kubernetes volumes

• files created in a container are ephemeral, i.e. if a kubernetes pod is restarted, the newly created containers will not have access to the files from the previous containers
• kubernetes volumes mitigates the issue of sharing files

Volume types:

• emptyDir: initial empty directory
• hostPath: mounted directory from the cluster node filesystem
• nfs: a shared NFS
• gcePersistentDisk, awsElasticBlokStore, azureDisk: volumes exposed by cloud providers
• cinder, cephfs, iscsi, flocker…: network storage
• ConfigMaps, Secrets, downwardAPI: volumes specialized for exposing Kubernetes resources
• PersistentVolumeClaim: a way to dynamically allocate volumes

EmptyDir

• the lifecycle of an EmptyDir volume is linked to the kubernetes pod, i.e. if the kubernetes pod is destroyed, so is the volume
• useful for containers in the same kubernetes pod that needs to collaborate together

---
apiVersion: v1
kind: Pod
metadata:
  name: shared-vol
spec:
  volumes:
    - name: my-data
      emptyDir: { }
  containers:
    - name: log2fs
      image: foobar/k8s-training-nginx-log2fs: 1.19-alpine-v1
      volumeMounts:
        - name: my-data
          mountPath: /var/log/nginx
    - name: shell
      image: debian: 10-slim
      command: [ "bash" , "-c" , "sleep infinity"]
      volumeMounts:
        - name: my-data
          mountPath: /data

HostPath

• sometime, a kubernetes pod needs to access to the cluster node filesystem, e.g. a kubernetes pod created by a kubernetes DaemonSet to archive logs
• those volumes are persistent, but it’s not reliable because your kubernetes pod may not be run in the same node

---
apiVersion: v1
kind: Pod
metadata:
  name: hostpath-vol
spec:
  volumes:
    - name: my-data
      hostPath:
        path: /data/my-data
  containers:
    - name: log2fs
      image: foobar/k8s-training-nginx-log2fs: 1.19-alpine-v1
      volumeMounts:
        - name: my-data
          mountPath: /var/log/nginx

Persistent Volumes and Persistent Volumes Claims

• abstraction layer to provision and consume volumes
• PersistentVolume is a storage space dedicated for cluster admins
• PersistentVolumeClaim is a storage space requested by the cluster users
• PVC are similar to kubernetes pod
  • kubernetes pods consumes resources (CPU & RAM) of the cluster node
  • PVC consumes cluster storage resource
• PVC provides PV with some criteria:
  • storage size
  • access type (RW, RO, …)
• PVC do not expose the way it provision the storage to the users
• StorageClass are a way to expose different types of available volumes

Lifecycle of PV and PVC

• PV can be provisioned statically or dynamically
  • static PV are pre-provisioned by the admins
  • dynamic PV are provisioned on the fly by the cluster using the StorageClass
• a PVC must specify a StorageClass
• an empty StorageClass (i.e. "") is equivalent to a static PV
• ⚠️ if no PV matches the request, it will be on stand-by indefinitely (or until its deletion)
• ⚠️ deleting a kubernetes pod does not delete the associated PVC
  • the ReclaimPolicy associated to the PV determine what happens to the PV once it’s freed:
    • retained : the PV is no longer used but can be associated to another PVC
    • recycled: the PV is cleaned, i.e. its data are deleted, and once the deletion is finished, the PV can be associated to a PVC
    • deleted: the PV is deleted

Access modes

• ReadWriteOnce (RWO): the volume can be mounted in RW for a single node
• ReadOnlyMany (ROX): the volume can be mounted in RO for multiple nodes
• ReadWriteMany (RWX): the volume can be mounted in RW for multiple nodes

title: A volume can only be mounted in one mode at a time!

PV example

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0003
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  storageClassName: slow
  nfs:
    path: /tmp
    server: 172.17.0.2
  mountOptions:
    - hard
    - nfsvers=4.1

PVC example

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: myclaim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  storageClassName: slow
  selector:
    matchLabels:
      release: "stable"
    matchExpressions:
      - { key: environment , operator: In , values: [ dev ] }

PVC usage:

---
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  volumes:
    - name: mypd
      persistentVolumeClaim:
        claimName: myclaim
  containers:
    - name: myfrontend
      image: nginx
      volumeMounts:
        - name: mypd
          mountPath: /var/www/html

StorageClass example

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: standard
provisioner: kubernetes.io/aws - ebs
parameters:
  type: gp2
reclaimPolicy: Retain
mountOptions:
  - debug