Skip to content
Riptides Docs

DaemonGroup

An DaemonGroup defines a logical group of daemons selected by metadata key-value pairs. DaemonGroups are used to target sets of nodes when configuring workload identities and security policies.

  • API Group: core.riptides.io
  • Version: v1alpha1
  • Kind: DaemonGroup
  • Plural: daemongroups

Spec

Section titled “Spec”

workloadID

Section titled “workloadID”
  • Type: string
  • Required: Yes

The workload identity assigned to this group. All daemons matching the selectors are associated with this identity. Follows a pattern like riptides/daemongroup/<group-name> or a custom hierarchy such as riptides/daemongroup/<cluster>/<group-name>.

selectors

Section titled “selectors”
  • Type: array of objects (free-form key-value pairs)
  • Required: Yes

A list of metadata selectors that determine which daemons belong to this group. Each selector is an object with a single key-value pair that is matched against daemon metadata. An daemon matches the group if it matches any of the selectors (OR logic).

Common selector keys:

KeyDescription
linuxos:nameMatch daemons running a specific Linux distribution (ubuntu, amazon, fedora, alpine)
awsiid:account:idMatch daemons in a specific AWS account
gcpiit:project:idMatch daemons in a specific GCP project
node:os:typeMatch by OS type (e.g., linux)

Status

Section titled “Status”

Status fields are managed by the control plane and are read-only.

daemons

Section titled “daemons”
  • Type: array of objects

Lists the daemons currently matched by this group’s selectors.

FieldTypeDescription
namestringThe daemon resource name (UUID)
uuidstringThe daemon’s Kubernetes UID
workloadIdstringThe daemon’s workload identity
workloadIdHashstringHash of the workload identity

Example

Section titled “Example”
apiVersion: core.riptides.io/v1alpha1
kind: DaemonGroup
metadata:
  name: linux-workers
  namespace: riptides-system
spec:
  selectors:
    - linuxos:name: ubuntu
    - linuxos:name: fedora
    - linuxos:name: alpine
    - linuxos:name: amazon
  workloadID: riptides/daemongroup/linux-workers
status:
  daemons:
    - name: a1b2c3d4-e5f6-7890-abcd-ef1234567890
      uuid: 12345678-abcd-ef01-2345-6789abcdef01
      workloadId: riptides/daemon/123456789012/eu-west-1/i-0123456789abcdef0
      workloadIdHash: d2d035b1-0feb-50e4-a48a-eb4628d3d7f2
    - name: b2c3d4e5-f678-9012-bcde-f12345678901
      uuid: 23456789-bcde-f012-3456-789abcdef012
      workloadId: riptides/daemon/123456789012/eu-west-1/i-0abcdef1234567890
      workloadIdHash: 88c57928-17e8-533f-8807-45f1e6f8cb43
Section titled “Related Resources”
  • Daemon — the individual daemons that are grouped
  • WorkloadIdentity — uses DaemonGroups to scope identity and policy