►
Description
Kubernetes Data Protection WG Bi-Weekly Meeting - 23 March 2022
Meeting Notes/Agenda: -
Find out more about the WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMware)
A
So
today
fine
is
going
to
do
an
update
on
the
cpt
work
and
and
then
right
then
we'll
just
take
a
quick
look
of
the
a
new
report
and
I
think
that's
ready,
and
then
there
are
a
few
open.
Your
shoes,
okay,
fun.
B
A
B
I
can
share
my
screen,
but
there's
not
much,
except
for
the
document
that
we've
already
been
seeing.
So
you
see
my
screen
now
yeah,
so
we
discussed
most
about
cbt.
Discussion
is
either
on
slack
or
in
our
private
meetings
with
a
few
engineers,
and
we
captured
all
of
the
meeting
minutes
on
the
document
that
you
can
see.
B
We
we
posted
there
on
the
slack
as
well.
You
can
see
the
document
that
we
like
for
this.
One
is
the
meeting
minutes.
We
have
two
meetings
so
far
and
this
one
is
the
meeting
of
the
later
meetings
thanks
to
the
later
one
on
march
18th.
B
The
idea
that
I
just
want
to
summarize
what
we've
been
discussing
is
that
in
the
previous
meeting
with
the
kubernetes
community,
we
I
present
the
cbd
service,
and
then
there
was
some
opinion
from
many
people
to
you
know
propose
that
we
should
have
also
have
a
second
look
at
the
the
approach
that
we
use,
the
crd,
the
the
resource
instead
of
using
a
service.
B
So
after
discuss
with
the
the
engineer
involved,
we
like
say:
let's,
let's
give
it
a
try
to
see
how
it
go.
You
know,
let's
discuss
to
see
if
we
can
find
a
way
to
overcome
the
limitation
of
the
cid
approach.
The
limitation
that
we
try
to
overcome
is
that
they
see
the
size
of
the
c
arctic.
The
the
size
of
the
cr
on
the
kubernetes
api
server
would
eventually
you
know,
hogging
the
resort
there,
especially
if
we
create
a
cr
and
it
will
be
stored
in
the
xcd.
B
If
that
is
the
case,
then
it
will
eventually
run
out
of
spay
or
hogging
the
the
resort
there.
So
we
discussed
about
a
few
idea
that
to
overcome
that-
and
one
of
the
way
that
we
can
we
talk
about-
is
the
aggravation
api
aggravation
a
lot
of
this?
Still,
we
still
in
you
know,
exploring
we
still
haven't
have
any
conclusion
yet
so
we're
just
still
researching
and
there's
a
few
engineers
proposing.
B
I
think
one
engineer
proposing
the
the
I
think
is
sean
sean
he's
proposing
like
a
workflow
here,
but
again
it's
still,
I
mean
not
not
this
one
which,
which
one
is
it.
B
I
think
we
have
a
boot.
I
think
I'll
put
a
link
there.
Somehow,
let
me
see
if
I
have
a
link
anyway,
I
will
post
a
link,
but
sean
have
proposing.
I
think
let
me
see,
I
think
he
did
have
a
link
somewhere.
B
I
think
here
this
one
sean
proposing
like
a
wolf
low
on
it
and
again
this
is
just
his
proposal.
We
haven't
talked
much
about
it
because
you
know
he
was
there.
He
was
not
there
in
in
our
last
meeting.
We
can
either
talk
now
or
maybe
we
continue
in
our
in
our
next
meeting.
B
We
think
that
we
should
do
like
a
prototype
and
just
just
try
to
rough
out
all
the
the
idea
to
see
if
it
actually
work
this
way
or
not,
and
this
proposal
that
I
put
here
is
we're
going
to
try
to
do
like
a
cle
approach.
That
means
that
we
want
to
create
us.
It's
similar
to
you
know
any
customer
resource
yeah.
We
we
create
like
a
cid
with
respect.
The
spec
is,
basically
we
don't.
We
simply
sit
for
this.
