►
Description
Kubernetes Storage Special-Interest-Group (SIG) Object Bucket Standup Meeting - 08 March 2021
Meeting Notes/Agenda: -
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
B
Perfect
all
right
good
good
morning,
everyone
so
today
I
want
to
quickly
go
over
what's
been
happening
in
terms
of
development.
I
want
to
go
over
what
our
goals
are
right
now
and
also
continue
the
discussion
we
left
off
last
week.
So
in
terms
of
current
priorities,
things
haven't
changed.
B
We
want
to
do
the
demo.
We
we
want
to
get
through
the
api
review
and
aim
for
alpha
after
that,
so
in
terms
of
the
demo,
so
we
have,
we
have
a
few
things
that
we
need
to
complete,
which
is
development,
deployment
and
testing
and
documentation.
B
So
what
we
said
for
the
demo
was
the
code
that
we
show
in
the
demo
is
going
to
be
working
code
and
it's
going
to
be
done
in
such
a
way
that
people
can
really
start
using
it
where
it's
documented,
it's
well
tested
and-
and
you
know
it's,
it
deploys
right
every
time
and-
and
you
know
close
to
production
quality
as
much
as
possible,
and
so
so
at
some
point
earlier
this
year
we
did
have
things
working,
but
since
then,
we've
we've
been
making
changes
to
the
spec
and
the
api,
the
grpc
spec
and
the
kubernetes
crd
api.
B
So
so
we've
had
to
you
know,
go
back
and
and
make
some
changes
to
our
code.
I'm
happy
to
say
this
week:
we've
made
good
progress
on
that
I've
chris,
on
this
call
he's
been
he's,
been
moving
the
different
components
to
start
using
the
new
api
and
the
new
spec.
B
So
so
we
we're
definitely
on
track
to
do
the
demo.
B
Sometime
sometime
in
the
next
few
weeks,
in
times
of
in
terms
of
deployment,
we've,
we've
got
all
the
different
components
deployable
using
a
customized
templates
and,
and
that
is
in
a
pretty
good
shape.
The
only
thing
that
we
need
to
work
on
there
is
having
a
different
deployment
step
for
a
sample
provisioner
and
the
site
car
right.
Now
they
both
deploy
as
one
and
and
that's
that's.
B
You
know,
that's
a
function
of
the
fact
that
you
know
we
want
to
run
those
two
as
two
containers
in
the
same
part,
even
though
technically
it
doesn't
have
to
be,
you
know,
things
can
be
over
the
network
and
the
grpc
calls
will
just
work
fine,
but
that's
just
how
it
is
today.
So
so
that's
one
tiny
change
that
needs
to
go
into
the
deployment
of
the
site
car
and
then
we
should
be
good
to
go
in
terms
of
testing
end-to-end
tests.
Other
things
are
one
of
the
things.
B
That's
missing
that
on
the
major
things
that's
missing,
but
otherwise
we're
in
a
good
shape.
We
have
unit
tests,
we
have
functional
tests,
you
know
marked
out
clients
and-
and
you
know,
tests
of
different
functions
of
all
the
three
components-
we're
also
well
underway
with
the
documentation
effort.
We
have
decent
docs
right
now,
which
talks
about
what
the
different
projects
are
for,
how
they
integrate,
and
then
there's
still
more
to
do
on
that.
B
I
think
these
here
is
working
on
currently
working
on
documentation
for
how
to
ride
a
cozy
driver
are
hit.
C
B
Okay,
so,
okay,
given
that
this
is
this,
is
the
set
of
priorities.
I'd
like
to
get.
You
know
your
info
on
where
we
are
in
terms
of
these
different
tasks.
B
So
let
me
start
by
asking
krish
where,
where
he
is
in
terms
of
moving
the
different
components
to
use
the
new
api,
yeah
krish.
D
Yeah,
so
the
sidecar
is
now
at
a
point
where,
like
all
the
versioned
for
all
the
version
dependencies
for
the
api
and
spec
are
updated,
everything
is
compiling,
there's
just
some
minor
test
issues
on
brow,
and
so
the
next
step
will
just
be
adding
in
you
know
the
new
functionality
around.
D
Let
me
check
my
notes.
I
think
there
was
something
you
want
to
change
with
a
health
check
as
well
as
some
changes
to
reflect.
Give
me
a
second
yeah.
I
think
we
still
just
need
to
in
general,
make
some
more
changes
to
the
sidecar
to
reflect
the
the
spec.
I
believe.
B
Okay,
all
right
so
so
you're
you're
getting
into
the
side
car.
Now
all
right
sounds
good
krish,
and
I
think
this
is
the
other
person.
That's
working
on
someone
something
here.
They
just
how's
the
how's.
The
progress
on
that
documentation.
So.
C
It's
it's
going
well,
so
I'm
looking
at
the
documentation!
I
also
looked
at
chris's
tricia's
pr
on
the
changes
he's
doing
with
the
spec
updates
and
what?
What
not
some
kind
of
incorporating
that
as
well.
B
B
B
So,
for
instance,
I've
had
exponential
back
off
in
case
of
errors
in
case
of
retrace
and
and
it's
an
open
pr
right
now
in
the
api
repository
anyone
here,
if
they're
interested,
please
go
take
a
look
at
that
pr
yeah
to
to
see
how
the
controller
logic
is
implemented,
all
right,
so
this
was
in
terms
of
our
development
milestone.
B
Now,
let's
actually
get
into
oh,
no,
let's
actually
go
back
and
talk
about
where
we
continue
where
we
left
off
last
week,
so
where
we
left
off
last
week,
we
were
looking
at
the
at
the
api
repo.
We
were
talking
about
what
fields
should
be
left
in
there.
What
fields
can
be
removed,
and
one
of
the
things
we
agreed
on
was
that
we
can.
B
We
can
remove
this
version
field
from
protocol,
so
so
that
change
is
yet
to
be
carried
out,
but
but
this
field
essentially
today
doesn't
serve
any
purpose.
B
Given
that
you
know
every
every
different
provider
like
s3,
azure
and
gcs,
every
one
of
them
can
can
represent
the
api
in
their
own
way,
so
it
makes
more
sense
to
have
a
version,
that's
specific,
to
a
provider
inside
of
the
provider
specific
struct,
so
so
that
was,
that
was
one
of
the
things
we
decided
on
and
then
we
were
so.
I
have.
B
I
have
another
question
that
I
want
to
ask
here
and
then
we
can
go
into
bucket
mutation
and
the
approach
that
tim
was
mentioning
so
in
terms
of
protocol
currently
inside
of
the
bucket
object,
we
have
what
is
this
yeah
so
instead
of
the
bucket
object,
we
have.
We
have
protocol
as
a
struct.
In
there.
B
Some
fields
in
the
protocol
are
filled
in,
you
know,
filled
back
by
the
sidecar
once
say,
the
bucket
is
provisioned,
and
I
think
we
spoke
about
this
a
few
weeks
back
where
we
said
the
endpoint
is
something
that
only
the
provisioner
can
know
and
and
this
end
point
being
the
point,
you
know
the
unique
endpoint
to
access
the
bucket
itself.
B
So
so,
if
the
endpoint
information
is
coming
back
from
the
driver,
so
you
know
it
causes
a
small
confusion
here,
because
protocol
has
the
endpoint
field,
and
this
is
in
the
spec
so
going
and
filling
the
spec
field
back
in
response
to
a
successful
creation
of
a
bucket.
B
You
know
just
seems
you
know
it's
not
it's
not
idiomatic.
B
New
or
this
is
it's
been
this
way
always
well,
but
I'm
asking
a
question
so
so
you
know.
E
B
E
Because
it's
the
spec
of
the
bucket
object,
not
the
bucket
request,
it
would
be
weird
if
we
were
putting
if
we
were
modifying
the
spec
of
the
bucket
request
other
than
maybe
to
perform
the
two-way
binding.
I
mean
we
do
this
with
pvcs
and
it's
it's
weird
there,
but,
but
because
we
are
creating
the
bucket
in
response
to
the
bucket
request,
we
wouldn't
well.
Let
me
think
about
this.
No,
we
do
create
the
object
first
and
then
the
sidecar
modifies
it
and
and
yeah.
E
E
They
they
don't,
I
think
the
key
is
they
don't
have
to
right
if,
if
they
want
to,
they
can
specify
something
in
the
bucket
class,
which
would
perform
a
hint
or
a
filter
or
recommendation
or
whatever
to
the
plugin.
But
if
the
plug-in,
if
they
don't
care,
the
plug-ins
should
pick
one
and
tell
you
where,
to
put
it.
B
That's
true:
that's
true!
Yes,
okay!
So
so
the
semantics
will
look
like
this.
If
it's
filled
in,
we
use
that,
if
not
we
fill
it
back
in
the
driver
would
fill
it
back
in
so
so
it
pretty
good.
E
E
When
you
invoke
the
sidecar,
where
the
sidecar
calls
the
controller,
it
will
go,
read
the
bucket
class
and
obtain
whatever
region
parameters
or
whatever
was
in
the
bucket
class
and
pass
those
in
at
the
time
that
invokes
the
plug-in
and
then
whatever
the
plug-in
returns.
That's
what
you
stamp
onto
the
bucket
object,
but
the
initial.
B
E
E
Yeah
yeah
and
the
sidecar
can
just
pull
it
out
of
the
bucket
class
and
pass
it
down
to
the
driver.
If,
if
the
user
specified
anything
got
it.
B
Right
right
right:
yes,
yes,
I
think
blaine
brought
it
up
and
yes,
we
thought
that
we
thought
that
was
a
good
idea.
Yes,
so
the
name
and
version
both
are
going
away.
E
D
B
And
and
chris
is
adding
validation
for
that,
so
do
we
already
have
that
chris.
B
E
So
so
what
it
needs
to
be
now
is
it
needs
to
look
at
s3
protocol
and
azure
protocol
and
gcs
protocol
and
make
sure
that
only
one
of
them
is
non-now
or
zero.
It's
okay
for
all
of
them
to
be
nil,
if
it's
not
set
yet
well.
Maybe
the
protocol
itself
is
nil
in
that
case.
So
then
you
would
always
expect
exactly
one
to
be
set.
D
C
B
Yeah
yeah,
I
mean
yeah.
I
think
it's
too
much
work
to
actually
add
that
validator
right
now
like
we
could
do
something
with
struck
tags.
But
again
I
don't
know
if
it's
worth
it,
it's
not
worth
it
all
right.
So
so,
let's,
let's
go
to
the
topic
we
finally
left
off
last
week
and
so
ben
I
sent
you
some
links
to
the
proposal
for
network
gateway.
Did
you
did
you
get
a
chance
to
look
at
them.
B
I
sent
it
on
slack.
E
B
B
So
so
that's
that's
our
current
story.
There
was
another
concept,
but.
E
I
was
going
to
say,
the
feedback
from
tim
was
a
little
bit
more
complicated
than
that.
It
wasn't
only
about
mutation.
It
was
about
this
whole
concept
of
doing
the
namespace
object
bound
to
the
non-namespace
object
right,
which
was
something
that
he
didn't
like,
especially
when
it
comes
to.
Even
if
we
don't
allow
mutation,
the
the
mirror
sharing
across
name
spaces
gets
funky,
and
I
thought
that
was.
I
felt
like
that's
what
he
was
objecting
to
more
than
the.
How
do
you
do
mutation
right.
B
B
Yeah
you're
right
so
so
we
we
were
exploring
this
other
approach.
Where
you
know
we
said
it,
you
know
we
just
wanted
to
explore
it.
We
don't
think
it's
you
know
unless
it
makes
a
huge
difference
to
in
terms
of
benefits.
You
know
we
we
said
that
you
know
it
might
not
be.
You
know
we
need
to
justify
justify
the
effort
that
it's
going
to
take,
because
if
we
do
go
down
that
route,
everything
else
has
to
be
reinvented.
B
Everything
else
has
to
be
reasoned
about,
but
we
we
also
said
that
we
will
go
through
this
exercise
once
to
see.
B
If,
if
that
approach
that
tim
brought
up
would
work-
and
then
jeff
also
mentioned
to
me
that
that
he
had
a
potential
solution,
so
I'd
like
to
listen
to
that
also
so
so,
first
I'll
start
by
just
refreshing
what
that
approach
was
that
we
discussed
or
what
that
approach
was
that
that
we
think
tim
was
referring
to
so
tim
was
talking
about
network
gateways
where
a
network
gateway
can
be
managed
within
an
organization
by
either
a
core
infrastructure
team
that
decides
how
you
know
the
network
is
gonna
behave
at
an
organization
level,
so
say
at
google
someone,
a
core
infrastructure
team
would
define
the
rules
for
top
level
assets
like
google
search
or
google
calendar
or
other
other
google
assets
and
per
team.
B
They
might
have
their
own
rules
that
the
infrastructure
team
would
wouldn't
necessarily
know,
and
in
that
case
the
way
network
gateway.
If
I
understand
correctly,
the
way
it
is
designed
is
you
have
the
concept
of
say
just
like
roll
bindings
and
cluster
roll
bindings,
you
have
namespace
objects
and
you
have
non-namespaced
objects.
