag) Agenda/Notes - Repo automation bot - Release workflow - Change cadence of the meetings now that most of the project is already bootstraped and steered - domain https://www.external-secrets.io/ - https://github.com/cla-assistant/cla-assistant (maybe require it only if person is contributing during work time, and trust them?) - https://github.com/external-secrets/external-secrets/pull/46 CoC PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items - Look into kubernetes-sigs/external-dns ownership as a reference for this project (@mcavoyk) - External-dns is owned by [sigs-network](https://github.com/kubernetes/community/tree/master/sig-network) - Setup Paul in the project (@knelasevero) - Apex domain config (@knelasevero) - Enable Discussions on github repo (@knelasevero) - Setup CLA assistant (reachout to sigs-network to decide if it is necessary) ? ## February 17, 2021 (https://everytimezone.com/s/712e40fe) Attendees - Lucas Severo Alves - Kellin McAvoy - Moritz Johner - Riccardo Cefala Agenda/Notes - add awssm support PR in V2 [#34](https://github.com/external-secrets/external-secrets/pull/34) - support azure keyvault provider PR in V2 [#22](https://github.com/external-secrets/external-secrets/pull/22) - add provider-specific instructions to remoteRef PR in V2 spec [#4](https://github.com/external-secrets/crd-spec/pull/4) - Colab Blog Doc - https://docs.google.com/document/d/1H7leHCaQeJcur4E-Xi8croyl_FbDuzlJeVJIdGuIu6M/edit - documentation first pass: https://moolen.github.io/external-secrets/ PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items - Look into CLA - Lucas and Kellin - Get in touch with contacts at Azure, Google and AWS regarding credits for integration tests - Riccardo - Merge a draft for the doc first pass, and we will iterate further - Moritz - Look into using https://doc.crds.dev/ , if we have a problem Kellin will contact Dan to have a look - Look into having a Code of Conduct, both for contributions and meetings - Lucas - Add a script to the start of the meeting document to always mention the COC and remember to record ## February 03, 2021 Attendees - Lucas Severo Alves - Kellin McAvoy - Moritz Johner Agenda/Notes - Merge in main controller loop (@knelasevero) - Vault provider PR should be available in the next week (@mcavoyk) - ExternalSecret logo - https://drive.google.com/drive/folders/1_1kTEu4QZ453ce6ZrSUPJmOvfvCghNHJ - Discussion on the current kubernetes-external-secrets project regarding templating ExternalSecrets - https://github.com/external-secrets/kubernetes-external-secrets/discussions/605 - concerns about supporting the template language in JS and Golang PRs to discuss or need attention - [Please add any PRs that need attention, with your name, below] Action Items ## September 12, 2020 ### What happened? - We merged the Provider interface PR (thanks Moritz!) - Jonatas working on the Control Loop - Lucas working on the CI/CD ### Action items - Finish the Control Loop (@jonatasbaldin) – blocker for the Provider implementation - Still need to work on the Issues templates on GitHub - Mircea will pickup an issue on GitHub to work on