►
Description
Kubernetes Data Protection WG - Bi-Weekly Meeting - 28 July 2021
Meeting Notes/Agenda: -
Find out more about the DP WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMware)
A
A
B
B
So
basically,
from
the
beginning,
we
come
up
with
the.
It
seems
to
be:
there's
a
need
in
the
community
that
we
should
have
a
way
to
back
up
more
efficiently
by
instead
of
backup
the
entire
value
we
just
want
to
see.
What's
the
difference
between
the
current
data
in
the
volume
and
the
previous
time
that
we
back
up
and
the
way
we
do,
that
is
that
we
compare
the
this
the
difference
between
two
snapshots,
the
current
one
and
the
one
that
we
use
to
do,
the
last
backup.
B
That's
a
differential
snapshot
between
two
snapshots
and
either
it
can
be
a
file
system
or
it
can
be
a
block
volume,
and
we
can
just
compare
the
change
in
these
begin
to
end
mark
up
the
specific
chain.
Only
if
it
is
a
block
device,
then
we
just
you
know
back
up
these
blocks
that
have
changed
now.
This
is
similar
to
many
vendors
that
offer
out
there
like
vmware.
B
B
So
all
right,
let
me
continue.
I
also
let
me
paste
that
link
in
the
chat
as
well.
So
the
suitcase,
let
me
double
check
that
make
sure
apply
to
the
right
document:
yeah,
okay,
so
the
req,
the
the
request
of
the
service,
will
specify
the
snapshot,
the
two
snapshot
id
and
the
volume
and
the
start
offset
of
that
of
that
of
that,
that's
it
and
it
can
be
from
beginning
or
it
can
be
somewhere
in
the
middle.
B
We
will
talk
about
that
a
little
bit
later
and
the
number
of
maximum
entry.
I
will
also
talk
about
that
later
too.
So
in
the
response
in
the
response,
it
will
be,
it
will,
including
the
trade
at
the
an
array
of
chain
blocks
and
the
maximum
maximum
entry
specified
in
the
request.
Here
is
the
maximum
number
of
chain
blocks,
as
specified
in
the
response,
just
in
case
that
it
has
so
many
chain
blocks.
B
The
response
would
be
zero,
but
if
it
is,
then,
if
this
one
is
one
of
the
response
in
multiple
immutable
response,
then
it
will
specify
that
the
next
object
will
specify
the
that
the
the
object
where
you're
going
to
start
the
next
difference
between
the
other,
the
next
next
okay.
So
this
this
net
offset
here
will
be
used
in
the
start
offset
for
the
next
request.
B
Otherwise
it
will
automatically
come
out
and,
as
you
can
see,
the
chain
blocks
right
here.
The
detail
of
eight
chain
blocks
will
be
specified
in
this
struct.
It
starts
with
the
offset
and
start
with
the
and
then
the
size
of
that,
so
that
this
way
we
can
accommodate
both
fixed
side
blocks
and
variable
side
block.
B
So
that
is
the
in
general.
Is
the
the
overview
of
this
api
that
we're
proposing,
and
I
we
received
various
a
lot
of
feedback
in
this
area,
and
one
of
them
that
I
want
to
point
out
is
that,
as
you
can
see
that
in
this
in
this
chain
block,
we
identify
the
the
block
by
the
offset
right,
and
this
one
might
not
work
this
one
works
with
vmware
cbt,
but
for
iws
it
might
not
work
because,
as
you
can
see
in
the
aws,
it
has
this
concept
of
tokens.
B
You
can
see
that,
instead
of
just
having
by
the
way
for
for
aws
they're
using
a
fixed
size
block,
so
when
they
specify
the
blocking
that's,
you
can
do
that
with
the
block
file.
You
can
go
compute.
The
offset
of
the
of
the
block,
however,
as
you
can
see
here,
cbt
also
is
using
a
concept
of
token
so
which
is
not
compatible
with
the
with
the
vmware
cbt,
and
you
can
see.
B
Vmware
cbt
only
have
the
start
offset
and
the
lens
right
so
one
I
think
someone
here
proposing
that
we,
instead
of
just
having
in
this
same
block,
I
think
I
think
sandeep
kumar
and
he,
as
you
can
see
on
the
screen.
He
also
suggested
that
we
shoot
at
a
an
opaque
field
into
the
chain
block
so
that
in
case
the
cvt
api
like
aws,
they
want
to
add
their
own
information
there
in
this
block.
B
B
So
if
the
vendor
wants
to
specify
the
block
a
little
bit
different,
they
can
just
simply
add
their
identifier
of
the
block
into
this
contact
here,
so
that
in
this
case,
if
the
vendor
doesn't
have
any,
if
the
vendor
go
with
the
standard
that
we
use
here,
then
they
can
ignore
this
context
block,
but
if
they,
if
they
want
to,
you
know,
add
additional
contacts
information
into
it,
they
can
add
it
into
this
opaque
field
that
that
we
have
here.
So
that
is
one
idea
that
sandy
kumar
proposed
here.
B
B
However,
if
what
if
the
request
only
specifying
one
snapshot
id,
then
what
should
be
the
return?
One
possible
answer
for
that
would
be
if
the
customer,
with
the
request,
send
only
one
snapshot
id,
then
the
return
would
return.
All
the
chain
blocks
would
in
that
snapshot,
that's
equivalent
to
like
a
shame
view.
B
A
A
B
A
B
Only
so
if
we
only
return,
you
know
the
snaps
different
between
two
snapshots.
If
you
don't
specify
them,
I'm
gonna
fail
the
request,
but
then
you
know
another
idea
I
heard
from
the
community
is
that
instead
of
failing
that,
then,
if
you
have
only
one
snapshot
id
then
just
return
all
the
the
block
that
chain
all
that
disease
in
that
snapshot.
So
I
I
don't
know
I
I
leave
it.
Is
this.
A
C
So
my
proposal
here
was,
if
you
set
the
second
snapshot
id2
to
ever
to
empty,
then-
and
you
specify
you
know
the
tracking
id
or
whatever
disk
id
in
snapshot.
One
right
then
you'll
get
back
just
the
allocated
blocks
of
that
snapshot.
It's
not
a
it's
a
difference
now
to
the
beginning.
Point
put
it
that
way:
okay,.
D
B
A
A
A
A
Yeah
fun:
do
we
also
have
kubernetes
apis?
Do
you
find?
I
have
not
looked
at
this
for
a
while?
So
I
don't
remember
the
stats.
So
I
think
we
only
have
this
honesty.
Oh
yeah,
we
haven't.
We
haven't
got
that
point:
okay,
yeah.
I
think
we
probably
we
need
that.
I
think
because
we
need
to
look
at
like
how
how
to
call
this
right
from
a
kubernetes
side,
car
or
something
some
controller
who
should
be.
F
A
D
Csi
specifically,
the
way
the
grpcs
work
is
the
vendor
controls.
What
sits,
on
the
other
end
of
that
socket
by
picking
a
sidecar
and
running
it
in
the
same
pod
and
wiring
it
up.
So
it's
secure
and
everything
but
yeah
once
you
want
to
plumb
it
out
to
some
other
application,
then
you
have
a
bunch
of
security
issues
and
data
transport
efficiency
issues
and
no.
A
D
A
D
A
D
With
that
is,
is
you
know
most
of
the
kubernetes
apis
are
relatively
lightweight
in
terms
of
how
much
data
gets
slept
around,
but
like
this
one,
even
though
you're
only
just
doing
a
list
of
blocks
like
for
a
100
terabyte
volume,
the
change
block
list
itself
could
be
gigabytes
in
size
and
so
pushing
that
through
the
kubernetes.
Api
might
still
be
yeah.
B
A
D
D
Going
on
we're,
like
whatever
was
cons
on
the
other
end
of
the
grpc,
socket
seeing
all
these
change
blocks
and
it
could
consume
right
there.
That
makes
sense
to
me
if
you
turn
around
and
try
to
push
it
into
cube
api
server
and
then
something
else
consumes
it.
On
the
other
end
of
q,
a
cube
api
server,
then
you're,
actually,
q,
api
server
is
in
the
data
path
and
you
have
a.
A
F
D
A
A
B
A
B
I
have
this
this
answer
here
for
this
page
of
where
we
can,
if
we
we
have
two
options
right
number
one
is
that
we,
if
the
natural
id
the
second
naturality,
is
no,
we
can
simply
scale
the
operation.
That's
one
choice.
The
other
choice
is
that,
if,
if
that
we
know,
then
we
return
everything
that
change.
Let
me
use
in
the
in
the
first
snapshot
at
the
beginning,
or
the
way
we
can
get
around
that
is.
A
G
A
G
F
I
I
The
full
messages
in
kubernetes
is
sort
of
extra
data
and
also
might
be
more
than
std
can
handle
what
about
having
a
kubernetes
service.
So
you,
you
know
it's
exposed
the
way.
Every
community
service
is
there's
a
standard
way
to
figure
out
the
ip
address
and
talk
to
it,
but
a
kubernetes
service
that
you
talk
to,
and
then
you
call
this
api
via,
like
http
or
grpc,
or
whatever
yeah.
I
D
I
B
B
In
in
that,
if
that
is
the
case,
if
we
want
to,
we
really
agree
that
the
cbt-
this
is
a
different
snapshot,
is
the
service
and
it
then
it
doesn't
matter
how
how
long
that
the
the
response
will
be
right
because
it
is
between.
At
that
point,
all
we
need
all
the
customers.
The
fire
needs
to
do
is
to
find
out
where
the
service
address
is
and
use
this
protocol
to
talk
directly
directly
to
the
service
to
query
the
differential
between
two
snapshots.
B
What
do
you
guys
think
we
should
decide
here
whether
just
return
all
the
chain
block
or
fail?
It
said
so
far.
We
have
two
options
right,
so
it
seemed
to
me.
It
seemed
to
me
that
the
suggestion
of
if
one
of
the
snapchat
id
is
missing,
we
decide
all
the
locks
that
change.
I
think
that
seemed
to
be
very
useful.
D
Right,
it
would
be
useful
if,
if,
if
the
vendor
can
support
it,
it
might
be
the
kind
of
thing
where
you
have
to
have
a
capability
bit
and
see
if,
if
the
machine
can
do
that
or
not,
and
if
not
you
just
return
an
error
and
say
you
have
to
specify
a
base
snapshot,
but
if
it
can,
then
then
you
get
something
I
mean
it
feels
like
a
nice
optional
thing
that
would
be
really
useful
in
the
cases
when
you
can
implement
it.
Okay,
no.
We.
D
C
D
D
D
C
C
A
So,
okay,
so,
let's
back
up
so
since
we
have
this
effect,
why
is
that?
We
can't
make
this
one
useful
for
the
case
that
car
is
talking
about
right,
so
you
can
so
the
first
snapshot
id
is
required.
The
second
one
is
optional:
if
it's
not
specified,
then
you
know,
then
you
just
return
all
the
change
blocks.
K
I
mean:
is
there
a
way-
and
maybe
this
is
I
I
worry
about
optional?
Is
there
a
way
to
have
sort
of
a
specific?
It's
probably
not
fair,
just
to
say
what
you
need
to
specify
some
value
to
say
yeah,
so
that
I
don't
accidentally
trigger
something
like
this.
That
would
because
I
agree
with
carl-
I
think
it's
a
super
useful
thing
to
have.
I
just
don't
want
to
accidentally
trigger
it
and
and
pull
all
the
pull
pull
that
just
because
I
had
a
malformed
request.
I'd
rather
explicitly.
A
F
F
G
F
F
H
I
F
K
I
I
imagine
the
storage
system
yeah
for
each
snapshot
holds
like
for
each
snapshot.
The
storage
system
has
like
a
pointer
to
the
the
parent
snapshot
and
then
a
list
of
blocks
changed
into
the
parent,
so
you
just
have
to.
In
order
to
get
the
reverse
list.
You
basically
have
to
walk
the
tree
and,
like
reverse
your
your
data
structure,.
K
A
K
K
A
M
K
A
A
K
That's
that's
true.
That's
true!
As
long
as
and
again
you
know
putting
putting
say
if
it's
a
snap
mirror
a
data
domain
kind
of
replication,
where
I
just
have
two
points
and
times-
and
I
diff
that's
true,
and
that's
where
I
think
the
storage
array
wouldn't
have
any
issue
in
either
approach.
There
are
other
approaches,
though,
where
I
know
they.
You
know
the
systems
sort
of
you
know
build
up.
K
You
know
sort
of
build
up
chains
of
changes
that
may
be
more
difficult
for
them
to
do
just
just
in
terms
of
managing
those
chains.
There's
there's
a
couple
of
storage
arrays
that
that
I've
seen
that
do
snapshots
really
only
move
forward
and
and
that
backwards
sort
of
here's
the
list
of
transfers
is
tricky
for
them.
So
I
would
agree
with
what
stephen.
C
D
Right
but
I
mean
we
could
we
could
write
the
grpc
definition
just
say
any
two
snapshots
and
then
it's
up
to
the
it's
up
to
the
vendor,
to
go.
Look
at
those
two
snapshots
and
sort
them
in
temporal
order
and
then
compute
whatever
it
is
because
again
it
doesn't
it's
not
going
to
affect
the
return
value.
It's
going
to
be
the
same.
So
as
long
as
we
just
say,
hey
the
user
can
support
any,
can
supply
any
two
snapshots,
and
just
you
figure
out
what
the
difference
is
and
no
guarantee
what
order.
D
C
D
Yeah
but
like
that
should
be
way
easier
than
the
job
of
actually
diffing
them,
so,
like
you're
gonna
have
to
do
that
work
anyways!
You
may
as
well
force
the
vendor
to
figure
out
which
one
is
the
older
one,
which
one
is
the
newer
one
in
their
particular
representation
and
do
whatever
they
need
to
do
to
pull
that
diff
back
out.
D
Yeah,
I'm
just
saying
that,
like
as
far
as
the
api
definition
is
concerned,
the
order
really
doesn't
matter
you're
going
to
get
the
same
results
either
way.
I
can't
imagine
an
implementation
of
destroyed
system
that
can't
figure
out
on
its
own
what
order
they
should
be
in
and
just
reorder
them
if
needed.
D
F
Kind
of
I'm
kind
of
thinking
from
the
end
user's
perspective
right
who
is
going
to
use
this
api
and
what
this
is
used
for,
if
reverse
order
works
for
sure,
as
you
said,
the
change
block
will
not
change
but
to
the
user.
It's
kind
of
useless
if
it's
reversed
and
mine
easily
can
make
mistake
based
on
the
return
result.
A
K
Yeah
so
to
some
extent,
then
I
mean
again
as
a
backup
vendor.
I
guess
I
I
like
having
the
extra
check
where,
where
the
system
tells
me
you
know
again
just
in
case
I
get
it
wrong.
I
guess
I
I
mean
I
I
guess
I
just
I
like
apis.
That
are,
I
guess,
more
prescriptive,
but
that
may
be
just
a
personal
thing,
but
but
you
know
so
to
your
question,
though
yeah
so
so,
basically
again
in
in
this
use
case,
what
I've
done
is.
K
K
If
and
then
I
have
the
new
base,
the
the
new
version,
I
took
what
I,
what
I
do
need
to
know
is:
okay,
the
changes
from
the
backup.
I
just
took
back
to
that
previous
point
in
time.
Here's
the
blocks,
I
apply
cool
now.
I
have
that
that
previous
that
previous
point
in
time,
so
so
similar
to
what
ben's
saying
it's
the
same
set
of
blocks,
whether
I
was
going
forward
or
backwards.
K
So
I
just
apply
those
blocks
to
my
my
backup
image
create
a
new
synthetic
and-
and-
and
I
just
mark
that
as
a
previous
point
in
time
or
or
what
have
you
so
where
it
gets
more
interesting,
then,
is
my
next
incremental
backup.
