This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

cc @carlory

this pr may fix #129466

I think it is a documentation issue. #31707 removed the limit.

Can you update the related comment in the code and then run make update?

#22204 added the limit but it was removed later.

/cc @thockin @jsafrane

Can you have a look?

related comments why it is removed: #31707 (comment)

I am confused about this issue - why would the mounth path - literally the directory we intend to mount the volume on - contain ":ro" or ":rw" ?

If you want to mount it read-only, we have a field for that -- it's not embedded in the string.

@thockin "a:b" is a vaild path on linux. so I think the mountPath can't contain ":" maybe not accepted.

If you want to mount it read-only, we have a field for that -- it's not embedded in the string.

Agreed. We don't support <path>:<mount option>.

some user use wrong yaml but works on docker. (k8s with docker )
when use it with containerd containerd will create a file "localtime:ro" (k8s with containerd)
So I think we can prevent to use ":ro" or ":rw"

We don't support colons in the path, or we shouldn't, because runtimes like docker do the wrong thing. Have those all been fixed? I do not think special-casing ":ro" makes a lot sense. Runtimes should fix support for colons, or not support them at all.

/sig node
/sig storage
/sig windows

cc @brendandburns @pires
Can you have a look? because you are main reviewers of #31707

What @thockin said.

Is the issue here about Windows? I don't have any first hand background here - if we needed to special case colons on Windows, to manage drive letters, I could maybe understand that. But I thought that was a solved problem already?

I think this issue is related to the windows because the constraint is removed when kubeneretes support windows nodes. And there're a lot of e2e tests and unit tests which uses c:/ as mount path's prefix.

: is valid character in windows or linux path. so it's acceptable to use it in kubernetes. We should treat it as a part of path. it doesn't represent any special meaning (i.e. mount options). It is different from docker.

The CRI standard said that the mount path is the path of the mount within the container. So the issue should be fixed in the CRI implementation, not in the kubernetes.

Runtimes should fix support for colons, or not support them at all.

+1. It should depend on the implementation of container runtime. I don't have more knowledge about docker cri since docker shim was removed from in-tree.

I don't mean to flip on this one, but it's a very long-standing issue.

My feeling is that we should do what the most commonly used runtimes support . It seems like docker has a way to mount on paths with colons via the API, now. Presumably that means containers, too. Does CRI-O?

On Windows, colon has two meanings - one is drive letters, which is obvious, but the other is file streams, which is NOT what we want. A quick Google suggests that colons are NOT allowed in directory names on Windows

If someone wants to champion this, we will need details about how each runtime supports colons as part of the analysis.