►
From YouTube: CSI Community Meeting 20201209
Description
CSI Community Meeting - 09 December 2020
Meeting Notes/Agenda: -
Find out more about CSI here:
https://github.com/container-storage-interface/spec
Moderator: Michelle Au (Google)
B
B
C
C
C
No,
I
I
wanted
people
to
be
aware
that
there
is
a
tracking
issue
now,
if
you
have
ideas,
just
stick
them
in
here.
I
don't
know.
If
we'll
have
a
lot
of
discussion
but
yeah.
The
point
is
just
to
have
a
place
to
write
them
down.
So
they're
not
forgotten,
because
because
we
do
have
a
tendency
to
be
like
oh
we'd,.
C
C
That
idea
came
up
and,
and
the
thing
is
we
don't
want
to
give
people
the
impression
that
we're
actually
planning
to
do
a
2.0
version,
because
the
whole
idea
is
we'd
rather
avoid
it,
but
if,
if
it
ever
becomes
unavoidable,
then
we'll
have
a
list
of
things
that
we
would
like
to
knock
off.
At
the
same
time,.
C
C
A
One
of
the
things
that
we
talked
about
early
on
was
to
try
to
avoid
turning
the
co
into
a
database
for
plugins
right
and
this
you
know,
and
so
we
we
went
back
and
forth
a
lot.
You
know
context
and
attributes
fields,
and
you
know
trying
to
find
a
happy
medium,
and
where
do
you
draw
the
line?
As
far
as
you
know,
data
the
co
is
going
to
be
guaranteed
to
store
on
you
know
on
behalf
of
a
plug-in
so.
C
C
A
Yeah-
and
I
think
we
at
one
point
we
had
talked
about-
maybe
putting
sensitive
information
like
if
we
had
to
put
sensitive
information
somewhere,
you
know,
would
it
go
there?
Would
it
go
somewhere
else
and
we
thought
well,
you
know
in
the
spirit
of
avoiding
you
know,
over
engineering,
let's
just
build
what
we
need
right
and
if
there's
a
use
case
or
a
set
of
use
cases
that
strongly
argues
for
secret
information
in
those
fields
or
adjacent
to
those
fields.
C
No
so
like
the
reason
this
came
to
my
attention
is
because
we
were
doing
a
security
audit
of
our
own
csi
plugin
and
people
discovered
that
we
were
generating
chap
secrets
in
the
plug-in,
passing
them
back
to
the
co
in
the
volume
context,
and
they
were
getting
persisted
on
kubernetes
unencrypted
and
they
were
getting
logged
to
the
logs.
Like
the
secrets
were
people
were
like
well,
this
isn't:
okay
right.
D
C
So
the
only
solution
is,
you
have
to
generate
it
on
the
the
co
side
and
then
push
them
in
and
that's
limiting
because,
like
who's,
you
know
it's
that's
work
for
an
admin
to
do
or
for
a
user
to
do,
and
you
can't
just
make
it
happen
magically
without,
like
going
outside
the
csi
paradigm
and
like
having
your
csi
plug-in
talk
directly
to
kubernetes,
to
set
up
secrets
which
we
should
not
be
encouraging.
So
like
yeah.
B
C
C
I
mean
I
I
don't
know
if
we
have
generalized
requirements
on
ceo's
ability
to
actually
keep
secret
data
secret.
I
thought
that
the
whole
point
was
at
the
csi
spec
level.
We're
only
saying
this
is
this
is
something
that
should
be
kept
secret,
but
how
you
do
that
is,
is
unspecified
you
could
do
it
very
poorly
and
still
meet
the
spec.
C
But,
like
the
things
like
you
know,
the
published
context
just
getting
logged
to
a
log
file
like
that.
That's
a
reasonable
thing
to
do,
because
there's
not
supposed
to
be
sensitive
information
in
the
published
context,
but
you
know,
if
you
want
to
have
sensitive
information
in
there,
then
you
have
a
problem.
C
So
I
I
don't
know
I
just
I
wanted
to
find
out
about
the
history
and
then
and
ask
like
if
we
did
have
a
proposal
to
return
secrets
from
create
volume
and
return
secrets
from
controller
publish
volume.
Alongside
that
volume
context
and
that
published
context,
would
there
be
any
strong
opposition
or
would
we
just
have?
Is
it
just
a
matter
of
designing
it
and
working
through
all
the
details.
A
C
Did
notice
that,
like
down
at
the
the
grpc
machinery
level
there
there
is
the
ability
to
have
secrets
in
return
fields
and
the
the
grpc
client
does
scrub
secrets
from
logs
in
both
directions,
and
so
I
somebody
at
some
point
was
thinking
about
secrets
being
bi-directional,
but
then
we
only
ended
up
implementing
the
one
direction
so
yeah
I
just
if
it
wasn't
going
to
be.
You
know
too
big
of
a
burden
to
just
extend
the
specs,
so
you
can
also
return
secrets.
A
B
C
Create
volume
in
the
controller
publish
would
be
the
two
pla.
Those
are
the
two
places
you
can
currently
return
data,
so
the
proposal
could
could
be
you.
You
may
also
return
secret
data
in
those
two
places
and
then,
in
addition,
you
know
so
in
great
volume,
kubernetes
shoves,
that
into
the
pv,
so
you
might
have
to
also
shove
information
into
a
secret
at
you
know,
after
create
volume
and
then
controller
publish
generates
the
volume
attachment
object
and
you
might
also
have
to
have
a
secret
there.
C
C
C
B
C
B
H
I
H
I
B
B
E
C
C
D
C
I
I
B
C
C
B
B
C
B
B
C
D
A
D
Okay,
so
new
capability
for
driver
to
advertise,
it
suppose
efficient
application
of
gid,
but
and
if
available
cubelet
will
defer
to
storage
provider
and
so
provider
must
handle.
Now
the
question
that
we
had
was
like:
how
do
we
present
it
into
the?
How
do
we
represent
this?
In
the
rpc,
like
node,
publish
volume,
node
stage
volume?
How
do
we
represent
that
data
like?
Should
it
be
string,
or
should
it
be
something
else.
C
Well,
there
was,
there
was
the
question
of
like
if
it's
windows,
it's
not
going
to
be
an
integer
right,
it's
going
to
be
a
string
of
some
kind
right
and
there
was
like
there
was
a
question
of
do.
We
want
to
have
like
some
sort
of
a
union
struct
where
you
know
you
get
something
on
linux
and
you
get
something
else
on
windows
and
we
don't
support
anything
other
than
linux
and
windows,
because
one
of
the
nice
aspects
of
the
current
csi
spec
is
there
is
nothing
that
is
windows
specific
in
it.
B
D
Specific
yeah
like
read
this
gids
and
make
it
as
a
mount
option
string
like
the
whole
option
string.
However,
the
the
storage
provider
supports
that
I
mean
it's,
not
linux
specific.
It
is
how
the
how
the
storage
provider
implements
it.
Like
two
service
providers
may
may
compose
different
strings
actually
when
they
actually
apply
that
as
a
mount.
C
D
D
Our
options
are,
it
seems
to
me
that,
like
we
could-
and
we
also
wanted
to
to
keep
the
possibility
open
for
passing,
uids
pass
it
now
or
like
pass
it
later.
But
it's
something
you
want
to
leave
it
out,
but
but
if
we
have
two
different
fields,
optional
field,
like
say,
let's
say
string
like
uid
and
gid.
Definitely
that
works
or
we
can
hide
it
behind.
D
C
B
C
Well,
I
mean
I
don't
agree
like
the
way
we
handle
published
paths
and
target
paths
is
that
it's
defined
to
be
a
path,
that's
meaningful
on
the
system
where
you're
running
and
we
know
that
on
windows
paths
look
different
and
that's
not
a
big
deal
right.
You
just
say:
oh
it's
a
windows
path,
so
I'm
going
to
treat
it
like
a
windows
path,
but.
C
C
Yeah
yeah,
so
this
is
the
point
I
was
going
to
raise
was
that
I
I
really
want
to
see
us
leave
enough
flexibility
that
like
if,
if
better
technology
comes
along,
that
we
can
solve
the
underlying
problem
in
a
better
way.
So,
like
kubernetes
or
not
kubernetes,
any
co
should
be
able
to
express
its
intent
clearly
so
that
if
the
sp
can
do
it
better,
you
get
that
better
result.
D
So
the
the
the
gid
like,
for
example,
the
what
I
was
referring
to
the
gid.
If
you,
if
you
pass
it
a
string,
the
source
provider
will
want
to
compose
the
mount
option
like
hyphen
gid,
equal
to
the
whatever
the
string
that
was
there
and
some
other
story
provider
will
compose
that
differently.
Like
hyphen
group.
A
A
D
C
Yeah
and
the
storage
provider
may
have
a
way
more
efficient
way
of
doing
that.
Recursive
challenge
right,
like
they
could
do
it
server-side
instead
of
client-side,
which
could
be
a
lot
faster.
I
I
don't
know
I
I
guess
I
guess
what
what
my
hope
would
be
here.
Is
that
what
we
get
the
way
I
see
this
is
like
as
an
optimization
and
like
it.
We
should
allow
the
sps
to
advertise
that
they
are
able
to
optimize.
This
particular
or
opt,
have
an
optimal
solution
to
this
problem
and
then
cos
can
use
it.
C
But
then
I
want
to
make
sure
that
like
when,
when
there's
an
even
better
solution
that
we
can
just
stop
using
this
and
switch
to
the
even
better
thing
so
like
let
sp
say
that,
yes,
I
am
able
to
do
something
better
and
then
let
cos
leverage
that
if
they
want
to,
but
then,
if
we
stop
wanting
to
because
we
have
an
entirely
better
way
of
doing
this,
we
can
just
stop
using
the
capability
and
go
to
another
way.
So
so
we
want
to
keep
the
existing
way
working.
D
Okay,
but
I
just
want
to
emphasize
that
it's
it's
not
an
optimization
for
some
drivers
like
like,
for
example,
for
azure
file,
as
we
talked
about
the
driver
is
broken
without
like
if
it
cannot
pass
gid
to
to
note
note
stage
or
not
not
published,
then
you
cannot
simply
see
h
on
chmod
files.
Actually,
cubelet
cannot
do
that
because
it
doesn't
support
these
unix
extensions
and
the
files
the
volume
will
be
unreadable
and
writeable
by
the
part.
Actually,
so
it's
not
just
an
optimization
for
these
this,
this
class
of
driver.
C
Well,
yeah,
but
that
that
suggests
that,
like
any
co
that
is
coded
against
the
1.3
spec
will
is
going
to
be,
the
driver
will
be
broken
for
that
co
right.
Basically,
this
the
sp
depends
on
some
new
feature
and
that
feature
will
only
be
present
in
csi,
1.4
and
later,
and
so
older
cos
simply
won't
work
with
that
driver
like
is
that,
is
that
an
accurate
statement.
C
A
A
It
is
it's
part
of
like
the
get
capacity
request
call
and
what
it
seems
to
me
like
what's
being
discussed
here,
is
that
we're
somehow
going
to
augment
we're
gonna
we're
gonna
first
class,
some
kind
of
credential
right
or
identifier-
maybe
maybe
identifier
is
the
better
word.
I
don't
know
for
a
user
or
a
group
or
both,
and
I'm
I'm
wondering
how
that
fits
this
model,
because
you
don't
really
know
right
like
a
uid
or
gid
or
something
in
the
context
where
all
these
calls
are
possibly
being
made
right.
So
well.
C
C
Like
we
don't
need
to
think
of
it
as
a
mound
flag,
we
need
to
think
of
it
as
like.
Here
is
the
uid
and
gid
that
needs
access
when
you
do
the
node
stage
and
when
you
do
the
node
publish
and
if
you
accomplish
that
through
mount
flags
great,
if
you
accomplish
that
through
a
different
mechanism,
that's
all
that's!
Also.
Okay.
C
C
D
D
C
Yeah
one
of
the
one
of
the
basic
problems
is
just
like:
if
a
workload
just
moves
from
one
node
to
another,
due
to
the
way
the
container
subsystem
works,
like
the
uid
that
that
container
gets
can
be
random,
right,
yeah
yeah,
and
so
it's
not
the
user's
fault.
