我的书签
添加书签
移除书签Create static Pods
Static Pods are always bound to one Kubelet on a specific node.
The kubelet automatically tries to create a on the Kubernetes API server for each static Pod. This means that the Pods running on a node are visible on the API server, but cannot be controlled from there. The Pod names will be suffixed with the node hostname with a leading hyphen.
Note: If you are running clustered Kubernetes and are using static Pods to run a Pod on every node, you should probably be using a DaemonSet instead.
Note: The of a static Pod cannot refer to other API objects (e.g., , ConfigMap, , etc).
Note: Static pods do not support ephemeral containers.
You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:
To check the version, enter kubectl version.
This page assumes you’re using to run Pods, and that your nodes are running the Fedora operating system. Instructions for other distributions or Kubernetes installations may vary.
You can configure a static Pod with either a or a web hosted configuration file.
Manifests are standard Pod definitions in JSON or YAML format in a specific directory. Use the staticPodPath: <the directory> field in the kubelet configuration file, which periodically scans the directory and creates/deletes static Pods as YAML/JSON files appear/disappear there. Note that the kubelet will ignore files starting with dots when scanning the specified directory.
Choose a node where you want to run the static Pod. In this example, it’s
my-node1.Choose a directory, say
/etc/kubernetes/manifestsand place a web server Pod definition there, for example/etc/kubernetes/manifests/static-web.yaml:# Run this command on the node where kubelet is runningmkdir -p /etc/kubernetes/manifests/cat <<EOF >/etc/kubernetes/manifests/static-web.yamlapiVersion: v1kind: Podmetadata:name: static-weblabels:role: myrolespec:containers:- name: webimage: nginxports:- name: webcontainerPort: 80protocol: TCPEOF
Restart the kubelet. On Fedora, you would run:
# Run this command on the node where the kubelet is running
Web-hosted static pod manifest
Kubelet periodically downloads a file specified by --manifest-url=<URL> argument and interprets it as a JSON/YAML file that contains Pod definitions. Similar to how filesystem-hosted manifests work, the kubelet refetches the manifest on a schedule. If there are changes to the list of static Pods, the kubelet applies them.
To use this approach:
Create a YAML file and store it on a web server so that you can pass the URL of that file to the kubelet.
apiVersion: v1kind: Podmetadata:name: static-weblabels:role: myrolespec:containers:- name: webimage: nginxports:- name: webcontainerPort: 80protocol: TCP
Configure the kubelet on your selected node to use this web manifest by running it with
--manifest-url=<manifest-url>. On Fedora, edit/etc/kubernetes/kubeletto include this line:KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --manifest-url=<manifest-url>"
Restart the kubelet. On Fedora, you would run:
# Run this command on the node where the kubelet is runningsystemctl restart kubelet
You can view running containers (including static Pods) by running (on the node):
The output might be something like:
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID129fd7d382018 docker.io/library/nginx@sha256:... 11 minutes ago Running web 0 34533c6729106
Note: crictl outputs the image URI and SHA-256 checksum. NAME will look more like: docker.io/library/nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31.
You can see the mirror Pod on the API server:
kubectl get pods
NAME READY STATUS RESTARTS AGEstatic-web 1/1 Running 0 2m
Note: Make sure the kubelet has permission to create the mirror Pod in the API server. If not, the creation request is rejected by the API server.
Labels from the static Pod are propagated into the mirror Pod. You can use those labels as normal via , etc.
If you try to use to delete the mirror Pod from the API server, the kubelet doesn’t remove the static Pod:
pod "static-web" deleted
You can see that the Pod is still running:
kubectl get pods
Back on your node where the kubelet is running, you can try to stop the container manually. You’ll see that, after a time, the kubelet will notice and will restart the Pod automatically:
# Run these commands on the node where the kubelet is runningcrictl stop 129fd7d382018 # replace with the ID of your containersleep 20crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID89db4553e1eeb docker.io/library/nginx@sha256:... 19 seconds ago Running web 1 34533c6729106
Once you identify the right container, you can get the logs for that container with crictl:
# Run these commands on the node where the container is runningcrictl logs <container_id>
10.240.0.48 - - [16/Nov/2022:12:45:49 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"10.240.0.48 - - [16/Nov/2022:12:45:50 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"10.240.0.48 - - [16/Nove/2022:12:45:51 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"
The running kubelet periodically scans the configured directory (/etc/kubernetes/manifests in our example) for changes and adds/removes Pods as files appear/disappear in this directory.
# This assumes you are using filesystem-hosted static Pod configuration# Run these commands on the node where the container is running#mv /etc/kubernetes/manifests/static-web.yaml /tmpsleep 20crictl ps# You see that no nginx container is runningmv /tmp/static-web.yaml /etc/kubernetes/manifests/sleep 20crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
