Overview

A daemonset can be used to run replicas of a pod on specific or all nodes in an OpenShift Container Platform cluster.

Use daemonsets to create shared storage, run a logging pod on every node in your cluster, or deploy a monitoring agent on every node.

For security reasons, only cluster administrators can create daemonsets. (Granting Users Daemonset Permissions.)

For more information on daemonsets, see the Kubernetes documentation.

Daemonset scheduling is incompatible with project’s default node selector. If you fail to disable it, the daemonset gets restricted by merging with the default node selector. This results in frequent pod recreates on the nodes that got unselected by the merged node selector, which in turn puts unwanted load on the cluster.

Therefore,

  • Before you start using daemonsets, disable the default project-wide node selector in your namespace, by setting the namespace annotation openshift.io/node-selector to an empty string:

# oc patch namespace myproject -p \
    '{"metadata": {"annotations": {"openshift.io/node-selector": ""}}}'
  • If you are creating a new project, overwrite the default node selector using oc adm new-project --node-selector="".

Creating Daemonsets

Before creating daemonsets, ensure you have been given the required role by your OpenShift Container Platform administrator.

When creating daemonsets, the nodeSelector field is used to indicate the nodes on which the daemonset should deploy replicas.

  1. Define the daemonset yaml file:

    apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
      name: hello-daemonset
    spec:
      selector:
          matchLabels:
            name: hello-daemonset (1)
      template:
        metadata:
          labels:
            name: hello-daemonset (2)
        spec:
          nodeSelector: (3)
            type: infra
          containers:
          - image: openshift/hello-openshift
            imagePullPolicy: Always
            name: registry
            ports:
            - containerPort: 80
              protocol: TCP
            resources: {}
            terminationMessagePath: /dev/termination-log
          serviceAccount: default
          terminationGracePeriodSeconds: 10
    1 The label selector that determines which pods belong to the daemonset.
    2 The pod template’s label selector. Must match the label selector above.
    3 The node selector that determines on which nodes pod replicas should be deployed.
  2. Create the daemonset object:

    oc create -f daemonset.yaml
  3. To verify that the pods were created, and that each node has a pod replica:

    1. Find the daemonset pods:

      $ oc get pods
      hello-daemonset-cx6md   1/1       Running   0          2m
      hello-daemonset-e3md9   1/1       Running   0          2m
    2. View the pods to verify the pod has been placed onto the node:

      $ oc describe pod/hello-daemonset-cx6md|grep Node
      Node:        openshift-node01.hostname.com/10.14.20.134
      $ oc describe pod/hello-daemonset-e3md9|grep Node
      Node:        openshift-node02.hostname.com/10.14.20.137

Currently, updating a daemonset’s pod template does not affect existing pod replicas. Moreover, if you delete a daemonset and then create a new daemonset with a different template but the same label selector, it will recognize any existing pod replicas as having matching labels and thus will not update them or create new replicas despite a mismatch in the pod template.

To update a daemonset, force new pod replicas to be created by deleting the old replicas or nodes.