►
Description
Meeting of Kubernetes Data Protection WG - 12 July 2023
Meeting Notes/Agenda: -
Find out more about the DP WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMware)
A
Three
hello:
everyone
today
is
July
12th
2023.
This
is
the
kubernetes
data
protection
working
group
meeting
and
I.
Think
today
we
continue
to
talk
about
the
CPT
cup
so
who
will
be
giving
an
update
car
weave
on
Prasad.
B
B
B
B
Okay,
so
Ivan
has
done
most
of
the
boilerplate
work
here
for
because
he
has
history
over
the
you
know
what's
there
so
that
you
know
the
the
information
on
the
test
plans
and
all
you
know
so
some
things
may
not,
you
know,
are
there
from
previous
things
and
and
the
main
things
we
filled
in
are
the
you
know,
proposal
and
design,
detail
sections
hey.
A
B
A
A
B
Okay,
so
this
is
this:
is
the
new
change
block
tracking
updated
PR?
B
Okay,
so
we
filled
in
the
proposal
section
the
design
details
section
for
the
most
part,
this
part
onwards,
the
test
plan
and
all
are
kind
of
boilerplate
right,
but
we
really
haven't
focused
on
it
right
so
essentially,
we've
gone
I.
Guess:
we've
gone
from
motivation
to
about
test
plan,
so
you
know
the
rest
of
it.
I
think
I
even
filled
up
a
lot
of
it
from
his
previous
attempt
right.
B
He
had
a
lot
of
information
there
which
he
which
he
reused
and
he
had
experienced
there
filling
that
stuff
up.
So
you
know.
C
Yeah
yeah,
we
fill
up
the
the
production,
Readiness
review
section
and
all
the
Alternatives
like,
which
is
some
high
level
description
of
the
previous
prototypes.
C
The
test
plan
itself
right
now
is
a
bit
light
on.
The
content
is
because
even
looking
back
at
some
of
the
previous
cap,
like
just
don't
know
how
much
details
we
need
to
put
into
it
that's
test
plan.
We
need
to
revise
it
like
because
this
was
put
together
before
the
designs
commission
was
added
or
written
down,
so
yeah
go.
C
Do
another
pass
on
it
to
update
the
test
plan
and
maybe
like
trying
to
strike
the
balance
between
too
much
test
thumb
steps
versus
like
just
enough
to
convey
what
we
wanted
to.
B
B
I
mean
we
can
give,
we
will
give
it
some
more
thought
now.
We've
got
the
bulk
of
it
out
of
the
way
you
know
we
can
briefly
go
over.
What's
there
right
again,
it
should
nothing
should
be
a
surprise
to
people
who've
seen
the
presentation
over
here.
There
have
been
tweaks
in
the
sense
that
you
know
we
we
resolved
names
right.
We
we
looked
at
some
of
the
name,
the
names
we
had
used
in
the
previous
thing,
and
you
know
we
threw
out
some
and
and
changed
things.
B
So
you
know
you'll
see
you'll
see
that
over
there
there
is
the
section
here
on
on
the
user
stories
right
anyway,
the
pro
so
the
way
you
read
this
thing
is
this
proposal
section:
has
the
I
guess
a
story
like
non-detailed
introduction
to
what
the
whole
thing
is
about,
so
you
read
this
section.
First,
you
should
get
a
gist
of
everything,
and
this
includes
the
overall
figure,
updated,
of
course,
to
reflect
all
the
new
names.
B
Then
you
know,
there's
a
there's
a
there's,
a
user
story
section
which
talks
about
whether
these
are
not
our
sections.
Okay,
I
mean
these
are.
This
is
what
the
the
template
requires,
but
it's
a
nice
template
so
use
a
story
section
which
describes
from
an
app
from
a
consumer
perspective
what
you're
going
to
get
out
of
this.
So
you
know
we
filled
those
out
some
caveats,
Etc
right
which
are
worth
paying
attention
to,
and
then
this
actually
was
a
tough
section.
There
is
some
mitigation,
so
we
talk
a
lot.
B
B
If
not,
please
chime
in
and
you
know,
identify
them,
so
we
can
make
sure
they're
plugged
right
so
big
thing
about
the
spoofing
and
other
things:
the
the
security
model,
without
naming
precise
roles
right,
just
the
need
for
security
and
what
permissions
are
required
and
why
so
all
that
is
laid
out
in
that
section
and
then
then
there's
the
detail,
design
section,
which
talks
about
the
the
grpc
itself
right
and
a
description
of
all
those
of
all
those
fields.
B
Then
the
deliveries,
the
kubernetes
components
which
we're
proposing
have
to
be
there
right.
There's
the
session
manager
piece,
the
metadata
service
right,
the
site
car.
B
So
then
we
talk
about
the
custom
resources
used
to
implement
all
these
things
right.
The
details
are
there.
This
is
stuff.
We
had
demonstrated
a
lot
in
in
the
Prototype
so
that
three
of
these
CRS,
which
are
described
in
gory,
detail
over
here
and
then
you
know,
descriptions
of
the
of
the
community
provided
component
and
the
SP
component.
That's
the
session
manager
piece.
What
is
it
got?
What
does
it
do
the
side
copies
right?
What's
its
job?
B
How
does
it
do
it
and
what
the
vendor
has
to
provide
in
terms
of
the
snapshot
session
service,
so
that
is
pretty
much
what
we've
got
so
far.
D
B
Picked
up,
we
updated
it
to
reflect
the
the
suggestions
you
made
last
time,
Ben
so,
for
example,
the
volume
snap
you
know
the
the
volume
snapshot
Content
Volume
snapshots
right.
We
just
required
that
the
driver
have
access
to
that.
We
looked
at
a
few
actual
implementations
and
you
know
every
every
implementation
has
its
own
way
of
granting
its
CSI
driver
service
account
these
permissions.
So
we
backed
out
of
the
role
you
know
we
had
proposed
roles
Etc,
we
dropped
all
that
and
said.
D
Well,
yeah,
so
so
I
really
like
the
the
current
design
for
like
how
the
data
flows
and
what
connects
to
what
yeah
and
I
what
I
remember
being
a
little
intimidated
by
was
just
the
yeah,
the
thinking
through
of
like
who
has
access
to
What
secrets.
And
what
is
that?
Actually,
like
tell
you
I
I
guess
you
mentioned
earlier,
having
six
security
looked
at
that
and
I
I
really
like
that
idea,
because
I
think
they're,
probably
better
equipped
to
to
Think
Through
the
the
yeah
yeah.
D
It
makes
our
job
easier
makes
their
job
easier
and
it'll
probably
be
more
secure,
and
so
I
I
was
just
so
I'm
glad
to
hear
it's
gotten
simpler,
I
did
just
the
the
specific
mechanism.
Is
that
there's
some
internal
component
that
will
be
Community,
provided
that
will
actually
be
generating
some
kind
of
secret
short-lived
tokens
that
will
flow
from
from
that
Community
component
through
kubernetes
to
the
backup
software
and
the
backup
software
will
provide
it
to
the
or
back
to
what
or
I'm
trying
to
remember.
Is
it?
B
B
D
So
then,
that
that
sidecar
completes
the
authentication
step
and
says:
okay,
this
person
is
allowed
or
this
client
is
allowed
to
be
asking
for
this
data
and
then
the
SP
just
provides
the
data,
assuming
that
the
authentication
has
been
done,
that's
correct,
so
so,
okay,
so
it's
really
just
this
one
short-lived
token.
Yes,
that
makes
a
round
trip
that
that
is
our
security
mechanism,
we're
not
rolling
on
anything
else.
That
is
great
I.
D
C
That's
the
best:
that's
the
best
possible
situation,
I
think,
okay,
yeah,
so
so
Ben,
one
of
the
things
that
we
have
so
in
terms
of
like
I'm,
trying
to
simplify
the
mechanism
like
a
thing
like
I
think,
like
we
have
like
put
quite
a
bit
of
thoughts
into
it,
to
see
how,
if
it
is
possible
to
simplify
it
further
I
guess
maybe
part
of
it
is
like
you
know.
