Podman: readonly mount is not supported in kubernetes yaml
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind feature
Description
At the moment a setting like readonly: true is ignored for a mount in a kubernetes yaml.
I found out that it seems to be supported for a cli run: https://github.com/containers/podman/pull/6380
Steps to reproduce the issue:
spec:
hostname: dns
restartPolicy: always
containers:
- image: ...
name: ...
volumeMounts:
- name: dnsovertls-config
mountPath: /etc/unbound/unbound.conf
readonly: true <------------------------------
volumes:
- name: dnsovertls-config
hostPath:
path: /srv/podman/dns/dnsovertls/config/unbound.conf
type: File
Describe the results you received:
The container is still able to write in a file.
Describe the results you expected:
The container should not be able to change a file on the host.
Output of podman version:
podman version 2.0.6
x70b1
All 5 comments
Thanks for opening the issue, @x70b1!
@ashley-cui, do you have cycles to tackle the issue?
vrothberg
on 7 Sep 2020
@vrothberg i'll take a stab at it
ashley-cui
on 8 Sep 2020
@ashley-cui Thanks a lot for your work.
I have a note here:
In my initial request I used readonly in the yaml tree.
But the Kubernetes docs call it readOnly.
Should this be fixed? Sorry if this creates work again.
But if podman would be compatible to the kubernetes pod yaml that woud be cool for the future.
x70b1
on 11 Sep 2020
@x70b1 both readonly and readOnly work with this fix
ashley-cui
on 11 Sep 2020
Oh, awesome! Thx!
x70b1
on 11 Sep 2020
Related issues
hong-duc
路
3Comments
pkubatrh
路
4Comments
yangm97
路
5Comments
bbros-dev
路
5Comments
SergeyBear
路
4Comments