Source from repo
Kubernetes Specialist

Deploy and manage Kubernetes workloads: manifests, RBAC, Helm charts, service mesh, GitOps, and troubleshooting.
jeffallanGitHub jeffallanSource repo Original GitHub link Publisher page
Files
Skill
n/a
Size
129.5 KB
Entrypoint
SKILL.md
Format
git-repo
Open file
references/storage.md

Syntax-highlighted preview of this file as included in the skill package.
Rendered Source
markdown536 linesFree
references/storage.md
1# Kubernetes Storage
2 
3## StorageClass Definitions
4 
5### AWS EBS (gp3)
6 
7```yaml
8apiVersion: storage.k8s.io/v1
9kind: StorageClass
10metadata:
11  name: fast-ssd
12  annotations:
13    storageclass.kubernetes.io/is-default-class: "true"
14provisioner: ebs.csi.aws.com
15parameters:
16  type: gp3
17  iops: "3000"
18  throughput: "125"
19  encrypted: "true"
20  kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/..."
21volumeBindingMode: WaitForFirstConsumer
22allowVolumeExpansion: true
23reclaimPolicy: Delete
24```
25 
26### GCE Persistent Disk (SSD)
27 
28```yaml
29apiVersion: storage.k8s.io/v1
30kind: StorageClass
31metadata:
32  name: fast-ssd-gce
33provisioner: pd.csi.storage.gke.io
34parameters:
35  type: pd-ssd
36  replication-type: regional-pd
37volumeBindingMode: WaitForFirstConsumer
38allowVolumeExpansion: true
39reclaimPolicy: Delete
40```
41 
42### Azure Disk (Premium SSD)
43 
44```yaml
45apiVersion: storage.k8s.io/v1
46kind: StorageClass
47metadata:
48  name: fast-ssd-azure
49provisioner: disk.csi.azure.com
50parameters:
51  storageaccounttype: Premium_LRS
52  kind: Managed
53volumeBindingMode: WaitForFirstConsumer
54allowVolumeExpansion: true
55reclaimPolicy: Delete
56```
57 
58### NFS Storage
59 
60```yaml
61apiVersion: storage.k8s.io/v1
62kind: StorageClass
63metadata:
64  name: nfs-storage
65provisioner: nfs.csi.k8s.io
66parameters:
67  server: nfs-server.example.com
68  share: /exports/kubernetes
69volumeBindingMode: Immediate
70reclaimPolicy: Retain
71```
72 
73## PersistentVolume (Static Provisioning)
74 
75```yaml
76apiVersion: v1
77kind: PersistentVolume
78metadata:
79  name: legacy-database-pv
80  labels:
81    type: local
82    app: legacy-db
83spec:
84  capacity:
85    storage: 100Gi
86  volumeMode: Filesystem
87  accessModes:
88  - ReadWriteOnce
89  persistentVolumeReclaimPolicy: Retain
90  storageClassName: manual
91  hostPath:
92    path: /mnt/data/legacy-db
93  nodeAffinity:
94    required:
95      nodeSelectorTerms:
96      - matchExpressions:
97        - key: kubernetes.io/hostname
98          operator: In
99          values:
100          - node-01
101```
102 
103## PersistentVolumeClaim Patterns
104 
105### Basic PVC (Dynamic Provisioning)
106 
107```yaml
108apiVersion: v1
109kind: PersistentVolumeClaim
110metadata:
111  name: database-pvc
112  namespace: production
113  labels:
114    app: postgres
115spec:
116  accessModes:
117  - ReadWriteOnce
118  storageClassName: fast-ssd
119  resources:
120    requests:
121      storage: 50Gi
122```
123 
124### Shared Storage (ReadWriteMany)
125 
126```yaml
127apiVersion: v1
128kind: PersistentVolumeClaim
129metadata:
130  name: shared-assets
131  namespace: production
132spec:
133  accessModes:
134  - ReadWriteMany
135  storageClassName: nfs-storage
136  resources:
137    requests:
138      storage: 100Gi
139```
140 
141### Block Volume
142 
143```yaml
144apiVersion: v1
145kind: PersistentVolumeClaim
146metadata:
147  name: block-storage
148  namespace: production
149spec:
150  accessModes:
151  - ReadWriteOnce
152  volumeMode: Block
153  storageClassName: fast-ssd
154  resources:
155    requests:
156      storage: 10Gi
157```
158 
159## Using PVCs in Pods
160 
161### Single PVC Mount
162 
163```yaml
164apiVersion: v1
165kind: Pod
166metadata:
167  name: database-pod
168spec:
169  containers:
170  - name: postgres
171    image: postgres:15
172    volumeMounts:
173    - name: data
174      mountPath: /var/lib/postgresql/data
175  volumes:
176  - name: data
177    persistentVolumeClaim:
178      claimName: database-pvc
179```
180 
181### Multiple PVCs
182 
183```yaml
184apiVersion: v1
185kind: Pod
186metadata:
187  name: app-pod
188spec:
189  containers:
190  - name: app
191    image: myapp:latest
192    volumeMounts:
193    - name: data
194      mountPath: /data
195    - name: logs
196      mountPath: /var/log/app
197    - name: shared
198      mountPath: /shared
199  volumes:
200  - name: data
201    persistentVolumeClaim:
202      claimName: app-data-pvc
203  - name: logs
204    persistentVolumeClaim:
205      claimName: app-logs-pvc
206  - name: shared
207    persistentVolumeClaim:
208      claimName: shared-assets
209```
210 
211## StatefulSet with VolumeClaimTemplates
212 
213```yaml
214apiVersion: apps/v1
215kind: StatefulSet
216metadata:
217  name: postgres-cluster
218  namespace: database
219spec:
220  serviceName: postgres
221  replicas: 3
222  selector:
223    matchLabels:
224      app: postgres
225  template:
226    metadata:
227      labels:
228        app: postgres
229    spec:
230      containers:
231      - name: postgres
232        image: postgres:15-alpine
233        ports:
234        - containerPort: 5432
235        volumeMounts:
236        - name: data
237          mountPath: /var/lib/postgresql/data
238        - name: config
239          mountPath: /etc/postgresql
240      volumes:
241      - name: config
242        configMap:
243          name: postgres-config
244  volumeClaimTemplates:
245  - metadata:
246      name: data
247      labels:
248        app: postgres
249    spec:
250      accessModes: ["ReadWriteOnce"]
251      storageClassName: fast-ssd
252      resources:
253        requests:
254          storage: 50Gi
255```
256 
257## Volume Snapshots
258 
259### VolumeSnapshotClass
260 
261```yaml
262apiVersion: snapshot.storage.k8s.io/v1
263kind: VolumeSnapshotClass
264metadata:
265  name: csi-snapclass
266driver: ebs.csi.aws.com
267deletionPolicy: Delete
268parameters:
269  encrypted: "true"
270```
271 
272### VolumeSnapshot
273 
274```yaml
275apiVersion: snapshot.storage.k8s.io/v1
276kind: VolumeSnapshot
277metadata:
278  name: database-snapshot-20231214
279  namespace: production
280spec:
281  volumeSnapshotClassName: csi-snapclass
282  source:
283    persistentVolumeClaimName: database-pvc
284```
285 
286### Restore from Snapshot
287 
288```yaml
289apiVersion: v1
290kind: PersistentVolumeClaim
291metadata:
292  name: database-restored
293  namespace: production
294spec:
295  accessModes:
296  - ReadWriteOnce
297  storageClassName: fast-ssd
298  dataSource:
299    name: database-snapshot-20231214
300    kind: VolumeSnapshot
301    apiGroup: snapshot.storage.k8s.io
302  resources:
303    requests:
304      storage: 50Gi
305```
306 
307## Volume Expansion
308 
309```yaml
310# 1. Ensure StorageClass allows expansion
311apiVersion: storage.k8s.io/v1
312kind: StorageClass
313metadata:
314  name: fast-ssd
315allowVolumeExpansion: true
316# ... rest of config
317 
318---
319# 2. Expand PVC by updating size
320apiVersion: v1
321kind: PersistentVolumeClaim
322metadata:
323  name: database-pvc
324spec:
325  accessModes:
326  - ReadWriteOnce
327  storageClassName: fast-ssd
328  resources:
329    requests:
330      storage: 100Gi  # Increased from 50Gi
331```
332 
333## EmptyDir Volumes
334 
335### Memory-Backed EmptyDir
336 
337```yaml
338apiVersion: v1
339kind: Pod
340metadata:
341  name: cache-pod
342spec:
343  containers:
344  - name: app
345    image: myapp:latest
346    volumeMounts:
347    - name: cache
348      mountPath: /cache
349  volumes:
350  - name: cache
351    emptyDir:
352      medium: Memory
353      sizeLimit: 1Gi
354```
355 
356### Disk-Backed EmptyDir
357 
358```yaml
359apiVersion: v1
360kind: Pod
361metadata:
362  name: worker-pod
363spec:
364  containers:
365  - name: worker
366    image: worker:latest
367    volumeMounts:
368    - name: scratch
