Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Status of the project and where it's going #165

Open
kaspernissen opened this issue May 8, 2019 · 14 comments

Comments

Projects
None yet
9 participants
@kaspernissen
Copy link

commented May 8, 2019

We (lunarway) are very interested in this project and would like to discuss its current state and progress.

It seems that there are some great ideas, and solutions in PR's to bring this project to the next level. Unfortunately, the momentum seems to have slowed down, and there hasn't been an official release in over a year. We know it can be time consuming running an open-source project by yourself, as it's presented in the quote from @anguslees from an earlier issue and would, therefore, like to discuss options for collaboration to get this project moving again.

sealed-secrets is not a commercial product for Bitnami, so it gets time from me when I find gaps around other priorities. I wish it were otherwise, but that's the reality at present.

Originally posted by @anguslees in #106 (comment)

Possible solutions:

  • Open up for external contributors to help with PR's and issues
  • Find someone (a company) willing to take on the ownership of the project
  • Something else?

It would be very helpful to get an understanding of where this project is going. At least, it would be great to know how we can help as many in the community are either using this project or needs a solution like this in their kubernetes clusters.

@ceralena

This comment has been minimized.

Copy link

commented May 14, 2019

Thanks for opening this discussion, @kaspernissen.

We (greensync) are excited about Sealed Secrets too, and we're in the process of rolling it out internally. It solves some problems we have better than anything else we could find in the Kubernetes space, and the code base is small and simple enough for us to understand and work on.

At the moment we're using our own fork of the CLI tool which cleans up the UX a little; there has been some discussion of this work, and some positive feedback, but we're not sure how to push it forward.

We are willing to invest and commit some development time to Sealed Secrets, and I think we have the right mix of use case and Go experience to contribute meaningfully. We aren't particularly fussed about how this gets done, as long as we can be confident that the project can be maintained. Our own fork is possible, but it'd be a shame to go down that road when there's some real community interest in this as an open-source project.

@kaspernissen

This comment has been minimized.

Copy link
Author

commented May 16, 2019

We are in a very similar situation. We are also rolling sealed-secrets out internally at the moment. We have made some workarounds for the limitations of the current implementation and was thinking of forking and invest some in our own fork. However, as @ceralena mentions, that would be a shame to go down that path, when there's real community interest. The UX clean up by @ceralena looks very promising and useful, and would love to see this merged.

Maybe yesterdays acquisition of bitnami could help get this project kickstarted?

@c-knowles

This comment has been minimized.

Copy link
Contributor

commented May 17, 2019

Just chipping in another view as I have been a contributor to this project as have some of my previous colleagues. I am not a user of this project at the moment so harder to spend the time on it but willing to contribute if others take ownership.

Historically myself and previous colleagues found it a bit difficult to get changes in so it’d be good if more people have access to help with PRs and issues. Not sure if there would be any blockers to that, presumably there wouldn’t be if it’s not a commercial product.

@anguslees

This comment has been minimized.

Copy link
Contributor

commented May 23, 2019

Thanks for starting this discussion @kaspernissen. Yes, I think we can all see that we need to find a way for sealed-secrets not to have me/Bitnami in the critical path ;)

Just so everyone knows, part of the issue preventing new releases atm is a boring semi-technical one:

  • We changed the SealedSecrets schema in #88 to add the Secret type field.
  • I wanted to change the schema again to add a more generic template in #129
  • I wanted to avoid all the stable-release users going through two consecutive schema migrations, so wanted to merge #129 before tagging a release that included #88.
  • I never finished #129 (and worse, I said I would, which probably discouraged other people from working on the related issues)

Because of this blockage, we haven't made any new releases since before #88, which is now a long time ago. In hindsight it would have been better just to release with the intervening schema, but of course I always intended to complete #129 in a timely fashion.


At this point, I'm going to openly do whatever I can to get out of the way: what do people want to do here?

I think we need:

  • at least one new shepherd for the project.
    This needs to be someone who is mostly-comfortable with the security/crypto aspects, since there are occasional PRs/suggestions that need to be rejected or else they would take the project in a direction that involves a different and conflicting security model (ie: it isn't just about merging every contribution unfortunately).
  • to unblock the release pipeline.
    This is mostly just a matter of actually tagging releases again.

This may or may not involve renaming the git repo away from bitnami-labs/ (but there is no need to do this just to have other people involved. I can add external admins to the existing github project). We could even move it into its own sealed-secrets/sealed-secrets github org if we wanted to have a stable future-proof home. A git rename involves trivially renaming all the golang imports (because golang), and optionally/less-trivially renaming the k8s apiGroup, I will support whatever people want to do here.

