►
Description
Kubernetes Data Protection WG Bi-Weekly Meeting - 07 September 2022
Meeting Notes/Agenda: -
Find out more about the DP WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xiangqian Yu (Google)
A
I'm
sharing
what
about
anybody
else.
Can
you
see
my
screen.
B
B
How
do
we
enable
cbt
in
kubernetes
using
the
extension
api
extension,
we
planned
to
leave
some
room
for
form
last
time,
but
we
didn't
make
it
so
this
time
we
have
the
main
item
on
the
agenda,
we'll
be
form
talking
about
the
change,
this,
the
initial,
the
the
file
change,
this
change,
these
initial
discussions
and
more
specifically,
focusing
on
csi
spec
changes,
and
then
we
will
shift
to
e1
to
see
whether
there's
any
updates
on
the
cbd
cap
and
we'll
open
a
discussion
to
the
group
cool
one.
C
So
can
you
see
my
screen
now.
A
C
Okay,
so
not
sure
which
screen
are
being
shared
right
now.
Let
me
see
if
we
can.
C
Close,
can
you
see
the
dock
or
just
yeah.
C
Then
there
you
go,
I
think
it's
correct
screen
now,
so
I
would
focus
today
only
on
the
the
csi
change
right.
The
the
kubernetes
chain
we
still
talking
about
it
with
ivan
is
to
talk
about
more
when
we
do
a
csi
change,
I
mean
for
for
the
kubernetes
and
for
the
csi
chain.
C
I
want
to
enhance
what
ivan
currently
working
ivan
and
I
were
currently
working
on
with
the
volume
snapshot
delta,
and
currently
we
have
the
mode
as
by
default
it
will
be
block
which
is
in
the
string
mode
here
in
the
in
the
csi
request,
like
the
volume
snapshot
delta
request
currently
is
multi-core
to
block
me
in
this
block
change
right
so
that
I
want
to
add
another
value.
C
So
in
case,
if
it
not
blocked,
we
can
specify
it
as
a
file
system
for
file
chain
for
chain
5
list,
and
if
that
is
the
the
case,
then
in
the
response
I
add
a
lit.
I
add
one
more
at
the
bottom.
So
currently
we
for
the
block,
everything
will
be
up
here
right
and
in
the
block.
We
also
say
that,
if
it
is,
it
is
optional.
If
it's
empty,
that
means,
if
it
is,
is
not
specified.
That
means
is
it's
not
a
block,
so
it
is
5..
A
And
in
this
case,
then,
these
two
should
be
in
this,
like
one
off
should
put
them
together,
you
can
take
a
look
of
the
volume
snapshot
api
right,
so
either
files
or
block
delta
value.
A
Like
so,
it's
basically
you're
going
to
be
a
it's
going
to
be
just
one
field,
but
then
that
field
will
has
this.
Has
this
definition
of
one
off
it's
either
so
so
that
you
don't
have
two
fields
yeah,
but
you
can?
You
can
yeah
take
a
look
offline.
A
E
C
D
C
A
Like
you
know,
in
csi,
I
think
you
can
do
something
like
that.
Maybe
you
can
take
a
look
at
the
css
spec.
I've
got.
C
Yeah,
I
will
take
a
look
and
see
if
we
have
to
do
two
field
here
or
just
one
fuel
that
contain
different
types.
A
Snapshot
data,
but
then
you
have
another
message
saying:
okay,
you
have
those
two
options:
field
on.
C
D
C
Look
at
that
yeah
so
and
then
the
when
we
have
this
the
delta.
It
will
be.
I
just
I
should
make
a
copy
of
this
and
I
chain
it
into
five
messes,
I'm
not
even
sure
if
this
one
is
correct,
but
for
each
of
the
five
chains
I'm
proposing,
we
have
the
following
fields
right,
so
it
would
be
the
size,
the
m
time
you
know
a
times
c
time
and
so
on
and
so
forth.
But
the
most
important,
I
think,
is
the
flag
right.
C
This
helps
us
to
optimize
right
so
also
when
we,
if
the
file
being
deleted
right
or
move
etc.
C
So
I
base
these
from
the
power
scale
one
this
document
from
one
here-
and
hopefully
I
haven't
done
much
research
to
see
if
other
company
exactly
how
they
do
their,
how
they,
how
their
api
look
like,
but
I'm
copied
I'm
based
this
one
from
one's
fs
from
dell
and
but
we
can
enhance
it.
But
the
idea
is
that
in
this
chain,
five
we
specify
the
type
of
change
and
so
that
we
can.
C
We
can,
you
know,
effectively
only
backup
or
restore
the
specific
fi
that
it
chain
between
the
two
snapshots,
so
that
is
the
the
enhancement
that
I
I
want
to
propose
now.
So
we
can
talk
about
detail
now,
but
at
least
it
is
the
initial
conversation
I
want
to
propose,
so
we
can
start
the
conversation.
C
C
C
One
thing
that
I
kind
of
still
debating
on
is
when
phi,
let's
just
say,
5a
is
renamed
to
5b,
then
what
it
gonna
be
two
entry
one
chain
here
or
one
entry
that
have
the
name:
the
difference
between
two
names
right.
I'm
not
really
sure
how
how
we
can.
A
C
Oh,
yes,
that's
currently
what
I
have
in
mind
that
if
that
content
change,
we
will
back
up
the
entire
fight.
Okay
in
the
in
the
past,
we
did
talk
about
like
a
recursive
like
not
really
recursive,
but
one
level
down
is
that
when
a
file
chain,
we
can
specify
exactly
which
block
in
that
file
has
been
changed.
C
For
example,
if
the
file
itself
is,
you
know,
100
gigabyte
or
one
gigabyte
phi,
and
it
only
changed
a
few
block
here
and
there
inside
that
file.
How
do
we
specify
it
here?
So
this
proposal
have
not
taken
care
of
that
scenario.
Yet
so
this
scenario
only
say
if
that
fire
chain
back
up
the
entire
phi.
C
A
A
A
Okay,
so
what
what
do
they
do
they?
Basically,
okay.
I
see
they
have
a
few
more
flags.
Okay,
so
it's
basically
just
talking
about
the
path
right.
Okay,.
A
They
do
not
specific,
maybe
that's,
maybe
that's
how
how
people
do
change
your
founders.
Maybe
that's
like
anybody
else
here,
familiar
with.
Let's
change
the
file
list.
E
I
think
the
decent
file
services,
one
that
was
being
built
that
was
gonna,
have
like
the
block
changes
as
well.
I
think
it's
a
good
option
to
have
log
changes.
Okay,
yeah
inside
the
phone.
A
It's
basically
in
so
basically,
you
first
check
to
see
if
the
or,
if
the
file
is
the
so,
if
the
file
is
modified,
and
then
you
go
look
at
the
the
change
block
and
then
that
will
be
the
same
as
what
do
we
do
with
the
with
the
blocks,
the
block
file
and
the
block
volume?
I'm
not
quite
clear
on
how
can.
C
A
Why
do
we
still
need
to
do
this
change
form,
and
not
this
word
anyway,.
C
C
This
block
with
chain
blocks
is
the
the
the
for
the
block
volumes
right,
which
we
look
at
the
entire
volume
in
term
of
blocks
right.
This
is
the
file
system
into
the
file
system,
so
inside
that
file,
the
logical
which
we
chopped
the
file
into
it's
not
really
chopped
it's
just.
Basically,
when
you
do
like
a
five
copies,
you
can
do
like
five
six
to
a
certain
offset
within
the
five
right.
That's
how
this
meant,
even
though
it
it
we
kind
of
overloaded,
the
the
the
name
here,
but
this
question.
C
Yeah
we
can,
we
can
change
this
different.
We
can
do
something
like
chain
chain.
Five
block-
I
don't
know.
I
know
it's
just
a
detail,
but
we
can
we
can
we
can
you
know
we
can
work
it
out
in
more
detail,
but
if
the
the
csi
storage
size
specify
this,
then
only
a
few
blocks
within
the
file
have
been
changed
and
we
can,
you
know,
do
a
corresponding
chair,
backup
and
restore
with
this
block.
Only
so.
C
No,
no!
No!
No!
