►
From YouTube: Secrets Store CSI Community Meeting - 2021-09-16
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
everyone
welcome
to
the
csi
secret
store
community
call.
Today
is
the
september
16
2021..
This
call
falls
under
the
cncf
code
of
conduct
and
will
be
recorded
and
published
to
youtube.
Please
add
your
name
to
the
attendees
list
and
I
will
be
moderating
the
call.
Does
anyone.
B
A
B
Can
you
open
the
first
one?
Actually,
this
is
one
of
the
pr
that
one
of
our
community
user
has
created
and
there
is
a
comment
on
it
actually
tommy.
I
wanted
to
check
with
you
I
I
did
not
get
that
to
be
honest,
so
if
we
can
just
take
a
look
at
it,
so
the
pr
was
this
is.
I
was
discussing
with
anish
like
a
while
back.
B
So
the
thing
is
the
the
flag
that
we
have
right,
matrix,
matrix
address.
That
has
like
some
format
like
colon
and
then
the
port
number
and
the
way
I
was
thinking
it
is
why
user
has
to
think.
Like
you
know
they
have
to
give
in
a
specific
format
and
things
like
that.
So
when
we
support,
we
can
just
ask
for
a
number
and
then
we
can
format
it
the
way
we
want
or
where
the
matrix,
the
matrix
provider
that
we
are
using
wants
behind
the
scene.
B
So
that
was
the
intention
behind
this
appear,
and
here
like
at
that
915.
I
think
we
are
just
doing
that.
We
are
just
formatting
it
with
the
colon
and
whatever
integer
or
string.
We
will
receive
as
a
port
number.
So
that's
the
idea.
D
All
right-
yes,
sorry,
I
missed
this,
so
the
the
difference
there
is
that
the
the
controller
manager
takes
a
binding
address
which,
like
a
process,
may
be
running
on
a
machine
with
multiple
interfaces
so
like
specifically
in
kubernetes,
it's
usually
like
the
loopback
interface
or,
if
I
think,
there's
usually
binding
to
like
the
0.0.0.0
interfaces
like
all
interfaces.
D
So
it's
a
way
of
like
controlling
when
you're
listening
for
incoming
connections,
like
which
network
interfaces
to
to
listen
on
so
by
removing
or
like
forcing
it
to
be
colon,
a
port
that
removes
the
ability
to
configure
or
granule
granularly,
which
interfaces
to
listen
on
so
and
that's
my
my
second
comment,
my
first
one
is
like:
if
we
wanna
only
accept
a
port,
the
flag
name
should
should
say
port
address.
D
Since
it's
a
common
like
like
there
are
a
number
of
applications
that
do
that,
but
it
can
be
confusing
if
they're,
the
naming
isn't
like
consistent
around
whether
or
not
the
configuration
should
be
a
port
or
an
address.
So
that's
the
first
one.
The
second
one
is,
I
think
it
probably
like.
D
I'm
not
sure
if
it
makes
sense
in
the
context
of
I'm
not
sure
how
often
you
would
really
be
configuring
different
interfaces
for
these
metrics,
so
you
know
we
might
be
able
to
do
just
the
port,
but
that's
the
that
was
the
the
motivation
behind
my
my
comment.
There.
That
makes
sense.
B
Yeah,
I
I
get
it
now.
Yeah
I
mean
the
the
my
idea
was
behind.
That
is
like
why
we
want
to
confuse
users
with
this,
or
maybe
I'm
wrong
and
user
is
not
confused,
but
I
mean,
let
me
know
if
that's
the
case,
but
the
the
intention
is
like,
instead
of
forcing
user,
to
think
like
all
these
things,
we
can
just
say
hey,
and
this
is
we
are
using
just
for
the
matrix.
So
we
can
just
say
your
matrix
will
be.
B
This
matrix
will
be
available
at
dashboard.
Give
us
the
port
number
if
you
want-
or
this
will
be
a
default
port,
something
like
that.
C
D
Yeah,
so
with
it,
I
think
if
you
entered
in
like
127.0.0.1.
