►
From YouTube: Secrets Store CSI Community Meeting - 2022-01-06
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
everyone
welcome
to
the
csi
secret
store
community
called
today
is
jan
6
2022.
This
call
falls
under
the
cnc
of
code
of
conduct,
it's
recorded
and
will
be
published
to
youtube.
A
Okay,
let's
get
started
first
of
all
happy
new
year.
This
is
the
first
call
of
the
year
and
then
in
terms
of
announcements
we
don't
have
any
and
then
we
can
jump
right
into
the
agenda.
We
only
have
a
single
item
in
the
agenda,
so
it'll
probably
be
a
short
call,
but
if
there's
anything
else
that
you
want
to
discuss
feel
free
to
add
it
to
the
list.
A
So
the
one
item
that
I
added
was
a
user
opened
an
issue
on
github.
So
today
the
sockets
that
we,
the
directory
that
we
use
for
configuring
the
providers
socket
path-
is
slash,
apc,
slash
kubernetes,
which
is
basically
using
the
path
that
was
used
before
when
we
were
following
the
binary
approach
for
invoking
the
provider
right
and
then
the
issue
that
they
opened
was
in
general,
we
should
be
using
var
run
for
placing
the
sockets
one
thing
is
today
we
allow
this
value
to
be
configurable
in
the
head
chart.
A
But
since
this
is
a
breaking
change,
I
wanted
to
bring
this
up
in
the
call
and
see
what
everyone
else
thinks,
because
the
user
also
opened
a
pr
for
it.
So
if
this
is
something
that
we
want
to
support
as
a
breaking
change
and
make
it
in
1.1,
we
can
do
that,
but
I
would
just
want
to
bring
it
up
for
discussion.
B
Yeah
I'm
still
reading
it.
C
Seems
reasonable
to
me,
I
yeah,
I
don't
have
any
objections
I
think
yeah,
given
that
it's
already
configurable,
we
can
do
a
reasonable
job
of
cutting
cutting
users
over.
I
guess
yeah
it'd
be
good
to
outline
exactly
what
we'd
do
like
yeah
would.
Would
we
be
able
to
do
it
in
such
a
way
that
users
don't
have
to
change
anything
but
just
have
to
upgrade
a
provider
and
a
driver
in
sync
or
something,
or
would
it
be
more
involved
than
that.
A
Yeah,
I
think,
if
they
use
the
old
driver,
so
like
1.0,
has
the
default
value
of
etsy.
Kubernetes
secret
store
csi
providers.
So
if
they
install
the
older
version
and
the
newer
version
of
the
provider,
then
it
can
fail.
A
So
basically,
there
has
to
be
a
note
for
the
driver,
saying
up
for
the
user,
saying
if
you're,
installing
less
than
1.0
less
than
equal
to
1.0
of
the
driver,
then
make
sure
that
you
set
this
particular
flag
to
slash
wire,
slash
run
in
the
driver
when
you
deploy
it
because
the
new
provider
uses
that
and
then
vice
versa
right
if
their
driver
they're
deploying
is
latest.
A
But
if
they're
trying
to
deploy
the
provider
version
that
still
uses
slash,
etc
kubernetes
for
the
socket
path,
then
we
just
need
to
define
that
in
the
documentation.
So
I
think
it's
mostly
something
that
has
to
be
documented,
saying
that
there
is
this
discrepancy,
but
also
if
they
deploy
both
of
it
in
sync.
So
if
they
deploy
1.1
for
driver
and
newer
version
of
the
provider,
then
it
will
just
work
out
of
the
box.
B
Sorry,
I
think
I
only
heard
about
half
of
what
you
said
initially
like
only
processed
about
half
but
pulled
up.
Basically
the
gcp
one
to
look
at
it,
and
I
don't
know
that
we
would
want
to
require
both
things
to
be
upgraded
like
we
may
want,
like.
B
C
C
B
Yeah,
I
think
we
would
probably
just
yeah,
want
to
expand
it
so
that
it's
more
backwards
compatible
to,
like
you
know,
n
minus
one
version
of
the
providers,
kind
of
thing.
A
C
But
if
it
comes
from
the
provider
side,
which
is
the
client,
then
then
I
think
that
avoids
the
need
for
multiple
amounts
right.
Is
that
what
you're
suggesting
tommy
so
that
the
the
provider
checks
for
multiple
paths
and
the
the
driver
just
switches
over
to
the
new
path
like
once?
The
providers
have
had
a
chance
to
get
one
one
version
ahead.
C
Basically,
so
that
we
release
say
yeah
say
like
the
next
vault
provider
release
checks
in
both
the
current
location
and
the
planned
new
location
that
gets
released
and
then,
like
once
we've
gone
past
one
release
cycle,
then
the
driver
cuts
over
in
the
release.
After
that,
that's
what
I
understood,
but
maybe
I
was
wrong.
C
B
C
B
I
think
it
might
be
an
easier
path
for
yeah
the
driver
to
try
creating
clients
against
two
paths.
B
A
Yeah,
if
we
are
going
to
do
that,
I
don't
even
think
we
need
to
do
the
clients
for
multiple
paths
like
when
we
created.
We
can
just
start
and
then
do
that
because
we
create
the
client
today
only
when
the
first
request
for
that
provider
comes
in.
So
when
the
first
request
comes
in
the
hope
is
the
provider
is
already
running,
because
otherwise
the
request
is
going
to
fail.
Anyways.
B
B
Oh
okay,
so
for
the
just
our
meeting
notes
I
was
gonna
say
I
think
it's
like
a
reasonable
change.
B
Or
multiple
paths
for
a
path
to
like.
B
It's
not
zero
downtime,
but
path.
Two.
B
Where
are
the
other
just
like?
I
think
there
are
a
number
of
unix
sockets
created
for
like
the
cubelet
and
the
csi
driver
like
node,
registrar
and
stuff,
like
that?
Are
those
all
in
far
run
no.
A
Good,
yes,
I
think
we
also
have
a
pr,
so
we
can
take
a
look
at
that
and
then
see
if
we
can
go
with
that,
so
maybe
we
can
guide
them
to
the
change.
If
not,
we
can
just
make
the
chain
for
the
next
release.
B
Yeah-
and
I
guess
that's
the
other
thing
in
their
issue-
they
mentioned
like
2.0.
B
We
think
this
can
be
a
minor
revision.
Is
that
what.
A
A
E
A
B
I
don't
think
so.
I
think
it's
it's
been
a
while,
since
our
1.0
release
I
saw
and
that
she
had
made
a
few
like
cve
updates
like
do
we
need
to
do.
We
need
to
get
our
lace
out
before
we
get.
You
know
like
it's
depending
on
how
quickly.
A
Yeah
I
mean
for
the
cves.
Probably
we
can
cut
a
patch
release.
Maybe
we
can
do
that
1.0.1
this
week.
What
do
you
think.
B
Yeah,
that
might
be
good
to
just
like
a
new
year.
It's
been
a
while
practice,
or
at
least
two
yeah.
A
Sounds
good.
We
can
do
that,
so
we
can
plan
that
for
this
week.
Oh
it's
already
thursday.
Okay,
so
we
can
plan
that
for
maybe
next
week,
okay
yeah.
So
I
will
open
the
pr
to
cherry
pick,
some
of
the
cve
fixes
and
then
we
can
cut
a
release
and
then
I
think
for
1.1
it's
so
this
var
run
is
one
and
then
the
token
request,
client.
I
am
making
changes
to
that
pr
right
now
to
also
enable
caching.
C
A
A
A
A
Cool
anything
else.