Try Kubernetes

Get Started

Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.

Documentation

Learn how to use Kubernetes with the use of walkthroughs, samples, and reference documentation. You can even help contribute to the docs!

Community

If you need help, you can connect with other Kubernetes users and the Kubernetes authors, attend community events, and watch video presentations from around the web.

Blog

Read the latest news for Kubernetes and the containers space in general, and get technical how-tos hot off the presses.

Interested in hacking on the core Kubernetes code base?

View On Github

Explore the community

Tasks

Example Task Template

Extend kubectl with plugins

Manage HugePages

Schedule GPUs

Install Tools

Install Minikube

Install and Set Up kubectl

Manage Memory, CPU, and API Resources

Access Clusters Using the Kubernetes API

Access Services Running on Clusters

Advertise Extended Resources for a Node

Autoscale the DNS Service in a Cluster

Change the Reclaim Policy of a PersistentVolume

Change the default StorageClass

Cluster Management

Configure Default CPU Requests and Limits for a Namespace

Configure Default Memory Requests and Limits for a Namespace

Configure Memory and CPU Quotas for a Namespace

Configure Minimum and Maximum CPU Constraints for a Namespace

Configure Minimum and Maximum Memory Constraints for a Namespace

Configure Multiple Schedulers

Configure Out Of Resource Handling

Configure Quotas for API Objects

Configure a Pod Quota for a Namespace

Control CPU Management Policies on the Node

Customizing DNS Service

Debugging DNS Resolution

Declare Network Policy

Developing Cloud Controller Manager

Encrypting Secret Data at Rest

Guaranteed Scheduling For Critical Add-On Pods

IP Masquerade Agent User Guide

Kubernetes Cloud Controller Manager

Limit Storage Consumption

Namespaces Walkthrough

Operating etcd clusters for Kubernetes

Persistent Volume Claim Protection

Reconfigure a Node's Kubelet in a Live Cluster

Reserve Compute Resources for System Daemons

Romana for NetworkPolicy

Safely Drain a Node while Respecting Application SLOs

Securing a Cluster

Set Kubelet parameters via a config file

Set up High-Availability Kubernetes Masters

Set up a High-Availablity Etcd Cluster With Kubeadm

Share a Cluster with Namespaces

Static Pods

Storage Object in Use Protection

Use Calico for NetworkPolicy

Use Cilium for NetworkPolicy

Use Kube-router for NetworkPolicy

Using CoreDNS for Service Discovery

Using Sysctls in a Kubernetes Cluster

Using a KMS provider for data encryption

Weave Net for NetworkPolicy

Upgrading or downgrading Kubernetes

Cluster Management Guide for Version 1.6

Upgrading kubeadm HA clusters from 1.9.x to 1.9.y

Upgrading kubeadm clusters from 1.6 to 1.7

Upgrading kubeadm clusters from 1.7 to 1.8

Upgrading/downgrading kubeadm clusters between v1.8 to v1.9

Configure Pods and Containers

Assign CPU Resources to Containers and Pods

Assign Extended Resources to a Container

Assign Memory Resources to Containers and Pods

Assign Pods to Nodes

Attach Handlers to Container Lifecycle Events

Configure Liveness and Readiness Probes

Configure Pod Initialization

Configure Quality of Service for Pods

Configure Service Accounts for Pods

Configure a Pod to Use a ConfigMap

Configure a Pod to Use a PersistentVolume for Storage

Configure a Pod to Use a Projected Volume for Storage

Configure a Pod to Use a Volume for Storage

Configure a Security Context for a Pod or Container

Pull an Image from a Private Registry

Share Process Namespace between Containers in a Pod

Inject Data Into Applications

Define Environment Variables for a Container

Define a Command and Arguments for a Container

Distribute Credentials Securely Using Secrets

Expose Pod Information to Containers Through Environment Variables

Expose Pod Information to Containers Through Files

Inject Information into Pods Using a PodPreset

Run Applications

Delete a StatefulSet

Force Delete StatefulSet Pods

Horizontal Pod Autoscaler

Horizontal Pod Autoscaler Walkthrough

Perform Rolling Update Using a Replication Controller

Run a Replicated Stateful Application

Run a Single-Instance Stateful Application

Run a Stateless Application Using a Deployment

Scale a StatefulSet

Specifying a Disruption Budget for your Application

Update API Objects in Place Using kubectl patch

Run Jobs

Parallel Processing using Expansions

Running automated tasks with cron jobs

Access Applications in a Cluster

Accessing Clusters

Communicate Between Containers in the Same Pod Using a Shared Volume

Configure Access to Multiple Clusters

Configure Your Cloud Provider's Firewalls

Connect a Front End to a Back End Using a Service

Create an External Load Balancer

List All Container Images Running in a Cluster

Provide Load-Balanced Access to an Application in a Cluster

Use Port Forwarding to Access Applications in a Cluster

Use a Service to Access an Application in a Cluster

Web UI (Dashboard)

Monitor, Log, and Debug

Application Introspection and Debugging

Auditing

Core metrics pipeline

Debug Init Containers

Debug Pods and Replication Controllers

Debug Services

Debug a StatefulSet

Determine the Reason for Pod Failure

Developing and debugging services locally

Events in Stackdriver

Get a Shell to a Running Container

Logging Using Elasticsearch and Kibana

Logging Using Stackdriver

Monitor Node Health

Tools for Monitoring Compute, Storage, and Network Resources

Troubleshoot Applications

Troubleshoot Clusters

Troubleshooting

Extend Kubernetes

Configure the aggregation layer

Extend the Kubernetes API with CustomResourceDefinitions

Extend the Kubernetes API with ThirdPartyResources

Migrate a ThirdPartyResource to CustomResourceDefinition

Setup an extension API server

Use an HTTP Proxy to Access the Kubernetes API

TLS

Certificate Rotation

Manage TLS Certificates in a Cluster

Federation - Run an App on Multiple Clusters

Cross-cluster Service Discovery using Federated Services

Set up Cluster Federation with Kubefed

Set up CoreDNS as DNS provider for Cluster Federation

Set up placement policies in Federation

Manage Cluster Daemons

Perform a Rolling Update on a DaemonSet

Performing a Rollback on a DaemonSet

Extend Kubernetes

Install Service Catalog using Helm

Install Service Catalog using SC

Federation - Run an App on Multiple Clusters

Federated Horizontal Pod Autoscalers (HPA)

Federated Ingress

Federated Jobs

Federated Namespaces

Federated ReplicaSets

Federated Secrets

Edit This Page

Configure a Pod to Use a PersistentVolume for Storage

This page shows how to configure a Pod to use a PersistentVolumeClaim for storage. Here is a summary of the process:

A cluster administrator creates a PersistentVolume that is backed by physical storage. The administrator does not associate the volume with any Pod.
A cluster user creates a PersistentVolumeClaim, which gets automatically bound to a suitable PersistentVolume.
The user creates a Pod that uses the PersistentVolumeClaim as storage.

Before you begin
Create an index.html file on your Node
Create a PersistentVolume
Create a PersistentVolumeClaim
Create a Pod
Access control
What's next

Before you begin

You need to have a Kubernetes cluster that has only one Node, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a single-node cluster, you can create one by using Minikube.
Familiarize yourself with the material in Persistent Volumes.

Create an index.html file on your Node

Open a shell to the Node in your cluster. How you open a shell depends on how you set up your cluster. For example, if you are using Minikube, you can open a shell to your Node by entering minikube ssh.

In your shell, create a /mnt/data directory:

mkdir /mnt/data

In the /mnt/data directory, create an index.html file:

echo 'Hello from Kubernetes storage' > /mnt/data/index.html

Create a PersistentVolume

In this exercise, you create a hostPath PersistentVolume. Kubernetes supports hostPath for development and testing on a single-node cluster. A hostPath PersistentVolume uses a file or directory on the Node to emulate network-attached storage.

In a production cluster, you would not use hostPath. Instead a cluster administrator would provision a network resource like a Google Compute Engine persistent disk, an NFS share, or an Amazon Elastic Block Store volume. Cluster administrators can also use StorageClasses to set up dynamic provisioning.

Here is the configuration file for the hostPath PersistentVolume:

`task-pv-volume.yaml docs/tasks/configure-pod-container`
`kind: PersistentVolume apiVersion: v1 metadata: name: task-pv-volume labels: type: local spec: storageClassName: manual capacity: storage: 10Gi accessModes: - ReadWriteOnce hostPath: path: "/mnt/data"`

task-pv-volume.yaml docs/tasks/configure-pod-container Copy task-pv-volume.yaml to clipboard

kind: PersistentVolume
apiVersion: v1
metadata:
  name: task-pv-volume
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"

The configuration file specifies that the volume is at /mnt/data on the cluster’s Node. The configuration also specifies a size of 10 gibibytes and an access mode of ReadWriteOnce, which means the volume can be mounted as read-write by a single Node. It defines the StorageClass name manual for the PersistentVolume, which will be used to bind PersistentVolumeClaim requests to this PersistentVolume.

Create the PersistentVolume:

kubectl create -f https://k8s.io/docs/tasks/configure-pod-container/task-pv-volume.yaml

View information about the PersistentVolume:

kubectl get pv task-pv-volume

The output shows that the PersistentVolume has a STATUS of Available. This means it has not yet been bound to a PersistentVolumeClaim.

