From 7d88ccaf07677512046e5c5d7428737cd567b777 Mon Sep 17 00:00:00 2001 From: gamba47 Date: Fri, 21 Jan 2022 17:25:18 -0300 Subject: [PATCH] Starting persistent-volumes.md spanish translation --- .../concepts/storage/persistent-volumes.md | 957 ++++++++++++++++++ 1 file changed, 957 insertions(+) create mode 100644 content/es/docs/concepts/storage/persistent-volumes.md diff --git a/content/es/docs/concepts/storage/persistent-volumes.md b/content/es/docs/concepts/storage/persistent-volumes.md new file mode 100644 index 0000000000000..4e845eb785c31 --- /dev/null +++ b/content/es/docs/concepts/storage/persistent-volumes.md @@ -0,0 +1,957 @@ +--- +reviewers: +- raelga +- electrocucaracha +- edithturn +- gamba47 +title: Persistent Volumes +feature: + title: Storage orchestration + description: > + Automaticamente monta el sistema de almacenamiento elegido, ya sea del almacenamiento loca, un proveedor cloud publico como ser GCP o AWS, o un almacenamiento de red como NFS, iSCSI, Gluster, Ceph, Cinder ó Flocker. +content_type: concept +weight: 20 +--- + + + +Este documento describe los _volúmenes persistentes_ en Kubernetes. Es recomendable estar familiarizado con [volúmenes](/docs/concepts/storage/volumes/). + + + +## Introducción + +La administración del almacenamiento es un problema distinto a administrar instancias de computo. El subsistema de `PersistentVolume` provee una API para los usuarios y administradores que abstrae los detalles sobre como el almacenamiento es provisto de como es consumido. Para hacer esto, introducimos dos recursos API nuevos: PersistentVolume y PersistentVolumeClaim. + +Un _PersistentVolume_ (PV) es una pieza de almacenamiento en el cluster que puede ser aprovisionada por un administrador o dinamicamente usando [Storage Classes](/docs/concepts/storage/storage-classes/). Este es un recurso en el cluster como un nodo es un recurso del cluster. Los PVs son complementos como los volúmenes, pero ellos tienen un ciclo de vida indenpendiente de cualquier Pod individual que use ese PV. Este objeto API captura los detalles de la implementación del almacenamiento, siendo NFS, iSCSA o un almacenamiento específico de un proveedor en la nube. + +Un _PersistentVolumeClaim_ (PVC) es un pedido de almacenamiento de un usuario. Esto es similar a un Pod. El Pod consume recursos del nodo y los PVCs consumen recursos del PV. Los Pods pueden solicitar un nivel específico de recursos (CPU y Memoria). El reclamo (Claim) puede ser de un tamaño específico y con un modo de acceso (por ejemplo, puede ser montado ReadWriteOnce, ReadOnlyMany or ReadWriteMany, see [AccessModes](#access-modes)). + +Mientras que los PersistentVolumeClaims permiten al usuario consumir un recurso de almacenamiento de manera abstracta, es común que los usuarios necesiten volúmenes persistentes (PersistentVolume) con propiedades diferentes, como ser rendimiento ó para diferentes problemas. Los administradores del cluster necesitan poder ofrecer una variedad de volúmenes persistentes (PersistentVolume) que puedan diferir no solamente en el tamaño y modo de acceso, sin exponer a los usuarios los detalles de como esos volúmenes son implementados. Para estos casos está el recurso _StorageClass_ + +Visite el [recorrido detallado con ejemplos funcionales](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/). + +## Ciclo de vida de un volumen y su demanda + +Los PVs son recursos en el cluster. Los PVCs son peticiones de esos recursos y tambien actúan como control ante el reclamo de un recurso. La interacción entre los PVs y PVCs sigue este ciclo: + +### Aprovisionamiento + +Hay dos maneras de aprovisionar PVs: estáticamente y dinámicamente. + +#### Estático + +Un administrador del cluster crea un número de PVs. El se encarga de los detalles del almacenamiento real, que esta disponible para uso de los usuarios del cluster. Ellos existen en la API de Kubernetes y estan disponibles para ser consumidos. + +#### Dinámico + +Cuando ninguno de los PVs estáticos creados por el administrador coinciden con el pedido del usuario con su PersistentVolumenClaim, +el cluster intentará aprovisionar dinámicamente un volumen especial para el PVC. +Este aprovisionamiento esta basado en el StorageClass: el PVC debe pedir un +[storage class](/docs/concepts/storage/storage-classes/) y +el administrador debe tener creado y configurado esta clase para aprovisionamiento +dinámico para que se pueda realizar. Las peticiones donde se usa la clase `""` deshabilitan +el aprovisionamiento dinámico para ellos mismos. + +Para habilitar el almacenamiento dinámico basado en el storage class, el administrador del cluster +necesita habilitar el [admission controller](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) `DefaultStorageClass` +en el servidor API. Esto puede ser realizado, por ejemplo, asegurandose que el `DefaultStorageClass` esta +entre las ```dejo abajo el texto original no le pude dar sentido``` + +To enable dynamic storage provisioning based on storage class, the cluster administrator +needs to enable the `DefaultStorageClass` [admission controller](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) +on the API server. This can be done, for example, by ensuring that `DefaultStorageClass` is +among the comma-delimited, ordered list of values for the `--enable-admission-plugins` flag of +the API server component. For more information on API server command-line flags, +check [kube-apiserver](/docs/admin/kube-apiserver/) documentation. + +### Vincular + +Un usuario crea ó en el caso del aprovisionamiento dinámico, ya esta creado anteriormente, un PersistentVolumeClaim con