►
From YouTube: Kubernetes SIG Storage 20200326
Description
Kubernetes Storage Special-Interest-Group (SIG) Meeting - 26 March 2020
Meeting Notes/Agenda: https://docs.google.com/document/d/1-8KEG8AjAgKznS9NFm3qWqkGyCHmvU6HVl0sk5hwoAE/edit#heading=h.2e66yd1ccuyj
Find out more about the Storage SIG here: https://github.com/kubernetes/community/tree/master/sig-storage
Moderator: Saad Ali (Google)
A
A
A
Second,
we're
gonna
go
over
the
q1
2021
18
planning
spreadsheet
and
identify
the
end
of
quarter
doob
end
of
quarter
review
and
figure
out
what
we
were
able
to
complete
what
we
shipped
what
we
didn't
ship
and
then
in
the
next
meeting
in
two
weeks,
we're
gonna
do
q2
planning
for
the
119
release
and
then,
if
there's
any
PRS
that
need
attention
or
design
reviews,
please
stick
them
in
the
agenda
and
we'll
get
them
I
get
to
them
at
the
end.
So
jumping
right
into
it.
B
B
That's
we
would
like
to
replace
service
account
token
volumes
that
are
that
are
exposed
via
secret,
a
secret
volumes.
Today
they
have
a
number
of
improvements
over
the
secret
volumes.
They
rotate.
One
of
the
things
that
we
wanted
to
fix
during
this
transition
was
also
filed.
Permissions
so
secrets
by
default
have
world
readable
file
permissions.
B
B
C
Yeah
I
did
him:
I
had
a
chance
to
review
it
and
Michelle
sees
it
made
into
the
Cape
and
I
think
it
looks
fine.
The
only
thing
that
was
standing
out
a
little
bit
for
me
and
I
need
to
take.
B
C
B
We
are
motivated
to
solve
this
for
tokens
specifically,
so
that's
why
the
talked
about
tokens
it's
it's
actually,
not
an
entire
campus
or
section
of
the
projected
service
contact,
making
broader
changes
or
requires
a
broader
conversation.
If
the
approach
makes
sense
for
I
I
think
if
we
can
sadist
like
if
we
can
convince
ourselves
that
this
won't
break
config,
Maps
or
secrets,
it
might
be
a
viable
way
of
fixing
file.
C
B
Don't
know
if
that
and
I
mean
I
I'm
coming
from
say:
gossip
I
don't
know
whether
it
makes
sense
to
do
it
for
all
the
line
types,
because
this
will
this
would
require
writing.
Potentially
a
large
number
of
file
permissions
to
disk
do
do
we
have
plans
or
have
we
talked
about
studying
ownership
on
full
volumes
in
this
thing
before
we
already.
E
D
D
D
B
C
C
They
do,
but
it's
bit
fragile,
actually,
because
we
don't
have
a
good
mechanism
of
detecting
whether
we
should
do
that
ownership
change
or
not
for
CSI
volumes.
So
it's
like
it's
it's
based
on
a
bunch
of
heuristics,
like
you,
you'd
write
once
whether
it
is
it
has
a
first
type.
We
want
to
move
that
check
in
to
CSI
driver
object
or
be
that
that's
our
thinking
that
so
the
driver
can
opt
in
for
doing
this.
Recursive
change
permission
change.
D
Does
the
CSI
driver
have
the
hard
spec
so
that
it
could
make
a
similar
calculation,
as
is
being
discussed
here?
I
would
like
to
decouple
the
CSI
aspect
from
the
cubelet
managed
aspect.
If
we
end
up
in
a
similar
place,
where
there's
a
really
easy
way
for
a
CSI
driver
to
say,
is
there
a
consistent
you
would
that
I
can
set
permissions
to?
If
so,
do
this?
B
D
C
It
looks
good
to
me
for
so
far
the
other
one
last
thing
was
the
it
makes
changes
into
I
was
looking
into
the
implementation.
It
makes
changes
into
the
entire
volume
plug-in
all
the
it
touches,
the
plugins
that
it
shouldn't
be
touching,
but
I
think
there's
no
easy
way
to
avoid
that.
Maybe
Alice
can
be
discussed
in.
B
D
F
D
Yeah
I
agree
with
Mike.
If
we're
broadening
this
to
secret
shouldn't
config
max,
then
it
needs
a
lot
more
careful
review
and
test
coverage,
because
those
have
tons
and
tons
of
users
and
the
projected
service
account
tokens.
Any
current
users
that
are
successful
are
already
operating
with
just
single
user
permissions.
D
B
D
I
I
would
be
comfortable
with
starting
with
the
projected
tokens
and
then
because
those
already
behave
differently
than
secrets
in
convicting
ups
and
downward
api
I
would
like
those
other
aspects
to
become
consistent,
but
because
rejected
service
account,
tokens
already
differ,
and
this
is
solving
unblocking
something
that
is
necessary
to
adoptive
I.
Also
be
okay
with
doing
that
first
and
then,
with
an
eye
towards
making
the
other
three
consistent
and
then
even
longer
term,
making
the
CSI
it's
consistent.
A
E
B
B
D
If
again,
if
it's
targeting
just
projected
tokens,
then
that
is
a
beta
feature
and
we
would
be
broadening
permissions
under
certain
conditions,
so
treating
that
as
a
progression
of
an
existing
beta
feature
makes
sense
if
it
is
targeting
changing
config
maps
in
secret.
In
that
aspect,
I
would
expect
it
to
be
much
more
cautious
and
go
through
kind
of
a
alpha
like
disabled
by
default.
Let
it
get
out
there
to
get
testing
so
I
think
that's
another
reason
to
sort
of
separate
those
two
aspects
sounds.
A
B
A
Everybody
all
right,
thank
you,
Mike
thanks,
Jordan,
all
right.
So,
let's
move
on
next
item
is
IRA
planning
spreadsheet.
Let
me
start
sharing
again
so
the
goal
today
is
just
to
get
a
final
end
of
quarter
status,
update
on
the
items
that
we've
been
working
on,
so
Rob
lock,
G
a
and
of
quarter.
It's
complete
nice
work,
Yann
a
CSI
cloning
is
also
complete.
Nice
work
beyond
draw
and
John.
D
A
So
my
understanding
is
that
there
were
some
bug
fixes
done
in
the
core
code,
and
the
next
step
is
for
cloud
providers
to
go
off
and
implement
their
adaptors
I,
don't
know
what
the
status
is.
Those
adapters
is
at
the
moment,
I'm
going
to
mark
this
as
started,
and
you
can
get
a
more
of
a
status
update.
Offline
next
item
is
CSI
online
offline
resizing
fixing
issues
a
lot.
What's
the
final
status
on
this,
it's.
C
In
progress,
we
have
a
PR
open
for
communities
that
was
dropped
from
milestone,
didn't
get
enough
reviews,
but,
and
then,
but
we
are
blind
to
at
this
another
PR
for
external,
says,
external
resizes-
that
we
are
trying
to
get
this.
That
bomb
CSI
version
adds
new
fields
that
we
applying
to
ship
for
this
release,
so
it'd
be
like
today
or
tomorrow.
I
will
pushing
that
update
and
other
I
have
I
have
there's
a
project.
C
A
I
The
changes
are
complete.
We
found
a
last-minute
difference
in
the
build
process
with
Michelle
pointed
out,
so
we
are
working
to
make
it
like
other
CSI
projects
and
once
it
goes
through
we'll
release
that
we
didn't
RC,
but
that's
not
a
juror
file
and
a
disk
was
already
much
I.
Just
finally,
just
got
merged
changes
just
got
merged,
so
we
are
through
there
as
well.
Nice.
I
A
A
J
K
A
Okay,
that
sounds
good
to
me,
so
we'll
do
another
quarter
of
bug.
Fixes
will
mark
this
as
started
and
goal
here
is
to
develop,
deliver
a
high
quality
Gea.
Thank
you
both
for
your
work
on
that.
Next
item
is
non-recursive
volume,
ownership,
FS
group.
As
far
as
I
understand,
this
was
complete,
come
on.
C
A
This
is
what
Jordan
was
mentioning
when
he
said
you
know
the
generic
persistent
volume
per
mission.
Changing
code
is
super
slow
and
there
was
code
added
this
quarter.
That
would
allow
you
to
let
it
make
it
faster,
potentially
by
being
a
little
bit
smarter
about
how
it
changes
permissions.
It's
an
opt-in
thing.
A
A
A
A
A
J
Asked
Apache
is
Patrick
not
online.
Today
he
said
he
is
looking
at
the
ephemeral
voting
part
he
wanted
to
to
do
a
redesign
of
that,
so
he
I
think
he
sent
out
some
question
on
a
630
mailing
list,
but
I'm
not
familiar
with
the
history
of
that
I.
Think.
Maybe
sorry,
you
probably
know
the
existing
design
of
the
inline
volumes,
so
I
think
he
was
asking
something
about
that.
He
said
after
that
it,
after
we
figure
that
one
he
wanted
come
back
to
you,
the
street
for
design.
A
Okay,
I
think
that
might
be
a
big
project
for
next
quarter.
We
should
probably
try
to
get
clarity
on
that
in
the
next
couple
of
weeks.
I
know
ephemeral
volumes
had
some
folks
had
concerns
about
ephemeral
volumes
being
a
kubernetes
only
feature,
rather
than
something
that
CSI
supports.
Natively
I,
wonder
if
Patrick's
concerns
aligned
with
that.
A
If
so,
we
need
to
decide
what
we
want
to
do
next
for
ephemeral
volumes
for
CSI,
whether
we
want
to
redesign
it
redo
it
or
take
what
we
have
and
move
it
to
GA
and
then
apparently
that
influences
this,
so
we'll
need
to
figure
that
out
in
the
next
couple
weeks,
Thanks
Thank,
You.
Shane
next
item
is
volume
group,
ap,
I.
J
A
A
A
Again,
if
we
don't
get
kind
of
folks
to
own
these
CSI
drivers,
the
plan
is
just
to
deprecated
them.
Since
we
don't
want.
You
know
dead,
goats
just
sitting
around
and
the
plan
is
for
the
fiber
channel
multiplex
we're
going
to
go
ahead
and
deprecated.
Those
next
item
is
deprecation
of
the
kubernetes
incubator,
external
storage,
repo.
A
This
was
a
repo
where
we
just
threw
in
a
bunch
of
kind
of
side
projects
early
on
in
the
sig
and
since
then,
kubernetes
has
kind
of
evolved
to
having
a
separate
repo
for
every
single
project,
and
in
moving
towards
that,
we
want
to
deprecate
pretty
much
everything
under
kubernetes
incubator
and
get
rid
of
that
organization
altogether,
which
means
taking
the
projects
and
external
storage
and
moving
them
out
if
they
are
still
relevant.
And
so
as
I
understand.
There
are
a
couple
of
NFS
provisioners
under
external
storage.
A
A
A
A
J
A
L
A
J
F
L
It's
it's
it's
implementable.
They
asked
me
to
change
it.
A
A
M
I
saw
this
is
John
I
sought
the
review
from
the
last
recording
to
the
mailing
list
and
we're
working
right
now
to
retool
the
bucket
content
API.
So
it's
more
of
a
snapshot
of
the
class
and
yeah.
You
have
further
changes
that
came
out
of
that
meeting
so
though
the
PR
should
be
merged
by
Friday.
Oh
sorry,
my
PR
into
our
bucket
proposal
should
be
merged
in
by
Friday,
so
our
changes
will
go
on.
A
Alright,
so
this
is
an
ongoing
design.
Discussion,
Jeff
and
John
are
leading
it.
There's
good
progress
being
made
here
if
you're
interested
in
participating
in
what
the
object,
storage
API
for
kubernetes
looks
like
what
the
CSI
equivalent
force
object.
Storage
is
going
to
look
like
these
are
the
meetings
that
you
want
to
participate
in
reach
out
to
John
or
Jeff,
and
they
can
get
you
plugged
into
the
right
place.
A
A
J
I
A
J
J
Yeah,
so
so
shanti
and
I
disgusted
by
this
one-
we
started
to
do
some
prototyping
and
think
you
need
to
maybe
talk
to
you
Tim
and
just
get
some
feedback
on.
Is
this
new
design
require
changes
in
the
container
itself,
which
means
the
signal
is
also
involved
right.
It's
a
way
to
be
very
it's
a
new
entry,
API
object,
and
there
it's
very
difficult,
so
I
think
we
need
to
discuss
more
and
then
and
then
I'll
talk
to
the
API
reviewers.
We
need
to
talk
to
you
signal
it
as
well.
Okay,.
A
A
Please
attend
the
next
meeting.
That's
the
meeting
to
figure
out
what
we're
going
to
be
doing
for
the
119
release
and
you
can
suggest
items
you
can
volunteer
to
code
them.
You
can
volunteer
to
review
them
if
you've
been
sitting
on
the
sidelines,
wondering
how
you
participate
that
the
next
meeting
is
the
most
important
meeting
to
attend
all
right.
Now,
let's
go
back
to
the
agenda,
we
have
one
PR
that
needs
attention
from
Mike
Michael,
stop
sharing
my
screen
and
you
can
have
the
stage
so.