►
Description
Meeting of Kubernetes Storage Special-Interest-Group (SIG) Volume Snapshot Workgroup - 23 July 2018
Meeting Notes/Agenda: https://docs.google.com/document/d/1qdfvAj5O-tTAZzqJyz3B-yczLLxOiQd-XKpJmTEMazs/edit#heading=h.m4p7hse9js0l
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
Moderator: Jing Xu (Google)
A
A
A
If
the
snapshot
needs
uploading
over
the
book
at
is
normally
a
later
time
and
I
checked
for
Less
agc
it
is,
there
is
a
creation,
timestamp
I
I
think
it
is
when
the
snapshot
is
created,
but
I
need
to
put
up
check
the
meaning
of
this
creation
times
that
it
could
be
when
the
session
is
available
in
high
systems
exam,
otherwise
yeah.
It
is
a
little
hard
to
determine
resonating
to
me
probe
like
tank.
What
is
your
status
obsessions
and
form
CSS
back?
A
D
B
D
B
D
They
suggested
to
us
was
have
concrete
states
in
the
volume
attachment
status
object.
So,
for
example,
we
had
the
attach
state
and
then
the
challenge
was
okay,
the
having
a
boolean
indicating
whether
a
certain
state
is
achieved
as
nice.
But
how
do
you
capture
error
and
for
that?
We
added
a
generic
volume
error
object
which
allowed
us
to
say
timestamp
and
message
for
at
a
chair
or
detach
error.
A
Actually
similar,
so
we
here
we
have
their
field,
we
can
say:
okay
created
as
a
pudding,
so
weather
is
created
or
chill
force,
but
because
snapshots
time
is
very
important
for
user
to
know
when,
like
it
change
to
like
it's
or
in
the
card
or
where
he's
available
to
use.
So
thinking
about
that
point,
instead
of
just
have
a
pudding,
we
can
definitely
have
a
tense
that
that
is
a
pointer,
and
if
it
is
new,
then
that
means
it's
not
yet
created.
A
A
D
A
But
the
only
thing
like
every
machine,
that's
how
we
know
when
he's
available
so
right
now,
because
olive
oil
I
mean
they
might
not
have
when
I
explained
tense
them.
Tell
you
both
time
like
wearing
high
pants
like
DC,
when
we
have
one
on
create
thanks
them,
and
then
we
probably
get
one
in
time
step
for
these
two
conditions
and
the
controller
thinks
it's
need
to
keep
probing
like
checking
the
status
of
the
snapshot
and
miss
the
response
of
the
CSI
snapshot
API.
C
A
A
C
E
C
A
D
I
guess
what
I'm
a
little
bit
unsure
about
is
what
the
error
handling
situation
is.
Gonna
look
like
for
the
caller,
so
you
have
one
failed
at
you.
Have
one
available
at,
and
one
created
at
so
created
at
and
available
at
seem
fairly
obvious
to
me.
Those
are
the
two
nth
possible
and
States
and
then
failed
at
can
be
shared
by
either
of
them.
So
either
during
creation
or
during
upload
a
either
of
those
operations
can
fail
and
that
condition
can
be
transient,
meaning
it
can
fail.
D
While
it
was
doing
creation
and
then
at
some
point
later
it
can
succeed
the
creation
and
then
try
to
upload
and
fail
during
upload,
and
so,
if
you
have
a
single
failed
at,
how
is
that
going
to
be
handled?
Is
it
going
to
be
always
what
the
latest
error
was?
Does
it
get
cleared
after
a
certain
point?
How
does
it
work.
E
Is
the
available
at
and
failed
status
or
time
stamps
I
can
understand
created
at
that
everything
else
can
be
inferred
from
the
status
of
the
snapshot
and,
as
was
mentioned
previously,
sometimes
they
can
get
failed
if
storage
runs
out
or
the
qaol
space
runs
out
for
the
snapshot
sometimes
they're
deleted
and
can
fail
later
on
their
lifecycle.
I,
don't
see
what
the
use
of
a
beta
of
lateral
failed
at
could
be
useful
I
mean
you
can
get
them
from
the
events.
What's
the
use
case.
A
A
A
E
A
A
A
A
C
C
The
unit
plugins
not
going
to
return
as
it's
going
to
be
pending
in
that
case,
and
then
one
that
call
returns,
we
will
get
the
created,
add
time
stamp
right
and
then,
depending
on
whether-
and
there
is
a
uploading
face
or
not,
if
not
uploading,
then
controller
need
to
continue
to
call
and
then
you
know
get
the
status
and
then
until
upload
is
finish
and
then
at
that
point
it
becomes
available
at
it
was
no
uploading
then
available
at
times.