We
are
too
deep
into
like
on
the
design
like
from
this.
C
At
this
point
like
we
just
don't
see
like
how
it
can
be.
It's
simpler,
yeah.
C
And
hence
like
having
that
external
voice
from
sick
security,
like
might
help
you
know,
maybe
like
they
will
open
another
thing
that
we
have
not
seen,
but
you
know
I
guess
like
it
really
voiced
part
of
it.
It
really
boils
down
to
like
if
we
want
at
this
point
right
like
if
we
want
to
do
token.
I
think
this
is
as
simple
as
we
can
think
of
maybe
some
external
opinions
and
say:
oh
and
actually
there's
a
simpler
way.
That
would
be
great,
but
you
know
yeah.
D
D
These
rest,
API
or
sorry,
not
rest
API,
these
these
grpc
connections
and
and
but
it
has
to
be
multiplexed
to
potentially
multiple
storage
devices,
and
we
need
a
mechanism
that
sort
of
just
works,
and
this
is
something
that
kubernetes
hasn't
done
before
I
think,
which
is
why
we're
inventing
something
new
right.
D
The
first
pushback
you'll
get
is
like.
Why
don't
you
just
do
this
like
everyone
else
and
and
then
we
need
to
explain
you
know
because
we're
solving
a
problem
that
hasn't
been
solved
before
and
then
I
think
the
rest
of
the
conversation
should
just
be
about
you
know,
is
it?
Is
it
actually
secure
right.
C
Right,
yeah,
so
sorry,
what
what
is
what
is
like
everyone
else
doing
in
terms
of
like.
C
So
I
guess
like
while
we're
waiting
for
Ben
like
so
like.
We
know
this
that,
but
for
what?
What
is
what
we
noticed
that
there
is
this
thing
called
the
token
requests
API
within
the
CSI
driver?
C
Do
you
have
guys
know
like
what
the
review
process
of
that
thing
looks
like
I
mean
I
mean
that
I
totally
understand?
There
are
different
features,
but
was
it
like?
Did
you
guys
have
to
bring
it
to
seek
security
or
like
on.
A
The
security
part
so
I
have
pinned
it's
actually
not
sick
security
tag
security.
So
there
are,
there
are
some
folks
there,
I
I,
linked
the
issue
in
the
car
in
this
Cup
itself.
I
just
pinned
them
and
see
what
they
what
they
want
to
do.
They
want
to
come
to
this
meeting
or,
if
you
want
us
to
present
this
in
their
meeting
or
what
they
want
to
do
so
I
have
pinned
them.
So,
let's
see.
E
C
Yeah,
so
sorry
I'm
not
talking
about
this
cat
I'm
talking
about
like
you,
you
know
how
like
it's
like
the
CSI
driver,
spec
there's,
like
a
token
actual
token
request.
Api
I
just
want
to
get
a
sense
of
what
that
review
process
looked
like
back,
then,
just
so
that
you
know
that
we
know
we.
We
are
contacting
the
right
forums
and
talking
to
the
right
people,
so
am.
E
C
A
E
Jordans
is
off,
but
in
general
it's
part
of
a
security
and
compliance.
Okay,.
C
Ben,
are
you?
Are
you
back
yeah
I'm
back,
okay,
I
was
just
asking
for
what
is
worth.
We
noticed
that
there
is
like
inside
the
CSI
drivers
back
there.
Is
this
some
token
request,
API
I
know
it's
like
completely
different
features,
but
I
just
want
to
get
a
sense
of
like
what
that,
if
you
folks
know
what
that
review.
A
Process
is
that's
a
particular
feature.
I
think
that
was
driven
by
someone
from
it's
a
different
different
Sig
that
one
that
person
maybe
is
from
sick
art
or
something
so
he's
from
a
different
yeah.
E
A
D
C
B
Yeah
yeah
and
then
in
regards
to
the
last
point
you
made
I,
think
I
even
had
at
the
bottom
of
this
thing
right
his
over
here
right,
Alternatives,
right,
I,
think
some
of
the
history
over
here
of
what
what
we
did
right
will
explain
why
you
know
why
the
model
works.
