►
Description
Kubernetes Data Protection WG - Bi-Weekly Meeting - 19 May 2021
Meeting Notes/Agenda: -
Find out more about the Data Protection WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMware)
A
Hello,
everyone
today
is,
may
19
2021.
This
is
the
kubernetes
data
protection,
one
group
meeting.
So
today
we
have
a
few
things
on.
The
shenzhen
gave
a
presentation
at
kubecon
about
the
data
production
group
and
we
got
some
questions,
so
we
will
first
discuss
this
question
that
we
got
there
and
then
we'll
go
over
some
caps.
B
B
A
Really,
okay,
oh,
I
thought
I
thought
there
was.
I
was
actually
just
reading
this
because
I'm
not
really
familiar
with
how
this
works.
I
was
just
reading
this.
This
is
a
you
know:
amazon
rds.
It
says
that
you
can
also
perform
a
user
initiated
backups,
I'm
not
sure.
If
that
helps
so
you're
saying
you
are
actually
using
this
automatic
one.
Yes,.
A
B
I
work
for
the
dutch
government
and
the
dutch
government
has
a
special
agreement
with
micros
with
only
microsoft,
so
we
can
only
measure
and
azure
isn't
as
complete
in
its
services
as
amazon
is,
unfortunately,
oh
you're
saying
it
does
not
have
this
way
for
you
to.
You
know
I
think
you
can
trigger.
I
think
you
can
trigger
external
backups,
but
what
you
can't
do
is
store
the
backups
outside
of
your
environment.
B
A
B
A
C
C
A
D
What
we
do
is
so
I'm
tom
from
castin
customer
by
veeam.
What
we
do
is
we
treat
it
like
a
snapshot,
so
we
treat
the
cloud
provider
apis
like
a
snapshot
and
then
what
we
do
is
we
do
a
logical
we.
You
can
go
through
and
do
a
restore
of
that
snapshot
separately
and
then
do
an
export
of
that
data
using
a
logical
dump.
D
So
you
you
mentioned
postgres.
So,
for
example,
you
can
do
postgres.
Dump
that
extracts
data
logic
level.
Then
you
can
put
it
kind
of
into
any
backup
repository
you
want.
There
are
not
for
many
databases,
you're
exactly
right,
they're,
not
good
apis
to
get
data
out
into
external
systems,
except
through
kind
of
the
the
database
protocol
itself.
Right.
D
And
then
export
data,
it
takes
kind
of
the
same
approach
where
you
do
a
local,
restore
and
then
export
it,
but
we
yeah
the
apis
for
aws
I
mean
I'm
pretty
familiar
with
I'm
a
little
bit
less
familiar
with
the
backup
apis
for
azure,
but
with
aws.
They
have
a
pretty
rich
suite
of
backup
apis
that
you
can
take
snapshots
of
your
systems.
A
B
Sure
it's
a
great
start,
but
I
think
we
have
to
look
into
so
most
cloud
providers
today
have
a
way
of
creating
cloud
resources
from
kubernetes,
so
you
can
see
them
as
kubernetes
resources
and
what
would
be
great
if
we
could
extend
that
api
to
also
include
things
like
backup
and
snapshots,
and
things
like
that
right
now.
I
think
none
of
them
really
have
that
they
only
allow
you
to
create
a
database
or
a
database
server
from
these
apis.
A
B
A
F
A
Yeah,
we
maybe
you
know
some
of
those
we
can
even
have
a
session
in
this
group.
I
think
it's
it's
interesting
yeah,
because
I'm
not
I'm
not
sure.
I
thought
I
thought
this
is
a
at
least
right
now.
I
thought
we
don't
have
a
way.
So
until
I
just
hear
about
this,
today
looks
like
there
is
a
way,
actually
so
yeah,
so
I
think
maybe
yeah.
Maybe
we
can
so
tom.
Maybe
we
can
have
a
session
here
as
well
if
of
course,
free
free.
D
A
Okay,
do
you
have
anything
else
about
this
topic?
I
see
that
in
modern.
You
also,
I
think
that
you
added
some
comments
to
our
white
paper
just
trying
to
include
this
one
in
our
scope,
so
I
think
yeah,
let's
see
after
tom's
demo
and
see
what
what
we
should
do,
because
I
was
not
quite
sure
how
to
handle
this
yet
yeah.
So,
let's
take
a
look.
E
G
G
Now
we
had
been
confident
that,
like
the
probability
of
anyone's
workload
being
broken
was
like
very
very
low,
but
the
current
stance
of
the
kubernetes
api
team
is,
it
has
to
be
zero.
We
can't
even
risk
it
so
so
we
can
put
this
new
plan
with
the
help
of
the
the
kubernetes
api
folks.
So
I'm
gonna
outline
what
the
plan
is
over.
