Open ksudarsh00 opened 1 month ago
@ksudarsh00 Could you explain more why the ReadOnly mount could help you? As far as we know, the ReadOnly mount is still treated as a risk for the security system that concerns, so still need an exception claim to the security system.
Even assuming that read-only mount is possible for backups, you do need write access for restore?
Describe the problem/challenge you have
The CSOC team in our organisation has detected an Aquasec alert for the node-agent pod, which states that 'hostPath' volumes are mounted and have security risks in production environments.
I understand hostPath volumes are used to access data in PV when mounted to pod volumes while taking backups. Is there any way we can scope hostPath volume to a specific directory, or can we mount hostPath volumes as "ReadOnly"?
Describe the solution you'd like
Provide support in Helm Chart to mount hostPath volumes in ReadOnly mode.
Anything else you would like to add:
Environment:
velero version
):kubectl version
):/etc/os-release
):Vote on this issue!
This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.