With Kubernetes v1.33: Image Volumes Now in Beta!
ayedo Redaktion 3 Minuten Lesezeit

With Kubernetes v1.33: Image Volumes Now in Beta!

Discover what the beta graduation of Image Volumes in Kubernetes v1.33 means for your container strategy.
kubernetes kubernetes-news container storage

Image Volumes were introduced as an alpha feature in Kubernetes version v1.31 and have now been promoted to beta status in version v1.33. This is part of KEP-4639.

It is important to note that the feature is disabled by default, as not all container runtimes offer full support yet. CRI-O has supported the initial feature since version v1.31 and will add support for Image Volumes as a beta in v1.33. containerd has integrated support for the alpha feature, which will be part of version v2.1.0, and is working on beta support as part of PR #11578.

What’s New?

The biggest change with the beta graduation of Image Volumes is the support for subPath and subPathExpr mounts for containers via spec.containers[*].volumeMounts.[subPath,subPathExpr]. This allows end users to mount a specific subdirectory of an Image Volume, which is still mounted as read-only (noexec). This means that non-existent subdirectories cannot be mounted by default. Kubernetes will also ensure that no absolute or relative path components are part of the specified subpath. Container runtimes are also required to verify these requirements for security reasons. If a specified subdirectory in a volume does not exist, the runtimes should fail during container creation and provide feedback to the user through existing Kubelet events.

Additionally, three new Kubelet metrics for Image Volumes are available:

  • kubelet_image_volume_requested_total: Shows the number of requested Image Volumes.
  • kubelet_image_volume_mounted_succeed_total: Counts the number of successful mounts of Image Volumes.
  • kubelet_image_volume_mounted_errors_total: Documents the number of failed mounts of Image Volumes.

Practical Example

To use an existing subdirectory for a specific Image Volume, simply use it as a subPath (or subPathExpr) value in the container’s volumeMounts:

apiVersion: v1
kind: Pod
metadata:
  name: image-volume
spec:
  containers:
  - name: shell
    command: ["sleep", "infinity"]
    image: debian
    volumeMounts:
    - name: volume
      mountPath: /volume
      subPath: dir
  volumes:
  - name: volume
    image:
      reference: quay.io/crio/artifact:v2
      pullPolicy: IfNotPresent

Create the Pod in your cluster:

kubectl apply -f image-volumes-subpath.yaml

Now you can connect to the container:

kubectl attach -it image-volume bash

And check the contents of the file from the dir subdirectory in the volume:

cat /volume/file

The output should be similar to:

none 1

Thank you for reading this blog post to the end! SIG Node is proud to provide this feature as part of Kubernetes v1.33.

As the author of this blog post, I would like to extend my special thanks to everyone involved!

If you have feedback or suggestions, feel free to reach out to SIG Node via the Kubernetes Slack (#sig-node) channel or the SIG Node mailing list.

Source: Kubernetes Blog

Vorheriger Post Alle Posts Nächster Post

Ähnliche Artikel