Volumes
Cycle supports mounting host node storage directly into containers via volumes . Volumes are mounted using ext4 per instance with DirectLVM, meaning volumes are thinly provisioned (taking only the amount of space needed to store the files, up to their max size).
Volumes are accessible from within the container at the specified path. Cycle also provides abstractions to be able to remotely access the contents of volumes without needing to go through the container process directly.
Specifying Volumes for a Container
On Cycle, volumes are only attached to stateful containers.
In order for a stateful container to have a volume attached, the volume must be defined in the Dockerfile used to create the container's base image. There is no way to attach a volume to a container that does not have the volume specified in the Dockerfile. That said, it is possible to create a wrapper with a Dockerfile that adds volumes, which can be used from the container's base image.
FROM node:alpine
VOLUME /myvol
Using the above Dockerfile, Cycle will attach a volume at /myvol
to any instances created.
Volume Configuration Options
Volumes have several configuration options available, and are managed at the container level.
- Max Size: The max size a volume can grow to. Since volumes are thinly provisioned, the actual size is dynamic and the volume will only take up the amount of space necessary to contain its stored files.
- Read-Only: Volumes can be set to read-only, so they only ever store files that were added to them when the container image was built.
Remote Access via SFTP
Remote access can be configured on a per-volume basis. Enabling this feature allows SFTP connections directly to the volume's underlying storage. This provides a convenient method for transferring data to and from the volume without requiring interaction with the running container or incurring container processing overhead. Connection details are generated and displayed for each instance volume when SFTP access is configured.
Configuration Requirements
Enabling SFTP access involves two essential configuration steps:
- Volume-Level Setting: SFTP access must first be enabled specifically for the target container volume.
- Host-Level Setting: The host node where the container instance resides must also have SFTP enabled globally. This setting is managed on the server settings page.
The host-level setting is necessary because the host node exposes port 2022 to handle incoming SFTP connections. Access through this port is secured using a specified password, which can be stored in plain text, MD5, or SHA512 hash format. Enabling SFTP access on the host node introduces a potential security risk that should be carefully considered before enabling.
Remote SFTP access connects directly to the volume via the host node's SFTP service. Consequently, the associated container instance does not need to be online to establish a connection and transfer files.
Refer to the guide on Setting Up Remote Access for Container Volumes for detailed instructions.
SFTP Security
Increased Security Risk
Enabling SFTP inherently increases security risk to the host node and volume data. Generation of strong, unique passwords and frequent password rotation are strongly recommended security practices.
SFTP access is secured by the password configured during the setup process. For enhanced security, access to the volume via SFTP can be further restricted by specifying allowed IP addresses or ranges.
The platform actively monitors connection attempts for patterns indicative of intrusion attempts. If an excessive number of failed connection attempts occur within a brief period, the platform will automatically place the affected volume into a temporary 'lockdown' mode. During this lockdown period, authentication attempts from new IP addresses are blocked. However, connections originating from IP addresses that have previously authenticated successfully remain permitted.
Storage Pools
Cycle will automatically create an isolated storage pool that contains any attached storage devices whose size is greater than 2TB. The storage pool consists of a physical volume and a volume group (PV + VG).
For example, 3x 2TB disks will yield 6TB of usable storage, while 2x 2TB disks will yield 2TB with RAID1+0.
Instance volumes can utilize this storage pool rather than the base disk by selecting the 'storage pool' option during container create.