Description of problem: Users have write access when the nfs volume accessmode is only ROX Version-Release number of selected component (if applicable): oc v1.0.6-86-gfc46484 kubernetes v1.1.0-alpha.0-1605-g44c91b1 How reproducible: always Steps to Reproduce: 1. create pv with accessmode is ROX oc get pv NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM REASON AGE nfs1 <none> 10Gi ROX Bound default/myclaim-1 3d 2. create pvc with accessmode is ROX oc get pvc NAME LABELS STATUS VOLUME CAPACITY ACCESSMODES AGE myclaim-1 <none> Bound nfs1 10Gi ROX 3d 3.write some data on the mounted dir oc exec nfs -ti -- bash [root@nfs /]# cd /mnt [root@nfs mnt]# ls nfs [root@nfs mnt]# cd nfs/ [root@nfs nfs]# ls hi next test world [root@nfs nfs]# touch yes [root@nfs nfs]# ls hi next test world yes Actual results: users can wirte to the mounted dir even if the volume access mode is only ROX Expected results: users should not write to the mounted dir when the volume access mode is ROX Additional info:
this is not a bug. A volume has all the capabilities of the underlying storage provider. NFS allows many clients to read/write.
If pvc only request ROX, also can write to the volume? no restriction for the PVC?
That is correct. The volume *supports* ROX but does not *enforce* ROX if that's what the PVC requests.