Enable hostNetwork = true

[jihuiyang-x]

currently this plugin is a daemonset that runs in k8s cluster. it should be made to use hostNetwork=true to not use unnecessary ips.

[klueska]

Can you elaborate on why you want this component to have access to the host network at all? It doesn't perform any network related operations.

[jihuiyang-x]

it does not. but not setting hostNetwork = true for daemonset will consume a lot of ips in k8s. please make this a configurable value.

[klueska]

I did a little research and it does indeed seem that this is the standard practice for avoiding unnecessary IPs from being allocated. @elezar Is this something we can get added to the next release? I would say we should definitely expose it as a helm setting, but actually make hostNetwork: true the default.

[chipzoller]

Just my two cents here but making it configurable could be beneficial for the reason provided, but setting it as the default I would not do. Host networking is a potential security vector and adding this as a default would violate another of the controls in the baseline profile of the Pod Security Standards. Pods which violate this profile by default should only do so when expressly needed which as Kevin points out is not the case in the device plugin.