Docker Volumes & Storage
Containers have ephemeral storage — data written to the container layer is lost when the container is removed. Volumes and bind mounts persist data outside the container.
Container storage = writing on a whiteboard (wiped when you leave the room). Volume = a filing cabinet in the hallway (survives room demolition). Bind mount = bringing your own folder from home into the office.
Three types: (1) Volumes — managed by Docker (/var/lib/docker/volumes/), portable, work with volume drivers for cloud storage. (2) Bind mounts — map a host path into the container. (3) tmpfs mounts — in-memory only, not persisted. Volumes are preferred for production: they're portable, don't depend on host directory structure, and Docker manages them. Use docker volume create, inspect, rm. Named volumes vs anonymous volumes (auto-named by Docker).
Volume drivers enable network storage: local (default), NFS, AWS EBS (via Docker plugins). In production Kubernetes replaces Docker volumes — PersistentVolumes (PV) and PVCs map to storage backends (EBS, EFS, NFS, Ceph). Bind mounts are useful in development (live reload, test fixtures) but dangerous in production — a misconfigured bind mount can expose the host filesystem. --volume vs --mount: --mount is more explicit and recommended. Copy semantics: if you mount a volume over a directory that has existing content in the image, Docker copies the image content into the volume on first run.
Container storage is ephemeral — it dies with the container. Volumes are Docker-managed directories outside the container filesystem, persisted across container restarts and removals. Bind mounts map a specific host path. For local dev, bind mounts are great for hot reload. For production, use named volumes or — in Kubernetes — PersistentVolumeClaims. Never use bind mounts in production containers unless you explicitly need host access.
Removing a container with docker rm does NOT remove its volumes. Volumes persist until explicitly removed with docker volume rm or docker volume prune. Use docker rm -v to remove the container and its anonymous volumes together.