►
From YouTube: Kubernetes SIG Storage Meeting 2023-08-10
Description
Meeting of Kubernetes Storage Special-Interest-Group (SIG) Workgroup for Container-Storage-Interface (CSI) Implementation - 10 August 2023
Meeting Notes/Agenda: https://docs.google.com/document/d/1-8KEG8AjAgKznS9NFm3qWqkGyCHmvU6HVl0sk5hwoAE/edit#heading=h.edvqj899st16
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
Moderator: Saad Ali (Google)
A
Okay,
today
is
August
10
2023.
This
is
the
meeting
of
the
kubernetes
storage
special
interest
group.
As
a
me
as
a
reminder,
this
meeting
is
public
recorded
and
posted
on
YouTube
on
the
agenda.
We're
gonna
go
over
the
128
planning,
we're
approaching
the
end
of
the
cycle.
We're
gonna
get
status,
updates
to
see
what
landed
what
didn't
land.
The
upcoming
deadlines
here
on
the
8th
of
August
is
actually
just
passed.
Was
the
docs
deadline,
the
date
by
which
stocks
must
be
completed
and
reviewed?
A
A
So
with
that
I'm
going
to
go
ahead
and
switch
over
to
our
planning,
spreadsheet
and
start
getting
our
final
statuses
here.
For
for
this
release,
let
me
go
ahead
and
add
a
column
here
for
today.
A
A
B
A
Got
it
so
it's
pretty
much
there
I'm
gonna
mark
one
of
these
as
done
and
the
other
one
has
started
as
a
reminder
that
there's
a
little
bit
outstanding
work
there
thanks
a
lot.
Next,
we
have
provision
volumes
from
Cross,
namespace
snapshot,
PVC,
continue,
design,
work,
volume,
progress,
any
updates
on
this
one.
C
Well,
I
think
there
is
I'm
actually
not
sure
if
the
cap
has
been
updated
for
this
I
think
we
can
check,
but
yeah
I.
A
Don't
have
any
updates.
Okay
sounds
good
update
for
now.
A
All
right
next
up,
we
have
CSI
volume,
Health,
additional
metrics
and
or
events
and
end-to-end
tests
Alpha
for
this
cycle.
This
was
work
in
progress.
Last,
like
last
last
time,
we
checked
any
updates
on
this
one.
A
Okay:
next,
we
have
the
change
block.
Tracking
design
went
to
Sig
auth
for
feedback
last
time.
Anything
new
here.
D
Yes,
we
discussed
about
this
in
yesterday's
the
data
protection
group
meeting
and
they
have
a
updated
the
cap
Incorporated
with
a
new
change
such
as
plastic
off
to
use
the
token
request.
D
D
D
A
D
D
A
D
A
Folks,
next
we
have
enable
privilege
containers
for
Windows
to
replace
CSI
proxy
for
Windows
out
of
tree
any
updates
on
this
one.
F
No
updates
yet,
unfortunately,
we
are
busy
with
some
internal
priorities
and
we
haven't
had
a
chance
to
look
at
it.
We,
it
would
be
I.
I
would
like
to
understand
one
thing:
how
how
urgent
is
this
feature
at
this
point,
I
think
we
we,
we
will
probably
have
some
bandwidth
to
work
on
it
in
the
next
few
weeks,
but
I
don't
want
to
hold
off
if
there's
interest
in
other
people
working
on
this
I
I
don't
want
anybody
to
feel
like
you
know.
A
That's
a
good
question,
so
my
understanding
is
that
Windows
already
has
a
solution
which
is
the
proxy
and
it's
working.
This
is
a
nice
to
have
in
some
situations
and
I.
Think
Ben
would
argue
that
it's
that
it's
the
wrong
direction,
but
I
don't
think
it's
urgent.
So.
F
Yeah,
so
we've
been
and
I
have
had
some
discussions
around
this
I
think
I
think
we
do
see
a
path
forward
for
this.
If
I
understood
it
right,
Ben,
where
you
know
for
certain
for
certain
categories
of
plugins
at
least
it
would
make
sense
to
to
move
to
to
the
privileged
container
model,
even
if
that
doesn't
work
very
well
for
everything
and
I
think
there
are
some
benefits
to
in
in
terms
of
the
overall
architecture
as
well,
that
that
seem
to
justify
doing
the
work.
F
A
G
The
only
point
I
was
trying
to
make
earlier
is:
there
should
be
an
option
to
use
the
proxy
I.
Think
having
privileged
containers
is
great,
I.
Think.
