chapter three
3 Volumes
This chapter covers
- Using volumes to isolate data from the containerized application.
- Sharing content from your host into containers via volumes
- Using volumes with the user namespace and SELinux
- Embedding volumes into container images
- Exploring different types of volumes and the volumeman volume commands
Up until now the containers you have been working with include all of their content within the container image. As I described in chapter 1, the only thing required to be shared with traditional containers is the Linux kernel. There are several reasons why you need to isolate application data from the application, including the following:
- Avoid embedding actual data for applications such as databases.
- Use the same container image to run multiple different environments.
- Reduce overhead and improve storage read/write performance, since volumes write directly to the file system, while containers use the overlay or fuse-overlayfs file system to mount their layers. Overlay is a layered file system, meaning that the kernel needs to copy the previous layer entirely in order to create a new layer. And fuse-overlay switches each read and write from kernel space to user space and back. All of this creates quite an overhead.
- Share content available via network storage.