Freelancer Client

What Is a DaemonSet in Kubernetes? | OpsNexa!

What Is a DaemonSet in Kubernetes?

What Is a DaemonSet in Kubernetes? OpsNexa Explains

Kubernetes is known for its powerful resource orchestration, and one of its core workload types is the DaemonSet. But what exactly is a DaemonSet in Kubernetes, and why is it important?

A DaemonSet ensures that a specific Pod runs on every node (or selected nodes) in a Kubernetes cluster. Unlike Deployments, which scale Pods based on desired replicas, a DaemonSet runs exactly one Pod per node—automatically starting and stopping Pods as nodes are added or removed.

At OpsNexa, we use DaemonSets in enterprise Kubernetes environments to run node-level services like log collectors, monitoring agents, and security tools. Understanding DaemonSets is essential for platform engineers, DevOps teams, and SREs who need consistent background processes across nodes.

In this blog, we’ll break down what a DaemonSet does, how it differs from other Kubernetes objects, its architecture, real-world use cases, and how to implement one in your cluster efficiently.

Understanding the Role of DaemonSets in Kubernetes Architecture

In Kubernetes architecture, most workloads—like Deployments or StatefulSets—are designed to run application containers that can scale horizontally. However, DaemonSets are node-oriented, serving the infrastructure layer instead of application logic.

What Happens When You Create a DaemonSet?

  • Kubernetes schedules one Pod from the DaemonSet onto each node

  • When a new node joins the cluster, Kubernetes automatically adds the Pod to it

  • If a node leaves the cluster, the Pod is removed

This behavior ensures that essential background services are uniformly distributed across your infrastructure without manual scaling.

Use Cases Include:

  • Log collection agents (e.g., Fluentd, Filebeat)

  • Monitoring agents (e.g., Prometheus Node Exporter)

  • Networking tools (e.g., Calico, Cilium)

  • Security scanners (e.g., Falco)

OpsNexa recommends DaemonSets for running services that interact directly with node internals, such as /var/log directories or kernel-level data—something you wouldn’t want to replicate arbitrarily like standard app containers.

Key Features and Behavior of DaemonSets

DaemonSets have distinct behaviors that make them ideal for certain infrastructure workloads. Here’s what makes them unique compared to Deployments or Jobs:

1. Node-Level Deployment

Unlike other controllers, DaemonSets automatically deploy a Pod to every node or matched nodes via node selectors or affinity rules.

2. No Manual Scaling

You don’t specify a number of replicas; Kubernetes determines this based on the number of eligible nodes.

3. Automatic Pod Lifecycle Management

  • Pod added when a node is added

  • Pod removed when a node is deleted

  • Pod restarted if it crashes

4. Update Strategies

DaemonSets support RollingUpdate and OnDelete strategies:

  • RollingUpdate: Replaces Pods automatically

  • OnDelete: Updates only after Pods are manually deleted

5. Tolerations and Affinity

DaemonSets can use tolerations to run on tainted nodes and node affinity to target specific instance types or zones.

For example, at OpsNexa, we configure monitoring agents via DaemonSets to run only on Linux nodes with SSDs using custom node affinity rules. This keeps infrastructure efficient and tailored.

How to Create and Manage a DaemonSet in Kubernetes

Creating a DaemonSet is straightforward using a YAML manifest. Here’s a basic example:

yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-monitor
namespace: kube-system
spec:
selector:
matchLabels:
app: node-monitor
template:
metadata:
labels:
app: node-monitor
spec:
containers:
- name: node-monitor
image: opsnexa/node-monitor:latest
resources:
limits:
cpu: "100m"
memory: "200Mi"
volumeMounts:
- name: varlog
mountPath: /var/log
volumes:
- name: varlog
hostPath:
path: /var/log

Key Sections:

  • spec.selector: Identifies Pods under management

  • template: Describes the Pod to be deployed on each node

  • volumes.hostPath: Mounts host paths like /var/log

To create the DaemonSet:

bash
kubectl apply -f daemonset.yaml

To view its status:

bash
kubectl get daemonsets -n kube-system

To delete:

bash
kubectl delete daemonset node-monitor -n kube-system

OpsNexa recommends tagging DaemonSet Pods clearly and isolating them in specific namespaces (e.g., infrastructure, kube-system) to avoid confusion with application workloads.

Real-World Use Cases for DaemonSets (With OpsNexa Examples)

DaemonSets are essential for consistent node-level service deployment. At OpsNexa, we’ve used them in many client environments for various production needs.

1. Log Aggregation

  • Tool: Fluentd or Filebeat

  • Purpose: Collect logs from node file systems and forward them to ElasticSearch or Loki

2. Node Monitoring

  • Tool: Prometheus Node Exporter

  • Purpose: Capture CPU, memory, and disk metrics from all nodes

3. Security and Compliance

  • Tool: Falco or Sysdig

  • Purpose: Detect abnormal activity or unauthorized system calls at runtime

4. Networking

  • Tool: Calico or Cilium DaemonSets

  • Purpose: Enable container networking and enforce network policies

5. Storage Agents

  • Tool: CSI (Container Storage Interface) drivers

  • Purpose: Manage storage volumes and attach/detach processes

In one OpsNexa project for a FinTech client, we used a DaemonSet to deploy a custom disk usage scanner to every node to detect file system anomalies—a crucial requirement for their security audit trail.

OpsNexa’s Best Practices for Using DaemonSets in Production

Deploying DaemonSets correctly requires more than just writing YAML. Here are OpsNexa’s top best practices for safe, scalable DaemonSet usage:

1. Isolate Infrastructure Workloads

Use namespaces like kube-system, monitoring, or infra to separate DaemonSets from application services.

2. Use Node Affinity and Tolerations Wisely

Don’t run all DaemonSets on every node unless required. Use:

  • nodeAffinity to target specific hardware

  • tolerations for tainted nodes like GPU or ARM-based nodes

3. Manage Updates Carefully

Avoid service disruption by using RollingUpdate with controlled maxUnavailable values. Monitor rollout status with:

bash
kubectl rollout status daemonset <name>

4. Watch Resource Usage

DaemonSet Pods run on every node—multiply their resource footprint by your cluster size. Use resource requests and limits to prevent overload.

5. Enable Logging and Health Checks

Ensure your DaemonSet containers have proper liveness and readiness probes for observability.

6. Keep DaemonSets Minimal

Use DaemonSets only when truly necessary. For scalable apps, consider Deployments or StatefulSets instead.

At OpsNexa, we conduct infrastructure reviews to ensure DaemonSets are used appropriately and do not cause performance degradation or unnecessary billing increases.

Conclusion: DaemonSets – The Backbone of Kubernetes Infrastructure

DaemonSets are a powerful Kubernetes controller designed for node-level consistency and automation. They’re ideal for managing monitoring agents, logging tools, and network policies that need to run on every node in your cluster.

While they seem simple on the surface, improper use of DaemonSets can lead to resource waste or performance issues. With proper configuration and oversight—like node affinity, tolerations, and resource limits—DaemonSets become an indispensable tool in any Kubernetes environment.

At OpsNexa, we specialize in designing and managing Kubernetes clusters with robust observability and performance in mind. DaemonSets are just one of the many building blocks we use to deliver scalable, secure, and cost-efficient infrastructure solutions.

Need help managing your Kubernetes infrastructure or optimizing DaemonSets? Contact OpsNexa today and let our experts handle it.