What is the function of nfd-master？Just commnuicate with apiserver?

[james beck]

I have seen the source code of node-feature-discovery recently.As a beginner coder,I found that nfd-worker and nfd-topology-updater collect the hardware  information.And then they send setlabels and nodetopologyrequest to the nfd-master. And then ,nfd-master sends patch to the apiserver.So I ask a question. Why k8s node, as well as nfd-worker and nfd-topologupdater don't send hardware information to apiserver directly? Is nfd-master'role just to forward messages?

[Carlos Eduardo Arango Gutierrez]

Hey ! james beck

NFD-master is a security consideration, you don't want an agent with the ability to edit/patch node info running as a daemonset. 

Is easier and more recommended to separate application priviledges this way.

Hope this helps clarify your question

[Lehtonen, Markus]

Hi folks,

 

That's right, it's basically for separation of duties and privileges. History lesson: originally, NFD used to be just one daemon(set) responsible for the discovery and accessing the K8s API but we decided to split it into two because of those considerations.

 

Cheers,

  MArkus

--
You received this message because you are subscribed to the Google Groups "kubernetes-sig-node" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-node/f922cfd2-894e-4a4a-bde1-060b09e6b96fn%40googlegroups.com.

[james beck]

Thanks!