diff --git a/doc/kubernetes.md b/doc/kubernetes.md
index 6ae78df..b4157e8 100644
--- a/doc/kubernetes.md
+++ b/doc/kubernetes.md
@@ -29,4 +29,15 @@ Kubernetes before uploading them again. This is done by this script:
 
 ## Reuse a released persistent volume:
 
+> When you delete a PVC, corresponding PV becomes `Released`. This PV can contain sensitive data (say credit card numbers) and therefore nobody can ever bind to it, even if it is a PVC with the same name and in the same namespace as the previous one - who knows who's trying to steal the data!
+> 
+> Admin intervention is required here. He has two options:
+> 
+>     * Make the PV available to everybody - delete `PV.Spec.ClaimRef`, Such PV can bound to any PVC (assuming that capacity, access mode and selectors match)
+> 
+>     * Make the PV available to a specific PVC - pre-fill `PV.Spec.ClaimRef` with a pointer to a PVC. Leave the `PV.Spec.ClaimRef,UID` empty, as the PVC does not to need exist at this point and you don't know PVC's UID. This PV can be bound only to the specified PVC.
+> 
+> 
+> @whitecolor, in your case you should be fine by clearing `PV.Spec.ClaimRef.UID` in the PV. Only the re-created PVC (with any UID) can then use the PV. And it's your responsibility that only the right person can craft appropriate PVC so nobody can steal your data.
+
 https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616