From 04f00d55665cf395ef72cb03ec4ce5fa5f5dd5d5 Mon Sep 17 00:00:00 2001 From: Raunak Pradip Shah Date: Thu, 5 May 2022 14:57:49 +0530 Subject: [PATCH] Address latest comments --- ...5-18-prevent-unauthorised-volume-mode-conversion.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/blog/_posts/2022-05-18-prevent-unauthorised-volume-mode-conversion.md b/content/en/blog/_posts/2022-05-18-prevent-unauthorised-volume-mode-conversion.md index a66f5ca4c8..31d8e36795 100644 --- a/content/en/blog/_posts/2022-05-18-prevent-unauthorised-volume-mode-conversion.md +++ b/content/en/blog/_posts/2022-05-18-prevent-unauthorised-volume-mode-conversion.md @@ -43,9 +43,9 @@ It is upto the cluster administrator to provide these rights only to trusted use or applications, like backup vendors. If the alpha feature is [enabled](https://kubernetes-csi.github.io/docs/) in -`snapshot-controller` and `external-provisioner`, then unauthorised users will -not be allowed to modify the volume mode of a PVC when it is being created from -a `VolumeSnapshot`. +`snapshot-controller`, `snapshot-validation-webhook` and `external-provisioner`, +then unauthorised users will not be allowed to modify the volume mode of a PVC +when it is being created from a `VolumeSnapshot`. To convert the volume mode, an authorised user must do the following: @@ -98,8 +98,8 @@ spec: Repeat steps 1 to 3 for all `VolumeSnapshotContents` whose volume mode needs to be converted during a backup or restore operation. -If the above annotation is present on a `VolumeSnapshotContent` object, -Kubernetes will not prevent the volume mode from being converted. +If the annotation shown in step 4 above is present on a `VolumeSnapshotContent` +object, Kubernetes will not prevent the volume mode from being converted. Users should keep this in mind before they attempt to add the annotation to any `VolumeSnapshotContent`.