[go: nahoru, domu]
Skip to content

Commit

Permalink
Update ephemeral volumes feature state
Browse files Browse the repository at this point in the history
  • Loading branch information
@mengjiao-liu
mengjiao-liu committed Aug 7, 2023
1 parent ec447fc commit 83c61e2
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions content/en/docs/concepts/storage/ephemeral-volumes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,11 +248,10 @@ same namespace, so that these conflicts can't occur.

### Security

Enabling the GenericEphemeralVolume feature allows users to create
PVCs indirectly if they can create Pods, even if they do not have
permission to create PVCs directly. Cluster administrators must be
aware of this. If this does not fit their security model, they should
use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
Using generic ephemeral volumes allows users to create PVCs indirectly
if they can create Pods, even if they do not have permission to create PVCs directly.
Cluster administrators must be aware of this. If this does not fit their security model,
they should use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
that rejects objects like Pods that have a generic ephemeral volume.

The normal [namespace quota for PVCs](/docs/concepts/policy/resource-quotas/#storage-resource-quota)
Expand Down

0 comments on commit 83c61e2

Please sign in to comment.