jkube
jkube copied to clipboard
eclipse-jkube
Setting readOnly flag in VolumeConfig has no effect
Describe the bug
When I add a volume using the controller DSL, and set the readOnly flag to true, the generated kubernetes.yml always has readOnly set to false.
Eclipse JKube version
1.18.1
Component
Kubernetes Gradle Plugin
Apache Maven version
None
Gradle version
other (please specify in additional context)
Steps to reproduce
- Set plugin configuration in build.gradle
- Execute
k8sResourcegradle task - Check generated
kubernetes.ymlin directorybuild/classes/java/main/META-INF/jkube/kubernetes/
Expected behavior
readOnly should be set as per the configuration in build.gradle
Runtime
Kubernetes (vanilla)
Kubernetes API Server version
1.25.3
Environment
macOS
Eclipse JKube Logs
> Task :k8sResource
k8s: Using resource templates from /Users/timemanx/IdeaProjects/jkube-test/src/main/jkube
k8s: jkube-controller: Adding a default Deployment
k8s: jkube-revision-history: Adding revision history limit to 2
k8s: validating /Users/timemanx/IdeaProjects/jkube-test/build/classes/java/main/META-INF/jkube/kubernetes/jkube-test-deployment.yml resource
Sample Reproducer Project
Here's the plugin configuration
plugins {
id 'java'
id 'org.eclipse.jkube.kubernetes' version '1.18.1'
}
group = 'com.example.jkube.test'
version = '1.0-SNAPSHOT'
kubernetes {
images {
image {
name = "openjdk:23-jdk-slim"
alias = "openjdk"
}
}
resources {
controller {
volumes = [{
name = 'scratch'
type = 'emptyDir'
medium = 'Memory'
mounts = ['/var/scratch']
readOnly = true
}]
}
}
}
Generated output
---
apiVersion: v1
kind: List
items:
- apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: jkube-test
provider: jkube
version: 1.0-SNAPSHOT
group: com.example.jkube.test
app.kubernetes.io/part-of: com.example.jkube.test
app.kubernetes.io/managed-by: jkube
app.kubernetes.io/name: jkube-test
app.kubernetes.io/version: 1.0-SNAPSHOT
name: jkube-test
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: jkube-test
provider: jkube
group: com.example.jkube.test
app.kubernetes.io/name: jkube-test
app.kubernetes.io/part-of: com.example.jkube.test
app.kubernetes.io/managed-by: jkube
template:
metadata:
labels:
app: jkube-test
provider: jkube
version: 1.0-SNAPSHOT
group: com.example.jkube.test
app.kubernetes.io/part-of: com.example.jkube.test
app.kubernetes.io/managed-by: jkube
app.kubernetes.io/name: jkube-test
app.kubernetes.io/version: 1.0-SNAPSHOT
name: jkube-test
spec:
containers:
- env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: metadata.name
image: openjdk:23-jdk-slim
imagePullPolicy: IfNotPresent
name: openjdk
securityContext:
privileged: false
volumeMounts:
- mountPath: /var/scratch
name: scratch
readOnly: false
volumes:
- emptyDir:
medium: Memory
name: scratch
Additional context
Not sure if this is the problem but ContainerHandler has readOnly(false) hardcoded.
https://github.com/eclipse-jkube/jkube/blob/dc70f97c69ba929a0e048f809027e6296cd7d556/jkube-kit/enricher/api/src/main/java/org/eclipse/jkube/kit/enricher/handler/ContainerHandler.java#L164
Gradle version: 8.10
@timemanx / @smart-hit , If no one else is working on this, I'm ready to take this up.
Do you have any idea when this bug will be fixed? I have the same problem. In my case, I use Maven, but the result is the same as @timemanx indicates.
