DaemonSet #
一、DaemonSet概述 #
DaemonSet确保在每个(或部分)节点上运行一个Pod副本,适用于节点级别的守护进程。
1.1 DaemonSet用途 #
text
DaemonSet典型应用
│
├── 日志收集
│ └── Fluentd, Filebeat
│
├── 监控代理
│ └── Prometheus Node Exporter
│
├── 网络插件
│ └── Calico, Weave Net
│
├── 存储插件
│ └── Ceph, GlusterFS
│
└── 节点维护
└── 节点诊断工具
1.2 DaemonSet特性 #
text
DaemonSet特性
│
├── 每节点一个Pod
│ └── 自动在新节点创建Pod
│
├── 节点移除
│ └── 自动删除Pod
│
├── 资源保证
│ └── 不受ReplicaSet影响
│
└── 更新策略
└── 支持滚动更新
二、创建DaemonSet #
2.1 基本示例 #
yaml
# fluentd-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-ds
labels:
app: fluentd
spec:
selector:
matchLabels:
app: fluentd
template:
metadata:
labels:
app: fluentd
spec:
containers:
- name: fluentd
image: fluentd:v1.14
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
2.2 创建和查看 #
bash
# 创建DaemonSet
kubectl apply -f fluentd-daemonset.yaml
# 查看DaemonSet
kubectl get ds
# 输出示例
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
fluentd-ds 3 3 3 3 3 <none> 1m
# 查看Pod分布
kubectl get pods -l app=fluentd -o wide
# 输出示例
NAME READY STATUS NODE
fluentd-ds-abc12 1/1 Running node-1
fluentd-ds-def34 1/1 Running node-2
fluentd-ds-ghi56 1/1 Running node-3
三、节点选择 #
3.1 nodeSelector #
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: monitoring-ds
spec:
selector:
matchLabels:
app: monitoring
template:
metadata:
labels:
app: monitoring
spec:
nodeSelector:
monitoring: enabled
containers:
- name: node-exporter
image: prom/node-exporter
bash
# 给节点添加标签
kubectl label node node-1 monitoring=enabled
kubectl label node node-2 monitoring=enabled
3.2 节点亲和性 #
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: monitoring-ds
spec:
selector:
matchLabels:
app: monitoring
template:
metadata:
labels:
app: monitoring
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
containers:
- name: node-exporter
image: prom/node-exporter
四、污点容忍 #
4.1 容忍Master节点 #
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-ds
spec:
template:
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
containers:
- name: fluentd
image: fluentd:v1.14
4.2 容忍所有污点 #
yaml
tolerations:
- operator: Exists
4.3 常见容忍配置 #
yaml
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"
- key: "key2"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 3600
五、更新策略 #
5.1 RollingUpdate #
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-ds
spec:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app: fluentd
template:
spec:
containers:
- name: fluentd
image: fluentd:v1.15
5.2 OnDelete #
yaml
updateStrategy:
type: OnDelete
text
OnDelete策略
│
├── 更新Pod模板后
│
└── 手动删除Pod才会更新
5.3 更新操作 #
bash
# 更新镜像
kubectl set image daemonset/fluentd-ds fluentd=fluentd:v1.15
# 查看更新状态
kubectl rollout status daemonset/fluentd-ds
# 查看更新历史
kubectl rollout history daemonset/fluentd-ds
# 回滚
kubectl rollout undo daemonset/fluentd-ds
六、完整配置示例 #
6.1 Node Exporter #
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
labels:
app: node-exporter
spec:
selector:
matchLabels:
app: node-exporter
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app: node-exporter
spec:
hostNetwork: true
hostPID: true
containers:
- name: node-exporter
image: prom/node-exporter:v1.5.0
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)
ports:
- containerPort: 9100
hostPort: 9100
name: metrics
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 200m
memory: 200Mi
volumeMounts:
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
- name: root
mountPath: /host/root
mountPropagation: HostToContainer
readOnly: true
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
- name: root
hostPath:
path: /
6.2 日志收集Agent #
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
labels:
app: filebeat
spec:
selector:
matchLabels:
app: filebeat
template:
metadata:
labels:
app: filebeat
spec:
serviceAccountName: filebeat
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:8.0.0
args: ["-c", "/etc/filebeat.yml", "-e"]
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: data
mountPath: /usr/share/filebeat/data
- name: varlog
mountPath: /var/log
readOnly: true
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: config
configMap:
name: filebeat-config
- name: data
hostPath:
path: /var/lib/filebeat-data
type: DirectoryOrCreate
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
七、Pod通信 #
7.1 hostNetwork #
yaml
spec:
hostNetwork: true
containers:
- name: app
image: app
ports:
- containerPort: 9100
hostPort: 9100
7.2 hostPID和hostIPC #
yaml
spec:
hostPID: true
hostIPC: true
containers:
- name: app
image: app
八、故障排查 #
8.1 常见问题 #
bash
# 查看DaemonSet状态
kubectl describe ds fluentd-ds
# 查看Pod状态
kubectl get pods -l app=fluentd -o wide
# 查看特定节点Pod
kubectl get pods --field-selector spec.nodeName=node-1
# 查看日志
kubectl logs -l app=fluentd
8.2 问题诊断 #
| 问题 | 原因 | 解决方案 |
|---|---|---|
| Pod不在某节点 | 节点选择器不匹配 | 检查nodeSelector |
| Pod卡在Pending | 资源不足 | 检查节点资源 |
| 更新失败 | 健康检查失败 | 检查探针配置 |
九、最佳实践 #
9.1 资源限制 #
yaml
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 200m
memory: 200Mi
9.2 优先级 #
yaml
priorityClassName: system-node-critical
9.3 安全配置 #
yaml
securityContext:
runAsUser: 0
privileged: true
十、总结 #
10.1 核心要点 #
| 要点 | 说明 |
|---|---|
| 用途 | 节点守护进程 |
| 副本数 | 每节点一个 |
| 节点选择 | nodeSelector/亲和性 |
| 更新策略 | RollingUpdate/OnDelete |
10.2 下一步 #
掌握了DaemonSet后,让我们学习 Job与CronJob,了解批处理任务的部署方法。
最后更新:2026-03-28