Kubernetes v1.35 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date information, see the latest version.
This page describes security considerations and best practices specific to the Linux operating system.
On Linux nodes, memory-backed volumes (such as secret
volume mounts, or emptyDir with medium: Memory)
are implemented with a tmpfs filesystem.
If you have swap configured and use an older Linux kernel (or a current kernel and an unsupported configuration of Kubernetes), memory backed volumes can have data written to persistent storage.
The Linux kernel officially supports the noswap option from version 6.3,
therefore it is recommended the used kernel version is 6.3 or later,
or supports the noswap option via a backport, if swap is enabled on the node.
Read swap memory management for more info.