►
Description
Kubernetes Storage Special-Interest-Group (SIG) Object Bucket API Standup Meeting - 01 March 2021
Meeting Notes/Agenda: -
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
A
A
But
those
things
are
stabilizing
now,
and
you
know
we
can.
We
can
have
a
little
more
stable
progress
for
at
least
the
next
few
weeks.
For
instance,
srini
just
one
of
the
developers
just
changed
his
jobs,
and
so
he
was
a
little
busy
same
thing
with
rob.
Rob
has
been
working
on
the
provisional
sidecar
and
he
was
also
busy
lately.
A
Anyway,
so
things
things
are
looking,
things
are
getting
more
stable.
Now,
like
I
said
so,
first
thing
I'd
like
to
do
is
I'd
like
to
get
an
update
from
those
who
are
here
that
are
writing
code
to
figure
out
where
we
are
krish.
Can
you
can
you
go
first
and
and
kind
of
remind
me
what
you're
working
on
and
and
what's
the
progress
of
it.
A
B
A
Yeah
but
but
yeah,
no,
that
sounds
good
chris.
So
so,
if
I
understand
correctly
after
having
added
changes
to
move
to
the
new
design
of
the
apis,
both
in
spec
and
in
the
api
repo
you're
now
you
know
moving
the
other
repositories
downstream
repositories
that
use
these,
like
you
know,
api
and
spec
to
start
using
the
new
version,
correct.
A
A
C
C
D
A
D
A
A
However,
you
know,
I
would
say
we
should
go
with
which
are
the
which
are
approaches
superior
in
terms
of
flexibility
and
and
yeah
flexibility.
Really,
if
controller
controller
runtime
is
better
than
what
we
already
have
in
kubernetes
controller
manager.
Today,
then
I
would
say
we
should
use
controller
runtime,
but
I
don't
know
as
of
yet
yeah,
okay.
So
all
right,
let
let
me
quickly
see
who
else
is
here?
A
B
E
A
F
G
E
F
A
Yeah,
I'm
saying
yeah
something
like
that.
So
so,
if
someone
were
to
try
to
update
parameters
in
a
bucket
and
the
bucket
mutation
policy,
was
you
know
on
that
bucket
was
originally
said
to
deny,
then
you
know
we
should,
should
we
just
reject
the
request
in
the
admission
control
itself
or
how
should
we
do
it?
Is
there
any
benefit
to
that.
G
E
A
A
However,
even
the
mutated
thing
would
be
wrong,
like
the
mutated
bucket
values
in
that,
in
that,
in
that
bucket
object
would
be,
yeah
would
be
pointing
to
the
wrong
values
right
yeah
I
mean
I,
I
think
I
think
that's
okay
to
do
like
if
you
were
to
add
a
admission
controller
for
buckets,
not
allowing
any
updates
to
buckets
that
yeah,
just
any
updates
right
now
and
then
in
the
future.
If
you
add
mutation
policy
yeah,
we
can
make
it
granular,
yeah
yeah.
H
Yeah,
I
I
think
I'm
agreeing
with
what
you're
saying
sid,
even
if
we
don't
have
a
mutation
policy
having
a
updated
mission
controller
gives
the
user
the
air
sooner
and
maybe
the
air
will
be
cleaner,
rather
clearer,
rather
than
a
user
thinking,
they've
updated
a
vr
or
an
ad
thinking
that
she's
updated
a
bc.
You
get
a
clear
message,
saying
it's
an
immutable
resource
right
and
I
think
then
people
will
go
well.
That's
weird,
I
don't
know
why.
H
A
I
A
Right
right,
but
bucket
has
fields
that
are
that.
Are
that
are
not
you
know
there
are
not
parameters
like
like.
Let's
say
you
have
some
other
bucket
fields
like
let's,
let
me
open
that
up.
I'm
sure
there
are
fields
on
the
bucket
that
that
don't
have
anything
to
do
with
parameters,
but
those
that
update.
A
A
A
A
I
They're
immutable
right
right,
they
immutable
so
so,
but
but
but
further
than
that,
like
storage
classes
are
only
consulted
at
creation
time.
So
even
if
you
could
mutate
them,
it
wouldn't
matter
like
the
reason
they're
immutable
is
to
avoid
the
confusion
that
would
result
from
people
mutating
them
and
nothing
happening.
A
I
This
seems,
like
I
mean
I,
it
all
depends
on
if
this
is
the
correct
mechanism
for
sharing
buckets
across
namespaces,
which
I
understand
is
up
for
debate,
given
some
of
tim's
feedback,
but
assuming
this
is
the
right
way.
I
don't
see
why
it
wouldn't
be
mutable.
I
mean
things
like
the
deletion
policy
are
inherited
from
the
class
from
the
bucket
class,
but
then
they
are
mutable
typically,
because
if
the
admin
changes
his
mind,
you
know.
H
I
That's
that's
what
I
mean
yeah
so
like
so
so
with
the
with
the
snapshot.
When
you
know
you
have
a
deletion
policy
in
your
snapshot
class
and
you
take
a
snapshot
and
it
gets
the
deletion
policy
from
the
snapshot
class.
But
then,
if
you,
if
the
admin
wants
to
change
it,
he
can
because
the
admin
is
always
right
and
and
all
all
that
that
field
is
telling
you
is
what
should
I
do
when
I
delete
this
thing
right.
I
So
if
the
admin
wants
to
do
something
different,
there's
no
reason
not
to
give
him
what
he
wants.
Similarly
here,
if,
if
the
purpose
of
the
allowed
namespaces
is
so
that
some
controller
knows
what
can
bind
to
this,
if
the
admin
changes
his
mind,
I
don't
see
any
reason
to
not
give
him
what
he
wants,
because
the
alternative
is.
The
admin
has
to
just
delete
the
whole
thing
and
go
make
a
new
one,
which
is
which
he
has
the
power
to
do,
but.
I
K
F
K
J
I
A
K
A
In
protocol-
let's
say
you
know,
region
is
said
see
the
idea
is
protocol
is
supposed
to
be
the
source
of
truth
for
how
to
access
the
bucket.
Now,
if
we
say
admin
can
go
and
change
it,
one
we
might
be
allowing
them
to
do
something
that
that
you
know
cozy
got
wrong
or
they
didn't
set
initially
or
something
like
that,
but
two
that
could
also
be
a
bad
thing.
If
you
know
they
make
the
wrong
change
well,
the
way.
I
I
would
look
at
it
is
the
the
protocol
is:
is
information
that's
going
to
get
passed
through
to
pods
that
are
attached
to
this
bucket?
If
a
pod
was
attached
at
the
time
you
changed
the
protocol
like
what
is
supposed
to
happen
like?
Obviously,
you
can't
go
muck
with
a
pod.
That
is
running
at
least
I
I
think
you
can't
yeah
so
like
that
would
be
a
good
reason
to
say.
I
Okay,
you
can't
change
the
protocol,
because,
if
there's
any
pods
that
are
using
it
like
your
changes
will
not
be
reflected
in
those
pods,
and
so
it's
easier
just
to
disallow
mutation
of
the
field
and
say
look.
This
is
a
once
and
done
field,
and
if,
if
you
want
something
different,
you
basically
need
to
go,
create
a
new
bucket
and
attach
your
new
pods
to
the
new
bucket
and
then
they'll
get
the
new
values
and
that
cleans
up
any
confusion
around
what
to
do
about
existing
pods.
Okay,.
A
A
K
A
In
the
sense
that
you
could
have
one
bucket
that's
accessed
by
different
applications,
so
let's
say
you
have
one
application
which
which
mounts
the
bucket,
which
gets
all
the
bucket
information,
and
then
the
admin
goes
and
changes
something
in
the
protocol
and
then
a
second
application
requests.
This,
you
know,
gets
access
to
the
same
bucket.
In
that
case,
the
question
is
one:
should
we
even
allow
the
admin
to
make
such
a
change
or
anyone
to
make
that
change
in
the
protocol
or
two.
K
Think
we
need
to
be
careful.
We
actually
just
run
into
a
bug
the
access
mode
in
the
pv
pvc,
so
we
found
out
that
so
in
pvc,
you
are
not
allowed
to
change
the
access
mode.
However,
in
pve
you
are
actually
allowed
to
change
pv
access
mode.
Not
only
that,
I
have
to
change
that.
The
access
node
in
pvc
is
also
changed.
So
now
that
becomes
a
bug.
A
K
I
I
Fair
enough,
my
inclination
is
to
follow
the
pvc
pv
model
if,
if
pvs
are
generally
mutable
in
terms
of
the
the
low
level
like
csi
information
that
comes
back
from
the
csi
driver,
then
then
we
could
copy
that.
But
if
they're
not,
then
we
would
probably
want
to
copy
that
behavior
because
yeah
it's
it's
complicated,
I
mean.
If
we
did
allow
it
to
change,
then
it
would
have
all
the
problems.
You
just
mentioned
that
it
would
only
affect
new
pods
and
the
old
pods
would
get
the
old
values
et
cetera.
K
K
I
K
K
K
I
We
don't
want
users
to
think
that,
like
mutating
the
the
protocol
in
the
bucket
would
actually
make
anything
happen
right
like
we
would
need
to
be
very
clear
about
you
know.
This
is
just
this
is
set
by
the
controller.
You
can
change
it,
but
if
you
change
it
to
the
wrong
values,
all
bets
are
off
right.
It's
it's
on
you
because
you
screwed
up
your
bucket,
but
there
are
situations
where,
like
due
to
you,
know
software
upgrades
and
new
revisions
of
this
of
the
cozy
driver.
A
F
K
Existing
pv
design-
I
think
that's
a
problem
they
assume
adam,
can
knows
everything
we
found
again
again
in
customers.
Environment.
That's
not
true,
a
lot
of
bugs
open
because
because
actually
the
customers
actually
have
access
to
those.
You
know
me
no
name
space
object,
they
change
it
and
I
mean
mistakes.
They
didn't
know
that.
I
And
that's
that's
always
a
problem
with
usability
and
support,
but
like
in
kubernetes
in
general,
we
try
to
just
say
you
know:
here's
the
api
use
use
it
the
way
that
we
documented
and
everything
will
go
right
and
if
you
go
off
on
you
know
and
try
to
cook
up
your
own
solution
or
hack
on
stuff
that
you're
not
supposed
to
hack
on.
We
don't
promise
that
it'll
work
right,
yeah.
A
And-
and
you
know,
if
usability
is,
I
mean
we,
we
I
mean,
as
as
the
developers
of
the
kubernetes
platform
itself,
I
think
we
should
we
should
design
for
maximum
flexibility
rather
than
usability,
and
I'm
coming
from
a
very
like
vendor
perspective,
saying
that
usability
is
should
be
something
that
that
vendors
figure
out
I
mean
vendors
can
write
controllers
to
make
this
more
usable.
They
could
add
whatever
admission
controllers
they
wanted,
but
we
would
provide
maximum
flexibility.
I
I
I
Yeah,
I
don't
want
to
take
a
hard
stand,
one
way
or
the
other
yeah
like
like
like
I.
If
it
was
mutable,
we
would
just
have
to
document
that
like
look,
this
is
you
know
if
you
change
it,
it's
not
going
to
affect
any
existing
pods,
etc,
and
if
you
make
it
immutable,
then
we
just
have
to
live
with
the
fact
that
the
only
workaround
for
when
it
has
the
wrong
values.
People
are
going
to
be
deleting
these
things
and
recreating
them
with
new
values.
A
A
Yeah
that
sounds
pretty
bad.
To
be
honest,
like
let's
say
you
know,
we
got,
we
got
the
region
wrong
or
something-
and
you
know
some
so
so,
for
instance,
state
for
instance,
okay.
So
this
I
think
we
should
leave
it
mutable.
I
just
thought
of
a
use
case
where
that
might
be
needed,
so
so
say.
For
instance,
you
are
migrating
from
one
cluster
to
another,
and
then
you
migrate,
the
bucket
request,
which
is
not
the
bucket
itself
and
one
cluster
is
on
the
cloud.
A
A
K
What
I
thought
I
think
it's
actually,
I
think
it's
it's
better
to
start
with
immutable.
So
I'm
like
opposite
with
what
they're
saying,
unless,
if
those
changes
are
like
retaining
policy
that
I
agree,
you
don't
really
have
to
go
check
and
then
and
then
the
allow
allow
namespace,
I
think,
seems
to
be
finding
the
protocol.
If
those
things
you
might
need
to
go
check,
if
your
underlying
object
logic
can
support
it
or
not
those
type
of
things,
I
think
it's
dangerous
to
just
allow
them
to
change.
A
A
I
And
to
be
clear,
though,
the
way
that
you
get
things
wrong
is,
if
you
have
like
an
old
version
of
all
these
values,
come
from
the
cozy
plugin,
so
you'd
have
to
have
a
buggy,
cozy
plug-in
or
a
cozy
plug-in.
That
was
missing
some
important
feature
in
order
to
get
incorrect
values
and
we
don't
have
control
of
the
plugin,
though
so.