B
They
both
behave
symmetrically.
What
that
means
is
the
namespace
object
binds
to
the
namespace
version
of
so
so
a
name
says
bucket
request
would
bind
to
a
namespace
bucket
and
similarly,
a
non-namespace
bucket
request
would
bind
to
a
non-namespace
bucket,
and
then
this
is
the.
This
is
the
approach
that
that
tim
or
I
understood
from
what
tim
suggested,
and
we
were
just
beginning
the
exercise
of.
If
how
that
would
work,
and
if
that
that
would
work
for
us.
B
Does
it
ring
a
bell
for
anyone.
A
Hey
sid,
I
just
I
haven't,
read
those
documents
and
I
was
just
checking
it
so
I
see
that
they
have
some
gateways
http
route,
the
gateway.
What
you
mean
it
can
be
either.
B
So
there
is,
there
is
one
like
just
like
cluster
rules
and
just
roles
or
role
bindings
and
clustering
bindings.
One
is
one
is
at
the
non-name
space
level.
One
is
per
name.
B
B
So
one
of
the
things
we
said
about
network
gateway
was
it
is.
It
is
different
from
buckets
in
the
sense
that
if
I
had
two
different
so
so
in
case
of
buckets,
if
I
wanted
to
you
know,
we
have
this
concept
of
sharing
in
buckets.
B
That
is,
if
I
create
a
bucket
in
one
namespace
and
say
I
want
to
bring
that
bucket
to
or
have
that
bucket
be
available
in
this
different
name.
Space
you'll
have
to
share
the
bucket
in
case
of
network
gateways.
If
I
you
know,
there's
there's
no
concept
of
sharing.
You
can
have
two
different
network
gateways
in
each
in
their
own
namespaces
and
have
them
be
exactly
the
same
set
of
rules
but
they're
still
not
the
same.
There's
no
sharing
involved
in
there,
which
is
which
is
unlike
buckets.
B
E
Yeah
and
the
other,
the
other
use
case
that
we
can
use
as
a
comparison,
is
what
we
did
with
volume
snapshots
where
we
did
go
down.
This
path
of
a
namespace
object
bound
to
a
non-namespaced
object
and
if
you
wanted
to
share
it
across
namespaces,
currently
the
only
way
to
do
that
is
to
make
a
copy
of
the
volume
snapshot
and
the
volume
snapshot,
content
and
and
bind
them
and
that's
how
it
works
today.
A
In
the
api,
I
I
don't
think
it's
even
possible,
you
generate
something
that
can
be
either
namespace
or
no.
It's
not.
A
So
well,
so
I'm
just
looking
at
this
diagram,
I
mean
cheerful
minute,
can
share
for
a
minute.
Oh
please,
please!
Yes,
I
think
you
yeah,
if
you
stop
just
sharing
okay,
how
do
I
okay
here.
A
Okay,
so
if
you
look
at
here
right
here,
some
examples,
this
is
still
a
namespace
right.
It's
not
really
like
cluster
space
right,
so
this
gateway.
If
you
look
at
the
one
on
the
left
shared,
but
this
still
has
a
namespace
so
meaning
it
is
still
it's
not
like
the
class.
It
also
has
a
gateway
class
which
it
says,
that's
a
cluster
scope,
but
it
says,
but
it
didn't
say,
gateway
is
also
like
a
classic
scope.
A
B
D
A
A
Oh
okay,
interesting.
It
also
talks
about
manage
one
all
right,
so
he
shows
a
one
too
many
and
one
to
one,
but
it
says:
there's
also
many
one.
What
how
does
that
work?
Oh,
okay!
So
basically
that's
the
route
like
this.
It
can
also
point
to
some
other
okay.
Okay,
I
see
all
right,
it's
kind
of
messy,
okay,
yeah,
it's
pretty
complicated.
It
says
it
has
like
yeah
this.
It
can
also
this
route
can
also
go
here.
It
can
also
it
can
also
be
you
know,
going
this
way
as
well,
yeah,
so
yeah.
B
So
three,
if
a
bucket
is
in
a
different
name
space,
then
an
asp
is
using
it.
I
mean
we
had
this
conversation.
We
said
buckets
have
to
be
cluster
scope
because
we'll
have
no
control
over
buckets
from
a
different
name.
Is
we
won't
even
know
if
it's
still
alive
or
just
usable-
and
you
know
discovery
is
also
not
easy?
A
A
B
G
Yes,
yeah,
okay!