Time
will
be
the
same
as
created
at.
B
C
A
B
C
B
D
A
D
Think
the
correct
behavior
would
be
to
categorize
the
type
of
error
that
you
get
if
it
is
something
which
we'll
never
be
able
to
be
recovered
from
then
it
makes
sense
to
never
retry
again.
But
if
it
is
some
sort
of
transient
error,
then
we
should
do
exponential
back-off
and
continue
to
retry.
The
general
idea
with
the
kubernetes
objects
is
that
once
they're
created,
the
user
is
hands-off
and
the
system
should
drive
towards
that
state
and
if
there's
something
preventing
that
state
from
being
achieved
whenever
that
is
unblocked,
then
that
state
is
achieved
shortly
thereafter.
A
So
if
we
keep
trying
the
user
don't
have
to
unfreeze,
unless
ya
user
can
say,
you
need
is
actually
the
object
and
we
don't
try
anymore,
but
the
main
thing
is
section
on
user
to
like
do
something
before
and
after
taking
some
shots,
that's
the
main
reason
we
don't
want
to
keep
retrying
and
imagine
mekt,
ranzz
and
stay.
There
is
probably
a
bit
hard
to
determine
what
kind
of
a
there
and
which
maybe
we
should
really
try
be
there.
A
F
So
I
think
what
we
issues
here,
one
is
on
application,
consistency,
shots
which
requires
the
application
to
request
and
whether
that's
done
by
the
application
owner
or
by
a
Kunis
controller.
So
that's
one
thing,
because
if
it's
applications
gonna
be
all
clearly
paused
for
a
long
time
until
snapchat
succeeds,
that
can
result
in
downtime
and
you
know
disruption
to
operations.
So,
but
another
issue
is
also
schedule
snapshots
with
scheduled
status.
You
want
to
expire
at
specific
points
in
time,
for
example,
every
night
at
midnight.
We,
these
type
of
snapshot,
doesn't
make
sense.
We
try.
A
A
D
I
think
it's
it's
important
not
to
try
to
boil
the
ocean
on.
You
need
to
understand
that
we're
gonna
start
with
a
very
small
use
case
that
we
believe
is
the
basic
primitive
that
we
can
then
rely
on
to
build
higher
level
functionality,
so
things
like
snapshot,
cron
jobs
and
fun.
You
know
scheduled
snapshots.
Things
like
that
can
be
built
on
top
of
functionality
that
will
allow
you
to
trigger
a
snapshot
on
demand
I'm.
So
let's
keep.
F
C
A
D
A
D
Retry,
okay,
so
you
get
one
shot
and
if
it
doesn't
work,
it
fails.
I,
then,
in
the
future,
you're
going
to
add
in
additional
functionality,
either
that's
going
to
be
some
sort
of
retry
count
or,
like
Garth
mentioned
some
sort
of
retry
until
timestamp,
and
if
the
timestamp
is
before
that'll
continue
retrying
before
that
and.
A
A
A
A
C
A
F
A
F
Couldn't
be
any
conditions
than
true
and
false
for
each
condition,
so
this
is
much
cleaner
but
still
I'm
not
clear
how
they're
how
these
are
different
than
phases,
because
effectively
we
have
a
state
machine
here
where
it's?
No,
absolutely
you
know.
First
phase
is
created
at
and
then
based
on.
Where
you
have
the
operating
face
or
not.
We
have
the
available
at
so.
F
A
Those
information
I
mean
you
can't
Bert
like
what
is
this
thing
states
right
now,
so,
like
I
said
when
you
say,
but
there
is
nothing
set,
then
your
son
shot
is
still
pending
and
then,
when
the
create
ad
is
set
rights,
you
know
it
is
already
cuts
and
the
depends
on
whether
they
available
and
sets
and
together
or
not
if
the
very
bad
is
not
stand
right.
You
know
right
now
it
is
not
available.
A
E
We
had
failure
of
the
snapshot
in
later
time.
Do
we
set
a
made
of
lat?
Do
we
blank
that
out
so
in
case
of
snapshot
files
later
soak,
our
space
runs
out
or
something
and
you
a
snapshot
of
taken
which
invalidates
older
snapshots?
Do
we
set
failed
at
and
then
blank
out
available
at
having
just
one
condition.
A
D
D
A
D
A
D
Right
but
the
idea
is
similar,
it's
just
that
after
we
think
a
certain
state
is
achieved,
we
could
potentially
continue
to
monitor
it,
monitor
it
to
ensure
that
it
doesn't
deviate
from
that
state.
