Kubernetes 1.30: Read-only volume mounts can be finally literally read-only

- Read-only volume mounts in Kubernetes are not fully read-only due to sub-mounts remaining writable. - Kubernetes 1.30 introduces the "recursiveReadOnly" mount option to enforce recursive read-only behavior. - This option requires Kubernetes v1.30 with the RecursiveReadOnlyMounts feature gate enabled. - The feature also necessitates specific versions of containerd, runc, or crun, and a Linux kernel version of 5.12 or later. - To enable recursive read-only mounts, set both "readOnly" and "recursiveReadOnly" to "true" in the pod specification. - "recursiveReadOnly" does not replace "readOnly" but is used in conjunction with it. - The feature is currently in alpha and is expected to be promoted to beta and general availability in future Kubernetes releases. - The default value of "recursiveReadOnly" remains "Disabled" for backward compatibility. - More information on recursiveReadOnly mounts is available in the Kubernetes documentation. - Users are encouraged to join the SIG Node community for further engagement and feedback on this feature.