Storage va Volumes
Mundarija
- Storage Asoslari
- Volume Types
- PersistentVolume (PV)
- PersistentVolumeClaim (PVC)
- StorageClass
- Volume Snapshots
- CSI (Container Storage Interface)
Storage Asoslari
Muammo
Container filesystem ephemeral (vaqtinchalik):
- Container restart bo'lsa → ma'lumotlar yo'qoladi
- Pod o'chirilsa → barcha ma'lumotlar yo'qoladi
- Konteynerlar o'rtasida file sharing qiyin
Yechim: Volumes
Kubernetes Volume - bu pod lifecycle'dan mustaqil storage.
Volume Xususiyatlari:
- Pod bilan birga yaratiladi va o'chiriladi (odatda)
- Pod ichidagi barcha konteynerlar volume'ni ulashadi
- Turli storage backend'lari qo'llab-quvvatlanadi
Volume vs PersistentVolume
| Volume | PersistentVolume |
|---|---|
| Pod spec'da belgilanadi | Alohida resource |
| Pod lifecycle'ga bog'liq | Pod'dan mustaqil |
| Static configuration | Dynamic provisioning |
| Developer tomonidan | Admin tomonidan |
Volume Types
Kubernetes 20+ volume type'larini qo'llab-quvvatlaydi. Eng muhimlari:
1. emptyDir
Ta'rif: Bo'sh direktoriya. Pod yaratilganda hosil bo'ladi, o'chirilganda yo'qoladi.
YAML:
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: cache
mountPath: /cache
- name: sidecar
image: busybox
command: ['sh', '-c', 'while true; do ls -la /cache; sleep 10; done']
volumeMounts:
- name: cache
mountPath: /cache
volumes:
- name: cache
emptyDir: {}
Xususiyatlari:
- Pod o'chirilsa → volume yo'qoladi
- Konteyner restart bo'lsa → volume saqlanadi
- Konteynerlar o'rtasida file sharing
Foydalanish holatlari:
- Temporary cache
- Scratch space
- Checkpoint data
- Container communication
emptyDir Options:
Memory-backed:
volumes:
- name: cache
emptyDir:
medium: Memory
sizeLimit: 1Gi
tmpfs (RAM) da yaratiladi. Juda tez, lekin restart'da yo'qoladi.
2. hostPath
Ta'rif: Node'ning file system'idan direktoriya yoki file.
YAML:
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: host-volume
mountPath: /data
volumes:
- name: host-volume
hostPath:
path: /mnt/data
type: Directory
hostPath Types:
- Directory: Directory mavjud bo'lishi kerak
- DirectoryOrCreate: Yo'q bo'lsa yaratiladi
- File: File mavjud bo'lishi kerak
- FileOrCreate: Yo'q bo'lsa yaratiladi
- Socket: Unix socket
- CharDevice: Character device
- BlockDevice: Block device
Xavfsizlik: ⚠️ Security risk! Node filesystem'ga to'g'ridan-to'g'ri kirish.
Foydalanish holatlari:
- DaemonSet logging
- Node monitoring
- Test/Development
- Docker socket access
Misol (Docker socket):
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
3. configMap
Ta'rif: ConfigMap'dan configuration file'lar.
ConfigMap yaratish:
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
config.json: |
{
"database": "postgres",
"port": 5432
}
app.properties: |
server.port=8080
logging.level=INFO
Pod'da ishlatish:
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app
image: myapp
volumeMounts:
- name: config
mountPath: /etc/config
volumes:
- name: config
configMap:
name: app-config
File'lar:
/etc/config/config.json
/etc/config/app.properties
Specific Keys:
volumes:
- name: config
configMap:
name: app-config
items:
- key: config.json
path: application.json
File'lar:
/etc/config/application.json
4. secret
Ta'rif: Secret'dan sensitive data.
Secret yaratish:
kubectl create secret generic db-secret \
--from-literal=username=admin \
--from-literal=password=secret123
Pod'da ishlatish:
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app
image: myapp
volumeMounts:
- name: secret
mountPath: /etc/secret
readOnly: true
volumes:
- name: secret
secret:
secretName: db-secret
File'lar:
/etc/secret/username
/etc/secret/password
Environment Variable sifatida:
spec:
containers:
- name: app
image: myapp
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: db-secret
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
5. downwardAPI
Ta'rif: Pod metadata va resource info.