B
For
the
sake
of
this
prototype,
we
just
dumped
the
api
that
we
have
in
our
document
in
this
one,
like
you
know,
we
just
take
the
the
request
and
put
it
in
the
spec
and
the
result
will
be
put
into
the
respawn,
we'll
put
it
in
the
status
and
we
add
a
little
bit.
B
You
know
a
little
bit
here
and
there's
like
state
and
error
to
see
how
it
go
and
if
this
one
we,
if
we
create
this
one,
then
we
should
create,
like
a
controller,
to
listen
to
that
event
right.
So
the
controller
simply
when
this
event,
when
this
cr
is
object,
is
created
on
the
api
server,
then
this
controller
will
simply
listen
to
it
and
call
the
you
know
we're
going
to
pick
one
of
the
storage,
maybe
powerstor
emc
or
aws
or
vmware
ebs
right.
B
We
whoever
implement
this,
will
be
we'll
pick
one
right
and
what
we
do
is
when
we
receive
that
cr
object
like
if
it
is
created,
then
we
will
call
the
different
snapshot
api
or
the
of
the
specific
stories
that
that
we
have
at
hand.
Then
we
gonna
translate
the
result
into
the
format
that
we
want
here
and
responded
to
I
mean
and
whoever
listened
to
create
this
c
object
will
wrap
the
response
right
so
that.
B
B
Yeah,
okay,
yeah,
so
so,
and
then
we
also
proposing
to
create,
like
a
backup
controller,
to
employ
this.
This
whole
workflow
here
right,
so
it
will
create
the
cr.
It
will
wait
for
the
controller
to
you
know,
update
the
status
and
it's
it's
backing
up
the
data
according
to
the
result.
So
that's
the
high
level
of
the
backup
controller,
the
detail
I
put
it
here,
but
again
we
still
in
you
know
we're
still
in
in
discussion.
B
So
I
just
wanted
to
give
an
update
of
what
we
have
so
far,
and
I
want
to
point
out
that
we
in
this
pm
in
this
prototype,
we
only
focus
on
on
one
scenario.
That
is
the
this
is
a
file
system,
pvc,
with
the
block
volume
in
the
back
end.
B
So
that
way
we
can
employ
the
the
cbt
right,
the
the
chain,
blockchain
chain,
block
tracking
right,
the
the
difference
or
snapshot
for
block
right
without
the
volume
in
the
back
end.
For
example,
if
this
a
like
an
file
system,
pvc
with
the
nfs
in
the
back
end,
then
we
cannot
do
anything.
So
we
only
focus
on
the
file
system.
B
Pvc
with
the
block
backend
right,
so
that
is
my
update
for
for
the
you
know,
for
the
cbt
thing
for
the
cbt
effort
that
we
have
again,
we
communicate
with
each
other
on
slack
on
this
w
g
data
protections
channel.
So
if
anyone
who
are
interested
in
the
project
or
want
to
contribute
just
jump
in
and
discuss
there,
we,
I
will
try
to
schedule
a
meeting
every
week,
usually
on
friday.
B
A
Okay,
you
can't
go
back
to
that.
The
can
you
go
back
to
your
document.
A
A
D
B
It
will
I
I
was
I
I
was
we
go
discussing
about.
You
know
whether
we
have
also
do
the
data
mover
here,
but
dave.
He
mentioned
that
we
should.
We
should
use
some
kind
of
an
open
source
data
mover.
I
haven't
looked
into
that
to
be
honest,
but.
A
So
the
flow
would
be,
but
okay,
so.
A
B
B
B
When
we
have
the
block
snapshot,
we
will
then
I
will
block
pvc.
We
will
then,
if
we
do
the
full
backup,
we
will
then
move
all
the
block
back
up
over
the
block
of
that
draw
block
device
right.
B
Yeah
we
have
to
do
some
in
this
in
this
prototype.
We're
going
to
use
some
data
mover.
A
B
All
we
have
to
implement
one,
it
should
be
simple:
it
just
should
be
copy
block
into
a
back-end
into
a
backup
story:
okay
and
then
now
with
the
cbt
right
at
this
point,
we're
going
to
create
an
object,
a
cr
object
with
this
format
here
right.
