Setting readOnly flag in VolumeConfig has no effect

[timemanx]

Describe the bug

When I add a volume using the controller DSL, and set the readOnly flag to true, the generated kubernetes.yml always has readOnly set to false.

Eclipse JKube version

1.18.1

Component

Kubernetes Gradle Plugin

Apache Maven version

None

Gradle version

other (please specify in additional context)

Steps to reproduce

1. Set plugin configuration in build.gradle
2. Execute k8sResource gradle task
3. Check generated kubernetes.yml in directory build/classes/java/main/META-INF/jkube/kubernetes/

Expected behavior

readOnly should be set as per the configuration in build.gradle

Runtime

Kubernetes (vanilla)

Kubernetes API Server version

1.25.3

Environment

macOS

Eclipse JKube Logs

> Task :k8sResource
k8s: Using resource templates from /Users/timemanx/IdeaProjects/jkube-test/src/main/jkube
k8s: jkube-controller: Adding a default Deployment
k8s: jkube-revision-history: Adding revision history limit to 2
k8s: validating /Users/timemanx/IdeaProjects/jkube-test/build/classes/java/main/META-INF/jkube/kubernetes/jkube-test-deployment.yml resource

Sample Reproducer Project

Here's the plugin configuration

plugins {
    id 'java'
    id 'org.eclipse.jkube.kubernetes' version '1.18.1'
}

group = 'com.example.jkube.test'
version = '1.0-SNAPSHOT'

kubernetes {
    images {
        image {
            name = "openjdk:23-jdk-slim"
            alias = "openjdk"
        }
    }
    resources {
        controller {
            volumes = [{
                name = 'scratch'
                type = 'emptyDir'
                medium = 'Memory'
                mounts = ['/var/scratch']
                readOnly = true
            }]
        }
    }
}

Generated output

---
apiVersion: v1
kind: List
items:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: jkube-test
      provider: jkube
      version: 1.0-SNAPSHOT
      group: com.example.jkube.test
      app.kubernetes.io/part-of: com.example.jkube.test
      app.kubernetes.io/managed-by: jkube
      app.kubernetes.io/name: jkube-test
      app.kubernetes.io/version: 1.0-SNAPSHOT
    name: jkube-test
  spec:
    replicas: 1
    revisionHistoryLimit: 2
    selector:
      matchLabels:
        app: jkube-test
        provider: jkube
        group: com.example.jkube.test
        app.kubernetes.io/name: jkube-test
        app.kubernetes.io/part-of: com.example.jkube.test
        app.kubernetes.io/managed-by: jkube
    template:
      metadata:
        labels:
          app: jkube-test
          provider: jkube
          version: 1.0-SNAPSHOT
          group: com.example.jkube.test
          app.kubernetes.io/part-of: com.example.jkube.test
          app.kubernetes.io/managed-by: jkube
          app.kubernetes.io/name: jkube-test
          app.kubernetes.io/version: 1.0-SNAPSHOT
        name: jkube-test
      spec:
        containers:
        - env:
          - name: KUBERNETES_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: HOSTNAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          image: openjdk:23-jdk-slim
          imagePullPolicy: IfNotPresent
          name: openjdk
          securityContext:
            privileged: false
          volumeMounts:
          - mountPath: /var/scratch
            name: scratch
            readOnly: false
        volumes:
        - emptyDir:
            medium: Memory
          name: scratch

Additional context

Not sure if this is the problem but ContainerHandler has readOnly(false) hardcoded.

jkube/jkube-kit/enricher/api/src/main/java/org/eclipse/jkube/kit/enricher/handler/ContainerHandler.java

Line 164 in dc70f97

.withReadOnly(false).build());

Gradle version: 8.10

[l3002]

@timemanx / @smart-hit , If no one else is working on this, I'm ready to take this up.