I
don't
know
if
that
is,
you
know,
anyone
is
out
there
implementing
it.
I
haven't
done
enough
research
to
to,
to
you
know,
make
sure.
A
Yeah,
we
need
need
to
talk
to
someone
who
has
implemented
this
one.
I
can
check
internally.
D
I
think
at
this
level
it
doesn't
feel
like
we,
I
think
we
might
be
at
the
risk
of
overloading
the
term
block.
I
feel
like
at
this
level
of
this
at
this
abstraction
we're
not
talking
about
block
storage
but
yeah.
I
think
like
it
might
be
like
just
you
know.
If
we
yeah
like
going
back
to
find
what
you
were
saying
if
we
use
like
those
c
and
go
like
an
api
as
a
reference,
it
would
be
the
offset
of
the
file.
D
So
potentially
you
might
have
a
file
structure
in
here
that
determines
like
the
path
and
the
offset
and
which
part
of
it.
So
so
we're
talking
about
the,
for
example,
the
c
and
the
go
seek
api
right.
It's
always
the
offset
that
says,
I'm
where
my
reference
and
my
pointer
should
point
to
inside
the
file
yeah
to
determine
how
far
it
goes.
So
I
think,
like
this,
it's
like
sort
of
like
a
logical
block
ish,
but
maybe
like
yeah
overloading
the
turn
block
a
little
bit
here.
Yeah.
C
Yeah,
so
I
I
can,
I
I
can
say
we
can
to
avoid
confusion.
We
just
create
another
message
and
specify
that,
but
I
think
at
the
very
high
level,
the
chain
fight
specified
this
field
and
I
think
we
need
to
talk
about
whether
we
would
have
this
one
or
not.
A
C
Okay,
so
I
got
a
question:
yeah
go
ahead.
C
Blocks
in
this
mode
field
that
we
in
the
request,
this
mode
field,
if
it
block,
is
specified
block,
if
it
not
it
specifies
by
system
here.
B
C
This
is
where
the
the
kuminet
layer
coming
in
right,
the
end
user
is
starting
from
the
kubernetes
layer.
I
have
it
not
working
on
that
part,
but
I
imagine
that
would
be
an
enhancement
of
what
currently
ivan
is
working
on
on
this.
On
the
kubernetes
side,
do
you
some.
B
Right
they
they
need
to
understand
what
this
snapshot
it's
based
off,
of
whether
it's
a
fighter
or
is
the
local
file
system,
or
is
it
just
raw
block
devices
before
they
even
send
this
code
right?
So
I
assume
that
if
it's
a
roadblock
devices,
it's
not
going
to
work.
If
you
call
this
api
to
get
the
file
change
list.
Oh
yes,
yeah.
C
It
makes
sense,
so
I
think
in
this
kubernetes
side,
the
kubernetes
when
they
give
received
two
volume
snapshot
name,
it
would
have
to
look
up
the
mode
as
well
right
before
it
go
down
to
the
csi
layer.
You'd
have
to
know
what
is
the
the
file?
Is
this
a
block
tv
or
a
block
snapshot
or
a
file
system
snapshot.
D
So
if
we
try
to
combine
this
with
the
existing
aggregator
api
server
design,
the
mode
will
just
be
pretty
much
opaque
until,
like
you
know,
the
driver
plug-in
says:
okay,
you
know
like
oh,
like
I'm,
the
the
grpc
call
it
between
the
csi
driver,
saying
that
okay,
I'm
making
a
call
for
block
volume
snapshot,
I'm
making
a
call
for
file.
B
D
Yeah
yeah,
I'm
hoping
like
the
aggregated
aps,
server
won't
have
to
like
know
about
all
the
you
know.
You
would
just
be
a
pass
through
until
like
the
after
last
final
responsible
moment,
the
grpc
card,
you
know
maybe
yeah
the
the
cs
between
the
csi
driver.
The
decisions
is
made
which
grpc
called
to
issue.
C
I
I
think
this
is
the
layer
where
we
have
to
make
a
decision
right
like
because
this
is
the
csi
layer
right
here
we're
talking
about
here
right.
So
it
need
to
know
whether
this
is
a
file,
a
request
for
a
file
chain
or
blockchain,
or
if
we
decide
to
make
this
op-ed
by
not
not
specifying
this
at
all
and
leave
the
back
end
like
the
storage,
to
figure
out
whether
to
respond
with
this
way
or
that
way,
then
during
the
then,
the
caller
sign
the
csi
caller
side
right,
like
in
that
case
it
might.
C
How
does
it
know
whether
we
are
looking
at
the
the
block
respond
or
the
file
respond.
D
Yeah,
that's
my
understanding.
A
I
don't
think
you
can
let
the
driver
to
decide
because
also
remember
we're
talking
about
this
conversion
thing
right.
So
underneath
is
quick
block
but
containers
using
it
as
a
file
system
mode
or
the
roadblock
mode
right.
So
so
we
need
to
know
whether
the
underlying
storage
system
really
supports.
A
Right
so
it's
like
you
need
to
know,
so
I
guess
I
guess
my
question
is
like
currently
what
what
do
you
guys
do?
Currently,
how
do
you
determine
because
if
you
only
support
block
you
just
say
you
don't
support
file,
but
do
you
actually
make
do
some
checks,
I'm
talking
about
like
the
the
backup
software
backup
vendors?
How
do
you
do
you?
Actually,
the
decision
will
you
have
the
user
make
that
decision.
D
Yeah
so
currently
like
at
the
kubernetes
cr
the
custom
resource
and
api
level.
There
is
also
a
field
called
the
mode
which
is
which
will
which
I
guess
it
maps
to
like
the
enums
right
by
the
block
or
file
system.
B
A
The
mode
is
file
system.
You
could
still
retrieve
the
data
at
the
block
level
right,
but
that's
the
thing
right.
So
that's
because
most
of
the
because
most
of
the
cases
is
not
real
block,
I
think
most
use
cases.
Actually
I
don't
think
roadblock
is
the
most
it's
the
most
of
the
time
people
are
using
file
systems
but
needed
a
block
volume.
A
So
how
do
you
actually
make
that?
Because
there's
no
like
for
our
driver,
it's
easy
to
make
that
check.
We
just
check
the
you
know:
it's
a
rewrite
only
or
rewrite
once
right.
So
that's
that's
what
we,
what
do
we
decide
but
other
driver?
Maybe
they
they
have
other
way
of
determining
that.
E
A
Right,
oh
just
saying,
like
the,
I
was
basically
just
asking
questions
like
currently.
How
do
you
determine
whether
it's
a
blog
file,
like
at
least
I
know
for
velaro?
It
doesn't
really
make
that
check,
especially.
A
Responsibility,
I
well
right
because
for
users,
basically,
we
all
need
to
you,
don't
need
to
know
you
use
a
rust
tip
or
you
do
not
use.
E
Well,
there's
no
so
there's
no
block
tracking
in
valero
right
and
it
was
pretty
much.
E
A
C
Yeah,
if
it
is
it
doesn't
matter
what
the
pvc
mode
is.
This
one
is
talking
about
the
underlying.
A
E
E
A
A
There
is
a,
I
know
that
well,
this
is
not
not
for
our
current
driver,
of
course,
but
I
I
know
that
the
like
the,
for
example
cinder
supports,
supports
that
right,
so
which
means
some
drivers,
incentives
and
something
like
that,
so
so
there
are
so
there
are
driver
supports
that
right.
So
that's
why
army,
I
think,
ani
well.
I
know
that
our
driver,
we
just
use
that
to
determine,
but
I
don't
think
that's
the
case
for
other
drivers.
It.
E
A
E
D
A
A
C
C
A
D
D
But
I
guess
like
so,
I
think
like
so
I
guess
what
you
I
guess.
They
feel
like
they're,
multiple
points
that
you
make
their
thing
like.
I
think,
like
going
back
to
the
earlier
point
about
like
it's
like
the
backup
software
inside
the
user,
like
initially,
the
idea
was
to
for
the
backup
user
and
the
backup
software
in
the
user
to
decide
to
tell
csi
cbt
what
the
mode
and
this
ideally
the
initially
the
dot
was
like.
D
This
is
like
something
that
we
infer
from
the
pvc
source
of
the
snapshot.
