►
Description
Kubernetes Storage Special-Interest-Group (SIG) Object Bucket API Standup Meeting - 01 March 2021
Meeting Notes/Agenda: -
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
A
I
think
we've
gotten
most
of
our
recordings
anyways
good
good
morning,
everyone
so
today,
I'd
like
to
start
off
with
just
trying
to
understand
where
we
are
in
terms
of
our
development
milestones
and
after
that,
let's
go
into
one
of
the
one
of
the
questions,
one
of
the
open
questions
we
had
that
we
kind
of
the
we
ended
on
the
question
last
thursday,
so
I
want
to
bring
that
back
up
and
and
see
what
what
solution
we
end
up
with.
A
For
that
one
question
all
right,
so
so
in
terms
of
milestones
I'll
quickly
go
over
what
the
milestone
is,
then
I
have
a
few
questions
for
some
of
you
here,
so
we
originally
wanted
our
milestone
to
be
a
demo,
and
the
demo
was
supposed
to
include
an
end-to-end
scenario
so
that
all
the
different
components
are
worked
on
entering
scenario
of
provisioning,
a
bucket,
creating
access
tokens
for
that
bucket
and
then
providing
the
access
tokens
and
the
bucket
information
to
a
part.
A
So
we
have
a
working
version
of
this
nav.
However,
that
was
based
on
earlier
designs
of
cozy
itself.
A
After
we
finished
implementing
that
we,
you
know
had
some
more
discussions
about
how
cozy
should
be
designed
and
and
some
changes
were
made,
so
we
are
yet
to
create
a
new
working
version
with
the
new
design,
because
because
we,
you
know,
we've
been
waiting
for
some
ps
to
get
merged
and
and
people
have
been
transitioning
in
and
out
of
how
much
time
they
can
spend
on
cosy.
A
But
those
things
are
stabilizing
now,
and
you
know
we
can.
We
can
have
a
little
more
stable
progress
for
at
least
the
next
few
weeks.
For
instance,
srini
just
one
of
the
developers
just
changed
his
jobs,
and
so
he
was
a
little
busy
same
thing
with
rob.
Rob
has
been
working
on
the
provisional
sidecar
and
he
was
also
busy
lately.
A
Anyway,
so
things
things
are
looking,
things
are
getting
more
stable.
Now,
like
I
said
so,
first
thing
I'd
like
to
do
is
I'd
like
to
get
an
update
from
those
who
are
here
that
are
writing
code
to
figure
out
where
we
are
krish.
Can
you
can
you
go
first
and
and
kind
of
remind
me
what
you're
working
on
and
and
what's
the
progress
of
it.
B
Yeah
so
over
the
last
week,
I've
been
working
on
some
changes
to
the
spec
api,
as
well
as
the
csi
driver,
csi
adapter,
and
so
you
know
with
the
spec.
B
I
added
some
logic
for
faking,
the
client
for
the
grpc
server,
and
this
is
required
in
order
to
facilitate
testing
in
the
sidecar,
and
so
there
was
some
cogen
there,
but
that
was
pretty
pretty
straightforward
and
so
more
recently
I've
just
been
adding
some
more
utility
methods
in
the
api,
as
well
as
better
logging
and
some
minor
design
refactoring
in
the
csi
adapter.
A
Right
right,
so
once
we
do
that,
we
should
have
well.
You
know
code
that
is
untested,
but
it's
supposed
to
work
with
the
new
design,
correct.
A
When
I
say
untested,
I
mean
end
to
end
untested.
B
A
Yeah
but
but
yeah,
no,
that
sounds
good
chris.
So
so,
if
I
understand
correctly
after
having
added
changes
to
move
to
the
new
design
of
the
apis,
both
in
spec
and
in
the
api
repo
you're
now
you
know
moving
the
other
repositories
downstream
repositories
that
use
these,
like
you
know,
api
and
spec
to
start
using
the
new
version,
correct.
A
Sounds
good
all
right,
so
blaine
is
here
today,
hi
blaine.
How
are
you
I'm?
Okay
thanks.
I
know
you
said
if
you
get
a
chance,
you
might
be
able
to
work
on
the
the
you
know.
A
The
controller
design
maybe
take
a
look
at
it
and
you
know
make
changes
or
bless
it
as
it's.
Okay,
did
you
get
a
chance
to
look
at
it.
C
C
Maybe
you
had
already
finished
it,
but
yeah
yeah
using
it.
The
controller
runtime
might
help
with
just
having
a
little
bit
less
code.
To
maintain
true
true,
if.
D
I
why
the
guys
thinking
I
I
could
consider
bringing
up
using
controller
runtime
as
well.
I
was
wondering
back
then,
whether
or
not
that
may
impact
inclusion
of
the
controller
code
in
kubernetes
core
controller
manager
at
some
point
in
time.
D
So
the
intent
is
still
to
have
the
cozy
controller
being
part
of
kubernetes
core
right
now,
that's
something
you
need
to
install
in
the
cluster
right,
so
I
I
was
wondering
to
which
extent
using
control
controller
runtime
could
prevent
the
code
that
is
currently
written
to
be
merged
into
controller
manager
or
is
controller
manager
nowadays
using
controller
runtime
as
well.
A
Manager
does
not
use
control
runtime
when,
when
we
say
we
want
to
be
a
part
of
upstream
kubernetes,
it
would
still
be
a
separate
component
that
gets
you
know
released
along
with
kubernetes.
However,
it's
not
going
to
be
a
part
of
the
core
repo,
except
for
the
cubelet.
A
Yeah,
because
there
is
really
no
need
for
it.
I
agree:
yeah,
okay,.
A
A
A
However,
you
know,
I
would
say
we
should
go
with
which
are
the
which
are
approaches
superior
in
terms
of
flexibility
and
and
yeah
flexibility.
Really,
if
controller
controller
runtime
is
better
than
what
we
already
have
in
kubernetes
controller
manager.
Today,
then
I
would
say
we
should
use
controller
runtime,
but
I
don't
know
as
of
yet
yeah,
okay.
So
all
right,
let
let
me
quickly
see
who
else
is
here?
A
Srini
is
here
hi
sweeney?
How
are
you
hi
good
morning
good
morning?
Did
you
so
you
were
working
on
the
csi
adapter
right?
I
started.
B
E
Yeah
the
delete
you
remember
that
we
had
those
finalizers
for
the
for
the
delete,
so
I
added
the
finalizers
that
pr
I
needed
to
update
because
the
spec
has
changed.
So
I
update
it.
That
part
is
done.
E
The
pr
still
needs
to
be
reviewed,
but
I
my
plan
is
to
get
the
admission
controller
prn
and
then
there
is
one
more
task
on
the
central
controller
that.
A
E
One
is
the
admission
controller
piece
that
needs
to
go
in
and
then
the
eta
test.
Oh.
F
G
E
Yeah,
this
is
a
basic
check
for
the
bucket
class
default
bucket
shelf,
so
tell
them
that
that
can
be,
then
anything
can
be
added
once
we
have
that
in
place.
Okay,.
A
So
so
I
have
a
question
here
about
the
ignition
controls
because
you've
been
thinking
about
it
and
do
we
want
to
prevent
updates
on
buckets
unless
bucket
mutation
policy
is
set
to
allow
I
mean
we
don't
have
the
concept
of
bucket
mutation
policy
yet,
but
just
a
theoretical
question
at
this
point.
F
A
Yeah,
I'm
saying
yeah
something
like
that.
So
so,
if
someone
were
to
try
to
update
parameters
in
a
bucket
and
the
bucket
mutation
policy,
was
you
know
on
that
bucket
was
originally
said
to
deny,
then
you
know
we
should,
should
we
just
reject
the
request
in
the
admission
control
itself
or
how
should
we
do
it?
Is
there
any
benefit
to
that.
G
E
We
do
not
yeah,
we
do
not
have
a
any
good
way
of
indicating
to
the
user
that
this
is
not
allowed
right.
I
mean
having.
A
A
However,
even
the
mutated
thing
would
be
wrong,
like
the
mutated
bucket
values
in
that,
in
that,
in
that
bucket
object
would
be,
yeah
would
be
pointing
to
the
wrong
values
right
yeah
I
mean
I,
I
think
I
think
that's
okay
to
do
like
if
you
were
to
add
a
admission
controller
for
buckets,
not
allowing
any
updates
to
buckets
that
yeah,
just
any
updates
right
now
and
then
in
the
future.
If
you
add
mutation
policy
yeah,
we
can
make
it
granular,
yeah
yeah.
H
Yeah,
I
I
think
I'm
agreeing
with
what
you're
saying
sid,
even
if
we
don't
have
a
mutation
policy
having
a
updated
mission
controller
gives
the
user
the
air
sooner
and
maybe
the
air
will
be
cleaner,
rather
clearer,
rather
than
a
user
thinking,
they've
updated
a
vr
or
an
ad
thinking
that
she's
updated
a
bc.
You
get
a
clear
message,
saying
it's
an
immutable
resource
right
and
I
think
then
people
will
go
well.
That's
weird,
I
don't
know
why.
H
A
I
A
Right
right,
but
bucket
has
fields
that
are
that.
Are
that
are
not
you
know
there
are
not
parameters
like
like.
Let's
say
you
have
some
other
bucket
fields
like
let's,
let
me
open
that
up.
I'm
sure
there
are
fields
on
the
bucket
that
that
don't
have
anything
to
do
with
parameters,
but
those
that
update.
A
That
is
absolutely
important
to
have,
because
you
know,
given
that
we've
said
you
know
we're
not
going
to
deal
with
fields
that
kubernetes
doesn't
care
about.
Why
should
we
have
those
fields,
yeah.
A
I
mean
stuff
like
allowed,
namespaces
see
okay,
so
yes,
one.
Let's
remove
feels
that
that
you
know
we
represent
like
anonymous
access
mode,
but
really
we
don't
care
about.
I
agree
we
should
remove
them,
but
coming
into
stuff
like
allowed
namespaces,
we
shouldn't
allow
people
to
update
this
value.
A
I
mean
in
the
sense,
if
they
either
we
say
that
if
they
update
it,
it's
it's
your
problem.
You've
said
it
wrong
or
we
should
just
you
know,
disallow
it
by
having
an
admission
controller
that
just
doesn't
allow
updates
to
this.
A
I
They're
immutable
right
right,
they
immutable
so
so,
but
but
but
further
than
that,
like
storage
classes
are
only
consulted
at
creation
time.
So
even
if
you
could
mutate
them,
it
wouldn't
matter
like
the
reason
they're
immutable
is
to
avoid
the
confusion
that
would
result
from
people
mutating
them
and
nothing
happening.
A
Fair
fair,
so
so,
in
this
case,
allowed
namespace
is
brought
in
from
the
bucket
class
and
let
you
know
once
it
is
set
on
the
bucket.
If
someone
were
to
go
and
update
it,
what
should
I?
What
should
our
response
be?
Should
we
so.
I
This
seems,
like
I
mean
I,
it
all
depends
on
if
this
is
the
correct
mechanism
for
sharing
buckets
across
namespaces,
which
I
understand
is
up
for
debate,
given
some
of
tim's
feedback,
but
assuming
this
is
the
right
way.
I
don't
see
why
it
wouldn't
be
mutable.
I
mean
things
like
the
deletion
policy
are
inherited
from
the
class
from
the
bucket
class,
but
then
they
are
mutable
typically,
because
if
the
admin
changes
his
mind,
you
know.
H
I
That's
that's
what
I
mean
yeah
so
like
so
so
with
the
with
the
snapshot.
When
you
know
you
have
a
deletion
policy
in
your
snapshot
class
and
you
take
a
snapshot
and
it
gets
the
deletion
policy
from
the
snapshot
class.
But
then,
if
you,
if
the
admin
wants
to
change
it,
he
can
because
the
admin
is
always
right
and
and
all
all
that
that
field
is
telling
you
is
what
should
I
do
when
I
delete
this
thing
right.
I
So
if
the
admin
wants
to
do
something
different,
there's
no
reason
not
to
give
him
what
he
wants.
Similarly
here,
if,
if
the
purpose
of
the
allowed
namespaces
is
so
that
some
controller
knows
what
can
bind
to
this,
if
the
admin
changes
his
mind,
I
don't
see
any
reason
to
not
give
him
what
he
wants,
because
the
alternative
is.
The
admin
has
to
just
delete
the
whole
thing
and
go
make
a
new
one,
which
is
which
he
has
the
power
to
do,
but.
I
K
F
K
It
right
so,
but
I
think
the
question
I
have
is
do
we
know.
Is
this
supported
by
everyone?
The
or
the
object
store
can
support
this
kind
of
thing
you
can
actually
change
it
afterwards.
Should?
Is
this
really
a
problem
at
all?
Well,.
J
K
So
you
don't
really
have
to
change
that.
Okay,.
I
A
K
A
In
protocol-
let's
say
you
know,
region
is
said
see
the
idea
is
protocol
is
supposed
to
be
the
source
of
truth
for
how
to
access
the
bucket.
Now,
if
we
say
admin
can
go
and
change
it,
one
we
might
be
allowing
them
to
do
something
that
that
you
know
cozy
got
wrong
or
they
didn't
set
initially
or
something
like
that,
but
two
that
could
also
be
a
bad
thing.
If
you
know
they
make
the
wrong
change
well,
the
way.
I
I
would
look
at
it
is
the
the
protocol
is:
is
information
that's
going
to
get
passed
through
to
pods
that
are
attached
to
this
bucket?
If
a
pod
was
attached
at
the
time
you
changed
the
protocol
like
what
is
supposed
to
happen
like?
Obviously,
you
can't
go
muck
with
a
pod.
That
is
running
at
least
I
I
think
you
can't
yeah
so
like
that
would
be
a
good
reason
to
say.
I
Okay,
you
can't
change
the
protocol,
because,
if
there's
any
pods
that
are
using
it
like
your
changes
will
not
be
reflected
in
those
pods,
and
so
it's
easier
just
to
disallow
mutation
of
the
field
and
say
look.
This
is
a
once
and
done
field,
and
if,
if
you
want
something
different,
you
basically
need
to
go,
create
a
new
bucket
and
attach
your
new
pods
to
the
new
bucket
and
then
they'll
get
the
new
values
and
that
cleans
up
any
confusion
around
what
to
do
about
existing
pods.
Okay,.
A
A
K
A
In
the
sense
that
you
could
have
one
bucket
that's
accessed
by
different
applications,
so
let's
say
you
have
one
application
which
which
mounts
the
bucket,
which
gets
all
the
bucket
information,
and
then
the
admin
goes
and
changes
something
in
the
protocol
and
then
a
second
application
requests.
This,
you
know,
gets
access
to
the
same
bucket.
In
that
case,
the
question
is
one:
should
we
even
allow
the
admin
to
make
such
a
change
or
anyone
to
make
that
change
in
the
protocol
or
two.
K
Think
we
need
to
be
careful.
We
actually
just
run
into
a
bug
the
access
mode
in
the
pv
pvc,
so
we
found
out
that
so
in
pvc,
you
are
not
allowed
to
change
the
access
mode.
However,
in
pve
you
are
actually
allowed
to
change
pv
access
mode.
Not
only
that,
I
have
to
change
that.
The
access
node
in
pvc
is
also
changed.
So
now
that
becomes
a
bug.
A
K
I
I
Fair
enough,
my
inclination
is
to
follow
the
pvc
pv
model
if,
if
pvs
are
generally
mutable
in
terms
of
the
the
low
level
like
csi
information
that
comes
back
from
the
csi
driver,
then
then
we
could
copy
that.
But
if
they're
not,
then
we
would
probably
want
to
copy
that
behavior
because
yeah
it's
it's
complicated,
I
mean.
If
we
did
allow
it
to
change,
then
it
would
have
all
the
problems.
You
just
mentioned
that
it
would
only
affect
new
pods
and
the
old
pods
would
get
the
old
values
et
cetera.
K
K
I
K
Yeah
yeah
that
that's
actually
you
know
the
issue,
I
actually
we
need
to
investigate
that
one
so
yeah,
but
actually
it's
a
problem
because
the
volume
is
already
created.
That's
only
supports
one
mode.
Now
it's
a
change
in
the
pv.
It's
actually
not
compatible
with
the
voting
cell.
It's
the
problem.
I
But
but
there
are,
there
are
situations
where
having
the
ability
to
change
it
gets
you
out
of
a
jam
where,
like
if
yeah.
I
So
so
anyone
who
makes
that
kind
of
a
change
would
would
be
admin
they
would
be
taking
the
risk
on
to
themselves
like
they
would
have
to
know,
but.
K
The
problem
is,
you
know,
the
problem
is
in
the
pve.
We
never
really
go
call
the
driver
like,
even
if
you
you
know,
even
just
for
static
provisioning
case
right
no.
K
I
We
don't
want
users
to
think
that,
like
mutating
the
the
protocol
in
the
bucket
would
actually
make
anything
happen
right
like
we
would
need
to
be
very
clear
about
you
know.
This
is
just
this
is
set
by
the
controller.
You
can
change
it,
but
if
you
change
it
to
the
wrong
values,
all
bets
are
off
right.
It's
it's
on
you
because
you
screwed
up
your
bucket,
but
there
are
situations
where,
like
due
to
you,
know
software
upgrades
and
new
revisions
of
this
of
the
cozy
driver.
A
F
K
Existing
pv
design-
I
think
that's
a
problem
they
assume
adam,
can
knows
everything
we
found
again
again
in
customers.
Environment.
That's
not
true,
a
lot
of
bugs
open
because
because
actually
the
customers
actually
have
access
to
those.
You
know
me
no
name
space
object,
they
change
it
and
I
mean
mistakes.
They
didn't
know
that.
A
Yeah,
yeah,
yeah
and-
and
I
think
for
now,
like
ben
is
saying
I
think
bucket
upgrade-
is
a
little
little
much.
I
I
And
that's
that's
always
a
problem
with
usability
and
support,
but
like
in
kubernetes
in
general,
we
try
to
just
say
you
know:
here's
the
api
use
use
it
the
way
that
we
documented
and
everything
will
go
right
and
if
you
go
off
on
you
know
and
try
to
cook
up
your
own
solution
or
hack
on
stuff
that
you're
not
supposed
to
hack
on.
We
don't
promise
that
it'll
work
right,
yeah.
A
And-
and
you
know,
if
usability
is,
I
mean
we,
we
I
mean,
as
as
the
developers
of
the
kubernetes
platform
itself,
I
think
we
should
we
should
design
for
maximum
flexibility
rather
than
usability,
and
I'm
coming
from
a
very
like
vendor
perspective,
saying
that
usability
is
should
be
something
that
that
vendors
figure
out
I
mean
vendors
can
write
controllers
to
make
this
more
usable.
They
could
add
whatever
admission
controllers
they
wanted,
but
we
would
provide
maximum
flexibility.
I
I
If,
if
it's
totally
not
obvious
what
would
happen
in
response
to
that
or
if
it's
going
to
create
new
paradoxes,
then
then
you'd
say:
okay,
you
can't
change
that,
but
I
would
default
to
mutable.
I
I
I.
A
Get
that,
but
it
still
doesn't
answer
the
question
of
what
to
do
about.
I
Yeah,
I
don't
want
to
take
a
hard
stand,
one
way
or
the
other
yeah
like
like
like
I.
If
it
was
mutable,
we
would
just
have
to
document
that
like
look,
this
is
you
know
if
you
change
it,
it's
not
going
to
affect
any
existing
pods,
etc,
and
if
you
make
it
immutable,
then
we
just
have
to
live
with
the
fact
that
the
only
workaround
for
when
it
has
the
wrong
values.
People
are
going
to
be
deleting
these
things
and
recreating
them
with
new
values.
A
A
Yeah
that
sounds
pretty
bad.
To
be
honest,
like
let's
say
you
know,
we
got,
we
got
the
region
wrong
or
something-
and
you
know
some
so
so,
for
instance,
state
for
instance,
okay.
So
this
I
think
we
should
leave
it
mutable.
I
just
thought
of
a
use
case
where
that
might
be
needed,
so
so
say.
For
instance,
you
are
migrating
from
one
cluster
to
another,
and
then
you
migrate,
the
bucket
request,
which
is
not
the
bucket
itself
and
one
cluster
is
on
the
cloud.
A
One
is
on
prem,
so
say
using
aws
and
min
io.
The
concept
of
regions
are
not
utilized
in
manila,
while
provisioning
buckets,
I
mean
yeah.
In
the
general
scenario,
everything
falls
into
one
region.
A
You
could
create
geographically
separate
clusters
and
uses
the
regions,
but,
let's
just
say,
there's
only
one
region
and
the
default
region
is
usc
one
and
you
know
if
there's
only
one
region,
it
kind
of
gets
ignored,
but
during
an
io
call,
if
you
set
the
region
wrong
like
when
creating
the
bucket
the
region
gets
ignored,
because
only
one
reason,
but
then,
when
creating
buckets
or
when
using
the
buckets,
I
o
calls
you
set
the
region
wrong,
I'm
not
sure,
but
it's
possible
that
you
won't
be
able
to
access
the
bucket,
because
it'll
think
you're
trying
to
ask
the
bucket
that
doesn't
exist.
A
So
so,
in
a
scenario
like
that,
you
know,
let's
say:
you've
created
a
bucket
put
some
date.
You
know
whatever
brought
in
some
data
into
it.
Somehow,
and
you
know
it
might
just
be
easier
to
go
to
the
protocol
and
update
the
region
rather
than
rather
than
having
to
go,
create
the
whole
thing
again.
A
So
so
shrink
so
you're
saying
it's
better
to
you
know
prevent
them
from
making
mistakes
like
like
that's
what
stuff,
like
that's.
K
What
I
thought
I
think
it's
actually,
I
think
it's
it's
better
to
start
with
immutable.
So
I'm
like
opposite
with
what
they're
saying,
unless,
if
those
changes
are
like
retaining
policy
that
I
agree,
you
don't
really
have
to
go
check
and
then
and
then
the
allow
allow
namespace,
I
think,
seems
to
be
finding
the
protocol.
If
those
things
you
might
need
to
go
check,
if
your
underlying
object
logic
can
support
it
or
not
those
type
of
things,
I
think
it's
dangerous
to
just
allow
them
to
change.
A
A
Yeah
now
that
I
think
about
it,
so
I
think
it
might
be
okay
to
say
you
know
what,
if
you,
if
you
got
the
values
wrong
when
you
provision
the
bucket
it's
on
you
now,
so
you
got
to
go,
create
a
new
bucket
to
fix
it
rather
than
saying
here.
Go
ahead,
make
the
change.
I
And
to
be
clear,
though,
the
way
that
you
get
things
wrong
is,
if
you
have
like
an
old
version
of
all
these
values,
come
from
the
cozy
plugin,
so
you'd
have
to
have
a
buggy,
cozy
plug-in
or
a
cozy
plug-in.
That
was
missing
some
important
feature
in
order
to
get
incorrect
values
and
we
don't
have
control
of
the
plugin,
though
so.
A
I
A
A
I
don't
feel
strongly
about
it.
Okay,
let's
go
with
that.
I
think
shin
feels
strongly
about
it
and
when
I
think
about
that
that
one
use
case
of
having
you
know
cloned
copies
having
you
know
different
data
that
that
that
seems
like
a
very
bad
problem
to
deal
with.
I
I
K
A
K
The
api
levels,
I
think
the
there
were
some
checks.
There
was
a.
I
A
A
It
doesn't
say
in
the
spec
behind
the
api,
but
I
bet
it's
there
in
it's
there
in
actual
kubernetes.
E
I
K
K
Because
I
know
there
are
some
fields
like
the:
I
think
there
is
some
some
node
affinity
thing.
I
know
that
is
actually
we
would
like
that
to
be
a
mutable,
but
then
that
is
actually
immutable
or
something
so
I
know
that
it's
a
different
depending
on
which
field
you're
looking
at
basically
now.
This
one
is
immutable
because
we
already
tested
this
one,
but
then
we
have
this
problem
that.
A
Is
important
now
yeah
is
the
storage
class
name.
This
should
be
immutable
right.
K
Like
the
node
affinity,
that
one
is
immutable
that
one
you
know
so
so
some
of
those
are
mutable.
Some
are
immutable
yeah,
this
one
is.
We
actually
hope
this
one
can
be
changed,
but
then
this
one
is
actually
immutable,
so
yeah
so
yeah,
so
it
can
go
yeah.
The
problem
can
go
both
ways
so,
depending
on
so
you
probably
really
need
to
look
at
exactly.
K
A
Yeah,
I
think
we
should
start
tagging
ghost
truck
like
with
immutable
immutable
fields
that
will
be
the
best
documentation
for
it
and
we
can
respond
to
it
in
code.
A
I
Do
we
already
have
the
validating
web
hook
framework
in
place
where
we
can
implement
that
kind
of
stuff,
or
is
it
like?
Is
that
beta
material.
K
Right,
so
that's
the
alpha,
so
that's
we
are
like
for
snapshot.
We
added
that.
A
I
A
I
I
I
A
K
F
K
A
F
I
Maybe
the
off
off
the
shelf
validating
web
hook
knows
how
to
look
at
the
metadata
on
their
structs
and
implement
certain
checks
yeah
for.
A
Free
metadata
is
pretty
straightforward,
like
you
know,
it's
just
in
the
reflect
package.
That's
how
like
json
does
it.
You
know,
struck
field
yeah
there
is
struck
field,
has
a
tag.
So
just
look
at
the
tag.
A
A
Yeah,
so
you
can,
you
can
have
custom
tags
whatever
color
blue
yeah,
so
you
know
we
can
quickly.
Like
you
said
we
will
have
the
admission
controller,
see
what
fields
are
coming
in
and
if
the
struct
tag
for
that
field
is
you
know
immutable,
then
we
don't
allow
it
automated
and
clean
and
we'll
know
it
works.
Every
time
sounds
good
like
what
do
you
all
think.
I
A
Yeah
I
I
yeah.
I
have
that
same
suspicion
too,
but
again,
the
the
cost
of
you
know
getting
mutability
wrong
or
getting
the
changes
wrong
is
very
high.
If
you
ask
me,
that's
the
reason
I
want
to
make
it
immutable
actually
like
if
this
field
is
changed
in
one
copy
of
the
bucket,
but
not
in
the
others,
and
and
you
want
to
change
it
back
or
something
it
gets
tricky.
A
All
right
so
so,
coming
back
to
the
original
question
that
we
had,
which
is
you
know,
we
were
talking
about
reducing
or
taking
out
some
fields
that
really
kubernetes
just
treats
us
as
pass
through,
for
instance,
anonymous
access
mode.
A
I
It
feels
like
a
parameters
thing
because
you
set
it
once
at
creation
time
and
and
it's
not
relevant
to
the
individual
workloads.
A
A
That
access
there
could
be
some
scenario
where
they
might
want
to
know
if
it's
publicly
well,
I
don't
think
that
this
is
the
best
way
to
give
it
to
them.
Any
yes,
yeah,
no
fair
enough!
What
about?
Why
should
we
in
parameters
now,
because
earlier
we
had
a,
I
mean
this?
Is
we
had
this
pretty
restrictive
definition
of
parameters
which
is
fields
that
apply
to
bucket
creation
that
are
that
are
render
specific.
I
E
A
Out,
okay,
yeah:
let's
do
that
also
right,
I
think
I
think
that's
what.
A
K
K
I
A
Enough
all
right,
so
with
that
argument
ben
I
I
guess
I
know
what
you're
saying
so
this
goes
away
and
you
know
we
expect
it
to
be
passed
through
parameters.
I
I
like
that.
Actually
anonymous
access
mode
goes
away
and
then
going
into
the
protocol
struct
itself.
J
A
But
but
I
also
want
to
get
a
sense
of
what
shang
things
and
you
know,
jeff
also.
K
H
H
Remove
these
things,
this
discussion
is
sort
of
a
repeat
of
earlier
ones,
and
earlier,
when
we
said
allowed,
namespaces
is,
I
mean,
excuse
me
anonymous
the
anonymous
month.
Access
mode
was,
should
not
be
a
first-class
field
in
the
api
and
as
part
of
my
kept
pr,
I
have
taken
that
out
and
there
were
similar
things
like
default
for
a
bucket
class
as
a
first
class
field.
The
feedback
from
tim's
review
is
that
we
should
do
what
is
done
for
storage
classes
and
make
it
an
annotation
rather
than
a
first
class
field.
H
H
No
that's
a
new
one,
but
I'm
happy
to
add.
I
mean
that
would
be
a
good
place
to
collect
feedbacks
in
a
public
setting
where,
for
instance,
then
you
could
read
the
pr
and
add
your
comments
on
the
changes,
but
then
also
add
a
comment
that
hey:
why
isn't
version
just
like
anonymous
access
mode
if
you're
getting
rid
of
anonymous
access,
get
rid
of
version?
You
know
things
like
that
would
be
useful.
A
Right
yeah,
that
was
my
point
of
view
to
asking
everyone
so
so
shin
I'll,
give
you
some
background
on
what
this
version
field
was
thought
of
originally
and
why
it
doesn't
make
sense
anymore.
So
originally
we
thought
the
version
would
be
like
like
so,
for
instance,
with
with
aws
api,
we
have
a
date
as
a
version
like
2011,
something
something
and
that
version,
even
though
it's
not
passed
in
through
any
of
the
calls
to
aws
itself.
A
But
we
actually
had
one
more
working
plate
which
you've
taken
out
actually,
so
that
version
was
supposed
to
be
something
specific
to
s3
and
it
started.
J
I
C
G
K
I
Okay,
so
so
the
yeah,
the
protocol
version
or
sorry,
the
signature
version
is
absolutely
necessary
and
because
today
we
have
s3
v2
and
s3
v4,
and
we
don't
know
if
there
will
ever
be
an
s3v5.
But
if
there
was,
you
definitely
need
to
know
about
it
right,
yeah.
You
need
nobody
to
make
every
call
yeah
yeah.
You
need
something.
A
K
H
I
A
Was
another
version
here?
What
was
that
it's
tricky?
I
I
couldn't
tell
you
to
be
honest:
okay,
yeah.
F
I
F
J
A
Something,
no,
no,
it
wasn't
amazon,
sdk
version,
so
so,
like
aws
api
version.
I
I
Okay
yeah,
so
so
initially,
this
was
the
version
that
was
suggested
we
put
in
the
top
level
version
at
the
top
level
of
the
protocol.
Something
like
that
and-
and
I
never
saw
the
point
in
that
so
I
agree-
I
would
be
happy
to
remove
it
and
and
if
and
if
jeff
wants
me
to
write
that
in
the
in
the
cap,
I'm
happy
to
put
that
feedback
there,
but
yeah.
I
A
All
the
application
could
use
is
the
actual
protocol
like
signature
version,
but
more
than
that
yeah
all
right,
so
yeah
yeah.
I
think
I
think
we
are
more
or
less
in
agreement
me
and
you
ben
jeff,
you
you,
you
didn't,
give
us
a
response
for
what
you
thought.
So
you
said
we
could
comment
on
the
cap.
But
what
do
you
think
about
removing
version?
A
H
Know
enough
about
it:
okay,
yeah,
but
I'm
I'm
very
open
to
listening
to
both
sides
of
it
and
and
then
forming
an
opinion
right
now.
I
don't
have
an
opinion.
Okay,.
I
H
I
F
I
B
I
A
Right,
right
and
and
the
thing
is
there
is
no
such
thing
like,
like
specific
extension
based
on
some
version
number
either
it's
a
part
of
the
you
know
s3
v2
or
s3
v4,
and
that
is
a
standardized
api.
If
it's
not
in
them,
then
it's
it
doesn't
mean
anything
like
if
there.
A
A
Like
funny
extensions,
well,
the
extensions
could
be
for
other
things
like
authentication
but
yeah,
but
but
but
we
support
only
one
authentication
model
right
now,
tokens
and
later
on.
I
am
like
those
two
work
with
any
version,
so
I
don't
see.
I
K
I
Well,
the
idea
was
that
maybe
every
protocol
would
have
something
like
an
s3
version,
so
put
the
common
stuff
up
here,
but
yeah.
I
think
we
can
not
do
that.
I
don't
know
if
you
can
make
the
same
argument
about
the
name
field
I
mean.
Obviously
we
need
the
oh.
