mirrors/node-feature-discovery
mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-06 08:47:04 +00:00
Code Activity
node-feature-discovery/deployment/base/nfd-crds/cr-sample.yaml

161 lines
5 KiB
YAML
Raw Normal View History

pkg/apis/nfd: specify CRD for custom labeling rules Add a cluster-scoped Custom Resource Definition for specifying labeling rules. Nodes (node features, node objects) are cluster-level objects and thus the natural and encouraged setup is to only have one NFD deployment per cluster - the set of underlying features of the node stays the same independent of how many parallel NFD deployments you have. Our extension points (hooks, feature files and now CRs) can be be used by multiple actors (depending on us) simultaneously. Having the CRD cluster-scoped hopefully drives deployments in this direction. It also should make deployment of vendor-specific labeling rules easy as there is no need to worry about the namespace. This patch virtually replicates the source.custom.FeatureSpec in a CRD API (located in the pkg/apis/nfd/v1alpha1 package) with the notable exception that "MatchOn" legacy rules are not supported. Legacy rules are left out in order to keep the CRD simple and clean. The duplicate functionality in source/custom will be dropped by upcoming patches. This patch utilizes controller-gen (from sigs.k8s.io/controller-tools) for generating the CRD and deepcopy methods. Code can be (re-)generated with "make generate". Install controller-gen with: go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 Update kustomize and helm deployments to deploy the CRD.
2021-08-31 11:10:12 +03:00
apiVersion: nfd.k8s-sigs.io/v1alpha1
kind: NodeFeatureRule
metadata:
name: my-rule
spec:
rules:
# The following feature demonstrates the capabilities of the matchFeatures and
# matchAny matchers.
- name: "my feature rule"
Document tainting feature Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2022-11-30 00:36:32 +02:00
taints:
- effect: PreferNoSchedule
key: "feature.node.kubernetes.io/special-node"
value: "true"
- effect: NoExecute
key: "feature.node.kubernetes.io/dedicated-node"
pkg/apis/nfd: specify CRD for custom labeling rules Add a cluster-scoped Custom Resource Definition for specifying labeling rules. Nodes (node features, node objects) are cluster-level objects and thus the natural and encouraged setup is to only have one NFD deployment per cluster - the set of underlying features of the node stays the same independent of how many parallel NFD deployments you have. Our extension points (hooks, feature files and now CRs) can be be used by multiple actors (depending on us) simultaneously. Having the CRD cluster-scoped hopefully drives deployments in this direction. It also should make deployment of vendor-specific labeling rules easy as there is no need to worry about the namespace. This patch virtually replicates the source.custom.FeatureSpec in a CRD API (located in the pkg/apis/nfd/v1alpha1 package) with the notable exception that "MatchOn" legacy rules are not supported. Legacy rules are left out in order to keep the CRD simple and clean. The duplicate functionality in source/custom will be dropped by upcoming patches. This patch utilizes controller-gen (from sigs.k8s.io/controller-tools) for generating the CRD and deepcopy methods. Code can be (re-)generated with "make generate". Install controller-gen with: go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 Update kustomize and helm deployments to deploy the CRD.
2021-08-31 11:10:12 +03:00
labels:
"my-complex-feature": "my-value"