So
my
question
is:
do.
A
E
I
mean
in
like
k10
at
the
moment
you
either
do
things
in
file
mode.
You
know
where
the
volume
is
attached
and
you
use
copia
to
back
things
up
file
by
file
or
we
could
do
block
mode
where
we
take
us
where
we,
you
know,
try
to
extract,
but
that's
pretty
much
only
implemented
for
vsphere
at
the
moment.
A
A
E
A
D
So
much
question
also
question
for
phone
so
like
using
the
api
that
the
dell
api
that
you
use
as
an
example
here.
So
if
we
remove
mode
just
just
for
the
sake
of
discussion,
if
we
remote
the
node
property
and
then
we
say
like
okay,
we're
gonna
infer
that
by
checking
the
volume
snapshot
and
then
checking
it
the
pvc
mode.
Well,
this
api
that
you're
showing
us
here
still
work
did
you
does
that
make
sense
like
would.
D
Say
if
we
remove
like
the
string,
note
property
there,
you
scroll
up
to
the
page
for
the
first
page,
if
you,
if
you
remove
that
string
mode
right
and
then
we
say
like
within
the
cbt
aggregated
api
server
or
whatever,
we
just
detect
that
by
checking
the
source,
pvc,
you
know
how
the
pvc
have
its
mode
too.
D
Oh
okay
and
then
we
said
like
the
pvc
mode
is
blocked,
and
hence
we
call
the
block
grpc
or
the
the
p.
A
A
A
Not
happen,
there's
no
reliable.
I
can
say
that
with
the
vcs
driver,
we
have
a
way
to
check,
but
I
don't
know
if
that's
that's
that's
true
for
other
drivers
like
for
us.
We
just
check
the
the
access
mode,
not
not
that
mode.
We
were
talking
about
the
the
volume
that
we
check
the
access
mode,
which
is
you
know,
rear
many
or
once.
D
Okay
right,
so
what
about
so
yeah
again
thanks
got
it
all
right,
so
I
get
the
point
there.
That
makes
sense.
What
about
the
api
that
fung
you
were
using
as
an
example,
the
dell
api?
What
layer
of
abstraction
is
it
giving
us
like?
Is
it
does
it
know?
Does
it
care
whether
underlying
is
blocked?
C
D
D
D
Okay,
I
guess
like
okay,
I
guess
who's
shooting
point
like
that.
It
is
possible
that
a
file
system
is
backed
by
a
non-block
phone,
backed
by
a
block
storage.
C
C
D
C
Not
a
prototype,
but
a
test
yeah.
C
In
which
we
can,
we
can
actually
take
a
snapshot
of
it
and
get.
C
D
It
okay
and
then
underlying
the
geo.
At
the
csi
grpc
level,
we
are
still
calling
the
block
api
to
the
cpt
block
epithel
yeah.
It
is
a
cp,
okay,
cbt
block
api.
C
Okay,
so
I
I
propose
that
the
for
anything
for
any
type
of
pvc
that
have
a
blocked
back
end,
we
will
call
the
the
block
mode
for
the
file
system
back
end.
We
will
use
file
system
mode,
but
the
question
that
xianhuan
raised
is
how
does
user
know,
because
there's
not
a
reliable
way
for
the
user
to
know
whether
they
should
call
using
block
or
they
should
call
by
this
file
system.
That
is
the
question
and
right
now
I
I
cannot
think
of
a
reliable
way
to
answer
that
one.
Yet
so.
D
D
Might
not
yeah
and
then
back
to
shane's
and
dave's
earlier
point
like
at
this
stage.
It
might
just
be
okay
to
let
the
user
tell
us
what
mode
it
is,
but
then
we
might
or
might
not
have
a
way
to
verify
them
to
confirm.
D
C
Et
cetera,
cool,
okay,
so
I'm
gonna,
stop
sharing,
so
ivan
can
get
them
updated,
go
ahead,
yep
one
more.
B
C
B
B
C
D
A
A
C
B
I'm
gonna
show
you
the
perspective.
They
don't
need
to
necessarily
understand
right.