I
think,
overall,
in
the
grand
scheme
of
things
that's
relatively
minor,
the
most
important
thing
for
us
is
making
the
snapshot
available
at
a
given
point
and
then
once
it's
available,
any
additional
checking
that
we
do
is
a
nice
to
have
it's
non
critical.
A
A
We
have
some
explanation:
it's
each
created
a
doorway
to
and
if
it's
not
clear
like,
we
can
definitely
revisit
it,
but
for
this
status
right
we
don't
want
to
use
condition.
I
think
we
want
to
create
that
and
we
use
direct
refused,
and
rather
we
should
be
use
and
I
say
true
or
false
for
some
state
or
thanks
them.
I
won't
prefer
to
use
them
them
for
neck
or
in
each
state,
because
time
is
important
and
useful
for
user.
They
can
know
when
there's
time
starts
its
beginning,
so
they
can.
A
H
A
A
H
E
D
Yeah
I
think
the
behavior
should
be
that
if
created
at
is
set,
then
you
can
assume
that
creation
has
succeeded.
You
don't
need
to
take
a
look
at
fail
that
if
available
that
is
set,
then
you
can
assume
that
it's
available
and
you
don't
need
to
look
at
failed.
If
either
of
the
two
is
not
set,
then
you
should
be
looking
at
failed
at
to
try
and
understand
what
happened.
E
D
There's
an
implied
order
of
operations
between
the
two
meaning.
If
neither
is
set
and
to
fail
that
shows
up,
then
it
indicates
that
it
applies
for
creation
not
for
available
and
as
soon
as
created
is
set
then
fail.
That
applies
for
available.
So
it's
the
responsibility
of
the
the
the
controller
that's
going
to
be
setting
it
to
clear
the
failed
state.
If
a
retry
force
is
created
to
succeed,
which
is
a
little.
E
A
A
E
C
C
D
I
think
I
think
the
logic
behind
in
this
and
I
am
NOT
an
expert
on
the
API.
So,
but
my
understanding
is,
if
you
have
essentially
an
enum
of
states,
then
when
a
new
enum
value
is
introduced,
the
existing
controllers
no
longer
know
how
to
operate
on
that
new
value.
Where,
as
if
you
have
each
state,
essentially
as
a
discrete
field,
then
you
know
you
could
have
existing
controllers
continue
to
and
continue
to
understand
the
existing
States
and
only
not
understand
any
new
fields
that
are
introduced.
D
So,
for
example,
in
this
case,
we
have
creation
and
available
as
long
as
existing
controllers
understand
creation
and
available.
Even
if
a
third
state
is
added
here
as
long
as
created
and
available
or
set
correctly
they'll,
be
able
to
operate
correctly
without
having
to
operate
on
that,
whatever
that
new
field
is
but.
E
D
It's
not
necessarily
the
setter,
it's
also
the
consumers.
Ideally,
this
API
with
kubernetes
the
API
is
supposed
to
be
transparent.
Anybody
can
read
and
write
from
it,
so
someone
who
is
using
the
the
state
to
do
something
so
maybe
that
the
controller
has
been
updated
to
understand
the
new
phase,
but
some
consumer
that
is
monitoring.
This
has
not
been
updated.
D
F
You
know
maybe
follow,
may
be
became
chapter.
You
see,
information
on
the
volume
snapshot,
content
objects,
because
this
is
this
only
matters
to
the
controller
and
to
the
user.
We
can
only
show
the
single
feel
the
single
phase
field
that
they're
used,
which
is
easy,
because
they'd
only
care
about
how
these
transitions
happen.
This
makes
sense.
A
F
But
if
the
users
only
see,
for
example,
I'm
not
advocating
this
I'm
just
me,
there
was
that
much
basically,
they
just
want
a
single.
They
want
to
it's
more
straightforward
for
them
to
see
a
single
field
instead
of
combining
multiple
fees
singing
what
happened?
What
didn't
happen
if
they
see,
for
example,
there's
a
single
monitor
that
would
same
way
they
monitor
PVCC
for
them.
A
F
A
D
One
you
have
to
so
III
think
I,
it's!
The
interface
here
is
a
little
bit
ugly,
but
unfortunately,
both
pieces
of
information
are
necessary
for
the
consumer.
So
I
don't
agree
that
it
should
be
moved
to
content.
I.
Think
it's
required
on
the
snapshot,
object
itself,
yeah
I!
Think
it's
ugly,
but
it's
it's
ok.
A
A
E
A
A
D
D
E
A
A
E
A
A
A
A
Another
thing
response
that
you
are
two
volumes
and
right
now
we
propose
to
have
take
a
source
struct
in
a
PVC
and
before,
like
we
mentioned
exerts
test,
we
can
have
a
time
and
name,
and
so
it's
very
general.
When
you
have
new
type
of
business
sources,
we
don't
need
to
change
API
anymore.
So
and
in
that
case,
actually
we
we
do
have
something
if
you
have
tracked
overwriting.
A
A
For
example,
P
me
point
to
PVC
rats.
You
know
it
is
PVC,
and
you
know
it
is
no.
Actually
a
PVC
is
update
reference.
You
need
to
know
the
name
space,
there's
some
other
news,
local
reference,
because
you
don't
need
to
put
name
space.
They
will
use
the
same
and
for
our
case
a
bit
different
is.
If
we
use
local
right,
then
we
lose
the
type
information.
If
we
use
object
reference
a
little
bit
too
much
because
currently
we
don't
want
to
support
cross
names,
is
it
if
we
directly
use
object
reference
user
can't
force?
A
We
have
more
work
to
like
validates
and
tracking,
whether
it
is
process
or
not.
We
kind
of
want
to
avoid
that
in
the
first
place.
So,
as
Tim
mentioned,
we
can
add
a
new
local
optima
and
start
a
global
object
reference
though
you
can
specify
a
time
and
that
name,
we
also
have
similar
structure
in
API
I.
Think
it's
something
called
a
secret
object
so
that
secret
out
going
to
require
name
and
I
think
a
namespace.
So
so
that's
we
don't
want
to
use
the
general
object
reference,
because
it
could
contain
a
lot
of
information.
A
C
A
A
I
Guys
I
just
wanted
to
ask
about
this
too.
We're
definitely
not
targeting
cross
namespace
usage
at
first,
but
I
do
think
that
eventually
we
want
to
solve
the
problem.
Are
we
painting
ourselves
into
a
corner
with
this
design,
or
do
we
think
that
we'll
build
that
at
a
later
time,
without
paying
technical
debt
for
this?
Yes,.
A
D
Need
to
be
very
careful
about
ever
going
across,
namespaces
namespace
boundaries
exist
for
a
reason,
and
we
need
to
be
very
careful
if
we're
going
to
violate
them.
I
think
the
idea
of
having
volume,
snapshots
or
volumes
being
able
to
be
moved
across
namespaces
is
an
importance
in
ru.
It's
an
important
use
case,
but
one
that
should
require
explicit
consent
from
the
user
that
holds
that
volume
snapshot
and
the
cluster
administrator,
and
it
should
be
a
separate
operation.
Independent
of
these,
in
you
know,
snapshotting
or
any
other
volume
specific
functionality.
D
A
A
I
mean
like
their
feedback
about
this
digital,
so
no
data
source
allow
it
snapshot
so
later,
like
it
when
I
say
wrong,
we
start
working
on
Kunal
and
then
another
PVC
could
be
a
different.
Take
a
source
could
be
different
bottoms
and
might
also
use
this
if
they
can
create
a
CR
D
for
their
own.
The
source
is
also
possible.
I
I
Yeah
so
you've
you've
declared
on
your
PVC
that
the
data
source
should
be
a
particular
snapshot.
So
that's
the
intent
on
the
object
if
the
components
are
unable
in
the
beginning
to
to
achieve
that,
for
example,
the
the
snapshot
provision
or
the
snapshot
or
is
not
running
at
the
time
that
this
PVC
is
being
bound
or
something
like
that.
Could
there
be
a
situation
where
the
PVC
would
get
created
with
an
empty
content
instead
of
what
you
asked
for.
A
A
A
I
H
A
H
A
C
G
D
External
provisioner
goes
and
provisions
of
volume
that
is
not
actually
pre-populated.
I
think
that
problem
exists
for
PVCs
in
general
or
external
provisioners
in
general,
because
new
fields
can
be
added
to
the
PVC
object
that
the
external
provisioner
is
not
aware
of,
and
if
it
changes
default.
Fundamental
behavior
of
that
object,
the
old
provisioners
have
no
way
of
handling
that
correctly.
We.
I
D
A
I
relate
to
that
point.
Yes,
thank
you
yeah.
So
it's
already
past
10
I
think
we
have
someone
with
API.
They
mentioned
something
related
to
such
a
black
cycle,
because
currently
your
design
essentially
is
physically
independent
PVC.
So
if
he
BCP
me
beneath
it,
awesomesauce
is
still
there.
That's
for
someone
plugging
it
might
help
problem
because
they
are
already
big
hard.
They
need
it.
It's
natural
tonight,
not
debatable
anymore,
but
of
currently
these
I.
That's
not
considered
that
yet
so
I
think
in
the
next
phase.
We
should
definitely
address
that
problem.