1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-15 17:50:49 +00:00
Commit graph

13 commits

Author SHA1 Message Date
Kubernetes Prow Robot
a68a4ec4fb
Merge pull request #325 from marquiz/devel/hardening
Container image hardening
2020-08-21 02:51:39 -07:00
Markus Lehtonen
bb99b2b627 Use k8s.gcr.io image registry in deployment spec templates
Shift from quay.io to the new community managed image registry.
2020-08-07 10:15:22 +03:00
Markus Lehtonen
3cd2d34ea7 Add container security context to the sample deployment specs
Run under strict rules. We shouldn't need any special privileges.
2020-05-28 15:49:00 +03:00
Markus Lehtonen
5e62ced4d8 Use release v0.6.0 in deployment templates and README 2020-05-26 15:08:31 +03:00
Markus Lehtonen
d216fca1c0 source/network: run discovery under host sysfs
Instead of relying on golang "net" package, use the configured host
sysfs for all discovery. No need to use hostNetwork after that so drop
it from the worker deployment templates.
2020-05-21 20:33:30 +03:00
Markus Lehtonen
789a0073a6 Refer to v0.5.0 release in README and the deployment templates 2019-11-22 11:18:34 +02:00
Antti Kervinen
9b96407b26 Makefile: create default yamls, configurable namespace
- Create default yamls for deploying master and worker.
- Use kube-system namespace by default.
- Configurable namespace:
  make IMAGE_REGISTRY=myhost:5000 K8S_NAMESPACE=my-nfd-devel
2019-06-05 13:13:53 +03:00
Markus Lehtonen
fa47b0178d Use v0.4.0 release in README and deployment templates and script
Also, slightly adjust the deployment instructions in README to point out
that the templates should now be usable as is to run the latest released
version of NFD.
2019-05-21 11:19:30 +03:00
Markus Lehtonen
c9c9a3f0f0 Use a placeholder for the container image in the template specs
The templates were not compatible with the image they were pointing to
(v0.3.0).
2019-05-09 20:06:18 +03:00
Jordan Jacobelli
5df5e5c187 Mount source.d and features.d in template YAMLs
Signed-off-by: Jordan Jacobelli <jjacobelli@nvidia.com>
2019-04-22 10:07:23 -07:00
Markus Lehtonen
6562784d9f Include example of enabling TLS auth in the yaml templates 2019-04-04 22:40:24 +03:00
Markus Lehtonen
bca194f6e6 Implement TLS server authentication
Add support for TLS authentication. When enabled, nfd-worker verifies
that nfd-master has a valid certificate, i.e. signed by the given root
certificate and its Common Name (CN) matches the DNS name of the
nfd-master service being used. TLS authentication is enabled by
specifying --key-file and --cert-file on nfd-master, and, --ca-file on
nfd-worker.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
39be798472 Split NFD into client and server
Refactor NFD into a simple server-client system. Labeling is now done by
a separate 'nfd-master' server. It is a simple service with small
codebase, designed for easy isolation. The feature discovery part is
implemented in a 'nfd-worker' client which sends labeling requests to
nfd-server, thus, requiring no access/permissions to the Kubernetes API
itself.

Client-server communication is implemented by using gRPC. The protocol
currently consists of only one request, i.e. the labeling request.

The spec templates are converted to the new scheme. The nfd-master
server can be deployed using the nfd-master.yaml.template which now also
contains the necessary RBAC configuration. NFD workers can be deployed
by using the nfd-worker-daemonset.yaml.template or
nfd-worker-job.yaml.template (most easily used with the label-nodes.sh
script).

Only nfd-worker currently support config file or options. The (default)
NFD config file is renamed to nfd-worker.conf.
2019-04-04 22:40:24 +03:00
Renamed from node-feature-discovery-daemonset.yaml.template (Browse further)