mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity
node-feature-discovery/docs/deployment/helm.md

215 lines
27 KiB
Markdown
Raw Normal View History

docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
---
title: "Helm"
layout: default
sort: 3
---
# Deployment with Helm
{: .no_toc}
## Table of contents
{: .no_toc .text-delta}
1. TOC
{:toc}
---
docs: strip out some "easily", "just" etc
2023-11-28 18:27:33 +00:00
Node Feature Discovery provides a Helm chart to manage its deployment.
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
docs: unify formatting of NOTEs
2023-08-03 10:38:07 +00:00
> **NOTE:** NFD is not ideal for other Helm charts to depend on as that may
> result in multiple parallel NFD deployments in the same cluster which is not
> fully supported by the NFD Helm chart.
docs: better document differences between deployment methods
2022-12-20 13:14:41 +00:00
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
## Prerequisites
[Helm package manager](https://helm.sh/) should be installed.
## Deployment
To install the latest stable version:
```bash
export NFD_NS=node-feature-discovery
helm repo add nfd https://kubernetes-sigs.github.io/node-feature-discovery/charts
helm repo update
helm install nfd/node-feature-discovery --namespace $NFD_NS --create-namespace --generate-name
```
To install the latest development version you need to clone the NFD Git
repository and install from there.
```bash
git clone https://github.com/kubernetes-sigs/node-feature-discovery/
cd node-feature-discovery/deployment/helm
export NFD_NS=node-feature-discovery
helm install node-feature-discovery ./node-feature-discovery/ --namespace $NFD_NS --create-namespace
```
See the [configuration](#configuration) section below for instructions how to
alter the deployment parameters.
## Configuration
You can override values from `values.yaml` and provide a file with custom values:
```bash
export NFD_NS=node-feature-discovery
helm install nfd/node-feature-discovery -f <path/to/custom/values.yaml> --namespace $NFD_NS --create-namespace
```
To specify each parameter separately you can provide them to helm install command:
```bash
export NFD_NS=node-feature-discovery
helm install nfd/node-feature-discovery --set nameOverride=NFDinstance --set master.replicaCount=2 --namespace $NFD_NS --create-namespace
```
## Uninstalling the chart
To uninstall the `node-feature-discovery` deployment:
```bash
export NFD_NS=node-feature-discovery
helm uninstall node-feature-discovery --namespace $NFD_NS
```
The command removes all the Kubernetes components associated with the chart and
helm: add post-delete hook that cleans up the node This patch adds a post-delete hook to the Helm chart that runs "nfd-master --prune" in the cluster. This cleans up the node of labels, annotations, taints and extended resources that were created by NFD.
2023-11-09 11:14:48 +00:00
deletes the release. It also runs a post-delete hook that cleans up the nodes
of all labels, annotations, taints and extended resources that were created by
NFD.
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
## Chart parameters
docs: don't use "we"
2023-12-01 13:39:16 +00:00
To tailor the deployment of the Node Feature Discovery to your needs following
Chart parameters are available.
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
### General parameters
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| Name | Type | Default | Description |
| --------------------- | ------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| `image.repository` | string | `{{ site.container_image \| split: ":" \| first }}` | NFD image repository |
| `image.tag` | string | `{{ site.release }}` | NFD image tag |
| `image.pullPolicy` | string | `Always` | Image pull policy |
| `imagePullSecrets` | list | [] | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. [More info](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod) |
| `nameOverride` | string | | Override the name of the chart |
| `fullnameOverride` | string | | Override a default fully qualified app name |
| `tls.enable` | bool | false | Specifies whether to use TLS for communications between components. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
add ability to use a custom issuer
2024-02-21 20:06:51 +00:00
| `tls.certManager.certManagerCertificate.issuerName` | string | | If specified, it will use a pre-existing issuer instead for the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `tls.certManager.certManagerCertificate.issuerKind` | string | | Specifies on what kind of issuer is used, can be either ClusterIssuer or Issuer (default). Requires `tls.certManager.certManagerCertificate.issuerName` to be set. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| `enableNodeFeatureApi`| bool | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `prometheus.enable` | bool | false | Specifies whether to expose metrics using prometheus operator |
| `prometheus.labels` | dict | {} | Specifies labels for use with the prometheus operator to control how it is selected |
helm: add priorityClassName option Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2024-02-15 11:16:46 +00:00
| `priorityClassName` | string | | The name of the PriorityClass to be used for the NFD pods. |
Enable metrics via prometheus operator Expose metrics via prometheus.monitoring.coreos.com/v1 The exposed metrics are | Metric | Type | Meaning | | --------------- | ---------------- | ---------------- | | `nfd_master_build_info` | Gauge | Version from which nfd-master was built. | | `nfd_worker_build_info` | Gauge | Version from which nfd-worker was built. | | `nfd_updated_nodes` | Counter | Time taken to label a node | | `nfd_crd_processing_time` | Gauge | Time taken to process a NodeFeatureRule CRD | | `nfd_feature_discovery_duration_seconds` | HistogramVec | Time taken to discover features on a node | Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com> Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
2023-06-06 14:39:02 +00:00
Metrics are configured to be exposed using prometheus operator API's by
default. If you want to expose metrics using the prometheus operator
API's you need to install the prometheus operator in your cluster.
