I was banging my head against the wall trying to figure out why my K8s configmap was ignoring my file permission settings and injecting a read-only version into the container. What was stranger was that it worked in my personal environment and not in the new one I set up for myself in the Windriver integration lab.
Well it turns out that there is a version difference between the 2 environments and this is exactly what the issue is. In the 1.8.9 version of K8s, a fix went in that ensures all configmaps, secrets,
My personal environment is running K8s 1.8.5 and the Windriver environment K8s 1.8.10
Fix impact:
Secret, configMap, downwardAPI and projected volumes will be mounted as read-only volumes. Applications that attempt to write to these volumes will receive read-only filesystem errors. Previously, applications were allowed to make changes to these volumes, but those changes were reverted at an arbitrary interval by the system. Applications should be re-configured to write derived files to another location.
Here is the bug that led me to the discovery: https://github.com/coreos/bugs/issues/2384
The commit: https://github.com/kubernetes/kubernetes/issues/60814
And the changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.8.md#changelog-since-v188
This was the ticket I was working at the time and I know that SO has a similar problem where the container is trying to modify/move a file/directory that is injected via configmap.
OOM-900 - Getting issue details... STATUS
Here is the code. Note that setting the defaultMode: or mode: of a volume to something that is writeable isn't being honored anymore.
https://gerrit.onap.org/r/#/c/42325/