Kubernetes CKA sample exam question 73 with answer

Question
Create a pod by name readonly-pod using image alpine. The process running inside pod should only have Read Only access on container’s filesystem.
Create a volume by the name my-volume and mount it at /data (inside the container).
The process running inside the container should have read & write access on the mounted volume. Also, run sleep 3600 inside the container.

Answer
Generate initial pod manifest:

kubectl run readonly-pod --image=alpine --dry-run=client -o yaml -- sleep 3600

Adjust it to match as follows:

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: readonly-pod
  name: readonly-pod
spec:
  containers:
  - args:
    - sleep
    - "3600"
    image: alpine
    name: readonly-pod
    securityContext:
      readOnlyRootFilesystem: true
    volumeMounts:
    - name: my-volume
      mountPath: /data
      readOnly: false
  volumes:
  - name: my-volume
    emptyDir: {}

Apply and check:

kubectl apply -f ro.yaml
kubectl get po readonly-pod

Test by creating a file on root filesystem:

kubectl exec -it readonly-pod -- touch /tmp/test.txt

it should report Read-only file system.
Test by creating a file on /data:

kubectl exec -it readonly-pod -- touch /data/test.txt