Nidhogg is a controller that taints nodes based on whether a Pod from a specific Daemonset is running on them.
Sometimes you have a Daemonset that is so important that you don't want other pods to run on your node until that Daemonset is up and running on the node. Nidhogg solves this problem by tainting the node until your Daemonset pod is ready, preventing pods that don't tolerate the taint from scheduling there.
Nidhogg annotate the node when all the required taints are removed: nidhogg.uswitch.com/first-time-ready: 2006-01-02T15:04:05Z
Nidhogg was built using Kubebuilder
Nidhogg requires a yaml/json config file to tell it what Daemonsets to watch and what nodes to act on.
nodeSelector
is a map of keys/values corresponding to node labels. daemonsets
is an array of Daemonsets to watch, each containing two fields name
and namespace
. Nodes are tainted with taint that follows the format of nidhogg.uswitch.com/namespace.name:NoSchedule
.
Example:
YAML:
nodeSelector:
node-role.kubernetes.io/node
daemonsets:
- name: kiam
namespace: kube-system
JSON:
{
"nodeSelector": [
"node-role.kubernetes.io/node",
"!node-role.kubernetes.io/master",
"aws.amazon.com/ec2.asg.name in (standard, special)"
],
"daemonsets": [
{
"name": "kiam",
"namespace": "kube-system"
}
]
}
This example will select any nodes in AWS ASGs named "standard" or "special" that have the label
node-role.kubernetes.io/node
present, and no nodes with label node-role.kubernetes.io/master
. If the matching nodes
do not have a running and ready pod from the kiam
daemonset in the kube-system
namespace. It will add a taint of
nidhogg.uswitch.com/kube-system.kiam:NoSchedule
until there is a ready kiam pod on the node.
If you want pods to be able to run on the nidhogg tainted nodes you can add a toleration:
spec:
tolerations:
- key: nidhogg.uswitch.com/kube-system.kiam
operator: "Exists"
effect: NoSchedule
Docker images can be found at https://quay.io/uswitch/nidhogg
Example Kustomize manifests can be found here to quickly deploy this to a cluster.
-config-file string
Path to config file (default "config.json")
-kubeconfig string
Paths to a kubeconfig. Only required if out-of-cluster.
-leader-configmap string
Name of configmap to use for leader election
-leader-election
enable leader election
-leader-namespace string
Namespace where leader configmap located
-master string
The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.
-metrics-addr string
The address the metric endpoint binds to. (default ":8080")