Kubernetes StorageClasses

In the old days of Kubernetes (Static Provisioning), if a developer wanted storage, the Administrator had to manually create a disk (PV) first. This is slow and doesn’t scale.

StorageClass (SC) introduces Dynamic Provisioning. It acts as a “blueprint” or a “profile” that allows Kubernetes to create storage automatically when a user asks for it. Instead of the Admin creating 100 PVs manually, they create 1 StorageClass. When developers request storage via a PVC, the StorageClass talks to the cloud provider (AWS, Azure, GCP) and creates the disk instantly.

• Without StorageClass: You have to buy a hard drive, plug it in, and then use it.
• With StorageClass: You just click a button, and a cloud hard drive appears instantly, attached to your server.

Key Characteristics to Remember

• “StorageClass is the bridge between Kubernetes and the Cloud Provider.”
• “No StorageClass = No Dynamic Provisioning.”
• “PVC requests a Class; the Class calls the Cloud API to make the PV.”

Feature	StorageClass (SC)
Who creates it?	Cluster Administrator (One-time setup).
Scope	Cluster-wide (Not tied to any Namespace).
Role	The “Template” or “Profile” that defines how to create storage.
Key Fields	provisioner (Who creates it?), parameters (Disk speed/type), reclaimPolicy (Delete/Retain).
Mutability	Immutable. Once created, you cannot change parameters. You must delete and recreate it.

A StorageClass is a Kubernetes object that defines different “classes” of storage (e.g., “fast-gold”, “cheap-bronze”). It eliminates the need for administrators to pre-provision storage.

The Workflow:

1. Admin defines a StorageClass (e.g., named fast-ssd). This config specifies the Provisioner (e.g., AWS EBS CSI) and Parameters (e.g., type: gp3).
2. Developer creates a PersistentVolumeClaim (PVC). Inside the PVC, they specify storageClassName: fast-ssd.
3. Kubernetes detects the PVC, looks up the fast-ssd StorageClass, and triggers the provisioner.
4. The Provisioner makes an API call to the backend (AWS/GCP/Azure) to create the physical volume.
5. Kubernetes automatically generates a PersistentVolume (PV) object representing that new disk and binds it to the PVC.
6. The Pod starts and mounts the volume.

• The “Default” Class: Most managed clusters (EKS, GKE, AKS) come with a pre-installed StorageClass marked as default. If a PVC doesn’t specify a storageClassName, it uses this one automatically.
• Provisioner Name: This string tells K8s which plugin to use.
  • AWS (New): ebs.csi.aws.com
  • Azure (New): disk.csi.azure.com
  • GCP (New): pd.csi.storage.gke.io
• Parameters: These are the “settings” for the disk. They change depending on the cloud.
  • AWS: type: gp3, iops: 3000, encrypted: true
  • Azure: skuName: Standard_LRS, location: eastus

DevSecOps Architect Level

1. Volume Binding Mode (volumeBindingMode) – Crucial for Architects This setting controls when the volume is actually created.

• Immediate (Default): The PV is created the moment the PVC is created.
  • Risk: The volume might be created in Zone A (us-east-1a), but your cluster might schedule the Pod in Zone B (us-east-1b). The Pod will fail because it can’t reach the disk.
• WaitForFirstConsumer (Best Practice): The PV is NOT created until the Pod is scheduled to a node.
  • Benefit: The Scheduler picks the node first (say, in Zone B). Then, the StorageClass creates the volume in Zone B. This guarantees the storage and compute are in the same Availability Zone.

2. Volume Expansion (allowVolumeExpansion)

• Set allowVolumeExpansion: true in your StorageClass.
• This allows you to edit a live PVC (e.g., change 10Gi to 50Gi) without deleting it. The cloud provider resizes the disk, and the Kubelet expands the file system online.

3. Reclaim Policy (reclaimPolicy)

• Delete (Default): If you delete the PVC, the PV and the real cloud disk are destroyed. (Good for temp data).
• Retain: If you delete the PVC, the PV stays “Released”. The data is safe. You must manually delete the cloud disk if you want to clean up. (Mandatory for Production DBs).

4. Mount Options

• You can pass flags to the Linux mount command via mountOptions.
• Example: debug (for logging), nfsvers=4.1 (for NFS), or noatime (performance tuning).

Architect’s Toolset (Third-Party Storage Solutions):

• Rook (Ceph): Turns your local disks into a distributed storage cluster.
  • Website: https://rook.io/
• OpenEBS: Container Attached Storage (CAS). Very popular for on-premise Kubernetes.
  • Website: https://openebs.io/
• Portworx: Enterprise-grade storage solution with disaster recovery.
  • Website: https://portworx.com/
• Longhorn: Lightweight block storage by Rancher.
  • Website: https://longhorn.io/

Benefits

• Automation: Zero admin intervention required for storage creation.
• Portability: The PVC just asks for “fast-storage”; it doesn’t care if it’s running on AWS, Azure, or On-prem (as long as a matching SC exists).
• Standardization: Admins define the approved storage configurations once.

Technical Challenges, Limitations, Common Issues

Issue	Cause	Solution
PVC Stuck in “Pending”	No StorageClass with that specific name exists.	Check kubectl get sc. Copy the name exactly into the PVC.
“Waiting for first consumer”	The SC uses WaitForFirstConsumer.	This is normal! Deploy a Pod that uses the PVC to trigger creation.
Topology Mismatch	PV created in Zone A, but Pod scheduled in Zone B.	Change SC to volumeBindingMode: WaitForFirstConsumer.
Cannot Delete PVC	“Protection” finalizer is active because a Pod is still using it.	Delete the Pod first. The PVC will delete automatically after.
Volume Resize Failed	allowVolumeExpansion is false or provider doesn’t support it.	Enable it in SC or migrate data to a new PVC.

https://kubernetes.io/docs/concepts/storage/storage-classes

https://kubernetes.io/docs/concepts/storage/dynamic-provisioning