Well,
I
made
I
haven't,
read
this
shing,
but
but
we,
but
maybe
this
is
interesting.
We
did
for
a
little
bit
consider
that
a
bucket
could
live
in
the
provisioner's
namespace.
You
know,
provisioners
are
namespaced
and
that's
where
the
the
plug-in
and
sidecar
run
and
a
b
a
bucket
instance
could
be
namespaced
and
it
the
namespace
is
the
same
namespace
as
the
provisioner,
but
we
for
simplicity
and
and
possibly
to
mimic
the
pv
pvc
model
more
closely
and
and
possibly
related
to
easier
sharing.
G
G
A
B
All
right
any
thoughts
on
this
ben
or
anyone
else.
E
If
it
is
truly
novel,
something
that
we
haven't
seen
before
then
yeah,
I
want
to
understand
all
of
the
implications,
including
like
the
is
there
do
they
have
two
objects
or
do
they
have
one
object?
E
E
You
know
if,
if
we
found
a
way
to
do
this,
that
didn't
involve
the
binding
two
objects
together
then,
maybe
like
doing
a
cross
name,
space
would
introduce
way
less
issues
or
having
many-to-one
relationships
or
one-to-many
relationships
or
many-to-many
relationships
or
which
I
hope
it
doesn't
make
any
sense
in
this
context,
but
yeah
I
I'm
gonna
have
to
I
mean
it.
E
B
Yeah
yeah,
so
in
in
this
case,
would
there
wouldn't
be
a
concept
of
a
copy
at
all?
B
D
G
You
it
would
be
a
timed.
I
could
bring
up
the.
G
Please
yeah
so
jeff
also
had
a
proposal
jeff,
please!
Well
let
me
I'm
gonna
try
to
share
my
screen
here.
All
these
different
zoom.
Like
things
I
get
them
mixed
up,
which
hold
on
I'm
trying
to
find
out
where
I
can
sure
scream
there
is.
G
G
You
share
screen.
G
Yeah-
okay,
great
thanks
good
to
know,
okay,
so
on
the
this
is
just
an
idea
of
trying
to
get.
I
was
just
thinking
a
little
bit
of
how
to
get
rid
of
cloning
and
and
make
it
a
little
simpler
for
the
admin
and
and
maybe
a
more
accurate
abstraction
of
a
a
of
a
bucket
instance
mapping
to
a
single
back
end
bucket,
in
other
words,
not
many
bucket
instances,
mapping
to
the
same
back
in
bucket,
but
just
one
kubernetes
bucket
instance,
mapping
to
the
back
end
bucket.
G
So
those
were
my
thoughts
on
the
left.
Side
of
this
diagram
is
what
we
have
today.
Essentially
within
the
same
name,
space
multiple
bars
can
point
to
a
single
br.
You
get
multiple
bas
as
a
result
of
those
multiple
bars
and
they
point
to
a
bucket
and
okay.
So
that's
today,
but
one,
but
today,
when
you
try
to
say
bar-3
in
namespace
2,
then
it
gets
complicated.
G
Today,
today,
you
have
to
create
a
br3
and
there's
a
cloning
of
a
bucket
instance
and
so
forth,
and
what
what
this
idea
is
is
that
the
bar
3
shown
there
in
namespace
2,
where
we're
now
talking
about
sharing
a
bucket.
It's
actually
green
brown,
sharing
that
bar
3
points
to
the
to
the
same
bucket.
G
There's
a
ba3
as
you
would
expect.
That's
no
different,
but
the
the
difference
is
really
twofold:
there's
only
one
bucket
instance
per
back
end
bucket
and
number
two
bars
in
a
brownfield
in
brownfield
uses,
they
point
to
the
b
instead
of
a
br.
G
So
so
in
namespace
2,
you
don't
need
a
br
anymore,
because
you're
just
sharing
you're
not
requesting
anything
new,
and
you
still
have
the
comp
complexity
of
the
admin
having
to
tell
a
user
what
the
name
of
the
b
is,
but
but
in
today's
kept,
the
admin
has
to
tell
the
the
br
author,
the
name
of
the
b
that
hasn't
really
changed.
Instead
of
the
name
of
the
b
being
in
a
br
for
brownfield,
the
name
of
the
b
is
in
the
bar,
the
the
communication.
G
E
G
Let
me
think
namespace
one
goes
away.
Okay,
so
everything
on
the
left
is
gone
now.
G
B
B
E
Right,
well
it
it
can
always
be
pulled
out
from
underneath,
because
somebody
can
always
just
go
to
the
back
end
and
and
delete
it.
The
the
point
is:
there's
an
orderly
way
of
doing
it
and
and
there's
an
orderly
way
of
avoiding
it
when
you
want
to
avoid
it
and
what
I'm
trying
to
figure
out
here
is
clearly.
If
you
want
it
to
go
away,
you
just
delete
it
no
big
deal,
but
if
you
want
to
not
go
away,
how
do
you
make
sure
that
that
happens.
B
Yeah,
so
we
do
have
a
list
of
accessors,
but
there's
another
problem
here
too,
which
is
since
the
bar
points
to
b
the
bl
would
have
to
know
the
name
of
the
bee
before
it's
created.
E
G
G
B
So
so
this
is
really
yeah,
I'm
thinking
through
all
the
different
trade-offs
yeah.
We
do
have
that
benefit
of
never
having
to
copy,
and
I
really
like
that
to
be
honest,
so
so
bar
one
would
point
to
ba
one.
How
would
that
work
like?
What
would
the
user
experience
be?
Like
say,
a
user
wants
to
create
a
bucket
and
utilize.
It.
B
You're
talking
about
a
green
brown
yeah,
no
green
field
creation,
the
simple
use
case.
So
what
would
that
yaml
file
contain?
Would
the
ammo
file
contain
a
br
and
a
bar
and
then
a
part?
You
know
pointing
to
the
br.
G
B
All
right,
how
does
the
ba1
and
ba2
get
created
in
the
oh
yeah?
That's
that's
the
usual
thing:
yeah!
That's
the
name!
Yeah
yeah!
That's
true!
All
right!
That's
yeah
yeah!
This
is
why
I
like
this
proposal
last
time.
Also
you
brought
it
up.
There
was
some
issue,
though,
that
we
had
I'm
trying
to
remember
what
there
was,
or
maybe
I
explained
it
wrong
last
time.
Maybe
that's
what
they
show
us
is
that
right.
G
E
G
I
think
so
ben
I
mean
it's
a
good
question,
but
I
believe
that
bucket
one
as
long
as
ba
three,
so
let's
say
you
get
rid
of
the
whole
left
side
of
that
picture.
Right,
yeah
and
all
that's
left
is
namespace
two
bucket
one
and
ba
three
right
and
and
and
the
you
know,
so,
there's
still
a
link
between
ba3
and
bucket
one
right.
E
B
That
the
name
says
can't
go
away
if
the
br
has
created
a
b.
Well,
I
don't
know.
E
B
E
E
E
H
E
G
E
Well,
if
I
have
a
bucket
class
that
sets
it
to
delete
and
then
I
create
the
bucket
presuming
the
normal
green
field,
workflow
and
then
I
change
my
mind
and
say
wait.
I
actually
want
to
keep
this
one
around
for
a
long
time,
because
I've
shoved
a
bunch
of
really
important
data
in
it
yeah.
I
can
go
change
that
that
deletion
policy
to
retain
and
then
delete
my
br
and
then
the
cozy
controller
will
just
let
the
br
go
and
leave
b1
dangling
right
like
yes,
just
like.
I
E
A
A
E
B
H
B
E
Right
right
that
that
is
how
pvs
work,
but
that's
not
what
we
want
here
right.
If
you
retain
it,
you
don't
want
the
bucket
to
go
away,
you
need
it
to
hang
around.
So
I
was
thinking
about
our
model
would
be
the
snapshot.
Model
snapshots
also
have
deletion
policies
and
they're
on
the
non-namespace
volume,
snapshot,
content,
object
and,
and
the
way
I
think
it
works
is
if
you
set
the
deletion
policy
to
retain
and
then
go
delete
your
snapshot.
The
namespace
snapshot
goes
away
and
the
unnamed
space
volume
snapshot
content
just
sits
there
and
nothing.
A
A
Correct
order,
if
it's
dynamic
provisioning
earlier
well,
you
try
to
delete
pvc
first.
Then
that's
actually
fine
basically
works
the
same
way.
If
it's
retained
that
individually
still
it
keeps
the
pv,
but
then
the
pv
again,
everything
will
be
deleted,
including
the
underlying
volume.
