Configuration and StorageLesson 4.5

Kubernetes emptyDir, hostPath, and ConfigMap volumes compared

emptyDir volume type, hostPath risks, ConfigMap as volume, Secret as volume, projected volumes, downwardAPI volume, tmpfs emptyDir, sharing data between sidecar containers

Not All Volumes Need External Storage

Kubernetes volume types comparison diagram

Kubernetes has many volume types for different needs. Choosing the right one matters for security and data durability.

emptyDir

Created when a Pod is assigned to a node. Empty at start. All containers in the Pod share it. Data is lost when the Pod is removed. Use for: inter-container file sharing, scratch space, caches.

volumes:
- name: scratch
  emptyDir: {}          # disk-backed

- name: ramdisk
  emptyDir:
    medium: Memory      # tmpfs — fast, uses RAM, counts toward memory limit
    sizeLimit: 256Mi

hostPath

Mounts a file or directory from the host node's filesystem. Powerful but dangerous — a compromised Pod can read host files. Only use for monitoring agents (Prometheus node exporter) or when you truly need host-level access.

volumes:
- name: host-logs
  hostPath:
    path: /var/log
    type: Directory

Projected Volumes

Projected volumes combine multiple sources (ConfigMap, Secret, ServiceAccountToken, DownwardAPI) into a single mount point — cleaner than separate mounts for each source.

volumes:
- name: all-config
  projected:
    sources:
    - configMap:
        name: app-config
    - secret:
        name: db-creds

Ready to practice?

MCQs · Coding challenges · Mini project