Attaching host storage to a container
We have already talked about the immutable nature of containers. Starting from pre-built images, when we run a container, we instance a read/write layer on top of a stack of read-only layers using a copy-on-write approach.
Containers are ephemeral objects based on a stateful image. This implies that containers are not meant to store data inside them – if a container crashes or is removed, all the data would be lost. We need a way to store data in a separate location that is mounted inside the running container, preserved when the container is removed, and ready to be reused by a new container.
There is another important caveat that should not be forgotten – secrets and config files. When we build an image, we can pass all the files and folders we need inside it. However, sealing secrets like certificates or keys inside a build is not a good practice. If we need, for example, to rotate a certificate, we must rebuild the whole...
