Alauda Container Platform

DaemonSets

TOC

Understanding DaemonSets

Refer to the official Kubernetes documentation: DaemonSets

A DaemonSet is a Kubernetes controller that ensures all (or a subset of) cluster nodes run exactly one replica of a specified Pod. Unlike Deployments, DaemonSets are node-centric rather than application-centric, making them ideal for deploying cluster-wide infrastructure services such as log collectors, monitoring agents, or storage daemons.

WARNING

DaemonSet Operational Notes

  1. Behavior Characteristics

    • Pod Distribution: A DaemonSet deploys exactly one Pod replica per schedulable Node that matches its criteria:

      • Deploys exactly one Pod replica per schedulable node matching:
        • Matches nodeSelector or nodeAffinity criteria (if specified).
        • Is not in the NotReady state.
        • Does not have NoSchedule or NoExecute Taints unless corresponding Tolerations are configured in the Pod Template.

    • Pod Count Formula: The number of Pods managed by a DaemonSet equals the number of qualified Nodes.

    • Dual-Role Node Handling: Nodes serving both Control Plane and Worker Node roles will only run one Pod instance of the DaemonSet, regardless of their role labels, provided they are schedulable.

  2. Key Constraints (Excluded Nodes)

    • Nodes explicitly marked Unschedulable: true (e.g., via kubectl cordon).
    • Nodes with a NotReady status.
    • Nodes having incompatible Taints without matching Tolerations configured in the DaemonSet's Pod Template.

Creating DaemonSets

Creating a DaemonSet by using CLI

Prerequisites

  • Ensure you have kubectl configured and connected to your cluster.

YAML file example

# example-daemonSet.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector: # defines how the DaemonSet identifies its managed Pods. Must match `template.metadata.label`s.
    matchLabels:
      name: fluentd-elasticsearch
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1 
  template: # defines the Pod Template for the DaemonSet. Each Pod created by this DaemonSet will conform to this template
    metadata:
      labels:
        name: fluentd-elasticsearch
    spec:
      tolerations: # these tolerations are to have the daemonset runnable on control plane nodes, remove them if your control plane nodes should not run pods
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      containers:
      - name: fluentd-elasticsearch
        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
      # it may be desirable to set a high priority class to ensure that a DaemonSet Pod
      # preempts running Pods
      # priorityClassName: important
      terminationGracePeriodSeconds: 30
      volumes:
      - name: varlog
        hostPath:
          path: /var/log

Creating a DaemonSet via YAML

# Step 1: To create the DaemonSet defined in *example-daemonSet.yaml*, execute the following command
kubectl apply -f example-daemonSet.yaml

# Step 2: To verify the creation and status of your DaemonSet and its associated Pods:
kubectl get daemonset fluentd-elasticsearch # View DaemonSet
kubectl get pods -l name=fluentd-elasticsearch -o wide # Check Pods managed by this DaemonSet on specific nodes

Creating a DaemonSet by using web console

Prerequisites

Obtain the image address. The source of the images can be from the image repository integrated by the platform administrator through the toolchain or from third-party platforms' image repositories.

  • For the former, the Administrator typically assigns the image repository to your project, and you can use the images within it. If the required image repository is not found, please contact the Administrator for allocation.

  • If it is a third-party platform's image repository, ensure that images can be pulled directly from it in the current cluster.

Procedure - Configure Basic Info

  1. Container Platform, navigate to Workloads > DaemonSets in the left sidebar.

  2. Click Create DaemonSet.

  3. Select or Input an image, and click Confirm.

INFO

Note: When using images from the image repository integrated into web console, you can filter images by Already Integrated. The Integration Project Name, for example, images (docker-registry-projectname), which includes the project name projectname in this web console and the project name containers in the image repository.

In the Basic Info section, configure declarative parameters for DaemonSet workloads:

ParametersDescription
More > Update StrategyConfigures the rollingUpdate strategy for zero-downtime updates of DaemonSet Pods.
Max unavailable (maxUnavailable): The maximum number of Pods that can be temporarily unavailable during an update. Accepts absolute values (e.g., 1) or percentages (e.g., 10%).
Example: If there are 10 nodes and maxUnavailable is 10%, then floor(10 * 0.1) = 1 Pod can be unavailable.

Notes:
  • Default Values: If not explicitly set, maxSurge defaults to 0 and maxUnavailable defaults to 1 (or 10% if maxUnavailable is specified as a percentage).
  • Non-running Pods: Pods in states like Pending or CrashLoopBackOff are considered unavailable.
  • Simultaneous Constraints: maxSurge and maxUnavailable cannot both be 0 or 0%. If percentage values resolve to 0 for both parameters, Kubernetes forces maxUnavailable=1 to ensure update progress.

Procedure - Configure Pod

Pod section, please refer to Deployment - Configure Pod

Procedure - Configure Containers

Containers section, please refer to Deployment - Configure Containers

Procedure - Create

Click Create.

After clicking Create, the DaemonSet will:

  • ✅ Automatically deploy Pod replicas to all eligible Nodes meeting:

    • nodeSelector criteria (if defined).
    • tolerations configuration (allowing scheduling on tainted nodes).
    • Node is in Ready state and Schedulable: true.

  • ❌ Excluded Nodes:

    • Nodes with a NoSchedule taint (unless explicitly tolerated).
    • Manually cordoned Nodes (kubectl cordon).
    • Nodes in NotReady or Unschedulable states.

Managing DaemonSets

Managing a DaemonSet by using CLI

Viewing a DaemonSet

  • To get a summary of all DaemonSets in a namespace.
kubectl get daemonsets -n <namespace>
  • To get detailed information about a specific DaemonSet, including its events and Pod status
kubectl describe daemonset <daemonset-name>

Updating a DaemonSet

When you modify the Pod Template of a DaemonSet (e.g., changing the container image or adding a volume mount), Kubernetes automatically performs a rolling update by default (if updateStrategy.type is RollingUpdate, which is the default).

  • First, edit the YAML file (e.g., example-daemonset.yaml) with the desired changes, then apply it:
kubectl apply -f example-daemonset.yaml
  • You can monitor the progress of the rolling update:
kubectl rollout status daemonset/<daemonset-name>

Deleting a DaemonSet

To delete a DaemonSet and all the Pods it manages:

kubectl delete daemonset <daemonset-name>

Managing a DaemonSet by using web console

Viewing a DaemonSet

  1. Container Platform, and navigate to Workloads > DaemonSets.
  2. Locate the DaemonSet you wish to view.
  3. Click the DaemonSet name to see the Details, Topology, Logs, Events, Monitoring, etc.

Updating a DaemonSet

  1. Container Platform, and navigate to Workloads > DaemonSets.
  2. Locate the DaemonSet you wish to update.
  3. In the Actions drop-down menu, select Update to view the Edit DaemonSet page, you can update Replicas, image, updateStrategy, etc.

Deleting a DaemonSet

  1. Container Platform, and navigate to Workloads > DaemonSets.
  2. Locate the DaemonSet you wish to delete.
  3. In the Actions drop-down menu, Click the Delete button in the operations column and confirm.