NAME             CAPACITY   ACCESSMODES   RECLAIMPOLICY   STATUS      CLAIM     STORAGECLASS   REASON    AGE
task-pv-volume   10Gi       RWO           Retain          Available             manual                   4s

Create a PersistentVolumeClaim

The next step is to create a PersistentVolumeClaim. Pods use PersistentVolumeClaims to request physical storage. In this exercise, you create a PersistentVolumeClaim that requests a volume of at least three gibibytes that can provide read-write access for at least one Node.

Here is the configuration file for the PersistentVolumeClaim:

`task-pv-claim.yaml docs/tasks/configure-pod-container`
`kind: PersistentVolumeClaim apiVersion: v1 metadata: name: task-pv-claim spec: storageClassName: manual accessModes: - ReadWriteOnce resources: requests: storage: 3Gi`

Create the PersistentVolumeClaim:

kubectl create -f https://k8s.io/docs/tasks/configure-pod-container/task-pv-claim.yaml

After you create the PersistentVolumeClaim, the Kubernetes control plane looks for a PersistentVolume that satisfies the claim’s requirements. If the control plane finds a suitable PersistentVolume with the same StorageClass, it binds the claim to the volume.

Look again at the PersistentVolume:

kubectl get pv task-pv-volume

Now the output shows a STATUS of Bound.

NAME             CAPACITY   ACCESSMODES   RECLAIMPOLICY   STATUS    CLAIM                   STORAGECLASS   REASON    AGE
task-pv-volume   10Gi       RWO           Retain          Bound     default/task-pv-claim   manual                   2m

Look at the PersistentVolumeClaim:

kubectl get pvc task-pv-claim

The output shows that the PersistentVolumeClaim is bound to your PersistentVolume, task-pv-volume.

NAME            STATUS    VOLUME           CAPACITY   ACCESSMODES   STORAGECLASS   AGE
task-pv-claim   Bound     task-pv-volume   10Gi       RWO           manual         30s

Create a Pod

The next step is to create a Pod that uses your PersistentVolumeClaim as a volume.

Here is the configuration file for the Pod:

`task-pv-pod.yaml docs/tasks/configure-pod-container`
`kind: Pod apiVersion: v1 metadata: name: task-pv-pod spec: volumes: - name: task-pv-storage persistentVolumeClaim: claimName: task-pv-claim containers: - name: task-pv-container image: nginx ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/usr/share/nginx/html" name: task-pv-storage`

task-pv-pod.yaml docs/tasks/configure-pod-container Copy task-pv-pod.yaml to clipboard

kind: Pod
apiVersion: v1
metadata:
  name: task-pv-pod
spec:
  volumes:
    - name: task-pv-storage
      persistentVolumeClaim:
       claimName: task-pv-claim
  containers:
    - name: task-pv-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: task-pv-storage

Notice that the Pod’s configuration file specifies a PersistentVolumeClaim, but it does not specify a PersistentVolume. From the Pod’s point of view, the claim is a volume.

Create the Pod:

kubectl create -f https://k8s.io/docs/tasks/configure-pod-container/task-pv-pod.yaml

Verify that the Container in the Pod is running;

kubectl get pod task-pv-pod

Get a shell to the Container running in your Pod:

kubectl exec -it task-pv-pod -- /bin/bash

In your shell, verify that nginx is serving the index.html file from the hostPath volume:

root@task-pv-pod:/# apt-get update
root@task-pv-pod:/# apt-get install curl
root@task-pv-pod:/# curl localhost

The output shows the text that you wrote to the index.html file on the hostPath volume:

Hello from Kubernetes storage

Access control

Storage configured with a group ID (GID) allows writing only by Pods using the same GID. Mismatched or missing GIDs cause permission denied errors. To reduce the need for coordination with users, an administrator can annotate a PersistentVolume with a GID. Then the GID is automatically added to any Pod that uses the PersistentVolume.

Use the pv.beta.kubernetes.io/gid annotation as follows:

kind: PersistentVolume
apiVersion: v1
metadata:
  name: pv1
  annotations:
    pv.beta.kubernetes.io/gid: "1234"

When a Pod consumes a PersistentVolume that has a GID annotation, the annotated GID is applied to all Containers in the Pod in the same way that GIDs specified in the Pod’s security context are. Every GID, whether it originates from a PersistentVolume annotation or the Pod’s specification, is applied to the first process run in each Container.

Note: When a Pod consumes a PersistentVolume, the GIDs associated with the PersistentVolume are not present on the Pod resource itself.

What's next

Learn more about PersistentVolumes.
Read the Persistent Storage design document.

Reference

Create an Issue Edit this Page