{"id":22792,"date":"2024-06-19T23:34:19","date_gmt":"2024-06-19T20:34:19","guid":{"rendered":"https:\/\/kifarunix.com\/?p=22792"},"modified":"2024-06-19T23:34:22","modified_gmt":"2024-06-19T20:34:22","slug":"kubernetes-pod-management-static-pods-vs-mirror-pods-vs-daemonsets","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/kubernetes-pod-management-static-pods-vs-mirror-pods-vs-daemonsets\/","title":{"rendered":"Kubernetes Pod Management: Static Pods vs Mirror Pods vs DaemonSets"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1065\" height=\"593\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/06\/kubernetes-static-vs-mirror-vs-daemonsets.png\" alt=\"Static Pods vs Mirror Pods vs DaemonSets\" class=\"wp-image-22958\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/06\/kubernetes-static-vs-mirror-vs-daemonsets.png 1065w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/06\/kubernetes-static-vs-mirror-vs-daemonsets-768x428.png 768w\" sizes=\"(max-width: 1065px) 100vw, 1065px\" \/><\/figure>\n\n\n\n<p>This tutorial serves as a guide to demystify different type of Kubernetes pods, in essence, Static Pods vs Mirror Pods vs DaemonSets. In Kubernetes, a <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/pods\/\" target=\"_blank\" rel=\"noreferrer noopener\">pod<\/a> is the fundamental unit of deployment, representing a logical collection of one or more containers that share resources resources such as storage volumes, network namespace, and IP addresses within the Kubernetes ecosystem. Pods serve as the basic building blocks for applications and services, encapsulating containers with shared storage\/networking and a specification for how to run them.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#static-pods-vs-mirror-pods-vs-daemon-sets\">Static Pods vs Mirror Pods vs DaemonSets<\/a><ul><li><a href=\"#kubernetes-static-pods\">Kubernetes Static Pods<\/a><\/li><li><a href=\"#kubernetes-mirror-pods\">Kubernetes Mirror Pods<\/a><\/li><li><a href=\"#kubernetes-daemon-sets\">Kubernetes DaemonSets<\/a><\/li><li><a href=\"#conclustion\">Conclustion<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"static-pods-vs-mirror-pods-vs-daemon-sets\">Static Pods vs Mirror Pods vs DaemonSets<\/h2>\n\n\n\n<p>In a Kubernetes ecosystem, what exactly is the difference between static pods, mirror pods and daemonsets?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"kubernetes-static-pods\">Kubernetes Static Pods<\/h3>\n\n\n\n<p>What is a static pod in Kubernetes?<\/p>\n\n\n\n<p>A static pod is a type of pod in Kubernetes that is managed directly by the kubelet on a specific node, without the involvement of the Kubernetes control plane (kube-apiserver). They are neither managed by controllers like Deployment or ReplicaSet.<\/p>\n\n\n\n<p>Static Pods&#8217; configuration manifest files are typically located in a directory watched by the kubelet (e.g., <strong>\/etc\/kubernetes\/manifests<\/strong>). The kubelet monitors this directory and starts or stops these pods as necessary. Depending on your container runtime interface, you can watch these pods status by listing the running containers and checking their respective containers.<\/p>\n\n\n\n<p>e.g<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo crictl ps<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>CONTAINER           IMAGE               CREATED             STATE               NAME                        ATTEMPT             POD ID              POD\nb44d8e7641002       3861cfcd7c04c       23 hours ago        Running             etcd                        0                   ed7b93674545c       etcd-master-02\n...\n0c0e38d096416       53c535741fb44       25 hours ago        Running             kube-proxy                  2                   607aed66a0eef       kube-proxy-46hnc\n0535cad22c9a1       56ce0fd9fb532       27 hours ago        Running             kube-apiserver              1                   e4bdd152fae58       kube-apiserver-master-02\n20e4134130f4d       e874818b3caac       27 hours ago        Running             kube-controller-manager     1                   74e6d07084302       kube-controller-manager-master-02\nad611bac53b83       7820c83aa1394       27 hours ago        Running             kube-scheduler              1                   52f0cab4cfeb3       kube-scheduler-master-02\n<\/code><\/pre>\n\n\n\n<p>The main Kubernetes control plane components (<strong>apiserver, scheduler, etcd, controller-manager<\/strong>) usually run as static pods. In a Kubeadm cluster, their manifests YAML configuration files reside under <strong>\/etc\/kubernetes\/manifests<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/etc\/kubernetes\/manifests -1<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>etcd.yaml\nkube-apiserver.yaml\nkube-controller-manager.yaml\nkube-scheduler.yaml\n<\/code><\/pre>\n\n\n\n<p>Sample <strong>etcd.yaml<\/strong> contents.