DaemonSet on 小杨的博客https://luckycloveryh.github.io/fuyou/tags/daemonset/Recent content in DaemonSet on 小杨的博客Hugo -- gohugo.iozh-cn小杨Mon, 06 Apr 2026 17:16:12 +080009-DaemonSet-忠实可靠的看门狗https://luckycloveryh.github.io/fuyou/p/k8s-daemonset-node-daemon/Mon, 06 Apr 2026 17:16:12 +0800https://luckycloveryh.github.io/fuyou/p/k8s-daemonset-node-daemon/<img src="https://cdn.jsdelivr.net/gh/luckycloveryh/picgo-bed@main/images/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20260524195305_535_12.jpg" alt="Featured image of post 09-DaemonSet-忠实可靠的看门狗" /><h2 id="daemonset-应用场景">DaemonSet 应用场景 </h2><p>DaemonSet 的目标是在集群的<strong>每个节点上运行且仅运行一个</strong> <strong>Pod</strong>,就好像是为节点配上一只“看门狗”,忠实地“守护”着节点,这就是DaemonSet 名字的由来。</p> <p>应用场景:</p> <ul> <li>网络应用(如 kube-proxy),必须每个节点都运行一个 Pod,否则节点就无法加入Kubernetes 网络。</li> <li>监控应用(如 node-exporter),必须每个节点都有一个 Pod 用来监控节点的状态,实时上报信息。</li> <li>日志应用(如 filebeat),必须在每个节点上运行一个 Pod,才能够搜集容器运行时产生的日志数据。</li> <li>安全应用,同样的,每个节点都要有一个 Pod 来执行安全审计、入侵检查、漏洞扫描等工作。</li> </ul> <h2 id="使用-yaml-描述-daemonset">使用 YAML 描述 DaemonSet </h2><p>DaemonSet 和 Deployment 都属于在线业务,所以它们也都是“apps”组,使用命令<code>kubectl api-resources</code>可以知道它的简称是 ds ,所以 YAML 文件头信息应该是:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-YAML" data-lang="YAML"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">DaemonSet</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">xxx-ds </span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p>我们从<a class="link" href="https://kubernetes.io/zh-cn/docs/concepts/workloads/controllers/daemonset/" target="_blank" rel="noopener" >官网</a> 找一个模板改一下</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-YAML" data-lang="YAML"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">DaemonSet</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">node-exporter-ds</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">node-exporter</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">node-exporter</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">node-exporter</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">node-exporter</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">bitnami/node-exporter:1.6.1 </span><span class="w"> </span><span class="c"># metrics pull </span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">200m</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">200Mi</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">100m</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">100Mi</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p>我们比较一下Daemonset和Deployment的YAML就会看到,DaemonSet 在 spec 里没有 replicas 字段,这是它与Deployment 的一个关键不同点,意味着它不会在集群里创建多个 Pod 副本,而是要在每个节点上只创建出一个 Pod 实例。</p> <p>也就是说,DaemonSet 仅仅是在 Pod 的部署调度策略上和 Deployment 不同,其他的都是相同的,某种程度上我们也可以把 DaemonSet 看做是 Deployment 的一个特例。</p> <p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=NzQzMjA0NmYzYjJhOGUwM2RlZGYzYmFkYmY1ODExZGRfVlEzMDc1ZWt4QzRZakltUFVRaEdJbVlxUlJ0SEJNN0JfVG9rZW46VWtWRmJlY0dSb0k3RUJ4b050dWNXS3ZLbmhiXzE3NzU0NzEzMjg6MTc3NTQ3NDkyOF9WNA" loading="lazy" alt="img" ></p> <p>我们也可以用变通的方法来创建 DaemonSet 的 YAML 样板了,你只需要用 kubectl create 先创建出一个 Deployment 对象,然后把 kind 改成 DaemonSet,再删除 spec.replicas 就行了。</p> <h2 id="部署-daemonset">部署 DaemonSet </h2><p>我们执行命令 kubectl apply 来创建 DaemonSet 对象,再用 kubectl get 查看对象的状态:</p> <p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=M2IyMzNiOWMzNjQ4MjkxZGQyNmUwODk1OTAyOGVlMWJfR2dNU09EZ3VOWXNoNTR5dHE5RkdPOGhGbE9MaE16TG5fVG9rZW46TTNvVWJac2Nwb1BIWTF4YkZCbmNUZzdybkpVXzE3NzU0NzEzMjg6MTc3NTQ3NDkyOF9WNA" loading="lazy" alt="img" ></p> <p>看这张截图,虽然我们没有指定 DaemonSet 里 Pod 要运行的数量,但它自己就会去查找集群里的节点,在节点里创建 Pod。因为我们的环境里有一个 Master 一个 Worker,所以 DaemonSet 就在每个节点上生成了一个 Pod。</p> <h2 id="什么是-静态-pod">什么是 静态 Pod </h2><p>DaemonSet 是在 Kubernetes 里运行节点专属 Pod 最常用的方式,但它不是唯一的方式,Kubernetes 还支持另外一种叫“静态 Pod”的应用部署手段。 “静态 Pod”非常特殊,它不受 Kubernetes 系统的管控,不与 apiserver、scheduler 发生关系,所以是“静态”的。 但既然它是 Pod,也必然会“跑”在容器运行时上,也会有 YAML 文件来描述它,而唯一能够管理它的 Kubernetes 组件也就只有在每个节点上运行的 kubelet 了。</p> <p>“静态 Pod”的 YAML 文件默认都存放在节点的 <code>/etc/kubernetes/manifests</code> 目录下,它是Kubernetes 的专用目录。 下面的这张截图就是 Master 节点里目录的情况:</p> <p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=NTA0MmZhZGY5MTU2MWZhODFhZGI4MDEyYmI4NWVjYjlfbDI5S2pLR0FrUzdBMmF0U3BxWEQzdkV2aVc2cTlFalJfVG9rZW46UWNIVGJ3cVg5bzYwcHh4cUVmcGNzeG1ZblViXzE3NzU0NzEzMjg6MTc3NTQ3NDkyOF9WNA" loading="lazy" alt="img" ></p> <p>你可以看到,Kubernetes 的 4 个核心组件 apiserver、etcd、scheduler、controller-manager原来都以静态 Pod 的形式存在的,这也是为什么它们能够先于 Kubernetes 集群启动的原因。 如果你有一些 DaemonSet 无法满足的特殊的需求,可以考虑使用静态 Pod,编写一个 YAML文件放到这个目录里,节点的 kubelet 会定期检查目录里的文件,发现变化就会调用容器运行时创建或者删除静态 Pod。</p>