369      mountPath: /tmp/scratch
370  volumes:
371  - name: scratch
372    emptyDir:
373      sizeLimit: 10Gi
374```
375 
376## ConfigMap and Secret Volumes
377 
378```yaml
379apiVersion: v1
380kind: Pod
381metadata:
382  name: app-pod
383spec:
384  containers:
385  - name: app
386    image: myapp:latest
387    volumeMounts:
388    - name: config
389      mountPath: /etc/config
390      readOnly: true
391    - name: secrets
392      mountPath: /etc/secrets
393      readOnly: true
394  volumes:
395  - name: config
396    configMap:
397      name: app-config
398      items:
399      - key: app.yaml
400        path: config.yaml
401        mode: 0644
402  - name: secrets
403    secret:
404      secretName: app-secrets
405      defaultMode: 0400
406      items:
407      - key: db-password
408        path: database/password
409```
410 
411## Projected Volumes
412 
413```yaml
414apiVersion: v1
415kind: Pod
416metadata:
417  name: projected-pod
418spec:
419  containers:
420  - name: app
421    image: myapp:latest
422    volumeMounts:
423    - name: combined
424      mountPath: /combined
425      readOnly: true
426  volumes:
427  - name: combined
428    projected:
429      sources:
430      - secret:
431          name: app-secrets
432          items:
433          - key: password
434            path: secrets/password
435      - configMap:
436          name: app-config
437          items:
438          - key: config.yaml
439            path: config/app.yaml
440      - downwardAPI:
441          items:
442          - path: pod/labels
443            fieldRef:
444              fieldPath: metadata.labels
445          - path: pod/annotations
446            fieldRef:
447              fieldPath: metadata.annotations
448```
449 
450## CSI Driver Examples
451 
452### AWS EBS CSI Driver
453 
454```yaml
455apiVersion: v1
456kind: Pod
457metadata:
458  name: app-pod
459spec:
460  containers:
461  - name: app
462    image: myapp:latest
463    volumeMounts:
464    - name: data
465      mountPath: /data
466  volumes:
467  - name: data
468    csi:
469      driver: ebs.csi.aws.com
470      volumeAttributes:
471        type: gp3
472        iops: "3000"
473        encrypted: "true"
474```
475 
476### Secrets Store CSI Driver
477 
478```yaml
479apiVersion: v1
480kind: Pod
481metadata:
482  name: secrets-pod
483spec:
484  serviceAccountName: app-sa
485  containers:
486  - name: app
487    image: myapp:latest
488    volumeMounts:
489    - name: secrets-store
490      mountPath: /mnt/secrets
491      readOnly: true
492  volumes:
493  - name: secrets-store
494    csi:
495      driver: secrets-store.csi.k8s.io
496      readOnly: true
497      volumeAttributes:
498        secretProviderClass: aws-secrets
499```
500 
501## HostPath Volumes (Use with Caution)
502 
503```yaml
504apiVersion: v1
505kind: Pod
506metadata:
507  name: privileged-pod
508spec:
509  containers:
510  - name: app
511    image: myapp:latest
512    volumeMounts:
513    - name: host-data
514      mountPath: /host-data
515    securityContext:
516      privileged: true
517  volumes:
518  - name: host-data
519    hostPath:
520      path: /data
521      type: DirectoryOrCreate
522```
523 
524## Best Practices
525 
5261. **Dynamic Provisioning**: Prefer dynamic provisioning with StorageClasses
5272. **Access Modes**: Use correct access mode (RWO for single node, RWX for multi-node)
5283. **Reclaim Policy**: Use Retain for critical data, Delete for temporary
5294. **Backup**: Regular snapshots and offsite backups
5305. **Monitoring**: Monitor disk usage and performance metrics
5316. **Expansion**: Enable volume expansion in StorageClass
5327. **Performance**: Choose appropriate storage type for workload
5338. **Security**: Encrypt volumes at rest and in transit
5349. **Limits**: Set size limits on emptyDir volumes
53510. **Labels**: Label PVCs for organization and backup policies
536
Preparing the source view

Kubernetes Specialist

references/storage.md
