Core concepts and mechanisms of Kubernetes storage - Container Service for Kubernetes

Container Service for Kubernetes (ACK) supports multiple storage backends—cloud disks, File Storage NAS (NAS) file systems, and Object Storage Service (OSS) buckets—that you can mount to workloads running in your cluster. This topic explains the core storage concepts you need before configuring persistent storage: volumes, PersistentVolumes (PVs), PersistentVolumeClaims (PVCs), and StorageClasses.

Volumes
PVs and PVCs
How volumes are provisioned
StorageClasses

Volumes

Container filesystems are ephemeral—files written inside a container are lost when the container restarts. Kubernetes introduces the volume abstraction to solve this: a volume connects a Pod to external storage, survives container restarts within a Pod's lifetime, and can be shared among containers in the same Pod as well as between pods and the external environment.

ACK supports the following volume types:

Type	Description
Local storage	Node-local volumes such as `hostPath` and `emptyDir`. Data is tied to a specific node and becomes unavailable if the node goes down. Not suitable for stateful workloads that may reschedule.
Network storage	Remote storage volumes such as Ceph, GlusterFS, NFS, and iSCSI. Data is stored on a remote service rather than a specific node, but the storage service must be mounted locally.
Secret and ConfigMap	Special volumes that expose cluster object data (credentials, configuration) to Pods as files.
PVC	A volume backed by a PersistentVolumeClaim, which abstracts the underlying storage as an independent object. Use PVCs for workloads that need durable, portable storage.

Usage notes:

A Pod can mount multiple volumes, including multiple types at the same time.
All containers in a Pod share the volumes mounted to that Pod.
A volume shares the Pod's lifecycle. Whether the underlying data persists after the Pod is deleted depends on the volume type and its configuration.
For durable data, use PVCs and PVs.

PVs and PVCs

Not all Kubernetes volumes are persistent. For durable storage, Kubernetes introduces two objects that separate *how storage is provisioned* from *how storage is consumed*:

A PersistentVolume (PV) is a piece of storage provisioned in the cluster. Think of a PV the way you think of a node: just as a node is a cluster resource that Pods consume, a PV is a storage resource that PVCs consume. A PV has its own lifecycle, independent of any Pod.
A PersistentVolumeClaim (PVC) is a request for storage. Think of a PVC the way you think of a Pod: just as a Pod requests CPU and memory from a node, a PVC requests storage capacity and access modes from a PV.

This separation means application developers declare what storage they need (a PVC), while cluster administrators manage how that storage is provided (a PV).

PV example

apiVersion: v1
kind: PersistentVolume
metadata:
  namespace: default
  name: pv-example
spec:
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: diskplugin.csi.alibabacloud.com
    volumeHandle: <disk ID>
  volumeMode: Filesystem

PVC example

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-example
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
  volumeName: pv-example

Binding rules

PVs and PVCs have a one-to-one relationship: a PV binds to exactly one PVC. Before a PVC can be used by a Pod, Kubernetes must find a PV that satisfies all of the following:

Field	Requirement
`volumeMode`	Must match the PVC's volume mode
`accessModes`	Must include the access modes requested by the PVC
`storageClassName`	If specified in the PVC, the PV must have the same StorageClass
Label selector	The PV must match any label selector defined in the PVC
`storage`	The PV's capacity must be at least the amount requested by the PVC

How the `storage` field works:

Kubernetes uses storage to match and bind PVs to PVCs.
In dynamic provisioning, the PVC's storage value determines the capacity of the provisioned PV and the underlying storage resource (such as a cloud disk).
For storage types that support resizing, the PVC's storage value sets the target capacity after a scale-out.
storage is a logical capacity limit. Actual write throughput depends on the underlying storage medium, not on the storage field.

Volume access modes

Use the accessModes field to define how a volume can be mounted:

Access mode	Abbreviation	Description	Example
ReadWriteOnce	RWO	Read-write by a single node	Alibaba Cloud disk
ReadOnlyMany	ROX	Read-only by multiple nodes	OSS bucket
ReadWriteMany	RWX	Read-write by multiple nodes	NAS file system

How volumes are provisioned

ACK supports two provisioning workflows: static and dynamic.

Static provisioning

In static provisioning, the cluster administrator creates PVs in advance. You can statically provision cloud disks, NAS file systems, and OSS buckets.

The administrator analyzes Pod storage requirements and pre-allocates storage resources (for example, cloud disks or NAS file systems).
The administrator creates PVs that describe those resources, including their capacity and configuration.
Developers create PVCs that declare what their workloads need.
When a Pod is created, Kubernetes binds the PVC to a matching PV, giving the Pod access to the storage.

Dynamic provisioning

In dynamic provisioning, a CSI provisioner creates PVs automatically when a PVC is submitted. You can dynamically provision cloud disks, NAS file systems, and OSS buckets.

The administrator creates a StorageClass that defines the storage type and provisioner. For example, diskplugin.csi.alibabacloud.com provisions cloud disks.
Developers create PVCs that reference a StorageClass. No manual PV creation is needed.
When a Pod is created, the CSI provisioner reads the StorageClass, creates a PV and the underlying storage resource, and binds the PV to the PVC.

