Back to all scenarios
Scenario #327
Storage
Kubernetes v1.21, Manually created PVs

Static PV Bound to Wrong PVC

A misconfigured static PV got bound to the wrong PVC, exposing sensitive data.

Find this helpful?
What Happened

Two PVCs had overlapping selectors. The PV intended for app-A was bound to app-B, which accessed restricted files.

Diagnosis Steps
  • 1Checked PV annotations: saw wrong PVC UID.
  • 2File system showed app-A data.
  • 3Both PVCs used identical storageClassName and no selector.
Root Cause

Ambiguous PV selection caused unintended binding.

Fix/Workaround
• Used volumeName field in PVCs for direct binding.
• Set explicit labels/selectors to isolate.
Lessons Learned

Manual PVs require strict binding rules.

How to Avoid
  • 1Use volumeName for static PV binding.
  • 2Avoid reusing storageClassName across different apps.
Previous ScenarioNext Scenario