top of page
Search

DaemonSets in Kubernetes: A Complete Technical Guide

  • Sep 30
  • 3 min read

By Ananta Cloud Engineering Team | September 30, 2025



Learn how Kubernetes DaemonSets work, their use cases, scheduling, YAML examples, and best practices to run Pods on every node in your cluster.

When running workloads in Kubernetes, you often need certain Pods to run on every node in the cluster — for tasks like collecting logs, monitoring node metrics, or running security agents. This is where DaemonSets shine.


A DaemonSet is a Kubernetes controller that ensures that a copy of a Pod is running on all (or a subset of) nodes. As nodes are added or removed, DaemonSets automatically ensure that Pods are created or removed accordingly.


Why DaemonSets Matter

Imagine you have a logging agent (like Fluentd or Vector) that needs to run on every node to collect application logs from local disk and ship them to a centralized logging solution. Deploying them with a Deployment or ReplicaSet would be inefficient — you’d have to manually ensure one Pod per node. DaemonSets automate this process.


DaemonSet Use Cases

Some of the most common use cases for DaemonSets include:

  • Log Collection: Fluentd, Vector, Logstash agents that collect and forward logs.

  • Monitoring: Node-level monitoring agents like Prometheus Node Exporter or Datadog Agent.

  • Security Agents: Tools like Falco, Sysdig, or eBPF-based security monitors.

  • Networking Add-ons: CNI plugins such as Calico, Cilium, or Flannel run as DaemonSets.

  • Node Maintenance Utilities: Disk cleaners, backup agents, or other node-level daemons.


How DaemonSets Work

DaemonSets are managed by the DaemonSet Controller running in the kube-controller-manager. Its job is to:

  1. Watch nodes and pods.

  2. Match node selectors, affinities, and taints/tolerations.

  3. Ensure one Pod per matching node.

  4. Handle rolling updates or deletions of Pods when the DaemonSet spec changes.


Learn how Kubernetes DaemonSets work, their use cases, scheduling, YAML examples, and best practices to run Pods on every node in your cluster.

DaemonSet YAML Example

Here’s a simple DaemonSet manifest for Prometheus Node Exporter:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-exporter
  namespace: monitoring
spec:
  selector:
    matchLabels:
      app: node-exporter
  template:
    metadata:
      labels:
        app: node-exporter
    spec:
      containers:
      - name: node-exporter
        image: prom/node-exporter:v1.8.0
        ports:
        - containerPort: 9100
      tolerations:
      - key: "node-role.kubernetes.io/master"
        effect: "NoSchedule"
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet

Key Fields Explained:

  • hostNetwork: Allows Pod to share the host network namespace, common for monitoring agents.

  • tolerations: Ensures the Pod can run on control-plane nodes if needed.

  • selector: Tells the controller which Pods belong to the DaemonSet.


DaemonSet Scheduling Behavior

  • By default, a DaemonSet schedules one Pod per node.

  • You can target specific nodes using:

    • nodeSelector

    • nodeAffinity

    • taints and tolerations

  • If you want to run DaemonSet Pods only on a subset of nodes (e.g., GPU nodes), you can add a node label (e.g., node-type=gpu) and specify that in your DaemonSet’s nodeSelector.


Updating DaemonSets

DaemonSets support rolling updates (just like Deployments).


Example:


updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1

This ensures that Pods are updated one node at a time, minimizing downtime.


Troubleshooting DaemonSets

  1. Pods not running on certain nodes?

    • Check kubectl get nodes --show-labels and confirm node labels match your nodeSelector.

    • Check taints: kubectl describe node <node-name>.

  2. DaemonSet not creating Pods?

    • Verify RBAC permissions (some agents require privileged access).

  3. ImagePullErrors?

    • Confirm image availability and credentials if using a private registry.


Best Practices for DaemonSets

Use Selective Scheduling: Run DaemonSets only where they are required using labels and affinity rules.

Set Resource Requests & Limits: Prevent node starvation by defining CPU & memory requests.

Enable HostPID/HostNetwork cautiously: Only when absolutely required.

Use RBAC & PodSecurity: Limit permissions to least privilege.

Monitor DaemonSet Health: Use kubectl rollout status ds/<name> to watch updates.


Conclusion

DaemonSets are a powerful way to run node-level workloads across your Kubernetes cluster. Whether you’re running logging agents, monitoring tools, or security daemons, DaemonSets ensure you get full node coverage without manual overhead.


When combined with node labels, taints, and affinities, they offer fine-grained control over where and how your workloads run — making them one of the most important controllers in Kubernetes for infrastructure-level operations.


Take Your Kubernetes Game to the Next Level!


Explore more Kubernetes deep-dives, monitoring guides, and security best practices at Ananta Cloud Blog and stay ahead in your cloud-native journey.




Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
average rating is 4 out of 5, based on 150 votes, Recommend it

Stay ahead with the latest insights delivered right to you.

  • Straightforward DevOps insights

  • Professional advice you can trust

  • Cutting-edge trends in IaC, automation, and DevOps

  • Proven best practices from the field

bottom of page