Update 'doc/kubernetes.md'

This commit is contained in:
Râu Cao 2019-01-02 04:20:49 +00:00
parent 4a43305a35
commit 8496b19ec5
1 changed files with 11 additions and 0 deletions

View File

@ -29,4 +29,15 @@ Kubernetes before uploading them again. This is done by this script:
## Reuse a released persistent volume: ## Reuse a released persistent volume:
> When you delete a PVC, corresponding PV becomes `Released`. This PV can contain sensitive data (say credit card numbers) and therefore nobody can ever bind to it, even if it is a PVC with the same name and in the same namespace as the previous one - who knows who's trying to steal the data!
>
> Admin intervention is required here. He has two options:
>
> * Make the PV available to everybody - delete `PV.Spec.ClaimRef`, Such PV can bound to any PVC (assuming that capacity, access mode and selectors match)
>
> * Make the PV available to a specific PVC - pre-fill `PV.Spec.ClaimRef` with a pointer to a PVC. Leave the `PV.Spec.ClaimRef,UID` empty, as the PVC does not to need exist at this point and you don't know PVC's UID. This PV can be bound only to the specified PVC.
>
>
> @whitecolor, in your case you should be fine by clearing `PV.Spec.ClaimRef.UID` in the PV. Only the re-created PVC (with any UID) can then use the PV. And it's your responsibility that only the right person can craft appropriate PVC so nobody can steal your data.
https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616 https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616