Kubernetes Volume Types Explained
Compare all Kubernetes volume types: emptyDir, hostPath, PVC, ConfigMap, Secret, NFS, CSI, and projected volumes. When to use each type with examples.
π‘ Quick Answer: Compare all Kubernetes volume types: emptyDir, hostPath, PVC, ConfigMap, Secret, NFS, CSI, and projected volumes. When to use each type with examples.
The Problem
This is one of the most searched Kubernetes topics. A comprehensive, well-structured guide helps engineers of all levels quickly find actionable solutions.
The Solution
Detailed implementation with production-ready examples below.
Volume Types Comparison
| Type | Persistence | Access | Use Case |
|---|---|---|---|
emptyDir | Pod lifetime | Single pod | Cache, temp files |
hostPath | Node lifetime | Single node | Node-level data (dev only!) |
persistentVolumeClaim | Independent | Configurable | Databases, stateful apps |
configMap | ConfigMap lifetime | Read-only | Config files |
secret | Secret lifetime | Read-only | Credentials, TLS certs |
nfs | NFS server | ReadWriteMany | Shared file storage |
csi | Driver-dependent | Driver-dependent | Cloud/enterprise storage |
projected | Source lifetime | Read-only | Combine multiple sources |
downwardAPI | Pod lifetime | Read-only | Pod metadata as files |
Examples
volumes:
# emptyDir β temp storage
- name: cache
emptyDir:
sizeLimit: 1Gi
# hostPath β node filesystem (DANGEROUS in production)
- name: docker-sock
hostPath:
path: /var/run/docker.sock
type: Socket
# PVC β persistent storage
- name: data
persistentVolumeClaim:
claimName: my-data
# ConfigMap as files
- name: config
configMap:
name: app-config
items:
- key: nginx.conf
path: nginx.conf
# Secret as files
- name: certs
secret:
secretName: tls-certs
# Projected β combine multiple sources
- name: combined
projected:
sources:
- configMap:
name: app-config
- secret:
name: app-secrets
- downwardAPI:
items:
- path: labels
fieldRef:
fieldPath: metadata.labelsgraph TD
A{Need persistence?} -->|No - temp/cache| B[emptyDir]
A -->|Yes| C{Shared across pods?}
C -->|No - single pod| D[PVC with RWO]
C -->|Yes - multiple pods| E[PVC with RWX - NFS/CephFS]
F{Config or secrets?} -->|Config files| G[configMap volume]
F -->|Credentials| H[secret volume]
F -->|Both + metadata| I[projected volume]Common Issues
Check kubectl describe and kubectl get events first β most issues have clear error messages pointing to the root cause.
Best Practices
- Follow least privilege β only grant the access thatβs needed
- Test in staging before applying to production
- Monitor and alert on key metrics
- Document your runbooks for the team
Key Takeaways
- Essential knowledge for Kubernetes operations
- Start simple and evolve your approach
- Automation reduces human error
- Share knowledge with your team
Recommended
Kubernetes Recipes β The Complete Book100+ production-ready patterns with detailed explanations, best practices, and copy-paste YAML. Everything in one place.
Get the Book βLearn by Doing
CopyPasteLearn β Hands-on Cloud & DevOps CoursesMaster Kubernetes, Ansible, Terraform, and MLOps with interactive, copy-paste-run lessons. Start free.
Browse Courses β
π Deepen Your Skills β Hands-on Courses
Courses by CopyPasteLearn.com β Learn IT by Doing
Want More Kubernetes Recipes?
This recipe is from Kubernetes Recipes, our 750-page practical guide with hundreds of production-ready patterns.