Storage — PV, PVC & StorageClasses
Persistent Volumes, PVCs, StorageClasses, access modes, volume types, snapshots, and storage troubleshooting.
Objectives
- Mount an
emptyDirvolume shared between two containers in a pod - Use a
hostPathvolume and understand its security implications - Mount a ConfigMap and Secret as read-only volumes
emptyDir is wiped when the pod is deleted. hostPath survives pod restarts but ties you to a specific node — never use it for stateful production workloads.
Objectives
- Create a PV with
hostPath, specific access mode and capacity - Understand RWO, ROX, RWX, RWOP access modes
- Understand Retain, Recycle, Delete reclaim policies
- Observe PV lifecycle: Available → Bound → Released
Key Commands
kubectl get pv
RWO = ReadWriteOnce # one node
ROX = ReadOnlyMany # many nodes read-only
RWX = ReadWriteMany # many nodes read-write
RWOP = ReadWriteOncePod# single pod only
Know access mode abbreviations cold — the exam uses them. RWO is the most common. RWX requires a shared filesystem like NFS; most cloud block disks only support RWO.
Objectives
- Create a PVC that binds to a specific PV
- Mount the PVC into a pod and write data to verify persistence
- Expand a PVC and confirm the pod sees new capacity
- Debug a PVC stuck in
Pending
Key Commands
kubectl get pvc
kubectl describe pvc rx-data # events explain Pending
PVC Pending — check in order: matching PV exists? accessMode matches? capacity sufficient? correct StorageClass? These four checks resolve 95% of PVC binding failures.
PVC expansion requires allowVolumeExpansion: true on the StorageClass. Without it, resize requests are silently ignored — a common AKS gotcha we’ve hit in production.
Objectives
- Create a StorageClass and set it as cluster default
- Create a PVC using the StorageClass and observe dynamic PV creation
- Understand the provisioner field and how it maps to a CSI driver
Key Commands
kubectl get sc
kubectl patch storageclass standard \
-p '{"metadata":{"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
Objectives
- Mount an NFS share as a Kubernetes volume
- Use projected volumes to combine a Secret and ConfigMap into one mount
- Create a generic ephemeral volume inline in a pod spec
Objectives
- Create a VolumeSnapshotClass and take a snapshot of a PVC
- Restore a new PVC from the snapshot
- Verify data integrity after restore
Objectives
- Diagnose a pod stuck in
ContainerCreatingdue to volume mount failure - Debug a PVC that won’t bind using events and describe output
- Identify and fix a StorageClass misconfiguration
- Protect a PVC from accidental deletion using finalizers
Key Commands
kubectl describe pod <pod> | grep -A5 Events
kubectl describe pvc <pvc>
kubectl get csidrivers
kubectl get pods -n kube-system | grep csi
Always start storage troubleshooting with kubectl describe pvc — the Events section tells you exactly what’s failing before you touch anything else.