当前位置：首页 > article >正文

Kubernetes DaemonSet深度解析：管理集群守护进程的最佳实践

article 2026/5/23 23:51:11

Kubernetes DaemonSet深度解析管理集群守护进程的最佳实践一、DaemonSet概述DaemonSet是Kubernetes中用于在集群的每个节点上运行一个Pod副本的控制器。它确保所有节点或满足特定条件的节点都运行该Pod的一个实例。1.1 DaemonSet应用场景场景说明示例日志收集每个节点运行日志收集器Fluentd、Filebeat监控代理每个节点运行监控采集器Prometheus Node Exporter网络插件每个节点运行网络组件Calico、Flannel存储代理每个节点运行存储驱动CSI节点插件安全代理每个节点运行安全组件入侵检测系统1.2 DaemonSet vs Deployment特性DaemonSetDeployment副本数每个节点一个任意数量调度节点级别Pod级别更新策略滚动更新/替换滚动更新/重建适用场景节点守护进程应用服务二、DaemonSet核心配置2.1 基本DaemonSet配置apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd namespace: kube-system labels: k8s-app: fluentd-logging spec: selector: matchLabels: name: fluentd template: metadata: labels: name: fluentd spec: tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule containers: - name: fluentd image: fluentd:v1.12 resources: limits: memory: 200Mi requests: cpu: 100m memory: 200Mi volumeMounts: - name: varlog mountPath: /var/log - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true volumes: - name: varlog hostPath: path: /var/log - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers2.2 节点选择器配置apiVersion: apps/v1 kind: DaemonSet metadata: name: node-exporter spec: selector: matchLabels: app: node-exporter template: metadata: labels: app: node-exporter spec: nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/worker: containers: - name: node-exporter image: prom/node-exporter:v1.2.02.3 污点容忍配置apiVersion: apps/v1 kind: DaemonSet metadata: name: calico-node spec: selector: matchLabels: k8s-app: calico-node template: metadata: labels: k8s-app: calico-node spec: tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoExecute三、DaemonSet更新策略3.1 滚动更新apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 03.2 替换更新apiVersion: apps/v1 kind: DaemonSet metadata: name: legacy-daemon spec: updateStrategy: type: OnDelete四、DaemonSet部署与管理4.1 部署DaemonSetkubectl apply -f daemonset.yaml # 查看DaemonSet状态 kubectl get daemonset # 查看Pod分布 kubectl get pods -l namefluentd -o wide # 查看DaemonSet详情 kubectl describe daemonset fluentd4.2 滚动更新操作# 更新镜像版本 kubectl set image daemonset/fluentd fluentdfluentd:v1.13 # 查看更新状态 kubectl rollout status daemonset/fluentd # 暂停更新 kubectl rollout pause daemonset/fluentd # 恢复更新 kubectl rollout resume daemonset/fluentd # 回滚更新 kubectl rollout undo daemonset/fluentd4.3 查看历史版本kubectl rollout history daemonset/fluentd kubectl rollout history daemonset/fluentd --revision2五、DaemonSet最佳实践5.1 日志收集DaemonSetapiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat namespace: logging spec: selector: matchLabels: app: filebeat template: metadata: labels: app: filebeat annotations: co.elastic.logs/module: docker spec: serviceAccountName: filebeat terminationGracePeriodSeconds: 30 containers: - name: filebeat image: elastic/filebeat:7.15.0 args: - -e - -c - /etc/filebeat.yml env: - name: ELASTICSEARCH_HOSTS value: elasticsearch:9200 securityContext: runAsUser: 0 volumeMounts: - name: config mountPath: /etc/filebeat.yml subPath: filebeat.yml - name: data mountPath: /usr/share/filebeat/data - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: varlog mountPath: /var/log readOnly: true volumes: - name: config configMap: name: filebeat-config - name: data hostPath: path: /var/lib/filebeat-data type: DirectoryOrCreate - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlog hostPath: path: /var/log5.2 节点监控DaemonSetapiVersion: apps/v1 kind: DaemonSet metadata: name: node-exporter namespace: monitoring spec: selector: matchLabels: app: node-exporter template: metadata: labels: app: node-exporter annotations: prometheus.io/scrape: true prometheus.io/port: 9100 spec: hostNetwork: true hostPID: true containers: - name: node-exporter image: prom/node-exporter:v1.2.0 args: - --path.procfs/host/proc - --path.sysfs/host/sys - --collector.filesystem.ignored-mount-points^/(dev|proc|sys|var/lib/docker/.|var/lib/kubelet/.)($|/) resources: limits: cpu: 100m memory: 100Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: proc mountPath: /host/proc readOnly: true - name: sys mountPath: /host/sys readOnly: true volumes: - name: proc hostPath: path: /proc - name: sys hostPath: path: /sys5.3 网络插件DaemonSetapiVersion: apps/v1 kind: DaemonSet metadata: name: flannel namespace: kube-system spec: selector: matchLabels: app: flannel template: metadata: labels: app: flannel spec: hostNetwork: true tolerations: - operator: Exists containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.14.0 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: cni mountPath: /etc/cni/net.d - name: etc-flannel mountPath: /etc/flannel volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: etc-flannel hostPath: path: /etc/flannel六、DaemonSet监控与调试6.1 状态检查# 查看DaemonSet状态 kubectl get ds # 查看DaemonSet详情 kubectl describe ds name # 查看Pod状态 kubectl get pods -l label -o wide # 查看节点上的Pod分布 kubectl get nodes -o jsonpath{range .items[*]}{.metadata.name}{\t}{.status.addresses[0].address}{\n}{end}6.2 日志查看# 查看所有Pod日志 kubectl logs -l appnode-exporter # 查看特定节点的Pod日志 kubectl logs -l appnode-exporter -n monitoring --field-selector spec.nodeNamenode-1 # 流式日志 kubectl logs -f pod-name6.3 调试命令# 在特定节点上执行命令 kubectl exec pod-name -- cat /var/log/messages # 查看节点信息 kubectl describe node node-name # 查看节点污点 kubectl get node node-name -o jsonpath{.spec.taints}七、性能优化7.1 资源限制配置apiVersion: apps/v1 kind: DaemonSet metadata: name: optimized-daemon spec: template: spec: containers: - name: daemon image: my-daemon resources: requests: cpu: 100m memory: 200Mi limits: cpu: 500m memory: 500Mi7.2 优先级配置apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: name: system-node-critical value: 2000001000 description: Priority class for system node critical components. --- apiVersion: apps/v1 kind: DaemonSet metadata: name: critical-daemon spec: template: spec: priorityClassName: system-node-critical containers: - name: daemon image: critical-component7.3 调度约束apiVersion: apps/v1 kind: DaemonSet metadata: name: constrained-daemon spec: template: spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - zone-a - zone-b containers: - name: daemon image: zone-aware-daemon八、常见问题与解决方案8.1 Pod无法调度到节点问题DaemonSet Pod在某些节点上Pending原因分析节点有污点且DaemonSet没有相应的容忍节点资源不足节点选择器不匹配解决方案kubectl describe node node-name | grep Taints kubectl get ds name -o yaml | grep tolerations8.2 更新卡住问题滚动更新卡在某个节点原因分析节点不可用Pod健康检查失败资源不足解决方案kubectl rollout status ds name kubectl describe pod pod-name kubectl rollout pause ds name8.3 镜像拉取失败问题DaemonSet无法拉取镜像原因分析镜像仓库不可达镜像名称或标签错误认证配置问题解决方案kubectl describe pod pod-name | grep -A 5 Events kubectl get secret regcred -o yaml九、总结DaemonSet是管理集群级守护进程的核心控制器适用于需要在每个节点上运行的系统级服务。通过合理配置可以实现节点级部署确保每个节点都运行守护进程自动扩展新节点加入时自动部署Pod滚动更新安全地更新守护进程版本节点隔离通过污点和容忍控制Pod部署位置建议在部署日志收集、监控代理、网络插件等系统服务时使用DaemonSet并结合资源限制和优先级配置确保系统稳定性。参考资料Kubernetes DaemonSet官方文档DaemonSet更新策略污点与容忍文档