# matchFeatures implements a logical AND over feature matchers.
matchFeatures:
- feature: cpu.cpuid
matchExpressions:
AVX512F: {op: Exists}
- feature: cpu.cstate
matchExpressions:
enabled: {op: IsTrue}
- feature: cpu.pstate
matchExpressions:
no_turbo: {op: IsFalse}
scaling_governor: {op: In, value: ["performance"]}
- feature: cpu.rdt
matchExpressions:
RDTL3CA: {op: Exists}
- feature: cpu.sst
matchExpressions:
bf.enabled: {op: IsTrue}
- feature: cpu.topology
matchExpressions:
hardware_multithreading: {op: IsFalse}
- feature: kernel.config
matchExpressions:
X86: {op: Exists}
LSM: {op: InRegexp, value: ["apparmor"]}
- feature: kernel.loadedmodule
matchExpressions:
e1000e: {op: Exists}
- feature: kernel.selinux
matchExpressions:
enabled: {op: IsFalse}
- feature: kernel.version
matchExpressions:
major: {op: In, value: ["5"]}
minor: {op: Gt, value: ["10"]}
source/storage: implement FeatureSource Separate feature discovery and creation of feature labels. Generalize the feature discovery so that block devices can be matched in custom label rules in a similar fashion as pci and usb devices. This extends the discovery to other block queue attributes than 'rotational': now we also detect 'dax', 'nr_zones' and 'zoned'. Labels created by the storage feature source are unchanged. The new features being detected are available in custom rules only. Example custom rules: - name: "my block rule 1" labels: my-block-feature-1: "true" matchFeatures: - feature: storage.block "rotational": {op: In, value: ["0"]} - name: "my block rule 2" labels: my-block-feature-2: "true" matchFeatures: - feature: storage.block "zoned": {op: In, value: [“host-aware”, “host-managed”]} Also, add minimalist unit test.
2021-06-24 20:35:34 +03:00
- feature: storage.block
matchExpressions:
rotational: {op: In, value: ["0"]}
dax: {op: In, value: ["0"]}
source/network: implement FeatureSource Separate feature discovery and creation of feature labels. Generalize the feature discovery so that network devices can be matched in custom label rules in a similar fashion as pci and usb devices. Available attributes for matching are: - operstate - speed - sriov_numvfs - sriov_totalvfs Labels created by the network feature source are unchanged. The new features being detected are available in custom rules only. Example custom rule: - name: "my network rule" labels: my-network-feature: "true" matchFeatures: - feature: network.device matchExpressions: "operstate": { op: In, value: ["up"] } "sriov_numvfs": { op: Gt, value: ["9"] } Also, add minimalist unit test.
2021-06-24 22:57:46 +03:00
- feature: network.device
matchExpressions:
operstate: {op: In, value: ["up"]}
speed: {op: Gt, value: ["100"]}
source/memory: implement FeatureSource Separate feature discovery and creation of feature labels. Generalize the discovery of nvdimm devices so that they can be matched in custom label rules in a similar fashion as pci and usb devices. Available attributes for matching nvdimm devices are limited to: - devtype - mode For numa we now detect the number of numa nodes which can be matched agains in custom label rules. Labels created by the memory feature source are unchanged. The new features being detected are available in custom rules only. Example custom rule: - name: "my memory rule" labels: my-memory-feature: "true" matchFeatures: - feature: memory.numa matchExpressions: "node_count": {op: Gt, value: ["3"]} - feature: memory.nv matchExpressions: "devtype" {op: In, value: ["nd_dax"]} Also, add minimalist unit test.
2021-08-25 19:37:32 +03:00
- feature: memory.numa
matchExpressions:
node_count: {op: Gt, value: ["2"]}
- feature: memory.nv
matchExpressions:
devtype: {op: In, value: ["nd_dax"]}
mode: {op: In, value: ["memory"]}
pkg/apis/nfd: specify CRD for custom labeling rules Add a cluster-scoped Custom Resource Definition for specifying labeling rules. Nodes (node features, node objects) are cluster-level objects and thus the natural and encouraged setup is to only have one NFD deployment per cluster - the set of underlying features of the node stays the same independent of how many parallel NFD deployments you have. Our extension points (hooks, feature files and now CRs) can be be used by multiple actors (depending on us) simultaneously. Having the CRD cluster-scoped hopefully drives deployments in this direction. It also should make deployment of vendor-specific labeling rules easy as there is no need to worry about the namespace. This patch virtually replicates the source.custom.FeatureSpec in a CRD API (located in the pkg/apis/nfd/v1alpha1 package) with the notable exception that "MatchOn" legacy rules are not supported. Legacy rules are left out in order to keep the CRD simple and clean. The duplicate functionality in source/custom will be dropped by upcoming patches. This patch utilizes controller-gen (from sigs.k8s.io/controller-tools) for generating the CRD and deepcopy methods. Code can be (re-)generated with "make generate". Install controller-gen with: go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 Update kustomize and helm deployments to deploy the CRD.