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
### Master pod parameters
| Name | Type | Default | description |
|-----------------------------|---------|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
| `master.*` | dict | | NFD master deployment configuration |
feat: add parameters in helm to disable/enable nfd-master and nfd-worker Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-10-10 15:50:51 +00:00
| `master.enable` | bool | true | Specifies whether nfd-master should be deployed |
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| `master.port` | integer | | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `master.metricsPort` | integer | 8081 | Port on which to expose metrics from components to prometheus operator |
| `master.instance` | string | | Instance name. Used to separate annotation namespaces for multiple parallel deployments |
| `master.resyncPeriod` | string | | NFD API controller resync period. |
| `master.extraLabelNs` | array | [] | List of allowed extra label namespaces |
| `master.resourceLabels` | array | [] | List of labels to be registered as extended resources |
| `master.enableTaints` | bool | false | Specifies whether to enable or disable node tainting |
| `master.crdController` | bool | null | Specifies whether the NFD CRD API controller is enabled. If not set, controller will be enabled if `master.instance` is empty. |
| `master.featureRulesController` | bool | null | DEPRECATED: use `master.crdController` instead |
| `master.replicaCount` | integer | 1 | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified |
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
| `master.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| `master.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| `master.serviceAccount.create` | bool | true | Specifies whether a service account should be created |
| `master.serviceAccount.annotations` | dict | {} | Annotations to add to the service account |
| `master.serviceAccount.name` | string | | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| `master.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-master |
| `master.service.type` | string | ClusterIP | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `master.service.port` | integer | 8080 | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `master.resources` | dict | {} | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `master.nodeSelector` | dict | {} | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `master.tolerations` | dict | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `master.annotations` | dict | {} | NFD master pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `master.affinity` | dict | | NFD master pod required [node affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
| `master.deploymentAnnotations` | dict | {} | NFD master deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| `master.nfdApiParallelism` | integer | 10 | Specifies the maximum number of concurrent node updates. |
| `master.config` | dict | | NFD master [configuration](../reference/master-configuration-reference) |
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
### Worker pod parameters
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| Name | Type | Default | description |
| --------------------------------- | ------ | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `worker.*` | dict | | NFD worker daemonset configuration |
| `worker.enable` | bool | true | Specifies whether nfd-worker should be deployed |
| `worker.metricsPort*` | int | 8081 | Port on which to expose metrics from components to prometheus operator |
| `worker.config` | dict | | NFD worker [configuration](../reference/worker-configuration-reference) |
| `worker.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `worker.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| `worker.serviceAccount.create` | bool | true | Specifies whether a service account for nfd-worker should be created |
| `worker.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for nfd-worker |
| `worker.serviceAccount.name` | string | | The name of the service account to use for nfd-worker. If not set and create is true, a name is generated using the fullname template (suffixed with `-worker`) |
| `worker.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-worker |
| `worker.mountUsrSrc` | bool | false | Specifies whether to allow users to mount the hostpath /user/src. Does not work on systems without /usr/src AND a read-only /usr |
| `worker.resources` | dict | {} | NFD worker pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `worker.nodeSelector` | dict | {} | NFD worker pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `worker.tolerations` | dict | {} | NFD worker pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `worker.priorityClassName` | string | | NFD worker pod [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) |
| `worker.annotations` | dict | {} | NFD worker pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `worker.daemonsetAnnotations` | dict | {} | NFD worker daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
docs: restructure docs Introduce two main sections "Deployment" and "Usage" and move "Developer guide" to the top level, too. In particular, split the huge deployment-and-usage file into multiple parts under the new main sections. Move customization guide from "Advanced" to "Usage". This patch also renames "Advanced" to "Reference" as only that is left there is reference documentation.
2022-11-02 12:34:37 +00:00
### Topology updater parameters
nfd-topology-updater add pods fingerprint by default
2024-01-24 10:10:08 +00:00
| Name | Type | Default | description |
|-----------------------------------------------|--------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `topologyUpdater.*` | dict | | NFD Topology Updater configuration |
| `topologyUpdater.enable` | bool | false | Specifies whether the NFD Topology Updater should be created |
| `topologyUpdater.createCRDs` | bool | false | Specifies whether the NFD Topology Updater CRDs should be created |
| `topologyUpdater.serviceAccount.create` | bool | true | Specifies whether the service account for topology updater should be created |
| `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater |
| `topologyUpdater.serviceAccount.name` | string | | The name of the service account for topology updater to use. If not set and create is true, a name is generated using the fullname template and `-topology-updater` suffix |
| `topologyUpdater.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology updater |
| `topologyUpdater.metricsPort` | integer | 8081 | Port on which to expose prometheus metrics |
| `topologyUpdater.kubeletConfigPath` | string | "" | Specifies the kubelet config host path |
| `topologyUpdater.kubeletPodResourcesSockPath` | string | "" | Specifies the kubelet sock path to read pod resources |
| `topologyUpdater.updateInterval` | string | 60s | Time to sleep between CR updates. Non-positive value implies no CR update. |
| `topologyUpdater.watchNamespace` | string | `*` | Namespace to watch pods, `*` for all namespaces |
| `topologyUpdater.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `topologyUpdater.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| `topologyUpdater.resources` | dict | {} | Topology updater pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `topologyUpdater.nodeSelector` | dict | {} | Topology updater pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `topologyUpdater.tolerations` | dict | {} | Topology updater pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `topologyUpdater.annotations` | dict | {} | Topology updater pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `topologyUpdater.daemonsetAnnotations` | dict | {} | Topology updater daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `topologyUpdater.affinity` | dict | {} | Topology updater pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
| `topologyUpdater.config` | dict | | [configuration](../reference/topology-updater-configuration-reference) |
| `topologyUpdater.podSetFingerprint` | bool | true | Enables compute and report of pod fingerprint in NRT objects. |
| `topologyUpdater.kubeletStateDir` | string | /var/lib/kubelet | Specifies kubelet state directory path for watching state and checkpoint files. Empty value disables kubelet state tracking. |
docs: revise topology-updater helm chart rbac parameters
2022-11-28 15:49:19 +00:00
deployment/helm: support nfd-gc Rename files and parameters. Drop the container security context parameters from the Helm chart. There should be no reason to run the nfd-gc with other than the minimal privileges. Also updates the documentation.
2023-08-18 09:52:41 +00:00
### Garbage collector parameters
Add documentation for topology garbage collector Signed-off-by: PiotrProkop <pprokop@nvidia.com>
2023-01-10 16:50:31 +00:00
Make mdlint v0.13 happy Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-10-25 19:12:47 +00:00
| Name | Type | Default | description |
|---------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------|
| `gc.*` | dict | | NFD Garbage Collector configuration |
| `gc.enable` | bool | true | Specifies whether the NFD Garbage Collector should be created |
| `gc.serviceAccount.create` | bool | true | Specifies whether the service account for garbage collector should be created |
| `gc.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for garbage collector |
| `gc.serviceAccount.name` | string | | The name of the service account for garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-gc` suffix |
| `gc.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for garbage collector |
| `gc.interval` | string | 1h | Time between periodic garbage collector runs |
| `gc.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `gc.resources` | dict | {} | Garbage collector pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `gc.metricsPort` | integer | 8081 | Port on which to serve Prometheus metrics |
| `gc.nodeSelector` | dict | {} | Garbage collector pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `gc.tolerations` | dict | {} | Garbage collector pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `gc.annotations` | dict | {} | Garbage collector pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `gc.deploymentAnnotations` | dict | {} | Garbage collector deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `gc.affinity` | dict | {} | Garbage collector pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
Add documentation for topology garbage collector Signed-off-by: PiotrProkop <pprokop@nvidia.com>
2023-01-10 16:50:31 +00:00
docs: revise topology-updater helm chart rbac parameters
2022-11-28 15:49:19 +00:00
<!-- Links -->
[rbac]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Copy permalink