►
From YouTube: Data Protection WG's Meeting for 20200311
Description
Data Protection WG's Meeting for 20200311
A
A
So
today,
at
first
I
was
just
gonna
update
and
keep
calm.
I
think
everybody
knows
that
it's
postponed
to
July
August
and
we
have
not
seen
the
date
set.
So
the
final
data
of
the
weather,
it's
July
August,
is
not
said
yet.
So
there
was
a
link
there.
They
will
keep
update
later
and
there
is
one
item
from
Galicia
but
she's
not
here
today,
so
we're
going
to
do
that
next
time
and
so
xiaochun
is
going
to
talk
about
application.
A
B
B
B
Thank
you
thanks.
I
can
sit
anyone.
Anyone
problem,
if
not
I,
would
move
forward.
I
can
see.
It
sounds
good.
I've
already
shared
it
back
to
the
group,
the
entire
group,
everybody
should
have
access,
read
our
update,
the
link
in
today's
meeting
so
background.
Two
weeks
back
Morton
we
buy
the
Morton
to
give
us
a
talk
about.
B
So
just
to
give
a
little
bit
of
background,
we
can
actually
probably
skip
all
this.
All
this
background
going
on,
got
long
cause,
etc,
etc,
because
people
can
read
letter
but,
more
importantly,
we
want
to
figure
it
out
is
one
of
the
problems
we
are
looking
to
solve
is:
how
do
we
effectively
take
an
application,
consistent
snapshot
or
backup
in
a
Canary's
environment,
so
to
solve
this
problem?
One
of
the
first
problem
we
need
to
solve
is
like.
Okay,
here
are
some
of
the
your
here's.
B
The
Yoko
Canaries
coaster
and
here
is
a
exhausting
list
of
resources.
But
what
are
the
resources
that
constitute
this
application
and
we
need
kind
of
a
group
in
Mac
Hanlin
that
gives
you
back
a
list
of
resources
that
I
can
define
an
application,
that
lists
of
resources
could
be
a
deployment
plus
some
PVC
for
some
secret
prison
service
account,
etc,
etc,
or
it
can
be
simply
just
a
set
of
deployment
or
steadfast
etc.
So
sick,
abs
application
does
give
you
this
kind
of
grouping
concept.
B
B
So
here
our
folks
on
the
six
advocate
a
sick-ass
application
in
terms
of
resource
group
in
the
application
API
defines
the
resource
that
can
be
at
will
be
grouped
into
an
application.
Using
a
combination
of
group
kinds
plus
labeled
I
was
Morten
mentioned
in
the
last
session
is
exactly
is
that
oh
one
of
the
things
is
that
the
they
offers
also,
this
interesting
idea
of
adding
ownership.
B
The
application
API
can
create
a
controller,
can
claim
ownership
to
the
resources
you
labeled
correctly
so
that
later
on,
they
can
do
a
interesting
gadget
collection
on
top
of
that
and
on
top
this
is
basically
things
like
our
last
time.
What
I
want
to
focus
more,
could
you
go
down
a
little
more
Christian
is
this,
which
can
cover
too
much
in
the
in
last
session,
which
the
stylist
field
a
little
bit
more
piece.
B
Every
single
application
they
will
have
a
status
field
and
again
this
status
field.
They
a
couple
fields
that
we
might
be
interested
for.
The
reason
why
I
mentioned
in
over
here
is
connecting
the
scenarios
within
when
taking
a
consistent
application,
snapshot
or
backup
an
xq,
pre-hook
or,
and
the
post
cook
might
be
needed
to
kind
of
freeze
the
application,
but
when
to
run
this
hook
is
normally
a
big
question.
For
example,
your
stead
for
said
miss.
B
Do
you
know
a
stage
of
or
empanadas
and
bring
up
all
the
parts
in
this
case,
even
if
you
issue
a
cook
execution
to
a
certain
container
within
that
part,
most
likely
will
fail,
because
the
part
is
they
are
not
in
a
ready
status
in
the
epoch,
Asian
API,
they
are
a
couple
fields.
Why
is
the
so-called
components
ready?
B
And
the
second
is
conditions-
and
the
third
is
the
condition
list
which
gives
you
a
nice
overview
of
how
healthy
it
is
for
this
particular
application,
how
it
works
that,
for
the
components
ready
it's
kind
of
a
global
view?
Basically,
what
I
would
give
you
is,
for
example,
if
you
label-
let's
say
ten
resources
that
belongs
to
an
application.
B
Then
it
gives
you
back
how
many
of
them
are
ready
and
how
many
been
my
in
total
for
a
time,
total
number
will
be
ten
and
ready
number
would
be
line
or
something
that,
until
it
reached
to
a
point
where
you
feel
comfortable
about
all
the
containers,
you
are
looking
to
execute
post
or
pre
hooks
in
the
already.
You
probably
should
not
kick
off
the
application
snapshot.
B
The
link
has
been
posted
in
chard,
I'm,
sorry
and
then
is
a
condition
field
and
this
field
its
new,
an
overview
about
the
whole
application.
The
component
list,
however,
recalls
the
status
begin
dying,
JSON
object.
It
recalls
the
status
of
every
single
component
that
constitute
the
the
application
are
the
criteria
of
defining
whether
an
application
is
ready
or
not.
I
have
a
link
over
there.
It's
basically
follow
the
you
will
click
on
the
link
Christian
this
way
yeah.
Thank
you.
B
It's
basically
for
the
kubernetes
time
away,
for
example,
for
deployment
they
verify
these
status
started
a
staff
poster
to
verify
this.
That
is
a
make
sure,
there's
enough
very
cards
and
ready
replicas,
except
that
is
Ronnie,
but
for
not
careful
component
that
is
not
listed
over
here,
for
example,
a
pair
or
a
pod
or
some
PVC.
Then
you
realize
understand
that
the
way
I
can
post
the
code
later.
A
B
A
B
B
B
Thank
you
so,
though,
basically,
when
we
try
to
take
a
application,
consistent
snapshot
or
backup,
the
couple
steps
need
to
happen
right
again.
This
is
not
strictly
ordered
and
thus,
since
question
over
there,
we
probably
want
to
quiescent
our
uncle's
an
application
before
and
after.
We
probably
also
want
to
snapshot
and
backup
the
config
data.
Basically
the
resource
definition
of
an
application
within
this
kubernetes
cluster.
We
my
or
we
bunk,
was
natural
and
backup
the
volume
that
is
serving
the
data
purpose
for
this
application
and
then
eventually,
we
want
to
impress
the
application
again.
B
Those
steps
may
are
not
in
strict
order,
because
for
different
considerations,
for
example,
you
might
choose
to.
We
can
choose
to
snapshot
the
configuration
first
and
then
quiz
the
application
and
then
take
warning
backups
and
snapshot
you
to
reduce
the
end-to-end
agency
enter
and
emergency
in
terms
of
a
cook
execution,
and
it
is
not
a
decided
or
it
strictly
order
procedure.
But
those
are
the
steps
we
want.
B
You
we
want
you,
we
need
your
photo
right
and
then,
if
you
look
back
whether
we
are
looking
to
so
with
the
application
API
over
here
is
really
about
two
things
right.
One
thing
is:
how
do
we
effectively?
Does
it
give
us
sufficient
kind
of
you
know,
support
in
terms
of
resource
group
in
that's
the
first
thing
and
second
things:
how
much
we
can
leverage
is
status
field
to
do
queries
and
run
queries
of
replication
so
moving
to
the
consideration
pieces
so.
D
B
B
In
short,
it's
basically
a
system
that
can
gives
you
get
ops.
The
continuous
deployment
and
upgrading
experiences,
so
how
it
works
is
that
it
maintains
externally
managed
basically
manage
my
github
manage
the
repository
that
tells
the
flux
system
went
to
hell,
went
to
pool
you.
Can
complete
flux
actually
went
to
poor
the
latest
updates
from
your
jihad
jihad,
a
similar
thing
can
be
applied
over
here.
B
How
about
we
maintain
a
user,
maintains
a
exhaustive
list
of
resources
that
can
be
used
in
the
data
protection
context,
which
means
that
they
will
have
full
access
to
what
to
watch
a
snapshot.
What
to
backup
and
and
this
management
of
the
manifest
is
out
of
Pandaria
of
kubernetes.
In
this
way,
they
don't
need
to
touch
any
of
the
kubernetes
resources,
but
just
ignore
some
kind
of
system
that
hey.
