1080*80 ad
Home » Blog » Kubernetes Pod Management: Static, Mirror, and DaemonSets

Kubernetes Pod Management: Static, Mirror, and DaemonSets

Benhcmark Administrator Benhcmark Administrator
05/09/2025
0 Views 0
Kubernetes Pod Management: Static, Mirror, and DaemonSets

Static Pods vs. DaemonSets: Mastering Kubernetes Node-Level Pod Management

Managing applications in Kubernetes often involves controllers like Deployments or StatefulSets, which abstract away the complexities of pod placement and lifecycle. However, certain critical tasks require a more direct and precise approach to ensure pods run on specific nodes or even every single node in the cluster. This is where two powerful but distinct concepts come into play: Static Pods and DaemonSets.

Understanding the difference between these two is crucial for building a robust, observable, and secure Kubernetes environment. Let’s explore how they work, their primary use cases, and when to choose one over the other.

What Are Static Pods?

Static Pods are a special type of pod managed directly by the kubelet daemon on a specific node, without the intervention of the Kubernetes API server. This is a fundamental departure from the standard Kubernetes model where the control plane dictates pod scheduling.

Here’s how they work:

  • The kubelet on a node monitors a specific directory on its local filesystem (typically /etc/kubernetes/manifests/).
  • When a pod manifest file (a standard YAML or JSON definition) is placed in this directory, the kubelet automatically creates the pod on that node.
  • If the pod fails, the kubelet will attempt to restart it.
  • If the manifest file is removed from the directory, the kubelet will terminate the pod.

Because they bypass the API server’s scheduler and controllers, Static Pods are intrinsically tied to the lifecycle of the kubelet on a single host machine. They are not part of any ReplicaSet or Deployment and cannot be managed through kubectl in the usual way.

The Role of Mirror Pods

If Static Pods aren’t managed by the API server, how can we see them? This is where Mirror Pods come in. For every Static Pod it creates, the kubelet automatically creates a read-only “mirror” Pod object in the Kubernetes API server.

This mirror pod allows you to view the Static Pod using commands like kubectl get pods, but you cannot modify or delete it through the API. Attempting to delete a mirror pod will be ignored, as the true source of control is the manifest file on the host node. This makes Static Pods visible for monitoring and inspection without ceding control from the kubelet.

When to Use Static Pods

The primary use case for Static Pods is for bootstrapping the Kubernetes control plane itself. Components like the API server, Controller Manager, and Scheduler often run as Static Pods on control plane nodes. This creates a self-hosting system where the cluster can bring itself up without an already-existing control plane to schedule its own components.

Key Use Cases:

  • Running control plane components like etcd, kube-apiserver, kube-scheduler, and kube-controller-manager.
  • Deploying a critical node-level agent that must run even if the API server is unavailable.

What Are DaemonSets?

A DaemonSet is a standard Kubernetes controller that ensures a copy of a specific pod runs on all (or a subset of) nodes in a cluster. Unlike Static Pods, DaemonSets are fully managed through the Kubernetes API server and leverage the full power of the Kubernetes control plane.

When a DaemonSet is created, the Kubernetes scheduler automatically places a pod on every node that matches the DaemonSet’s scheduling constraints.

Key characteristics of DaemonSets include:

  • Automatic Node Scaling: If a new node joins the cluster, the DaemonSet automatically deploys a pod to it.
  • Graceful Node Termination: When a node is removed, the corresponding pods are garbage collected.
  • Centralized Management: They are defined and managed as a single API object, making updates and rollbacks straightforward across the entire cluster.

When to Use DaemonSets

DaemonSets are the ideal solution for deploying cluster-wide daemons that provide foundational services for applications and the cluster itself. Any task that requires an agent running on every single node is a perfect fit for a DaemonSet.

Key Use Cases:

  • Cluster-wide Logging: Deploying log collection agents like Fluentd, Logstash, or Fluent Bit on every node to gather logs.
  • Node Monitoring: Running monitoring agents like Prometheus Node Exporter or Datadog Agent to collect node-level metrics.
  • Network and Storage Plugins: Implementing CNI network plugins (like Calico or Flannel) or cluster storage daemons (like glusterd or ceph) that must be present on each node.

Static Pods vs. DaemonSets: Key Differences at a Glance

| Feature | Static Pod | DaemonSet |
| :— | :— | :— |
| Management | Managed by the kubelet on a single node. | Managed by the Kubernetes API server and controllers. |
| Scope | Limited to a single, specific node. | Deploys pods across all or a subset of nodes in the cluster. |
| Resilience | Depends on the health of the kubelet on its host. | Managed by the control plane; more resilient to node-level failures. |
| Visibility | Visible in the API as a read-only Mirror Pod. | A first-class Kubernetes object, fully manageable via kubectl. |
| Primary Use | Bootstrapping the control plane and critical, standalone agents. | Deploying cluster-wide agents for logging, monitoring, and networking. |

Best Practices and Security Considerations

Choosing the right tool is only half the battle. Following best practices ensures your cluster remains stable and secure.

  1. Limit the Use of Static Pods: Because they bypass the API server, Static Pods also bypass admission controllers, policy enforcement, and other centralized checks. You should reserve their use for essential control plane components only. Avoid using them for general applications.

  2. Secure Your Node Filesystem: The manifest directory for Static Pods (/etc/kubernetes/manifests/) on a control plane node is extremely sensitive. Unauthorized access could allow an attacker to deploy privileged pods, compromising the entire node. Ensure file permissions are strictly controlled.

  3. Use Node Selectors with DaemonSets: You may not always need a daemon to run on every node (e.g., control plane nodes). Use nodeSelector or affinity and tolerations in your DaemonSet definition to precisely control which nodes will run the pod.

  4. Define Resource Limits for DaemonSets: Agents deployed by DaemonSets can sometimes consume significant resources. Always set resource requests and limits for your DaemonSet pods to prevent them from starving other applications on the node.

Conclusion

Both Static Pods and DaemonSets are essential tools for managing node-level workloads in Kubernetes, but they solve very different problems.

  • Static Pods are a low-level mechanism designed for bootstrapping a cluster, operating independently of the control plane they help create.
  • DaemonSets are a high-level, robust controller for deploying and managing cluster-wide services in a scalable and centrally managed way.

By understanding these fundamental differences, you can make informed architectural decisions that lead to a more reliable, manageable, and secure Kubernetes cluster.

Source: https://kifarunix.com/kubernetes-pod-management-static-pods-vs-mirror-pods-vs-daemonsets/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket