diff --git a/Dockerfile b/Dockerfile
index 2de45030a..9b3490c59 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,7 +31,7 @@ USER 65534:65534
 # Use more verbose logging of gRPC
 ENV GRPC_GO_LOG_SEVERITY_LEVEL="INFO"
 
-COPY --from=builder /go/node-feature-discovery/nfd-worker.conf.example /etc/kubernetes/node-feature-discovery/nfd-worker.conf
+COPY --from=builder /go/node-feature-discovery/deployment/components/worker-config/nfd-worker.conf.example /etc/kubernetes/node-feature-discovery/nfd-worker.conf
 COPY --from=builder /go/bin/* /usr/bin/
 
 # Create minimal variant of the production image
@@ -43,5 +43,5 @@ USER 65534:65534
 # Use more verbose logging of gRPC
 ENV GRPC_GO_LOG_SEVERITY_LEVEL="INFO"
 
-COPY --from=builder /go/node-feature-discovery/nfd-worker.conf.example /etc/kubernetes/node-feature-discovery/nfd-worker.conf
+COPY --from=builder /go/node-feature-discovery/deployment/components/worker-config/nfd-worker.conf.example /etc/kubernetes/node-feature-discovery/nfd-worker.conf
 COPY --from=builder /go/bin/* /usr/bin/
diff --git a/Makefile b/Makefile
index 772273971..25b545410 100644
--- a/Makefile
+++ b/Makefile
@@ -107,7 +107,7 @@ yamls: $(yaml_instances)
 templates: $(yaml_templates)
 	@# Need to prepend each line in the sample config with spaces in order to
 	@# fit correctly in the configmap spec.
-	@sed s'/^/    /' nfd-worker.conf.example > nfd-worker.conf.tmp
+	@sed s'/^/    /' deployment/components/worker-config/nfd-worker.conf.example > nfd-worker.conf.tmp
 	@# The sed magic below replaces the block of text between the lines with start and end markers
 	@for f in $+; do \
 	    start=NFD-WORKER-CONF-START-DO-NOT-REMOVE; \
diff --git a/deployment/base/master/kustomization.yaml b/deployment/base/master/kustomization.yaml
new file mode 100644
index 000000000..be8bb85ee
--- /dev/null
+++ b/deployment/base/master/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: node-feature-discovery
+
+resources:
+- master-service.yaml
+- master-deployment.yaml
diff --git a/deployment/base/master/master-deployment.yaml b/deployment/base/master/master-deployment.yaml
new file mode 100644
index 000000000..45cbe665b
--- /dev/null
+++ b/deployment/base/master/master-deployment.yaml
@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: nfd
+  name: nfd-master
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nfd-master
+  template:
+    metadata:
+      labels:
+        app: nfd-master
+    spec:
+      serviceAccount: nfd-master
+      tolerations: []
+      containers:
+        - name: nfd-master
+          image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
+          imagePullPolicy: Always
+          command:
+            - "nfd-master"
+          args: []
+          volumeMounts: []
+      volumes: []
diff --git a/deployment/base/master/master-service.yaml b/deployment/base/master/master-service.yaml
new file mode 100644
index 000000000..ab607a511
--- /dev/null
+++ b/deployment/base/master/master-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nfd-master
+spec:
+  selector:
+    app: nfd-master
+  ports:
+  - protocol: TCP
+    port: 8080
+  type: ClusterIP
diff --git a/deployment/base/rbac/kustomization.yaml b/deployment/base/rbac/kustomization.yaml
new file mode 100644
index 000000000..fdadb5675
--- /dev/null
+++ b/deployment/base/rbac/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: node-feature-discovery
+
+resources:
+- master-serviceaccount.yaml
+- master-clusterrole.yaml
+- master-clusterrolebinding.yaml
diff --git a/deployment/base/rbac/master-clusterrole.yaml b/deployment/base/rbac/master-clusterrole.yaml
new file mode 100644
index 000000000..8ae3250fe
--- /dev/null
+++ b/deployment/base/rbac/master-clusterrole.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: nfd-master
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - patch
+  - update
diff --git a/deployment/base/rbac/master-clusterrolebinding.yaml b/deployment/base/rbac/master-clusterrolebinding.yaml
new file mode 100644
index 000000000..4cee865f6
--- /dev/null
+++ b/deployment/base/rbac/master-clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: nfd-master
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: nfd-master
+subjects:
+- kind: ServiceAccount
+  name: nfd-master
+  namespace: default
diff --git a/deployment/base/rbac/master-serviceaccount.yaml b/deployment/base/rbac/master-serviceaccount.yaml
new file mode 100644
index 000000000..a4e512085
--- /dev/null
+++ b/deployment/base/rbac/master-serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nfd-master
diff --git a/deployment/base/worker-daemonset/kustomization.yaml b/deployment/base/worker-daemonset/kustomization.yaml
new file mode 100644
index 000000000..70aa2d765
--- /dev/null
+++ b/deployment/base/worker-daemonset/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: node-feature-discovery
+
+resources:
+- worker-daemonset.yaml
diff --git a/deployment/base/worker-daemonset/worker-daemonset.yaml b/deployment/base/worker-daemonset/worker-daemonset.yaml
new file mode 100644
index 000000000..8f02fd0e1
--- /dev/null
+++ b/deployment/base/worker-daemonset/worker-daemonset.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: nfd
+  name: nfd-worker
+spec:
+  selector:
+    matchLabels:
+      app: nfd-worker
+  template:
+    metadata:
+      labels:
+        app: nfd-worker
+    spec:
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+        - name: nfd-worker
+          image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
+          imagePullPolicy: Always
+          command:
+            - "nfd-worker"
+          args:
+            - "-server=nfd-master:8080"
diff --git a/deployment/components/common/env.yaml b/deployment/components/common/env.yaml
new file mode 100644
index 000000000..e2480e3f5
--- /dev/null
+++ b/deployment/components/common/env.yaml
@@ -0,0 +1,7 @@
+- op: add
+  path: "/spec/template/spec/containers/0/env"
+  value:
+    - name: NODE_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.nodeName
diff --git a/deployment/components/common/kustomization.yaml b/deployment/components/common/kustomization.yaml
new file mode 100644
index 000000000..7b1ee1a52
--- /dev/null
+++ b/deployment/components/common/kustomization.yaml
@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+patches:
+- path: env.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd.*
+- path: securitycontext.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd.*
+- path: master-affinity.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd-master
+- path: worker-mounts.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd-worker
diff --git a/deployment/components/common/master-affinity.yaml b/deployment/components/common/master-affinity.yaml
new file mode 100644
index 000000000..3b5bdd88d
--- /dev/null
+++ b/deployment/components/common/master-affinity.yaml
@@ -0,0 +1,33 @@
+- op: add
+  path: /spec/template/spec/affinity
+  value:
+    nodeAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: "node-role.kubernetes.io/master"
+            operator: In
+            values: [""]
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: In
+            values: [""]
+
+- op: add
+  path: /spec/template/spec/tolerations/-
+  value:
+    key: "node-role.kubernetes.io/master"
+    operator: "Equal"
+    value: ""
+    effect: "NoSchedule"
+
+- op: add
+  path: /spec/template/spec/tolerations/-
+  value:
+    key: "node-role.kubernetes.io/control-plane"
+    operator: "Equal"
+    value: ""
+    effect: "NoSchedule"
diff --git a/deployment/components/common/securitycontext.yaml b/deployment/components/common/securitycontext.yaml
new file mode 100644
index 000000000..7f6b39d7e
--- /dev/null
+++ b/deployment/components/common/securitycontext.yaml
@@ -0,0 +1,8 @@
+- op: add
+  path: "/spec/template/spec/containers/0/securityContext"
+  value:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
diff --git a/deployment/components/common/worker-mounts.yaml b/deployment/components/common/worker-mounts.yaml
new file mode 100644
index 000000000..2c3d57ade
--- /dev/null
+++ b/deployment/components/common/worker-mounts.yaml
@@ -0,0 +1,55 @@
+- op: add
+  path: /spec/template/spec/volumes
+  value:
+  - name: host-boot
+    hostPath:
+      path: "/boot"
+  - name: host-os-release
+    hostPath:
+      path: "/etc/os-release"
+  - name: host-sys
+    hostPath:
+      path: "/sys"
+  - name: host-usr-lib
+    hostPath:
+      path: "/usr/lib"
+  - name: host-usr-src
+    hostPath:
+      path: "/usr/src"
+  - name: source-d
+    hostPath:
+      path: "/etc/kubernetes/node-feature-discovery/source.d/"
+  - name: features-d
+    hostPath:
+      path: "/etc/kubernetes/node-feature-discovery/features.d/"
+  - name: nfd-worker-conf
+    configMap:
+      name: nfd-worker-conf
+
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts
+  value:
+  - name: host-boot
+    mountPath: "/host-boot"
+    readOnly: true
+  - name: host-os-release
+    mountPath: "/host-etc/os-release"
+    readOnly: true
+  - name: host-sys
+    mountPath: "/host-sys"
+    readOnly: true
+  - name: host-usr-lib
+    mountPath: "/host-usr/lib"
+    readOnly: true
+  - name: host-usr-src
+    mountPath: "/host-usr/src"
+    readOnly: true
+  - name: source-d
+    mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
+    readOnly: true
+  - name: features-d
+    mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
+    readOnly: true
+  - name: nfd-worker-conf
+    mountPath: "/etc/kubernetes/node-feature-discovery"
+    readOnly: true
diff --git a/deployment/components/worker-config/kustomization.yaml b/deployment/components/worker-config/kustomization.yaml
new file mode 100644
index 000000000..348c3b616
--- /dev/null
+++ b/deployment/components/worker-config/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+- files:
+  - nfd-worker.conf=nfd-worker.conf.example
+  name: nfd-worker-conf
diff --git a/nfd-worker.conf.example b/deployment/components/worker-config/nfd-worker.conf.example
similarity index 100%
rename from nfd-worker.conf.example
rename to deployment/components/worker-config/nfd-worker.conf.example
diff --git a/deployment/overlays/default/kustomization.yaml b/deployment/overlays/default/kustomization.yaml
new file mode 100644
index 000000000..5230f2a54
--- /dev/null
+++ b/deployment/overlays/default/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: node-feature-discovery
+
+bases:
+- ../../base/rbac
+- ../../base/master
+- ../../base/worker-daemonset
+
+resources:
+- namespace.yaml
+
+components:
+- ../../components/worker-config
+- ../../components/common
diff --git a/deployment/overlays/default/namespace.yaml b/deployment/overlays/default/namespace.yaml
new file mode 100644
index 000000000..8e54de2e3
--- /dev/null
+++ b/deployment/overlays/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: node-feature-discovery