What Does Volumes Mean?
Also known as: Kubernetes volumes, CKA exam storage, PersistentVolume, PersistentVolumeClaim, volume mount
On This Page
Quick Definition
A volume in Kubernetes is like a portable hard drive for your containers. When a container crashes or restarts, its internal storage is wiped clean. A volume keeps your data safe even if the container restarts, and it lets multiple containers inside the same pod share files. Volumes can come from many places: the local hard drive of the server, a network disk, or even cloud storage.
Must Know for Exams
The Certified Kubernetes Administrator (CKA) exam tests your ability to manage storage in a Kubernetes cluster. Volumes are a major topic in the exam objectives, specifically under the sections on Storage and Configuration. You should expect to see tasks and multiple-choice questions that cover creating PersistentVolumes, binding them to PersistentVolumeClaims, configuring pods to use volumes, and troubleshooting storage issues.
In the CKA exam, you will often be asked to perform hands-on tasks on a live cluster. For example, you might be given a scenario where a pod needs to share data between two containers, and you must create a volume (like emptyDir) and mount it correctly. Or you might be asked to create a PersistentVolume from a hostPath and then create a PersistentVolumeClaim that binds to it. These tasks require you to write YAML definitions from memory, so you must know the structure of volume definitions and volumeMounts.
The exam also tests your understanding of access modes. A common question might ask: which access mode allows multiple pods to read and write to the same PersistentVolume? The answer is ReadWriteMany. You will need to know the three access modes: ReadWriteOnce (RWO), ReadOnlyMany (ROX), and ReadWriteMany (RWX).
Another important exam topic is the reclaim policy of PersistentVolumes. You should understand what happens to a PV when its bound PVC is deleted. If the reclaim policy is Retain, the PV remains and its data is preserved. If it is Delete, the PV and its underlying storage are removed. If it is Recycle, the PV is scrubbed and made available again (though Recycle is deprecated).
StorageClasses are also tested. You may be asked to create a PVC that uses a specific StorageClass, or to configure dynamic provisioning. You should understand that a StorageClass defines a storage provisioner such as kubernetes.io/gce-pd or kubernetes.io/aws-ebs, along with parameters like type, iopsPerGB, or encryption.
Finally, the exam might include troubleshooting scenarios where a pod fails to start because a volume cannot be mounted. You must be able to describe events, inspect the pod status, and check PersistentVolume and PersistentVolumeClaim binding status. Common issues include a PVC stuck in Pending state because no matching PV exists, or a volume mount conflict where two containers try to mount the same volume at the same path.
In summary, volumes are tested in the CKA exam through hands-on tasks, YAML authoring, and troubleshooting. You need to be comfortable with all volume types, access modes, reclaim policies, and the lifecycle of PersistentVolumes and PersistentVolumeClaims.
Simple Meaning
Imagine you are working on a puzzle on a table, and someone keeps shaking the table, scattering your pieces. Every time they shake it, you have to start over. That is what happens inside a container when it restarts — all the data inside it gets erased. Now imagine you have a special mat on that table. The mat is nailed down, so when the table shakes, the pieces on the mat stay put. That mat is what Kubernetes calls a volume. It is a storage space that exists separately from the container, so even if the container crashes or restarts, the data on the volume is still there.
There is more to this mat. Maybe the mat is actually a removable tray, and you can take it to another table (another pod) if you need. Or maybe the mat is connected to a big warehouse (a network storage system) so that many tables can share the same puzzle pieces. In Kubernetes, a volume is simply a way to attach storage to a pod that is more permanent than the container itself. It can be a simple folder on the host machine, a file system from a cloud provider like AWS or Azure, or even a special type of storage that holds secrets and configuration data, like passwords.
Volumes are declared in the pod specification. When the pod starts, Kubernetes creates the volume and makes it available to the containers. When the pod stops, the volume may or may not be removed, depending on the type. Some volumes are temporary and get deleted when the pod goes away, while others persist forever, even after the pod is gone. This is crucial for applications that need to keep data safe, like databases, message queues, or any application that writes important files.
In the simplest sense, a volume is just a promise: your data will outlive your container. That promise is what makes Kubernetes suitable for running stateful applications, not just stateless web servers.
Full Technical Definition
In Kubernetes, a volume is a directory that is accessible to containers running in a pod. Unlike the container's own ephemeral file system, a volume persists across container restarts and can be shared among all containers within the same pod. The lifecycle of a volume is tied to the pod, not the container. This means that if a container inside a pod crashes and is restarted by the kubelet, the volume and its data remain intact.
Kubernetes supports many volume types, each backed by a different storage technology. The most common are emptyDir, hostPath, configMap, secret, persistentVolumeClaim (PVC), and cloud-specific volumes like awsElasticBlockStore, gcePersistentDisk, azureDisk, and nfs. Each volume type has its own creation and management semantics.
emptyDir is a temporary volume created when a pod is assigned to a node. It starts empty and is deleted when the pod is removed. It is useful for scratch space, caching, or as a shared workspace for containers in the same pod. hostPath mounts a file or directory from the host node's file system into the pod. It is often used for reading or writing system-level files, or for accessing Docker internals, but it is not recommended for production because it ties the pod to a specific node and can create security risks.
configMap and secret volumes are special types that inject configuration data or sensitive information into the pod. They are actually backed by the Kubernetes API and appear as a volume mounted in the container. They are convenient for passing environment-specific settings without rebuilding container images.
For persistent storage, Kubernetes uses PersistentVolume (PV) and PersistentVolumeClaim (PVC) abstractions. A PV is a piece of storage in the cluster that has been provisioned by an administrator or dynamically via a StorageClass. A PVC is a request for storage by a user. The PVC binds to a PV that meets its requirements (size, access modes). This decouples storage provisioning from consumption, allowing developers to request storage without understanding the underlying infrastructure.
Volumes are mounted at specific paths inside the container using the volumeMounts field in the container spec. Multiple containers in the same pod can mount the same volume at different paths, enabling inter-container communication via the file system. The volume must be defined in the pod's volumes field, and each container that needs it must include a volumeMount referencing the volume's name.
In real IT environments, volumes are critical for running stateful workloads like databases, message brokers, and file servers. Administrators must understand access modes (ReadWriteOnce, ReadOnlyMany, ReadWriteMany), reclaim policies (Retain, Delete, Recycle), and storage classes to properly manage storage in a cluster. The Container Storage Interface (CSI) is the modern standard for implementing volume plugins, allowing third-party storage providers to offer their own volume types without modifying Kubernetes core code.
Real-Life Example
Think of a library with several study rooms. Each study room is like a pod. Inside a study room, there might be several students working together, each with their own notebook (like a container). If a student spills coffee on their notebook and has to throw it away, they lose all their notes. That is what happens when a container restarts — its internal file system is gone.
Now imagine the library provides a shared whiteboard in each study room. That whiteboard is like a volume. The whiteboard is attached to the wall of the room, not to any single student. If a student leaves the room, the whiteboard stays. If one student writes something on the whiteboard, all other students in the same room can see it. If the students take a break and come back, the whiteboard is still there. This is exactly how a volume works inside a pod: multiple containers can read and write to the same volume, and the data persists even if one container restarts.
Now take it a step further. Some libraries have lockers that students can rent. A locker is not tied to a specific study room — a student can put things in the locker today, leave the library, and come back tomorrow to retrieve them. In Kubernetes, this is like a PersistentVolume. The locker (PV) exists independently of the study room (pod). The student uses a locker key (PersistentVolumeClaim) to access it. Even if the library closes and reopens (the pod is deleted and recreated), the locker and its contents remain safe.
Finally, consider the librarian's office where there is a special filing cabinet with confidential information, like student records. This cabinet is only accessible to the librarian. In Kubernetes, this maps to a secret volume — it is a special volume that holds sensitive data and is only mounted into containers that have the right permissions. The filing cabinet is not visible to everyone, just like secrets are not exposed to all containers in the pod.
