3

I have a persistent volume that has read/write access on one specific node.

How can I mount this persistent volume on all other nodes as read only?

Here is what I was thinking, in my pvc.yaml:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # This name uniquely identifies the PVC. This is used in deployment.
  name: public-pv-claim
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
    - ReadOnlyMany
  resources:
    # This is the request for storage. Should be available in the cluster.
    requests:
      storage: 1Gi

and in the specific node

      ...
      volumes:
      - name: public
        # This volume is based on PVC
        persistentVolumeClaim:
          # Name of the PVC created earlier
          claimName: public-pv-claim
      containers:
      - name: specific
        # Volume mounts for this container
        volumeMounts:
        # Volume 'public' is mounted to path '/public'
        - name: data
          mountPath: "/public"
        ...

and for pods of other nodes:

      ...
      volumes:
      - name: public
        # This volume is based on PVC
        persistentVolumeClaim:
          # Name of the PVC created earlier
          claimName: public-pv-claim
      containers:
      - name: other
      ...
      volumeMounts:
      - name: public
        mountPath: "/public"
        readOnly: true
      ...
Ouss
  • 2,912
  • 2
  • 25
  • 45
  • What storage system do you use? – Jonas Sep 01 '21 at 19:05
  • Specifying `readOnly: true` in `volumeMounts` in `Pod` specification is the correct approach. Do you experience any issue with it ? This can be specified only in mount options as access modes in PV or PVC definition have completely different function. – mario Sep 02 '21 at 15:48
  • @Jonas. minio.. – Ouss Sep 02 '21 at 17:59
  • @mario yes i use readOnly: true for volumeMounts in Pods as shown in the last snippet of the configuration yaml file i use for pods. – Ouss Sep 02 '21 at 18:02
  • I think i am getting closer to a good solution by setting accessModes: - ReadWriteMany for the Persistent Volume and readOnly: true for volumeMounts in Pods... very similar to my initial thought... if everything worked well i will post it as an answer – Ouss Sep 02 '21 at 18:03
  • I think Minio only is Object Storage. Does it support Block Storage as Persistent Volumes? – Jonas Sep 02 '21 at 18:25
  • I am using the minio kubernetes plugin. https://docs.min.io/minio/k8s/reference/minio-kubectl-plugin.html it seems to me that supports block storage as persistent volumes out of the box. – Ouss Sep 02 '21 at 18:33
  • @Oussama, any updates ? Have you finally managed to make it work the way you need ? – mario Sep 14 '21 at 19:28
  • Yes I kind of did... I will write the solution I found in an answer... – Ouss Sep 15 '21 at 10:39

1 Answers1

5

The solution I found was to give the persistance volume the "ReadWriteMany" access modes: and then mount it with readOnly set to true in the definition of mounted volumes. Here are the .yaml files..

The persistent volume claim... pvc.yaml:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # This name uniquely identifies the PVC. This is used in deployment.
  name: public-pv-claim
  namespace: default
spec:
  accessModes:
    - ReadWriteMany # All nodes have read/write access to the volume
  resources:
    # This is the request for storage. Should be available in the cluster.
    requests:
      storage: 1Gi

and in the specific node that should be allowed to write to the volume container_write_access_to_pv.yaml:

  ...
  volumes:
  - name: public
    # This volume is based on PVC
    persistentVolumeClaim:
      # Name of the PVC created earlier
      claimName: public-pv-claim
  containers:
  - name: specific
    # Volume mounts for this container
    volumeMounts:
    # Volume is mounted to path '/public'
    - name: data
      mountPath: "/public"
    ...

and for pods of other nodes that should have write only access: container_with_read_only_access_to_pv.yaml:

  ...
  volumes:
  - name: public
    # This volume is based on PVC
    persistentVolumeClaim:
      # Name of the PVC created earlier
      claimName: public-pv-claim
  containers:
  - name: other
  ...
  volumeMounts:
  - name: public
    # Volume is mounted to path '/public' in read-only mode
    mountPath: "/public"
    readOnly: true
  ...
Ouss
  • 2,912
  • 2
  • 25
  • 45