Update 'doc/kubernetes.md'
This commit is contained in:
parent
4a43305a35
commit
8496b19ec5
|
@ -29,4 +29,15 @@ Kubernetes before uploading them again. This is done by this script:
|
||||||
|
|
||||||
## Reuse a released persistent volume:
|
## Reuse a released persistent volume:
|
||||||
|
|
||||||
|
> When you delete a PVC, corresponding PV becomes `Released`. This PV can contain sensitive data (say credit card numbers) and therefore nobody can ever bind to it, even if it is a PVC with the same name and in the same namespace as the previous one - who knows who's trying to steal the data!
|
||||||
|
>
|
||||||
|
> Admin intervention is required here. He has two options:
|
||||||
|
>
|
||||||
|
> * Make the PV available to everybody - delete `PV.Spec.ClaimRef`, Such PV can bound to any PVC (assuming that capacity, access mode and selectors match)
|
||||||
|
>
|
||||||
|
> * Make the PV available to a specific PVC - pre-fill `PV.Spec.ClaimRef` with a pointer to a PVC. Leave the `PV.Spec.ClaimRef,UID` empty, as the PVC does not to need exist at this point and you don't know PVC's UID. This PV can be bound only to the specified PVC.
|
||||||
|
>
|
||||||
|
>
|
||||||
|
> @whitecolor, in your case you should be fine by clearing `PV.Spec.ClaimRef.UID` in the PV. Only the re-created PVC (with any UID) can then use the PV. And it's your responsibility that only the right person can craft appropriate PVC so nobody can steal your data.
|
||||||
|
|
||||||
https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616
|
https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616
|
||||||
|
|
Reference in New Issue