This
way
right,
it's
down
here
and
I!
Think
at
the
beginning,
when
we
talk
about
where
we
talk
about
the
goals
right
to
essentially
relay
a
large
amount
of
snapshot
metadata
without
overloading
the
kubernetes
API
server
right.
B
D
Yeah,
probably
I
I,
guess
I'm,
just
thinking,
even
a
very
thorough
read,
will
not
have
all
the
history
and-
and
we
should
just
be
prepared
to.
You
know
summer
summarize
briefly
like
why
this
is
a
why
this
is
somewhat
unique
problem
where,
where
we
have,
you
know
three
different
parties
acting
and
we're
trying
to
Multiplex,
possibly
multiple
backup,
vendors
and
multiple
storage,
vendors,
all
in
the
same
cluster
at
the
same
time,
and
we
need
a
mechanism
for
everyone
to
talk
to
everyone
securely.
F
D
C
People
get
there
faster
yeah
again
in
terms
of
the
Alternatives
and
history
that
we
explore.
Yeah
again,
I
tried
to
strike
a
balance,
say
I,
don't
want
to
go
sections
to
get
too
heavy
and
just
kind
of
overshadow
the
rest
of
the
content.
C
One
thing
that
I
think
we
call
and
I
did
discuss
is
like
and
as
some
folks
read
through
this
like,
you
will
notice
that,
like
there's
a
bit
of
a
deviation
from
I,
guess
the
I
guess
it
kind
of
poisoned
culture
as
well
like
the
division
from
like
change,
block
tracking
to
snapshot
Carl.
Do
you
want
to
just
quickly
explain
that
to
everyone
here
like
why?
There's
a
little
bit
of
a
switch
I'm.
B
C
I
was
just
trying
to
recall
like
what
we
were.
Where
did
our
discussion
led
us
to
I
I?
Guess
it's
more
like
previously
in
the
previous
cap,
like
you
know,
we
used
terminologies
and
naming
convention
that
directly
reflect
things
like
it's
the
the
snapshot
changes.
You
know
the
block
level
changes
the
Deltas.
You
know
things
like
that
right.
So
at
least
like
the
concept
of
the
diff
and
the
Deltas
was
represented
like
throughout
the
cap
and
the
namings
and
all
those
things.
B
Yeah,
that's
I,
see
what
you
mean
yeah,
so
the
previous
caps
right.
The
focus
was
a
lot
about
transmitting
the
data
efficiently
through
various
things
that
we
went
to
the
AG
API.
We
went
through
all
sorts
of
things
right
to
try
and
reduce
the
load.
We
actually
got
rid
of
all
that
because
we're
saying
the
application
just
uses
the
grpc
directly,
so
we
don't
Focus
as
much
on
the
blocks,
you're
right
and
but
instead
most
of
the
focus
is
on.
How
do
we
securely
set
up
this
see?
I
mean
if
you
look
at.
B
C
Just
like
you
know,
I
want
to
make
sure
that
you
know
folks
on
this
car
like
when
they're
with
this
cap,
like
you
know,
maybe
there's
something
to
just
a
minor
detail
to
keep
in
mind
there.
B
Yeah,
please
feel
free
to
put
comments
on
this
thing
now.
I
think
we
are
ready
to
take
comments
and
if
y'all
have
any
better,
you
know
any
suggestions
of
how
to
abstract
out
a
security
threat.
I
mean
I
was
just
thinking
based
on
what
y'all
just
said,
there's
a
some
sort
of
notion
of
a
security
threat,
diagram
right
and
then
that's
essentially
how
you
define
security
policies.
A
Okay,
so
I
just
checked
the
seek
seek
off,
so
they
have
meetings
on
Wednesdays
I
think
there
was
a
one
meeting
which
should
be
next
Wednesday.
So
we
could
add
this
in
their
agenda.
B
A
There
yeah,
but
you
have
to
put
it
on
the
agenda
right,
you
make
sure
absolutely.
Maybe
you
have
to
go
there
twice.
That's
also
possible,
since
this
is,
it
is
definitely
complicated.
Yes,
it's
not
like
you
ask
people
to
review.
