Skip to content

Kubernetes Volume

Kubernetes Volume is a directory, potentially containing data, that is accessible to containers within a Pod.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] It serves as an abstraction for storing data, allowing multiple containers within a Pod to share the same resources.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

Unlike standard Docker volumes, Kubernetes offers a richer set of volume types and stricter management concepts by introducing the idea of lifecycles to support data persistence across container restarts.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

Configuration

To use a volume, it must be declared in the .spec.volumes section of the Pod configuration.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] It is then mounted into a specific container path using the .spec.containers[*].volumeMounts field.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

Lifecycle and Persistence

Kubernetes classifies volumes based on their lifecycle relationship with the Pod:^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

  • Ephemeral Volumes: These volumes share the lifecycle of the Pod. They are created when the Pod is created and destroyed when the Pod is deleted.
  • Persistent Volumes: These have a lifecycle longer than that of the Pod. They ensure that data is not lost during container restarts or Pod rescheduling.

Common Volume Types

Kubernetes supports a wide variety of volume types.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

EmptyDir

An emptyDir is created when a Pod is assigned to a Node.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] It creates an empty directory that all containers in the Pod can access.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] It is commonly used for data caching and temporary storage.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

A variant based on emptyDir is the gitRepo volume, which copies data from a Git repository into the directory upon Pod initialization.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

HostPath

A HostPath mounts a file or directory from the host Node's filesystem into the Pod.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] This is useful for scenarios requiring access to Node-specific data, such as checking if a specific file exists before the Pod runs.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

Due to significant security risks, it is best practice to avoid HostPath whenever possible.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] If its use is necessary, the scope should be strictly limited to the required files or directories, ideally mounted in read-only mode.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

Network File System (NFS)

NFS allows mounting a network file system into a Pod.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] Unlike emptyDir, data in an NFS is not deleted when the Pod is removed.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] This allows data to be shared across Pods and acts as pre-populated data, often used in conjunction with cloud storage services.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

ConfigMap

A ConfigMap is used to store configuration data, such as environment variables or database initialization settings.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] It decouples configuration artifacts from image content to facilitate easier deployment.

Secrets

Secrets are similar to ConfigMaps but are specifically designed for holding sensitive information, such as user passwords or certificates.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] Data stored in a Secret is typically encoded using base64.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

PersistentVolume (PV) & PersistentVolumeClaim (PVC)

  • PersistentVolume (PV): A piece of storage in the cluster provisioned by an administrator.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] It is a cluster resource with a lifecycle independent of any Pod using it.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]
  • PersistentVolumeClaim (PVC): A request for storage by a user, similar to how Pods request Node resources (CPU/Memory).^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md] The PVC consumes the PV quota.^[400-devops-06-kubernetes-k8s-ithelp-day16-readme.md]

Sources