Run nfd-master as Deployment #4
Comments
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
/remove-lifecycle rotten |
|
My concern with this concept is that worker nodes could tag them selves as Masters and gain privileges on the system. How could we avoid that on a Vanilla Kubernetes deployment? |
|
How would a Deployment be different in terms of privileges?? |
|
From the issue init comment "clusters which have no master nodes." , then a Deployment will create masters and a way to create labels without controlling the head of the cluster. I may be wrong tho, not a security expert by no means, I keep my password on a post-it. but I think is something worth double checking before going into that direction |
|
Master nodes and nfd-master are a different/separate thing. When you run nfd-master it doesn't label the node it's running on as a master node. You need to run nfd-master somewhere in the cluster (in order for NFD to be able to work i.e. create node labels). If there are no master nodes in the cluster you'll end up with a non-working state when using a DaemonSet. Nevertheless, the thinking behind running nfd-master on master node(s) by default was still security. Nfd-master would be "safer" there because master nodes are unlinkely to run any user workloads. In any case, I think the operator should take the "masterless" cluster into consideration, only use Deployment in that case or smth. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
/remove-lifecycle stale |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
|
Still valid |
|
@zvonkok I would like to get your eyes on this issue |
|
/assign |
|
/kind feature |
# This is the 1st commit message: Adding documentation to 'main.go' to describe functions, vars, etc. Adding documentation to the code in 'main.go' so that contributors and developers can understand the purpose of each function, variable, etc.. # This is the commit message kubernetes-sigs#2: Adding documentation to funcs and vars in nodefeaturediscovery_controller.go Adding documentation to various functions and variables within the nodefeaturediscovery_controller.go file so that users and contributors can have a deeper understanding of how the reconciliation process works with the NFD Operator. # This is the commit message kubernetes-sigs#3: Rebase to master # This is the commit message kubernetes-sigs#4: Adding documentation to the NFD controller resources file Adding documentation describing the funcs, vars, etc. in the NFD controller resources file so that users and contributors can understand how they all work. # This is the commit message kubernetes-sigs#5: Adding docs to NFD state funcs related to NFD itself (not just the operator) Adding documentation to the NFD state functions related to NFD itself so that users and contributors can understand how NFD works with the NFD operator, especially if they are looking at another file that references these functions and the NFD struct. # This is the commit message kubernetes-sigs#6: Merge master Signed-off-by: Courtney Pacheco <cpacheco@redhat.com> # This is the commit message kubernetes-sigs#7: Rebase to master Signed-off-by: Courtney Pacheco <cpacheco@redhat.com> # This is the commit message kubernetes-sigs#8: Rebase to master - fix incorrect previous rebase
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/open |
Run nfd-master as Deployment instead of a DaemonSet, similar what the NFD upstream deployment template does.
Makes it possible to deploy NFD in managed clusters which have no master nodes.
The text was updated successfully, but these errors were encountered: