TechQA.

ROX volume mounted with readyOnly: false in container

107 views Asked by At

So I have a ROX PVC and PV that I am mounting on a pod.

While mounting on a pod, I am setting readOnly to false:

Volumes:
  test-volume:
    Type:       PersistentVolumeClaim
    ClaimName:  pvc-1
    ReadOnly:   false

When I try to write to this pod by doing kubectl exec command, it goes through while I expect it to fail as the PV is created with AccessMode ROX.

Can someone please explain how is this possible?

kubernetes persistent-volumes persistent-volume-claims
Original Q&A
1

There are 1 answers

5
Kranthiveer Dontineni On

As per kubernetes official documentation:

Kubernetes uses volume access modes to match PersistentVolumeClaims and PersistentVolumes. In some cases, the volume access modes also constrain where the PersistentVolume can be mounted. Volume access modes do not enforce write protection once the storage has been mounted. Even if the access modes are specified as ReadWriteOnce, ReadOnlyMany, or ReadWriteMany, they don't set any constraints on the volume. For example, even if a PersistentVolume is created as ReadOnlyMany, there is no guarantee that it will be read-only. If the access modes are specified as ReadWriteOncePod, the volume is constrained and can be mounted on only a single Pod.

In your case you might have not mentioned ReadOnlyMany in your accessModes of your PVC, or using some pre-existing volume as a result the restrictions are not applied to the volume and you were able to perform write operations.

As per this documentation on ROX volumes provided by Google:

Clone an existing volume which contains the data or create a new dynamic volume, populate the data and convert that volume into readOnly In your PV and PVC manifest files configure the accessModes as ReadOnlyMany

By following the above steps you will be able to achieve the desired ROX functionality. Refer to below example manifest taken from Google documentation:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: PV_NAME
spec:
  storageClassName: "STORAGE_CLASS_NAME"
  capacity:
    storage: DISK_SIZE
  accessModes:
    - ReadOnlyMany
  claimRef:
    namespace: PVC_NAMESPACE
    name: PVC_NAME
  csi:
    driver: pd.csi.storage.gke.io
    volumeHandle: DISK_ID
    fsType: FS_TYPE
    readOnly: true
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: PVC_NAMESPACE
  name: PVC_NAME
spec:
  storageClassName: "STORAGE_CLASS_NAME"
  volumeName: PV_NAME
  accessModes:
    - ReadOnlyMany
  resources:
    requests:
      storage: DISK_SIZE

Related Questions in KUBERNETES

Related Questions in PERSISTENT-VOLUMES

Related Questions in PERSISTENT-VOLUME-CLAIMS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions