►
Description
Meeting of Kubernetes Data Protection WG - 26 July 2023
Meeting Notes/Agenda: -
Find out more about the DP WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMWare)
A
B
A
A
C
C
Yeah,
essentially,
you
know
they
told
us
that
Mutual
authentication
can
be
achieve
between
two
arbitrary
kubernetes
services,
using
the
token
request
and
token
review
apis.
Oh
interesting,
okay,
yes,
so
it's
possible,
you
know
and
then
and
the
token
we
get
back
has
enough
information
right,
the
user
information
field
there.
So
we
can
do
a
subject-
access
review
yeah,
so
you
know
essentially
to.
C
Right
they
had
no
problems
with
all
these
parts
of
of
our
proposal.
Right
that
there's
a
side
couch
hides
the
store.
You
know
the
SP
and
then
and
the
sidecar
talks
to
the
SP
bar
Unix
socket,
and
you
know
the
application
uses
direct
grpc
and
the
fact
that
they
are
TLS
and
not
mtls,
because
when
we
came
down
to
this
part
right,
which
was
you
know,
there's
a
set.
We
had
this
whole
session
construct
to
solve
the
M
part
of
the
TLs
issue.
Right,
they
said.
C
It
now
okay,
yeah
I'll,
get
to
it
in
a
few
and
I'll
get
to
it
in
a
few
slides,
right,
yeah,
but
you're
right
yeah.
So
we
don't
need
this
token
review
token.
You
know
we
use
the
token
review
token
request
apis
to
solve
this
problem
right.
Essentially,
what
has
to
be
done
is
the
client
obtains
an
audience
scope
token.
Now
this
is
something
new
for
me,
too.
It's
been
around
for
a
while
after
I
dug
into
it,
but
I
it
just
did
not
surface
for
me.
C
Then
the
client
would
pass
the
security
token.
And
of
course,
in
our
case
also,
the
snapshot.
Namespace
Etc
right
is
part
of
the
grpc
parameters
and
then
the
whoops,
where
did
I
go,
the
sidecar
right
will
authorize.
This
cycle
is
authorized
to
actually
do
an
authentication
check
and
to
authorize
the
grpc,
just
like
we
had
before
in
the
web
hook
Etc.
So
you
know
it
really
solves
a
lot
of
things.
So,
essentially,
the
synopsis
of
what
we
will
be
doing
now
would
be
you
know,
as
before.
C
The
backup
application
will
directly
connect
to
the
CSI
grpc
snapshot,
metadata
service
and
bypass
the
kubernetes
API
server,
but
backup
application
must
first
use
get
the
token
from
a
token
request,
API
to
get
the
Right
audience
scope
token
for
the
CSI
driver
concerned,
then
the
Sidecar
or
shouldn't
say
session
anymore,
because
not
a
session.
Okay,
the
sidecar
is
available
to
front
the
SP
metadata
service
right
and
its
job
now
is
to
authenticate
the
client
with
the
token
review
API
to
do
the
subject.
C
Access
review
for
the
you
know
to
to
make
sure
that
the
snapshots
the
client
has
access
to
the
snapshots,
concern
and
then
do
the
usual
translate
of
the
IDS
and
proxy.
The
grpcc
call
so
much
less
moving.
Parts
the
entire
manager
piece
is
gone
right
or
it's
only
the
sidecut
to
be
deployed
with
the
SP
service,
but
but
something's.
E
E
I
mean
so
so
so
when,
when
an
administrator
installs
one
of
these
things,
there
needs
to
be
an
affirmative
action
where
they
say:
I
want
this
application
that
I'm
installing
to
be
able
to
call
these
apis
so
that
in
case
some
attacker
comes
along
and
just
tries
to
call
the
same
apis
like
they
get
denied.
And
this
thing
doesn't.
Let
me.
C
Jump
Ahead
rapidly
what
you
talk
about
over
here
right,
so
the
CSI
driver
definitely
needs
to
get
permission
set
up
to
do
the
the
authentication
pieces
I
was
looking
but
did
not
find
doesn't
mean.
My
search
was
correct.
There
is
something
maybe
the
app
every
kubernetes
service
account
automatically.
Has
the
ability
to
get
a
token
right,
I
haven't
figured
that
part
out
yet,
but.