Dynamic provisioning has three advantages over static provisioning:

Automated lifecycle management: the provisioner handles PV creation and deletion automatically.
Reduced operational burden: administrators manage StorageClasses rather than individual PVs.
Capacity consistency: the PV and the underlying storage resource are always provisioned to match the PVC's requested capacity.

StorageClasses

A StorageClass defines the storage type, provisioner, and parameters used for dynamic provisioning. When a PVC references a StorageClass and no matching PV exists, Kubernetes triggers the provisioner to create a PV and underlying storage automatically.

StorageClass example

The following StorageClass provisions Alibaba Cloud disks:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alicloud-disk-topology-alltype
provisioner: diskplugin.csi.alibabacloud.com
parameters:
  type: cloud_auto,cloud_essd,cloud_ssd,cloud_efficiency
  fstype: ext4
  diskTags/a: b
  encrypted: "false"
  performanceLevel: PL1
  provisionedIops: "40000"
  burstingEnabled: "false"
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer

Key parameters

Parameter	Description
`provisioner`	The CSI driver that creates storage resources. Use `diskplugin.csi.alibabacloud.com` for cloud disks, `nasplugin.csi.alibabacloud.com` for NAS file systems, or `ossplugin.csi.alibabacloud.com` for OSS buckets.
`parameters`	Driver-specific parameters, such as disk type, filesystem type, and performance settings.
`reclaimPolicy`	What happens to the PV and underlying storage when the PVC is deleted. `Delete` (default) removes both the PV and the cloud disk. `Retain` keeps both—you must delete them manually. Set to `Retain` if data security is a priority.
`allowVolumeExpansion`	Set to `true` to enable online disk expansion.
`volumeBindingMode`	When the PV is provisioned. See the table below.

Choosing a `volumeBindingMode`:

Mode	When the PV is created	Recommended for
`Immediate` (default)	When the PVC is created, before any Pod is scheduled	Single-zone clusters
`WaitForFirstConsumer`	After a Pod that uses the PVC is scheduled to a node	Multi-zone clusters

Use WaitForFirstConsumer in multi-zone clusters. Cloud disks cannot be mounted across zones. If a PV is provisioned in Zone A but a Pod is scheduled to Zone B, the Pod will fail to start. With WaitForFirstConsumer, the provisioner waits until the Pod is scheduled, then creates the disk in the zone where the Pod runs.

How `WaitForFirstConsumer` works:

When a PVC is created, the provisioner does not immediately create a PV. It waits until a Pod consumes the PVC. After the scheduler places the Pod on a node, it writes the scheduling result (region and node) to the PVC's metadata. The provisioner reads this information and creates the PV—and the underlying disk—in the correct zone.

Default StorageClass

Kubernetes supports a default StorageClass that automatically provisions a PV for any PVC that does not specify a StorageClass name.

Important

ACK clusters do not configure a default StorageClass out of the box. A default StorageClass applies to all PVCs that omit a storageClassName. If your cluster uses multiple storage types, a default StorageClass may provision the wrong storage type for a PVC. Enable it only if all your PVCs use the same storage type.

Set a default StorageClass:

Run the following command to mark alicloud-disk-topology-alltype as the default:

kubectl annotate storageclass alicloud-disk-topology-alltype storageclass.kubernetes.io/is-default-class=true

Verify the change:

kubectl get sc

Expected output:

NAME                                        PROVISIONER                       AGE
alicloud-disk-topology-alltype (default)    diskplugin.csi.alibabacloud.com   96m

Create a PVC without specifying a StorageClass:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: disk-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi

The cluster automatically creates a cloud disk PV using alicloud-disk-topology-alltype.

kubectl get pvc

Expected output:

NAME       STATUS   VOLUME                   CAPACITY   ACCESS MODES    STORAGECLASS                      AGE
disk-pvc   Bound    d-bp18pbai447qverm****   20Gi       RWO             alicloud-disk-topology-alltype    49s

Remove the default StorageClass:

kubectl annotate storageclass alicloud-disk-topology-alltype storageclass.kubernetes.io/is-default-class-

StorageClasses provided by ACK

StorageClass	Disk type	Notes
`alicloud-disk-efficiency`	Ultra disk	Previous-generation cloud disk
`alicloud-disk-ssd`	Standard SSD	Previous-generation cloud disk
`alicloud-disk-essd`	ESSD	Performance Level 1 (PL1) Enterprise SSD
`alicloud-disk-topology-alltype`	Multi-type	Attempts ESSD first, then standard SSD, then ultra disk. Recommended for multi-zone clusters.
`alibabacloud-cnfs-nas`	NAS (Container Network File System)	Creates Container Network File System (CNFS)-managed NAS volumes

The alicloud-disk-topology-alltype StorageClass selects the best available disk type at provisioning time:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alicloud-disk-topology-alltype
parameters:
  type: cloud_essd,cloud_ssd,cloud_efficiency
provisioner: diskplugin.csi.alibabacloud.com
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer

What's next

For the complete list of storage options and how-to guides, see Storage.

For step-by-step instructions on provisioning specific storage types, see: