Kubernetes DaemonSet 守护进程集
Kubernetes DaemonSet 守护进程集
什么是 DaemonSet
DaemonSet 是 Kubernetes 中用于确保每个(或指定)节点上运行一个 Pod 副本的控制器。它适用于需要在每个节点上运行的守护进程,如日志收集、监控代理、网络插件等。
DaemonSet 的特点
- 每个节点自动运行一个 Pod 副本
- 新节点加入时自动部署 Pod
- 节点移除时自动清理 Pod
- 支持节点选择器和亲和性
创建 DaemonSet
YAML 文件
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: monitoring
labels:
app: node-exporter
spec:
selector:
matchLabels:
app: node-exporter
template:
metadata:
labels:
app: node-exporter
spec:
containers:
- name: node-exporter
image: prom/node-exporter:latest
ports:
- containerPort: 9100
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
volumeMounts:
- name: proc
mountPath: /host/proc
- name: sys
mountPath: /host/sys
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
部署
kubectl apply -f daemonset.yaml
# 查看 DaemonSet 状态
kubectl get daemonset -n monitoring
kubectl describe daemonset node-exporter -n monitoring
节点选择
nodeSelector
spec:
template:
spec:
nodeSelector:
node-type: worker
节点亲和性
spec:
template:
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
容忍污点
spec:
template:
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: dedicated
value: monitoring
effect: NoSchedule
常用操作
# 查看 DaemonSet
kubectl get daemonset
kubectl get ds
# 更新 DaemonSet
kubectl set image daemonset/node-exporter node-exporter=prom/node-exporter:v1.5.0
# 回滚
kubectl rollout undo daemonset node-exporter
# 查看滚动更新状态
kubectl rollout status daemonset node-exporter
# 删除 DaemonSet
kubectl delete daemonset node-exporter
实践案例
部署 Fluentd 日志收集
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: logging
spec:
selector:
matchLabels:
app: fluentd
template:
metadata:
labels:
app: fluentd
spec:
containers:
- name: fluentd
image: fluent/fluentd-kubernetes-daemonset:latest
resources:
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: containers
mountPath: /var/lib/docker/containers
volumes:
- name: varlog
hostPath:
path: /var/log
- name: containers
hostPath:
path: /var/lib/docker/containers
部署 Calico 网络插件
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: calico-node
namespace: kube-system
spec:
selector:
matchLabels:
app: calico-node
template:
metadata:
labels:
app: calico-node
spec:
containers:
- name: calico-node
image: calico/node:latest
securityContext:
privileged: true
env:
- name: FELIX_IPV6SUPPORT
value: "false"
与 Deployment 的区别
| 特性 | DaemonSet | Deployment |
|---|---|---|
| Pod 数量 | 每个节点一个 | 固定副本数 |
| 节点选择 | 自动部署到指定节点 | 调度器决定 |
| 适用场景 | 守护进程、代理 | 无状态应用 |
监控 DaemonSet
# 查看 DaemonSet 日志
kubectl logs -l app=node-exporter -n monitoring
# 检查 Pod 运行状态
kubectl get pods -l app=node-exporter -n monitoring -o wide
# 查看资源使用
kubectl top pods -l app=node-exporter -n monitoring
常见问题
Pod 无法调度到节点
# 检查节点污点
kubectl describe node <node-name> | grep Taints
# 添加容忍
tolerations:
- key: "taint-key"
operator: "Equal"
value: "taint-value"
effect: "NoSchedule"
节点资源不足
# 查看节点资源
kubectl describe node <node-name>
# 调整资源限制
resources:
requests:
cpu: 50m
memory: 64Mi
最佳实践
- 为 DaemonSet 设置合理的资源限制
- 使用节点亲和性控制部署位置
- 配置容忍以部署到控制平面节点
- 定期更新 DaemonSet 镜像版本
总结
DaemonSet 是 Kubernetes 中管理节点级守护进程的核心组件。通过 DaemonSet 可以轻松部署日志收集、监控代理、网络插件等需要在每个节点运行的应用。