From 61f6375a1ae07beae60b5542c41b4e376a9218aa Mon Sep 17 00:00:00 2001 From: Maximilian Linhoff Date: Thu, 2 Apr 2026 12:37:31 +0200 Subject: [PATCH] Allow mounting persistentVolumes as readOnly --- charts/rucio-daemons/Chart.yaml | 2 +- charts/rucio-daemons/templates/abacus-deployment.yaml | 1 + charts/rucio-daemons/templates/automatix-deployment.yaml | 1 + charts/rucio-daemons/templates/cache-consumer-deployment.yaml | 1 + charts/rucio-daemons/templates/conveyor-deployment.yaml | 1 + charts/rucio-daemons/templates/dark-reaper-deployment.yaml | 1 + charts/rucio-daemons/templates/hermes-deployment.yaml | 1 + charts/rucio-daemons/templates/hermes-legacy-deployment.yaml | 1 + charts/rucio-daemons/templates/judge-deployment.yaml | 1 + charts/rucio-daemons/templates/minos-deployment.yaml | 1 + charts/rucio-daemons/templates/necromancer-deployment.yaml | 1 + charts/rucio-daemons/templates/oauth-manager-deployment.yaml | 1 + charts/rucio-daemons/templates/reaper-deployment.yaml | 1 + .../rucio-daemons/templates/replica-recoverer-deployment.yaml | 1 + charts/rucio-daemons/templates/transmogrifier-deployment.yaml | 1 + charts/rucio-daemons/templates/undertaker-deployment.yaml | 1 + charts/rucio-server/Chart.yaml | 2 +- charts/rucio-server/templates/deployment.yaml | 1 + 18 files changed, 18 insertions(+), 2 deletions(-) diff --git a/charts/rucio-daemons/Chart.yaml b/charts/rucio-daemons/Chart.yaml index 764bc80..ba6d887 100644 --- a/charts/rucio-daemons/Chart.yaml +++ b/charts/rucio-daemons/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-daemons -version: 39.0.0 +version: 39.0.1 apiVersion: v1 description: A Helm chart to deploy daemons for Rucio keywords: diff --git a/charts/rucio-daemons/templates/abacus-deployment.yaml b/charts/rucio-daemons/templates/abacus-deployment.yaml index e7f022f..20f6e58 100644 --- a/charts/rucio-daemons/templates/abacus-deployment.yaml +++ b/charts/rucio-daemons/templates/abacus-deployment.yaml @@ -152,6 +152,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey .component_values "hostPathMounts" | ternary .component_values.hostPathMounts .Values.hostPathMounts) .component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/automatix-deployment.yaml b/charts/rucio-daemons/templates/automatix-deployment.yaml index daeae23..67b94aa 100644 --- a/charts/rucio-daemons/templates/automatix-deployment.yaml +++ b/charts/rucio-daemons/templates/automatix-deployment.yaml @@ -159,6 +159,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/cache-consumer-deployment.yaml b/charts/rucio-daemons/templates/cache-consumer-deployment.yaml index 28c2b7a..5dfc42e 100644 --- a/charts/rucio-daemons/templates/cache-consumer-deployment.yaml +++ b/charts/rucio-daemons/templates/cache-consumer-deployment.yaml @@ -140,6 +140,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/conveyor-deployment.yaml b/charts/rucio-daemons/templates/conveyor-deployment.yaml index 50f77a1..ee1f9d6 100644 --- a/charts/rucio-daemons/templates/conveyor-deployment.yaml +++ b/charts/rucio-daemons/templates/conveyor-deployment.yaml @@ -152,6 +152,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey .component_values "hostPathMounts" | ternary .component_values.hostPathMounts .Values.hostPathMounts) .component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/dark-reaper-deployment.yaml b/charts/rucio-daemons/templates/dark-reaper-deployment.yaml index aab14cb..22e4d55 100644 --- a/charts/rucio-daemons/templates/dark-reaper-deployment.yaml +++ b/charts/rucio-daemons/templates/dark-reaper-deployment.yaml @@ -154,6 +154,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/hermes-deployment.yaml b/charts/rucio-daemons/templates/hermes-deployment.yaml index 1447fe3..2db6e79 100644 --- a/charts/rucio-daemons/templates/hermes-deployment.yaml +++ b/charts/rucio-daemons/templates/hermes-deployment.yaml @@ -154,6 +154,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/hermes-legacy-deployment.yaml b/charts/rucio-daemons/templates/hermes-legacy-deployment.yaml index 6b3cf71..9296f93 100644 --- a/charts/rucio-daemons/templates/hermes-legacy-deployment.yaml +++ b/charts/rucio-daemons/templates/hermes-legacy-deployment.yaml @@ -154,6 +154,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/judge-deployment.yaml b/charts/rucio-daemons/templates/judge-deployment.yaml index 8518f7b..dea009b 100644 --- a/charts/rucio-daemons/templates/judge-deployment.yaml +++ b/charts/rucio-daemons/templates/judge-deployment.yaml @@ -152,6 +152,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey .component_values "hostPathMounts" | ternary .component_values.hostPathMounts .Values.hostPathMounts) .component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/minos-deployment.yaml b/charts/rucio-daemons/templates/minos-deployment.yaml index 36815b2..1596fcd 100644 --- a/charts/rucio-daemons/templates/minos-deployment.yaml +++ b/charts/rucio-daemons/templates/minos-deployment.yaml @@ -152,6 +152,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey .component_values "hostPathMounts" | ternary .component_values.hostPathMounts .Values.hostPathMounts) .component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/necromancer-deployment.yaml b/charts/rucio-daemons/templates/necromancer-deployment.yaml index e9c91a0..958d29d 100644 --- a/charts/rucio-daemons/templates/necromancer-deployment.yaml +++ b/charts/rucio-daemons/templates/necromancer-deployment.yaml @@ -154,6 +154,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/oauth-manager-deployment.yaml b/charts/rucio-daemons/templates/oauth-manager-deployment.yaml index 6dff395..0a5c7f3 100644 --- a/charts/rucio-daemons/templates/oauth-manager-deployment.yaml +++ b/charts/rucio-daemons/templates/oauth-manager-deployment.yaml @@ -149,6 +149,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/reaper-deployment.yaml b/charts/rucio-daemons/templates/reaper-deployment.yaml index 05407d5..8d64772 100644 --- a/charts/rucio-daemons/templates/reaper-deployment.yaml +++ b/charts/rucio-daemons/templates/reaper-deployment.yaml @@ -154,6 +154,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/replica-recoverer-deployment.yaml b/charts/rucio-daemons/templates/replica-recoverer-deployment.yaml index e8230ff..c56fe0b 100644 --- a/charts/rucio-daemons/templates/replica-recoverer-deployment.yaml +++ b/charts/rucio-daemons/templates/replica-recoverer-deployment.yaml @@ -155,6 +155,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/transmogrifier-deployment.yaml b/charts/rucio-daemons/templates/transmogrifier-deployment.yaml index 0c5b616..0deb6ae 100644 --- a/charts/rucio-daemons/templates/transmogrifier-deployment.yaml +++ b/charts/rucio-daemons/templates/transmogrifier-deployment.yaml @@ -154,6 +154,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-daemons/templates/undertaker-deployment.yaml b/charts/rucio-daemons/templates/undertaker-deployment.yaml index fbbbb6d..3d14a60 100644 --- a/charts/rucio-daemons/templates/undertaker-deployment.yaml +++ b/charts/rucio-daemons/templates/undertaker-deployment.yaml @@ -149,6 +149,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple (hasKey $component_values "hostPathMounts" | ternary $component_values.hostPathMounts .Values.hostPathMounts) $component_values.extraHostPathMounts }} {{- range $key, $val := $collection }} diff --git a/charts/rucio-server/Chart.yaml b/charts/rucio-server/Chart.yaml index ae9c0fd..761cb6d 100644 --- a/charts/rucio-server/Chart.yaml +++ b/charts/rucio-server/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-server -version: 39.0.0 +version: 39.0.1 apiVersion: v1 description: A Helm chart to deploy servers for Rucio keywords: diff --git a/charts/rucio-server/templates/deployment.yaml b/charts/rucio-server/templates/deployment.yaml index 98c3d1e..8d64d21 100644 --- a/charts/rucio-server/templates/deployment.yaml +++ b/charts/rucio-server/templates/deployment.yaml @@ -214,6 +214,7 @@ spec: {{- range $key, $val := .Values.persistentVolumes }} - name: {{ $key }} mountPath: {{ $val.mountPath }} + readOnly: {{ $val.readOnly | default false }} {{- end}} {{- range $collection := tuple .Values.hostPathMounts }} {{- range $key, $val := $collection }}