E
C
C
Role:
button
yeah,
let
me
go
through,
you
know,
just
a
few
slides
and
then
and
then
I'll
be.
Let's
then
we'll
dive
in
okay.
Okay,
let's
share
you
know
we'll
put
that
in
the
question
in
the
parking
lot,
so
we
can
trash
it
out.
Okay,
so
just
to
go
over
there's
the
three
phases.
This
thing
there's
a
client
setup
phase
where
it
gets
where
it
gets
the
token
there's
the
authentication
and
authorization
phase
where
the
sidecar
validates
that
token
on
the
grpc
called
and
then
as
before,
right
the
proxy
grpc
stuff
happens.
C
Okay,
so
a
little
bit
clearer,
now
zoom
in
a
bit,
so
essentially
what
the
client
will
have
to
do
is
it
has
to
look
up
the
volume
snapshot.
The
volume
snapshot,
content
objects
to
get
the
CSI
driver
name.
You
know
at
this
point.
The
backup
line
by
actually
doing
this
is
you
know,
has
basically
has
to
have
permission
on
its
own
to
look
at
these
objects,
which
is
cool
then,
before
this
used
to
be
done
by
the
manager.
C
But
now
the
backup
application
has
to
search
for
this
registry,
where
the
CSS
driver
has
advertised
its
sidecar
right
and
this
this
object
is
same
as
before,
but
it
has
an
additional
strain,
which
is
the
audience
string.
This
is
typically
the
DNS
name
right
of
the
service,
but
we
could
choose
anything
we
wanted
to
right
it's,
so
we
will
have
an
audience
string
out
there.
C
Then
the
the
backup
app
will
then
make
a
token
request,
call
and
it'll
provide
in
that
body
right
the
audience
string,
and
you
know
it
could
be,
and
whatever
other
optional
parameters
like
expiration
or
if
it's,
if
it's
done
indirectly
by
a
projected,
you
know
service
volume
in
a
pod,
it
will
be
bound
automatically
to
that
pod.
Things
like
that,
so
the
validity
of
this
token
can
be
also
set
at
that
point.
So
the
token
which
comes
back
right
is
an
audience
token.
C
Okay,
then,
the
client,
of
course,
will
trust
the
ca
certificate
as
before,
which
now
enables
it
to
make
the
RPC
call
the
grpc
call
and
the
grpc
call
we
we
set
up
that
session
document
we
used
to
have
before
we
provide
this
audience
scope
token.
We
did
not
have
the
snapshot
namespace
before,
but
we
have
to
provide
it
now
because
there's
no
context
involved.
C
Oh
so
this
call
comes
into
the
side.
Car
and
the
sidecar
will
do
a
token
review.
The
token
review
takes
that
audience,
scope
token
from
the
RPC
call
and
the
sidecast
knows
its
own
audience
string.
How
does
it
know
it?
It
was
configured
that
way.
You
know
whatever.
Whatever
registry
information
was
there,
it
knows
that
same
thing,
so
it
knows
its
audience
string.
C
So
it
makes
a
token
review
call
and
the
it
sends
it
to
the
kubernetes
API
server
which,
whatever,
however,
it
it
works
under
the
covers
right
will,
will
decrypt
that
JWT
and
make
sure
that
the
audience
string
right
matches
over
here
and
it'll
come
back
with.
Authenticator
is
true
and
it
will
return
the
user
info
of
that
client.
C
That's
crucial.
Now
the
the
psycha
itself
needs
permission
to
be
able
to
make
this
token
review
call
and
that's
that's
something
which
you
have
scoped
in
a
later
slide,
which
I
just
flashed
early
on
so
now
the
sidecar
now
has
user
info.
So
now
I
can
turn
around
and
do
a
subject.
X
whoops
subject
access
review
right
with
you
know,
which
is
the
call
we
were
doing
before
on
the
web
hook.
So
now
we
can
do
a
subject:
access
review
to
check
that
the
the
caller
has
accessed
the
volume
snapshots
in
that
namespace.
C
If
that
comes
back
with
true
right,
then
we
can
proceed
as
before.
You
know
and
do
all
the
other
stuff
which
was
load
the
volume
snapshots,
the
contents
get
the
IDS
validate
existence,
Etc
and
then
proxy
the
grpc
call.
So
it's
actually
a
much
simpler
solution.
Less
moving
paths
than
before
and
definitely
easier
to
deploy
can.
E
C
F
B
F
B
Sorry
Ben,
you
can
also
control
like
access
to
like
a
URL
can
essentially
say.
Like
this
token,
it
only
works
for
this
URL.
So
I
think
like
to
your
earlier
questions
right.
So
essentially,
there
are
two
or
three
things
that
helps
to
safeguard
the
the
I
guess,
the
authentication
and
authorization
of
the
token.
B
Yeah,
it's
just
a
string,
so
there's
one
one
layer
of
it
and
then
the
second
layer
of
it
is
obviously
the
art
back
here
that
we're
talking
about
right
and
then
they
are
back
like
I
think
we
in
one
of
our
earlier
prototypes
from
last
year
like
and
we
discovered
that
not
only
can
It
authorize
like
access
to
objects
or
resources.
Like
one
snapshot,
you
can
also
like
Safeguard
like
a
URL.
That's
like
I
think
something
that
they
call
it
non-resource.
You
know
non-sumpthing
resource
on
URL
resource
or
something
like
that.
B
Last
thing
that
we
haven't
fully
Research
into
is
a
token
request,
actually
allow
you
to
say,
like
this
token
is
bound
to,
and
this
certain
object
yeah
next,
so
it
could
be
like
you
know
like
where
was
it?
There
was
a
I
think
Carl
pointed
it
out
somewhere
there
was
like
an
object
reference
bound
reference
somewhere
inside
the
token
request,
yeah
API,
so
right
there
yeah
like
so
that
one
there
you
see
like
the
yeah.
B
C
No,
no,
no
you!
It
would
be
fun,
it's
an
existential
thing:
it's
really
it!
It
helps
control
the
duration
of
that
token.
So,
essentially,
you
know
if
I
have
my
backup,
app
and
I'm
launching
a
pod
to
do
this
stuff.
I
would
bind
that
token
to
that
pod
and
kubernetes
can
do
it
automatically
with
a
projected
volume
right.
So
essentially,
what
happens
is
when,
when
you
do
the
review
request
and
you
have
a
bound
object-
the
cubelet
make
sure
that
the
bound
object
is
still
in
existence.
E
Okay,
but
but
what
I'm?
What
I'm
hearing
is
any
kubernetes
user?
That's
able
to
read
volume,
snapshots
and
volume
snapshot
contents
and
can
guess
the
audience
name
can
go
through
this
process
of
creating
it
constructing
a
token
and
obtaining
the
the
URL
and
authenticating
to
it
and
getting
granted
access
to
this
API.
Because
all
it's
going
to
check
at
the
end
of
the
day
is
you
have
a
token
that
anyone
could
get?
F
Just
to
add
one
more
thing,
so
obviously,
as
god
mentioned,
there
are
a
couple
of
two
main
ways
to
generate
the
token
One
is
using
the
token
request,
API
and
other
ways
to
you
know.
While
creating
a
forward
we
can
project,
we
can
inject
the
token
into
the
the
board
State
using
projected
field
for
the
first
method.
If
you
want
to
create
the
token
using
token
request,
API,
we
have
to
give
the
permission
to
this
resource
so
service
account
token
sub
resource
through
the
hardback
rules.
Obviously,
oh
yeah
yeah.
C
And
Ben
points
out
one
more
thing
you
know
so
so
far
I
haven't,
we
haven't
looked
at
whether
we
want
to
control
access
to
the
snapshot.
Metadata
service,
independent
of
access
to
the
volume
snapshot
object.
So
yes,
when
you're
right,
so
we
could
have
another
permission
defined
which
this
Backup
Service
app
has
to
get
right.
Okay,
yeah,
so
we.
E
C
D
E
E
E
D
Also,
there's
a
there's,
a
limitation
right,
I
mean
so
so
our
so
some
security
point
of
view.
We're
actually
really
concerned
with.
Can
you
get
data
out
that
gives
you?
You
know
information
about?
What's
stored,
I,
don't
think
the
CBT
is
especially
sensitive,
but
you
never
know.
There's
always
side
Channel
attacks
from
junk
like
that.