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cat \/etc\/kubernetes\/manifests\/etcd.yaml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>apiVersion: v1\nkind: Pod\nmetadata:\n  annotations:\n    kubeadm.kubernetes.io\/etcd.advertise-client-urls: https:\/\/192.168.122.59:2379\n  creationTimestamp: null\n  labels:\n    component: etcd\n    tier: control-plane\n  name: etcd\n  namespace: kube-system\nspec:\n  containers:\n  - command:\n    - etcd\n    - --advertise-client-urls=https:\/\/192.168.122.59:2379\n    - --cert-file=\/etc\/kubernetes\/pki\/etcd\/server.crt\n    - --client-cert-auth=true\n    - --data-dir=\/var\/lib\/etcd\n    - --experimental-initial-corrupt-check=true\n    - --experimental-watch-progress-notify-interval=5s\n    - --initial-advertise-peer-urls=https:\/\/192.168.122.59:2380\n    - --initial-cluster=master-02=https:\/\/192.168.122.59:2380\n    - --key-file=\/etc\/kubernetes\/pki\/etcd\/server.key\n    - --listen-client-urls=https:\/\/127.0.0.1:2379,https:\/\/192.168.122.59:2379\n    - --listen-metrics-urls=http:\/\/127.0.0.1:2381\n    - --listen-peer-urls=https:\/\/192.168.122.59:2380\n    - --name=master-02\n    - --peer-cert-file=\/etc\/kubernetes\/pki\/etcd\/peer.crt\n    - --peer-client-cert-auth=true\n    - --peer-key-file=\/etc\/kubernetes\/pki\/etcd\/peer.key\n    - --peer-trusted-ca-file=\/etc\/kubernetes\/pki\/etcd\/ca.crt\n    - --snapshot-count=10000\n    - --trusted-ca-file=\/etc\/kubernetes\/pki\/etcd\/ca.crt\n    image: registry.k8s.io\/etcd:3.5.12-0\n    imagePullPolicy: IfNotPresent\n    livenessProbe:\n      failureThreshold: 8\n      httpGet:\n        host: 127.0.0.1\n        path: \/health?exclude=NOSPACE&serializable=true\n        port: 2381\n        scheme: HTTP\n      initialDelaySeconds: 10\n      periodSeconds: 10\n      timeoutSeconds: 15\n    name: etcd\n    resources:\n      requests:\n        cpu: 100m\n        memory: 100Mi\n    startupProbe:\n      failureThreshold: 24\n      httpGet:\n        host: 127.0.0.1\n        path: \/health?serializable=false\n        port: 2381\n        scheme: HTTP\n      initialDelaySeconds: 10\n      periodSeconds: 10\n      timeoutSeconds: 15\n    volumeMounts:\n    - mountPath: \/var\/lib\/etcd\n      name: etcd-data\n    - mountPath: \/etc\/kubernetes\/pki\/etcd\n      name: etcd-certs\n  hostNetwork: true\n  priority: 2000001000\n  priorityClassName: system-node-critical\n  securityContext:\n    seccompProfile:\n      type: RuntimeDefault\n  volumes:\n  - hostPath:\n      path: \/etc\/kubernetes\/pki\/etcd\n      type: DirectoryOrCreate\n    name: etcd-certs\n  - hostPath:\n      path: \/var\/lib\/etcd\n      type: DirectoryOrCreate\n    name: etcd-data\nstatus: {}\n<\/code><\/pre>\n\n\n\n<p>Kubelet service maybe configured to use a different static pod path. Therefore, to find out the current static pod path, you can check the value of the <strong>staticPodPath<\/strong> parameter in the Kubelet configuration file, <strong>\/var\/lib\/kubelet\/config.yaml<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep <strong>staticPodPath<\/strong> \/var\/lib\/kubelet\/config.yaml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>staticPodPath: \/etc\/kubernetes\/manifests<\/code><\/pre>\n\n\n\n<p>Static Pods usually have the hostname of the node under which they are running suffixed on their names.<\/p>\n\n\n\n<p>See example below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl get nodes -n kube-system<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>NAME                                READY   STATUS    RESTARTS      AGE\n...