►
From YouTube: Kubernetes SIG Storage Meeting 2021-03-11
Description
Kubernetes Storage Special-Interest-Group (SIG) Meeting - 11 March 2021
Meeting Notes/Agenda: https://docs.google.com/document/d/1-8KEG8AjAgKznS9NFm3qWqkGyCHmvU6HVl0sk5hwoAE/edit#heading=h.s0wv5xgceqho
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
Moderator: Saad Ali (Google)
A
All
right
today
is
march
11
2021.
This
is
a
meeting
of
the
kubernetes
storage
special
interest
group.
As
a
reminder,
this
meeting
is
public
recorded
and
posted
on
youtube.
Let's
go
ahead
and
get
started,
so
the
agenda
doc
is
linked
on
your
calendar.
Invite
today
we're
going
to
go
over
the
121
planning
spreadsheet,
to
see
which
items
we
were
able
to
complete
in
time.
A
The
latest
deadline
was
the
code
freeze
that
just
happened
on
march
9th,
so
we
want
to
see
which
items
were
able
to
make
it
in
and
which
items
were
not
the
upcoming
deadlines
to
be
aware
of
is
march.
16
is
the
docs
deadline.
A
Meaning
you
have
to
have
a
placeholder
pr
open
just
to
say,
like
hey,
we
are
in
the
process
of
preparing
the
docs
to
let
the
release
team
know
and
then
march.
24
is
when
the
prs
must
be
ready
for
review
and
march.
24Th
is
also
the
test
freeze
and
then
the
31st
is
when
they
should
be
ready
to
merge.
That
is
when
the
docs
should
be
completed
and
moving
forward
after
the
code.
Freeze,
as
many
of
you
are
aware,
features
are
no
longer
allowed
to
be
merged.
A
So
please
let
us
know
if
you
need
to
go
through
that
and
if
you
have
anything
else
you'd
like
to
discuss
today,
please
feel
free
to
add
to
the
agenda
at
the
bottom
and
we'll
get
to
it
after
the
planning
section.
A
So
with
that,
let
me
switch
tabs
and
we
can
get
started.
So
first
item
is
delegate
fs
group
to
csi
driver
instead
of
cubelet
a
month.
B
All
right
we
have
the
we
got
some
fixes
for
that
pvc
being
deleted
where
resize
was
pending.
That
was
much.
This
is
corresponding
change
needed
in
external
resize.
That
will
merge
it
like
this
week
and
then
yeah.
So
we
did
make
some
progress
on
it,
but
yeah.
B
That
was
a
design
item
be
just
we
still.
We
have
didn't
make
a
whole
lot
of
progress
on
that
item.
To
be
honest,
we
have
we're
still
waiting
for
the
inline
pod
resizing
to
be
kind
of
come
to
a
conclusion
and
that
did
like
around
10
days
back
10
12
is
back,
so
we
will
try
and
work
on
this
item
next.
This
quarter.
B
A
A
A
Yeah,
the
item
is
issues
related
to
assuming
volumes
or
mount
points
looks
like
previous
status
was
there
are
several
pr's
open
or
a
work
in
progress
and
jing
is
helping
review
right.
D
Right,
I
think
all
the
relevant
aprs
should
be
already
merged.
E
Well,
there
is
so
I
think
there
was
a
last
cycle,
we
merged
the
pr,
and
we
had
to
revert
it
because.
D
After
it
worked
with,
it's,
not
real,
like
reopened.
E
I
forgot
no,
no
because
the
we
need,
because
we
need
to
fix
the
issue
with
that
secret
tear
down
race.
First,
before
we
can.
Okay,
we
put
in
the
fix.
A
G
E
There's
still
there's
still
changes
in
the
sidecars
right
that
are
still.
G
Outstanding,
I
was
about
to
say
that
I
I
almost
completely
implemented
that
today
and
I
have
prs
pending
for
the
metrics.
For
example,
that's
ready
for
review
in
the
external
provisioner
and
the
other
chains
that
we
discussed
are
also
implemented,
basically
just
pending
a
review
now,
so
that
that
will
be
done
soon.
G
A
G
A
Thank
you.
Patrick
next
item
is
spreading
over
volume
domains,
which
is
just
a
design
for
the
quarter.
Any
updates
on
this
shane.
F
No,
this
is
still
depending
on
the
the
next
one
is.
We
have
not
finished
the
review.
A
Cool
sounds
good.
Thank
you.
Shane
next
item
is
csi
out
of
tree
moving
iscsi
driver
fit
and
finish
image,
building
testing
cicd
documentation.
The
last
status
update
here
was
that
christians
working
on
it.
H
A
A
And
that's
christian
huffman
right!
Yes,
that's
correct!
Okay,
cool!
I
saw
a
christian
huffman
in
the
list
and
a
chris
h.
So
I
wanted
to
make
sure
all
right.
Next
item
is
move
out.
Nfs
provisioner
last
status
here
was
go
ahead.
Karen.
J
Still
need
to
do
a
little
bit
of
a
documentation,
update
and
the
helm
chart
update.
So
keep
call
this
as
working
progress.
Okay,.
A
And
same
question:
is
this
plan
to
be
wrapped
up
for
121?
Are
we
gonna
slip
this
to
122.,
so
don't
know
that
dates
for
121.
121
is.
A
A
One
and
then
same
question
for
the
nfs
client
provisioner.
That's
actually
done.
J
Okay,
I'll
make
a
couple
of
releases
now,
one
today.
A
All
right,
thank
you
very
much.
Karen
I'm
gonna
mark
that
one
it's
done
so
that
we
stop
getting
updates
on
that.
One
next
item
is
pvc
volume
snapshot
namespace
transfer?
H
A
design
this
was
a
design
that
we
were
targeting
this
corner.
We
had
a
meeting
last
week
largely
agreed
on
the
overall
design,
but
there's
some
match
cases
that
we
need
to
examine
further
and
also
some
secret
handling
that
we
need
to
plan
accordingly,
but
I
think
we
made
good
progress
on
the
design
getting
the
ball
rolling
again.
K
H
K
H
H
A
Okay,
this
was
designed
for
the
quarter,
so
we
have
plenty
of
time
here
sounds
good.
Thank
you
both
for
the
update
and
next
item
is
the
csi
volume
health
moving
to
alpha
last
status.
Here
was
pr
submitted
review
in
progress.
F
A
K
So
we
managed
to
get
the
api
proposal
approved
and
most
of
the
code
is
ready,
but
there's
the
out
of
tree
code
is
not
ready
and
I'm
working
on
that-
and
we
have
part
of
the
agreement
to
approve
the
api-
was
to
split
the
cap
into
two
with
a
one
separate
cap
addressing
how
we're
going
to
handle
backwards.
Incompatible
changes
to
the
data
source
handling
that
one
is
still
a
little
bit
up
in
the
air.
The
bottom
line
is
it
didn't
make
it
for
121.
K
A
And
are
we
putting
both
parts
of
this
into
122
or
trying
to
get
part
of
it
into
121?.
K
K
A
All
right
cool!
Thank
you.
Ben
next
item
is
open.
Sorry,
object,
storage,
api
cozy.
I
was
not
able
to
attend
the
meeting
this
week.
Any
updates
here
is
cerini
on
the
call
sid.
K
So
I
I
go
to
all
of
the
cozy
meetings
and
they're
continuing
to
update
the
design
like
we're
getting
everything's
getting
crisper
and
crisper,
but
there's
still
like
significant
changes
happening
to
the
core
parts
of
the
api.
As
we
go
over
it
and
over
it
and
prune
the
stuff
we
don't
need.
So
I
it's
hard
to
guess
like
what
the
delta
is
from,
where
we
are
to
you
know
being
ready,
but
it
it
certainly
feels
very
close
got
it.
It
did
miss
the
121
feature.
Freeze
for
the
the
kept
merge
deadline.
A
Cool
sounds
good,
and
do
you
know
if
andrew
was
there
this
week.
K
A
A
A
F
F
I
I
added
an
item.
F
A
All
right
next
item
is
need
read,
write
once
access
mode.
Chris,
are
you
on
the
call
yeah.
L
So
I
have
a
kep
pull
request
file
that
just
has
some
of
the
initial
sections
filled
out.
I
have
a
design
that
I
think
might
work
and
so
right
now
I'm
just
prototyping
it
to
like
an
end-to-end
solution
to
see
if
this
in
facts
work
and
in
fact
works,
and
then
I'm
going
to
reflect
those
changes
in
the
gap.
K
L
A
Put
it
all
in
a
single
cap,
csi
doesn't
have
its
own
cap,
got
it
and
once
you've
got
it
nailed
down
in
terms
of
the
design
that
we're
looking
for
just
go
and
propose
it
to
the
csi
community
and
get
the
ball
rolling.
There.
M
A
A
E
So
openstack
got
merged,
I
think
azure
did
not,
but
the
other
cloud
providers
are
there.
A
E
There's
a
couple
of
races
that
popped
up
and
is
under
investigation,
but
other
than
that.
The
I
think
the
only
thing
remaining
here
is
to
update
the
sidecars
with
the
various
fixtures
that
we've
been
doing
and
the
metrics.
E
A
F
Just
that
pr,
there's
a
pr
that
is
merged
other
than
that.
I
think
it's
just
the
same.
A
And
somebody
keeping
an
eye
on
adding
to
the
release,
notes.
F
A
A
B
I
think
the
feature
was
the
migration
was
turned
on
beta
and
we
have
some
caveats:
the
dark
pr
open
and
we
need
to
capture
those
the
stuff
that
fs
group
is
not
supported
in
release,
notes
and
things
like.
A
That,
okay,
thank
you
come
on
on
the
gce
side,
any
updates
yeah.
M
Okay,
yeah
I'm
here
yeah,
so
we
had
been
hoping
to
turn
gce
migration
on
by
default
in
121,
but
last
week
we
realized
that
the
mechanics
of
plumbing
through
the
cert
for
the
master
pod
was
more
complicated
than
we
thought.
So
we
did
not
get
that
figured
out
in
time
for
the
code
code
freeze.
So
that
means
it's
not
on
by
default.
1
21,
so
we're
gonna
target
turning
it
on
by
default.
In
122..
A
C
So
it
is
beta
and
it
is
on
by
default.
I
C
C
A
A
And
last
one
is
seth
fs
and
seth
rbd.
I
don't
think
we
have
any
updates
here.
A
F
Go
ahead,
so
I
yeah
I
chat
with
jane
on
some
of
the
logic
when
the
node
comes
back
again
that
we,
what
kind
of
cleanup
we
should
do
so?
Yes,
I'm
going
to
update
cap
with
that
information.
A
A
A
last
status,
update
matt's
actively
working
on
this
mat.
Any
updates
on
this.
M
Yeah,
I
missed
the
code
freeze,
but
the
changes
are
in
review,
so
I
filed
an
exception.
Fingers
crossed.
A
B
Yeah
nope
did
it
kkk,
I
don't
know
if
he's
still
working
on.
If
not,
we
might
even
need
a
new
owner.
Actually,
okay,.
F
Yeah
so
shenzhen
updated
the
cap
to
address
some
of
the
review
comments
from
api
reviewers.
So
I
think
we'll
need
to
pin
them
to
get
it
reviewed.
A
Sounds
good.
Thank
you.
Shane
next
item
is
sega
architecture.
Getting
mount
split
into
new
repos
sereni,
I
don't
think,
is
on
the
call
last
status
update
here
with
c
advisor
has
been
moved,
has
moved
to
moby
library
for
mount.
Have
a
pr
hold
on
it
once
they
merge
we'll
update.
Does
anyone
know
if
we
got
that
in
time
for.
A
121,
okay,
I'll
mark
that
as
no
update
for
now
and
then
we'll
get
an
update.
Hopefully
next
time
next
item
is
with
sig
scheduling.
Prioritization
on
volume
capacity
looks
like
pr
was
out
and
in
review
last
cycle,
did
it
make
it.
C
I
C
E
This
one
it's
merged.
Oh,
it's
margin.
F
A
Cool
all
right
next
up
is
user
id
ownership
in
config
maps
and
secrets.
A
A
This
was
designed
for
the
quarter,
so,
okay,
let's
go
ahead
and
switch
back
to
the
agenda.
Doc.
Only
item
that
we
have
on
the
agenda
is
different
volume
modes
between
source
and
target
pvcs.
Shang.
Do
you
want
to
talk
about
this.
F
F
Okay,
so,
basically,
right
now,
if
you
are,
if
you
are
doing
a
clone,
if
you
create
a
pvc
from
a
another
pvc
as
a
source
at
that
time,
we're
actually
checking
the
volume
mode.
We
don't
allow
you
to
proceed
if
there
is
a
mismatch,
but
if
the
source
is
the
snapshot,
there
is
actually
a
way
to
change
the
volume
mode.
So
you
can
either
you
create
a
pvc
visa
faster
mode.
First
take
snapshot.
F
Then
you
create
a
new
pvc
with
block
mode
use,
the
snapshot
the
source,
so
that
works
or
the
other
way
around,
and
this
is
actually
important,
important
use
cases
for
backup
software
to
use
a
change
block
tracking
to
do
efficient
backups.
F
However,
we
discovered
young
discovered.
There
is
a
potential
security
issue
that
if
if
there
are
some,
you
know
kernel
bugs,
then,
if
a
user,
if
you
use
a
mount
mount
of
this
as
a
as
a
block
mode,
he
could
have
some
corrupted
filesystem
there
and
then,
if
you
monitor
that
file
system
again
it
could
crash
the
node.
So
I
just
want
to
clarify
that
right
now.
Currently,
I
know
there
are
no
existing
cves,
so
yeah.
Currently,
everything
is
fixed
right,
so
this
is
just
an
area.
