What Are Ephemeral Volumes in Kubernetes?
Ephemeral volumes are storage volumes tied to the Pod lifecycle — they are created when the Pod starts and deleted when the Pod is removed. Types include emptyDir, configMap, secret, downwardAPI, and CSI ephemeral volumes.
Detailed Answer
Ephemeral volumes provide storage that is created and destroyed with the Pod. They are ideal for scratch space, caches, temporary files, and inter-container data sharing within a Pod.
Types of Ephemeral Volumes
| Type | Backed By | Data Persistence | Use Case |
|------|-----------|-------------------|----------|
| emptyDir | Disk or RAM | Pod lifetime | Scratch space, caches, shared temp data |
| configMap | ConfigMap | Static content | Configuration files |
| secret | Secret | Static content | Credentials, TLS certs |
| downwardAPI | Pod metadata | Dynamic | Expose Pod labels, annotations to containers |
| CSI ephemeral | CSI driver | Pod lifetime | Secrets injection (e.g., Vault) |
| Generic ephemeral | StorageClass PVC | Pod lifetime | High-performance scratch with auto-cleanup |
emptyDir
The most common ephemeral volume. Created empty when the Pod starts, shared between containers in the Pod:
apiVersion: v1
kind: Pod
metadata:
name: data-processor
spec:
containers:
- name: writer
image: data-writer:1.0
volumeMounts:
- name: scratch
mountPath: /data/output
resources:
requests:
cpu: "250m"
memory: "256Mi"
- name: reader
image: data-reader:1.0
volumeMounts:
- name: scratch
mountPath: /data/input
resources:
requests:
cpu: "100m"
memory: "128Mi"
volumes:
- name: scratch
emptyDir: {}
Both containers share the same volume — the writer puts files in /data/output and the reader consumes them from /data/input.
emptyDir with Memory Backing
For high-speed I/O, use medium: Memory to create a tmpfs:
volumes:
- name: cache
emptyDir:
medium: Memory
sizeLimit: 256Mi
Important caveats:
- Data stored in memory tmpfs counts against the container's memory limit
- Data is lost on Pod restart (not just container restart — unlike disk-backed emptyDir)
- If the Pod exceeds the
sizeLimit, it is evicted
emptyDir with Size Limit
volumes:
- name: scratch
emptyDir:
sizeLimit: 1Gi
The kubelet monitors disk usage and evicts the Pod if it exceeds the limit.
Generic Ephemeral Volumes
Generic ephemeral volumes (GA since 1.23) use standard StorageClass provisioning but tie the PVC lifecycle to the Pod:
apiVersion: v1
kind: Pod
metadata:
name: ml-trainer
spec:
containers:
- name: trainer
image: ml-training:1.0
volumeMounts:
- name: fast-scratch
mountPath: /data/scratch
resources:
requests:
cpu: "4"
memory: "16Gi"
volumes:
- name: fast-scratch
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: fast-ssd
resources:
requests:
storage: 100Gi
When the Pod is created, Kubernetes automatically creates a PVC. When the Pod is deleted, the PVC and its PV are automatically cleaned up. This gives you the performance of real block storage with the convenience of automatic lifecycle management.
CSI Ephemeral Volumes
CSI ephemeral volumes allow CSI drivers to provide Pod-scoped storage. A common use case is injecting secrets from HashiCorp Vault:
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
serviceAccountName: app-sa
containers:
- name: app
image: myapp:1.0
volumeMounts:
- name: vault-secrets
mountPath: /vault/secrets
readOnly: true
resources:
requests:
cpu: "100m"
memory: "128Mi"
volumes:
- name: vault-secrets
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: vault-db-creds
Projected Volumes
Projected volumes combine multiple ephemeral sources into a single mount:
volumes:
- name: pod-info
projected:
sources:
- configMap:
name: app-config
- secret:
name: app-tls
- downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- serviceAccountToken:
path: token
expirationSeconds: 3600
audience: api.example.com
When to Use Ephemeral vs. Persistent Storage
| Scenario | Storage Type | Volume Type | |----------|-------------|-------------| | Database data | Persistent | PVC with StorageClass | | Build artifacts (temp) | Ephemeral | emptyDir | | ML training scratch | Ephemeral | Generic ephemeral (fast SSD) | | Application cache | Ephemeral | emptyDir (memory or disk) | | Shared data between containers | Ephemeral | emptyDir | | Configuration files | Ephemeral | configMap | | Vault secrets | Ephemeral | CSI ephemeral | | User uploads | Persistent | PVC (NFS or object storage) |
Monitoring Ephemeral Storage Usage
# Check ephemeral storage usage on nodes
kubectl describe node <node-name> | grep -A 5 "Allocated resources"
# Check Pod ephemeral storage
kubectl get pod data-processor -o jsonpath='{.spec.containers[*].resources}'
# Set resource limits to prevent runaway usage
resources:
requests:
ephemeral-storage: "1Gi"
limits:
ephemeral-storage: "2Gi"
Common Pitfalls
- Storing important data in emptyDir: All data is lost when the Pod is removed
- Not setting sizeLimit: Without limits, a misbehaving container can fill the node's disk
- Memory-backed emptyDir without memory limits: tmpfs usage counts against memory, causing OOMKill
- Forgetting generic ephemeral cleanup: If a Pod is force-deleted, the PVC may not be cleaned up (check for orphaned PVCs)
Why Interviewers Ask This
Understanding when to use ephemeral vs. persistent storage is fundamental for designing stateful workloads correctly. Misusing ephemeral storage for persistent data causes data loss.
Common Follow-Up Questions
Key Takeaways
- Ephemeral volumes are deleted when the Pod is removed — never use them for data you need to keep.
- emptyDir is the most common ephemeral volume, useful for scratch space and inter-container communication.
- Generic ephemeral volumes combine the flexibility of PVCs with automatic lifecycle management.