kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update ephemeral volumes feature state

pull/42317/head
Mengjiao Liu 2023-08-07 10:26:13 +08:00
parent ec447fcc64
commit 83c61e229b
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
content/en/docs/concepts/storage/ephemeral-volumes.md
View File

@ -248,11 +248,10 @@ same namespace, so that these conflicts can't occur.
### Security ### Security
Enabling the GenericEphemeralVolume feature allows users to create Using generic ephemeral volumes allows users to create PVCs indirectly
PVCs indirectly if they can create Pods, even if they do not have if they can create Pods, even if they do not have permission to create PVCs directly.
permission to create PVCs directly. Cluster administrators must be Cluster administrators must be aware of this. If this does not fit their security model,
aware of this. If this does not fit their security model, they should they should use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
that rejects objects like Pods that have a generic ephemeral volume. that rejects objects like Pods that have a generic ephemeral volume.
The normal [namespace quota for PVCs](/docs/concepts/policy/resource-quotas/#storage-resource-quota) The normal [namespace quota for PVCs](/docs/concepts/policy/resource-quotas/#storage-resource-quota)