There's
plenty
of
applications
for
pillage
containers,
I,
think
running
a
CSI
plug-in
in
a
privileged
container
is
fine.
I.
Just
think
that
for
security
reasons
it's
better
not
to
and
I
wouldn't
want
to
take
away
the
option
on
Windows
and
on
Linux
I
wish
that
there
was
an
option
to
use
a
proxy.
That's
that's
sort
of
where
I'm.
A
Coming
from
yeah
that
seems
reasonable
and
I
think
whatever
we
decide
on
how
exactly
that
option
would
get
surfaced
we
should
think
about.
If
we
do
this
in
the
future,
a
proxy
for
your
Linux.
What
that
would
look
like
and
make
sure
those
apis
would
align?
Is
it
a
per
CSI
driver
option?
Is
it
something
that
kubernetes
or
we
said
on
the
kubernetes
side,
Etc
and
whatever
we
decide?
Hopefully,
we
can
carry
forward
to
Linux
in.
G
The
future
we
have
like
over
a
hundred
CSI
drivers
right
and
most
of
them
will
never
never
change
to
except
using
a
proxy.
So
it
would
have
to
be
some
sort
of
an
option
where
you
can
say.
Look
if
you
wanna,
if
you
want
to
run
your
CSI
plug-in
in
a
mode
where
it's
not
privileged,
and
it's
Outsourcing
all
of
its
privileged
operations
to
this
proxy
thing,
then
you
can
do
that.
A
G
No,
no,
you
could
never
leave
this
up
to
an
Avenue.
It
would
be
like
for
a
story
for
a
storage
vendor
that
wanted
to
make
their
driver
more
secure,
yeah.
They
could
run
it
non-privileged
and
Outsource
all
their,
but
that's
like
a
ton
of
code
changes.
You
have
to
do
right.
You
have
to
remove
all
your
eyes
because
he
called
all
your
NFS
code,
all
your
Mount
code
and
push
it
to
something
external.
C
G
G
G
You
don't
put
there
so
like
this
is
like
there's
a
handful
of
operations
that
require
elevated
privilege
and
if
you
can
centralize
those
in
one
code
base
and
have
everyone
share
it
and
everyone
contribute
to
like
debugging
it,
and
you
know
maintaining
it
then
like
that's
way
easier
to
audit
than
all
of
the
node
plugins
of
all
of
the
CSI
drivers.
Even
if
they're
open
source
right,
some
of
them
aren't
even
open
source
and
there's
no
way
to
to
know
what's
going
on
there,
but
even
the
open
source
ones.
They're
too
big.
G
It
would
be
easier
to
audit
some
small
thing.
That's
only
you
know
a
thousand
lines,
and
just
just
as
a
few
I
mean
I,
don't
know,
depending
on
how
many
features
you
put
in
there
might
it
might
grow
to
be
larger,
but
ideally
you
could
have
one
that
just
does
the
very
very
common
things
like
mounting.
Attaching
iSCSI
devices
you
know,
and
maybe
some
NFS
stuff
I.
G
So
we
would
have
to
pick
the
ones
where
the
bang
was.
The
value
was
worth
it
right.
You
get
enough
bang
for
your
buck.
On
that.
You
know.
If
there's
one
driver
that
has
one
weird
proprietary
protocol,
we
say
sorry,
you
know
you're
stuck
doing
your
own
thing,
but
for
the
ones
where
there's
a
lot
of
commonality
and
and
the
really
big
one
is
mounting
right.
G
The
the
reason
that
the
kubernetes
docs
say
You
must
run
your
node
privilege,
your
node
pod
privilege
is
because
you
need
to
be
able
to
do
mounts
with
like
with
propagation,
and
there
is
no
way
to
Grant
an
unprivileged
pod.
The
ability
to
do
mounts
with
propagation.
F
Got
it
so
I
mean
I
think
there
are
a
couple
of
things
there
that
I
heard,
which
were
interesting.
One
was
that
you
said
that
if
you
decide
to
do
this,
then
it
may
be
a
good
idea
to
do
it
in
a
way
that
you
know
the
Linux
proxy,
if
it's
ever
developed
ends
up
having
a
similar
architecture
or
interface
or
or
something
like
that.
So,
if
that's
the
case
then
do
we
need
to
have
like
a
broader
discussion
around
what
what
this
entails.
F
Like
you
know,
if
what
are
we
talking
about
in
terms
of
where
are
we
drawing
the
lines
in
terms
of
what
should
be
part
of
the
windows
privilege
container
and
what
should
not
be?
Is
that
something
that's
spelled
out
clearly
already
or
or
no.
