Back to all scenarios
Scenario #311
Storage
Kubernetes v1.24, CSI Volume Cloning enabled

StatefulSet Volume Cloning Results in Data Leakage

Cloning PVCs between StatefulSet pods led to shared data unexpectedly appearing in new replicas.

Find this helpful?
What Happened

Engineers used volume cloning to duplicate data for new pods. They assumed data would be copied and isolated. However, clones preserved file locks and session metadata, which caused apps to behave erratically.

Diagnosis Steps
  • 1New pods accessed old session data unexpectedly.
  • 2lsblk and md5sum on cloned volumes showed identical data.
  • 3Verified cloning was done via StorageClass that didn't support true snapshot isolation.
Root Cause

Misunderstanding of cloning behavior — logical clone ≠ deep copy.

Fix/Workaround
• Stopped cloning and switched to backup/restore-based provisioning.
• Used rsync with integrity checks instead.
Lessons Learned

Not all clones are deep copies ; understand your CSI plugin's clone semantics.

How to Avoid
  • 1Use cloning only for stateless data unless supported thoroughly.
  • 2Validate cloned volume content before production use.
Previous ScenarioNext Scenario