If you’re new to Kubernetes Daemonsets and want to learn more, this complete beginner’s guide is for you.
You’ll learn about in this Kubernetes Daemonset guide :
- What is a DaemonSet
- How Daemonset work
- Deploying and managing Daemonsets
- Daemonset use cases
What is a DaemonSet In Kubernetes?
Kubernetes is a distributed system that can be used to run applications on multiple nodes. Sometimes, you need to run the same application on all nodes, such as a logging agent. This is where DaemonSets come in.
A Kubernetes Daemonset is a Kubernetes object that ensures that a pod is running on every node in the cluster. This means that you cannot scale DaemonSet pods, and if a pod is deleted from a node, it will be recreated.
You can use nodeSelector, nodeAffinity, Taints, and Tolerations to control where DaemonSet pods are running. For example, you could use nodeSelector to run a DaemonSet pod only on nodes that have a specific label.
Here are some examples of how you can use Kubernetes Daemonset :
- Running a logging agent on all nodes
- Running a monitoring agent on all nodes
- Running a backup agent on all nodes
- Running a security agent on all nodes
DaemonSets are a powerful tool that can be used to ensure that certain applications are running on all nodes in a Kubernetes cluster.
Here are some additional things to keep in mind about DaemonSets:
- DaemonSets are a good choice for running applications that need to be available on all nodes, such as logging and monitoring agents.
- DaemonSets can be used to run applications that require access to node-specific resources, such as GPUs or disks.
- DaemonSets can be used to ensure that applications are always running, even if nodes are added or removed from the cluster.
Why use Kubernetes Daemonset?
DaemonSets are a Kubernetes object that ensures that a pod is running on every node in the cluster. They are a good choice for running applications that need to be available on all nodes, such as logging and monitoring agents.
Here are some examples of why you might use DaemonSets:
Cluster Log Collection
- Run a log collector on every node to centralize Kubernetes logging data. This can be done using tools like fluentd, logstash, or fluentbit.
- This ensures that all logs from all nodes are collected in a single place, making it easier to troubleshoot problems and analyze trends.
Cluster Monitoring
- Deploy monitoring agents, such as Prometheus Node Exporter, on every node in the cluster. This will collect and expose node-level metrics, such as CPU usage, memory usage, and disk space usage.
- This data can be used to monitor the health of the cluster and identify potential problems.
Security and Compliance
- Run CIS Benchmarks on every node using tools like kube-bench. This will help you ensure that your nodes are configured securely.
- You can also deploy security agents, such as intrusion detection systems or vulnerability scanners, on specific nodes that require additional security measures.
Storage Provisioning
- Run a storage plugin on every node to provide a shared storage system to the entire cluster. This can be done using tools like Kubernetes Volumes or Persistent Volumes.
- This ensures that all pods in the cluster have access to the same storage, making it easier to share data and applications.
Network Management
- Run a network plugin or firewall on every node to ensure consistent network policy enforcement. This can be done using tools like Calico or Flannel.
- This ensures that all pods in the cluster are able to communicate with each other, while also preventing unauthorized access.
Here are some specific examples of how DaemonSets can be used in different industries:
- In the financial industry, DaemonSets can be used to run security agents on all nodes to protect against cyberattacks.
- In the healthcare industry, DaemonSets can be used to run backup agents on all nodes to ensure that patient data is always backed up.
- In the retail industry, DaemonSets can be used to run performance tuning agents on all nodes to improve the performance of the e-commerce website.
- In the manufacturing industry, DaemonSets can be used to run software update agents on all nodes to keep the production line up to date with the latest security patches and software updates.
As your use case gets more complex, you can deploy multiple DaemonSets for one kind of daemon, using a variety of flags or memory and CPU requests for various hardware types.
Kubernetes Daemonset Example
DaemonSets are configured using YAML files. These files contain all of the necessary configuration information for the DaemonSet, such as the name of the DaemonSet, the image to use, and the pods to run.
Here is an example of a DaemonSet manifest file that deploys a fluentd logging agent on all cluster worker nodes:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: logging
labels:
app: fluentd-logging
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v4.5.0
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
Let’s understand the manifest file.
apiVersion:
apps/v1
forDaemonSet
kind:
DaemonSet
such as Pod, Deployment, and Servicemetadata:
Put the name of theDaemonSet
, mention namespace, annotations, and labels. In our caseDaemonSet's
name is fluentd.spec.selector:
The selector for the pods is managed by theDaemonSet
. This value must be a label specified in the pod template. This value is immutable.spec.template:
This is a required field that specifies a pod template for theDaemonSet
to use. Along with all the required fields for containers. It has everything of pod schema exceptapiVersion
andkind
.
The pod template specifies the container that should be run in each pod. In this case, the container is quay.io/fluentd_elasticsearch/fluentd:v4.5.
0, which is the official Docker image for fluentd. This container will collect logs from all nodes in the cluster and send the data to Elasticsearch.
The resources
field specifies the resource limits and requests for the pod. This means that the pod will not be able to use more than 500Mi of memory and 100m of CPU. It will also request 250Mi of memory and 100m of CPU.
The volume
and volumeMount
fields specify the volume that should be mounted into the pod. This volume will be used to store the logs that are collected by the fluentd container.
The replicas
field is not set, because the replicas count of a DaemonSet is dynamic in nature. This means that the number of pods that are created will depend on the number of nodes in the cluster.
To deploy the DaemonSet, we can use the following commands:
kubectl create ns logging
kubectl apply -f daemonset.yaml
Check the DaemonSet
status and pods’ status.
kubectl get daemonset -n logging
controlplane $ kubectl get daemonset -n logging
kubectl get pods -n logging -o wide
You can see fluentd pods are running on the two available worker nodes.
Here are some other useful commands to describe, edit and get the DaemonSet
.
kubectl describe daemonset -n logging
kubectl edit daemonset -n logging
#shortcut for daemonset is ds
kubectl get ds
DaemonSet Best Practices
Here are some best practices for DaemonSets:
- Set the restart policy of DaemonSet pods to
Always
orUnspecifed
. This will ensure that the pods are always restarted, even if they are terminated or evicted. - Isolate each DaemonSet into its own namespace. This will help to keep resources separate and make it easier to manage the DaemonSets.
- Use
preferredDuringSchedulingIgnoredDuringExecution
instead ofrequiredDuringSchedulingIgnoredDuringExecution
for the scheduling strategy. This will allow DaemonSet pods to be scheduled on nodes that do not meet all of the requirements, as long as there are no other nodes that can meet all of the requirements. - Set the priority of DaemonSet pods to
10000
. This will ensure that DaemonSet pods are not evicted from nodes, even if there are other pods that have a lower priority. - Specify a pod selector that matches the labels of the DaemonSet template. This will ensure that the DaemonSet pods are only scheduled on nodes that have the specified labels.
- Use the
minReadySeconds
field to specify how long Kubernetes should wait before creating the next pod. This will help to ensure that all of the pods are in the ready state before the next pod is created.
Conclusion
In this kubernetes tutorial, we learned about Kubernetes DaemonSets
. DaemonSet
is a great way to manage and deploy applications in a clustered environment.
We have seen how can we create the DaemonSet
along with its use case. We can configure them to create pods on certain nodes using tolerations and node selectors and perform rolling updates on them in a controlled manner.
Further, we have talked about unhealthy DaemonSet
and their best practices. Also, If you are preparing for CKA certification, Daemonset is an important concept to prepare for the exam.
If you are learning Kubernetes check out the Kubernetes certification Guides to deepen your Kubernetes knowledge.
$395 $316
- Upon registration, you have ONE YEAR to schedule and complete the exam.
- The CKA exam is conducted online and remotely proctored.
- To pass the exam, you must achieve a score of 66% or higher.
- The CKAD Certification remains valid for a period of 3 years.
- You are allowed a maximum of 2 attempts to take the test. However, if you miss a scheduled exam for any reason, your second attempt will be invalidated.
- Free access to killer.sh for the CKAD practice exam.
CKAD Exam Voucher: Use coupon Code TECK20 at checkout
$395 $316
- Upon registration, you have ONE YEAR to schedule and complete the exam.
- The CKA exam is conducted online and remotely proctored.
- To pass the exam, you must achieve a score of 66% or higher.
- The CKA Certification remains valid for a period of 3 years.
- You are allowed a maximum of 2 attempts to take the test. However, if you miss a scheduled exam for any reason, your second attempt will be invalidated.
- Free access to killer.sh for the CKA practice exam.
CKA Exam Voucher: Use coupon Code TECK20 at checkout
$395 $316
- Upon registration, you have ONE YEAR to schedule and complete the exam.
- The CKA exam is conducted online and remotely proctored.
- To pass the exam, you must achieve a score of 67% or higher.
- The CKS Certification remains valid for a period of 2 years.
- You are allowed a maximum of 2 attempts to take the test. However, if you miss a scheduled exam for any reason, your second attempt will be invalidated.
- Free access to killer.sh for the CKS practice exam.
CKS Exam Voucher: Use coupon Code TECK20 at checkout