DaemonSet

Jan 1, 0001

Definition

A DaemonSet in Kubernetes is a resource object that ensures a copy of a specified Pod runs on all or selected nodes within a cluster. It is typically used for deploying system-level services such as log collection, monitoring agents, or network proxies that need to run on every node. DaemonSets automatically manage the scheduling of these Pods, ensuring they are created on new nodes when they are added to the cluster and removed when nodes are deleted.

Secure Settings Example

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: secure-daemonset
spec:
  selector:
    matchLabels:
      app: secure-app
  template:
    metadata:
      labels:
        app: secure-app
    spec:
      containers:
      - name: secure-container
        image: secure-image:latest
        securityContext:
          runAsNonRoot: true
          readOnlyRootFilesystem: true
          capabilities:
            drop:
            - ALL
      hostNetwork: false
      hostPID: false
      hostIPC: false

Insecure Settings Example

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: insecure-daemonset
spec:
  selector:
    matchLabels:
      app: insecure-app
  template:
    metadata:
      labels:
        app: insecure-app
    spec:
      containers:
      - name: insecure-container
        image: insecure-image:latest
        securityContext:
          runAsNonRoot: false
          readOnlyRootFilesystem: false
          capabilities:
            add:
            - NET_ADMIN
      hostNetwork: true
      hostPID: true
      hostIPC: true

DaemonSet

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter