A DaemonSet ensures that all (or some) nodes run a copy of a pod. As nodes are added to the cluster, pods are added to them. As nodes are removed from the cluster, those pods are garbage collected. Deleting a DaemonSet will clean up the pods it created.
Some typical uses of a DaemonSet are:
ceph, on each node.
collectd, New Relic agent, or Ganglia
In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon. A more complex setup might use multiple DaemonSets would be used for a single type of daemon, but with different flags and/or different memory and cpu requests for different hardware types.
As with all other Kubernetes config, a DaemonSet needs
metadata fields. For
general information about working with config files, see deploying applications,
configuring containers, and working with resources documents.
A DaemonSet also needs a
.spec.template is the only required field of the
In addition to required fields for a pod, a pod template in a DaemonSet has to specify appropriate labels (see pod selector).
A pod template in a DaemonSet must have a
Always, or be unspecified, which defaults to
.spec.selector field is a pod selector. It works the same as the
a Job or other new resources.
spec.selector is an object consisting of two fields:
matchLabels- works the same as the
.spec.selectorof a ReplicationController
matchExpressions- allows to build more sophisticated selectors by specifying key, list of values and an operator that relates the key and values.
When the two are specified the result is ANDed.
.spec.selector is specified, it must match the
.spec.template.metadata.labels. If not
specified, they are defaulted to be equal. Config with these not matching will be rejected by the API.
Also you should not normally create any pods whose labels match this selector, either directly, via another DaemonSet, or via other controller such as ReplicationController. Otherwise, the DaemonSet controller will think that those pods were created by it. Kubernetes will not stop you from doing this. One case where you might want to do this is manually create a pod with a different value on a node for testing.
If you specify a
.spec.template.spec.nodeSelector, then the DaemonSet controller will
create pods on nodes which match that node
If you specify a
scheduler.alpha.kubernetes.io/affinity annotation in
then DaemonSet controller will create pods on nodes which match that node affinity.
If you do not specify a
node affinity, then the DaemonSet controller will
create pods on all nodes.
Normally, the machine that a pod runs on is selected by the Kubernetes scheduler. However, pods
created by the Daemon controller have the machine already selected (
.spec.nodeName is specified
when the pod is created, so it is ignored by the scheduler). Therefore:
unschedulablefield of a node is not respected by the DaemonSet controller.
Some possible patterns for communicating with pods in a DaemonSet are:
hostPort, so that the pods are reachable via the node IPs. Clients know the list of nodes ips somehow, and know the port by convention.
endpointsresource or retrieve multiple A records from DNS.
If node labels are changed, the DaemonSet will promptly add pods to newly matching nodes and delete pods from newly not-matching nodes.
You can modify the pods that a DaemonSet creates. However, pods do not allow all fields to be updated. Also, the DaemonSet controller will use the original template the next time a node (even with the same name) is created.
You can delete a DaemonSet. If you specify
kubectl, then the pods
will be left on the nodes. You can then create a new DaemonSet with a different template.
the new DaemonSet with the different template will recognize all the existing pods as having
matching labels. It will not modify or delete them despite a mismatch in the pod template.
You will need to force new pod creation by deleting the pod or deleting the node.
Starting from Kubernetes version 1.6, you can perform a rolling update on a DaemonSet.
Support for updating DaemonSets and controlled updating of nodes is planned.
It is certainly possible to run daemon processes by directly starting them on a node (e.g. using
systemd). This is perfectly fine. However, there are several advantages to
running such processes via a DaemonSet:
kubectl) for daemons and applications.
It is possible to create pods directly which specify a particular node to run on. However, a DaemonSet replaces pods that are deleted or terminated for any reason, such as in the case of node failure or disruptive node maintenance, such as a kernel upgrade. For this reason, you should use a DaemonSet rather than creating individual pods.
It is possible to create pods by writing a file to a certain directory watched by Kubelet. These are called static pods. Unlike DaemonSet, static pods cannot be managed with kubectl or other Kubernetes API clients. Static pods do not depend on the apiserver, making them useful in cluster bootstrapping cases. Also, static pods may be deprecated in the future.
DaemonSet are similar to Replication Controllers in that they both create pods, and those pods have processes which are not expected to terminate (e.g. web servers, storage servers).
Use a replication controller for stateless services, like frontends, where scaling up and down the number of replicas and rolling out updates are more important than controlling exactly which host the pod runs on. Use a Daemon Controller when it is important that a copy of a pod always run on all or certain hosts, and when it needs to start before other pods.