Volumes
Cycle supports mounting host node storage directly into containers via volumes . Volumes are mounted using ext4 per instance with DirectLVM, meaning volumes are thinly provisioned (taking only the amount of space needed to store the files, up to their max size).
Volumes are accessible from within the container at the specified path. Cycle also provides abstractions to be able to remotely access the contents of volumes without needing to go through the container process directly.
Specifying Volumes for a Container
On Cycle, volumes can be added to stateful or stateless containers. The main difference being that stateless containers will not persist data written to a volume between restarts.
The platform will automatically recognize volumes that are a part of the Dockerfile used to create the container image.
For example: A very simple node image with the volume myvol in the root directory will be automatically picked up when using the container deploy form.
FROM node:alpine
VOLUME /myvolA user can also add a volume through the container deploy form in the portal, or programmatically through the API.
Granular volume management is also available in stacks.
Volume Configuration Options
Volume configuration is split into two distinct places: before create and after create. This is due to the nature of some of the options being immutable once created.
Volume Configuration Before Create
| Field | Description |
|---|---|
| Destination | The target location or host for the storage volume. Determines where the volume will be created or attached. |
| Max Size | Specifies the maximum size allocated to the storage volume. The size unit (e.g., GB) can be selected from the dropdown. |
| Storage Type | Selects the storage backend. Options include Local Disk (uses the underlying server's physical storage) or SAN (connects to a Storage Area Network via iSCSI). |
| Storage Pool | Defines which storage pool to use for allocating the volume. Typically defaults to a preconfigured pool (e.g., “Default”). |
Volume Configuration After Create
| Field | Description |
|---|---|
| Max Size | Defines the maximum storage capacity allocated to the volume. This sets the upper limit for how much data can be stored, typically specified in gigabytes (GB). |
| Read Only | When enabled, the volume is mounted in a read-only state — meaning data can be read from the volume but cannot be modified, written, or deleted. Useful for protecting critical or shared data. |
Remote Access via SFTP
Remote access can be configured on a per-volume basis. Enabling this feature allows SFTP connections directly to the volume's underlying storage. This provides a convenient method for transferring data to and from the volume without requiring interaction with the running container or incurring container processing overhead. Connection details are generated and displayed for each instance volume when SFTP access is configured.
Configuration Requirements
Enabling SFTP access involves two essential configuration steps:
- Volume-Level Setting: SFTP access must first be enabled specifically for the target container volume.
- Host-Level Setting: The host node where the container instance resides must also have SFTP enabled globally. This setting is managed on the server settings page.
The host-level setting is necessary because the host node exposes port 2022 to handle incoming SFTP connections. Access through this port is secured using a specified password, which can be stored in plain text, MD5, or SHA512 hash format. Enabling SFTP access on the host node introduces a potential security risk that should be carefully considered before enabling.
Remote SFTP access connects directly to the volume via the host node's SFTP service. Consequently, the associated container instance does not need to be online to establish a connection and transfer files.
Refer to the guide on Setting Up Remote Access for Container Volumes for detailed instructions.
SFTP Security
Increased Security Risk
Enabling SFTP inherently increases security risk to the host node and volume data. Generation of strong, unique passwords and frequent password rotation are strongly recommended security practices.
SFTP access is secured by the password configured during the setup process. For enhanced security, access to the volume via SFTP can be further restricted by specifying allowed IP addresses or ranges.
The platform actively monitors connection attempts for patterns indicative of intrusion attempts. If an excessive number of failed connection attempts occur within a brief period, the platform will automatically place the affected volume into a temporary 'lockdown' mode. During this lockdown period, authentication attempts from new IP addresses are blocked. However, connections originating from IP addresses that have previously authenticated successfully remain permitted.
Storage Pools
Cycle will automatically create an isolated storage pool that contains any attached storage devices whose size is greater than 2TB. The storage pool consists of a physical volume and a volume group (PV + VG).
For example, 3x 2TB disks will yield 6TB of usable storage, while 2x 2TB disks will yield 2TB with RAID1+0.
Instance volumes can utilize this storage pool rather than the base disk by selecting the 'storage pool' option during container create.