If
we
have,
if
we
already
have
a
previous
snapshot
right,
we're
going
to
specify
the
snapshot
base
here
and
the
current
snapshot
and
volume
id
and
so
on
and
so
forth
and
start
offset
will
be
0
and
and
so
on
and
so
forth.
B
B
B
Of
course
it
will
delete
the
it
will
delete
the
the
pvc
because
it
doesn't
the
block
pvc,
but
it
doesn't
use
it
anymore
and
then
it
will
delete
the
the
the
volume
snapshot
object
and
it
also
delete
the
the
cbt
object
here,
delete
it
all
and
done
with
the
backup.
B
I
have
done
a
small
experience
to
experiment
to
convert
from
the
five
pvc
to
block
pvc
using
the
snapshot.
So
what
I
did
is
I
take
this
five
pvc.
B
D
They
found
just
a
quick
question
like
so
is
this:
is
this
backup
controller
essential
to
prove
out
like
the
cbt
prototype.
B
B
Prototype
a
little
bit,
it
only
illustrates
that
it
can
be
done.
It's
not
essential
to
the
the,
because
the
thing
that
essentially
this
one
right
is
that
this
controller
and
and
this
and
the
crd
here
you
see
the
main
piece.
This
one
is
just
an
effort
to
tie
together
a
workflow
that
illustrates
that
this
cbt
can
be
done.
Okay,.
D
For
what
is
worth
like,
you
know,
if
you
want
to
show
like
the
diaphragm
actually
yeah.
B
D
B
B
B
A
B
A
So
the
for
the
aggregated
service,
so
we're
saying
we
still
need
to.
We
haven't
really
got
through
that
one.
Yet
right,
because
yeah.
B
We
need
more
people
who
know
much
about
occupation
api.
I
actually
personally,
I
do
not
know
so.
I
heard
that
some
of
the
engineers
who
will
participate
in
our
next
meeting
we'll
know
about
that.
But
let's
see
yes.
E
Yeah,
so
this
is
dave
so
over
at
cast
and
captain's
actually
been
using
aggregated
apis,
a
fair
amount.
So
we
wanted
to
contribute
on
that
part
and
we'll
get
with
sean
because
he
had
the
original
proposal
as
well.
A
Yeah,
that
would
be
great
yeah
just
to
see
how
that
would
help
solve
this
concern
over
the
the
size
of
the
change
blocks.
B
Yeah,
so
the
from
what
I
understand
about
this
is
just
that
it
will
not
save
the
object
on
the
kubernetes
api
server,
but
it's
saved
on
another
server
and
how
we
manipulate
that
is.
It
would
be
the
detail
that
I
do
not
know.
Okay,.
A
E
No
idea
yet,
okay,
so
we
haven't
flushed
it
out
fully,
but
the
concept
you
were
having
was
to
take
the
change
block
list
out
of
the
status
and
instead
have
more
like
a
cookie
that
points
to
a
set
of
change,
block
resources
and
those
change
block.
Resources
would
be
provided
by
the
aggregated
api
server
and
pretty
much
generated
on
demand
by
calling
csi,
if
that
makes
any
sense,
so,
okay
and
then
the
advantage
of
that
we
haven't,
we
haven't
actually
figured
out
exactly
how
to
do
it
yet.
E
But
the
general
concept
is
that
then
pagination
is
just
handled
by
the
kubernetes
pagination
api
for
for
iterating,
over
lists
of
objects,
and
and
so
then
it
becomes
a
little
it's.
It's
not
quite
so
imperative
that
the
api
looks
less
imperative
driven
and
we
should
be
able
to
take
all
of
that
stuff
out
of
the
fcd,
but
it's
still
accessible
via
the
regular
kubernetes
apis.
E
A
Basically,
the
the
you'll
have
a
probably
have
a
new
kubernetes
api
resource
that
represents
the
changed
blocks,
but
instead
of
putting
that
into
status,
it's
a
separate
api
object.
Something
like
that.
Yes,.
D
Yeah
and
to
add
to
that,
from
the
request
perspective
like
we're,
aiming
for
like
not
two
drastic
changes
between
different
approaches,
like
you
know,
going
back
to
the
funds
example,
whether
it
is
you
know,
like
parameters
of
the
snapshot
based
natural
target,
like
those
will
still
be
required.
D
So
it's
just
a
matter
of
like
the
extra
like
you
know,
you
might
recall
that
all
the
pagination
parameters
like
offset
max
size-
you
know
those-
maybe
you
know
we're
hoping
to
utilize-
the
humanities
of
list
request
mechanism,
but
otherwise
the
differential
parameters,
but
you
know
we're
aiming
to
not
disrupt
those
too
much
from
a
request
perspective.
F
Hey
thank
you.
I
had
a
question
there.
Is
there
a
concern
with
using
normal
api
server
that
the
the
change
list
will
be
too
big
for
storing
in
the
cluster?
Actually.
B
So
I
I
can
I
can
it's
not
real,
really
big,
but
it
you
guys
can
see
it
here
right.
B
So
I
do
some
calculation
and
I
saying
that
once
1.5
megabyte,
which
is
the
side
limit
of
objects
of
the
of
the
cle
object,
1.5
megabyte,
we
can
potentially
have
about
98
000
chain
blocks,
just
the
metadata.
D
B
B
Right
here
this
this
context,
we
don't
know
how
many
by
that
one
that's
contact
is,
is
a
vendor
specific,
but
if
we
just
take
the
size
of
the
obsessed
and
the
size
of
the
you
know
the
the
size
and
the
boo
and
the
zero
and
and
this
field
then
approximately
for
each
cr
we
can
contain
98
000
metadata
block,
which
is,
I
think,
would
be
very
substantial.
I
mean
for
for
the
difference
between
two
volume.
B
If
we
can
capture
that
98
000
and
besides
I
mean,
if
there's
a
lot
more
than
that,
then
it
might
be
just
better
just
you
know
to
back
up
the
whole
volume
right
and-
and
so
that's
why
that's
just
some
data
that
I
have
here
and
I've
done
some
calculation
too,
like
if
the
block
size
is
very
small
like
512,
then
it's
not
much
right.
It's
98!
B
It's
just
about
48
megabytes,
it's
not
really
impressive,
but
if,
if
the
block
is
big
like
2
megabyte
block,
then
this
one
can
the
metadata
that
can
describe
192
gigabyte
right.
On
top
of
that
dave
also
mentioned
many
ways
we
can
combine.
For
example,
if
subsequent
I
mean
the
the
block
that
lie
next
to
each
other,
we
can
combine
them
into
one
block
right.
B
We
change
the
size,
we
can
simply
saying
you
know
the
side
big
or
the
total
size
of
these
blocks
that
stand
next
to
each
other,
so
we
don't
have
to
map
one
on
one
between
this
chain
block
and
the
physical
block,
but
one
chain
block
can
be
you
know
multiple
chain
block
by
multiple
block
on
the
physical
volume
that
is
lying
next
to
each
other
again
the
size
here,
because
we
have
this
size
here
so
so
we
can
express
this
in
terms
of
the
size
of
multiple
block,
multiple
physical
blocks.
D
Yeah,
I
think
the
fact
that
the
responses
are
you
know,
unbounded
in
sizes,
that
definitely
worrisomes
and
concerning
and
enhancing
you
know
we're
putting
a
lot
of
thoughts
into
how
to
mitigate
that,
and
you
know
I
wish
like
there
is
a
cookie
cutter
way
to
say:
oh,
you
know
you
know
implement
it.
You
know
all
will
be
fixed
right,
so
it
feels
like
they
have
to
be
multiple
approaches
to
it.
I
read
somewhere
that
I
mean
like
I
guess.
D
The
fundamental
goal
is
like
the
first
goal
is
like
if
we
can
avoid
storing
it
in
scd.
That
will
be
great
enhance
all
these
talks
around.
Like
pagination
aggregation
api.
D
You
know
stuff
like
that,
and
if
we
really
have
to
store
it,
then
I
think
someone's
making
suggestions
about
like
some
sort
of
garbage,
auto
garbage
collection
mechanism
somewhere
in
this
slab
channel.
