KCNAStorage

Storage

Containers are ephemeral. Kubernetes provides a rich storage model to persist data beyond Pod lifetime.

Volumes

A Volume lives as long as its Pod. Types include:

emptyDir — scratch space shared between containers in a Pod
hostPath — mounts a path from the node (avoid in production)
configMap / secret — injects config data as files
nfs, cephfs, etc. — external storage systems

spec:
  volumes:
  - name: cache
    emptyDir: {}
  containers:
  - name: app
    volumeMounts:
    - mountPath: /tmp/cache
      name: cache

PersistentVolume (PV) & PersistentVolumeClaim (PVC)

PV — an administrator-provisioned storage resource.
PVC — a user's request for storage (size, access mode).

Kubernetes binds a PVC to a matching PV.

# PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: db-storage
spec:
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 20Gi
  storageClassName: fast-ssd

Access Modes

Mode	Abbr	Meaning
ReadWriteOnce	RWO	One node read/write
ReadOnlyMany	ROX	Many nodes read-only
ReadWriteMany	RWX	Many nodes read/write

StorageClass & Dynamic Provisioning

A StorageClass lets PVCs trigger automatic PV creation:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: fast-ssd
provisioner: pd.csi.storage.gke.io
parameters:
  type: pd-ssd
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer

Reclaim policies:

Retain — PV stays after PVC deleted (manual cleanup)
Delete — PV and backing storage deleted automatically
Recycle — deprecated

ConfigMaps & Secrets

kubectl create configmap app-config --from-literal=LOG_LEVEL=debug
kubectl create secret generic db-creds \
  --from-literal=password=supersecret

Use as env vars or volume mounts:

envFrom:
- configMapRef:
    name: app-config
- secretRef:
    name: db-creds

Secrets are base64-encoded, not encrypted. For real security, use Sealed Secrets or Vault.

Summary

Volumes share data between containers or survive container restarts (not Pod deletion)
PV + PVC decouple storage provisioning from consumption
StorageClasses enable dynamic provisioning
ConfigMaps inject config; Secrets inject sensitive data

Services & Networking

Cloud Native Architecture