A
A
E
A
A
E
Okay,
so
so
what
you
could
do,
then,
is
you
could
change
it
to
the
deletion
policy
to
retain
while
you
delete
the
bucket
request
and
then
it
will,
the
bucket
will
remain
and
that
allows
you
to
tear
down
the
whole
name
space
other,
while
other
namespaces
continue
to
use
this
bucket
and
then
later,
if
you
actually
wanted
to
delete
the
bucket,
you
could
just
set
the
deletion
policy
back
to
delete
and
then
delete
the
bucket,
and
in
that
case
the
sidecar
could
be
expected
to
really
delete
the
bucket
at
that
point,
is
that.
A
E
It
just
feels
a
little
bit
less
self-service
because
I
guess
every
bar
you
create.
You
have
to
know
the
name
of
the
non-namespaced
object
in
the
old
model.
You
would
be
a
one-time
operation
to
create
a
br
in
the
in
the
other
name
space,
and
then
all
the
other
objects
in
the
namespace
would
just
refer
to
that.
So
once
the
initial
object
had
been
created
in
the
other
name
space,
you
wouldn't
you
wouldn't
need
to
know
anything
special.
G
For
every
bar,
that
is,
that's
not
pointing
to
a
bdr,
so
every
bar
in
a
name
space
other
than
the
originating
br
right.
Okay,.
E
So
so
so
the
only
grossness
of
this
introduces
into
the
design
is
now
bars,
combined
to
two
different
things:
well,
they're,
just
granting
access
to
a
bucket
yeah.
I'm
not
saying
like
this
is
a
big
problem.
I'm
just
saying
like
it's,
it's
a
it's
additional
complexity
that
we
wasn't
in
the
original
design.
Originally
bir
is
always
binded
to
brs,
and
so
you
just
have
one
field.
You
know
what
it
is.
Validation
is
easy.
Now
we're
going
to
have
two
fields
and
validation
is
going
to
be
a
little
bit
more
complicated.
E
Right
and
presumably
you
actually
have
like
a
bucket
request
field
and
a
bucket
field,
and
only
one
of
them
can
be
filled
in
right
and
then
so.
The
validation
has
to
enforce
that.
And
then
assuming
you
have
an
additional
level
of
validation
that
make
sure
that
the
thing
that
you
point
to
is
actually
there.
You
gotta
go,
look
in
the
appropriate
place
and
and.
G
In
this
example,
where
there's
three
accesses
to
the
same
back
end
bucket,
what
you
save
is
you're
saving
another
ba
another
br
doesn't
need
to
exist
and
you
don't
have
any
clones
of
bucket
one.
So
they're
you're
saving
two
additional
copies
of
bucket
one.
E
Yeah,
no,
I
I
there's
a
lot
to
like
here.
I
I'm
still
wondering
like
can,
can
another
namespace
adopt
the
bucket
in
such
like,
like
let's
say
we
implemented
mutability
at
some
point
in
the
future,
where
you
could
make
changes
to
br1.
That
would
result
in
b1
also
changing
and
the
sidecar
doing
some
work
to
enforce
the
change
like
then.
G
E
E
G
E
No,
I'm
saying
it's
okay,
if
zero
things
point
to
it,
but
if,
if
I
want
to
make
something
point
to
it,
so
that
a
user
can
mutate
it
or
do
all
whatever
else
you
want
to
be
able
to
do,
it
should
be
okay
to
have
exactly
one
thing
pointing
to
it.
We
just
wouldn't
allow
two
or
three
or
four
things
to
point
to
it's:
zero
or
one.
G
I
see
and
the
reason
you're
liking
the
idea
of
always
having
a
br
point
to
bucket.
One
in
this
diagram
is
for
the
eventuality
of
mutation
that
you
think
we'd
be
doing
mutation,
a
user
could
mutate
for
self-service.
A
user
would
mutate
something
in
br,
something
that's
not
there
now,
but
something
added
to
a
br
later
on
a
user
would
mutate
that
and
it
would
be
reflected
in
bucket
one.
Is
that
what
you're
thinking.
E
E
Why
not
give
him
the
ability
to
do
self-service
deletion?
If
I'm
not
saying
like,
we
should
bend
over
backwards
for
this
use
case,
I'm
just
trying
to
think
through.
Can
we
is
it
possible
to
just
construct
an
object
and
force
it
to
bind
in
such
a
way
that
now
namespace
2
owns
the
bucket
and
has
the
only
br
that
points
to
it.
E
G
E
It
I
I
don't
know
yeah
yeah.
No,
it
would
you
would
have
a
race,
since
one
guy
would
win
the
race
and
one
guy
would
lose
the
race,
which
is
how
it
works.