You
know
it's
just
the
way
that
the
co
works.
A
C
D
D
Ben
there's
also
that
the
bind
mount
solution
may
or
may
not
work
for
something
like
like
like,
for
example,
you
cannot.
The
like
the
like,
for
is
your
file
or
samba.
That
doesn't
have
unique
extensions,
and
things
like
that.
So
we
don't
know
like
how
how
it's
going
to
work
in
future.
So,
but
we
need
a
solution.
C
Why
I
thought
that
the
the
one
of
the
kernel
proposals
was
like
a
bind
mound
that
layers
on
top
of
your
other
mount
and
like
performs
the
shifting
in
the
vfs
layer
before
it
gets
down
to
the
actual
mount,
and
so
it
would
work
with
something
like
nfs
but
again,
given
that
it
hasn't
merged.
You
can't
really
play
with
it
and
and
see
it
that
easily.
D
Okay
looks
like
james
is
dropping,
so
so
I
just
wanted
to
like
the
week.
I
know
sad
and
and
both
were
like
thinking
that
if
we
could
enhance
volume
capability,
but
volume
capabilities
are
fundamentally
like
unsuitable
to
in
represent
this
actually
because
of
their
they're
fixed
once
basically,
volumes
are
created,
so
that
leaves
us
with
with
like
that
feels
on
either
fields
on
and
not
either,
but
but
pretty
much
like
feels
on
no
stage
and
and
and
not
published.
D
For
me,
I
think
I
thought
of
different
rpc
call,
but
then
the
problem
becomes
like
is
because
the
mounting
has
to
happen
at
the
time.
The
note
stage
is
called
different.
Rpc
call
doesn't
make
sense,
because
the
remount
many
mount
options
are
not
applied
on
remote,
so
remote
is
not
guaranteed
to
apply
the
gid.
D
C
So
so
I
want
to
get
back
to
the
the
basic
problem
where
we
have
drivers
now,
for
which
the
existing
csi
spec
doesn't
provide
a
mechanism
for
cos
to
give
enough
information
to
sps
so
that
they
can
get
access
or
so
that
they
can
provide
access
to
a
container.
And
this
is
a
windows.
Specific
problem.
Is
that
not.
C
D
C
Oh
great-
and
you
said
it's
a
it's
basically
samba
right,
yeah,
okay,
okay!
So
so
that's
why
I
think
I
have
windows
on
the
brain.
So
so
it's
samba
and
you're
saying
you
can't
implement
any
samba
based
driver
correctly,
because
the
channel
isn't
going
to
work
and
you
need
to
have
some
sort
of
gid
information
communicated.
F
C
Yeah,
so
so
this
is,
I
guess
we
just
never
thought
about
samba
when
designing
the
csi
protocol
and
and
to
make
it
work
at
all
yeah.
You
have
to
say
like
okay,
your
this
is
the
the
ui
dng
id
of
the
process
that
that
needs
access.
I
don't
know
this.
This
doesn't
feel
like
a
very
backwards
compatible.
I
mean
I
I
I
agree.
We
need
to
do
something
but,
like
I
don't
know
how
to
do
this
in
a
backwards
compatible
way.
C
Well,
let's
say
we
let's
so
so
what
haman
is
saying
is
like,
if
you
don't
do
this,
it's
not
going
to
work
so
like
let's
say
we
we
make
some
change
and
we
we
roll
1.4
version
of
the
spec
and
releases
a
new
driver
that
works
with
azure
file
or
whoever's
doing
azure
file
driver
that
and
it
relies
on
this
new
thing.
But
if
cos
like,
don't
do
the
right
thing?
C
It's
it's
just
not
going
to
work
so
like
we
have
this
new
required
field
basically,
and
that
and
new
required
fields
aren't
backwards,
compatible
right
like
by
default.
It
should
be
optional,
so
so
we're
going
to
have
a
situation
where,
like
even
after
you
upgrade
like,
unless
you
do
some
work,
it's
still
still
going
to
fail.
B
C
D
C
D
C
B
D
Yeah
yeah
yeah,
it
never
worked
properly.