All
the
care
is
the
one
snapshot
resource
plus
a
pvc
resource,
because
you
can
not
expect
a
data
protection
officer
or
whoever
the
cost
manager
understand
every
single
pvc,
that's
not
the
expectation
on
them,
they're
just
responsible
of
okay.
I
have
a
backup
plan
for
this
entire
cluster.
I
have
all
my
other
workloads
running
in
this
cluster
protected.
C
Okay,
cool
all
right,
I'm
gonna
make
note
of
that,
and
I
will
continue
working
on
it
next
time.
We,
but
thank
you
very
much
for
all
of
these.
You
know.
Feedback
and
question
is
pretty
good.
A
E
A
A
E
A
E
A
C
Not
yet
I
will
do
it
now,
yeah,
it's
very
primitive,
but
yes,.
D
D
Yeah
I
updated
the
cbt
cap
with
what
we
talked
about
last
week.
I
can
quickly
share
it.
I
know
we
probably
don't
have
much
time.
I
think.
D
Yeah,
I
can
sure
just
let
me
know
when
we
are
near
the
top
of
the
hour
and
then
I'll
stop.
Can
you
all
see
my
web
browser?
Yes,
okay,
yeah
cap,
three,
three
one,
four
changeable
tracking
with
csi
volume
snapshot
delta.
D
So
last
week
we
I
mean
two
weeks
ago
during
the
last
meeting,
we
make
a
lot
of
progress
in
terms
of
like
the
discussing
and
agreeing
with
the
design.
So
I
captured
everything
that
we
talked
about
and
then
reworked
the
cap,
and
maybe
I
can
just
quickly
walk
through
the
design
flow
again
for
those
of
us
who
missed
the
the
the
last
meeting
so
yeah
and
just
if
you
have
questions
or
feedback
feel
free
to
raise
it
here
or
just
comment
on
the
cap
directly.
D
Look
at
pr.
The
idea
is
that,
like
we
in
the
csi
cbt
like
we
propose
that
come
three
new
components,
the
first
one
being
an
aggregated
api
server,
that's
served
from
the
cbt
entries
and
requests
and
then
the
second
one
is
a
crd
controller
that
watches
for
a
new
cr
core
driver
discovery.
D
And
then
the
last
component
is
a
site
card
that
gets
embedded
into
the
csi
driver
to
make
the
csi
driver
discoverable
by
the
executed
api
server.
So
I'll
walk
through
like
I'll
use,
some
of
the
diagrams
here
to
walk
us
through
it
and
then
hopefully
that
will
make
more
sense,
and
so
the
first
diagram
here
is
about.
D
You
know
the
the
bootstrap
genesis
you
know
like
when
cbt
the
the
when
the
cbt
csi
is
deployed.
There
is
a
part
with
an
aggregated
api
server
and
it
also
have
a
driver
discovery
controller
as
a
sidecar
within
the
same
part,
the
first
step
being
this
aggregate
api
server.
When
it
first
comes
up,
it
will
register
with
the
kubernetes
api
server
and
then
it
will
say,
hey.
I
am
responsible
for
this
group
version
like
v1
alpha
one
cbt,
dot,
storage
case
io
and
all
the
custom
resources
defined
under
the
underneath.
D
This
version
will
be
handled
by
our
aggregated
api
server.
So
that's
the
first
step
and
then,
on
the
other
end,
the
other
side
of
the
world.
When
the
storage
provider
csi
driver
comes
up,
we
will
have
the
sidecar
that
basically
like
it.
It
public
publishes
itself
will
register
itself
by
creating
a
driver,
discovery,
custom
resource
and,
among
other
things,
the
the
most
important
things
within
this
custom.
D
Custom
resource
is
the
client
config
which
specify
the
in
cluster
service,
name
and
name
space
that,
like
you
know,
the
aggregate
api
server
can
communicate
with
it,
and
then
he
will
have
a
ca
bundle
that
can
use
to
like
generate
tls
cert,
to
establish
that
trust
between
the
agreed
aggregated
api
server,
as
well
as
the
the
site
car
between
the
driver
and
then
this
is
where,
after
this
custom
resource
is
created,
this
is
where
the
cid
controller
comes
in
and
then
it
will
persist.