So
I
think
the
way
I
look
at
it
is
there'll
be
multiple
approaches
and
things
need
to
be
implemented
to
mitigate.
B
B
This
is
one
way
right
so,
like
I
said
like
like,
like
he
just
mentioned,
that
there's
multiple
approach
to
this.
To
avoid
having
too
many
objects
or
too
many
things
on
the
on
the
api
server.
D
Yeah
until
we
have
some
sort
of
working
prototype,
it's
really
hard
to-
I
guess
you
know
tell
everyone.
This
is
exactly
how
we're
going
to
solve
it.
You
know.
F
Yeah
well,
one
of
the
reasons
why
I
was
bringing
that
question
up
is
even
if
we
use
aggregated
api
server,
that
api
server
needs
an
lcd
to
back
whatever
we
are
posting
there
right.
So
I
was
wondering
if
we
are
just
moving
the
problem
space
of
putting
it
in
a
cluster
lcd
to
putting
it
in
a
different
lcd
which
is
solved
by
the
aggregated
api
server.
D
Yeah,
I
mean
that's
definitely
a
good
point
right
but,
like
I
guess,
with
the
reason
with
aggregated
api
custom,
api
server
is
because
we
have
control
over
that
front.
You
know
if
we
look
at
the
matrix
server.
If
we
look
at
some
of
the
service
master
solutions
out
there,
they
have
aggregated
api
server
that
don't
necessarily
store
things
into
scd
as
they
work
with
and
handle
and
manipulate
the
the
resources
objects
there.
D
So
I
mean
like
kind
of
going
back
to
what
they
were
saying
earlier.
They
might
become
a
more
you
know
like
the
balance
between
a
declarative
versus
an
imperative
kind
of
invocation
method,
yeah,
but
yeah.
I
think
that
definitely
agreed
against
someone
up
there
that
don't
really
don't
store
everything
in
general.
But
yes,
std
will
be
a
core
thing
in
there,
even
with
like
a
custom
api
server.
This
kind
of
what
does
sdk
is
gonna.
Ask
you
when
you
write
the
go
code,
it
was
gonna.
E
Well
hold
on
hold
on
so
so
for
the
aggregated
api
server
backing
like
the
change
block
list
it.
Wouldn't
it
doesn't
need
to
to
store
a
copy
of
it.
It
can
go
to
the
csi
driver
and
just
ask
for
things
on
demand,
and
that
was,
I
think,
what
we
were
thinking
of
doing
so
it
wouldn't
actually
read
at
all
store
it
someplace
and
then
serve
it
it
just
whenever
it
gets
requests
for
certain
types
of
change
blocks.
It
goes
and
asks
the
csi
driver
for
them
using
the
api.
That's
defined.
D
You
know
like
we,
we
can
talk
about
it
when
we
get
third
but
like
of
the
api
server
like
library,
like
they're
gonna
ask
for
references
to
std
whether
you
use
it
or
not.
It's
a
different
thing,
but
it's
part
of
the
setup
and
bringing
bootstrapping
the
api
server
is
gonna.
Ask
you
for
like
a
cd
path.
E
D
Right
yeah
so
yeah.
I
feel
like
we're
talking
about
different
levels
of
things
here,
but
like
yeah,
let's
yeah,
let's
pop
it
properly,
I
think
we
can
all
agree
that
the
goal
here
is
to
not
store
anything.
A
B
We,
when
we
decide
right
now,
we're
still
in
explorers
yeah.
A
B
A
Like,
even
if,
like
alternatives
or
things
like
that,
also.
B
A
Okay,
so
I
just
want
to
show
this
one
quickly,
so
this
one
it's
ready,
if
you
guys
want
to
take
a
look
and
provide
feedback,
and
then
we
will
submit
a
pr
to
get
us
merged,
basically
just
to
talk
about
what
we
did
last
year
right.
So
we
have
the
you
know
the
white
paper
and
caps
and
the
work
that
are
not
in
a
caveat.