I still use this project everyday personally, and continue to care about it. So I am happy to (and would like to) continue to be involved - assuming that's ok with the new shepherds. We just need to find a way for me to transition to a "supporting" rather than "gatekeeper" role.

@anguslees

This comment has been minimized.

Copy link
Contributor

commented May 23, 2019

Oh, and a massive ❤️ to everyone who has contributed, in any capacity. @c-knowles deserves a particular mention for sustained code + user support contributions early in the project :)

@demisx

This comment has been minimized.

Copy link

commented May 24, 2019

After researching many offerings, I’d say this is indeed the best straightforward solution in Kubernetes world so far and would be awful not to see it getting its pulse back. Thank you @anguslees and the rest of the team for all your great work. We’ll be watching.

@kaspernissen

This comment has been minimized.

Copy link
Author

commented May 28, 2019

Thank you for the detailed description and openness, @anguslees! It is highly appreciated and thank you very much for a great project.

Creating a separate org sealed-secrets/sealed-secrets sounds like a good idea. That would as you mention, create a future-proof home.

As mentioned in the initial post, we would love to help out, both @Crevil and myself. However, neither of us probably don't have the security/crypto skills needed to become shepherds for a project like this, but we could help out in other areas and assist as much as possible.

@yob

This comment has been minimized.

Copy link

commented Jun 5, 2019

I work with @ceralena and wanted to chime in.

It seems like there's a number of people willing to chip in on development, and some uncertainty about the best way to co-ordinate going forward. In the short term, I wonder if we can optimise for unblocking the release train for:

  1. bug fixes
  2. modest functional changes that @anguslees feels are aligned with the sealed-secrets vision

@anguslees, would you be open to something like this:

  1. Identifying (or creating) a few issues that describe the non-radical changes you'd like to see in the short term ( the template schema change, using kube events for debugging, etc)
  2. Adding a few extra committers
  3. Requesting that all committers contributions go via PR (for visibility)
  4. Asking that all PRs have a review from a second committer before being merged, and are either a bugfix or resolving an issue from (1)

Hopefully that will allow some of us to pickup development of the blocking work.

If we can get a few small and successful releases out, we'll be more familiar with eachother and may be in a better position to decide on an alternative collaborative style that is more sustainable long term

@chrisharm

This comment has been minimized.

Copy link

commented Jun 14, 2019

Hi all,
Thanks for starting this conversation. My team is actively using the sealed-secrets project too, and we see the value in it's continued support. I am also willing to contribute to the project, but don't know the best way to move forward. @yob I like many of your suggestions.

I spent some time over the last two days trying to get familiar with the code base, and @anguslees changes in #129. I have attempted to finish this effort and have submitted #170. All of the integration test now pass locally, and I merged the other changes from master into my branch. I'll offer this up as a test to see if we can continue to move the project forward.

@anguslees How would you like to open up the project for new contributions? Who currently has access?

Thanks,
Chris

@monadic

This comment has been minimized.

Copy link

commented Jun 16, 2019

@anguslees @kaspernissen we would love to shepherd this project, ideally long term towards the CNCF in some way shape or form. Perhaps we could all work on this together? Please let me know! Alexis @ Weaveworks.

@kaspernissen

This comment has been minimized.

Copy link
Author

commented Jun 17, 2019

It sure sounds like there's a great interest in forming a new working group around this project. Thank you for pitching in @monadic. I think Weaveworks would be good shepherds as you have experience running open source projects, and this project fits right in the GitOps philosophy that you are promoting.

Agree with @yob we need to figure out what the next step is - and how we can start contributing to unblock the release train. Can we form a working group and discuss the next steps in a call?

Great work @chrisharm! This is a great step forward.

@anguslees how would you like to proceed?

@ceralena

This comment has been minimized.

Copy link

commented Jun 18, 2019

I just saw this comment from @mkmik:

#143 (comment)

Sorry for the delay, bitnami went through an acquisition and we scrambled a bit.
The original maintainer left the company; I'm going to fill that role.

Let me see if this branch is still clean and fully understand out the backward compat implications.

@mkmik - Hi there! Just wanting to make sure you're aware of this conversation.

@victornoel

This comment has been minimized.

Copy link

commented Jun 26, 2019

So, anything new on this? Has there been some working group spawned a @kaspernissen was proposing? @mkmik?

@kaspernissen

This comment has been minimized.

Copy link
Author

commented Jun 26, 2019

Unfortunately not, we have been trying to reach out via e-mail as well. @monadic is trying to pull some strings in his network, to see if we can get a response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.