From 374a5ce545626a2d6329a49f33b6dcf4f76823e5 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Tue, 30 Apr 2019 22:47:57 +0200 Subject: [PATCH] Typo --- keps/sig-api-machinery/20180731-crd-pruning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keps/sig-api-machinery/20180731-crd-pruning.md b/keps/sig-api-machinery/20180731-crd-pruning.md index 28b8f6fe934c..4a2479eeff73 100644 --- a/keps/sig-api-machinery/20180731-crd-pruning.md +++ b/keps/sig-api-machinery/20180731-crd-pruning.md @@ -75,7 +75,7 @@ Pruning requires _structural schemas_ (as described in [KEP Vanilla OpenAPI Subs * Native Golang based resources do pruning as a consequence of the JSON unmarshalling algorithm. This is has become a fundamental behaviour of Kubernetes API semantics that CustomResources break. * Pruning enforces consistency of data stored in etcd. Objects cannot suddenly render unaccessible because unexpected data breaks decoding. -* Even if unexpected data in etcd is of the right type and does not break decoding, it has not gone through validation, and probably a admission webhook either does not exist for many CRDs or it won't have implemented pruning behaviour. Pruning at the decoding step enforces this (scenario: applying a new CR instance with new fields against a cluster with an old CRD manifest). +* Even if unexpected data in etcd is of the right type and does not break decoding, it has not gone through validation, and probably an admission webhook either does not exist for many CRDs or it won't have implemented pruning behaviour. Pruning at the decoding step enforces this (scenario: applying a new CR instance with new fields against a cluster with an old CRD manifest). * Pruning is a counter-measure to security attacks which make use of knowledge of future versions of APIs with new security relevant fields. Without pruning an attacker can prepare CustomResources with privileged fields set. On version upgrade of the cluster, these fields can suddenly become alive and lead to unallowed behaviour. ### Goals