D
D
I
think
this
the
group
priority-
oh,
that
is
just
like
some
internal
details,
of
how
kubernetes
api
server
prioritize
like
requests.
I
I
I
don't
remember
the
details
like.
I
think
it
has
something
to
do
with
say.
If
we
go
with
our
v1
beta1,
I
mean
I
mean
all
of
them
has
the
if
you
do
like,
if
we
do
like
you
cuddle
like
api
dash
services
like
it
will
solve
some
of
these
priority
like
in
terms
of
like?
Oh,
you
know.
D
If
you
have
v
one
alpha
one
and
one
v,
one
beta
one,
you
know
how
does
like
the
kubernetes
api
server
know
which
one
it
did
it
doesn't
know.
Beta
comes
after
alpha
right
as
far
as
the
kubernetes
api
server
is
concerned,
so
this
is
where
the
priority
minimum-
and
it
has
more
of
these
priority,
related
properties.
This
one
I
just
copy
and
paste
it
from
the
dock.
A
I
don't
know
how
important
is
that,
because
I
do
not
remember
seeing
this
one
in
any
of
the
other
sixth
story,
just
crds,
so
yeah.
D
A
D
D
Yeah,
the
higher
the
value,
the
the
less
the
lesser
the
priority.
The
2000
is
just
a
generic
value
that
I
found
in
other
examples.
D
D
This
is
where
the
data
path
requests,
initialize,
backup
software
send
a
post
request
to
or
like
in
this
case,
like
using
client
girl,
maybe
like
dot,
create
interface,
and
then
it
will
create
the
volume,
snapshot,
delta,
custom
resource
and
then,
like
you
know,
like
the
kubernetes
api
server,
would
see
this
request.
D
This
url
here
is
actually
generated
by
the
kubernetes
api
server
and
then,
when
the
request
is
being
sent
to
this
endpoint
kubernetes
api
server
will
say.
Okay,
I
know
there
is
an
aggregated
api
server.
That's
responsible
for
this
volume
snapshot
delta
resource.
It
knows
that,
because
of
this
api
service
resource
definition,
so
we
send
it
like
so
the
the
backup
software,
the
user,
they
will
create
an
actual
volume
snapshot
delta
custom
resource.
So
it
will
look
something
like
this.
D
Like
you
know,
the
base
volume
snapshot,
name,
target
volume,
setup
name
and
then
the
understand
some
pagination
like
parameters,
and
in
this
case,
including
the
mode
property
that
we
talked
about
earlier
now.
The
key
thing
here
is
like
once
again
computer
api
server.
It
received
a
request
it
doesn't
like
it
doesn't
like
persist.
The
volume
snapshot
delta
resource,
so
this
is
very
similar
to
some
of
the
existing
implementation
pattern
used
for,
like
all
the
sars
resources,
which
is
how
our
back
works
underneath
in
this
example.
D
Here
you
can
see
like
for
subject
access
review
resource
like
the
underlying
storage
implementation
is
such
that
you
gotta
create
requests,
but
it
does
not
call
a
cd
to
possess
anything
at
all.
D
It
just
does
its
own
logical
thing
to
validate
to
confirm
the
our
back
authorization
thing
permission
of
the
of
the
subject
and
then,
after
that
you
just
send
back
like
and
then
like
it
update
the
status
with
whatever
it
wants
to
update
it
with
right
over
here
line
73
to
789,
and
then
it's
just
send
back
to
you
know,
quote
unquote
the
virtual
resource
back
to
the
the
collar
so
yeah
and
this
kind
of
like
where
we
draw
like
a
lot
of
the
design.
D
Inspiration
from
like
I
mean
it's,
a
pattern
that
is
already
used,
which
could
be
you
know.
So,
just
I
guess
you
know,
then
we
should.
We
can
follow
that
and
then,
after
the
cbt
scroll
down
a
little
bit
after
our
aggregate
api
server
like
got
the
create
resource
request,
and
then
it's
going
to
go
to
the
kubernetes
lcd
and
it's
trying
to
find
all
this
other
csi
like
custom
resource.
D
You
look
for
the
volume
snapshot
for
the
base
and
the
target,
and
then
you
drill
down
to
the
volume
snapshot
content
and
then
they
find
the
driver
name.
They
find
the
snapshot
handle
like
all
these.
Like
your
parameters,
you
need
to
put
together
as
a
payload,
it
discovers
where
the
driver
is
based
on
the
cr
that
we
introduced
using
this
driver
name
now.
He
knows
how
now
he
knows
like
now
after
this
step,
retrieving
all
these
custom
resources
from
the
kubernetes
sdi
c
scd.
D
D
We
post,
like
your
https
request
with
all
these
parameters
and
payload
with
that
we
got
it
as
a
payload
as
a
json
payload
to
the
csi
driver
site,
and
then
our
sidecar
would
receive
this,
and
then
it
will
make
a
grpc
call
over
the
unit
socket
to
the
provider,
csi
plugin
and
then
the
final
green
arrows
here
just
show
how
the
response
travels
back
to
like
to
use
to
the
backup
software
and
then
from
the
backup
software
perspective.
It
was
look
like.
Oh
I
yeah.
D
The
spec
right,
okay,
so
yeah
this
is
so
yeah
from
our
last
conversation.
I
think
this
is
where
the
I
guess
for
like
for
the
alpha
version
like
we
are
proposing
like
at
this
point.
I
just
let
the
backup
software
handle
the
pagination
themselves
so
to
limit
the
offset.
So
so
I
got
a
request
and
the
response
back
right
as
a
backup
software
and
then
now
like
within
the
status
with
response
like
the
the
backend,
would
tell
me:
are
there
more
data
coming?
D
So,
if
I
want
more,
like
you
know,
I
would
just
I
can
re
reset,
recreate
a
volume
snapshot
delta
with
a
different
limit
and
offset
in
my
next
request.
D
B
D
As
a
res
safety,
so
I
so
I
so
are
you
saying
like
within
like
the
status
response
itself,
we
have
okay,
so
hang
on,
it's
like,
I
think
I
mention.
Let's
see
if
this
matches,
what
you're
looking
for
so
inside
the
api
yeah.
D
D
We
come
back
from
the
storage
provider
and
this
would
just
be
a
copy
and
paste
of
the
original
requests
so
that
you
know
if
the
backup
software
wants
to
only
examine
the
status
sub
resource
and
then
they
get
the
change
block
any
error.
What's
the
state.
B
D
This
is,
this
is
provided
by
the
user.
D
B
D
Not
the,
but
only
the
the
only
thing
that
got
persisted
in
this
whole
design
is
the
I
mean
volume
snapshot.
Wasn't
such
international
content.
We
know
they're
persistent
already.
The
only
opposition
is
the
driver,
discovery
that
we
use
to
discover
where
the
csi
driver
is
very.
D
I
think,
like
a
month
or
two
ago,
like
I
asked
about
something
like,
can
we
put
this
into
the
csi
driver
resource,
but
looking
further
into
it,
I
think,
like
the
csi
driver,
even
though
it
has
it
feels
like
the
right
place
to
put
it,
but
it
feels
like
it
is
being
used
by
the
lower
underlying
operation
of
the
cubelet.
I
think
so
I
don't
know
if
we
truly
need
this
if
driver
discovery
resource,
if
we
don't,
why
can't
we
put
it
into
csi
driver,
but
it
feels
like
it
shouldn't
be
in
there.
B
D
D
Oh,
it's
just
something:
it's
just
a
mistake.
I
think
it.
C
D
Whatever
we
want
it
to
be
right
now,
we
are
at
on
top
of
the
hour,
but
I
want
to
say
that,
like
I
did
updated
the
risk-
and
we
go
over
this
next
time,
like
under
the
recent
medication,
like
there's
a
lot
of
issues
around
like
what.
If
someone
tried
to
doses,
because
some
some
of
these
operations
can
potentially
be
expensive,
so
yeah
and
I
wrote
down
some
thoughts
and
points
on
how
we
mitigate
that
using
kubernetes
on
flow
control.
Apis.
D
Right
yeah,
if
folks
have
any
questions
about
this
feel
free
to
ping
me
on
slack
in
the
data
protection.
Looking
group.