Kubernetes DaemonSet深度解析：管理集群守护进程的最佳实践

相关文章：

Kubernetes DaemonSet深度解析：管理集群守护进程的最佳实践

昇腾CANN runtime Stream 调度引擎：从命令队列到 AI Core 的执行链路

Kubernetes StatefulSet深度解析：管理有状态应用的最佳实践

JDK常用类与工具（速览版）

GPS测速仪SpeedView 3.2.0汉化版精准速度实时测速工具

阿里巴巴运营/2026年阿里巴巴1688店铺效果越来越差的3个核心原因（附解决方案）

CANN-ATB量化推理-昇腾NPU上W8A8量化为什么比W4A16更实用

CANN-HCCL-昇腾NPU分布式训练的通信库怎么选

nvm-setup安装步骤详解

独立开发者如何利用 Taotoken 的 Token Plan 套餐以更优成本启动 AI 项目

工业级大模型学习之路021：LangChain零基础入门教程（第四篇）：文档加载与文本分块技术

深度学习安全帽佩戴检测系统

解决华硕灵耀X双屏Linux下扬声器不工作的问题

第二周学习

【Linux驱动开发】第12天：Linux设备树核心：树形结构+节点+属性完整全解

2026年亲测AI写作辅助软件指南（高效定稿版）

安全打底・能力拉满：我的 OpenClaw 龙虾生态 Skill 清单

HTML应用指南：利用GET请求获取智己汽车门店位置信息

2025大厂Java后端面试：RAG高频考点【干货】

传统FPM项目怎么渐进式迁移到Swoole/Hyperf？

从Java全栈开发到云原生：一次真实的面试对话与技术剖析

pod创建

第 2 篇：Agent 的三种工作模式，选错了事倍功半

为什么92%的Midjourney水效渲染失败？——解析v6.1+版本流体折射权重、noise scale与--s值的黄金三角关系

Shutter Encoder：构建高效媒体工作流的FFmpeg图形化解决方案

AI正在重构工程师岗位：被替代的不是“人”，而是低维度能力

嵌入式C语言开发中的三大致命陷阱

Midjourney V6调色板设置失效的5大隐性原因：从--sref误用到色域压缩陷阱，一文终结色彩失真

SQL 数据库从免费到付费选型实战：支撑真实规模产品的能力分析与选择指南

【小白快速上手】Windows 系统 OpenClaw v2.7.5 一键部署完整教程（包含安装包）