\netcd-master-01                      1\/1     Running   1 (27h ago)   3d2h\netcd-master-02                      1\/1     Running   0             23h\netcd-master-03                      1\/1     Running   0             23h\nkube-apiserver-master-01            1\/1     Running   1 (27h ago)   3d2h\nkube-apiserver-master-02            1\/1     Running   1 (27h ago)   3d2h\nkube-apiserver-master-03            1\/1     Running   1 (27h ago)   3d2h\nkube-controller-manager-master-01   1\/1     Running   1 (27h ago)   3d2h\nkube-controller-manager-master-02   1\/1     Running   1 (27h ago)   3d2h\nkube-controller-manager-master-03   1\/1     Running   1 (27h ago)   3d2h\n...\n...\nkube-scheduler-master-01            1\/1     Running   1 (27h ago)   3d2h\nkube-scheduler-master-02            1\/1     Running   1 (27h ago)   3d2h\nkube-scheduler-master-03            1\/1     Running   1 (27h ago)   3d2h\n<\/code><\/pre>\n\n\n\n<p>For examples on how to create Static Pods, refer to the <a href=\"https:\/\/kubernetes.io\/docs\/tasks\/configure-pod-container\/static-pod\/\" target=\"_blank\" rel=\"noreferrer noopener\">documentation<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"kubernetes-mirror-pods\">Kubernetes Mirror Pods<\/h3>\n\n\n\n<p>Mirror Pods are virtual representations of Static Pods. They provide a mechanism for local visibility of Static Pods within the Kubernetes API server. Mirror pods make it easy to discover and retrieve information about Static Pods using <strong>kubectl<\/strong> commands on the API server. See example of getting static pods above.<\/p>\n\n\n\n<p>In essence, Mirror Pods are a byproduct of Static Pods. The kubelet creates a Mirror Pod for every detected Static Pod manifest file. However, any changes made to a Static Pod manifest only affect the actual Static Pod on the node it is running.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"kubernetes-daemon-sets\">Kubernetes DaemonSets<\/h3>\n\n\n\n<p>A DaemonSet on the other hand is not a pod itself, but rather a resource that manages pods. So what is it exactly? A DaemonSet is a Kubernetes resource that ensure that all (or some) nodes run a copy of a specific pod. They automatically add or remove pods as nodes are added or removed from the cluster.<\/p>\n\n\n\n<p>Common use cases include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Logging and Monitoring:<\/strong> DaemonSets are perfect for deploying logging agents like Fluentd or monitoring tools like Prometheus Node Exporter on every node in a cluster.<\/li>\n\n\n\n<li><strong>Node-Specific Utilities:<\/strong> You can use DaemonSets to deploy utilities specific to each node, such as local volume storage provisioners.<\/li>\n\n\n\n<li>&#8230;<\/li>\n<\/ul>\n\n\n\n<p>So, what mechanism does the DaemonSets use to ensure that all eligible nodes run a copy of a specific Pod?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Node Selector<\/strong>: DaemonSets use a node selector to determine which nodes are eligible to run the DaemonSet pod. A node selector is a field in the DaemonSet specification (<strong>spec.template.spec.nodeSelector<\/strong>) that specifies a set of key-value pairs. These pairs match labels assigned to nodes. Only nodes that match these labels are considered eligible to run the DaemonSet pod.<\/li>\n\n\n\n<li><strong>Node Affinity<\/strong>: In addition to node selectors, DaemonSets can also use node affinity settings (<strong>spec.template.spec.affinity.nodeAffinity<\/strong>) to further refine node selection. Node affinity allows DaemonSets to specify more complex rules based on node labels, such as required or preferred nodes for running the DaemonSet pod.<\/li>\n\n\n\n<li><strong>Taints and Tolerations<\/strong>: DaemonSets can also utilize Kubernetes&#8217; taints and tolerations mechanism (spec.template.spec.tolerations) to ensure that DaemonSet pods can tolerate specific node conditions (taints). This allows DaemonSets to schedule pods on nodes that have specific taints applied, ensuring flexibility in node selection based on cluster requirements.