F
So
what
about
the
windows
side
of
it,
though,
like
how
many
are
there?
Are
there
customers
who
have
indicated
interest
in
this,
because
I
think
I
personally
have
not
heard
of
anybody,
come
to
us
and
say
that
we
would
be
really
interested
in
this?
We
thought
that
this
was
an
interesting
project
and,
and
it
had
some
some,
you
know
relevance
to
what
we
are
doing
in
the
CSI
driver
side
at
AWS.
F
So
that's
why
we
were
looking
at
it,
but
but
I'm
curious
to
understand
what
is
like
the
the
big
use
case
that
we
are
trying
to
address
through
it.
So.
E
F
Right,
right
and
and
I
think
that
has
been
our
experience
as
well,
that
using
the
CSI
proxy
is
a
bit
of
a
you
know
in
terms
of
maintainability.
It's
a
harder
thing
to
do,
partly
because
of
the
version
SKU
that
you
mentioned,
but
also
just
the
way
it
integrates
or
into
the
overall
CSI
driver
implementation
is
not
very
it's
not
very
I,
don't
know
clean
I
guess
so.
G
C
G
Okay,
I
get
I,
I,
guess
my
vision
of
a
proxy
is,
it
is
running
a
pod,
it's
just
it's
running
a
privileged
pod
and
and
then
the
regular
node
plug-in
doesn't
need
to
be
privileged
anymore.
C
I
guess
with
privilege,
I
forget
is
privileged
a
per
container
setting
or
is
it
a
per
pod
setting.
E
F
So
I
mean,
like
I,
said:
I
think
this
is
something
that
we
are
interested
in.
Doing
I,
don't
see
a
strong
customer
use
case
and
I
was
also
a
little
bit
confused
by
a
blog
post
that
I
just
linked
to
a
little
while
back
in
the
chat
window,
which
said
something
about
the
fact
that
host
process
containers,
which
is
the
windows
equivalent
to
Linux
privileged
containers,
is
finally
GA
in
kubernetes,
126
and
I
was
I.
I
was
wondering
how
that
work
ties
into
the
work
that
we
are
talking
about
for
the
privileged
containers.
So.
A
So
I
think,
let's
keep
the
this
meeting
moving
overall,
it
sounds
like
this
is
an
interesting
topic.
We're
likely
not
going
to
get
to
it
in
the
128
time
frame.
Yes,.
A
That
we'll
cut
this
to
129
and
continue
the
discussion
and
my
guess
is
we'll
probably
end
up
doing
both
if
we
have
the
Cycles
to
do
both
on
the
window
side
and
on
the
Linux
side.
So
let's
continue
the
discussion.
Okay,.
A
Right
for
the
update
next,
we
have
SC
Linux
relabeling
using
mapped
options.
Csi
driver
API
changes
beta
on
by
default
again
yeah.
Any
updates
on
this
one.
H
So,
okay,
so
in
128
everything
is
done
in
127,
I
reported
the
fix,
but
the
feature
is
disabled
by
default
and
I'm
not
sure
I'm
going
to
enable
it
ever
by
default.
So
here
1.8
is
done.
Basically.
A
A
And
these
two
are
for
the
130
release
we're
going
to
skip
over
that.
Then
we've
got
the
ceph
RBD,
it's
ffs
migrations.
A
Any
status
updates
on
these
looks
like
code
was
merged
in
docs
PR
in
review.
Did
the
docs
PRS
get
merged
here.
A
D
A
Okay:
next,
we
have
better
default
storage
class.
Moving
to
GA
this
cycle
looks
like
docs:
PR
was
merged,
placeholder
blog
PR
was
created.
Anything
left.
A
And
then
quality
of
service
for
volumes
Sonny,
you
want
to
give
an
update
on
this
one.
E
Yeah,
so
the
CSI
spec
is
finally
merged,
so
I
think
we
can
start
implementation.
I
see
a
few
people
assign.
The
task
is
also
on
this
call,
which
is
an
FYI.
A
Ahead
and
Mark
I
guess
this
is
partially
completed.
It's
not
Alpha.
A
A
A
So
I'm
going
to
mark
this
as
started,
but
not
done.
A
A
A
Get
it
moved
over
to
the
next
cycle
all
right.
Next,
we
have
Sig
apps
volume.
Expansion
for
stateful
sets
any
update
on
this
one.
B
A
Got
it?
Oh
thanks
for
the
update
hemant,
so
we'll
get
this
moved
over
to
the
next
cycle
as
well.
Next
is
non-graceful
node
shutdown.