Introduction to Kubernetes Volumes

-

 


Persist and share data in Kubernetes

Containers are ephemeral by nature. Any data written to a container’s filesystem is lost when the container restarts or the Pod is rescheduled. Kubernetes volumes solve this problem by providing directories that are mounted into containers and backed by different storage media.

What Is a Volume?

From a container’s perspective, a volume is just a directory.
What changes between volume types is:

  • How the directory is created
  • Which storage backend is used
  • How long the data lives

As the Kubernetes documentation summarizes it: volumes are directories, possibly with data, that are accessible to containers in a Pod.

How Volumes Are Defined

Using volumes is always a two-step process:

  1. Declare volumes at the Pod level

    spec:
  volumes:
    - name: my-volume
      emptyDir: {}

  2. Mount volumes inside containers

    spec:
  containers:
    - name: app
      volumeMounts:
        - name: my-volume
          mountPath: /data

The volume name must match between volumes and volumeMounts.

Volumes such as PersistentVolumes, ConfigMaps, and Secrets must already exist before the Pod is created.

Volume Lifecycle Overview

  • Volumes live outside the container
  • Some volumes follow the Pod lifecycle
  • Others outlive Pods and even container restarts
  • Storage backends can be local, cloud-based, or network-attached

Common Kubernetes Volume Types

Volume TypeWhen to Use
emptyDirTemporary storage inside a Pod. Data is deleted when the Pod is terminated.
localPersistent storage tied to a specific node. Requires node affinity. Preferred over hostPath.
PersistentVolumeDurable storage backed by cloud or on‑prem storage. Can be statically or dynamically provisioned.
ConfigMapInject configuration data into Pods without hard‑coding values.
SecretInject sensitive data (tokens, passwords, keys) securely into Pods.

emptyDir

  • Created when the Pod starts
  • Deleted when the Pod stops
  • Shared between containers in the same Pod
  • Useful for:
    • Scratch space
    • Temporary files
    • Inter-container data sharing

local Volumes

  • Stored on a specific node
  • Data survives Pod restarts
  • Data does not survive node failure
  • Requires:
    • PersistentVolume
    • PersistentVolumeClaim
    • Node affinity

hostPath is discouraged due to security risks. local volumes are the recommended alternative.

Persistent Volumes (PV & PVC)

Persistent Volumes abstract storage from Pods.

Static provisioning

  • Admin creates the PV first
  • Pod claims it using a PVC

Dynamic provisioning

  • Pod creates a PVC
  • Kubernetes provisions the PV automatically

Supported by many backends:

  • AWS EBS / EFS
  • GCP Persistent Disks
  • Azure Disks
  • NFS
  • CSI drivers

ConfigMaps and Secrets as Volumes

Both can be mounted as files:

  • Each key becomes a file
  • File content equals the value
  • Ideal for configuration and credentials

Advantages:

  • No hard-coded values
  • Easy updates
  • Environment-specific configuration

Storage Backends and CSI

Kubernetes supports many storage backends and allows custom ones via CSI (Container Storage Interface).

CSI enables:

  • Custom storage drivers
  • Vendor-neutral integrations
  • Dynamic provisioning support

If you need a custom storage solution, CSI is the correct starting point.

Key Takeaways

  • Containers are ephemeral; volumes provide persistence
  • Volumes are directories from the container’s view
  • Storage lifecycle depends on volume type
  • Use:
    • emptyDir for temporary data
    • local for node-bound persistence
    • PersistentVolume for durable storage
    • ConfigMap and Secret for configuration


Comments

Post a Comment

Popular posts from this blog

Highlights from the 2025 Stack Overflow Developer Survey

-
Image
Introduction The  15th Annual Stack Overflow Developer Survey  is now out. With over  49,000 responses  from  177 countries , the 2025 findings offer a rich view into how developers work—and how they feel—amid rising AI adoption ( survey.stackoverflow.co ,  survey.stackoverflow.co ). Dev & AI Trends at a Glance Widespread AI Adoption Coupled with Waning Trust A whopping  84%  of developers now use—or plan to use—AI tools in their workflows, up from  76%  last year ( survey.stackoverflow.co ). Yet trust in AI is falling dramatically:  46%  say they do  not trust  AI output, compared to just  31%  in 2024 ( itpro.com ). Positive sentiment toward AI tools dropped from over 70% to roughly  60%  this year ( survey.stackoverflow.co ). The top frustration? Developers cite “ AI solutions that are almost right, but not quite ” as a pain point—leading to increased time spent debugging ( survey.stackoverf...
Read more

Mastering Caddy Logging: A Complete Guide to Access, Error, and Structured Logs

-
Image
  Mastering Logging in Caddy Caddy is a modern, lightweight, and secure web server that’s rapidly gaining popularity thanks to its simplicity, automatic HTTPS, and powerful configuration options. One of the most important aspects of managing a Caddy-powered application is  logging . Proper logging ensures you have visibility into your system, can debug issues efficiently, and monitor performance in real-time. In this article, we’ll break down how logging works in Caddy, why it matters, and how you can configure it for your own projects. What is Logging in Caddy? Logging in Caddy refers to the process of capturing details about requests, errors, and internal server behavior. With logs, you can: Track incoming requests and responses Debug configuration or runtime issues Monitor server performance and health Meet compliance and audit requirements Caddy uses a structured logging system, making logs easier to parse and integrate with external monitoring tools like  Better Stac...
Read more

psql: error: connection to server at "localhost" (127.0.0.1), port 5433 failed: ERROR: failed to authenticate with backend using SCRAM DETAIL: valid password not found

-
Image
ERROR psql: error: connection to server at "localhost" (127.0.0.1), port 5433 failed: ERROR: failed to authenticate with backend using SCRAM DETAIL: valid password not found Since Pgpool-II is a PostgreSQL proxy that works between clients and PostgreSQL servers, the authentication comprises two steps: Authentication between client and Pgpool-II Authentication between Pgpool-II and PostgreSQL servers Starting with Pgpool-II 4.0, Pgpool-II supports scram-sha-256 authentication. scram-sha-256 authentication method is strongly recommended because it is the most secure password-based authentication method. Solution 1 If PostgreSQL servers require  MD5  or  SCRAM  authentication for some user’s authentication but the password for that user is not present in  pool_passwd , then enabling  allow_clear_text_frontend_auth  will allow the  Pgpool-II  to use clear-text-password authentication with user to get the password in plain text form from the user ...
Read more