<\/li>\n<\/ul>\n\n\n\n<p>To check available DaemonSets in a Kubernetes cluster, simply run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl get daemonsets --all-namespaces<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>NAMESPACE       NAME              DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE\ncalico-system   calico-node       6         6         6       6            6           kubernetes.io\/os=linux   3d2h\ncalico-system   csi-node-driver   6         6         6       6            6           kubernetes.io\/os=linux   3d2h\nkube-system     kube-proxy        6         6         6       6            6           kubernetes.io\/os=linux   3d2h\n<\/code><\/pre>\n\n\n\n<p>To get more details about a deamonset;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl describe daemonset kube-proxy -n kube-system<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>Name:           kube-proxy\nSelector:       k8s-app=kube-proxy\nNode-Selector:  kubernetes.io\/os=linux\nLabels:         k8s-app=kube-proxy\nAnnotations:    deprecated.daemonset.template.generation: 1\nDesired Number of Nodes Scheduled: 6\nCurrent Number of Nodes Scheduled: 6\nNumber of Nodes Scheduled with Up-to-date Pods: 6\nNumber of Nodes Scheduled with Available Pods: 6\nNumber of Nodes Misscheduled: 0\nPods Status:  6 Running \/ 0 Waiting \/ 0 Succeeded \/ 0 Failed\nPod Template:\n  Labels:           k8s-app=kube-proxy\n  Service Account:  kube-proxy\n  Containers:\n   kube-proxy:\n    Image:      registry.k8s.io\/kube-proxy:v1.30.2\n    Port:       &lt;none&gt;\n    Host Port:  &lt;none&gt;\n    Command:\n      \/usr\/local\/bin\/kube-proxy\n      --config=\/var\/lib\/kube-proxy\/config.conf\n      --hostname-override=$(NODE_NAME)\n    Environment:\n      NODE_NAME:   (v1:spec.nodeName)\n    Mounts:\n      \/lib\/modules from lib-modules (ro)\n      \/run\/xtables.lock from xtables-lock (rw)\n      \/var\/lib\/kube-proxy from kube-proxy (rw)\n  Volumes:\n   kube-proxy:\n    Type:      ConfigMap (a volume populated by a ConfigMap)\n    Name:      kube-proxy\n    Optional:  false\n   xtables-lock:\n    Type:          HostPath (bare host directory volume)\n    Path:          \/run\/xtables.lock\n    HostPathType:  FileOrCreate\n   lib-modules:\n    Type:               HostPath (bare host directory volume)\n    Path:               \/lib\/modules\n    HostPathType:       \n  Priority Class Name:  system-node-critical\n  Node-Selectors:       kubernetes.io\/os=linux\n  Tolerations:          op=Exists\nEvents:                 &lt;none&gt;\n<\/code><\/pre>\n\n\n\n<p>Read more about DaemonSets on the <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/controllers\/daemonset\/\" target=\"_blank\" rel=\"noreferrer noopener\">documentation page<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"conclustion\">Conclustion<\/h3>\n\n\n\n<p>In summary;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DaemonSet:<\/strong> Ensures a specific Pod runs on every node (or a subset) in your cluster. Ideal for deploying ubiquitous services like logging agents or monitoring tools across all nodes.<\/li>\n\n\n\n<li><strong>Static Pod:<\/strong> A dedicated pod deployed directly on a specific node, managed by the <code class=\"\">kubelet<\/code> service.<\/li>\n\n\n\n<li><strong>Mirror Pod:<\/strong> A virtual representation of a Static Pod residing within the Kubernetes API server. Provides limited visibility and management capabilities for the actual Static Pod running on specific nodes.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This tutorial serves as a guide to demystify different type of Kubernetes pods, in essence, Static Pods vs Mirror Pods vs DaemonSets. In Kubernetes, a<\/p>\n","protected":false},"author":10,"featured_media":22958,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[1076,121,1668],"tags":[7541,7540,7539,7543,7542],"class_list":["post-22792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-containers","category-howtos","category-kubernetes","tag-kubernetes-daemonsets","tag-kubernetes-mirror-pods","tag-kubernetes-static-pods","tag-static-pods-vs-daemonsets","tag-static-vs-mirror-pods","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22792"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=22792"}],"version-history":[{"count":10,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22792\/revisions"}],"predecessor-version":[{"id":22959,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22792\/revisions\/22959"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/22958"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=22792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=22792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=22792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}