Why This Term Matters
Volumes are essential because containers are designed to be ephemeral — they can be created, destroyed, and moved at any moment. Without volumes, any data written by a container would be lost when the container stops. This makes it impossible to run stateful applications like databases, file servers, or any application that needs to save user data, logs, or configuration changes.
In real IT work, volumes allow you to run databases like PostgreSQL or MySQL inside Kubernetes. These databases need to write data to disk and read it back later. Without volumes, every time the database pod restarted, all data would vanish. Volumes also enable log aggregation and monitoring by allowing multiple containers to write logs to a shared volume that a log collector can read.
Volumes are also critical for security and configuration management. By using configMap and secret volumes, you can inject configuration files and sensitive credentials into containers without baking them into container images. This means you can use the same container image in development, staging, and production, and simply swap the configuration volumes to change behavior. It also means that secrets like API keys and database passwords are stored securely in the cluster, not inside the image that might be pushed to a public registry.
From an operational perspective, understanding volumes helps you plan storage capacity, choose the right storage backend (local SSD, network NAS, cloud block storage), and design for high availability. For example, if you use a hostPath volume, your pod can only run on the node that holds the data. But if you use a network-backed volume like NFS or a cloud disk, your pod can be rescheduled to any node and still access the same data. This flexibility is what makes Kubernetes truly resilient.
Finally, volumes matter because they are a core concept in the Certified Kubernetes Administrator (CKA) exam. You will be expected to know how to define volumes, mount them, configure PersistentVolumeClaims, and troubleshoot storage-related issues. Without a solid grasp of volumes, you cannot pass the exam or manage a production Kubernetes cluster.
How It Appears in Exam Questions
Exam questions about volumes typically fall into several categories: definition-based, scenario-based, configuration-based, and troubleshooting-based.
Definition questions may ask: What is the primary difference between an emptyDir volume and a hostPath volume? The correct answer is that emptyDir is temporary and tied to the pod life cycle, while hostPath persists on the node even after the pod is deleted. Another common definition question: Which volume type is best for sharing configuration data across multiple containers in a pod? The answer is configMap or secret.
Scenario questions often present a real-world situation and ask you to choose the correct volume type. For example: A development team needs to run a logging sidecar container that reads log files written by the main application container. Both containers run in the same pod. Which volume type should be used? The correct choice is emptyDir because it is easy to set up, shared between containers, and does not need to persist after the pod is deleted.
Configuration questions require you to write or complete a YAML manifest. For instance, you might be given a partial pod specification and asked to add a volume named data that mounts a hostPath from /var/data on the node. You would need to add a volumes: section and a volumeMounts: section with the correct fields. These questions test your exact knowledge of the API syntax.
Troubleshooting questions present a problem and ask you to identify the cause. For example: A PersistentVolumeClaim is stuck in Pending state. What could be the reason? Possible correct answers include: no PersistentVolume matches the request, the StorageClass does not exist, or the cluster has no provisioner for the requested storage type.
Another pattern is the multi-part question where you must select the correct combination of settings. For example: You need a volume that can be read by multiple pods simultaneously but only written by one pod. Which access mode should the PersistentVolume use? The answer is ReadOnlyMany if you want many readers, but since you need one writer, the question might actually require ReadWriteOnce if only one pod writes, or you might need to use a different architecture. These questions test your nuanced understanding of access modes.
Finally, there are questions about reclaim policies: A PersistentVolume is set to ReclaimPolicy: Retain. What happens when the PersistentVolumeClaim bound to it is deleted? The answer: The PV remains in the Released state and its data is preserved, but it cannot be reused until the administrator manually reclaims it.
In all these question types, the key is to read carefully, understand the lifecycle of each volume type, and know the exact YAML fields required. The CKA exam especially rewards precise, memorized YAML syntax and a thorough understanding of storage concepts.
Study cncf-cka
Test your understanding with exam-style practice questions.
Example Scenario
A small company runs an internal wiki application on Kubernetes. The wiki allows employees to write and edit documentation. The wiki application container writes all articles to a folder called /wiki-data inside the container. However, the operations team notices that whenever the wiki pod is restarted for updates, all the articles disappear.