D
Colon
port
number,
then
that
would
be
on
the
like
loopback
network
interface,
for
that
pod,
so
only
like
other
containers
within
that
pod
could
access
like
could
talk
over
like
to
could
reach
that
network
port.
Other
processes,
like
on
other
pods
on
the
same
node,
wouldn't
be
able
to
get
to
it
and,
like
an
outside
user,
wouldn't
be
able
to
get
to
the
port.
D
When
you
use
0.0.0.0
colonopol
port
number-
or
this
is,
I
think,
a
shorthand
for
0.0,
where
it's
just
colon
and
then
the
port
number,
it
will
listen
on
all
interfaces,
so
that
will
be
like.
Even
if
the
pod
is
exposing
a
service
or
exposing
a
port,
then
then
it
would
be
reachable
on
that
and
like
a
motivation
to
only
do
like
the
127
or
the
loopback,
it's
like.
D
Sometimes
you
might
have
handlers
on
your
port
to
like
kill
the
process
or
restart
it
or
you
know,
do
something
that's
more
privileged,
and
so
you
don't
want
to
expose
that
to
you
know
the
actual
network,
but
you
might
want
you
know
other
things
within
the
same
same
interface,
to
be
able
to
reach
that
so.
C
D
It
because
it
removes
some
flexibility
on
configuring,
your
pod,
because
you
can
no
longer
specify
just
interfaces
right
like
we
are
choosing
for
the
user,
that
it
will
always
be
the
you
know,
all
interfaces,
this
port
on
all
interfaces
and
then
separately.
It's
that
the
flack
name.
If
it
is
not
a
full
address,
that's
defined.
If
it's
just
a
port
number,
then
the
flag
should
reflect
that
and
be
a
number
and
named
port.
C
D
I
mean
yeah
yeah.
We
could
do
something
like
that.
Just
add
a
separate
flag
and
then
have
some
logic
around
like
building
the
metrics
adder.
If
it's
not
set
before
this
set
like
I.
B
Okay,
I
think,
if
I
may,
let
me
take
a
step
back
actually
and
ask
this
question
the
I
think
creating
two
flags
to
me.
Like
again,
it
will
create
unnecessary
conclusion.
So
let
me
step
back
and
ask
this
question
whether
the
line
in
which
I
was
thinking
makes
sense,
or
first
of
all
like
I
was
thinking
that
the
reason
behind
this
change
I
was
thinking
is
to
simplify
it
for
the
user.
A
Yeah,
I
think
this
initially
come
up,
because
there
was
a
requirement
to
expose
this
port
on
the
helm
chart
right,
so
they
were
wondering
how
can
they
expose
it?
And
then
this
being
an
address,
we
had
to
do
all
the
templating
foo
and
chats
to
make
this
work
and,
like
I
think
that
was
one
of
the
motivating
factors
for
having
something
just
be
a
port
rather
than
an
address
right.
B
A
If
we
say
this
is
what
we're
going
to
bind
to
and
that
works
like
where
we
don't
give
a
lot
of
flexibility
to
user,
but
on
the
other
hand,
for
some
reason,
if
the
driver
runs
on
post
network
or
something
and
if
by
default
we
decide
to
just
bind
on
everything,
then
we
will
be
binding
on
the
node,
ip
and
the
local
host
and
then
the
default
loopback
right
and
then
binding
on
the
node
ip
means.
A
Basically,
the
driver
is
exposed
on
the
node
and
there
is
no
way
we
are
restricting
users
from
deploying
on
host
network
today.
So
if
they
do
deploy
on
host
network
and
if
they
see
that
this
is
being
bound
to
the
node
ip,
they
at
least
with
metrics
address,
I
think
they
probably
have
the
flexibility
to
go
and
say
instead
just
listen
on
localhost
and
8095,
which
they
can
do
today.
So
maybe,
if
we
do
remove
that,
it
makes
it
difficult
for
them
to
configure
that
at
all
in
the
future.
B
Makes
sense?
Okay,
then
I
think
we
can
just
then
live
the
way.
It
is
considering
these
other
factors
and
we
anyways
have
like
a
simple
built-in
helper
function
in
the
helm
chart.
So
we
are
really.
D
Yeah,
so
I
missed
the
the
original
like
issue
on
the
helm
chart,
so
I
don't
have
that
that
context,
but.
D
We
we
should
make
it
easy
for
the
users.
If
this
is
a
point
of
confusion,
then
like
we
should
do
something,
but.
B
Yeah
yeah,
I
mean
for
health
check,
we
sort
of
added
this
the
one-
and
this
highlighted
right.
We
we
have
that
fix
in
place.
So
there
is,
there
is
no
problem
there.
B
So
I
think
that's
what
I'm
saying
so
hearing
this
other
context
around
loopbacks
and
other
things.
I
think
I
think
it's
okay,
then
we
can
leave
it,
as
is.
A
B
Yeah
I'm
just
want
to
follow
up
like
we
are
good
for
the
azure
and
gcps
I
mean
we
did
validate
for
that,
so
for
walt
and
aws.
If
somebody
can
validate,
we
can
close
this
out.
A
Yeah
I
already
pinged
tom
and
chris,
so
maybe
yeah.
We
can
again
reach
out
to
them
on
slack,
so
we
can
close
it
this
week.
I.
B
Think
I
mean
I
reminded
yesterday
on
our
thread
that
is
going
on:
well
try
to
paint
them
individually
and
see.
A
A
Okay,
yeah,
there
were
only
two
items,
but
an
item
that
is
not
on
the
agenda,
so
I
think
we
have
been.
We
have
all
the
issues
from
the
stable
milestone
that
we
have
worked
on
already,
so
the
pending
tube
was
the
kep
and
the
prr
which
we
already
have
a
pr
for.
B
A
B
Right
so
so
that
means,
if
we
want
to
wait
for
it,
then,
but
we'll
not
know
right
when
that
will
be
completed,
I
mean
what
I'm
trying
to
face.
I
think
other
things
are
in
place,
so
I
personally
think
we
can
go
for
the
next
week
what
what
what
other
things
and
if,
if
we
are
go,
and
if
we
want
to
wait
for
cape,
we
also
don't
know
when
the
cape
will
be
reviewed
by
next
monday.
B
E
Hey
folks,
I
I
think
ideally
like,
wouldn't
it
make
sense
to
wait
for
the
cap,
because
then
there's
less
confusion
for
the
users
right
like
when
they
look
at
1.0.
It
means
something
otherwise
you'll
be
like
well,
actually,
one
dot.
Something
is
the
one
that's
officially
stable.
D
I
reluctantly
agree
with
rita
that
we
should
probably
wait
on
at
least
an
initial
review
of
it
like.
E
E
So,
looking
at
this
milestone
list
it
so
most
of
the
it
seems
like
most
of
it
is
waiting
on
the
cab
and
I
guess
docs
right
box
enhancements.
A
F
Okay
gotcha
sounds
like
even
like
the
rc,
and
then
this
table
might
even
be
the
same
release.
If
there's
no
other
right
code
fixes
there
yeah.
A
Yeah,
the
only
last
pending
thing
that
we
have
to
merge
is
basically
updating
the
liveness
probe
timeout
for
windows
and
then
the
resource
limits.
So
we
made
the
changes
and
we're
just
waiting
for
sign
off
from
sig
windows
on
the
new
limits,
but
yeah
apart
from
that
there'll
be
no
code
changes,
so
rc
and
1.0
will
probably
be
the
same.
E
I
think
I
saw
one
issue
that
somebody
reported
on
stock.
I
think
I
know
you
responded
to
it,
something
with
the
race
condition,
with
yeah.
A
A
Yeah
this
is
an
interesting
scenario
where,
if
you're
using
a
stateful
set-
and
then
the
stateful
said
pod
names
are
deterministic
right,
so
they
have
no
uid
appended
on
top
of
the
part
name,
and
if
the
pod
moves
from
node
one
to
node
two
because
of
some
you
know
scaled
down
event
or
something.
And
then
if
the
secret
provider
class
pod
status
has
not
yet
been
darwich
collected,
then
we
still
need
to
update
that
existing
secret
provider
class
part
status
so
that
it
reflects
the
new
part
as
the
owner.