F
Young
pointed
out,
there's
a
possibility
in
the
future.
If
there
are
some
issues,
then
we
could
run
into
this
problem,
so
we
need
to
figure
out
a
way
somehow
to
control
this
with
some
permissions.
So
this
way,
backup
sort
of
software
can
still
do
this
conversion,
because
this
is
a
valid
use
case.
But
then
we
don't
want
to
let
malicious
user
to
exploit
this
potential
problem.
I
Yeah,
so
this
is
the
mainly
the
issue:
what
was
the
feedback
from
sig
security
on
this.
F
So
six
security-
they
are
saying
yeah.
This
is
it's
good
to
try
to
solve
this,
but
right
now
this
is
not
really
a
since
there
are
no
real
vulnerability,
no
current
cvs
from
the
kernel
side.
So
this
is
not
really
a.
What
do
you
say?
So
that's
why
we
actually
discussed
this
in
public
race.
It's
not
really
something
that
we
that's
like
a
high
priority.
F
We
have
to
fix
right
away,
but
definitely
this
is
something
that
we
should
try
to
prevent
any
any
potential
problem
in
the
future,
so
they're
saying
just
yeah,
so
it's
good
to
discuss
and
figure
out
a
solution.
So
the
suggestion
they
are
talking
about
is
they
they're
talking
about?
Have
a
at
the
missions,
control
that
make
a
subject
access
review
for
some
ipad
commission.
F
So
if
pvc
you
know,
if
the
pvc
being
created
from
a
or
a
snapshot
source
has
mismatched
the
volume
mode,
then
we
check
a
the
the
specific
permission.
I
think
right
now,
just
we
just
need
to
figure
out
the
details
on
how
to
do
that.
So
I'm
still
looking
at
it,
I
mean
I
don't
have
a
concrete
proposal
yet.
F
F
Snapshot
yeah
so
for
snapshot
right
so
for
I'm
not
sure
for
pvc,
but
for
snapshot
we
need
to
record.
We
need
to
save
the
volume
mode
somewhere.
So
this
way
we
can
compare
when
we
are
creating
a
pvc
front
or
in
snapshot.
We
need
to
check
when
you
compare
that
mode.
So
currently,
that's
not
there,
so
so
that
would
be
a
new
alpha
field.
So
that's
just
right
now,
of
course
we,
since
we
don't
have
the
whole
solution
here.
So
it's
not
it's
not
like.
That's.
F
F
That
will
be
like
this
will
be
like
a
new
app
feature
recently
going
through
that
and,
of
course,
the
need
to
have
corresponding
csi
changes,
and
possibly
we
also
want
to
add
a
csi
capability
so
that
csr
driver
can
tell
us
whether
they
can
support
the
conversion
or
not
because
right
now
we
don't
have
that.
F
A
How
would
the
permission
checking
work.
F
So
that
still
need
to,
we
still
need
to
figure
out.
I
I
mean
you're
talking
about
like
the
admissions
controller
right,
how
to
check
yeah.
So
I
still
need
to
figure
out
how
to
do
that.
So
I'm
still
checking
the
suggestion,
because
this
is
like
we
they're
talking
about
create
this
permission.
F
F
If
we
just
just
say
this
is
a
rule
created,
it
doesn't
make
sense,
it's
it's
not
really.
Just
a
trade.
F
It's
possible,
but
that
also,
I
think,
will
need
to
require
some
change
to
pvc
spec.
If
we
do
that,
I
think.
A
F
Volume
mode
you
can
change
the
volume
mode,
but
not
okay.
So
if
you
are,
are
you
talking
about
create
pvc
from
the
pvc?
Are
you
talking.
F
F
A
To
answer
your
question:
yes,
it
is
possible.
Basically,
it
means
that
you
know
somebody
is
taking
responsibility
of
the
rob
lock,
rather
than
continuing
to
give
it
to
a
file
system.
So
the
use
case
that
shing
is
mentioning
is
you
have
a
backup
vendor
who
wants
to
take
a
backup
of
a
snapshot?
So
they
don't
care
about
the
file
system,
they're
more
interested
in
the
raw
blocks.
A
F
Yeah,
so
the
underlying
storage
system
has
to
be
blocked,
though
right
so
right.
Okay,
yeah,
you
can
mount.
Basically,
you
have
those
two
yeah,
so
it
has
to
be
able
to
support
both
for
the
conversion
to
work,
but
even
if
it
supports
both
mode,
you
may
not
be
able
to
create
a
volume
from
another
front
snapshot
that
has
a
different
mode
depending
on
the
driver
like,
for
example,
this
is
a
hostpad
driver.
F
D
Okay
got
it.
Thank.