To fix this, the team decides to use a PersistentVolume and PersistentVolumeClaim. The administrator creates a PersistentVolume that points to a shared NFS server available in the office network. This PV is defined with access mode ReadWriteMany so that multiple pods can access the data if needed. The administrator then creates a PersistentVolumeClaim requesting 10Gi of storage. The pod is updated to include a volume mount that mounts the PVC at /wiki-data inside the wiki container.
After the change, when the wiki pod is restarted, the articles remain safe because they are stored on the NFS server, not inside the container. Even if the pod is deleted and a new one created, the new pod can claim the same PVC and access all existing articles. This scenario shows how volumes make stateful applications like a wiki possible in Kubernetes.
Common Mistakes
Thinking that a pod's volume exists only while the container is running.
A volume is attached to the pod, not the container. Even if the container crashes and restarts, the volume and its data remain. The volume is only removed when the pod itself is deleted.
Remember: the volume lives as long as the pod lives, not as long as the container lives.
Assuming that all volumes persist after the pod is gone.
Some volume types like emptyDir are ephemeral and are deleted when the pod is removed. Only persistent volumes (PV, hostPath, cloud disks) survive pod deletion.
Check the volume type. emptyDir and configMap volumes are temporary. PersistentVolumeClaim, hostPath, and cloud-specific volumes are persistent.
Confusing PersistentVolume with PersistentVolumeClaim.
A PersistentVolume is the actual storage resource in the cluster. A PersistentVolumeClaim is a request for storage. They are separate objects that must be bound together.
Think of PV as the physical hard drive and PVC as the request ticket. The ticket needs to match the drive for the binding to happen.
Mounting the same volume at the same path in two containers inside the same pod.
Two containers can mount the same volume, but they must mount it at different paths inside each container. If both try to mount at /data, the second container will fail or overwrite.
Each container must have a unique mountPath, or you can mount the volume using subPath to target different directories within the volume.
Using hostPath in production without understanding its limitations.
hostPath ties the pod to a specific node. If the pod is rescheduled to a different node, it will not find the data. It also poses security risks if the host path includes sensitive system files.
Use hostPath only for testing or for singleton pods that must run on a specific node. For production, use network-backed volumes like NFS or cloud disks.
Exam Trap — Don't Get Fooled
A question asks: 'You have a pod with two containers. One container writes logs to /var/log/app.log. The other container needs to read those logs. Which volume type should you use?'
The trap is that some learners might choose hostPath because they think logs need to persist on the node. Read the scenario carefully. The two containers are in the same pod, and the logs do not need to outlive the pod.
Therefore, an emptyDir volume is the simplest and most appropriate choice. hostPath would be overkill and would tie the pod to a specific node. Always choose the simplest solution that meets the requirements.
Commonly Confused With
An emptyDir is a temporary volume that is created empty when a pod starts and is deleted when the pod is removed. A PersistentVolume is a long-lived storage resource that persists independently of any pod. emptyDir is for scratch space and sharing within a pod, while PV is for persistent data that must survive pod deletion.
emptyDir is like a whiteboard in a study room that is erased when the room is cleaned. A PersistentVolume is like a rented locker that keeps your items even after you leave the library.
hostPath mounts a file or directory from the host node's file system into the pod. It is tied to a specific node. A PersistentVolume, on the other hand, abstracts the storage away from the node, so the pod can run on any node and still access the same data. hostPath is simpler but less portable and less secure.
hostPath is like a cable that directly connects your laptop to a specific desk drawer. PersistentVolume is like a cloud storage folder that you can open from any computer.
A configMap is a Kubernetes object used to store non-sensitive configuration data as key-value pairs. It can be consumed as a volume or environment variables. A volume is a generic storage resource that can hold any type of file. configMap is specifically for configuration, while volumes can hold application data, logs, binaries, or anything else.
configMap is like a recipe card that tells your application how to behave. A volume is like the pantry where the application stores its ingredients and finished dishes.
A secret is similar to a configMap but is designed for sensitive data like passwords, tokens, and SSH keys. Secrets are stored encrypted in etcd and are not written to disk without encryption. A regular volume does not provide any special encryption or protection for its contents.
secret is like a locked safe inside the room. A regular volume is like an open bookshelf. Both can hold items, but the safe is for things you want to keep hidden.
Step-by-Step Breakdown
Define the volume in the pod spec
In the pod YAML, under the spec.volumes field, you declare each volume you want to create. You give it a name and specify its type and parameters. For example, an emptyDir volume requires only a name. A hostPath requires a path on the host. This step creates the volume object at the pod level.
Add volumeMounts to each container
For each container that should access the volume, you add a volumeMounts entry inside the containers array. Each volumeMount must specify the name of the volume (matching the one defined in spec.volumes) and the mountPath inside the container where the volume's contents will appear. This step connects the volume to the container's file system.
Create a PersistentVolume (if using persistent storage)
If you need storage that lasts beyond the pod's life, you first create a PersistentVolume resource. This object defines the storage backend (NFS, hostPath, cloud disk), access modes, capacity, and reclaim policy. The PV exists independently of any pod until it is claimed.
Create a PersistentVolumeClaim
The user or developer creates a PersistentVolumeClaim that requests specific storage resources: size, access modes, and optionally a StorageClass. The Kubernetes control plane looks for a PV that matches the claim. If found, the PV and PVC become bound. If not, the PVC stays in Pending state until a matching PV appears or dynamic provisioning creates one.
Reference the PVC in the pod spec
In the pod YAML, instead of defining a volume directly, you create a volume entry of type persistentVolumeClaim and reference the PVC name. When the pod is scheduled, Kubernetes mounts the bound PV to the pod at the specified mountPath. This step links the abstract storage claim to the actual storage.
Verify the volume mount
After the pod is running, you can verify the mount by exec-ing into the container and checking the mountPath directory. You can also use kubectl describe pod to see the volume mount details and check for errors. This step ensures the configuration is correct and the application can access the storage.
Clean up volumes when no longer needed
When the pod is deleted, ephemeral volumes like emptyDir are automatically removed. For persistent volumes, you must manually delete the PersistentVolumeClaim to release the PersistentVolume. Depending on the reclaim policy, the PV may then be deleted, retained, or recycled. Proper cleanup prevents storage leaks and unnecessary costs.
Practical Mini-Lesson
Let us walk through a practical scenario to solidify your understanding. You are a Kubernetes administrator tasked with deploying a MySQL database in your cluster. MySQL needs to store its data files on a disk so that if the pod restarts, the database is not empty. This is a classic stateful application case.
First, you decide that the storage should be reliable and available even if the pod moves to another node. You choose to use a PersistentVolume and PersistentVolumeClaim backed by a network file system (NFS) that your infrastructure team has already set up. You ask the infrastructure team for the NFS server address and export path.
Next, you create a PersistentVolume YAML file. You set the capacity to 20Gi, the access mode to ReadWriteOnce (since only one MySQL pod will write at a time), and the persistentVolumeReclaimPolicy to Retain (so that if someone accidentally deletes the PVC, the data is not lost). You specify the NFS server and path under the nfs section. You apply this with kubectl apply -f pv.yaml.
Then you create a PersistentVolumeClaim that requests 20Gi of storage with the same access mode. You do not specify a StorageClass because you want it to bind to the PV you just created. You apply the PVC. After a few seconds, you run kubectl get pvc and see that it is bound to your PV. You verify with kubectl get pv that the PV status is Bound.
Now you create a Deployment for MySQL. In the pod template, you add a volume named mysql-storage of type persistentVolumeClaim that references the PVC name. In the container spec, you add a volumeMount that mounts this volume at /var/lib/mysql, which is the default data directory for MySQL. You also set environment variables for the root password.
You deploy MySQL. After the pod starts, you connect to it and create a test database and some tables. Then you intentionally delete the MySQL pod using kubectl delete pod. The Deployment controller creates a new pod immediately. You connect to the new MySQL instance and check that your test database and tables are still there. This proves that the volume preserved the data.
What can go wrong? If the PVC is not bound, the pod will stay in Pending state. Check the PVC events with kubectl describe pvc. If the NFS server is unreachable, the pod may start but the MySQL container will fail to write to /var/lib/mysql. Check the pod logs with kubectl logs. If you set the access mode incorrectly, for example ReadWriteMany when your NFS does not support concurrent writers, MySQL might corrupt its data. Always match the access mode to the application's requirements.
This lesson shows how volumes, PVs, and PVCs work together to provide reliable storage for stateful applications. As a Kubernetes administrator, you will repeat this pattern for databases, message queues, file servers, and any other application that needs to keep data safe.
Memory Tip
Volumes make containers sticky: they hold data when containers get sicky (restart). PV is the storage shelf, PVC is the request card you hand to the librarian.
Covered in These Exams
Related Glossary Terms
A 2-in-1 laptop is a portable computer that can switch between a traditional laptop form and a tablet form, usually by detaching or rotating the keyboard.
The 24-pin motherboard connector is the main power cable that connects the computer's power supply unit (PSU) to the motherboard, supplying electricity to the motherboard and its components.
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
32-bit File Allocation Table (FAT32) is a file system that organizes data on storage devices like hard drives and USB flash drives using a 32-bit addressing scheme to track where files are stored.
A 3D printer is a device that creates physical objects by depositing layers of material based on a digital model.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
The 8-pin CPU connector is a power cable from the power supply that delivers dedicated electricity to the processor on a computer's motherboard.
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
Frequently Asked Questions
Can a volume be shared between pods?
Yes, if the volume type supports multi-access. PersistentVolumes with access mode ReadWriteMany (RWX) can be mounted by multiple pods simultaneously. Common backends for RWX include NFS, GlusterFS, and cloud-managed file stores like Amazon EFS.
What happens to the data in a volume when the pod is deleted?
It depends on the volume type. emptyDir and configMap volumes are deleted when the pod is removed. PersistentVolumes with a Delete reclaim policy are also deleted. PersistentVolumes with a Retain policy keep the data even after the pod and PVC are gone, but the PV enters a Released state and must be manually reclaimed by an administrator.
What is the difference between a volume and a volume mount?
A volume is the storage resource itself, defined at the pod level. A volume mount is the connection to a specific container, specifying where inside the container's file system the volume should appear. One volume can have multiple volume mounts in different containers.
How do I create a volume that is automatically deleted when the pod stops?
Use an emptyDir volume. It creates an empty directory when the pod starts and deletes it when the pod is removed. It is perfect for caches, temporary files, or shared workspace between containers in the same pod.
What is a subPath and when should I use it?
A subPath is used in a volumeMount to mount only a specific directory within a volume, rather than the entire volume. This is useful when multiple containers need to share the same volume but write to different subdirectories, preventing conflicts.
Do I need to create a PersistentVolume before a PersistentVolumeClaim?
Not necessarily. If you have a StorageClass with dynamic provisioning enabled, you can create a PersistentVolumeClaim without a pre-existing PV. The provisioner will automatically create a PV that matches the claim. This is the preferred method in cloud environments like AWS or GCP.
Can I add a volume to an already running pod?
No, volumes are defined at pod creation time. You cannot add a volume to an existing pod. To add a volume, you must create a new pod with the updated specification, typically by updating the Deployment or StatefulSet that manages the pod.
Summary
Volumes are a foundational concept in Kubernetes that solve the problem of ephemeral container storage. A volume is a directory that outlives any single container inside a pod and can be shared among all containers in that pod. Volumes come in many types, from temporary emptyDir storage to persistent cloud disks.
The key to understanding volumes is recognizing that their lifecycle is tied to the pod, not to the container. For stateful applications that need data to survive pod restarts and rescheduling, persistent volumes backed by PersistentVolume and PersistentVolumeClaim mechanisms are essential. In the CKA exam, you must be able to define volumes in YAML, configure volume mounts, create and bind PersistentVolumes and PersistentVolumeClaims, and troubleshoot common storage issues.
Remember that volumes are not just about data persistence; they also enable configuration injection via configMap and secret volumes, making them a versatile tool for any Kubernetes deployment. Mastering volumes is a critical step to becoming a competent Kubernetes administrator.