Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Step 5: Storage

Configure persistent storage, secrets, and configuration data for your container.

Persistent Volume Claims (PVCs)

Create persistent storage that survives container restarts:

Automatic Volume Creation

When enabled, volumes are automatically created and mounted:

  • PVC Name: Descriptive identifier (e.g., data-storage)
  • Storage Size: Disk space allocation (e.g., 1GB)
  • Access Mode: ReadWriteOnce (RWO) for single-pod access
  • Storage Class: Performance tier (e.g., fast-ssd)

Volumes

Define storage volumes for your container:

Volume Configuration

  • Volume Name: Internal identifier (e.g., data-volume)
  • Volume Type: Empty Directory for temporary storage
  • Size Limit: Optional storage constraint

Volume Mounts

Connect volumes to container filesystem paths:

  • Volume Name: Reference to defined volume
  • Mount Path: Container filesystem location (e.g., /data or /config)
  • Read Only: Checkbox for write protection
  • Purpose: Mount volumes before creating mounts

Secrets

Store sensitive configuration data securely:

Secret Configuration

  • Secret Name: Identifier (e.g., db-credentials)
  • Secret Type: Opaque (Generic) for key-value pairs
  • Key: Configuration key (e.g., password, token)
  • Value: Sensitive data (automatically encrypted)

Example Secrets:

db-credentials:
  username: myapp
  password: [encrypted]
  
api-tokens:
  github_token: [encrypted]
  stripe_key: [encrypted]

ConfigMaps

Store non-sensitive configuration data:

ConfigMap Configuration

  • ConfigMap Name: Identifier (e.g., app-config)
  • Key: Configuration parameter (e.g., config.yaml, database_url)
  • Value: Configuration content or file data

Example ConfigMaps:

app-config:
  database_url: postgresql://localhost:5432/myapp
  redis_url: redis://localhost:6379/0
  
nginx-config:
  nginx.conf: |
    server {
      listen 80;
      server_name localhost;
      ...
    }

Storage Types and Use Cases

Persistent Volumes

When to Use:

  • Database data that must survive pod restarts
  • User-uploaded files and media
  • Application logs that need retention
  • Cache data that should persist

Configuration Examples:

# Database storage
name: postgres-data
size: 20Gi
mount: /var/lib/postgresql/data

# Application uploads
name: app-uploads
size: 50Gi
mount: /app/uploads

Temporary Volumes

When to Use:

  • Temporary processing files
  • Cache that can be rebuilt
  • Inter-container communication
  • Scratch space for computations

Configuration Examples:

# Temporary cache
name: cache-volume
type: EmptyDir
mount: /tmp/cache

# Processing workspace
name: workspace
type: EmptyDir
mount: /workspace

Secrets

When to Use:

  • Database passwords
  • API keys and tokens
  • TLS certificates
  • OAuth credentials

Configuration Examples:

# Database credentials
name: db-secret
keys:
  username: dbuser
  password: securepassword
  
# API keys
name: api-keys
keys:
  stripe_key: sk_live_...
  github_token: ghp_...

ConfigMaps

When to Use:

  • Application configuration files
  • Environment-specific settings
  • Non-sensitive configuration data
  • Feature flags and toggles

Configuration Examples:

# Application config
name: app-config
data:
  config.json: |
    {
      "debug": false,
      "timeout": 30000
    }
    
# Nginx configuration
name: nginx-config
data:
  nginx.conf: |
    server {
      listen 80;
      root /var/www/html;
    }

Storage Classes and Performance

Available Storage Classes

  • Standard: General-purpose SSD storage
  • Fast-SSD: High-performance SSD for databases
  • Bulk: Cost-effective for large data sets
  • NFS: Network file system for shared access

Performance Considerations

  • IOPS: Input/output operations per second
  • Throughput: Data transfer rates
  • Latency: Response time for storage operations
  • Durability: Data protection and backup capabilities

Common Storage Patterns

Database Applications

# PostgreSQL storage
name: postgres-data
size: 20Gi
storageClass: fast-ssd
mount: /var/lib/postgresql/data

# Database backups
name: postgres-backup
size: 50Gi
storageClass: standard
mount: /backups

Web Applications

# Static assets
name: static-files
size: 5Gi
storageClass: standard
mount: /app/static

# User uploads
name: user-uploads
size: 100Gi
storageClass: standard
mount: /app/uploads

Logging and Analytics

# Application logs
name: app-logs
size: 10Gi
storageClass: bulk
mount: /var/log/app

# Analytics data
name: analytics
size: 200Gi
storageClass: bulk
mount: /data/analytics

Storage Best Practices

Persistent Storage

  • Size Planning: Estimate growth and plan for 2-3x current needs
  • Backup Strategy: Implement regular backup procedures
  • Monitoring: Track storage usage and performance
  • Cleanup: Regular cleanup of temporary and log files

Secrets Management

  • Rotation: Regularly rotate sensitive credentials
  • Access Control: Limit access to secrets on a need-to-know basis
  • Auditing: Monitor access to sensitive configuration
  • Separation: Keep secrets separate from application code

Configuration Organization

  • Environment Separation: Use different ConfigMaps per environment
  • Versioning: Version your configuration for rollback capabilities
  • Validation: Validate configuration syntax and values
  • Documentation: Document configuration parameters and their purposes

Performance Optimization

  • Storage Class Selection: Choose appropriate performance tiers
  • Volume Sizing: Right-size volumes to avoid waste
  • Mount Optimization: Use read-only mounts where appropriate
  • Caching: Implement appropriate caching strategies

Troubleshooting Storage Issues

Common Problems

  • Volume Mount Failures: Incorrect paths or permissions
  • Storage Full: Volumes reaching capacity limits
  • Performance Issues: Slow I/O or high latency
  • Secret Access: Unable to read mounted secrets

Diagnostic Steps

  1. Check container logs for mount errors
  2. Verify volume and mount path configurations
  3. Check storage capacity and usage
  4. Validate secret and ConfigMap syntax
  5. Test file system permissions

Security Considerations

Data Protection

  • Encryption at Rest: Use encrypted storage classes when available
  • Access Controls: Implement proper file system permissions
  • Network Security: Secure data in transit
  • Backup Encryption: Ensure backups are encrypted

Compliance

  • Data Residency: Understand where data is stored geographically
  • Retention Policies: Implement appropriate data retention
  • Audit Trails: Maintain logs of data access and modifications
  • Regulatory Requirements: Ensure compliance with applicable regulations

Next: Proceed to Step 6 to configure advanced scheduling and node placement options.