►
Description
Meeting of Kubernetes Storage Special-Interest-Group (SIG) Workgroup for Container-Storage-Interface (CSI) Implementation - 06 March 2023
Meeting Notes/Agenda: -
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
A
Hello,
everyone
today
is
March
6th
2023.
This
is
the
kubernetes
CSI
implementation
meeting,
so
I
think
today
we
just
want
to
go
over
this
one.
A
B
A
Okay,
can
you
put
them
at
your
PR
here,
so
we
know
there
are
some.
A
And
then,
since
you're
here,
what
about
the?
What
about
the
secure
Linux?
What
is
the
status
of
that
one.
B
A
Oh,
can
you
can
you
submit
a
placeholder
for
the
blog.
B
A
Hey
no
problem,
thank
you
and
yeah.
So
this
one,
basically
we're
just
waiting
for
scissors
back
PR
the
the
release
to
be
cut.
So
GMS
has
some
comments,
so
I
I
submitted
another
PRT
dress
his
comments.
He
already
reviewed
it
and
he's
fine
with
that
yeah.
What
do
you
want
to
pin,
sir
from
that?
A
One
yeah
and
also
Ronald
has
been
working
on
implementation,
so
he
has
a
PR
that
the
crds
so
I'll
be
reviewing
that
that's
this
one
and
I
also
I
have
a
submitted,
a
placeholder
PR
for
the
blog
on
this
one
prevent
authorize
the
body
mode
conversion.
This
is
a
already
done
called
complete,
E3
test
added
just
to
need
the
talks,
the
blog,
obviously
so
I'll
clean
the
product
to
submit
a
placeholder
blog
for
this.
A
A
C
Okay,
it's
all
merged
I,
pinged
Chris
for
the
blog
post,
okay,.
A
I,
remember:
I,
pinned
him
see,
he
said
he's
a
little
behind
he's,
not
sure
if
he
can
get
a
code
in
and
remember
he
said
that
right
yeah,
so
he
said
the
yeah,
since
the
code
is
not
even
there,
so
he's
not
going
to
work
on
blog
for
that.
A
C
Mr
was
the
there
was
the
default
storage
class
thing,
I
guess
that's
not
being
promoted
right.
It
was
beta
last
release.
C
Yeah
we
did
find
a
bug
in
that
because
it
wasn't
handling
the
beta
annotation
I,
think
someone
did
create
a
fix
for
it,
so
I
think
we're
good.
There.
A
D
I
have
I,
don't
have
a
PR
yet,
but
we
are
doing
it
today.
The
further
recovery
stuff,
the
API
change
that
we
are
making
into
PVC
apis.
Oh.
A
A
Is
that,
oh,
is,
is
the
okay
Wednesday
I
saw
that
we
were
talking
about
the
blog?
Did,
let's
see
what
is
the
is
that
code
freeze
as
well
code
freeze,
March,
14th.
A
D
A
Okay,
so
I
added
this
one
last
time
so
for
this,
so
we
talked
about
how
to
address
cves,
so
in
KK
they,
basically
they
do
have
the
small,
regular
monthly
hatch
release
and
if
there's
some
CVS
they
have
this
lead
a
fixed
lead
who
will
be
coordinating
and
deciding
whether
they
need
to
release
earlier
outside
of
the
the
normal
release
Cadence.
A
So
one
thing
that
I'm,
not
sure
is
so
they
talk
about.
This
is
like
they
have
to
do
this
communication
in
some
private
channel,
so
Michelle
young
I
know
you
guys
are
in
some
security
mailing
list.
Do
you
guys
get
those
emails
early?
No,
okay,.
D
C
Okay,
so
I
was
I
was
also
talking
with
Ben
Ben
Elder.
On
this.
A
C
Yeah,
like
I,
think
all
of
this
process
is
gone
for
the
first
class
of
cves,
like
there's
a
cve
in
the
project
itself.
Okay,
when
I
was
talking
to
Ben
I
think
he
was
saying-
or
at
least
he
was
telling
me
that
it
doesn't
look
like
there's
a
regular
process
to
like
update
all
the
dependencies
and
do
dependency
scans.
C
C
Only
they
only
like
if
there's
a
golang
CDE
and
it's
impacting
you
know
it's
actually
impacting
like
some
binaries.
Then
they
will
include
it
but
I
think
it
didn't.
I
didn't
get
the
sense
that
they
actually
do
reg
they
run
and.
A
Anything
like
that,
okay,
so
then
the
basically
just
they
probably
their
security
team,
probably
just
knows
when
CV
shows
up
right,
they
just
like
regular.
It's
not
really
necessarily
how
do
they,
but
how
how
to
even
know
when
the
CV
CV
shows
up
and
how
do
they
get
notified
if
they
don't
understand
things
like.
