DaemonSets

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed, those Pods are garbage collected.

1. Use Cases

When do you need a DaemonSet instead of a Deployment?

  1. Cluster Storage Daemons: Running a storage daemon (like glusterd, ceph) on every node.
  2. Logs Collection: Running a logs collector (like fluentd or logstash) on every node.
  3. Node Monitoring: Running a node monitoring daemon (like Prometheus Node Exporter, collectd, or Datadog agent) on every node.

2. Interactive: Node Lifecycle Simulator

Watch how the DaemonSet Controller reacts to new nodes. Unlike a Deployment, you don’t scale replicas manually; you scale nodes.

Node 1
DaemonSet Pod
Cluster Stable.

3. DaemonSet Manifest

It looks exactly like a Deployment, but kind: DaemonSet and no replicas field.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
  k8s-app: fluentd-logging
spec:
  selector:
  matchLabels:
    name: fluentd-elasticsearch
  template:
  metadata:
    labels:
    name: fluentd-elasticsearch
  spec:
    tolerations:
    # Use this to run on Master nodes (control plane)
    - key: node-role.kubernetes.io/master
    effect: NoSchedule
    containers:
    - name: fluentd-elasticsearch
    image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
    resources:
      limits:
      memory: 200Mi
      requests:
      cpu: 100m
      memory: 200Mi

4. Update Strategy: Rolling Update

Just like Deployments, DaemonSets support Rolling Updates. However, since there is only one pod per node, Kubernetes must delete the old pod before creating the new one on that specific node.

spec:
  updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
  • maxUnavailable: The maximum number of DaemonSet pods that can be unavailable during the update. Default is 1.

5. Taints and Tolerations

Usually, the Kubernetes scheduler avoids placing pods on nodes with Taints (like Master nodes). However, DaemonSets often need to run everywhere.

To run on a tainted node, the DaemonSet must Tolerate the taint.

Common Taint: node-role.kubernetes.io/master:NoSchedule

Toleration:

tolerations:
- key: node-role.kubernetes.io/master
  effect: NoSchedule