Blog Kubernetes Read Only Volumes Based On OCI Artifacts

Kubernetes Read Only Volumes Based On OCI Artifacts

August 24, 2025 Kubernetes By Crisci Solutions
kubernetesvolumessupply-chain-securityoci
  • List these 2:
  • Generate a diagram that clearly explains the flow of the image volumes: From kubectl to Kubelet to cri-o
  • Are these used to share secrets contained within OCI artifacts?
  • Document the maturity level of the feature ( 1.31/alpha, 1.33/beta )
  • How long to create my own labs? Which features would I need?
    • What about training?
    • Can I charge very little if AI helps me setup these labs/training?
    • Which features are 100% required from day one?

Introduction

Not too long ago, I had the opportunity to test this new feature as part of a spike on my current project related to supply chain security and container images software attestations.

Note: This is a living document. Check the version history above for the latest improvements and corrections.

How It Works

The following is a pod spec that deploys an echoserver which mounts itself within the /volumes/ directory

apiVersion: v1
kind: Pod
metadata:
  name: pod
spec:
  containers:
    - name: test
      image: registry.k8s.io/e2e-test-images/echoserver:2.3
      volumeMounts:
        - name: volume
          mountPath: /volume
  volumes:
    - name: volume
      image:
        reference: registry.k8s.io/e2e-test-images/echoserver:2.3
        pullPolicy: IfNotPresent

When to Use Rolling Deployments

  • Standard web applications that can handle mixed versions temporarily
  • Stateless services where session affinity isn’t critical
  • Development and staging environments
  • When you need zero downtime with minimal resource overhead

Conclusion

Start with rolling deployments for most applications - they provide the best balance of safety, resource efficiency, and simplicity. Graduate to blue-green or canary strategies as your applications become more critical and your operational maturity increases.

The key is matching your deployment strategy to your specific requirements: risk tolerance, resource constraints, and operational capabilities.

Next Steps

  1. Implement monitoring for your chosen strategy
  2. Practice rollbacks in non-production environments
  3. Automate deployment pipelines with proper gates and approvals
  4. Consider progressive delivery tools like Argo Rollouts or Flagger for advanced use cases

Remember: the best deployment strategy is the one your team can execute reliably under pressure.

v1.0.0 Last updated: January 20, 2024
Version History
v1.0.0 January 15, 2024
  • Initial version covering basic deployment strategies
  • Rolling, recreate, and blue-green deployment patterns