►
Description
Kubernetes Data Protection WG Bi-Weekly Meeting - 21 September 2022
Meeting Notes/Agenda: -
Find out more about the Data Protection WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMware)
A
B
I
can
provide.
A
It,
maybe
let
me
stop
sharing
it
if
you
want
to
share
anything,
let
me
okay.
B
Yeah
I
can
quickly
just
share
my
screen.
Can
you
give
me
permission
to
do
that.
B
Let
me
just
yeah
hi
everybody,
just
a
quick
update
on
the
CBT
cap
and
this
past
week
I
submitted
a
PR
to
the
CSI
spec
on
repo
to
get
the
RPC
specification
review
so
far,
I
got
a
some
feedback
from
James
diffology
and
also
from
Humble
as
well
seems
like
the
I
guess
so
far
like
the
one
feedback
around
it's
around,
like
you
know
whether
so
like
basically
the
RPC
specs
like
they
are
again
just
identical
to
what
we
have
been
talking
about
for
the
past
couple
of
weeks
and
the
main
one
main
feedback
from
coming
back
from
James
is
around
like.
B
Do
we
really
need,
like
this
mode
property,
just
a
quick
reminder,
a
refresher
like
initially
we
thought
of
using
it
to
distinguish
between
block
and
file.
I
know
that
during
the
last
working
group
meeting
Frank
also
touched
a
little
bit
about
it.
There
seems
to
be
some
I
guess
like
work
in
progress
in
the
clarity
and
definition
of
what
like
block
file
mean.
Are
we
talking
about
Storage
level
I'll,
be
talking
about
something,
that's
more
in
line
with
what
the
persistent
volume
claim
or
snapshot
snapshot.
B
Things
notice,
I
think
what
James
is
saying
is
that
you
probably
donated
because
they
seem
to
think
that,
like
you
know,
the
storage
provider
should
be
able
to
figure
it
out
like
even
like
the
the
I
the
handles
and
the
IDS
of
the
snapshots.
B
B
Basically,
it's
just
I,
don't
have
enough,
like
data
points
around
whether
like
All
Storage
providers
will
be
able
to
tell
just
by
looking
at
the
snapshot,
ID
or
snapshot
handles,
whether
like
we
can
infer
that
okay
I
know,
this
is
a
block,
snapshot
or
I
know
that
this
is
a
file
snapshot.
You
know.
A
So,
let's
see
Frank's
not
here,
I
I,
remember
last
time
when
he
brought
this
up.
We
don't
really
know
who
can
support
us
yet
right,
even
for
Isola
I
forgot
what
he
said.
He
said
yeah.
B
He
I
think
he
gave
an
example.
A
A
C
Can
I
can
remember
okay,
Juan
said
the
EMC
right,
the.
C
A
Really
he
does
he,
but
I
thought
I
also
thought
there
was
something
we
also
talked
about
like
who
can
support
this.
So
I
I
don't
know
resist,
but
I
forgot
here.
D
Otherwise,
here
yes,
so
the
question
is:
if
you
want
to
make
a
distinction
between
no.
C
A
List
do
you
actually
have
support
for
that?
Remember,
your
API
is
not
really
open
or
something
you
don't
want
to
support
this.
D
A
You
know,
but
you
say
I
remember
you
guys
were
saying
you
don't
really
need
this,
you
just
every
time
you
take
a
snapshot.
You
automatically
determine
that
so
you're
not
going
to
implement
this
one.
Is
that
that's
the.
B
Yeah
I
mean
like
yeah
yeah.
The
Su
all
mentioned
the
example.
That
fungus
was.
You
know
from
like
one
one,
FS
I
think
it's
more
like
a
NFS
type
of
solution
and
then
by
this,
like
James
James's
point
is
like
regardless,
like
he
he's
wondering
like.
Oh,
he
thinks
that,
like
the
storage
provider
should
be
able
to
insert
and
detect
that
without
using
users
having
to,
and
then
we
kind
of
talk
about
this
too
right
like
if
we
put
this
here,
who's
gonna
provide
the
value
like.
A
A
B
Also,
over
a
bit
overloaded,
like
I,
mean
people
see
more
getting
tend
to
think
of
it
from
like
the
PVC
and
the
snapshot
like
how
it
is
currently
being
used
so
happy
to
remove
it
and
then,
like
you
know,
if
we
feel
like
it's
truly
a
need
for
user
to
provide
its
value,
then
we
can
add
it
later
and
later.
A
D
D
D
D
D
A
C
D
C
C
D
D
You
know,
like
I,
think
it's
a
different
use
case.
You
know
if
you
want
to
have
Because
deep
down
I.
Imagine
most
of
these
storage
vendors
I
mean
I,
can't
speak
for
all,
but
I
think
most
of
them.
They're
snapshot,
implementation
or
the
replication
engine
actually
is
at
the
Block
Level,
not
at
a
file
level,
but
there
may
be
some
exceptions
but
I.
Think
many
of.
D
B
Right:
okay,
Dave-
is
this
similar
to
how
we
do
it
for
casting.
C
Like
we
do
like
we
don't
track
at
the
moment
we
just
go
searching
so
there's
some
stuff
inside
of
VMware
that
did
file
file
based
tracking
between
snapshots,
I'm,
not
sure
if
that's
public
or
not,
you
can
imagine
doing
it,
but
it
really
like
you
know
it
is
going
to
be
a
a
consequence
of
how
you
implemented
the
snapshotting,
so
yeah
I
I've
built
file
systems
where
it
would
track
that.
But
many
don't
so
it's
probably
more
of
a
future
than
anything
at
this
point.
B
Yeah
I
think
nugget
I
kind
of
it's
starting
to
come
back
to
me
a
little
bit
as
well
I
think
part
of
the
influence
there
was,
you
know,
I
think
came
out
of
the
that
brief
conversation
around.
How
sometimes
like
you
know,
providers
may
like
put
a
lot
of
features
into
one
CSI
driver.
You
know
so
I
was
thinking
I
think
like
in
first
so,
for
example,
with
AWS
right
they
have
an
EBS
CSI
driver
and
then
they
have
an
EFS
CSI
driver.
B
So
yeah
completely
separate
right,
but
sometimes
I,
don't
I.
Think,
like
the
initial
discussion
way
back,
was
it
what
if
they
put
everything
into
one
CSI
driver,
then.
B
I
think
that
was
kind
of
what
influenced
like
this
this
property
again,
it
sounds
like
we
can
just
remove
it
for
now.
If
anything.
A
C
A
We
want
to
add
that
in
the
future
we
can
still
just
use
the
message.
I
was
just
I
was
just
thinking
out
loud
and
like,
but
we
don't
have
enough
use
case
for
this
one.
It's
not
clear
how
to
do
this,
so
I
yeah.
This
is
already
pretty
complicated,
I'll,
say
just
yeah.
Let's
start
with
something
simple,
yeah.
C
A
C
B
Okay,
yeah
that
sounds
good,
okay
now
and
remove
that
and
then
two
other
items
from
the
review
feedback
so
far,
I
think
I
think,
like
the
first
one
being
like
again,
the
the
naming
so
like
at
the
CRT
level.
B
During
our
like
last,
like
working
group
meetings,
we
talked
about
like
when
a
backup
software
or
users
create
or
submit
like
the
volume
snapshot,
Delta
CR
we
are
doing
gonna
use,
like
you
know,
a
create
slash
post
request
just
so
that
we
can
package
up
the
you
know
that
the
the
inputs
into
like
one
single,
like
payload
at
the
RPC
level,
like
after
looking
through
like
the
existing
specs
and
all
the
rpcs
I,
think
like
it
makes
sense
if
we
use
like
a
list
from
type
again.
B
This
is
just,
for
example,
naming
and
semantics
implementation,
one.
It
doesn't
make
a
difference.
It's
just
like
you
know,
instead
of
say,
like
a
great
snapshot
Delta,
you
know
if
I
follow,
like
the
existing
pattern
and
style
in
the
spec
I
think
it
makes
sense
to
call
it
a
list
snapshot
data.
But
just
because,
like
you
know,
for
example,
all
these
fields,
like
Max
entries
and
starting
token
they're,
all
existing
like
fields
that
are
like
tied
to
like
a
list,
RPC
call.
A
B
A
So
we
don't
really
have,
can
you
so
really
you
just
we
just
have
this
one
request
right.
Just
a
list
is
that
right,
yeah.
B
I
guess
so
yeah
but
like
if
we
let
me
just
do
I
have
to
yeah
I
do
have
to
cap
here,
but
again,
I
want
to
make
sure
we
are
all
on
the
same
page
on
this
to
design
detail.
So
we
talk
about
like
how
we're
not
gonna
like
we
try
to
follow
the
this.
Our
back
subject
access
some
review
type
of
mechanism
where
we
don't
when
we
do
a
create,
do
something
to
create,
but
we
don't
actually
persist.
This
volume
snapshot
Delta
resource
another.
A
B
B
B
Append
them
as
query
parameters
to
the
URL,
and
then
it's
like
the
the
spec
grow.
Then
you
have
to
keep
adding
more
parameter,
query
parameters,
URL
and
then
also
at
the
the
code
level
like
it
requires
us
to
use
more
like
the
lower
level
rest
API
on
the
clients.
C
B
You
know
instead
of
saying
you
know
like
controller
controller.create,
which
is
the
controller.res
start,
something
something
and
then
propose
kind
of
thing.
So
I
think
there's
some
like
you
know
just
some
preferences
to
not
go
down
to
like
the
risk.
I
think
so.
Those
are
the
two
main
reasons:
okay,.
A
Yeah
so
so
I
do
see
yeah,
maybe
yeah.
We
need
to
ask
other
reviewers
to
take
a
look.
It's
definitely
the
naming.
Definitely.
A
B
A
Right
right
because
otherwise,
normally
like,
if
you
have
a
crate,
you
would
also
have
a
list,
but
in
that
case
then
they
are
kind
of
identical
because
we're
not
really
generating
new
resources.
In
this
case.
C
C
B
C
B
So
I
think
that's
the
one,
the
one
main
thing
around
the
naming
and
semantics,
but
like
again
like
when
it
comes
to
the
code
level.
At
the
end
of
the
day,
it's
still
a
grpc
call,
but
I
just
want
to
be
more
consistent
with
the
existing
CSI
spec.
So
there's
a
second
or
the
last
item.
Feedback
was
like
I.
Think
humble
humble
is
assemble
on
the
call.
B
Call
okay:
he
just
mentioned
about
adding
like
a
secret
reference,
because.
A
They
so
some
drivers
need
to
pass
this
when
they
retrieve
anything
from
the
storage
system
yeah.
So
you
should
add
that
just
I,
don't
ever
since
I
call,
should
have
that
now.
Okay,.
B
C
B
A
A
B
Okay,
okay,
sure,
okay,
because
initially,
like
I,
was
under
the
assumption
that,
like
CSI
driver,
would
already
know
like
all
this
credential,
but.
A
A
B
Otherwise,
like
the
rest
are
pretty,
you
know
familiar,
you
know
like
getting
the
response,
so
we
talk
about
responses
like
the
responses
like
you
know,
the
volume
size
and
the
next
token,
if
there's
more,
this
is
where
the
pagination
comes
in
and
then
like,
and
we
have
a
repeated
lists
of
change
blocks
between
the
change
boxes
offset
this
the
size
of
the
block
and
optionally.
B
There
is
this
thing
called
token,
because
one
of
the
again
one
of
the
feedback
was
like:
how
do
we
make
it?
So
if,
for
someone
who
is
nothing
for
users
who
is
not
familiar
with,
CBT
is
like
they
would
look
at
all
this
response
and
they'll
be
like
okay?
What
can
I
do
with
all
this?
You
know
metadata,
there's
no
way
to
actually
get
the
actual
data
block,
so
this
token
is
I,
guess
inspired
directly
by
the
AWS
EBS
direct
API.
B
So
it's
like
it's
like
the
CBT
responds
like
AWS
gives
something
returns,
something
called
a
token
and
then
the
token
is
something
that
can
be
used
to
fetch
the
actual
data
block
using
another
API
endpoint
in
the
tokens
ephemeral,
and
it
left
for,
like
only
like
certain
number
of
seconds,
I
think
and
then
I,
don't
like
not
all
storage
provider
implements
this
okay,
so
this
is
added
here
as
an
optional
feel
like
for
for
storage
provider.
That
doesn't
provide
token
based.
Retrieval
then
like
it
would
be.
B
B
Just
this
little
blurb
here
saying
that
you
know
the
controller
plugin
must
not
attempt
to
retrieve
the
raw
data
blocks,
because
James
mentioned
to
me
that
this
is
that's
outside
of
the
scope
of
CSI
and
then
it's
up
to
the
storage
provider
to
decide
what
to
do
with
the
metadata
if
they
support.
Like
a
token
retrieval,
a
token
based
retrieval
method,
then,
is
there
inside
the
response?
C
B
Maybe
like
just
take
a
closer
look
at
this,
this
PR
and
you
know
at
comments
there
and
then
I
can
address
their
it
there,
but
otherwise
the
rest
is
pretty
familiar.
Hopefully
like
it's
based
on
what
we
have
been
talking
about
for
the
past
few
weeks
and
months.
Any
questions
about
the
CSI
spec
software.
B
Okay,
if
not
yeah,
I
think
the
one
last
thing
so
the
I
saw
like
the
issue
has
been
obtained
for
1.26.
There
are
some
updates
that
I
need
to
make
here.
I,
don't
know
if
some
funds
online,
but
so
I
can't
so
right
now,
like
I'm
he's
the
owner
of
the
issues,
so
I
can
really
edit
it
Shane.
Would
you
be
able
to
somehow
assign
me
or
give
me
permission
to
change
something.
A
A
C
A
B
I
can
oh
yeah
yeah,
okay,.
B
So
yeah
and
then
yeah
otherwise
also
like
I,
think
is
it
next
week
is
the
the
production
Readiness
review,
freeze
so
I
again
already
paying
like
John
Limerick
and
he
said
he's
going
to
take
a
look
at
it.
He
was.
He
helped
us
to
review
it
last
time
and
he
was
the
one
who
asked
us
to
revisit.
Reevaluate
the
aggregated,
API,
server
approach,
okay,.
A
Yeah
then
at
least
yeah
I
think
at
least
to
get
his
feedback
on
the
API
server
part,
the
aggregated
apsr
department,
so
that
yeah
yeah.
B
I
think
otherwise
the
finger
cross,
hopefully
like
we
can
make.
We
have
made
it
before,
like
the
prr
freeze
happen
and
then
get
it
into
the
enhancement
pipeline
before
the
enhancement
freeze
happened
so
yeah.
That's
it
from
me
that
does
anyone
have
any
questions.
Anything
in
particular
I'd
like
to
go
through.
C
Yeah
this
is
punkers
I,
don't
know,
I
mean
it's
not
a
question,
but
just
trying
to
get
the
information
about
how
how
this
can
be
used
end
to
end
with
both
kind
of
problems
lock,
as
well
as
file
I,
think
block
it
is.
It
is
fine,
we'll
get
this
change
blocks
and
on
top
of
that,
those
can
be
used,
but
for
file
mode
volumes
yeah.
So.
B
Yeah
file
would
be
another
cap
like
this.
This
cap
is
is
about
block
I,
think
like
fundamentally
like.
Basically,
we
try
to
make
like
the
aggregated,
API
server
as
simple
as
possible,
like
it's
just
like
you
give
it
a
volume,
snapshot
base
and
Target
IDs.
You
just
do
something
like
simple
validation
to
make
sure
those
resources
exist,
pull
out
like
to
see
just
find
out
where
the
CSI
driver
is,
and
then,
if
there's
any
like
input
parameters
in
it,
it
would
perform
this.
B
The
volume
snapshot
class
and
after
that,
you
just
package
the
whole
payload
and
then
send
it
over
to
the
CSI
driver
like
as
shown
in
this
diagram
here
and
let
the
CSI
driver
do
is
magic,
so
whether
it
is
block
or
file
finger
across,
hopefully,
like
you
know,
like
the
aggregated
API
server
can
continue
to
remain
as
some
as
simple
as
possible
and
let
the
CSI
driver
do
all
the
heavy
lifting
but
yeah
again
this
at
this
point
like
there
might
be
some
I
think
it's
like
I'm
just
grossly
over
the
high
level
oversimplify,
and
we
have
a
file
change
file
cap
coming
up
soon.
B
B
Yeah,
we
don't
yeah,
hopefully
we
you
know
what
we
do
here.
I
think,
there's
no
reason
why
it
cannot
be
reusable
file
and
let
the
CSI
driver
do
all
the
again
heavy
lifting
so
yeah
cool
yeah.
If
you
know
folks,
have
have
any
questions
or
things
that
they
want
to
go
through,
feel
free
to
ping
me
on
slack
that
we.
A
Okay,
so
let
me
go
the
second
cap
that
we're
targeting
the
warning
group
type,
also
we're
targeting
Alpha
in
1.26
release
so
yeah.
So
please
help
review
it.
This
this
card
actually
has
been
there
for
quite
some
time,
but
I
did
update
that
one
for
for
1.26.
So
that's
all
the
comments
are
addressed.
Just
a
reading
to
be
reviewed,
let.
A
So
there's
also
a
corresponding
PR
in
this
in
csi's
back
repo.
So
this
is
this.
A
So
in
the
scissors
back,
basically,
you
just
introduced
quite
a
few
offices
for
create
the
lead
volume
and
create
delete.
One
group,
Walling
group
snapshot
an
awesome
result.
There
is
a
method
for
modify
voting
group,
there's
also
list
and
get
methods,
although
I'm
not
sure.
If
we'll
need
both
list
and
the
get
I
mean
I,
think
I
will
only
need
to
call
one.
C
A
A
He
basically
I
think
he's
concerned.
Basically
his
question
was
like
well.
Why
do
we
even
need
to
have
a
group
as
the
first
class
Concept
in
in
CSI?
We
thought?
Okay,
can
we
just
add
group
name
as
attribute
and
volume
so,
but
the
thing
is:
if
we
just.
If
we
only
do
that,
then
it
will
be
not
possible
for
us
to
do
any
operations
at
the
group
level,
because
you
know
if
it's
just
everything
is
just
a
attribute
on
awarding.
A
A
If
we
do
not
have
this
concept
and
also
if
we
only
support
group
snapshot,
maybe
possible,
we
do
not
need
a
warning
group,
but
we
still
need
to
go
to
group
snapshot,
but
we
also
want
to
have
this
concept
to
be
generic
enough,
so
that
we
could
extend
it
to
support
a
replication
group
in
the
future,
and
so
for
that
reason
voting
group
results
are
needed.
So
that's
my
response.
I
have
not
heard
from
him
after
that,
but
that's
a.
B
A
I
think
yours,
yours
is
lesser.
I
think
this
is
okay.
A
B
A
I
think
it's
only
the
cat
one
had
that:
okay.
B
Okay,
so
in
this
case
yeah,
so
it's
like
there's
some
a
line,
one
once
1160.
does
that
also
match.
So
it's
the
same
one
as
the
one
in
the
RPC,
because
in
the
RPC,
like
you
know,
there's
no,
it's
a
controller.
Okay,
so
say:
okay,
okay,
because
inside
the
RPC
that's
the
the
prefix
is
missing.
I
just
want
to
make
sure
that
I.
A
C
A
Controller
controller
that
which
one
control
get
the
volume.
B
B
A
Oh
I
see
I,
think
the
I
think
when
we
do
the
when
we
do
make
it's
only
the
ones
in
the
in
the
you
know
in
the
code
block.
That's
why
this
one
okay,
yeah.
D
A
It
should
be
the
same
thing
so
so
fix
this
one.
Let's
see
so
it's
not
this
one
doesn't
have
it,
but
then
we
this
one,
has
it
yeah,
okay,
right
so
yeah!
Okay,
let
me
check
good
morning.
A
A
Okay,
anyone
else
do
you
have
any
comments.
Yeah,
please
help
review
so
either
you
know
the
the
cap
or
the
CSS
bad
PR
or
both
if
you
can
help
review
those
that
will
be
great.
C
A
Oh
and
and
another
change
that
I
just
made
yesterday
was
that
initially
there
was
a
there
was
a
proposed
change
in
the
PVC
spec.
So
when
we
add
a
PVC
to
a
one
group,
there
is
a
new
field
for
the
group
name.
So
when
you
create
a
new
PVC,
you
add
a
group
name
and
that
will
be
added
to
the
group.
So
now
I
changed
that
one
to
a
label.
This
way,
at
least
in
the
initial
proposal.
We
don't
need
any
entry,
API
changes
so.