Skip to content
Riptides Docs

Daemon

An Daemon represents a registered node running the Riptides daemon. Daemons are automatically created when a node connects to the control plane and successfully authenticates through a Verifier.

  • API Group: core.riptides.io
  • Version: v1alpha1
  • Kind: Daemon
  • Plural: daemons

Spec

Section titled “Spec”

workloadID

Section titled “workloadID”
  • Type: string
  • Required: Yes

The unique workload identity assigned to this daemon. Typically follows the pattern riptides/daemon/<account-or-project>/<region>/<instance-id>, derived from the verifier’s workloadIDTemplate or set explicitly during registration.

claimerType

Section titled “claimerType”
  • Type: string
  • Required: Yes

The authentication method the daemon used to register with the control plane. Corresponds to one of the supported Verifier types: AWSIID, GCPIIT, JoinToken, X509CertPOP, SSHCertPOP, K8sSAT, or JWT.

Status

Section titled “Status”

Status fields are populated and managed by the control plane. They are read-only.

health

Section titled “health”
  • Type: object

Reports the current health of the daemon and its kernel-level driver.

FieldTypeDescription
daemonHealthstringHealth status of the userspace daemon (e.g., ok)
driverHealthstringHealth status of the kernel driver (e.g., ok)
lastProbeAtstringTimestamp of the last health check

metadata

Section titled “metadata”
  • Type: array of {name, value} objects

A flat list of key-value pairs describing the node. The metadata collected depends on the claimerType and the environment the daemon runs in. Common metadata categories include:

PrefixDescription
awsiid:*AWS Instance Identity Document fields (account ID, region, instance type, etc.)
gcpiit:*GCP Instance Identity Token fields (project ID, zone, instance name, etc.)
ec2:*EC2 instance metadata (AMI, network, placement)
gcp:*GCP instance metadata (machine type, image, network)
linuxos:*Linux OS information (kernel release, distribution name and version)
node:*Generic node info (hostname, architecture, network interfaces, OS type)
status:*Daemon and driver version information
sysfsdmi:*DMI/SMBIOS hardware information (BIOS vendor, product name)

exposedEndpoints

Section titled “exposedEndpoints”
  • Type: map[string]string

Endpoints exposed by the daemon, such as Prometheus metrics exporters. Keys are endpoint names, values are listen addresses.

Example

Section titled “Example”
apiVersion: core.riptides.io/v1alpha1
kind: Daemon
metadata:
  name: 78e58ba0-275e-4dc2-876b-ae7f066d300d
  namespace: riptides-system
spec:
  claimerType: AWSIID
  workloadID: riptides/daemon/123456789012/eu-west-1/i-0123456789abcdef0
status:
  exposedEndpoints:
    prom-metr-exp-addr: "[::]:50003"
  health:
    daemonHealth: ok
    driverHealth: ok
    lastProbeAt: "20260313T131417Z"
  metadata:
    - name: workload:id
      value: 123456789012/eu-west-1/i-0123456789abcdef0
    - name: awsiid:account:id
      value: "123456789012"
    - name: awsiid:architecture
      value: x86_64
    - name: awsiid:availability:zone
      value: eu-west-1b
    - name: awsiid:image:id
      value: ami-0123456789abcdef0
    - name: awsiid:instance:id
      value: i-0123456789abcdef0
    - name: awsiid:instance:type
      value: t3.xlarge
    - name: awsiid:private_ip
      value: 10.0.1.100
    - name: awsiid:region
      value: eu-west-1
    - name: linuxos:name
      value: amazon
    - name: linuxos:version
      value: Amazon Linux 2023.9.20251208
    - name: node:hostname
      value: ip-10-0-1-100.eu-west-1.compute.internal
    - name: node:kernel:arch
      value: x86_64
    - name: node:os:type
      value: linux
    - name: status:daemon:version
      value: v0.5.10
    - name: status:driver:version
      value: v0.5.13
Section titled “Related Resources”
  • Verifier — defines how daemons authenticate with the control plane
  • Claim — represents an daemon’s authentication attempt
  • DaemonGroup — groups daemons by metadata selectors