Volumes

Volume Types

Kubernetes supports multiple types of volumes. The most commonly used ones are as follows:

• emptyDir: an empty volume used for ephemeral storage
• hostPath: a volume that mounts a directory on the host to a pod
• ConfigMap and secret: special volumes that inject or pass information to the pods. For details about how to use ConfigMaps and secrets as volumes, see ConfigMaps and Secrets.
• PersistentVolumeClaim: Kubernetes persistent storage class. For details, see PVs, PVCs, and Storage Classes.

emptyDir

emptyDir is an empty volume in which your applications can read and write files. The lifetime of an emptyDir volume is the same as that of the pod that it is mounted to. After the pod is deleted, data in the volume is also deleted.

Some uses of an emptyDir volume are as follows:

• An emptyDir volume can provide scratch space, such as for a disk-based merge sort.
• An emptyDir volume can serve as a checkpoint for a long computation for recovery from crashes.

Example emptyDir configuration:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx:alpine
    name: test-container
    volumeMounts:
    - mountPath: /cache
      name: cache-volume
  volumes:
  - name: cache-volume
    emptyDir: {}

emptyDir volumes are stored on the disks of the node where the pod is located. You can also set the storage medium to the node memory, for example, by setting medium to Memory.

volumes:
  - name: html
    emptyDir:
      medium: Memory

hostPath

hostPath is a type of persistent storage volume in Kubernetes. A hostPath volume mounts a file or directory in the file system of the host node to a pod so that the pod can directly access the file resources on the node. Compared with emptyDir that is mainly used for temporary storage, hostPath has the following characteristics:

• Data lifecycle bound to the host node: Data can be restored and used even if the pod is deleted, rebuilt, or scheduled to another node, provided that the node disk is not damaged.
• Cross-pod sharing of node-level resources: Multiple pods on a node can share data through the same hostPath volume (if pods have the permissions to access the file system on the host node).
• Reuse of pre-stored data on the nodes: hostPath can mount existing files or directories (such as system configuration files and hardware drivers) on the nodes to pods, so containers can directly read or modify the pre-stored data.

hostPath is suitable for development and debugging, system component deployment, and scenarios where the host node resources need to be accessed. For example, you may need to mount the log directory, Docker engine, or local cache path of the host node to pods. hostPath has the following limitations:

• hostPath is strongly bound to nodes, which makes it inflexible (lacking portability) and unable to share data across nodes or dynamically allocate storage.
• Security risks are prominent. If sensitive paths (such as /etc and /var/run/docker.sock) on the nodes are mounted to pods, containers may access node resources without authorization.
• Data persistence is weak. If a node becomes faulty or the disk is damaged, the stored data is easily lost.

For this reason, hostPath is not suitable for production environments that require high data security and reliability, such as databases.

apiVersion: v1
kind: Pod
metadata:
  name: test-hostpath
spec:
  containers:
  - image: nginx:alpine
    name: hostpath-container
    volumeMounts:
    - mountPath: /test-pd
      name: test-volume
  volumes:
  - name: test-volume
    hostPath:
      path: /data