This
is
a
resource
who
I
I
need
you
to.
B
This
is
basically
a
combination
of
resource
grouping
plus
some
actions,
and
that
requires
probably
a
new
API.
Maybe,
let's
take
all
protected
application,
I,
don't
know,
what's
name
unreadable
name
in
and
this
will
trim
away
some
of
the
unnecessary
fields
in
the
corona.
Stick.
Apps
application,
however,
keeps
the
group
in
a
resource
grouping
using
labels
and
the
group,
clients
plus
define
the
actions
like
I
want
to
execute
this
hooks
to
remind
shot
of,
or
this
is
a
snapshot
action.
B
That
is
a
backup
action,
and
this
is
another
model
so
because
of
the
time
limitation,
I
only
did
kind
of
comparison
between
the
option,
a
and
also
see
gaps
applications.
You
see
what
are
the
advantages
and
the
would
are
the
limitations
that
seek
absolutely
I.
Has
this
from
my
perspective,
so
where
we
are
Christie,
C
caps
API
will
be
managed
and
maintained
by
cigars.
So
this
is
a
huge
advantage
actually
to
me.
So
that
means
we
kind
of
have
this
piece
taken
care
of.
B
It
does
provide
application
abstraction
to
group
resource
in
a
native
okay,
kubernetes
constructor
that
data,
basically
the
API
yourself
in
the
States
status.
You
know
compared
to
option
age.
If
we
remember
the
externally
managed
list,
we
don't
have
any
status
that
you
can
rely
on
in
that
in
that
model.
B
In
this
case,
the
application
API
seems
to
provide
you
some
kind
of
rich
information
with
regarding
to
all
the
component
at
the
health
needs
over
all
the
components
and
may
give
you
some
hint
in
terms
of
when
to
conduct
certain
options
as
a
certain
certain
actions,
but
it
does
face
some
quite
some
limitations.
Actually,
if
you
go
down
a
little
bit
more
Christian
that
the
first
thing
is
that,
if
you
look
at
the
current
resource
group,
McKenna
do
I
believe
it
is
a
combination
of
group
kind
plus
a
selector.
B
So
this
does
require
users
to
manually
label
all
top-level
resources.
This
is
this
applies
to
both
existing
workload
and
a
new
workload.
So
you
gonna
to
tell
the
application
controller
some
kind
of
label
they
can
use
to
grab
all
the
resources
around
the
application.
That's
the
first
thing
compared
to
option
a
option,
a
basically
the
user
has
to
after
that
detailed
exhaustive,
manifest
for
the
first
time,
and
this
thing
can
potentially
be
a
template
that
later
on
can
be
applied
to
to
others
as
well,
and
the
second
thing
is
which
is
concerns
me
the
most.
B
Is
this
no
guarantee
a
loan
that
labels
on
the
top-level
resources
will
bubble
down
to
the
labels,
the
top-level
resource
that
the
resource
that
to
that
the
top-level
resource
Orleans?
If
there's
a
template
involved
in
a
top-level
resources?
This
is
the
worst.
This
is
even
worse
for
newly
credit
workload.
If
we
are
using
stead
for
said,
for
example,
you
you
typically
use
a
PVC
template
right
for
newly
created
a
wall.
If
you
specify
the
name
in
the
first
place.
B
Yes,
the
label
will
bubble
down
by
the
grip
by
the
state
for
said
controller
two
other
pieces,
even
though
you
are
using
a
PVC
template,
that's
less
of
concern.
What
I'm
more
concerned
about
is
for
existence
that
for
workloads
exists
instead
work
workloads,
even
though
you
you
modify
the
state
for
set
to
add
and
label,
so
that
application
can
claim
this
debt
per
set,
but
I'll
label.
B
B
So
that's
actually
the
things
one
of
the
things
that
bother
me
most
when
the
application
API
not
to
say
if
you
have
some
custom,
CRTs,
that
defined
by
user
themselves
or
some
third
party
and
then
the
application
API
won't
be
easily
able
to
discover
all
the
they
need
to
mock
into
that
consisted.
This
application.
E
So
for
that
issue
that
you're
talking
about
where
it
wouldn't
bubble
down,
are
you
thinking
I'm
not
quite
clear
on
it?
Are
you
saying
that
for
an
application
that's
already
running,
is
it
already
has
all
the
Peavey's
and
everything
or
allocated
for
it,
and
then
you
try
to
fit
it
in
and
then
you
try
and
apply
an
application
CRD
to
it.
E
B
B
B
A
B
D
What
I
meant
I
mean
I?
Think
if,
if
stateful
sets,
the
controller
is
creating
dependent
objects,
then
you
know
we
could
work
there
to
see,
make
sure
that
they're
they're
discoverable
and
they
fit
into
a
fit
into
this
model,
because
even
if
we
go
with
some
other
scheme,
even
if
we
don't
use
the
application
CID
as
a
grouping
mechanism,
this
is
always
going
to
be
an
issue
fair
enough.
So.
A
D
But
I
know
canister
I
think
all
of
these
are
actually
doing
have
logic
where
they
discover
PVC
is
attached
to
step
aside
and
I.
Think
there
is
I.
Think
they've
mentioned
this
in
the
last
meeting
that
if
we
don't
solve
this
in
some
way,
where
all
everybody
who
implements
something
around
data
protection
is
going
to
have
to
implement
that
logic.
That's.
B
D
B
C
B
F
B
F
I
guess
I'm
I'm
very
off-topic
there,
but
the
the
difference
between
the
stateful
set
and
the
pod
there
is.
You
don't
want
to
like
throw
away
your
your
PV,
because
the
label
changed
because
you
don't
want
to
put
away
your
PV.
You
just
want
to
add
it.
If
possible,
you
just
want
to
add
a
label
to
it.
That's
the
change.
I
think
we
would
want
to
see
here.
F
E
I
think
it'll
be
interesting
to
see
which
direction
the
market
pushes
us.
You
know
like
from
the
from
the
VMware
side:
we've
traditionally
done
things
like
snapshot
and
backup
VMs.
In
some
cases,
even
the
vm
memory
state
I
think
we
want
to
you
know
from
the
kubernetes
existing
kubernetes
side.
That's
all
like!
Oh,
why
would
you
want
to
do
that?
But
customers
may
push
us
in
that
direction.
So.
E
E
E
B
E
B
Then
we
should
maybe
we
should
push
back.
Then,
let's
see
like
yeah
two
more
minutes.
Let
me
finish
everything
another
things
I
have
with
with
application
API
it's
majorie.
It
does
contains
a
lot
of
useful
information
for
UI
rending,
but
those
information
are
just
not
relevant
in
the
data
protection
kind
of
context.
If
you
look
around,
they
contains,
for
example,
icons
who
are
the
maintenance
of
a
certain
image,
etc,
etc,
and
this
is
a
big
section
of
the
API
itself
and
there's
another
thing.
B
Third
thing:
it's
not
has
not
been
very
well
wildly
adapt
at
this
moment,
probably
because
it
is
all
still
on
beta
I,
don't
see
a
lot
of
references
on
github.
That's
based
on
my
my
search
and
the
full
thing.
It's
how
much
support
this
is
definitely
something
I
me.
My
they'll
still
need
to
look
into
deeper
about,
in
short,
help
chart
allows
you
to
group.
B
Let's
let
me
put
this
way:
it's
a
slightly
different
model
than
the
application
API
it
for
for
hem
chart,
so
applications
can
be
part
of
a
ham
chart,
but
not
vice
versa.
At
this
moment,
that's
tending
so
you
didn't
that.
How
do
we
effectively
model
around
him?
Charts
it's
gonna,
be
challenging.
I
haven't
figured
out
a
way
model
yet
on
this
piece.
Anyone
has
any
idea
it's
more
than
welcome.
It's.
G
B
E
This
is
maybe
a
little
off-topic,
but
similar
topic
actually
got
an
interesting
request
from
a
customer
the
other
day
and
they
said
that
they
wanted
their
helm
tarts
to
continue
to
track
with
the
kubernetes
objects
after
they
done
a
backup
at
every
store.
So
right
now
they're
seeing
a
problem
that
if
they
back
up
and
then
restore
the
helm,
chart
is
disconnected
and
no
longer
manages
the
application.
Are
the
kubernetes
objects.
E
E
C
D
D
B
B
We're
similar
that
yeah,
it's
certainly
not
a
replacement
of
helm.
It's
just
we,
you
know.
If
this
is
the
model
we
need
to
take,
we
need
to
find
a
way
to
connect
the
dots.
Basically,
as
you
said,
applications
are
they
just
manifest,
plus
some
metadata
information
whole
application.
If
we
take
a
look
at
the
descriptors
piece
right,
it
says.
Oh,
this
is
my
wordpress
application
and
those
are
links.
B
Those
are
the
keyword-
and
this
is
my
version,
cetera,
et
cetera
and
those
piece
of
information.
How
much
does
doesn't
maintain
this
piece
of
information
as
well
right,
I,
just
I
haven't
got
my
head
clear
around
how
this
how
the
application
API
could
be
used
to
support
hum
well,
but
again,
I
didn't
get
enough
time
to
think
it's
as
well.
I.
B
B
A
I
H
I
I
J
H
H
There
will
be
a
central
controller,
there
will
be
a
sidecar
controller
and
there
will
be
drivers
which
will
implement
the
business
logic
bucket
provisioning
per
objects
or
vendor.
The
sidecar
will
be
deployed
with
the
driver.
Excuse
me
in
the
same
pod
and
will
communicate
over
AG
RPC
interface,
we're
calling
it
cozy.
The
container
object,
store
interface,
and
the
discussion
thus
far
has
been
pretty
lively.
There's
been
a
lot
of
interest
in
six
storage
of
late
in
something
like
this
and
a
lot
of
support
for
it.
H
Some
of
the
the
chief
goals
here-
yeah,
not
gonna,
subject
you
guys
to
reading
all
this
stuff
verbatim,
but
we
want
to
provide
strictly
a
coordination
control
plane
for
object
storage.
We
are
not
trying
to
provide
a
data
path
that
being
a
alternative
or
a
wrapper
or
a
shim
for
s3
GCS.
As
your
blob
excuse
me,
that
is
something
we
feel
like.
H
H
The
static
case
assumes
that
there
is
no
driver
available
for
an
object
store,
and
so
we
still
want
to
be
able
to
give
users
the
ability
to
integrate
their
buckets
into
the
cluster
and
the
some
of
the
automation
will
be
handled
by
the
central
cozy
controller.
There's
not
going
to
be
a
sidecar
there's
some
expectation
of
manual
work
for
the
administrator,
or
they
will
define
a
this
part
of
the
design
still
low
up
in
the
air,
but
either
will
say
a
bucket
class
to
represent
this
back-end
bucket.
H
It
goes
in
and
they'll
define
a
secret
containing
access
credentials
for
that
bucket.
A
new
connection
requests
will
be
handled
by
copying
this
secret
to
the
users
namespace,
so
that
a
user
can
still
interact
at
the
kubernetes
level
and
make
requests
for
connections
get
credentials
to
make
that
connection.
So
it's
a
minimal
level
of
automation,
but
for
users,
interacting
with
object
stores
for
which
there
is
no
driver.
Yet
this
is
a
system
that
kind
of
gives
them
an
entry
point
into
the
cozy
ecosystem.
I
We
do
have
weekly
review
meetings
on
this
cap.
We
just
had
one
this
morning.
We're
going
to
have
another
one
in
about
a
week
and
John
will
set
out
an
invite,
so
I
would
say
that
either
if
you're
on
the
sixth
Oryx
list.
You
are
already
aware
of
this
and
if
you're
not
on
this
storage
list
and
this
interest,
you
either
join
Seng
storage
or
let
John
know,
and
we
will
add
you
to
the
calendar-
invite
for
the
next
formal
review.
H
I
H
I
A
H
Yeah
I
uploaded
the
last
meeting
to
YouTube
last
week
and
put
the
link
in
the
calendar.
Invite
all
I
didn't
know
if,
like
that,
would
be
kind
of
too
much
like
spam,
and
then
the
6th
George
I'll
go
ahead,
and
do
that,
though,
send
out
the
link
to
that
in
case
people
are
interested.
Okay,
I'll
just
make
that
a
periodic
habit.
I
A
H
I
Okay,
it's
cluster
wide,
so
we're
about
to
push
up
the
latest
changes
to
the
cap.
