Support of read only mount added

.gitignore

@@ -7,3 +7,4 @@
 /bin
 /dist
 **/*.swp
+/.idea

pkg/controllers/repositoryserver/handler.go

@@ -267,7 +267,7 @@ func (h *RepoServerHandler) setCredDataFromSecretInPod(ctx context.Context, podO
 		h.Logger.Info("Setting credentials data from secret as env variables")
 		podOptions.EnvironmentVariables = envVars
 	}
-	pod, err = kube.GetPodObjectFromPodOptions(h.KubeCli, podOptions)
+	pod, err = kube.GetPodObjectFromPodOptions(ctx, h.KubeCli, podOptions)
 	if err != nil {
 		return nil, nil, err
 	}

pkg/kube/job.go

@@ -73,7 +73,8 @@ func NewJob(clientset kubernetes.Interface, jobName string, namespace string, se
 // Create creates the Job in Kubernetes.
 func (job *Job) Create() error {
 	falseVal := false
-	volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(job.vols)
+	ctx := context.TODO()
+	volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(ctx, job.clientset, job.namespace, job.vols)
 	if err != nil {
 		return errors.Wrapf(err, "Failed to create volume spec for job %s", job.name)
 	}
@@ -115,7 +116,7 @@ func (job *Job) Create() error {
 	batchClient := job.clientset.BatchV1()
 	jobsClient := batchClient.Jobs(job.namespace)
 
-	newJob, err := jobsClient.Create(context.TODO(), k8sJob, metav1.CreateOptions{})
+	newJob, err := jobsClient.Create(ctx, k8sJob, metav1.CreateOptions{})
 	if err != nil {
 		return errors.Wrapf(err, "Failed to create job %s", job.name)
 	}
@@ -125,21 +126,37 @@ func (job *Job) Create() error {
 	return nil
 }
 
-func createFilesystemModeVolumeSpecs(vols map[string]string) (volumeMounts []v1.VolumeMount, podVolumes []v1.Volume, error error) {
+func createFilesystemModeVolumeSpecs(ctx context.Context, cli kubernetes.Interface, namespace string, vols map[string]string) (volumeMounts []v1.VolumeMount, podVolumes []v1.Volume, error error) {
 	// Build filesystem mode volume specs
-	for pvc, mountPath := range vols {
+	for pvcName, mountPath := range vols {
 		id, err := uuid.NewV1()
 		if err != nil {
 			return nil, nil, err
 		}
+
+		pvc, err := cli.CoreV1().PersistentVolumeClaims(namespace).Get(ctx, pvcName, metav1.GetOptions{})
+		if err != nil {
+			return nil, nil, err
+		}
+
+		isReadOnly := false
+		for _, accessMode := range pvc.Spec.AccessModes {
+			if accessMode == v1.ReadOnlyMany {
+				isReadOnly = true
+				log.Debug().WithContext(ctx).Print("PVC will be mounted in read-only mode", field.M{"pvcName": pvcName})
+				break
+			}
+		}
+
 		podVolName := fmt.Sprintf("vol-%s", id.String())
-		volumeMounts = append(volumeMounts, v1.VolumeMount{Name: podVolName, MountPath: mountPath})
+		volumeMounts = append(volumeMounts, v1.VolumeMount{Name: podVolName, MountPath: mountPath, ReadOnly: isReadOnly})
 		podVolumes = append(podVolumes,
 			v1.Volume{
 				Name: podVolName,
 				VolumeSource: v1.VolumeSource{
 					PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{
-						ClaimName: pvc,
+						ClaimName: pvcName,
+						ReadOnly:  isReadOnly,
 					},
 				},
 			},

pkg/kube/pod.go

@@ -76,7 +76,7 @@ type PodOptions struct {
 	Lifecycle                *v1.Lifecycle
 }
 
-func GetPodObjectFromPodOptions(cli kubernetes.Interface, opts *PodOptions) (*v1.Pod, error) {
+func GetPodObjectFromPodOptions(ctx context.Context, cli kubernetes.Interface, opts *PodOptions) (*v1.Pod, error) {
 	// If Namespace is not specified, use the controller Namespace.
 	cns, err := GetControllerNamespace()
 	if err != nil {
@@ -101,7 +101,7 @@ func GetPodObjectFromPodOptions(cli kubernetes.Interface, opts *PodOptions) (*v1
 		opts.RestartPolicy = v1.RestartPolicyNever
 	}
 
-	volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(opts.Volumes)
+	volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(ctx, cli, opts.Namespace, opts.Volumes)
 	if err != nil {
 		return nil, errors.Wrapf(err, "Failed to create volume spec")
 	}
@@ -207,11 +207,13 @@ func ContainerNameFromPodOptsOrDefault(po *PodOptions) string {
 
 // CreatePod creates a pod with a single container based on the specified image
 func CreatePod(ctx context.Context, cli kubernetes.Interface, opts *PodOptions) (*v1.Pod, error) {
-	pod, err := GetPodObjectFromPodOptions(cli, opts)
+	pod, err := GetPodObjectFromPodOptions(ctx, cli, opts)
 	if err != nil {
 		return nil, errors.Wrapf(err, "Failed to get pod from podOptions. Namespace: %s, NameFmt: %s", opts.Namespace, opts.GenerateName)
 	}
 
+	log.Debug().WithContext(ctx).Print("Creating POD", field.M{"podSpec": pod.Spec})
+
 	pod, err = cli.CoreV1().Pods(pod.Namespace).Create(ctx, pod, metav1.CreateOptions{})
 	if err != nil {
 		return nil, errors.Wrapf(err, "Failed to create pod. Namespace: %s, NameFmt: %s", opts.Namespace, opts.GenerateName)