They
will
have
good
time.
Yes
right,
also
code
phrases
come
in
so
that
and
they
people
I'm
just
saying
people
may
be
busy
with
those
so
but
yeah.
C
So
let
us
know
what
is
the
best
way
to
socialize
this.
You
know
there's
a
lot
of
Concepts
there's
a
lot
of
reading
to
take
in
here.
So
you
know
if
you
feel
like
the
best
way
to
do
it
is
just
you
just
show
up
and
then
like.
A
Yeah
you
present
it
so
get
the
attention
they
so
I.
Look
at
their.
Let's
see,
we
did
go
there
once
for
the.
What
is
the
the
this
other
feature?
Was
this
other
feature
for
the
for
the
volume
mode
conversion
thing?
We
did
go
there
once
so.
Basically,
we
just
bring
it
up
there,
and
then
we
tell
them
what's
the
problem
and
then
they
give
us
suggestions,
but
that
one,
of
course,
is
a
much
simpler
problem
than
this
one
right,
but
we
just
showed
up.
A
A
C
Retired
Jordan
there,
okay
got
it
I,
guess
the
other.
So.
A
C
For
again,
just
for
for
the
sake
of
exploration,
you
know
just
like
something
that
I'll
say
earlier
just
planted
a
thought
in
my
head
is
like
is
a
I
guess,
I
guess,
for
the
sake
of
I'm
sick,
of
it's
a
sake
of
sake,
of
reviewing
making
it
easier
for
sick.
After
all,
to
review
like
would
it
be
helpful
at
all
if
we
try
to
separate
the
cap
into
two
parts
like
the
grpc
part
and
then
the
off
around
it
part
well,.
A
Information
there
yeah,
you
have,
you
have
the
different
sections
right,
so
they
can,
they
can
selectively.
Read
it
yeah.
A
So
basically
you
well
I.
Guess,
let's
say
if
you
decide
to
go
there
next
week,
so
just
you
know
show
them
your
diagram,
try
to
explain
to
them.
Well,
that
is,
you
know,
try
to
try
try
to
not
hit
that
video
too
much
details,
but
of
course,
went
you.
B
Know
if
we,
if
we
have
a
chance,
I
mean
we'll
update
the
slide
deck
to
reflect
the
Gap
now
I
mean
right
now
that
protects
the
last
slide
deck,
but
it's
been
updated
so
we'll
flip
it
back.
Yeah,
okay,.
A
B
A
Sorry,
no,
this
is
I
was
talking
about.
This
is
actually
that's
just
gonna
say
there
are
so
many
different
groups
seek
us.
I
was
talking
about
Jordan
right,
Jordan
is
in
Sigma
also,
but
I
also
pinned
the
tag
Security
tax
in
tech
security.
There
are
people
who
are
in
both
tech
security
and
security
anyway,
so
so
I,
basically
pinned
so
I,
know
I
added
an
issue
there
right.
So
there
are
some
there's
some
folks
saying
that
they
can.
They
can
help,
let's
see
if
they
get
a
chance
to
take
a
look.
C
Maybe
yeah
we
can
start
with
some
sick
offers
before
we
bring
into
Tech
security,
because.
A
Are
yeah
they
are
looking
at
yeah,
but
it's
still
a
lot
of
things
are
a
lot
of
projects
there
actually.
A
Around
on
kubernetes,
anyway,
right
and
also
people
who
are
there
are
a
lot
of
people
who
are
in
both
both
tax
security
and
seek
security.
A
So
yeah,
it's
okay,
because
someone
if
they
want
to
review
it,
they
can.
They
can
take
a
look
and
then,
if
they
have
questions
they
can
reach
out
to
us
right,
so
we
don't
have
to
actually
pin
them
right
now.
Basically,
now,
just
you
know
we
let
them
know
this
is
there
they
can
review
it.
A
E
A
And
okay,
do
we
looks
like
then
also
dropped?
Okay,
okay,
so
do
we
have
anything
else
we
want
to
go
over
in
this
meeting
and
I
think
we
already
presented
this
one
at
the
CSI
Community
sink
right,
so
that
seems
to
be
fine.