You'll
see
the
commit
for
that
and-
and
you
can
see,
there's
quite
a
few
changes
we
made
in
the
last
week
based
on
a
hundred
percent
based
on
the
feedback
from
the
first
formal
review
meeting
we
had
a
week
ago
and
yes,
the
name
space
was
a
big
area
that
we
address
namespacing
as
well
as
a
API
itself.
A
C
Have
a
quick
follow-up
question
for
Sean
just
to
clarify
something
in
the
doc
when
you
say
quiesce
on
quiesce,
are
you
talking
largely
about
generic
quiesce
on
quiesce,
like
freeze
on
freeze,
or
are
you
talking
about
application,
specific
things
as
well?
Like
you
know,
flesh
tables
with
relock
or
among
those
F
walk,
or
that
kind
of
thing
is
this.
This
is
general
or
specific,
its.
B
A
B
A
C
A
F
A
So
basically,
we
probably
talked
about
it
like
a
little
bit
in
the
beginning
when
we
first
started
this
meeting.
Of
course,
this
is
more
related
to
the
snapshot
you
had
so
far
and
its
relationship
with
the
volumes
there's
a
right.
Now
the
life
cycle
of
the
PCs
and
snapshots
they
are
independent,
but
I
think
there
are
some
storage
systems
for
some
storage
system,
they're
actually
dependent.
A
I
B
B
A
A
B
Feel
I
feel
this
is
this
finalizer
here
will
not
really
solve
the
problem
because,
because
finalized
you're,
previously
not
being
deleted
from
your
API
server
by
it,
should
not
interfere
with
the
external
probationers
work.
If
external
provision
assists
that
thing,
is
you
will
try
to
delete
the
P
window.
A
So
it
was
still
put
at
the
delay
in
time
statement
on
that.
You
see,
that
is
sure,
I
think
there's
also
there's
also
I
think
there
was
some
some
other
comments
here
saying
that
there's
the
one
problem
is:
if
you
want
to
do
a
like
the
in-place
restore
you
want
to
keep,
you
want
to
keep
the
the
PVC
name
or
something,
but
so
basically
let's
say:
if
we
don't
have
this,
this
proposed
a
new
finalize
a
thing
right.
Then
you
can't
delete
you.
A
Are
you
can't
believe
the
PUC,
but
you
can
still
have
your
PV
and
the
bottom
there,
and
then
you
can
create
a
a
new
PVC
v.
The
same
name
can
rebind
that
one
to
the
in
original
PDF
is
the
data,
and
then
this
way
allow
you
to
do
some
kind
of
restore
right.
So
this
is
a
can
restore
to
original
PVC
name
at
least,
but
then,
if
we
add
this
finalizer
than
that
I,
can
you
can't
leave
that
PVC
anymore?
A
E
So
I
see
us
from
our
side
from
like
the
VMware
sign
right
now:
everything's
a
local
snapshot
and
it
would
be
dependent
but
we're
working
on
mechanisms
to
make
them
independent
and
there
may
even
be
a
transition
period
where
you
know
like
something
is
being
copied
and
it's
currently
a
dependent
snapshot.
But
it's
going
to
change
into
an
independent
snapshot
when
the
copy
finishes.
Oh.
A
D
A
I
think
I
think
every
a
lot
of
store
system
have
this
problem.
Yeah,
that's
why
in
cinders
have
two
blocks
from
the
API
level?
It's
you
can't.
You
can
do
this
thing,
but
here
kubernetes
api
allows
this
but
yeah.
So
I
think
I
see
that
it's
already
almost
time.
So
this
is
an
open
issue,
so
I
know
there
are
definitely
problems
here.
We
don't
have
a
good
solution
yet
so
can
comment
down
comment
on
this
issue
and
we
can
look
at
this
later.
A
Okay,
so
so
sounds
like
this
one
yeah
this
this.
This
one
still
have
some
problems,
even
if
we
go
this
way
right
and
and
then
there
are
also
some-
there
are
also
some
issues
risk
by
ashish
under
external
snapshot
or
repo.
So
we're
going
to
talk
about
that
in
the
next
warding
snapshot
at
one
group
meeting,
which
is
Monday,
is
that
there
are
quite
a
few
I,
don't
think
it
fit.
We
can
feed
the
time
in
this
meeting.
So,
okay,
that's
how
I
have
anything
else.