2021-08-31 11:10:12 +03:00
- feature: system.osrelease
matchExpressions:
ID: {op: In, value: ["fedora", "centos"]}
- feature: system.name
matchExpressions:
nodename: {op: InRegexp, value: ["^worker-X"]}
- feature: local.label
matchExpressions:
custom-feature-knob: {op: Gt, value: ["100"]}
# matchAny implements a logical IF over all listed matchers (i.e. at
# least one must match)
matchAny:
- matchFeatures:
- feature: pci.device
matchExpressions:
vendor: {op: In, value: ["8086"]}
class: {op: In, value: ["0200"]}
- feature: usb.device
matchExpressions:
vendor: {op: In, value: ["8086"]}
class: {op: In, value: ["02"]}
pkg/apis/nfd: support label name templating Support templating of label names in feature rules. It is available both in NodeFeatureRule CRs and in custom rule configuration of nfd-worker. This patch adds a new 'labelsTemplate' field to the rule spec, making it possible to dynamically generate multiple labels per rule based on the matched features. The feature relies on the golang "text/template" package. When expanded, the template must contain labels in a raw <key>[=<value>] format (where 'value' defaults to "true"), separated by newlines i.e.: - name: <rule-name> labelsTemplate: | <label-1>[=<value-1>] <label-2>[=<value-2>] ... All the matched features of 'matchFeatures' directives are available for templating engine in a nested data structure that can be described in yaml as: . <domain-1>: <key-feature-1>: - Name: <matched-key> - ... <value-feature-1: - Name: <matched-key> Value: <matched-value> - ... <instance-feature-1>: - <attribute-1-name>: <attribute-1-value> <attribute-2-name>: <attribute-2-value> ... - ... <domain-2>: ... That is, the per-feature data available for matching depends on the type of feature that was matched: - "key features": only 'Name' is available - "value features": 'Name' and 'Value' can be used - "instance features": all attributes of the matched instance are available NOTE: In case of matchAny is specified, the template is executed separately against each individual matchFeatures matcher and the eventual set of labels is a superset of all these expansions. Consider the following: - name: <name> labelsTemplate: <template> matchAny: - matchFeatures: <matcher#1> - matchFeatures: <matcher#2> matchFeatures: <matcher#3> In the example above (assuming the overall result is a match) the template would be executed on matcher#1 and/or matcher#2 (depending on whether both or only one of them match), and finally on matcher#3, and all the labels from these separate expansions would be created (i.e. the end result would be a union of all the individual expansions). NOTE 2: The 'labels' field has priority over 'labelsTemplate', i.e. labels specified in the 'labels' field will override any labels originating from the 'labelsTemplate' field. A special case of an empty match expression set matches everything (i.e. matches/returns all existing keys/values). This makes it simpler to write templates that run over all values. Also, makes it possible to later implement support for templates that run over all _keys_ of a feature. Some example configurations: - name: "my-pci-template-features" labelsTemplate: | {{ range .pci.device }}intel-{{ .class }}-{{ .device }}=present {{ end }} matchFeatures: - feature: pci.device matchExpressions: class: {op: InRegexp, value: ["^06"]} vendor: ["8086"] - name: "my-system-template-features" labelsTemplate: | {{ range .system.osrelease }}system-{{ .Name }}={{ .Value }} {{ end }} matchFeatures: - feature: system.osRelease matchExpressions: ID: {op: Exists} VERSION_ID.major: {op: Exists} Imaginative template pipelines are possible, of course, but care must be taken in order to produce understandable and maintainable rule sets.
