Velero for Kubernetes Backup and Recovery (eBook)

Chapter 1
Kubernetes Storage and Data Protection Fundamentals

Before you can reliably safeguard modern cloud-native workloads, you must first uncover the intricacies of how data lives, moves, and can be lost within Kubernetes. This chapter challenges you to look beneath the surface of PVCs and pods, revealing what makes stateful data uniquely vulnerable—and how to build a foundation for resilient backup from the ground up. Whether architecting critical business applications or designing robust disaster recovery, mastering these fundamentals is your passport to building systems that stand the test of failure.

1.1 Persistent Storage in Kubernetes

The architecture of persistent storage in Kubernetes is built around abstractions that enable a clear separation between storage provisioning and the container lifecycle, thereby addressing the inherent ephemeral nature of containers. Central to this architecture are Persistent Volumes (PVs), Persistent Volume Claims (PVCs), and Storage Classes, which together facilitate decoupling of storage from compute resources and promote flexibility in storage management across heterogeneous environments.

A Persistent Volume (PV) is a piece of storage in the cluster provisioned by an administrator or dynamically created using Storage Classes. PVs exist beyond the lifecycle of individual pods, supporting data persistence even when containers are terminated or rescheduled. They represent a cluster-wide resource, abstracting physical storage devices or networked storage services in a unified API. The specification of a PV includes details such as storage capacity, access modes, reclaim policy, and the underlying storage backend type, which can range from cloud provider block storage, Network File System (NFS), to distributed storage systems such as Ceph or GlusterFS.

Persistent Volume Claims (PVCs) act as requests for storage by users or applications. A PVC specifies desired storage requirements including size, access mode, and may optionally reference a Storage Class to influence provisioning. PVCs are bound to matching PVs based on these criteria, establishing a dynamic linkage between the requesting workload and the physical or virtual storage resource. The Kubernetes control plane continuously monitors PVCs and PVs to ensure binding state consistency, reintegrating released storage or provisioning new volumes if necessary.

The Storage Class object serves as a template describing how PVs should be dynamically provisioned. It encapsulates provisioner plugins, parameters such as type of underlying media, replication factors, and reclaim policies. Dynamic provisioning eliminates the need for administrators to create PVs manually; upon PVC requests specifying a Storage Class, Kubernetes invokes the appropriate provisioner to create PVs on-demand. This enhances agility and scalability in multi-tenant and cloud-native environments.

Understanding access modes is critical for designing persistent storage that aligns with application requirements. Kubernetes defines three access modes:

• ReadWriteOnce (RWO): allows a volume to be mounted as read-write by a single node,
• ReadOnlyMany (ROX): permits read-only access by many nodes,
• ReadWriteMany (RWX): supports concurrent read-write access across multiple nodes.

Not all backends support all access modes; for instance, block storage volumes typically support only RWO, whereas networked file systems can offer RWX. Selection of access modes affects data consistency models, performance characteristics, and application design considerations.

The integration of persistent storage within containerized environments presents unique challenges to traditional storage operations. Containers are ephemeral and stateless by design, which conflicts with the need for durable data storage. Kubernetes overcomes this by utilizing the PV/PVC abstraction, which maps ephemeral pod volumes to persistent data stores. However, the container runtime and orchestration cadence introduce complexities such as volume mount propagation, node affinity, and storage lifecycle events that must be coordinated with underlying storage systems. Additionally, container storage interfaces (CSI) standardize volume plugin development, enabling a broad ecosystem of storage solutions to expose their capabilities seamlessly to the Kubernetes control plane.

Storage backends available...