Kubernetes -- DaemonSet

一個DaemonSet對象能確保其建立的Pod在集羣中的每一臺（或指定）Node上都運行一個副本。若是集羣中動態加入了新的Node，DaemonSet中的Pod也會被添加在新加入Node上運行。刪除一個DaemonSet也會級聯刪除全部其建立的Pod。下面是一些典型的DaemonSet的使用場景：

• 在每臺節點上運行一個集羣存儲服務，例如運行glusterd，ceph。
• 在每臺節點上運行一個日誌收集服務，例如fluentd，logstash。
• 在每臺節點上運行一個節點監控服務，例如Prometheus Node Exporter, collectd, Datadog agent, New Relic agent, 或Ganglia gmond

1. 建立一個DaemonSet對象

下面的描述文件建立了一個運行着fluentd-elasticsearch鏡像的DaemonSet對象：

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
      name: fluentd-elasticsearch
  template:
    metadata:
      labels:
        name: fluentd-elasticsearch
    spec:
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: fluentd-elasticsearch
        image: k8s.gcr.io/fluentd-elasticsearch:1.20
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
      terminationGracePeriodSeconds: 30
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers

在Kubernetes 1.8以後，必須指定.spec.selector來肯定這個DaemonSet對象管理的Pod，一般與.spec.template.metadata.labels中定義的Pod的label一致。

經過指定.spec.template.spec.nodeSelector或.spec.template.spec.affinity，DaemonSet Controller會將Pod建立在特定的Node上。更過關於NodeSelector和NodeAffinity的知識，請參考：https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature

Daemon Pods的調度特性

默認狀況下，Pod被分配到具體哪一臺Node上運行是由Scheduler（負責分配調度Pod到集羣內的Node上，它經過監聽ApiServer，查詢還未分配Node的Pod，而後根據調度策略爲這些Pod分配Node）決定的。可是，DaemonSet對象建立的Pod卻擁有一些特殊的特性：

• Node的 unschedulable屬性會被DaemonSet Controller忽略。
• 即便Scheduler還未啓動，DaemonSet Controller也可以建立並運行Pod。

Daemon Pods支持taints and tolerations, 可是這些Pods在建立時就默認容忍下列effect爲NoExecute的taints（未設置tolerationSeconds）：

Toleration Key	Effect	Version	Description
node.kubernetes.io/not-ready	NoExecute	1.13+	DaemonSet pods will not be evicted when there are node problems such as a network partition.
node.kubernetes.io/unreachable	NoExecute	1.13+	DaemonSet pods will not be evicted when there are node problems such as a network partition.
node.kubernetes.io/disk-pressure	NoSchedule	1.8+	...
node.kubernetes.io/memory-pressure	NoSchedule	1.8+	...
node.kubernetes.io/unschedulable	NoSchedule	1.12+	DaemonSet pods tolerate unschedulable attributes by default scheduler.
node.kubernetes.io/network-unavailable	NoSchedule	1.12+	DaemonSet pods, who uses host network, tolerate network-unavailable attributes by default scheduler.