2021-05-04 16:30:06 +03:00
apis/nfd: add matchName field in feature matcher terms Extend the format of feature matcher terms (the elements of the arrayspecified under under matchFeatures field) with new matchName field. The value of this field is an expression that is evaluated against the names of feature elements instead of their values (values are matched with the matchExpressions field, instead). The matchName field is useful e.g. in template rules for creating per-feature-element labels based on feature names (instead of values) and in non-template rules for checking if (at least) one of certain feature element names are present. If both matchExpressions and matchName for certain feature matcher term is specified, they both must match in order to get an overall match. Also, in this case the list of matched features (used in templating) is the union of the results from matchExpressions and matchName. An example of creating an "avx512" label if any AVX512* CPUID feature is present: - name: "avx wildcard rule" labels: avx512: "true" matchFeatures: - feature: cpu.cpuid matchName: {op: InRegexp, value: ["^AVX512"]} An example of a template rule creating a dynamic set of labels based on the existence of certain kconfig options. - name: "kconfig template rule" labelsTemplate: | {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} {{ end }} matchFeatures: - feature: kernel.config matchName: {op: In, value: ["SWAP", "X86", "ARM"]} NOTE: this patch changes the corner case of nil/null match expressions with instance features (i.e. "matchExpressions: null"). Previously, we returned all instances for templating but now a nil match expression is not evaluated and no instances for templating are returned.
2022-03-17 18:30:32 +02:00
- name: "avx wildcard rule"
labels:
"my-avx-feature": "true"
matchFeatures:
- feature: cpu.cpuid
matchName: {op: InRegexp, value: ["^AVX512"]}
pkg/apis/nfd: support label name templating Support templating of label names in feature rules. It is available both in NodeFeatureRule CRs and in custom rule configuration of nfd-worker. This patch adds a new 'labelsTemplate' field to the rule spec, making it possible to dynamically generate multiple labels per rule based on the matched features. The feature relies on the golang "text/template" package. When expanded, the template must contain labels in a raw <key>[=<value>] format (where 'value' defaults to "true"), separated by newlines i.e.: - name: <rule-name> labelsTemplate: | <label-1>[=<value-1>] <label-2>[=<value-2>] ... All the matched features of 'matchFeatures' directives are available for templating engine in a nested data structure that can be described in yaml as: . <domain-1>: <key-feature-1>: - Name: <matched-key> - ... <value-feature-1: - Name: <matched-key> Value: <matched-value> - ... <instance-feature-1>: - <attribute-1-name>: <attribute-1-value> <attribute-2-name>: <attribute-2-value> ... - ... <domain-2>: ... That is, the per-feature data available for matching depends on the type of feature that was matched: - "key features": only 'Name' is available - "value features": 'Name' and 'Value' can be used - "instance features": all attributes of the matched instance are available NOTE: In case of matchAny is specified, the template is executed separately against each individual matchFeatures matcher and the eventual set of labels is a superset of all these expansions. Consider the following: - name: <name> labelsTemplate: <template> matchAny: - matchFeatures: <matcher#1> - matchFeatures: <matcher#2> matchFeatures: <matcher#3> In the example above (assuming the overall result is a match) the template would be executed on matcher#1 and/or matcher#2 (depending on whether both or only one of them match), and finally on matcher#3, and all the labels from these separate expansions would be created (i.e. the end result would be a union of all the individual expansions). NOTE 2: The 'labels' field has priority over 'labelsTemplate', i.e. labels specified in the 'labels' field will override any labels originating from the 'labelsTemplate' field. A special case of an empty match expression set matches everything (i.e. matches/returns all existing keys/values). This makes it simpler to write templates that run over all values. Also, makes it possible to later implement support for templates that run over all _keys_ of a feature. Some example configurations: - name: "my-pci-template-features" labelsTemplate: | {{ range .pci.device }}intel-{{ .class }}-{{ .device }}=present {{ end }} matchFeatures: - feature: pci.device matchExpressions: class: {op: InRegexp, value: ["^06"]} vendor: ["8086"] - name: "my-system-template-features" labelsTemplate: | {{ range .system.osrelease }}system-{{ .Name }}={{ .Value }} {{ end }} matchFeatures: - feature: system.osRelease matchExpressions: ID: {op: Exists} VERSION_ID.major: {op: Exists} Imaginative template pipelines are possible, of course, but care must be taken in order to produce understandable and maintainable rule sets.
2021-05-04 16:30:06 +03:00
# The following features demonstreate label templating capabilities
- name: "my system template feature"
labelsTemplate: |
{{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }}
{{ end }}
matchFeatures:
- feature: system.osrelease
matchExpressions:
ID: {op: InRegexp, value: ["^open.*"]}
VERSION_ID.major: {op: In, value: ["13", "15"]}
- name: "my pci template feature"
labelsTemplate: |
{{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
{{ end }}
matchFeatures:
- feature: pci.device
matchExpressions:
class: {op: InRegexp, value: ["^06"]}
vendor: {op: In, value: ["8086"]}
- feature: cpu.cpuid
matchExpressions:
AVX: {op: Exists}
pkg/apis/nfd: add variables to rule spec and support backreferences Support backreferencing of output values from previous rules. Enables complex rule setups where custom features are further combined together to form even more sophisticated higher level labels. The labels created by preceding rules are available as a special 'rule.matched' feature (for matchFeatures to use). If referencing rules accross multiple configs/CRDs care must be taken with the ordering. Processing order of rules in nfd-worker: 1. Static rules 2. Files from /etc/kubernetes/node-feature-discovery/custom.d/ in alphabetical order. Subdirectories are processed by reading their files in alphabetical order. 3. Custom rules from main nfd-worker.conf In nfd-master, NodeFeatureRule objects are processed in alphabetical order (based on their metadata.name). This patch also adds new 'vars' fields to the rule spec. Like 'labels', it is a map of key-value pairs but no labels are generated from these. The values specified in 'vars' are only added for backreferencing into the 'rules.matched' feature. This may by desired in schemes where the output of certain rules is only used as intermediate variables for other rules and no labels out of these are wanted. An example setup: - name: "kernel feature" labels: kernel-feature: matchFeatures: - feature: kernel.version matchExpressions: major: {op: Gt, value: ["4"]} - name: "intermediate var feature" vars: nolabel-feature: "true" matchFeatures: - feature: cpu.cpuid matchExpressions: AVX512F: {op: Exists} - feature: pci.device matchExpressions: vendor: {op: In, value: ["8086"]} device: {op: In, value: ["1234", "1235"]} - name: top-level-feature matchFeatures: - feature: rule.matched matchExpressions: kernel-feature: "true" nolabel-feature: "true"
2021-06-18 18:29:08 +03:00
# The following examples demonstrate vars field and back-referencing
# previous labels and vars
- name: "my dummy kernel rule"
labels:
"my.kernel.feature": "true"
matchFeatures:
- feature: kernel.version
matchExpressions:
major: {op: Gt, value: ["2"]}
- name: "my dummy rule with no labels"
vars:
"my.dummy.var": "1"
matchFeatures:
- feature: cpu.cpuid
matchExpressions: {}
- name: "my rule using backrefs"
labels:
"my.backref.feature": "true"
matchFeatures:
- feature: rule.matched
matchExpressions:
my.kernel.feature: {op: IsTrue}
my.dummy.var: {op: Gt, value: ["0"]}
apis/nfd: add matchName field in feature matcher terms Extend the format of feature matcher terms (the elements of the arrayspecified under under matchFeatures field) with new matchName field. The value of this field is an expression that is evaluated against the names of feature elements instead of their values (values are matched with the matchExpressions field, instead). The matchName field is useful e.g. in template rules for creating per-feature-element labels based on feature names (instead of values) and in non-template rules for checking if (at least) one of certain feature element names are present. If both matchExpressions and matchName for certain feature matcher term is specified, they both must match in order to get an overall match. Also, in this case the list of matched features (used in templating) is the union of the results from matchExpressions and matchName. An example of creating an "avx512" label if any AVX512* CPUID feature is present: - name: "avx wildcard rule" labels: avx512: "true" matchFeatures: - feature: cpu.cpuid matchName: {op: InRegexp, value: ["^AVX512"]} An example of a template rule creating a dynamic set of labels based on the existence of certain kconfig options. - name: "kconfig template rule" labelsTemplate: | {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} {{ end }} matchFeatures: - feature: kernel.config matchName: {op: In, value: ["SWAP", "X86", "ARM"]} NOTE: this patch changes the corner case of nil/null match expressions with instance features (i.e. "matchExpressions: null"). Previously, we returned all instances for templating but now a nil match expression is not evaluated and no instances for templating are returned.
2022-03-17 18:30:32 +02:00
- name: "kconfig template rule"
labelsTemplate: |
{{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
{{ end }}
matchFeatures:
- feature: kernel.config
matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
Copy permalink