YAML:
apiVersion: v1
kind: Pod
metadata:
name: app-pod
labels:
app: myapp
version: v1.0
spec:
containers:
- name: app
image: myapp
volumeMounts:
- name: podinfo
mountPath: /etc/podinfo
volumes:
- name: downwardAPI
downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- path: "annotations"
fieldRef:
fieldPath: metadata.annotations
- path: "pod-name"
fieldRef:
fieldPath: metadata.name
- path: "namespace"
fieldRef:
fieldPath: metadata.namespace
- path: "cpu-limit"
resourceFieldRef:
containerName: app
resource: limits.cpu
- path: "memory-limit"
resourceFieldRef:
containerName: app
resource: limits.memory
File'lar:
/etc/podinfo/labels
/etc/podinfo/pod-name
/etc/podinfo/namespace
/etc/podinfo/cpu-limit
6. projected
Ta'rif: Bir nechta volume source'larni birlashtirish.
YAML:
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app
image: myapp
volumeMounts:
- name: all-in-one
mountPath: /projected-volume
volumes:
- name: all-in-one
projected:
sources:
- secret:
name: db-secret
- configMap:
name: app-config
- downwardAPI:
items:
- path: "pod-name"
fieldRef:
fieldPath: metadata.name
7. Cloud Storage Volumes
AWS EBS (Elastic Block Store)
volumes:
- name: ebs-volume
awsElasticBlockStore:
volumeID: vol-0123456789abcdef0
fsType: ext4
Cheklov: Pod va EBS bir xil Availability Zone'da bo'lishi kerak.
GCE Persistent Disk
volumes:
- name: gce-disk
gcePersistentDisk:
pdName: my-disk
fsType: ext4
Azure Disk
volumes:
- name: azure-disk
azureDisk:
diskName: myAzureDisk
diskURI: /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Compute/disks/myAzureDisk
8. Network File System (NFS)
volumes:
- name: nfs-volume
nfs:
server: nfs-server.example.com
path: /exported/path
readOnly: false
Afzalliklar:
- ReadWriteMany (bir nechta pod bir vaqtda)
- Network storage
- Shared data
9. Ceph
CephFS
volumes:
- name: cephfs-volume
cephfs:
monitors:
- 10.16.154.78:6789
- 10.16.154.82:6789
path: /some/path
user: admin
secretRef:
name: ceph-secret
RBD (Rados Block Device)
volumes:
- name: rbd-volume
rbd:
monitors:
- 10.16.154.78:6789
- 10.16.154.82:6789
image: foo
fsType: ext4
pool: rbd
user: admin
secretRef:
name: ceph-secret
PersistentVolume (PV)
Ta'rif
PersistentVolume - bu cluster'dagi storage piece. Admin tomonidan provision qilinadi yoki dynamic provisioning orqali avtomatik yaratiladi.
Xususiyatlari:
- Pod'dan mustaqil
- Cluster-wide resource
- Lifecycle pod'dan ajratilgan
- Reclaim policy
PV Lifecycle
Available → Bound → Released → [Reclaimed/Failed]
- Available: PV mavjud, hech kim ishlatmayapti
- Bound: PVC'ga bind qilingan
- Released: PVC o'chirildi, lekin PV hali reclaim qilinmadi
- Failed: Reclaim jarayonida xatolik
PV YAML
Basic PV:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-example
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: /mnt/data
NFS PV:
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv
spec:
capacity:
storage: 100Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
server: nfs-server.example.com
path: /exported/path
AWS EBS PV:
apiVersion: v1
kind: PersistentVolume
metadata:
name: ebs-pv
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
storageClassName: gp2
awsElasticBlockStore:
volumeID: vol-0123456789abcdef0
fsType: ext4
Access Modes
-
ReadWriteOnce (RWO):
- Bitta node faqat read-write
- Eng keng tarqalgan
- Block storage (EBS, Azure Disk)
-
ReadOnlyMany (ROX):
- Ko'p node'lar, faqat read
- Shared content distribution
-
ReadWriteMany (RWX):
- Ko'p node'lar, read-write
- Network storage (NFS, CephFS)
Support Matrix:
| Volume Plugin | RWO | ROX | RWX |
|---|---|---|---|
| AWS EBS | ✅ | ❌ | ❌ |
| Azure Disk | ✅ | ❌ | ❌ |
| GCE Persistent Disk | ✅ | ✅ | ❌ |
| NFS | ✅ | ✅ | ✅ |
| CephFS | ✅ | ✅ | ✅ |
| HostPath | ✅ | ❌ | ❌ |
Volume Mode
-
Filesystem (default):
volumeMode: FilesystemFile system sifatida mount qilinadi.
-
Block:
volumeMode: BlockRaw block device sifatida. Database'lar uchun.
Reclaim Policy
PVC o'chirilganda PV bilan nima qilish kerak?
-
Retain (default for manual PV):
persistentVolumeReclaimPolicy: RetainPV saqlanadi, admin qo'lda tozalashi kerak.
-
Delete (default for dynamic):
persistentVolumeReclaimPolicy: DeletePV va underlying storage o'chiriladi.
-
Recycle (deprecated):
persistentVolumeReclaimPolicy: RecycleBasic scrub (
rm -rf /volume/*), qayta ishlatiladi.
Node Affinity
PV ma'lum node'larda bo'lishi mumkin:
apiVersion: v1
kind: PersistentVolume
metadata:
name: local-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /mnt/disks/ssd1
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node-1
PersistentVolumeClaim (PVC)
Ta'rif
PersistentVolumeClaim - bu user'ning storage so'rovi. Pod volume'dan PVC orqali foydalanadi.
Analogy:
- PV = Server (Hardware)
- PVC = Request (Order)
- Pod = Application (Customer)
PVC YAML
Basic PVC:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: standard
Selector bilan:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: standard
selector:
matchLabels:
environment: production
type: ssd
PVC Binding
Kubernetes avtomatik ravishda PVC'ni mos PV'ga bind qiladi:
Matching kriteriylari:
- Access mode mos kelishi kerak
- Storage size yetarli bo'lishi kerak
- StorageClass mos kelishi kerak (agar belgilangan bo'lsa)
- Selector mos kelishi kerak (agar belgilangan bo'lsa)
Misol:
PVC:
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 5Gi
storageClassName: standard
PV:
spec:
capacity:
storage: 10Gi # 5Gi dan katta ✅
accessModes: [ReadWriteOnce] # Mos keladi ✅
storageClassName: standard # Mos keladi ✅
Binding: PVC → PV ✅
Pod'da PVC Ishlatish
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: storage
mountPath: /data
volumes:
- name: storage
persistentVolumeClaim:
claimName: my-pvc
Deployment bilan:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: data
mountPath: /usr/share/nginx/html
volumes:
- name: data
persistentVolumeClaim:
claimName: my-pvc
StatefulSet bilan:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: nginx
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
StatefulSet har bir pod uchun alohida PVC yaratadi:
www-web-0
www-web-1
www-web-2
PVC Expansion
Ba'zi storage class'lar volume expansion qo'llab-quvvatlaydi:
StorageClass:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: expandable
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
allowVolumeExpansion: true
PVC Expand:
spec:
resources:
requests:
storage: 10Gi # 5Gi → 10Gi
Qo'lda apply:
kubectl edit pvc my-pvc
# storage: 10Gi ga o'zgartiring
Status:
kubectl get pvc my-pvc
Eslatma: Shrink (kichraytirish) qo'llab-quvvatlanmaydi!
StorageClass
Ta'rif
StorageClass - bu dynamic volume provisioning uchun "class" yoki "profile".
Static vs Dynamic:
| Static Provisioning | Dynamic Provisioning |
|---|---|
| Admin PV yaratadi | Kubernetes avtomatik yaratadi |
| PVC existing PV'ga bind | PVC uchun yangi PV yaratiladi |
| Manual | Avtomatik |
StorageClass YAML
Basic StorageClass:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
fsType: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: Immediate
Provisioner
Provisioner - bu volume yaratish uchun plugin.
Built-in Provisioners:
kubernetes.io/aws-ebs- AWS EBSkubernetes.io/azure-disk- Azure Diskkubernetes.io/gce-pd- GCE Persistent Diskkubernetes.io/no-provisioner- Local volumes
External Provisioners (CSI):
ebs.csi.aws.com- AWS EBS CSIdisk.csi.azure.com- Azure Disk CSIpd.csi.storage.gke.io- GCE PD CSInfs.csi.k8s.io- NFS CSI
Parameters
Provisioner-specific parameters.
AWS EBS:
parameters:
type: gp3 # gp2, gp3, io1, io2, st1, sc1
iopsPerGB: "10"
fsType: ext4
encrypted: "true"
Azure Disk:
parameters:
storageaccounttype: StandardSSD_LRS # Standard_LRS, Premium_LRS, etc.
kind: Managed
GCE Persistent Disk:
parameters:
type: pd-standard # pd-standard, pd-ssd, pd-balanced
replication-type: regional-pd
NFS:
parameters:
server: nfs-server.example.com
path: /exported/path
Volume Binding Mode
-
Immediate (default):
volumeBindingMode: ImmediatePVC yaratilgan zahoti PV yaratiladi va bind qilinadi.
-
WaitForFirstConsumer:
volumeBindingMode: WaitForFirstConsumerPVC yaratilganda PV yaratilmaydi. Faqat pod schedule qilinganda PV yaratiladi (to'g'ri zone'da).
