Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #18255 from joelsmith/master
Automatic merge from submit-queue (batch tested with PRs 18423, 18255, 18526, 18539, 18509). UPSTREAM: 58720: Ensure that the runtime mounts RO volumes read-only This is a backport of kubernetes/kubernetes#58720 This change makes it so that containers cannot write to secret, configMap, downwardAPI and projected volumes since the runtime will now mount them read-only. This change makes things less confusing for a user since any attempt to update a secret volume will result in an error rather than a successful change followed by a revert by the kubelet when the volume next syncs. **Which issue(s) this PR fixes** N/A **Release note**: ``` Containers now mount secret, configMap, downwardAPI and projected volumes read-only. ```
- Loading branch information