But
if
you
could
read
the
actually
read
the
data
by
creating
a
volume
from
the
volume
snapshot,
then
I
don't
have
a
big
concern
about
you
being
able
to
get
the
CBT,
so
it
can.
D
E
C
E
No,
no!
No!
No,
when
you
install
a
new
CSI
driver
as
part
of
that,
like
you
create
a
bunch
of
service
accounts
and
you
give
the
sidecars
access
to
all
kinds
of
kubernetes
resources
and
people
scrutinize
the
list
of
resources
that
the
CSI
driver
has
access
to
very
closely
and
says
you
know.
Obviously,
CSI
drivers
need
to
be
able
to
read
PVCs
and
they
need
to
be
able
to
write
PVS.
E
But,
like
the
moment
a
CSI
driver
is
like
reading
the
pods
people
say:
that's
weird:
why
would
a
CSI
driver
ever
need
to
look
at
a
pod?
You
know,
and
so
people
look
at
what
infrastructure
components
have
access
to
and
and
basically
what
the
proposal
has
stands
says:
we're
basically
piggybacking
on
the
ability
to
read
volume,
snapshots
and
volume
snapshot
contents,
and
if
you
can
do
those,
you
also
get
this
other
ability
for
free
and
I'm
saying:
let's
not
make
it.
You
know
implicit.
E
C
E
No
I
I'm,
suggesting
that
we
use
one
of
those
with
non-resource
URL
things
in
the
role
binding
so
that
when
you
or
sorry
in
the
in
the
role
this
or
the
club,
this
would
actually
be
a
cluster
role.
You'd
have
a
cluster
role
that
says,
you
know,
may
call
the
CBT
API
and
then,
when
you
create
the
service,
account
that
the
backup
application
runs,
as
you
just
bind
it
to
that
cluster
role
and
boom.
E
Now
it
has
access
and
when
that,
when
that
subject,
access
review
occurs,
the
thing
it
looks
at
is:
do
you?
Are
you
bound
to
a
role
that
has
you
know
CVT
API
in
it
and
if
no,
it
says
you're
not
getting
in
right,
just
just
to
have
an
explicit
handle
that
says
these
are
the
servers
accounts
that
may
call
this
API,
and
these
are
the
service
accounts
that
may
not
call
this
API
so
that
you
know,
and
you
can
have
it-
you
have
a
point
of
control.
Okay,.
C
E
C
F
C
B
F
E
B
C
C
C
E
C
E
Yes,
yes,
exactly
if
there's
some
special
object
which
the
granting
of
access
to
it
lets
you
do
this
and
nothing
else
then
like
then
it
would
serve.
The
purpose.
I'm
just
worried
that
if
we
piggyback
on
existing
objects,
then
things
that
happen
to
have
access
to
those
objects
will
implicitly
pick
up
this
new
permission,
yeah
and
that's
bad
yeah.
C
C
So
what
if
we
had
that
API
Group
and
we
had
a
resource,
called
snapshot,
metadata
sessions,
reception,
better
data,
API
or
session
or
whatever,
and
it
doesn't
exist,
but
it's,
but
it
is
a
a
resource
name
and
we're
looking
for
a
create
verb,
which
is
pretty
much
similar
to
what
you
know.
What
how
you
set
up
permissions
for
token
request
and
token
review
right.
You
just
use
these
names,
but
these
don't
actually
exist
in
hcd
or
anything.
C
C
That
is
it's
well
scoped,
because
for
one
thing
we
use
our
I
API
Group
right.
It's
not
an
arbitrary
thing.
We
use
the
iepi
group,
we,
you
know
we'll
specify
the
resource,
a
pseudo
resource
which
represents
what
we're
trying,
which
is
you
know,
access
to
this
snapshot
metadata
service
and
the
verb
is
create,
that's
it
which
is
not,
unlike
you
know,
token,
the
getting
permission
for
token
review
or
token
token.
E
C
C
C
F
C
E
Yeah
it,
it
should
be
clear
to
an
administrator
reviewing
his
cluster
roles
like
what
it
means
when
he,
when
he
sees
this
in
a
cluster
role,
and
aside
from
that
I,
don't
think
it
really
matters.
