All Products
Search

This Product

    Container Service for Kubernetes:Configure DaemonSet upgrade models to resolve upgrade blocks and handle over-the-air updates

    Document Center

    Container Service for Kubernetes:Configure DaemonSet upgrade models to resolve upgrade blocks and handle over-the-air updates

    Last Updated:Mar 26, 2026

    The native DaemonSet rolling update can be blocked when a node becomes NotReady due to a cloud-edge network disconnection. It also provides no API for triggering upgrades directly on an edge node. ACK edge clusters extend the native model with two upgrade models that address these limitations: AdvancedRollingUpdate and over-the-air (OTA).

    Prerequisites

    Before you begin, ensure that you have:

    • An ACK edge cluster running v1.26.3-aliyun.1 or later

    Choose an upgrade model

    Upgrade model Use when
    AdvancedRollingUpdate Cloud-edge network disconnections may cause nodes to become NotReady and block the rolling update
    OTA You need to control upgrade timing on each edge node and trigger upgrades on demand via REST API

    Configuration

    Both upgrade models share the same configuration requirements. Set the following annotations and update strategy on your DaemonSet:

    apiVersion: apps/v1
kind: DaemonSet
metadata:
  annotations:
    # Required: enables the extended upgrade model.
    # Valid values: AdvancedRollingUpdate or OTA.
    apps.openyurt.io/update-strategy: AdvancedRollingUpdate
    # Optional: applies to AdvancedRollingUpdate only.
    # Defines the maximum number of unavailable pods during the rolling update.
    # Accepts the same values as the native DaemonSet maxUnavailable. Default: 10%.
    apps.openyurt.io/max-unavailable: 30%
spec:
  updateStrategy:
    # Required: must be set to OnDelete for either upgrade model to take effect.
    type: OnDelete

    In short: set apps.openyurt.io/update-strategy to AdvancedRollingUpdate or OTA, and set spec.updateStrategy.type to OnDelete.

    Parameters

    Parameter Description
    apps.openyurt.io/update-strategy Enables the extended upgrade model. Valid values: AdvancedRollingUpdate or OTA.
    apps.openyurt.io/max-unavailable Applies to AdvancedRollingUpdate only. Maximum number of unavailable pods during the rolling update. Accepts the same values as the native DaemonSet maxUnavailable. Default: 10%.
    spec.updateStrategy.type Must be set to OnDelete. This requires you to manually delete old pods to trigger new pod creation.

    Use AdvancedRollingUpdate

    During a rolling update, AdvancedRollingUpdate skips NotReady nodes and upgrades pods on Ready nodes first. When a node becomes Ready again, the model automatically upgrades the DaemonSet pod on that node.

    The following example creates a DaemonSet named nginx-daemonset using AdvancedRollingUpdate, with a maximum of 30% unavailable pods during the rolling update.

    cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-daemonset
  annotations:
    apps.openyurt.io/update-strategy: AdvancedRollingUpdate
    apps.openyurt.io/max-unavailable: 30%
spec:
  selector:
    matchLabels:
      app: nginx
  updateStrategy:
    type: OnDelete
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.19.4
EOF
    Pods on NotReady nodes are skipped during the rollout. When a node becomes Ready again, the DaemonSet pod on that node is upgraded automatically.

    Use OTA

    OTA gives you full control over upgrade timing on each edge node. After the DaemonSet image is updated, pods are not upgraded automatically. Use the REST APIs provided by the edge-hub component on each edge node to check upgrade status and trigger upgrades on demand.

    OTA REST APIs

    All API calls are made locally on the edge node (base URL: http://127.0.0.1:10267).

    Method Endpoint Description
    GET /pods Returns pod information on the node. Check PodNeedUpgrade in Pod.status.conditions to determine whether a pod needs an upgrade.
    POST /openyurt.io/v1/namespaces/{ns}/pods/{podname}/imagepull Pre-pulls the image for a specific DaemonSet pod. Use this to reduce startup time for large images before triggering the upgrade. Supported in v1.32-aliyun.1 or later.
    POST /openyurt.io/v1/namespaces/{ns}/pods/{podname}/upgrade Triggers an upgrade for a specific DaemonSet pod.

    OTA upgrade example

    Step 1: Create an OTA-enabled DaemonSet

    cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-daemonset
  annotations:
    apps.openyurt.io/update-strategy: OTA
spec:
  selector:
    matchLabels:
      app: nginx
  updateStrategy:
    type: OnDelete
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.19.4
EOF

    Step 2: Update the DaemonSet image

    Update the DaemonSet image to trigger a new version. Pods on edge nodes are not upgraded automatically.

    kubectl set image daemonset/nginx-daemonset nginx=nginx:1.19.5

    Step 3: Check whether a pod needs an upgrade

    On an edge node, run the following command to list pod status:

    curl http://127.0.0.1:10267/pods

    If the output for default/nginx-daemonset-bwzss contains PodNeedUpgrade=true in pod.Status.Conditions, the corresponding pod requires an upgrade.

    Step 4: (Optional) Pre-pull the image

    For large images, pre-pull the image before triggering the upgrade to reduce startup time:

    curl -X POST http://127.0.0.1:10267/openyurt.io/v1/namespaces/default/pods/nginx-daemonset-bwzss/imagepull

    Expected output:

    Image pre-pull requested for pod default/nginx-daemonset-bwzss
    The image pre-pull API requires cluster version v1.32-aliyun.1 or later.

    Step 5: Trigger the upgrade

    curl -X POST http://127.0.0.1:10267/openyurt.io/v1/namespaces/default/pods/nginx-daemonset-bwzss/upgrade

    Expected output:

    Start updating pod default/nginx-daemonset-bwzss

    What's next