Tasks

Kubernetes v1.15 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Edit This Page

Create static Pods

Static Pods are managed directly by the kubelet daemon on a specific node, without the API serverComponent on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. observing them. Unlike Pods that are managed by the control plane (eg, a DeploymentAn API object that manages a replicated application. ; instead, the kubelet watches each static Pod (and restarts it if it crashes). There are no health checks for the containers in a static Pod.

Static Pods are always bound to one KubeletAn agent that runs on each node in the cluster. It makes sure that containers are running in a pod. on a specific node.

Kubelet automatically tries to create a mirror PodAn object in the API server that tracks a static pod on a kubelet. on the Kubernetes API server for each static Pod. This means that the Pods running on a node are visible on the API server, but cannot be controlled from there.

Note: If you are running clustered Kubernetes and are using static Pods to run a Pod on every node, you should probably be using a DaemonSetEnsures a copy of a Pod is running across a set of nodes in a cluster. instead.

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:

To check the version, enter kubectl version.

This page assumes you’re using DockerDocker is a software technology providing operating-system-level virtualization also known as containers. to run Pods, and that your nodes are running the Fedora operating system. Instructions for other distributions or Kubernetes installations may vary.

Create a static pod

You can configure a static Pod two different ways: either by using configuration file(s) or by HTTP.

Filesystem-hosted static Pod manifest

The configuration files are just standard Pod definitions in JSON or YAML format in a specific directory. Use kubelet --pod-manifest-path=<the directory> to start the kubelet or add the staticPodPath: <the directory> field in the KubeletConfiguration file, which periodically scans the directory and creates/deletes static Pods as YAML/JSON files appear/disappear there. Note that the kubelet will ignore files starting with dots when scanning the specified directory.

For example, this is how to start a simple web server as a static Pod:

  1. Choose a node where you want to run the static Pod. In this example, it’s my-node1.

    ssh my-node1
  2. Choose a directory, say /etc/kubelet.d and place a web server Pod definition there, e.g. /etc/kubelet.d/static-web.yaml:

    # Run this command on the node where kubelet is running
    mkdir /etc/kubelet.d/
    cat <<EOF >/etc/kubelet.d/static-web.yaml
    apiVersion: v1
    kind: Pod
    metadata:
    name: static-web
    labels:
    role: myrole
    spec:
    containers:
    - name: web
      image: nginx
      ports:
        - name: web
          containerPort: 80
          protocol: TCP
    EOF
  3. Configure your kubelet on the node to use this directory by running it with --pod-manifest-path=/etc/kubelet.d/ argument or add the staticPodPath: <the directory> field in the KubeletConfiguration file. On Fedora edit /etc/kubernetes/kubelet to include this line:

    KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
    
  4. Restart the kubelet. On Fedora, you would run:

    # Run this command on the node where the kubelet is running
    systemctl restart kubelet

Web-hosted static pod manifest

Kubelet periodically downloads a file specified by --manifest-url=<URL> argument and interprets it as a JSON/YAML file that contains Pod definitions. Similar to how filesystem-hosted manifests work, the kubelet refetches the manifest on a schedule. If there are changes to the list of static Pods, the kubelet applies them.

If you want to use this approach, create a YAML file:

apiVersion: v1
kind: Pod
metadata:
  name: static-web
  labels:
    role: myrole
spec:
  containers:
    - name: web
      image: nginx
      ports:
        - name: web
          containerPort: 80
          protocol: TCP

and store it on a web server so that you can pass the URL of that file to the kubelet.

Configure the kubelet on your selected node to use this web manifest by running it with --manifest-url=<manifest-url>

On Fedora, edit `/etc/kubernetes/kubelet` to include this line:

```
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --manifest-url=<manifest-url>`
```

Now, restart the kubelet. On Fedora, you would run:

```shell
# Run this command on the node where the kubelet is running
systemctl restart kubelet
```

Observe static pod behavior

When the kubelet starts, it automatically starts all defined static Pods. As you have defined a static Pod and restarted the kubelet, the new static Pod should already be running.

You can view running containers (including static Pods) by running (on the node):

# Run this command on the node where kubelet is running
docker ps

The output might be something like:

CONTAINER ID IMAGE         COMMAND  CREATED        STATUS         PORTS     NAMES
f6d05272b57e nginx:latest  "nginx"  8 minutes ago  Up 8 minutes             k8s_web.6f802af4_static-web-fk-node1_default_67e24ed9466ba55986d120c867395f3c_378e5f3c

You can see the mirror Pod on the API server:

kubectl get pods
NAME                       READY     STATUS    RESTARTS   AGE
static-web-my-node1        1/1       Running   0          2m
Note: Make sure the kubelet has permission to create the mirror Pod in the API server. If not, the creation request is rejected by the API server. See PodSecurityPolicy.

LabelsTags objects with identifying attributes that are meaningful and relevant to users. from the static Pod are propagated into the mirror Pod. You can use those labels as normal via selectorsAllows users to filter a list of resources based on labels. , etc.

If you try to use kubectl to delete the mirror Pod from the API server, the kubelet doesn’t remove the static Pod:

kubectl delete pod static-web-my-node1
pod "static-web-my-node1" deleted

You can see that the Pod is still running:

kubectl get pods
NAME                       READY     STATUS    RESTARTS   AGE
static-web-my-node1        1/1       Running   0          12s

Back on your node where the kubelet is running, you can try to stop the Docker container manually. You’ll see that, after a time, the kubelet will notice and will restart the Pod automatically:

# Run these commands on the node where the kubelet is running
docker stop f6d05272b57e # replace with the ID of your container
sleep 20
docker ps
CONTAINER ID        IMAGE         COMMAND                CREATED       ...
5b920cbaf8b1        nginx:latest  "nginx -g 'daemon of   2 seconds ago ...

Dynamic addition and removal of static pods

The running kubelet periodically scans the configured directory (/etc/kubelet.d in our example) for changes and adds/removes Pods as files appear/disappear in this directory.

# This assumes you are using filesystem-hosted static Pod configuration
# Run these commands on the node where the kubelet is running
#
mv /etc/kubelet.d/static-web.yaml /tmp
sleep 20
docker ps
# You see that no nginx container is running
mv /tmp/static-web.yaml  /etc/kubelet.d/
sleep 20
docker ps
CONTAINER ID        IMAGE         COMMAND                CREATED           ...
e7a62e3427f1        nginx:latest  "nginx -g 'daemon of   27 seconds ago

Feedback