C
I
think
or
the
main
I
think
the
main
thing
is
that
they
are
concerned
about
is
mostly
goaling
vulnerability,
because
I
I
don't
think
they
really
I,
don't
think
they
really
monitor,
say
like
base
image
vulnerabilities,
which
is
where
a
lot
of
the
the
CBE
scanning
things
do,
and
so
whatever
I
guess
somebody
is
monitoring,
golang
vulnerabilities
or
maybe
the
goaling
project.
C
C
D
C
A
D
C
A
C
And
really
with
all
the
like
supply
chain
concerns
like
everyone
should
not
be
actually
using
Community
images.
A
A
C
A
A
B
D
A
C
I
had
added
the
whole
vendor
directly
to
the
AWS
driver.
For
that
reason,
and
then
I
think
recently
they
removed
it
and
so
yeah.
A
A
A
That's
the
way
to
go,
I
remember
in
the
past.
Just
always
you
have
vendor
and
then
at
one
point
thought
we,
you
know
we
were
told
to
remove
it
at
one
point
saying
that's
better,
but
now
yeah
I
see
what
you're
saying
it's
actually
the
this
you
got
this
it
it's
not
as
stable
right,
don't
know
what
you're
pulling
it's.
That's
true!
Okay,
all
right.
C
C
Think
history,
basically
my
conversation
with
Ben
who
is
not
representing
you
know
like
the.
D
A
C
Their
scanners
and
that's
fine,
but
we
don't
need
to
go
out
of
our
way
to
actively
scan
and
update
stuff.
Okay,.
A
C
A
I
could
also
just
you
know,
chat
with
some
release
team,
because
I
know
they
do
a
lot
of
things
like
they
feel.
There's
a
beautiful
materials.
Things
like
that
right,
so
just
I
I
was
just
wondering:
did
they
do
anything
extra?
But
if
not
that's
fine
I
was
interested
thinking.
Do
we
need
to
every
time
we
release?
A
A
C
But
like
you
added,
we
added,
we
I,
think
Andy
added
the
the
trivia
scanner
in
liveness
probe
and
maybe
no
driver,
registrar.
A
C
A
little
bit
so
I
think,
like
I,
mean
I
I
wouldn't
be
opposed
to
running
a
security
scanner,
but
also
I,
don't
know
I
guess
we
should
I
mean
I,
think
we
should
just
treat
it
as
best
effort
like
we
will
update
them
if
possible
during
our
normal
release,
Cadence
but
I
guess
we
don't
need
to
like
go
out
of
our
way
to
like
do
releases
every
time,
something
yeah.
C
Yeah
and
actually
specifically
for
that
I
noticed
I.
Think
GitHub
has
some
new
beta
feature
to
do
to
run
a
cve
scanner,
and
maybe
we
should
look
at
using
that,
because
I
think
I
think
that
one
does
not
block
PR's
I,
think
that
one
just
like
periodically
scans
and
then
I,
don't
know
somehow
it
alerts
somehow
I'm
not
sure
how
I.
A
I
think
I,
look
at
I
think
I.
Look
at
that
because
that's
enabled
on
one
of
my
other
projects,
but
it's
not
detecting
as
many
things
as
the
3D
scan.
Somehow
but
I
do
see
the
you
know
the
the
one
that
Andy
has
it's
just
too
too
restrictive.
Definitely
yeah
I'm
fine,
for
you
know
disabling
that,
maybe
just
to
like
scan
it.
Let
me
cut
a
release
right
or
yeah
the
thing
we
could
do.
C
Yeah
I
I
think
also,
theoretically,
because
we
also
have
dependabot
running
yeah.
C
A
Definitely
an
external
provisioner,
but
I
don't
know
if
it's
for
every
repo
but
I
think
yeah
with
that.
Definitely
it's
going
to
you
know,
help
a
lot.
A
A
A
So
if
you're
not
sure
it
catches
everything
if
there
is
a
CV,
it
doesn't
matter
whether
it
really
has
an
impact
on
you
or
not
so
yeah
it
covers
it
should
not
miss
things.
I
mean
at
least
I
have
seen
seems
to
be
pretty
thorough,
the
the
GitHub
one.
Maybe
we
could
try
that
I
mean
from
what
I've
seen
in
the
past
does
not
seem
to
be
capturing
that
much,
but
we
can
definitely
try.
Maybe
that
will
be
improving
as
well.
A
Okay
and
then
you
said
enable
the
GitHub
CV
detection
we
could
I
mean
it
doesn't
hurt
at
least
right,
so
it's
going
to
show
something
but
definitely
doesn't
hurt.
We
could
do
that.