Kubernetes Storage Best Practices for Production
Production storage best practices for Kubernetes. Covers StorageClass selection, backup strategies, volume expansion, data migration, and storage performance tuning.
π‘ Quick Answer: Production storage best practices for Kubernetes. Covers StorageClass selection, backup strategies, volume expansion, data migration, and storage performance tuning.
The Problem
Engineers frequently search for this topic but find scattered, incomplete guides. This recipe provides a comprehensive, production-ready reference.
The Solution
StorageClass Recommendations
# Production: encrypted, high IOPS
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast-encrypted
provisioner: ebs.csi.aws.com
parameters:
type: gp3
iops: "5000"
throughput: "250"
encrypted: "true"
kmsKeyId: "arn:aws:kms:..."
reclaimPolicy: Retain # Don't auto-delete data!
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
---
# Development: cheap, no encryption
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: dev-storage
provisioner: ebs.csi.aws.com
parameters:
type: gp3
reclaimPolicy: Delete
allowVolumeExpansion: trueChecklist
| Practice | Why | Priority |
|---|---|---|
reclaimPolicy: Retain for prod | Prevent accidental data loss | Critical |
allowVolumeExpansion: true | Resize without recreating PVC | High |
WaitForFirstConsumer | Ensure PV is in same AZ as pod | High |
| Encryption at rest | Compliance and security | Critical |
| Regular snapshots | Point-in-time recovery | Critical |
| Monitor PV usage | Alert before disk full | High |
| Test restore procedures | Backups are useless if untested | Critical |
Volume Expansion
# Expand a PVC (no downtime for most CSI drivers)
kubectl patch pvc postgres-data -p '{"spec":{"resources":{"requests":{"storage":"100Gi"}}}}'
# Some drivers need pod restart for filesystem resize
kubectl delete pod <pod-using-pvc>
# Pod recreates and filesystem expands on mountgraph TD
A[Storage Strategy] --> B[Dev: gp3, Delete, cheap]
A --> C[Staging: gp3, Retain, encrypted]
A --> D[Prod: gp3 high-IOPS, Retain, encrypted, snapshots]
D --> E[Daily snapshots]
D --> F[Cross-region replication]Frequently Asked Questions
What happens if my PVβs AZ doesnβt match my podβs node?
The pod stays Pending because the volume canβt be attached. Use WaitForFirstConsumer binding mode to create the PV in the same AZ as the podβs node.
Best Practices
- Start with the simplest approach that solves your problem
- Test thoroughly in staging before production
- Monitor and iterate based on real metrics
- Document decisions for your team
Key Takeaways
- This is essential Kubernetes operational knowledge
- Production-readiness requires proper configuration and monitoring
- Use
kubectl describeand logs for troubleshooting - Automate where possible to reduce human error
Recommended
Kubernetes Recipes β The Complete Book100+ production-ready patterns with detailed explanations, best practices, and copy-paste YAML. Everything in one place.
Get the Book βLearn by Doing
CopyPasteLearn β Hands-on Cloud & DevOps CoursesMaster Kubernetes, Ansible, Terraform, and MLOps with interactive, copy-paste-run lessons. Start free.
Browse Courses β
π Deepen Your Skills β Hands-on Courses
Courses by CopyPasteLearn.com β Learn IT by Doing
Want More Kubernetes Recipes?
This recipe is from Kubernetes Recipes, our 750-page practical guide with hundreds of production-ready patterns.