With
pvcs
right,
two
pvcs
can
race
to
bind
to
a
pv
and
whoever
wins
gets
it,
and
that's
fine
so
and
then,
and
if
there's
a
true
conflict,
an
admin
can
step
in
and
clean
up
the
mess
right.
E
E
Unless
we
wanted
that's
a
possibility,
unless
maybe
you
wanted
to
have
a
way
to
disable
that
and
say
this
is
an
unbindable
bucket
for
because
for
security
reasons
you
know
you
might
want
to
be
able
to
create
a
bucket
in
such
a
way
that
no
br
can
ever
bind
to
it.
For,
for
a
true
brownfield
kind
of
a
use
case
where
you,
you
really
don't
want
anyone
to
be
able
to
delete
it
through
kubernetes
or
mutate
it
through
kubernetes.
G
What
I'd
like
your
thoughts
on
ben
is,
if
you
look
at
the
diagram
as
it
is
right
now
and
we
got
rid
of
namespace
one
like
you
said
so,
everything
in
name
space,
one
is
gone.
Ba1
ba2
are
also
gone,
but
everything
on
the
right
side,
including
bucket
one,
still
exists.
G
Is
that
what
you
would
expect
to
happen,
or
would
you
expect
bucket
one
assume
retention
policy
of
delete?
Would
you
expect
bucket
one
to
be
gone
if
name
space
one
is
gone.
Oh.
E
E
G
G
Right,
well,
it
doesn't
have
to
be,
I
mean,
that's
pretty
similar
to
linux
file
deletion
right.
You
know
you,
you
you,
the
file,
the
inode
goes
away,
but
the
file's
still
there
until
the
last
accessor
closes
it,
and
then
the
file
goes
away.
So
that
is
not
so.
This
is
that
that's
one
of
the
worst
decisions
people
ever
made
like.
E
Well,
if
you
think
about
it,
if,
if
what
we're
saying
is
like
the
existence
of
a
bar
keeps
the
bucket
alive,
then
what
that
implies
is,
after
everything
is
gone,
except
for
the
last
bar.
The
deletion
of
a
bar
causes
a
bucket
to
go
away,
and
that
would
be
very
surprising
to
a
user,
I
think
to
say.
Oh,
I
deleted
my
bar
and
the
bucket
poofed,
because
nobody
would
expect
that.
E
G
G
E
G
Yeah,
so
so
in
the
case
where
retention
policy
is
set
to
delete,
br1
is
deleted.
G
E
E
B
So
so
this
whole
thing
is
about
like
so
so
we
want
to
make
the
bucket
independent
of
the
br
and
and
the
current
consensus
is
we're
going
to
let
if
the
deletion
policy
is
set
to
dangle
or
or
if
it's
set
to
retain
it
just
hangs
around
is
that
is
that
what
the
current
consensus
is
yeah
but
retained.
G
E
And
then
delete
would
mean
that
you
know
the
guy
who
created
it
gets
to
delete
it
when
he
deletes
his
object,
regardless
of
who's
using
it
right
and
then,
and
there
could
be
a
third
policy
that
sort
of
implements
some
sort
of
a
you
know
hang
around
as
long
as
there's
references,
but
that
just
makes
me
feel
weird
because
of
the
potential.
G
E
B
Why
can't
we
always
make
that
the
default
like,
like
you
know,
you're,
saying,
like
there's
a
force,
delete
versus
normal
delete
yeah
in
case
of
a
force,
delete
you,
you
don't
care
if
someone's
using
it
in
case
of
normal,
delete
you
do
yes,
I
mean.
If
someone
wants
to
really
force
the
lead
they
can
they.
You
know
we
could
we
could
you
know
they
just
go
and
admin
can
just
go
and
remove
the
finalizer
or
something-
and
we
always
just
you
know-
do
a
normal
delete.
E
B
C
E
E
G
And
then
that
name's
keeping
your
name
space
hostage,
like
you
said
you
don't
have
control
over
it.
As
the
br
author
anyway,
you've
you
got
retention
policy
through
your
bucket
class
that
was
created
by
an
admin.
So
unless
you
have
a
bucket
class
that
gives
you
the
delete,
the
retention
policy,
you
want
the
user
really
doesn't
have
say
on
the
bucket's
retention.
E
I
Cycle
of
the
app
in
namespace,
one
is
hey
guys
before
we
start
that
I'm
running
out.
B
B
Yeah,
can
we
let's
continue
this
on
thursday?
I
think
we
really
started
the
right
conversation
today.
I
I
like
this
approach
a
lot
so
we'll
take
it
forward
from
there
on
thursday.