Updated on 2024-01-26 GMT+08:00


hostPath is used for mounting the file directory of the host where the container is located to the specified mount point of the container. If the container needs to access /etc/hosts, use hostPath to map /etc/hosts.

  • Avoid using hostPath volumes as much as possible, as they are prone to security risks. If hostPath volumes must be used, they can only be applied to files or paths and mounted in read-only mode.
  • After the pod to which a hostPath volume is mounted is deleted, the data in the hostPath volume is retained.

Mounting a hostPath Volume on the Console

You can mount a path on the host to a specified container path. A hostPath volume is usually used to store workload logs permanently or used by workloads that need to access internal data structure of the Docker engine on the host.

  1. Log in to the CCE console.
  2. When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and choose hostPath from the drop-down list.
  3. Set parameters for adding a local volume, as listed in Table 1.

    Table 1 Setting parameters for mounting a hostPath volume



    Volume Type

    Select HostPath.

    Host Path

    Path of the host to which the local volume is to be mounted, for example, /etc/hosts.


    Host Path cannot be set to the root directory /. Otherwise, the mounting fails. Mount paths can be as follows:

    • /opt/xxxx (excluding /opt/cloud)
    • /mnt/xxxx (excluding /mnt/paas)
    • /tmp/xxx
    • /var/xxx (excluding key directories such as /var/lib, /var/script, and /var/paas)
    • /xxxx (It cannot conflict with the system directory, such as bin, lib, home, root, boot, dev, etc, lost+found, mnt, proc, sbin, srv, tmp, var, media, opt, selinux, sys, and usr.)

    Do not set this parameter to /home/paas, /var/paas, /var/lib, /var/script, /mnt/paas, or /opt/cloud. Otherwise, the system or node installation will fail.

    Mount Path

    Enter a mount path, for example, /tmp.

    This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.

    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.


    Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.

    A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.


    • Read-only: You can only read the data in the mounted volumes.
    • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.

  4. After the configuration, click Create Workload.

Mounting a hostPath Volume Using kubectl

  1. Use kubectl to connect to the cluster.
  2. Create a file named nginx-hostpath.yaml and edit it.

    vi nginx-hostpath.yaml

    The content of the YAML file is as follows. Mount the /data directory on the node to the /data directory in the container.

    apiVersion: apps/v1
    kind: Deployment
      name: nginx-hostpath
      namespace: default
      replicas: 2
          app: nginx-hostpath
            app: nginx-hostpath
            - name: container-1
              image: nginx:latest
                - name: vol-hostpath         # Volume name, which must be the same as the volume name in the volumes field.
                  mountPath: /data           # Mount path in the container.
            - name: default-secret
            - name: vol-hostpath             # Volume name, which can be customized.
                path: /data                  # Directory location on the host node.

  3. Create a workload.

    kubectl apply -f nginx-hostpath.yaml