So
it's
it's
not
like,
strictly
speaking
we're
gonna
break
it.
It's
just
that
we
are
gonna,
introduce
an
optional
field
behind
that
is
behind
optional
capability.
We
are
going
to
say
that
if
you
support
this
capability,
you
must
supply
this
field.
Otherwise
it's
an
option.
D
D
C
D
C
C
C
Okay,
so
it's
not
the
co
opting
into
a
behavior,
it's
the
ceo,
expecting
ordinary
behavior
and
not
getting
it
unless
it
uses
an
optional
feature,
but
I
mean
I
I
don't
it's
not
like.
I
have
a
better
answer.
I
think
we're
just
kind
of
in
a
bad
situation
here
and
we
have
to
do
something
awkward,
but
I
just
wanted
to
make
sure
that
we
had
a
understood
the
nature
of
the
problem.
This
is
really
like.
C
C
D
D
D
E
D
D
D
D
D
D
C
You
know
all
this
suggests
to
me
that
we're
missing
something
fundamental
in
sort
of
the
the
design
of
csi
and
how
we
support.
You
know:
pods,
gaining
access
to
storage
when
you
think
about
these
cases
of
like
multiple
users
with
multiple
identities,
sharing
access
to
a
volume
like
you,
it
implies
the
need
to
do
some
sort
of
a
uid,
gid
remapping
in
the
middle.
C
So
we
have
all
these
work
around
so
like.
Well,
if
it's
just
a
single
pod,
we
can
do
this
recursive
channel
and
well,
if
it's
multiple
pods,
everyone
can
just
run
with
the
same
identity
and
all
these
different
hacks
to
to
to
work
around
the
practical
limitations
that
we
face.
But
we
don't
have
a
comprehensive
solution
that
says:
yeah.
It's
actually,
okay,
for
multiple
pods,
on
multiple
nodes,
with
different
identities,
to
share
access
to
a
particular
volume
and
just
expect
it
to
work,
because
that's
kind
of
a
hard
thing
to
do.
D
C
Yeah
and
so
so,
the
amount
option
actually
solves
this
problem
but,
like
I
feel
like
we
kind
of
have
to
define
the
way
that
this
flag
works
in
such
a
way
that
the
only
valid
option
is
to
do
something
like
a
mount
option
or
a
shifting
mount
that
that
that
results
in
the
pod
getting
effective
access
without
affecting
any
other
pods.
That
could
also
have
access
simultaneously.
C
D
D
I
agree
to
that
and
we
can
add
some
wording
into
the
spec
for
that
actually
and
that's
something
we
can
like
carry
on
the
discussion
in
the
pr.
If,
when
I
get
a
chance
to
open
it
so
but
yeah,
that's
us,
that's
fine,
but
like
if
we
have
to
say
that
okay,
if
we
had
to,
I
think
the
the
so
the
first
thing
that
we
agree
is
that
we
need
a
capability.
C
D
C
Wouldn't
it
be
the
case
that
once
once
the
sp
started
asserting
the
new
capability,
that
kubernetes
would
never
use
that
hack
again,
if
it's
all
the
capability
was,
was
there
and
would
just
leave
it
to
that
particular
driver.
So
for
a
particular
volume,
it's
always
owned
by
a
particular
csi
driver
and
the
capability
should
be
unchanging.
I
I
A
I
D
D
C
E
D
D
E
D
C
So
but
that's
okay
right.
If,
if
you
have
run
as
any
in
the
spec
and
then
cubelet
picks
one,
that's
the
one
that
you
want
to
pass
down
to
the
plugin.
So
you
need
to
have
access
to
it
at
the
point.
You're
calling
node
stage
no
publish,
but
presumably
cubelet
can
do
that
because
it's
the
one
making
those
calls.
B
D
B
B
D
Yep
and
there's
already
a
pr
opened
by
someone
so
yeah,
I
personally
don't
have
use
case
for
it
and
maybe
other,
but
but
there
are,
there
have
been
use
cases
where
people
want
to
pass
secrets
to
note,
expand
volume.
Rpc
call-
and
it
seems
it's
optional-
seems
straightforward
change.
Actually,
unless
yeah.