un tamaño específico de almacenamiento solicitado con un tipo de modo de acceso. Un bucle de control en el master revisa por nuevos PVCs, encuentra un PV que sea par (si es posible) y vincula juntos. Si un PV fue aprovisionado dinámicamente para un nuevo PVC, el bucle siempre va a vincular ese PV con el PVC. De otra manera, el usuario siempre tendrá al menos lo que el solicitó, pero el volumen puede ser más grande de lo requerido. Una vez unidos, los vinculos de PersistentVolumeClaim son exclusivos, independientemente de como fueron unidos. Una vinculación PVC a PV es un mapeo uno-a-uno, usando un ClaimRef que es una vinculación bidireccional entre el PersistentVolume y el PersistentVolumeClaim. + +Las peticiones continuaran sin vincular de manera indefinida si un volumen par no existe. Las peticiones serán vinculadas cuando un volumen que haga par esta disponible. Por ejemplo, un cluster aprovisionado con muchos PVs de 50Gi no va a tener un par para un PVC solicitando 100Gi. El PVC puede ser vinculado cunado un PV de 100Gi sea agregado al cluster. + +### Usando + +Los Pods usan ```claims``` como volúmenes. El cluster inspecciona esta solicitud para encontrar el volumen para vincular y monta este volumen para el Pod. Para volúmenes que soportan multiples modos de acceso, el usuario especifica que modo es el deseado cuando usa el reclamo como un volumen en el Pod. + +Una vez que el usuario tiene un reclamo y el mismo es vinculado, el PV vinculado pertenece al usuario mientras él lo necesite. El usuario planifica Pods y accesa a sus PVs incluyendo una sección `persistentVolumeClaim` en el bloque `volumes` del Pod. Visite [Claims As Volumes](#claims-as-volumes) para más detalles de este tema. + +### Storage Object in Use Protection +The purpose of the Storage Object in Use Protection feature is to ensure that PersistentVolumeClaims (PVCs) in active use by a Pod and PersistentVolume (PVs) that are bound to PVCs are not removed from the system, as this may result in data loss. + +{{< note >}} +PVC is in active use by a Pod when a Pod object exists that is using the PVC. +{{< /note >}} + +If a user deletes a PVC in active use by a Pod, the PVC is not removed immediately. PVC removal is postponed until the PVC is no longer actively used by any Pods. Also, if an admin deletes a PV that is bound to a PVC, the PV is not removed immediately. PV removal is postponed until the PV is no longer bound to a PVC. + +You can see that a PVC is protected when the PVC's status is `Terminating` and the `Finalizers` list includes `kubernetes.io/pvc-protection`: + +```shell +kubectl describe pvc hostpath +Name: hostpath +Namespace: default +StorageClass: example-hostpath +Status: Terminating +Volume: +Labels: +Annotations: volume.beta.kubernetes.io/storage-class=example-hostpath + volume.beta.kubernetes.io/storage-provisioner=example.com/hostpath +Finalizers: [kubernetes.io/pvc-protection] +... +``` + +You can see that a PV is protected when the PV's status is `Terminating` and the `Finalizers` list includes `kubernetes.io/pv-protection` too: + +```shell +kubectl describe pv task-pv-volume +Name: task-pv-volume +Labels: type=local +Annotations: +Finalizers: [kubernetes.io/pv-protection] +StorageClass: standard +Status: Terminating +Claim: +Reclaim Policy: Delete +Access Modes: RWO +Capacity: 1Gi +Message: +Source: + Type: HostPath (bare host directory volume) + Path: /tmp/data + HostPathType: +Events: +``` + +### Reclaiming + +When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy for a PersistentVolume tells the cluster what to do with the volume after it has been released of its claim. Currently, volumes can either be Retained, Recycled, or Deleted. + +#### Retain + +The `Retain` reclaim policy allows for manual reclamation of the resource. When the PersistentVolumeClaim is deleted, the PersistentVolume still exists and the volume is considered "released". But it is not yet available for another claim because the previous claimant's data remains on the volume. An administrator can manually reclaim the volume with the following steps. + +1. Delete the PersistentVolume. The associated storage asset in external infrastructure (such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume) still exists after the PV is deleted. +1. Manually clean up the data on the associated storage asset accordingly. +1. Manually delete the associated storage asset. + +If you want to reuse the same storage asset, create a new PersistentVolume with the same storage asset definition. + +#### Delete + +For volume plugins that support the `Delete` reclaim policy, deletion removes both the PersistentVolume object from Kubernetes, as well as the associated storage asset in the external infrastructure, such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume. Volumes that were dynamically provisioned inherit the [reclaim policy of their StorageClass](#reclaim-policy), which defaults to `Delete`. The administrator should configure the StorageClass according to users' expectations; otherwise, the PV must be edited or patched after it is created. See [Change the Reclaim Policy of a PersistentVolume](/docs/tasks/administer-cluster/change-pv-reclaim-policy/). + +#### Recycle + +{{< warning >}} +The `Recycle` reclaim policy is deprecated. Instead, the recommended approach is to use dynamic provisioning. +{{< /warning >}} + +If supported by the underlying volume plugin, the `Recycle` reclaim policy performs a basic scrub (`rm -rf /thevolume/*`) on the volume and makes it available again for a new claim. + +However, an administrator can configure a custom recycler Pod template using +the Kubernetes controller manager command line arguments as described in the +[reference](/docs/reference/command-line-tools-reference/kube-controller-manager/). +The custom recycler Pod template must contain a `volumes` specification, as +shown in the example below: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: pv-recycler + namespace: default +spec: + restartPolicy: Never + volumes: + - name: vol + hostPath: + path: /any/path/it/will/be/replaced + containers: + - name: pv-recycler + image: "k8s.gcr.io/busybox" + command: ["/bin/sh", "-c", "test -e /scrub && rm -rf /scrub/..?* /scrub/.[!.]* /scrub/* && test -z \"$(ls -A /scrub)\" || exit 1"] + volumeMounts: + - name: vol + mountPath: /scrub +``` + +However, the particular path specified in the custom recycler Pod template in the `volumes` part is replaced with the particular path of the volume that is being recycled. + +### Reserving a PersistentVolume + +The control plane can [bind PersistentVolumeClaims to matching PersistentVolumes](#binding) in the +cluster. However, if you want a PVC to bind to a specific PV, you need to pre-bind them. + +By specifying a PersistentVolume in a PersistentVolumeClaim, you declare a binding between that specific PV and PVC. +If the PersistentVolume exists and has not reserved PersistentVolumeClaims through its `claimRef` field, then the PersistentVolume and PersistentVolumeClaim will be bound. + +The binding happens regardless of some volume matching criteria, including node affinity. +The control plane still checks that [storage class](/docs/concepts/storage/storage-classes/), access modes, and requested storage size are valid. + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: foo-pvc + namespace: foo +spec: + storageClassName: "" # Empty string must be explicitly set otherwise default StorageClass will be set + volumeName: foo-pv + ... +``` + +This method does not guarantee any binding privileges to the PersistentVolume. If other PersistentVolumeClaims could use the PV that you specify, you first need to reserve that storage volume. Specify the relevant PersistentVolumeClaim in the `claimRef` field of the PV so that other PVCs can not bind to it. + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: foo-pv +spec: + storageClassName: "" + claimRef: + name: foo-pvc + namespace: foo + ... +``` + +This is useful if you want to consume PersistentVolumes that have their `claimPolicy` set +to `Retain`, including cases where you are reusing an existing PV. + +### Expanding Persistent Volumes Claims + +{{< feature-state for_k8s_version="v1.11" state="beta" >}} + +Support for expanding PersistentVolumeClaims (PVCs) is enabled by default. You can expand +the following types of volumes: + +* azureDisk +* azureFile +* awsElasticBlockStore +* cinder (deprecated) +* {{< glossary_tooltip text="csi" term_id="csi" >}} +* flexVolume (deprecated) +* gcePersistentDisk +* glusterfs +* rbd +* portworxVolume + +You can only expand a PVC if its storage class's `allowVolumeExpansion` field is set to true. + +``` yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: gluster-vol-default +provisioner: kubernetes.io/glusterfs +parameters: + resturl: "http://192.168.10.100:8080" + restuser: "" + secretNamespace: "" + secretName: "" +allowVolumeExpansion: true +``` + +To request a larger volume for a PVC, edit the PVC object and specify a larger +size. This triggers expansion of the volume that backs the underlying PersistentVolume. A +new PersistentVolume is never created to satisfy the claim. Instead, an existing volume is resized. + +#### CSI Volume expansion + +{{< feature-state for_k8s_version="v1.16" state="beta" >}} + +Support for expanding CSI volumes is enabled by default but it also requires a specific CSI driver to support volume expansion. Refer to documentation of the specific CSI driver for more information. + + +#### Resizing a volume containing a file system + +You can only resize volumes containing a file system if the file system is XFS, Ext3, or Ext4. + +When a volume contains a file system, the file system is only resized when a new Pod is using +the PersistentVolumeClaim in `ReadWrite` mode. File system expansion is either done when a Pod is starting up +or when a Pod is running and the underlying file system supports online expansion. + +FlexVolumes (deprecated since Kubernetes v1.23) allow resize if the driver is configured with the +`RequiresFSResize` capability to `true`. The FlexVolume can be resized on Pod restart. + +#### Resizing an in-use PersistentVolumeClaim + +{{< feature-state for_k8s_version="v1.15" state="beta" >}} + +{{< note >}} +Expanding in-use PVCs is available as beta since Kubernetes 1.15, and as alpha since 1.11. The `ExpandInUsePersistentVolumes` feature must be enabled, which is the case automatically for many clusters for beta features. Refer to the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) documentation for more information. +{{< /note >}} + +In this case, you don't need to delete and recreate a Pod or deployment that is using an existing PVC. +Any in-use PVC automatically becomes available to its Pod as soon as its file system has been expanded. +This feature has no effect on PVCs that are not in use by a Pod or deployment. You must create a Pod that +uses the PVC before the expansion can complete. + + +Similar to other volume types - FlexVolume volumes can also be expanded when in-use by a Pod. + +{{< note >}} +FlexVolume resize is possible only when the underlying driver supports resize. +{{< /note >}} + +{{< note >}} +Expanding EBS volumes is a time-consuming operation. Also, there is a per-volume quota of one modification every 6 hours. +{{< /note >}} + +#### Recovering from Failure when Expanding Volumes + +If a user specifies a new size that is too big to be satisfied by underlying storage system, expansion of PVC will be continuously retried until user or cluster administrator takes some action. This can be undesirable and hence Kubernetes provides following methods of recovering from such failures. + +{{< tabs name="recovery_methods" >}} +{{% tab name="Manually with Cluster Administrator access" %}} + +If expanding underlying storage fails, the cluster administrator can manually recover the Persistent Volume Claim (PVC) state and cancel the resize requests. Otherwise, the resize requests are continuously retried by the controller without administrator intervention. + +1. Mark the PersistentVolume(PV) that is bound to the PersistentVolumeClaim(PVC) with `Retain` reclaim policy. +2. Delete the PVC. Since PV has `Retain` reclaim policy - we will not lose any data when we recreate the PVC. +3. Delete the `claimRef` entry from PV specs, so as new PVC can bind to it. This should make the PV `Available`. +4. Re-create the PVC with smaller size than PV and set `volumeName` field of the PVC to the name of the PV. This should bind new PVC to existing PV. +5. Don't forget to restore the reclaim policy of the PV. + +{{% /tab %}} +{{% tab name="By requesting expansion to smaller size" %}} +{{% feature-state for_k8s_version="v1.23" state="alpha" %}} + +{{< note >}} +Recovery from failing PVC expansion by users is available as an alpha feature since Kubernetes 1.23. The `RecoverVolumeExpansionFailure` feature must be enabled for this feature to work. Refer to the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) documentation for more information. +{{< /note >}} + +If the feature gates `ExpandPersistentVolumes` and `RecoverVolumeExpansionFailure` are both +enabled in your cluster, and expansion has failed for a PVC, you can retry expansion with a +smaller size than the previously requested value. To request a new expansion attempt with a +smaller proposed size, edit `.spec.resources` for that PVC and choose a value that is less than the +value you previously tried. +This is useful if expansion to a higher value did not succeed because of capacity constraint. +If that has happened, or you suspect that it might have, you can retry expansion by specifying a +size that is within the capacity limits of underlying storage provider. You can monitor status of resize operation by watching `.status.resizeStatus` and events on the PVC. + +Note that, +although you can a specify a lower amount of storage than what was requested previously, +the new value must still be higher than `.status.capacity`. +Kubernetes does not support shrinking a PVC to less than its current size. +{{% /tab %}} +{{% /tabs %}} + + +## Types of Persistent Volumes + +PersistentVolume types are implemented as plugins. Kubernetes currently supports the following plugins: + +* [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore) - AWS Elastic Block Store (EBS) +* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk) - Azure Disk +* [`azureFile`](/docs/concepts/storage/volumes/#azurefile) - Azure File +* [`cephfs`](/docs/concepts/storage/volumes/#cephfs) - CephFS volume +* [`csi`](/docs/concepts/storage/volumes/#csi) - Container Storage Interface (CSI) +* [`fc`](/docs/concepts/storage/volumes/#fc) - Fibre Channel (FC) storage +* [`gcePersistentDisk`](/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk +* [`glusterfs`](/docs/concepts/storage/volumes/#glusterfs) - Glusterfs volume +* [`hostPath`](/docs/concepts/storage/volumes/#hostpath) - HostPath volume + (for single node testing only; WILL NOT WORK in a multi-node cluster; + consider using `local` volume instead) +* [`iscsi`](/docs/concepts/storage/volumes/#iscsi) - iSCSI (SCSI over IP) storage +* [`local`](/docs/concepts/storage/volumes/#local) - local storage devices + mounted on nodes. +* [`nfs`](/docs/concepts/storage/volumes/#nfs) - Network File System (NFS) storage +* [`portworxVolume`](/docs/concepts/storage/volumes/#portworxvolume) - Portworx volume +* [`rbd`](/docs/concepts/storage/volumes/#rbd) - Rados Block Device (RBD) volume +* [`vsphereVolume`](/docs/concepts/storage/volumes/#vspherevolume) - vSphere VMDK volume + +The following types of PersistentVolume are deprecated. This means that support is still available but will be removed in a future Kubernetes release. + +* [`cinder`](/docs/concepts/storage/volumes/#cinder) - Cinder (OpenStack block storage) + (**deprecated** in v1.18) +* [`flexVolume`](/docs/concepts/storage/volumes/#flexvolume) - FlexVolume + (**deprecated** in v1.23) +* [`flocker`](/docs/concepts/storage/volumes/#flocker) - Flocker storage + (**deprecated** in v1.22) +* [`quobyte`](/docs/concepts/storage/volumes/#quobyte) - Quobyte volume + (**deprecated** in v1.22) +* [`storageos`](/docs/concepts/storage/volumes/#storageos) - StorageOS volume + (**deprecated** in v1.22) + +Older versions of Kubernetes also supported the following in-tree PersistentVolume types: + +* `photonPersistentDisk` - Photon controller persistent disk. + (**not available** after v1.15) +* [`scaleIO`](/docs/concepts/storage/volumes/#scaleio) - ScaleIO volume + (**not available** after v1.21) + +## Persistent Volumes + +Each PV contains a spec and status, which is the specification and status of the volume. +The name of a PersistentVolume object must be a valid +[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv0003 +spec: + capacity: + storage: 5Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Recycle + storageClassName: slow + mountOptions: + - hard + - nfsvers=4.1 + nfs: + path: /tmp + server: 172.17.0.2 +``` + +{{< note >}} +Helper programs relating to the volume type may be required for consumption of a PersistentVolume within a cluster. In this example, the PersistentVolume is of type NFS and the helper program /sbin/mount.nfs is required to support the mounting of NFS filesystems. +{{< /note >}} + +### CapaciggjÑ:q:ty + +Generally, a PV will have a specific storage capacity. This is set using the PV's `capacity` attribute. See the Kubernetes [Resource Model](https://git.k8s.io/community/contributors/design-proposals/scheduling/resources.md) to understand the units expected by `capacity`. + +Currently, storage size is the only resource that can be set or requested. Future attributes may include IOPS, throughput, etc. + +### Volume Mode + +{{< feature-state for_k8s_version="v1.18" state="stable" >}} + +Kubernetes supports two `volumeModes` of PersistentVolumes: `Filesystem` and `Block`. + +`volumeMode` is an optional API parameter. +`Filesystem` is the default mode used when `volumeMode` parameter is omitted. + +A volume with `volumeMode: Filesystem` is *mounted* into Pods into a directory. If the volume +is backed by a block device and the device is empty, Kubernetes creates a filesystem +on the device before mounting it for the first time. + +You can set the value of `volumeMode` to `Block` to use a volume as a raw block device. +Such volume is presented into a Pod as a block device, without any filesystem on it. +This mode is useful to provide a Pod the fastest possible way to access a volume, without +any filesystem layer between the Pod and the volume. On the other hand, the application +running in the Pod must know how to handle a raw block device. +See [Raw Block Volume Support](#raw-block-volume-support) +for an example on how to use a volume with `volumeMode: Block` in a Pod. + +### Access Modes + +A PersistentVolume can be mounted on a host in any way supported by the resource provider. As shown in the table below, providers will have different capabilities and each PV's access modes are set to the specific modes supported by that particular volume. For example, NFS can support multiple read/write clients, but a specific NFS PV might be exported on the server as read-only. Each PV gets its own set of access modes describing that specific PV's capabilities. + +The access modes are: + +`ReadWriteOnce` +: the volume can be mounted as read-write by a single node. ReadWriteOnce access mode still can allow multiple pods to access the volume when the pods are running on the same node. + +`ReadOnlyMany` +: the volume can be mounted as read-only by many nodes. + +`ReadWriteMany` +: the volume can be mounted as read-write by many nodes. + + `ReadWriteOncePod` +: the volume can be mounted as read-write by a single Pod. Use ReadWriteOncePod access mode if you want to ensure that only one pod across whole cluster can read that PVC or write to it. This is only supported for CSI volumes and Kubernetes version 1.22+. + + + +The blog article [Introducing Single Pod Access Mode for PersistentVolumes](/blog/2021/09/13/read-write-once-pod-access-mode-alpha/) covers this in more detail. + + +In the CLI, the access modes are abbreviated to: + +* RWO - ReadWriteOnce +* ROX - ReadOnlyMany +* RWX - ReadWriteMany +* RWOP - ReadWriteOncePod + +> __Important!__ A volume can only be mounted using one access mode at a time, even if it supports many. For example, a GCEPersistentDisk can be mounted as ReadWriteOnce by a single node or ReadOnlyMany by many nodes, but not at the same time. + + +| Volume Plugin | ReadWriteOnce | ReadOnlyMany | ReadWriteMany | ReadWriteOncePod | +| :--- | :---: | :---: | :---: | - | +| AWSElasticBlockStore | ✓ | - | - | - | +| AzureFile | ✓ | ✓ | ✓ | - | +| AzureDisk | ✓ | - | - | - | +| CephFS | ✓ | ✓ | ✓ | - | +| Cinder | ✓ | - | - | - | +| CSI | depends on the driver | depends on the driver | depends on the driver | depends on the driver | +| FC | ✓ | ✓ | - | - | +| FlexVolume | ✓ | ✓ | depends on the driver | - | +| Flocker | ✓ | - | - | - | +| GCEPersistentDisk | ✓ | ✓ | - | - | +| Glusterfs | ✓ | ✓ | ✓ | - | +| HostPath | ✓ | - | - | - | +| iSCSI | ✓ | ✓ | - | - | +| Quobyte | ✓ | ✓ | ✓ | - | +| NFS | ✓ | ✓ | ✓ | - | +| RBD | ✓ | ✓ | - | - | +| VsphereVolume | ✓ | - | - (works when Pods are collocated) | - | +| PortworxVolume | ✓ | - | ✓ | - | - | +| StorageOS | ✓ | - | - | - | + +### Class + +A PV can have a class, which is specified by setting the +`storageClassName` attribute to the name of a +[StorageClass](/docs/concepts/storage/storage-classes/). +A PV of a particular class can only be bound to PVCs requesting +that class. A PV with no `storageClassName` has no class and can only be bound +to PVCs that request no particular class. + +In the past, the annotation `volume.beta.kubernetes.io/storage-class` was used instead +of the `storageClassName` attribute. This annotation is still working; however, +it will become fully deprecated in a future Kubernetes release. + +### Reclaim Policy + +Current reclaim policies are: + +* Retain -- manual reclamation +* Recycle -- basic scrub (`rm -rf /thevolume/*`) +* Delete -- associated storage asset such as AWS EBS, GCE PD, Azure Disk, or OpenStack Cinder volume is deleted + +Currently, only NFS and HostPath support recycling. AWS EBS, GCE PD, Azure Disk, and Cinder volumes support deletion. + +### Mount Options + +A Kubernetes administrator can specify additional mount options for when a Persistent Volume is mounted on a node. + +{{< note >}} +Not all Persistent Volume types support mount options. +{{< /note >}} + +The following volume types support mount options: + +* AWSElasticBlockStore +* AzureDisk +* AzureFile +* CephFS +* Cinder (OpenStack block storage) +* GCEPersistentDisk +* Glusterfs +* NFS +* Quobyte Volumes +* RBD (Ceph Block Device) +* StorageOS +* VsphereVolume +* iSCSI + +Mount options are not validated. If a mount option is invalid, the mount fails. + +In the past, the annotation `volume.beta.kubernetes.io/mount-options` was used instead +of the `mountOptions` attribute. This annotation is still working; however, +it will become fully deprecated in a future Kubernetes release. + +### Node Affinity + +{{< note >}} +For most volume types, you do not need to set this field. It is automatically populated for [AWS EBS](/docs/concepts/storage/volumes/#awselasticblockstore), [GCE PD](/docs/concepts/storage/volumes/#gcepersistentdisk) and [Azure Disk](/docs/concepts/storage/volumes/#azuredisk) volume block types. You need to explicitly set this for [local](/docs/concepts/storage/volumes/#local) volumes. +{{< /note >}} + +A PV can specify node affinity to define constraints that limit what nodes this volume can be accessed from. Pods that use a PV will only be scheduled to nodes that are selected by the node affinity. To specify node affinity, set `nodeAffinity` in the `.spec` of a PV. The [PersistentVolume](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeSpec) API reference has more details on this field. + +### Phase + +A volume will be in one of the following phases: + +* Available -- a free resource that is not yet bound to a claim +* Bound -- the volume is bound to a claim +* Released -- the claim has been deleted, but the resource is not yet reclaimed by the cluster +* Failed -- the volume has failed its automatic reclamation + +The CLI will show the name of the PVC bound to the PV. + +## PersistentVolumeClaims + +Each PVC contains a spec and status, which is the specification and status of the claim. +The name of a PersistentVolumeClaim object must be a valid +[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: myclaim +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 8Gi + storageClassName: slow + selector: + matchLabels: + release: "stable" + matchExpressions: + - {key: environment, operator: In, values: [dev]} +``` + +### Access Modes + +Claims use [the same conventions as volumes](#access-modes) when requesting storage with specific access modes. + +### Volume Modes + +Claims use [the same convention as volumes](#volume-mode) to indicate the consumption of the volume as either a filesystem or block device. + +### Resources + +Claims, like Pods, can request specific quantities of a resource. In this case, the request is for storage. The same [resource model](https://git.k8s.io/community/contributors/design-proposals/scheduling/resources.md) applies to both volumes and claims. + +### Selector + +Claims can specify a [label selector](/docs/concepts/overview/working-with-objects/labels/#label-selectors) to further filter the set of volumes. Only the volumes whose labels match the selector can be bound to the claim. The selector can consist of two fields: + +* `matchLabels` - the volume must have a label with this value +* `matchExpressions` - a list of requirements made by specifying key, list of values, and operator that relates the key and values. Valid operators include In, NotIn, Exists, and DoesNotExist. + +All of the requirements, from both `matchLabels` and `matchExpressions`, are ANDed together – they must all be satisfied in order to match. + +### Class + +A claim can request a particular class by specifying the name of a +[StorageClass](/docs/concepts/storage/storage-classes/) +using the attribute `storageClassName`. +Only PVs of the requested class, ones with the same `storageClassName` as the PVC, can +be bound to the PVC. + +PVCs don't necessarily have to request a class. A PVC with its `storageClassName` set +equal to `""` is always interpreted to be requesting a PV with no class, so it +can only be bound to PVs with no class (no annotation or one set equal to +`""`). A PVC with no `storageClassName` is not quite the same and is treated differently +by the cluster, depending on whether the +[`DefaultStorageClass` admission plugin](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) +is turned on. + +* If the admission plugin is turned on, the administrator may specify a + default StorageClass. All PVCs that have no `storageClassName` can be bound only to + PVs of that default. Specifying a default StorageClass is done by setting the + annotation `storageclass.kubernetes.io/is-default-class` equal to `true` in + a StorageClass object. If the administrator does not specify a default, the + cluster responds to PVC creation as if the admission plugin were turned off. If + more than one default is specified, the admission plugin forbids the creation of + all PVCs. +* If the admission plugin is turned off, there is no notion of a default + StorageClass. All PVCs that have no `storageClassName` can be bound only to PVs that + have no class. In this case, the PVCs that have no `storageClassName` are treated the + same way as PVCs that have their `storageClassName` set to `""`. + +Depending on installation method, a default StorageClass may be deployed +to a Kubernetes cluster by addon manager during installation. + +When a PVC specifies a `selector` in addition to requesting a StorageClass, +the requirements are ANDed together: only a PV of the requested class and with +the requested labels may be bound to the PVC. + +{{< note >}} +Currently, a PVC with a non-empty `selector` can't have a PV dynamically provisioned for it. +{{< /note >}} + +In the past, the annotation `volume.beta.kubernetes.io/storage-class` was used instead +of `storageClassName` attribute. This annotation is still working; however, +it won't be supported in a future Kubernetes release. + +## Claims As Volumes + +Pods access storage by using the claim as a volume. Claims must exist in the same namespace as the Pod using the claim. The cluster finds the claim in the Pod's namespace and uses it to get the PersistentVolume backing the claim. The volume is then mounted to the host and into the Pod. + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: myfrontend + image: nginx + volumeMounts: + - mountPath: "/var/www/html" + name: mypd + volumes: + - name: mypd + persistentVolumeClaim: + claimName: myclaim +``` + +### A Note on Namespaces + +PersistentVolumes binds are exclusive, and since PersistentVolumeClaims are namespaced objects, mounting claims with "Many" modes (`ROX`, `RWX`) is only possible within one namespace. + +### PersistentVolumes typed `hostPath` + +A `hostPath` PersistentVolume uses a file or directory on the Node to emulate network-attached storage. +See [an example of `hostPath` typed volume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume). + +## Raw Block Volume Support + +{{< feature-state for_k8s_version="v1.18" state="stable" >}} + +The following volume plugins support raw block volumes, including dynamic provisioning where +applicable: + +* AWSElasticBlockStore +* AzureDisk +* CSI +* FC (Fibre Channel) +* GCEPersistentDisk +* iSCSI +* Local volume +* OpenStack Cinder +* RBD (Ceph Block Device) +* VsphereVolume + +### PersistentVolume using a Raw Block Volume {#persistent-volume-using-a-raw-block-volume} + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: block-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + volumeMode: Block + persistentVolumeReclaimPolicy: Retain + fc: + targetWWNs: ["50060e801049cfd1"] + lun: 0 + readOnly: false +``` +### PersistentVolumeClaim requesting a Raw Block Volume {#persistent-volume-claim-requesting-a-raw-block-volume} + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: block-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Block + resources: + requests: + storage: 10Gi +``` + +### Pod specification adding Raw Block Device path in container + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: pod-with-block-volume +spec: + containers: + - name: fc-container + image: fedora:26 + command: ["/bin/sh", "-c"] + args: [ "tail -f /dev/null" ] + volumeDevices: + - name: data + devicePath: /dev/xvda + volumes: + - name: data + persistentVolumeClaim: + claimName: block-pvc +``` + +{{< note >}} +When adding a raw block device for a Pod, you specify the device path in the container instead of a mount path. +{{< /note >}} + +### Binding Block Volumes + +If a user requests a raw block volume by indicating this using the `volumeMode` field in the PersistentVolumeClaim spec, the binding rules differ slightly from previous releases that didn't consider this mode as part of the spec. +Listed is a table of possible combinations the user and admin might specify for requesting a raw block device. The table indicates if the volume will be bound or not given the combinations: +Volume binding matrix for statically provisioned volumes: + +| PV volumeMode | PVC volumeMode | Result | +| --------------|:---------------:| ----------------:| +| unspecified | unspecified | BIND | +| unspecified | Block | NO BIND | +| unspecified | Filesystem | BIND | +| Block | unspecified | NO BIND | +| Block | Block | BIND | +| Block | Filesystem | NO BIND | +| Filesystem | Filesystem | BIND | +| Filesystem | Block | NO BIND | +| Filesystem | unspecified | BIND | + +{{< note >}} +Only statically provisioned volumes are supported for alpha release. Administrators should take care to consider these values when working with raw block devices. +{{< /note >}} + +## Volume Snapshot and Restore Volume from Snapshot Support + +{{< feature-state for_k8s_version="v1.20" state="stable" >}} + +Volume snapshots only support the out-of-tree CSI volume plugins. For details, see [Volume Snapshots](/docs/concepts/storage/volume-snapshots/). +In-tree volume plugins are deprecated. You can read about the deprecated volume plugins in the [Volume Plugin FAQ](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md). + +### Create a PersistentVolumeClaim from a Volume Snapshot {#create-persistent-volume-claim-from-volume-snapshot} + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: restore-pvc +spec: + storageClassName: csi-hostpath-sc + dataSource: + name: new-snapshot-test + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +``` + +## Volume Cloning + +[Volume Cloning](/docs/concepts/storage/volume-pvc-datasource/) only available for CSI volume plugins. + +### Create PersistentVolumeClaim from an existing PVC {#create-persistent-volume-claim-from-an-existing-pvc} + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: cloned-pvc +spec: + storageClassName: my-csi-plugin + dataSource: + name: existing-src-pvc-name + kind: PersistentVolumeClaim + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +``` + +## Volume populators and data sources + +{{< feature-state for_k8s_version="v1.22" state="alpha" >}} + +{{< note >}} +Kubernetes supports custom volume populators; this alpha feature was introduced +in Kubernetes 1.18. Kubernetes 1.22 reimplemented the mechanism with a redesigned API. +Check that you are reading the version of the Kubernetes documentation that matches your +cluster. {{% version-check %}} +To use custom volume populators, you must enable the `AnyVolumeDataSource` +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for +the kube-apiserver and kube-controller-manager. +{{< /note >}} + +Volume populators take advantage of a PVC spec field called `dataSourceRef`. Unlike the +`dataSource` field, which can only contain either a reference to another PersistentVolumeClaim +or to a VolumeSnapshot, the `dataSourceRef` field can contain a reference to any object in the +same namespace, except for core objects other than PVCs. For clusters that have the feature +gate enabled, use of the `dataSourceRef` is preferred over `dataSource`. + +## Data source references + +The `dataSourceRef` field behaves almost the same as the `dataSource` field. If either one is +specified while the other is not, the API server will give both fields the same value. Neither +field can be changed after creation, and attempting to specify different values for the two +fields will result in a validation error. Therefore the two fields will always have the same +contents. + +There are two differences between the `dataSourceRef` field and the `dataSource` field that +users should be aware of: +* The `dataSource` field ignores invalid values (as if the field was blank) while the + `dataSourceRef` field never ignores values and will cause an error if an invalid value is + used. Invalid values are any core object (objects with no apiGroup) except for PVCs. +* The `dataSourceRef` field may contain different types of objects, while the `dataSource` field + only allows PVCs and VolumeSnapshots. + +Users should always use `dataSourceRef` on clusters that have the feature gate enabled, and +fall back to `dataSource` on clusters that do not. It is not necessary to look at both fields +under any circumstance. The duplicated values with slightly different semantics exist only for +backwards compatibility. In particular, a mixture of older and newer controllers are able to +interoperate because the fields are the same. + +### Using volume populators + +Volume populators are {{< glossary_tooltip text="controllers" term_id="controller" >}} that can +create non-empty volumes, where the contents of the volume are determined by a Custom Resource. +Users create a populated volume by referring to a Custom Resource using the `dataSourceRef` field: + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: populated-pvc +spec: + dataSourceRef: + name: example-name + kind: ExampleDataSource + apiGroup: example.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +``` + +Because volume populators are external components, attempts to create a PVC that uses one +can fail if not all the correct components are installed. External controllers should generate +events on the PVC to provide feedback on the status of the creation, including warnings if +the PVC cannot be created due to some missing component. + +You can install the alpha [volume data source validator](https://github.com/kubernetes-csi/volume-data-source-validator) +controller into your cluster. That controller generates warning Events on a PVC in the case that no populator +is registered to handle that kind of data source. When a suitable populator is installed for a PVC, it's the +responsibility of that populator controller to report Events that relate to volume creation and issues during +the process. + +## Writing Portable Configuration + +If you're writing configuration templates or examples that run on a wide range of clusters +and need persistent storage, it is recommended that you use the following pattern: + +- Include PersistentVolumeClaim objects in your bundle of config (alongside + Deployments, ConfigMaps, etc). +- Do not include PersistentVolume objects in the config, since the user instantiating + the config may not have permission to create PersistentVolumes. +- Give the user the option of providing a storage class name when instantiating + the template. + - If the user provides a storage class name, put that value into the + `persistentVolumeClaim.storageClassName` field. + This will cause the PVC to match the right storage + class if the cluster has StorageClasses enabled by the admin. + - If the user does not provide a storage class name, leave the + `persistentVolumeClaim.storageClassName` field as nil. This will cause a + PV to be automatically provisioned for the user with the default StorageClass + in the cluster. Many cluster environments have a default StorageClass installed, + or administrators can create their own default StorageClass. +- In your tooling, watch for PVCs that are not getting bound after some time + and surface this to the user, as this may indicate that the cluster has no + dynamic storage support (in which case the user should create a matching PV) + or the cluster has no storage system (in which case the user cannot deploy + config requiring PVCs). + +## {{% heading "whatsnext" %}} + +* Learn more about [Creating a PersistentVolume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume). +* Learn more about [Creating a PersistentVolumeClaim](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim). +* Read the [Persistent Storage design document](https://git.k8s.io/community/contributors/design-proposals/storage/persistent-storage.md). + +### API references {#reference} + +Read about the APIs described in this page: + +* [`PersistentVolume`](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/) +* [`PersistentVolumeClaim`](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/)