No
I
see
the
name
field
is
your.
Is
your
structure?
I
A
Okay-
let's
do
that
then
then.
Please
write
that
in
the
cab
and
jeff,
please
remove
it
from
the
cap
and.
H
In
the
review,
I
just
want
to
keep
it
as
much
public
as
we
can,
so
it
doesn't
look
like
changes
are
being
made
without
community
input.
I
mean
the
community
is
right
here
in
front
of
you,
jeff
yeah,.
H
For
equal
voice,
when
people
can't
attend
meetings
in
person
when
there's
time,
zone,
differences
or
other
things
come
up
in
certain
meetings
on
a
regular
basis,
and
so
the
kep
github
is
very
good
for
bringing
in
other
voices.
I
Yeah,
I
absolutely
agree
that
it's
more
searchable,
there's
more
history.
You
know
no
one
wants
to
go,
read
or
listen
to
hours
of
meetings
on
youtube
that
have
been
recorded.
So
so
I
I
don't
disagree
there,
but
there
has
to
be
a
balance,
though,
because
this
is
this
is
higher
bandwidth
than
github
reviews
by
a
long
shot,
yeah.
A
Yeah,
I
think,
for
major
things.
You
know
like
api
changes.
I
think
it's
it's,
it's
good
to
write
it
down
and
think,
but
other
things
I
guess
we
don't.
We
don't
need
to
necessarily
write
everything
down
for
this
version
field.
Let's,
let's
just
write
it
down
and
just
up
you
know
make
a
comment
on
the
cap.
That
should
be
good
enough.
K
A
So
going
forward
so
within
the
individual
protocols
trucks,
I
don't
think
we
should
go
in
and
check
what
should
be.
I
mean,
like
I,
don't
know
if
we
should.
We
should
start
reasoning
about
removing
these
fields
at
this
point,
yet.
J
I
A
Yeah,
these
are
absolutely
new,
yes,
and-
and
you
know
some
people
might
say,
the
region
is
a
part
of
the
endpoint.
That's
not
necessarily
true
especially
say.
The
end
point
is
like
the
gov
cloud
in
you
know:
aws
it's
a
single
endpoint,
but
then
the
region
can
be
any
one
of
the
many
regions
it
supports,
rather
than
the
general
aws.amazon.com.
I
A
I
mean
it'll
naturally
lead
to
adding.
You
know
validation,
because
you
know
when
you
parse
it
it
can
lead
to
a
power
setter.
A
That's
custom
validation
like
with
this.
We
we
don't
check
even
and
then
http
is
a
valid
value
ben
because
you
know
in
test
clusters-
and
you
know
in
air
gap,
setups
people,
people
just
use
http.
I
I
I
guess
the
problem
would
be
if
there
were,
if
there
were
clients
that
couldn't
support
http
or
clients
that
couldn't
support
any
a
port
other
than
443,
then
supplying
those
things
here
would
break
those
clients.
Wait.
How
so
I
mean
if
the
client
hard
codes,
port,
443,
and
then
this
thing
tells
you
it's
running
on
a
different
port.
What
are
you
going
to.
F
I
That's
that's
not
cozy's
problem,
though
right
right,
I'm
just
saying
like
should
we
you
know
the
consumer
of
this
information
is
an
object,
storage,
client
and
if,
if
object,
storage,
clients
have
made
a
choice
not
to
support
something.
Maybe
we
should
ask
why?
But
but
if
everyone
supports
http
and
non-standard
ports,
then
then
it's
perfectly
reasonable
thing
to
allow.
In
general
I
mean
amazon
doesn't
support
non-standard
ports,
but
it's
amazon.
A
Right
right
same
with
like
major
clubs,
but
well
actually
I
couldn't
even
say
that
about
amazon,
because
amazon
has
an
on-prem
version
of
amazon
itself,
where
you
get
the
whole
cloud
on-prem
and
there
I
guess
even
there
is
https,
but
it's
a
custom.
Endpoint.
F
D
D
A
Yeah,
so
so
yeah,
that's
those
are
the
plan
to
choose.
So
if
both
are
supported,
that
means
s3v4,
so
the
s3
v2
signature
was
easily.
I
believe
you
know
people
could
you
know
without
knowing
what
the
actual
key
was
you
could
you
could
actually
end
up
signing
it,
so
paul's
client
could
pretend
to
be
a
valid
client
and
s34
is
a
new
version
and
at
the
point
both
are
supported
to
allow
clients
to
migrate
over
from
one
to
the
other.
A
So
that
was
like
an
interim
thing,
but
right
now
I
think
it's
still
true
where
you
can
use
both
like
mineo
supports
both
as
well,
but
the
expectation
is
it'll,
get
fully
deprecated
and
you
know
not
not
functioning
in
the
future.