K
Q

How to deploy specific pod to all nodes including master, but only for specific pod

9/23/2018

I have a security pod that needs to run everywhere including master. I do not want, however, master to run any other (non kubernetes) pods. I know I can taint master node, and I know I can setup affinity for a pod. Yet (unless I am misunderstanding something) that isn't quite what I want.

What I want is to setup affinity in a way that this security pod runs on every single node including master as a part of same daemon set. It is important that I only have a single definition due to how this security pod gets deployed.

Can this be done?

I am running Kubernetes 1.8

-- Jacek Perry
kubernetes

Similar Questions

Can't run kube-apiserver --enable-admission-plugins=DefaultStorageClass
How to change cluster IP in a replication controller run time
Can't run Traefik load balancer without hostPort
Fluentd filter exception - kubernetes centralized logging
How to check if cassandra is up and running using initContainers
Kubernetes List All Containers that are not running
Doesn't Virtualservice for internal service cause loop?
Kubernetes deployment does not persist data after restart, even after deployment yaml is attached to a cloud filestore nfs server
APIM unable to connect to service deployed in AKS
How to access the keycloak.local ingress host?
Why Kubernetes REST API is imperative?

1 Answer

9/23/2018

I think this is more or less duplicate to this question.

What you need is a combination of two features:

  • DaemonSet will allow you to schedule Pod to run on every node
  • Tolerations in the DaemonSet Pods will allow this workload to run even on the node which has the master taint.

That way your security pods will run everywhere even on the master with the taint because they can tolerate it. I think there is an example directly on the DaemonSet website.

But other pods without this toleration will not be scheduled on master because they do not tolerate the taint.

-- Jakub
Source: StackOverflow