Malicious users can populate the spec.volumeMode field of a PersistentVolumeClaim with a Volume Mode that differs from the original volume's mode to potentially exploit an as-yet-unknown vulnerability in the host operating system. This feature allows cluster administrators to prevent unauthorized users from converting the mode of a volume when a PersistentVolumeClaim is being created from an existing VolumeSnapshot instance.
UsageSee the Kubernetes Enhancement Proposal for more details on the background, design and discussions.
This feature is enabled by default and moved to GA with the Kubernetes 1.30 release. To use this feature, cluster administrators must:
VolumeSnapshot APIs with a minimum version of v8.0.1.snapshot-controller and snapshot-validation-webhook with a minimum version of v8.0.1.external-provisioner with a minimum version of v5.0.1.For more information about how to use the feature, visit the Kubernetes blog page.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4