From de7a4145118b0209a04d92817f65828f6b594c05 Mon Sep 17 00:00:00 2001 From: Scott Seago Date: Wed, 9 Oct 2024 12:24:08 -0400 Subject: [PATCH] only set spec.volumes readonly if PVC is readonly for datamover Signed-off-by: Scott Seago --- changelogs/unreleased/8284-sseago | 1 + pkg/exposer/csi_snapshot.go | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/8284-sseago diff --git a/changelogs/unreleased/8284-sseago b/changelogs/unreleased/8284-sseago new file mode 100644 index 0000000000..5d07e0a521 --- /dev/null +++ b/changelogs/unreleased/8284-sseago @@ -0,0 +1 @@ +only set spec.volumes readonly if PVC is readonly for datamover diff --git a/pkg/exposer/csi_snapshot.go b/pkg/exposer/csi_snapshot.go index 908c2d9c68..5bb247ebbc 100644 --- a/pkg/exposer/csi_snapshot.go +++ b/pkg/exposer/csi_snapshot.go @@ -202,6 +202,7 @@ func (e *csiSnapshotExposer) Expose(ctx context.Context, ownerObject corev1.Obje csiExposeParam.HostingPodLabels, csiExposeParam.Affinity, csiExposeParam.Resources, + backupPVCReadOnly, ) if err != nil { return errors.Wrap(err, "error to create backup pod") @@ -442,6 +443,7 @@ func (e *csiSnapshotExposer) createBackupPod( label map[string]string, affinity *kube.LoadAffinity, resources corev1.ResourceRequirements, + backupPVCReadOnly bool, ) (*corev1.Pod, error) { podName := ownerObject.Name @@ -454,7 +456,7 @@ func (e *csiSnapshotExposer) createBackupPod( } var gracePeriod int64 = 0 - volumeMounts, volumeDevices, volumePath := kube.MakePodPVCAttachment(volumeName, backupPVC.Spec.VolumeMode, true) + volumeMounts, volumeDevices, volumePath := kube.MakePodPVCAttachment(volumeName, backupPVC.Spec.VolumeMode, backupPVCReadOnly) volumeMounts = append(volumeMounts, podInfo.volumeMounts...) volumes := []corev1.Volume{{ @@ -462,10 +464,14 @@ func (e *csiSnapshotExposer) createBackupPod( VolumeSource: corev1.VolumeSource{ PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ ClaimName: backupPVC.Name, - ReadOnly: true, }, }, }} + + if backupPVCReadOnly { + volumes[0].VolumeSource.PersistentVolumeClaim.ReadOnly = true + } + volumes = append(volumes, podInfo.volumes...) if label == nil {