Importing volumes with different access controls for different apps

[vrmerlin]

Describe the solution you'd like I need some apps to access an imported volume as read-only, and others to access the same data in the same Kubernetes cluster with read/write access. This doesn't appear to be possible with Trident.

Describe alternatives you've considered As I understand it, a PV can only be bound to a single PVC so I would need to use a different PV. But, Trident doesn't have the ability to create a second PV for an already imported volume.

[bswartz]

You can achieve this by setting the access mode on the PVC to RWX (ReadWriteMany) and then making the specific attachments read-only in your pod specs for the pods that should not have write access.

It's important to understand that setting the access mode to ROX does not prevent write access. ROX merely expresses that multiple nodes need at least read-only access to the same volume. To prevent write access you have to set readOnly: true in the pod spec, and that applies to volumes with all access modes.

It's also important to understand that you can only share a volume with multiple pods if you use either NFS volumes or you ensure that every pod is scheduled to the same node with a SAN volume.

[balaramesh]

@vrmerlin were you able to give this a try?

[vrmerlin]

I will try it soon as I can; sorry had some family issues come up

[vrmerlin]

Looks like that approach will work for us.