Afzallik: Zone-aware scheduling. Pod va volume bir xil zone'da bo'ladi.
Default StorageClass
Agar PVC'da storageClassName belgilanmasa, default StorageClass ishlatiladi:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/aws-ebs
Ko'rish:
kubectl get storageclass
Output:
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE
standard (default) kubernetes.io/aws-ebs Delete Immediate
fast kubernetes.io/aws-ebs Delete Immediate
Dynamic Provisioning Misol
StorageClass:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast-ssd
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp3
iopsPerGB: "50"
fsType: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
PVC:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: fast-storage
spec:
accessModes:
- ReadWriteOnce
storageClassName: fast-ssd
resources:
requests:
storage: 10Gi
Pod:
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app
image: myapp
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: fast-storage
Jarayon:
- PVC yaratiladi
- Pod schedule qilinadi (node-1, us-east-1a)
- Kubernetes AWS EBS volume yaratadi (us-east-1a zone'da)
- PV avtomatik yaratiladi va PVC'ga bind qilinadi
- Pod volume'ni mount qiladi
Volume Snapshots
Ta'rif
Volume Snapshot - bu PVC'ning nuqta-in-time nusxasi.
Foydalanish holatlari:
- Backup
- Disaster recovery
- Clone volume
VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: csi-aws-vsc
driver: ebs.csi.aws.com
deletionPolicy: Delete
VolumeSnapshot
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
name: snapshot-1
spec:
volumeSnapshotClassName: csi-aws-vsc
source:
persistentVolumeClaimName: my-pvc
Yaratish:
kubectl apply -f volumesnapshot.yaml
Status:
kubectl get volumesnapshot
Snapshot'dan Restore
PVC yaratish:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: restored-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: fast-ssd
resources:
requests:
storage: 10Gi
dataSource:
name: snapshot-1
kind: VolumeSnapshot
apiGroup: snapshot.storage.k8s.io
CSI (Container Storage Interface)
Ta'rif
CSI - bu Kubernetes va storage provider o'rtasidagi standart interfeys.
CSI Afzalliklari:
- Vendor-neutral
- Plugin arxitekturasi
- Out-of-tree (Kubernetes core'dan tashqarida)
- Community-driven
CSI Architecture
Kubernetes ←→ CSI Controller ←→ Storage System
(CSI Driver)
Komponentlar:
-
CSI Controller:
- Volume create/delete
- Snapshot create/delete
- Volume attach/detach
-
CSI Node:
- Volume mount/unmount
- Node'da ishlaydi
Mashhur CSI Driver'lar
-
AWS EBS CSI:
- Provisioner:
ebs.csi.aws.com - Snapshot support
- Encryption
- Provisioner:
-
Azure Disk CSI:
- Provisioner:
disk.csi.azure.com - Multi-zone support
- Provisioner:
-
GCE Persistent Disk CSI:
- Provisioner:
pd.csi.storage.gke.io - Regional disks
- Provisioner:
-
NFS CSI:
- Provisioner:
nfs.csi.k8s.io - ReadWriteMany
- Provisioner:
-
Longhorn:
- Distributed block storage
- Built-in backup
- Snapshot/restore
CSI Driver O'rnatish
Misol (AWS EBS CSI):
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
StorageClass:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
parameters:
type: gp3
encrypted: "true"
volumeBindingMode: WaitForFirstConsumer
Best Practices
1. Storage Planning
Capacity:
- PVC request realistic bo'lishi kerak
- Over-provisioning oldini olish
- Resource quotas
Performance:
- To'g'ri storage type tanlash
- IOPS requirements
- Throughput
2. Backup va Disaster Recovery
Regular Backups:
- Volume snapshots
- External backup tools (Velero)
- Retention policy
Testing:
- Restore testing
- DR drills
3. Security
Encryption:
parameters:
encrypted: "true"
Access Control:
- RBAC for PV/PVC
- Storage quotas
- Network policies
4. Monitoring
Metrics:
- Storage capacity
- IOPS
- Throughput
- Latency
Alerts:
- Storage full
- Performance degradation
- Snapshot failures
5. Cost Optimization
Right-sizing:
- Don't over-provision
- Regular cleanup
- Use appropriate storage tier
Lifecycle:
- Delete unused PVC/PV
- Snapshot retention
- Archive old data
Xulosa
Kubernetes Storage - bu murakkab lekin muhim mavzu:
✅ Volumes: Ephemeral va persistent storage ✅ PersistentVolume: Admin-provisioned storage ✅ PersistentVolumeClaim: User storage request ✅ StorageClass: Dynamic provisioning ✅ Volume Snapshots: Backup va restore ✅ CSI: Standard storage interface