A
I
A
A
I
I
K
A
I
A
A
E
I
K
K
Because
I
know
there
are
some
fields
like
the:
I
think
there
is
some
some
node
affinity
thing.
I
know
that
is
actually
we
would
like
that
to
be
a
mutable,
but
then
that
is
actually
immutable
or
something
so
I
know
that
it's
a
different
depending
on
which
field
you're
looking
at
basically
now.
This
one
is
immutable
because
we
already
tested
this
one,
but
then
we
have
this
problem
that.
K
Like
the
node
affinity,
that
one
is
immutable
that
one
you
know
so
so
some
of
those
are
mutable.
Some
are
immutable
yeah,
this
one
is.
We
actually
hope
this
one
can
be
changed,
but
then
this
one
is
actually
immutable,
so
yeah
so
yeah,
so
it
can
go
yeah.
The
problem
can
go
both
ways
so,
depending
on
so
you
probably
really
need
to
look
at
exactly.
K
I
A
I
A
I
I
I
A
K
F
K
A
F
A
A
A
Yeah,
so
you
can,
you
can
have
custom
tags
whatever
color
blue
yeah,
so
you
know
we
can
quickly.
Like
you
said
we
will
have
the
admission
controller,
see
what
fields
are
coming
in
and
if
the
struct
tag
for
that
field
is
you
know
immutable,
then
we
don't
allow
it
automated
and
clean
and
we'll
know
it
works.
Every
time
sounds
good
like
what
do
you
all
think.
I
A
Yeah
I
I
yeah.
I
have
that
same
suspicion
too,
but
again,
the
the
cost
of
you
know
getting
mutability
wrong
or
getting
the
changes
wrong
is
very
high.
If
you
ask
me,
that's
the
reason
I
want
to
make
it
immutable
actually
like
if
this
field
is
changed
in
one
copy
of
the
bucket,
but
not
in
the
others,
and
and
you
want
to
change
it
back
or
something
it
gets
tricky.
A
A
A
That
access
there
could
be
some
scenario
where
they
might
want
to
know
if
it's
publicly
well,
I
don't
think
that
this
is
the
best
way
to
give
it
to
them.
Any
yes,
yeah,
no
fair
enough!
What
about?
Why
should
we
in
parameters
now,
because
earlier
we
had
a,
I
mean
this?
Is
we
had
this
pretty
restrictive
definition
of
parameters
which
is
fields
that
apply
to
bucket
creation
that
are
that
are
render
specific.
I
E
A
K
K
A
J
K
H
H
Remove
these
things,
this
discussion
is
sort
of
a
repeat
of
earlier
ones,
and
earlier,
when
we
said
allowed,
namespaces
is,
I
mean,
excuse
me
anonymous
the
anonymous
month.
Access
mode
was,
should
not
be
a
first-class
field
in
the
api
and
as
part
of
my
kept
pr,
I
have
taken
that
out
and
there
were
similar
things
like
default
for
a
bucket
class
as
a
first
class
field.
The
feedback
from
tim's
review
is
that
we
should
do
what
is
done
for
storage
classes
and
make
it
an
annotation
rather
than
a
first
class
field.
H
H
No
that's
a
new
one,
but
I'm
happy
to
add.
I
mean
that
would
be
a
good
place
to
collect
feedbacks
in
a
public
setting
where,
for
instance,
then
you
could
read
the
pr
and
add
your
comments
on
the
changes,
but
then
also
add
a
comment
that
hey:
why
isn't
version
just
like
anonymous
access
mode
if
you're
getting
rid
of
anonymous
access,
get
rid
of
version?
You
know
things
like
that
would
be
useful.
A
Right
yeah,
that
was
my
point
of
view
to
asking
everyone
so
so
shin
I'll,
give
you
some
background
on
what
this
version
field
was
thought
of
originally
and
why
it
doesn't
make
sense
anymore.
So
originally
we
thought
the
version
would
be
like
like
so,
for
instance,
with
with
aws
api,
we
have
a
date
as
a
version
like
2011,
something
something
and
that
version,
even
though
it's
not
passed
in
through
any
of
the
calls
to
aws
itself.
J
I
C
G
K
I
Okay,
so
so
the
yeah,
the
protocol
version
or
sorry,
the
signature
version
is
absolutely
necessary
and
because
today
we
have
s3
v2
and
s3
v4,
and
we
don't
know
if
there
will
ever
be
an
s3v5.
But
if
there
was,
you
definitely
need
to
know
about
it
right,
yeah.
You
need
nobody
to
make
every
call
yeah
yeah.
You
need
something.
A
K
H
I
A
F
I
F
J
I
I
Okay
yeah,
so
so
initially,
this
was
the
version
that
was
suggested
we
put
in
the
top
level
version
at
the
top
level
of
the
protocol.
Something
like
that
and-
and
I
never
saw
the
point
in
that
so
I
agree-
I
would
be
happy
to
remove
it
and
and
if
and
if
jeff
wants
me
to
write
that
in
the
in
the
cap,
I'm
happy
to
put
that
feedback
there,
but
yeah.
I
A
All
the
application
could
use
is
the
actual
protocol
like
signature
version,
but
more
than
that
yeah
all
right,
so
yeah
yeah.
I
think
I
think
we
are
more
or
less
in
agreement
me
and
you
ben
jeff,
you
you,
you
didn't,
give
us
a
response
for
what
you
thought.
So
you
said
we
could
comment
on
the
cap.
But
what
do
you
think
about
removing
version?
A
H
I
H
I
F
I
B
I
A
A
A
I
K
I
Well,
the
idea
was
that
maybe
every
protocol
would
have
something
like
an
s3
version,
so
put
the
common
stuff
up
here,
but
yeah.
I
think
we
can
not
do
that.
I
don't
know
if
you
can
make
the
same
argument
about
the
name
field
I
mean.
Obviously
we
need
the
oh.
No
I
see
the
name
field
is
your.
Is
your
structure?
I
A
H
I
Yeah,
I
absolutely
agree
that
it's
more
searchable,
there's
more
history.
You
know
no
one
wants
to
go,
read
or
listen
to
hours
of
meetings
on
youtube
that
have
been
recorded.
So
so
I
I
don't
disagree
there,
but
there
has
to
be
a
balance,
though,
because
this
is
this
is
higher
bandwidth
than
github
reviews
by
a
long
shot,
yeah.
A
Yeah,
I
think,
for
major
things.
You
know
like
api
changes.
I
think
it's
it's,
it's
good
to
write
it
down
and
think,
but
other
things
I
guess
we
don't.
We
don't
need
to
necessarily
write
everything
down
for
this
version
field.
Let's,
let's
just
write
it
down
and
just
up
you
know
make
a
comment
on
the
cap.
That
should
be
good
enough.
K
A
J
I
A
Yeah,
these
are
absolutely
new,
yes,
and-
and
you
know
some
people
might
say,
the
region
is
a
part
of
the
endpoint.
That's
not
necessarily
true
especially
say.
The
end
point
is
like
the
gov
cloud
in
you
know:
aws
it's
a
single
endpoint,
but
then
the
region
can
be
any
one
of
the
many
regions
it
supports,
rather
than
the
general
aws.amazon.com.
I
A
A
I
I
I
guess
the
problem
would
be
if
there
were,
if
there
were
clients
that
couldn't
support
http
or
clients
that
couldn't
support
any
a
port
other
than
443,
then
supplying
those
things
here
would
break
those
clients.
Wait.
How
so
I
mean
if
the
client
hard
codes,
port,
443,
and
then
this
thing
tells
you
it's
running
on
a
different
port.
What
are
you
going
to.
F
I
That's
that's
not
cozy's
problem,
though
right
right,
I'm
just
saying
like
should
we
you
know
the
consumer
of
this
information
is
an
object,
storage,
client
and
if,
if
object,
storage,
clients
have
made
a
choice
not
to
support
something.
Maybe
we
should
ask
why?
But
but
if
everyone
supports
http
and
non-standard
ports,
then
then
it's
perfectly
reasonable
thing
to
allow.
In
general
I
mean
amazon
doesn't
support
non-standard
ports,
but
it's
amazon.
A
F
D
D
A
Yeah,
so
so
yeah,
that's
those
are
the
plan
to
choose.
So
if
both
are
supported,
that
means
s3v4,
so
the
s3
v2
signature
was
easily.
I
believe
you
know
people
could
you
know
without
knowing
what
the
actual
key
was
you
could
you
could
actually
end
up
signing
it,
so
paul's
client
could
pretend
to
be
a
valid
client
and
s34
is
a
new
version
and
at
the
point
both
are
supported
to
allow
clients
to
migrate
over
from
one
to
the
other.