πŸ“šBook Signing at KubeCon EU 2026Meet us at Booking.com HQ (Mon 18:30-21:00) & vCluster booth #521 (Tue 24 Mar, 12:30-1:30pm) β€” free book giveaway!RSVP Booking.com Event
KubernetesRecipes
Storage beginner ⏱ 8 minutes K8s 1.28+

K8s Volumes: emptyDir and hostPath Guide

Configure Kubernetes emptyDir and hostPath volumes for temporary storage and host filesystem access. Memory-backed tmpfs, size limits.

By Luca Berton β€’ β€’ πŸ“– 5 min read

πŸ’‘ Quick Answer: emptyDir: {} creates a temporary directory that exists as long as the pod runs β€” perfect for scratch space, caches, and sharing data between containers. emptyDir: {medium: Memory} uses tmpfs (RAM-backed, faster). hostPath mounts a file or directory from the host node β€” use sparingly due to security risks. Both are ephemeral: data is lost when the pod is deleted.

The Problem

Containers need temporary storage for:

  • Scratch space (compilation, image processing)
  • Cache directories (CDN, build cache)
  • Shared data between sidecar containers
  • Log files before collection
  • Host-level access (node monitoring, device access)

The Solution

emptyDir

apiVersion: v1
kind: Pod
metadata:
  name: scratch-pod
spec:
  containers:
  - name: app
    image: myapp:v2
    volumeMounts:
    - name: scratch
      mountPath: /tmp/work
    - name: shared-data
      mountPath: /data
  
  - name: sidecar
    image: busybox:1.36
    command: ["sh", "-c", "while true; do ls /data; sleep 10; done"]
    volumeMounts:
    - name: shared-data
      mountPath: /data     # Same volume, shared between containers
  
  volumes:
  - name: scratch
    emptyDir: {}            # Disk-backed, node's filesystem
  - name: shared-data
    emptyDir:
      sizeLimit: 1Gi       # Evicts pod if exceeded

Memory-Backed emptyDir (tmpfs)

volumes:
- name: cache
  emptyDir:
    medium: Memory          # RAM-backed tmpfs
    sizeLimit: 256Mi        # Counts against container memory limit!

# Use cases:
# - High-speed caching
# - Sensitive data (no disk persistence)
# - /tmp for applications that need fast I/O

hostPath

apiVersion: v1
kind: Pod
metadata:
  name: log-reader
spec:
  containers:
  - name: reader
    image: busybox:1.36
    command: ["sh", "-c", "tail -f /var/log/syslog"]
    volumeMounts:
    - name: host-logs
      mountPath: /var/log
      readOnly: true         # ALWAYS use readOnly for hostPath
  
  volumes:
  - name: host-logs
    hostPath:
      path: /var/log
      type: Directory        # Must exist as directory

# hostPath types:
# ""               - No checks (default)
# DirectoryOrCreate - Create directory if missing
# Directory        - Must exist as directory
# FileOrCreate     - Create file if missing
# File             - Must exist as file
# Socket           - Must exist as Unix socket
# CharDevice       - Must exist as char device
# BlockDevice      - Must exist as block device

Common Patterns

# Pattern 1: Share data between init and main container
spec:
  initContainers:
  - name: download-config
    image: curlimages/curl:8.6
    command: ["curl", "-o", "/config/app.conf", "https://config.example.com/app.conf"]
    volumeMounts:
    - name: config
      mountPath: /config
  containers:
  - name: app
    image: myapp:v2
    volumeMounts:
    - name: config
      mountPath: /etc/app
      readOnly: true
  volumes:
  - name: config
    emptyDir: {}

---
# Pattern 2: ReadOnly filesystem with writable paths
spec:
  containers:
  - name: nginx
    image: nginx:1.27
    securityContext:
      readOnlyRootFilesystem: true
    volumeMounts:
    - name: tmp
      mountPath: /tmp
    - name: run
      mountPath: /var/run
    - name: cache
      mountPath: /var/cache/nginx
  volumes:
  - name: tmp
    emptyDir: {}
  - name: run
    emptyDir: {}
  - name: cache
    emptyDir: {}

emptyDir vs hostPath vs PVC

FeatureemptyDirhostPathPVC
LifetimePodNodeIndependent
Survives restartContainer restart onlyYes (node-level)Yes
Shared between podsNoYes (same node)Yes (RWX)
Data safetyNoneNone (node dies)Replicated
Security riskLowHighLow
Use caseTemp/cacheNode accessPersistent data

Common Issues

Pod evicted: β€œemptyDir usage exceeds sizeLimit”

emptyDir with sizeLimit evicts the pod when exceeded. Increase limit or clean up data.

Memory-backed emptyDir counts against memory limit

tmpfs medium: Memory usage counts toward the container’s memory limit. Set memory limits accordingly.

hostPath not available on other nodes

hostPath is node-local. If pod reschedules to a different node, data is gone. Use PVCs for persistent data.

Best Practices

  • emptyDir for scratch/cache β€” never for data you can’t lose
  • Set sizeLimit on emptyDir β€” prevent pods from filling node disk
  • tmpfs (Memory medium) for sensitive temp data β€” not written to disk
  • Avoid hostPath in production β€” security risk, breaks portability
  • ReadOnly hostPath β€” if you must use it, mount read-only

Key Takeaways

  • emptyDir is temporary storage tied to pod lifetime β€” deleted when pod is removed
  • medium: Memory creates RAM-backed tmpfs (fast, counts against memory limits)
  • emptyDir is the standard way to share data between containers in a pod
  • hostPath mounts host filesystem β€” powerful but dangerous, avoid in production
  • For persistent data, always use PersistentVolumeClaims instead
#volumes #storage #emptydir #hostpath #cka
Luca Berton
Written by Luca Berton

Principal Solutions Architect specializing in Kubernetes, AI/GPU infrastructure, and cloud-native platforms. Author of Kubernetes Recipes and creator of CopyPasteLearn courses.

🌐 πŸ’Ό πŸ’»

πŸŽ“ Deepen Your Skills β€” Hands-on Courses

⚑
Ansible Quickstart

Automate cluster bootstrapping and node configuration with Ansible.

Start Learning β†’

Courses by CopyPasteLearn.com β€” Learn IT by Doing

Kubernetes Recipes book cover

Want More Kubernetes Recipes?

This recipe is from Kubernetes Recipes, our 750-page practical guide with hundreds of production-ready patterns.

Get the Book β†’ ← More Storage Recipes
← Back to All Recipes
Luca Berton Ansible Pilot Ansible by Example Open Empower K8s Recipes Terraform Pilot CopyPasteLearn ProteinLens