You
know,
as
long
as
there's
an
explicit
line
in
your
cluster
role,
that
granted
you
access
and
that's
the
thing
that
the
subject
access
review
is
looking
at
yeah.
Then.
E
Yeah
that
I
I
would
be
okay
with
that,
it
would
say,
get
access
on
the
snapshot.
Metadata
service
implicitly
grants
access
to
this,
because
why
would
you
be
talking
to
this?
Why
would
you
be
getting
snapshot
metadata
Services
unless
you
needed
access,
I
mean
I'm,
sure
I'll
be
proven
Wrong
by
some
Edge
case,
but
that
that
feels
closer
to
a
good
solution.
Yes,.
B
B
C
Know
that's
right,
but
it's
a
classic
binding,
but
it's
a
class
I
mean
really.
The
application
doesn't
know
where
the
volumes
are
going
to
be
right.
The
volumes
are
app
is
granted
access
to
volumes,
volume,
snapshots
and
volume
snapshot.
Contents
well,
volume
snapshots
of
the
namespace,
not
volume
snapshots
of
this
particular
CSI
provisioner
in
that
namespace.
It's
volume,
snapshots
of
that
namespace.
So
likewise,.
E
B
C
C
E
B
Yeah,
so
sorry,
so
one
other
question
Carl
so
as
far
as
I
can
tell
like,
if
the
going
back
to
that
bound
object,
reference
thing
that
we
talked
about
so
so
sorry
go
back
to
your
slide.
Deck
I
think
that
one
thing
that
we
are
missing
when
we
move
to
this
token
review
or
token
request
API,
is
that
we
don't
have
to
wait
compared
to
like
the
previous
session.
B
C
C
Saying
oh
I
see
I
see
that
yeah,
but
you
know
that
was
an
artifact
that
was
an
artifact
of
how
we
did
the
session
because
we
had
to
enumerate
the
objects
so
that
the
session
could
find
out.
Otherwise,
you
know
the
Creator
could
reference
some
objects
in
the
request
and
then
do
some
other
set
of
objects
in
in
the
actual
grpc.
So
we
had
to
qualify
that
that
is
an
artifact
of
our
solution,
which
we
have
to
do
to
make
sure
consistency
was
accomplished
now
right.
C
B
F
C
B
B
I
don't
know
if
it
is
a
big
deal
at
this
point
at
least
like
there's,
some
form
of
authorization
right
at
the
back
end
I.
Think
one
of
the
things
that,
like
the
risk
of
sounding
like
a
bit
like
oversimplifying
things,
I
think
this
security
itself,
as
we
all
pointed
I,
mean
many
times
such
a
big
thing
like
I.
Wonder
at
what
point
can
we
just
say:
okay
for
B1
alpha
one
of
the
first
phase
of
this
cap.
B
E
It
can
you
describe
the
the
the
realistic
use
case
for
a
backup
application
that
that
can
only
run
CBT
on
some
subset
of
the
possible
snapshots,
like
I
I
feel
like
a
backup
application
needs
access
to
everything
to
do
its
job.
The
the
thing
I'm
concerned
about
is
I.
Think
I
don't
want
things
that
aren't
backup
applications
to
be
able
to
call
this
API.
E
D
Yeah
and
I
think
that's
fair,
yeah
well,
I
mean
people
have
you
know,
people
do
run
in
some
environments
where
they
don't
get
full
system
Privileges
and
they
want
to
have
like
backup
of
just
their
namespace,
for
example.
So
we
had
people
asking
for
this.
You
know
that
they
would
want
to
just
install
Valero
for
themselves.
D
E
B
E
E
D
Yeah
I
would
say
that
for
the
security,
if
we
try
to
tighten
it
in
a
in
a
later
version
that
tends
to
cause
problems,
if
we're
like
adding
additional
capability,
like
you
know,
hey
here's
the
ability
to
let
users
have
finer
grain,
you
know
not,
they
don't
need
cluster
roles
or
you
know
cluster
permissions
to
use
it.
So
we're
kind
of
loosening
it
up,
but
also
you
know,
make
it
finer
grain,
that's
probably
something
we
can
pull
off,
but
you
know
something
where
it's
like.
F
E
D
D
Not
arguing
that
we
do
that,
that's
that's
something
where
we
can
that's
loosening.
Actually,
so
initially
we're
saying
you
gotta
have!
So
if
so
your
proposal
was
initially,
we
say
you
got
to
have
basically
cluster
admin.
You
know
very
high
level
of
privilege
to
use
this
so
basically
cluster-wide
permission
and
that's
something
that
you
don't
hand
out
to
every
application
right
and
then
we'll
give
you
finer
grain
controls
in
the
future
which
won't
break
like.
If
you
already
had
cluster
cluster-wide
permissions,
adding
the
namespace
scoping
isn't
going
to
break
running
applications
right.
C
E
D
D
E
E
D
C
E
Right
right,
that's
why
I'm
saying
like
this
backup
application
is
fundamentally
an
infrastructure
component.
The
way
we've
designed
it
to
try
to
install
it
as
a
user
application
in
a
username
space
would
never
work
and,
and
you
would
have
to
start
granting
it
cluster-wide
access
to
certain
resources.
C
E
C
Hear
you
but
consider
this
right,
I
mean
right
now:
it's
talking
about
the
volume
snapshot
existing
most
likely.
The
backup
application
was
the
one
that
created
the
volume
snapshot
right,
in
which
case
it
had
access
to
the
PV
and
from
the
PVE.
It
could
get
the
provision
a
name
that
CSI
driver
name.
So
in
other
words,
it's
already
got
the
driver
name.
So
it
could
just
jump,
skip
this
step
right,
just
create
the
snapshot,
skip
this
step
about
looking
up
the
content
and
you
know,
go
for
the
metadata
service
directly.
So.
E
C
E
All
right:
well,
it
I
think
we
need
to.
We
need
to
make
a
call
whether
we
think
that
the
per
namespace
backup
application
is
a
real
use
case,
because
I
do
think
we
could
back
ourselves
into
a
corner
where
we
say
we're
not
going
to
support
it
today
and
then,
if,
tomorrow
we
change
our
minds
yeah,
we
realize
we
made
a
decision
that
that
really
really
causes
problems.
I.
D
E
D
B
D
So
so,
right
now,
I
can
write
an
app
I
mean
backup
is
not
the
only
use
case
for
volume.
Snapshotting
right,
you
could
be.
You
know,
there's
a
there's
any
number
of
things
and
it
could
even
be
something
like
say.
For
example,
you
have
an
operator
that
does
its
own
backup.
This
is
something
we've
talked
about
right
right
now.
It
could
do
that
by
say,
taking
a
volume
snapshot
and
then
doing
a
block
dump
or
whatever
it
does
it.
D
Maybe
it
knows
how
to
read
the
format
or
something
whatever
it
does
right,
but
it
can
do
currently.
It
can
currently
use
volume
snapshot,
only
it's
resources,
and
that's
just
fine.
So
why
would
we
add
an
API
that
gives
you
an
optimization
on
volume
snapshots
but
not
make
it
available
to
anybody
who
can
use
volume
snapshots.
E
E
Right
but
but
in
order
to
interact
with
the
actual
storage
device
and
like
do
things
you
need
you
need
that
handle
so
like
ordinary
users.
Don't
need
that
information
to
do
what
they
need
to
do,
because
the
sidecars
do
the
work
for
you
the
moment.
You're
writing
a
new
infrastructure
component
that
might
have
to
interact
with
the
action.
D
E
E
I
guess
I
need
to
think
through
which
pieces
are
likely
to
be
present
on
any
given
cluster
under
different
circumstances
and
whether
there's
any
novel
way
to
put
them
together
that
we
haven't
thought
of,
because
what
we're
envisioning
here
is
a
cluster
with
a
a
storage
device.
That
is
explicitly
supports.
The
CBT
API
and
a
backup
application
that
explicitly
takes
advantage
of
the
CVT
API
and
the
the
glue
between
them
is.
E
D
E
Is
there
I
get
what
you're
saying
I'm
just
I'm
trying
to
think
like
so
so?
If,
if
we
Design
This
with
the
whole
cluster
backup
use
case
in
mind,
and
then
someone
says,
hey
I've
got
an
idea
I'm
going
to
write
one,
that's
namespace
specific
like
can
they
do
that?
That's
what
I'm
trying
to
figure
out
right.