I
do
have
to
remember
that
my
next
incremental
in
my
cloud
is
based
on.
You
know
that
that
other
point
in
time
this
would
be
a
lot
easier
if
I
had
a
diagram.
F
Student,
the
the
tricky
thing
over
here
is
right
now
in
the
csi
specification.
If
you
do
at
least
snapshot,
it
gives
you
a
list
of
snapshot
ids,
but
it
doesn't
give
you
the
snapshot,
creation,
timestamp
right.
This
is
from
the
csi
from
the
storage
system.
It
is
gonna,
be
harder
for
the
backup
vendors
to
use
this
api.
If
this
information
is
not
exposed,
I
mean
I'm
totally
fine
if
we
want
to
expose
the
created
timestamp
in
the
from
the
storage
system
in
the
this
snapshot
api.
But
we're
not
doing
this
as
of
today.
D
E
F
A
B
G
B
G
C
A
A
K
G
K
C
C
I
think
we
would
need
to
know
right,
because
if
one
this
is,
I
mean
again
not
assuming
any
format
or
assumption
of
the
data.
If
we
were
to
read
the
raw
volume,
we
would
completely.
We
would
get
zeros
in
that
area.
If
we
were
to
create
a
synthetic
full
where
we
didn't
have
these
zero
entries,
we
wouldn't
get
zeros
in
that
area,
so
we're
wrong.
B
I
was
thinking
from
the
back
of
vendor
a
point
of
view
where
we,
after
we
received
these
chain
blocks
right.
They
made
it.
We
want
to
do
the
next
step,
which
is
backup
or
restore
these
blocks,
and
if
it
is
0,
we
want
to
optimize
that
we
want
to.
You
know.
Instead
of
transferring
a
block,
that's
always
0
we're
going
to
do
something
instead.
B
B
F
D
D
H
D
H
K
B
D
With
snapshot
id
1
or
snapshot
id
2,
well,
yeah
yeah.
So
so,
if
we
do
the
zeroing
thing,
then
the
order
matters
that
was
the
I
forget
who
said
it,
but
but
that
that's
one
case
where
you
actually
do
need
to
know
which
one
is
older
and
which
one
is
newer,
because
the
zero
bit
would
would
indicate
what
you
know
that
it
was
zero
in
one
of
them
like
the
newer
one
in
general.
B
B
F
D
G
D
F
D
F
D
D
F
D
F
B
Is
that
that's
okay,
they
put
some
contact
like
this
right.
Zero
out
is
a
boolean
right.
If
you
write
two,
then
this
block
in
this
snapshot
id2,
I
exclusively
spelled
out
here
zero
out.
That's
okay,
because
in
the
previous
one
I
explicitly
saying
that
snapshot
id2
is
the
this
might
be
a
little
bit
complex.
Is
that
is
a
later
in
tab.
So
if
we
reverse
the
order,
this
one
might
not
be
good.
H
K
K
We'll
see,
but
that
implies
time
right
so
if
we
say
base
and
target,
then
I'm
assuming
you
you
as
the
you
as
the
caller,
if
you're
calling
for
a
previous
point
in
time.
That's
fine
because
you've
told
me
that's
what
your
target
is
so
so
I
like
base
and
target,
because
it
really
is
saying
you
know:
here's
where
you're
starting
here's,
where
you're
targeting
and
and
ending
the
the
storage
vendor
can
say.
Oh
we
don't
support
going
back
in
time.
B
F
K
F
A
A
A
A
Sorry,
I
think
we
are
running
out
of
time.
Actually,
okay
yeah,
you
can
add
a
question
mark.
We
can
come
back
to
this
one
yeah
but
anyway.
Thank
you
very
much,
yeah!
Okay!
Thank
you
all
right.
I
think.
That's
it
right!
So
we're
running
out
of
time,
but
shenzhen
do
you
have
any
update
for
the
white
people
you
do
you
want
to
just
talk
about
that
next
time,.