You
know
we
have
cbd.
A
Okay,
so
now
we
have
there's
a
question
here
from
anja
now:
do
you
understand
the
highlight?
What
is
status
container
notify
cap
so
that
one
yeah
so
shanty,
and
I
need
to
talk
about
it
and
then
see
how
we
address
those
comments,
because
we
thought
we
have
addressed
those,
but
then
I,
but
definitely
there
are
reviewers
who
still
think
there
are
concerns
that
are
not
addressed.
So
we
just
need
to
go
back
to
that
and
think
about
how
to
address
those
comments.
Those
are
not
straightforward.
A
That's
why
we
did
not
get
to
that
immediately
so,
but
we
do
need
to
get
back
to
that.
Do
you
have
more?
Do
you
have
more
comments.
A
I
also
want
to
I.
I
also
want
to
ask
you,
so
I
know
that
we
we
do
that
because
we
want
to
be
able
to
request
the
application.
This
is
from
our
point
of
view.
Is
there
any
other
use
case
so
so,
for
example,
right
now
right?
That
is,
of
course,
a
better
solution.
It's
more
like
kubernetes
native
is
more
secure.
A
G
No
from
mine
there's
no
additional
requirement.
I've
been
just
I've
been
following
this
since
a
while
back
and.
D
G
A
A
We
got
we
have
a
up
and
down,
as
I
just
said,
yeah,
so
so
this
one
yeah,
I
think
it's
this
is
so.
This
is
not
part
of
the
content.
Notification
is
part
of
signal
right,
so
it's
pretty
hard
to
get
an
and
signal,
and
also
it's
actually
a
pretty
big
one.
So
we
need
to
address
their
concerns.
A
Yeah
just
really
just
need
to
think
about
how
to
address
those,
because
you
know
we
thought
it's
a
dress,
but
it's
maybe
it's
not
right.
So
there's
still
some
things
that
we
need
to
put
out.
Yeah
they're.
Also,
there's
also
there's
an
api
review
question
that
I'm
still
trying
to
figure
out
how
to
how
to
address
that
so
yeah.
So
that's
why
yeah,
but
we
will
get
back
to
that.
A
The
next
one,
okay,
so
you
have
a
question:
the
next
release
of
the
external
snapshotter
right,
so
that
change
got
emerged.
And
then
I
think
there
were
like
a
couple
bugs
resulting.
A
Fixed
now,
so
I
want
to
I'm
checking
with
the
person
who
discovered
the
you
know.
The
additional
bug
buy
that
buy,
that
origin
fix
just
to
see
if
things
are
running
fine
from
the
other.
E
A
Here
fix
one
thing
but
break
something
else
so
now,
for
so
normally
we
do
release
after
every
kubernetes
release
so
like
after
1.24
release,
we
normally
like
a
few
weeks
after
that
we
will
be
doing
a
snapshot
of
release,
so
that
will
be.
When
is
that
what's
the
ga
date
for
is,
that
is
that
I
think
the
19th
of
april
right
so
probably.
A
A
G
Most
of
the
failure
scenarios-
it's
it's
gets
triggered
so
we
have
been
facing
this
and
I
think
it
did
not
get
caught
till
now,
because
not
a
lot
of
people
were
using
it.
So.
A
A
D
C
G
A
G
E
A
Okay,
so
I
was
thinking
so
we
could
cut
a
patch
release
in
the
5.0
and
maybe
possibly
in
the
four
dot
x
branches.
If
this
is,
I
think
this
is
a
problem
that
has
been
there
since
very
early
since
the
beginning,
so
maybe
the
photo
we
which,
which
release?
Are
you
using
currently.
G
A
What
makes
sense
to
cut
a
release
for
all
the
stable
branches,
but
like
for
the
food
that,
oh,
I
think
we
we
just
recently
cut
a
patch
release,
but
but
I'll
see
so,
okay
yeah.
Maybe
it
still
makes
sense
right.
So
if
we
want
to
release
this
on
5.0,
maybe
it
also
makes
sense
to
release
this
on
5.x,
okay,
I'll
I'll,
see.