Perform a Rolling Update on a DaemonSet

    You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using or you can use one of these Kubernetes playgrounds:

    DaemonSet Update Strategy

    DaemonSet has two update strategy types:

    • OnDelete: With OnDelete update strategy, after you update a DaemonSet template, new DaemonSet pods will only be created when you manually delete old DaemonSet pods. This is the same behavior of DaemonSet in Kubernetes version 1.5 or before.
    • RollingUpdate: This is the default update strategy.
      With RollingUpdate update strategy, after you update a DaemonSet template, old DaemonSet pods will be killed, and new DaemonSet pods will be created automatically, in a controlled fashion. At most one pod of the DaemonSet will be running on each node during the whole update process.

    To enable the rolling update feature of a DaemonSet, you must set its .spec.updateStrategy.type to RollingUpdate.

    You may want to set .spec.updateStrategy.rollingUpdate.maxUnavailable (default to 1), (default to 0) and .spec.updateStrategy.rollingUpdate.maxSurge (defaults to 0) as well.

    This YAML file specifies a DaemonSet with an update strategy as ‘RollingUpdate’

    controllers/fluentd-daemonset.yaml

    After verifying the update strategy of the DaemonSet manifest, create the DaemonSet:

    1. kubectl create -f https://k8s.io/examples/controllers/fluentd-daemonset.yaml

    Alternatively, use kubectl apply to create the same DaemonSet if you plan to update the DaemonSet with kubectl apply.

    1. kubectl apply -f https://k8s.io/examples/controllers/fluentd-daemonset.yaml
    1. kubectl get ds/fluentd-elasticsearch -o go-template='{{.spec.updateStrategy.type}}{{"\n"}}' -n kube-system

    If you haven’t created the DaemonSet in the system, check your DaemonSet manifest with the following command instead:

    The output from both commands should be:

    1. RollingUpdate

    If the output isn’t RollingUpdate, go back and modify the DaemonSet object or manifest accordingly.

    Any updates to a RollingUpdate DaemonSet .spec.template will trigger a rolling update. Let’s update the DaemonSet by applying a new YAML file. This can be done with several different kubectl commands.

    Perform a Rolling Update on a DaemonSet - 图2

    1. apiVersion: apps/v1
    2. kind: DaemonSet
    3. name: fluentd-elasticsearch
    4. namespace: kube-system
    5. labels:
    6. k8s-app: fluentd-logging
    7. selector:
    8. matchLabels:
    9. name: fluentd-elasticsearch
    10. updateStrategy:
    11. type: RollingUpdate
    12. rollingUpdate:
    13. maxUnavailable: 1
    14. template:
    15. metadata:
    16. labels:
    17. name: fluentd-elasticsearch
    18. spec:
    19. tolerations:
    20. # these tolerations are to have the daemonset runnable on control plane nodes
    21. # remove them if your control plane nodes should not run pods
    22. - key: node-role.kubernetes.io/control-plane
    23. operator: Exists
    24. effect: NoSchedule
    25. - key: node-role.kubernetes.io/master
    26. operator: Exists
    27. effect: NoSchedule
    28. containers:
    29. image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
    30. resources:
    31. limits:
    32. memory: 200Mi
    33. cpu: 100m
    34. memory: 200Mi
    35. volumeMounts:
    36. - name: varlog
    37. mountPath: /var/log
    38. - name: varlibdockercontainers
    39. mountPath: /var/lib/docker/containers
    40. readOnly: true
    41. terminationGracePeriodSeconds: 30
    42. volumes:
    43. - name: varlog
    44. hostPath:
    45. path: /var/log
    46. - name: varlibdockercontainers
    47. hostPath:
    48. path: /var/lib/docker/containers

    Declarative commands

    If you update DaemonSets using , use kubectl apply:

    1. kubectl apply -f https://k8s.io/examples/controllers/fluentd-daemonset-update.yaml

    Imperative commands

    If you update DaemonSets using , use kubectl edit :

    Updating only the container image

    If you only need to update the container image in the DaemonSet template, i.e. .spec.template.spec.containers[*].image, use kubectl set image:

    1. kubectl set image ds/fluentd-elasticsearch fluentd-elasticsearch=quay.io/fluentd_elasticsearch/fluentd:v2.6.0 -n kube-system
    1. kubectl rollout status ds/fluentd-elasticsearch -n kube-system

    When the rollout is complete, the output is similar to this:

    1. daemonset "fluentd-elasticsearch" successfully rolled out

    Troubleshooting

    Sometimes, a DaemonSet rolling update may be stuck. Here are some possible causes:

    Some nodes run out of resources

    The rollout is stuck because new DaemonSet pods can’t be scheduled on at least one node. This is possible when the node is .

    When this happens, find the nodes that don’t have the DaemonSet pods scheduled on by comparing the output of kubectl get nodes and the output of:

    Once you’ve found those nodes, delete some non-DaemonSet pods from the node to make room for new DaemonSet pods.

    Note: This will cause service disruption when deleted pods are not controlled by any controllers or pods are not replicated. This does not respect PodDisruptionBudget either.

    Broken rollout

    If the recent DaemonSet template update is broken, for example, the container is crash looping, or the container image doesn’t exist (often due to a typo), DaemonSet rollout won’t progress.

    To fix this, update the DaemonSet template again. New rollout won’t be blocked by previous unhealthy rollouts.

    Clock skew

    Delete DaemonSet from a namespace :

    1. kubectl delete ds fluentd-elasticsearch -n kube-system

    What’s next

    • See