G
All
the
different
releases,
so
in
122
we're
going
to
introduce
a
new
alpha
field,
called
data
source
ref,
it's
going
to
be
controlled
by
the
existing
any
volume
data
source,
feature
gate,
we're
going
to
add
backwards,
compatibility
logic
to
cube
api
server
such
that
you
know.
If,
if
you
have
clients
using
the
new
field
and
clients
using
the
old
field,
everything
interoperates
in
exactly
the
way
you
would
expect
without
the
potential
to
break
anything
that
already
exists.
G
So
there's
a
lot
of
thought
went
into
how
to
do
this
right
and
the
kep
spells
it
out.
If
you're
curious
about
the
details,
we'll
document
this
as
a
new
alpha
field
and
in
this
time
frame,
I
expect
to
update
the
existing
volume
populators
implementations
to
use
the
new
field
so
that
you'll
have
to
switch
on
this
feature
gate
in
a
kubernetes
cluster
to
actually
test
the
volume
populator.
But
that's
how
it
is
today
already
so
so
that's
not
going
to
be
too
new.
G
A
G
G
Everything
in
the
field
is
identical
to
the
data
source
field.
It
just
has
a
different
name,
and
it
has.
It
has
different
semantics
such
that,
if
you
put
garbage
into
it,
unlike
today,
where
your
garbage
just
gets
ignored,
you
will
the
garbage
will
either
be
accepted
or
you'll,
get
a
rejection,
error
and
it'll
throw
out
your
pvc
so
so
you'll
all
you'll
never
have
a
situation
where
the
user
input
will
be
ignored.
G
You'll
either
get
a
success
or
an
error.
And
then,
if
you
get
a
success,
you
know
the
the
results
will
depend
on
exactly
what
the
data
source
is
and
whether
the
popular
is
installed
and
all
the
current
considerations
that
you
have
with
the
old
design
so
and
and
I'm
happy
to
go
into
detail
on
on
on
how
this
is
going
to
work.
G
If
we
want
to
discuss
it,
but
I
just
wanted
to
lay
out
the
initial
plan
so
so
in
the
1283
time
frame,
this
would
mean
the
data
or
volume
populators
would
be
usable
on
production
clusters,
because
the
feature
gate
would
be
turned
on,
and
that
would
be
the
release
coming
in
the
winter
time.
I
think
if
all
goes
well
in
124,
this
new
feature
would
move
to
ga.
G
G
Now,
even
if
new
users
did
use
the
data
source,
ref
old
clients
will
continue
to
work
and
be
compatible
and
nothing
will
break.
I
want
to
emphasize
that,
but
but
like
this
has
to
be
the
the
path
forward
to
sort
of
get
past
the
existing
bad
design
with
the
data
source
field
in
the
125
time
frame,
we
would
probably
be
switching
the
external
provision
or
sidecar
to
start
using
the
new
field.
G
G
Yeah,
what
it
would
mean
is
is
people
who
were
using
like
yaml
from
today
to
create
a
pvc
from
a
snapshot.
It
would
work
exactly
the
way
it
does
today,
people
that
were
using
side
cars
from
today
that
that
are
working
on
the
data
source
field.
They
would
continue
to
work
the
same
as
well.
They
might
receive
deprecation
warnings,
but,
like
you,
can
ignore
those
so.
A
E
A
G
G
It'll
have
two
copies
of
the
data:
yeah
it'll
just
be
a
little
ugly,
but
but
we'll
tell
people,
don't
don't
look
at
that
old
field?
It's
it's.
It's
legacy
cruft,
but
you
know
we.
Obviously
we
have
to
keep
it
for
backwards,
compatibility
all
the
way
up
to
you
know
one
dot
whatever
and
then
someday
kubernetes
2.0.
We
would
remove
the
data
source
field,
but
this
will
probably
never
happen.
So
this
is
just
to
emphasize
that
you
know
if
there
is
ever
a
2.0.
G
G
A
A
G
A
A
G
What
we'll
do
here
is
we'll
we'll
copy
this.
This
field
data
source,
so
line
line
459
will
get
cloned
and
there'll
be
a
second
field
with
the
same
type
called
data
source.
Ref,
we'll
probably
update
the
comments
to
remove
any
reference
to
custom
resources
in
the
old
field,
because
we
won't
support
them
and
those
will
all
be
moved
to
the
new
field
and
and
then
there
will
be
compatibility
between
the
two.
A
A
G
G
Therefore,
if
an
old
client
looks
at
it,
it'll
see
the
data
source
that
it's
expecting
and
if
a
new
client
looks
at
it,
it'll
also
see
the
new
field
and
then-
and
if
you
specify
this
yaml
with
data
source
ref
instead
of
data
source,
the
same
thing
would
happen.
It
would
populate
the
data
source
ref
field,
with
what
you
wanted.
Oh.
G
Yeah
it'll
copy
you
back
too
yeah.
The
crucial
thing
is,
if
you
specify
something
other
than
a
pvc
or
a
snapshot
today
in
the
data
source
field,
what
happens?
Is
it
just
gets
ignored?
Like
you
never
specified
anything,
you
get
an
empty
volume.
If
you
try
to
do
that
with
the
data
source
ref
field,
it
will
either
accept
it
and
and
preserve
the
contents,
and
then
you'll
get
a
pvc
with
that
data
source
set
or
if
it's
invalid,
you
will
get.
A
G
A
A
A
G
A
A
A
G
G
A
F
A
No,
no,
no,
I
know
there
are.
I
know
there
are
people
who
actually
use
this
already,
but
it's
just
of
course
that's
only
for
cloud
providers,
but
anyway,
I
was
just
trying
to
see
if
there
were
any
feedbacks
from
this
group.
That
was
that's
why
I
was
asking
this
because
I
does
not.
I
didn't
hear
anyone.
This
was
surprised
by
this.
A
A
G
A
A
A
Yeah
yeah
backup.
Yes,
they
use
that
so,
but
that's
just
for
that,
but
then
that's
not
going
to
work
for
for
other
storage
systems.
Well,
the
snapshot
is
actually
local
right.
So
it's
just
not
not
right.
That's
what
I'm
just
saying!
That's
why
I
was
asking
if
anyone
actually
is
already
has
already
been
using,
I'm
just
thinking
that
some
backup
software
actually
uses
in
for
some
code
path.
That's.
D
E
G
D
G
A
A
So
this
cup
we
actually
got
an
approval
from
the
front
team
api
reviewer,
so
which
is
good,
so
we
made
some
progress
that
we
actually
so
he
actually
gave
a
look
good
to
me
so
right
now
we
are
waiting
for
review
from
signaled,
but
we,
you
know,
passed
the
merged
airline,
so
this
is
going
to
be
1.23,
but
we
want
to
get
this
cub
merged
early.
I
don't
want
to
wait
until
the
merge
deadline
yeah.
So
that's
this
one.
A
And
and
then
for
cozy,
I
just
want
to
give
a
quick
update
so
that
cap,
it's
a
it's
a
very
big
cap,
so
we
didn't
meet
the
we
didn't
make
the
merge
deadline,
but
then
we
realized
that
all
the
development
work
for
cozy
actually
happened
out
of
three,
so
we
don't
have
to
be
restricted
by
this
merge
deadline.
Actually,
so
we
can
actually
continue
to
work
on
this
continue
with
the
api
review
still
trying
to
get
this
one
in
1.22
timeframe.
A
A
D
Yeah
definitely
so
we
added
ransomware
to
our
product,
but
this
was
obviously
a
vendor
neutral
talk,
so
we
just
talked
about
how
to
build
this
kind
of
on
your
own,
and
so
what
we
we
described
is
how
to
create
immutable
backups
in
s3,
using
the
different,
advanced,
locking
apis
that
the
s3
protocol
provides.
It.
We've
also
tested
it
with
many
different
providers
that
have
the
s3
protocol
and
it
seems
to
work
with
the
ones
we've
tested,
but
obviously
like
different.
D
If
you
you
have
your
own
version
of
s3,
maybe
you
don't
have
to
run
all
the
locking
apis,
but
I
think
it
went
pretty
well
with
a
good
attendance,
some
good
feedback,
but
yeah
it's
it's
this.
This
is
kind
of
a
mix
of
a
fairly
technical
talk,
so
we
dive
into
the
exact
apis.
You
need
to
use
if
you
want
to
back
up,
have
immutable
backups
in
s3.
D
A
A
A
A
D
A
A
A
D
D
A
G
G
E
Well,
there's
there's
a
huge
topic
or
a
huge
sort
of
debate.
I
guess
ultimately
around
whether
or
not
in-person
attendance
should
be
gated
on
the
basis
of
establishing
that
you
you've
been
vaccinated
and
that
gets
into
a
lot
of
hairy
issues
and
the
board
has
a
working
group
that
will
be
touching
upon
that.
But
you
know
another
factor
is
that
certain
corporations,
you
know
as
a
from
a
corporate
events
policy
just
basically
aren't
doing
anything
in
person
this
calendar
year.
E
Not
not
yet
but,
like
I
said,
planning
ongoing
for
both
both
both
scenarios.
It
does
get
a
little
hairy.
I
mean
it
could
be
as
straightforward
as
if
you
can
stop
show
me
some
sort
of
authenticated
vaccination
come
on
in
and
if
not
or
if
you're,
not
comfortable
or
whatever
attend
the
virtual
event,
but
none
of
that's
been
decided
yet.