<!DOCTYPE html><htmllang="en"dir="auto"><head><metacharset="utf-8"><metaname="viewport"content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><metaname="description"content="Deployment and Usage Table of Contents System requirements Usage NFD-Master NFD-Worker NFD-Master and NFD-Worker in the same Pod TLS authentication..."><metaname="revised"content=""><metaname="author"content="Kubernetes SIGs"><metaname="generator"content="jekyll-rtd-theme v2.0.9"><metaproperty="og:title"content="Deployment and Usage · Node Feature Discovery"><metaproperty="og:description"content="Deployment and Usage Table of Contents System requirements Usage NFD-Master NFD-Worker NFD-Master and NFD-Worker in the same Pod TLS authentication..."><metaproperty="og:locale"content="en"><metaproperty="og:url"content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.6/get-started/deployment-and-usage.html"><metaproperty="og:type"content="article"><metaproperty="article:author"content="Kubernetes SIGs"><metaproperty="article:published_time"content="2016-07-23T00:07:52-05:00"><metaproperty="article:modified_time"content="2021-05-19T08:18:51-05:00"><metaname="twitter:title"content="Deployment and Usage · Node Feature Discovery"><metaname="twitter:description"content="Deployment and Usage Table of Contents System requirements Usage NFD-Master NFD-Worker NFD-Master and NFD-Worker in the same Pod TLS authentication..."><metaname="twitter:card"content="summary"><metaname="twitter:site"content="@Kubernetes SIGs"><metaname="twitter:url"content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.6/get-started/deployment-and-usage.html"><metaname="twitter:creator"content="@jekyll-rtd-theme v2.0.9"><title>Deployment and Usage · Node Feature Discovery</title><linkrel="dns-prefetch"href="https://rundocs-analytics.glitch.me"><linkrel="dns-prefetch"href="https://cdn.jsdelivr.net"><linkrel="canonical"href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.6/get-started/deployment-and-usage.html"><linkrel="prev"href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.6/get-started/quick-start.html"><linkrel="next"href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.6/get-started/features.html"><linkrel="stylesheet"href="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.9/assets/css/theme.min.css"><linkrel="icon"type="image/svg+xml"href="/node-feature-discovery/v0.6/assets/images/favicon.svg"><linkrel="icon"type="image/png"href="/node-feature-discovery/v0.6/assets/images/favicon-16x16.png"sizes="16x16"><linkrel="icon"type="image/png"href="/node-feature-discovery/v0.6/assets/images/favicon-32x32.png"sizes="32x32"><linkrel="icon"type="image/png"href="/node-feature-discovery/v0.6/assets/images/favicon-96x96.png"sizes="96x96"><linkrel="mask-icon"href="/node-feature-discovery/v0.6/assets/images/favicon.svg"color="#2980b9"><linkrel="apple-touch-icon"href="/node-feature-discovery/v0.6/assets/images/apple-touch-icon-300x300.jpg"><scripttype="application/ld+json">{"@context":"https://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://kubernetes-sigs.github.com/node-feature-discovery/v0.6/get-started/deployment-and-usage.html"},"headline":"Deployment and Usage · Node Feature Discovery","image":[],"author":{"@type":"Person","name":"Kubernetes SIGs"},"datePublished":"2016-07-23T00:07:52-05:00","dateModified":"2021-05-19T08:18:51-05:00","publisher":{"@type":"Organization","name":"Kubernetes SIGs","logo":{"@type":"ImageObject","url":"https://avatars.githubusercontent.com/u/36015203?v=4"}},"description":"Deployment and Usage Table of Contents System requirements Usage NFD-Master NFD-Worker NFD-Master and NFD-Worker in the same Pod TLS authentication..."}</script></head><bodyclass="container"><divclass="sidebar-wrap overflow-hidden"><divclass="sidebar height-full overflow-y-scroll overflow-x-hidden"><divclas
</code></pre></div></div><p>NFD-Master listens for connections from nfd-worker(s) and connects to the Kubernetes API server to add node labels advertised by them.</p><p>If you have RBAC authorization enabled (as is the default e.g. with clusters initialized with kubeadm) you need to configure the appropriate ClusterRoles, ClusterRoleBindings and a ServiceAccount in order for NFD to create node labels. The provided template will configure these for you.</p><h3id="nfd-worker">NFD-Worker</h3><p>NFD-Worker is preferably run as a Kubernetes DaemonSet. There is an example spec (<codeclass="language-plaintext highlighter-rouge notranslate">nfd-worker-daemonset.yaml.template</code>) that can be used as a template, or, as is when just trying out the service. Similarly to nfd-master above, the <codeclass="language-plaintext highlighter-rouge notranslate">Makefile</code> also generates <codeclass="language-plaintext highlighter-rouge notranslate">nfd-worker-daemonset.yaml</code> from the template that you can use to deploy the latest image. Example:</p><divclass="language-bash highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code>make <spanclass="nv">IMAGE_TAG</span><spanclass="o">=</span><IMAGE_TAG>
</code></pre></div></div><p>NFD-Worker connects to the nfd-master service to advertise hardware features.</p><p>When run as a daemonset, nodes are re-labeled at an interval specified using the <codeclass="language-plaintext highlighter-rouge notranslate">--sleep-interval</code> option. In the <ahref="https://github.com/kubernetes-sigs/node-feature-discovery/blob/release-0.6/nfd-worker-daemonset.yaml.template#L26">template</a> the default interval is set to 60s which is also the default when no <codeclass="language-plaintext highlighter-rouge notranslate">--sleep-interval</code> is specified. Also, the configuration file is re-read on each iteration providing a simple mechanism of run-time reconfiguration.</p><p>Feature discovery can alternatively be configured as a one-shot job. There is an example script in this repo that demonstrates how to deploy the job in the cluster.</p><divclass="language-bash highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code>./label-nodes.sh <spanclass="o">[</span><IMAGE_TAG>]
</code></pre></div></div><p>The label-nodes.sh script tries to launch as many jobs as there are Ready nodes. Note that this approach does not guarantee running once on every node. For example, if some node is tainted NoSchedule or fails to start a job for some other reason, then some other node will run extra job instance(s) to satisfy the request and the tainted/failed node does not get labeled.</p><h3id="nfd-master-and-nfd-worker-in-the-same-pod">NFD-Master and NFD-Worker in the same Pod</h3><p>You can also run nfd-master and nfd-worker inside a single pod (skip the <codeclass="language-plaintext highlighter-rouge notranslate">sed</code> part if running the latest released version):</p><divclass="language-bash highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code><spanclass="nb">sed</span><spanclass="nt">-E</span> s<spanclass="s1">',^(\s*)image:.+$,\1image: <YOUR_IMAGE_REPO>:<YOUR_IMAGE_TAG>,'</span> nfd-daemonset-combined.yaml.template <spanclass="o">></span> nfd-daemonset-combined.yaml
</code></pre></div></div><p>Similar to the nfd-worker setup above, this creates a DaemonSet that schedules an NFD Pod an all worker nodes, with the difference that the Pod also also contains an nfd-master instance. In this case no nfd-master service is run on the master node(s), but, the worker nodes are able to label themselves.</p><p>This may be desirable e.g. in single-node setups.</p><h3id="tls-authentication">TLS authentication</h3><p>NFD supports mutual TLS authentication between the nfd-master and nfd-worker instances. That is, nfd-worker and nfd-master both verify that the other end presents a valid certificate.</p><p>TLS authentication is enabled by specifying <codeclass="language-plaintext highlighter-rouge notranslate">--ca-file</code>, <codeclass="language-plaintext highlighter-rouge notranslate">--key-file</code> and <codeclass="language-plaintext highlighter-rouge notranslate">--cert-file</code> args, on both the nfd-master and nfd-worker instances. The template specs provided with NFD contain (commented out) example configuration for enabling TLS authentication.</p><p>The Common Name (CN) of the nfd-master certificate must match the DNS name of the nfd-master Service of the cluster. By default, nfd-master only check that the nfd-worker has been signed by the specified root certificate (–ca-file). Additional hardening can be enabled by specifying –verify-node-name in nfd-master args, in which case nfd-master verifies that the NodeName presented by nfd-worker matches the Common Name (CN) of its certificate. This means that each nfd-worker requires a individual node-specific TLS certificate.</p><h2id="deployment-options">Deployment options</h2><h3id="deployment-templates">Deployment Templates</h3><p>For a stable version with ready-built images see the <ahref="https://github.com/kubernetes-sigs/node-feature-discovery/releases/latest">latest release</a>.</p><h3id="build-your-own">Build Your Own</h3><p>If you want to use the latest development version (master branch) you need to build your own custom image. See the <ahref="advanced-developer-guide.md">Developer Guide</a> for instructions how to build images and deploy them on your cluster.</p><h2id="configuration">Configuration</h2><p>NFD-Worker supports a configuration file. The default location is <codeclass="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/nfd-worker.conf</code>, but, this can be changed by specifying the<codeclass="language-plaintext highlighter-rouge notranslate">--config</code> command line flag. Configuration file is re-read on each labeling pass (determined by <codeclass="language-plaintext highlighter-rouge notranslate">--sleep-interval</code>) which makes run-time re-configuration of nfd-worker possible.</p><p>Worker configuration file is read inside the container, and thus, Volumes and VolumeMounts are needed to make your configuration available for NFD. The preferred method is to use a ConfigMap which provides easy deployment and re-configurability. For example, create a config map using the example config as a template:</p><divclass="language-plaintext highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code>cp nfd-worker.conf.example nfd-worker.conf
</code></pre></div></div><p>Then, configure Volumes and VolumeMounts in the Pod spec (just the relevant snippets shown below):</p><divclass="language-yaml highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code><spanclass="nn">...</span>
</code></pre></div></div><p>You could also use other types of volumes, of course. That is, hostPath if different config for different nodes would be required, for example.</p><p>The (empty-by-default) <ahref="https://github.com/kubernetes-sigs/node-feature-discovery/blob/release-0.6/nfd-worker.conf.example">example config</a> is used as a config in the NFD Docker image. Thus, this can be used as a default configuration in custom-built images.</p><p>Configuration options can also be specified via the <codeclass="language-plaintext highlighter-rouge notranslate">--options</code> command line flag, in which case no mounts need to be used. The same format as in the config file must be used, i.e. JSON (or YAML). For example:</p><divclass="language-plaintext highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code>--options='{"sources": { "pci": { "deviceClassWhitelist": ["12"] } } }'
</code></pre></div></div><p>Configuration options specified from the command line will override those read from the config file.</p><h2id="using-node-labels">Using Node Labels</h2><p>Nodes with specific features can be targeted using the <codeclass="language-plaintext highlighter-rouge notranslate">nodeSelector</code> field. The following example shows how to target nodes with Intel TurboBoost enabled.</p><divclass="language-yaml highlighter-rouge notranslate"><divclass="highlight"><preclass="highlight"><code><spanclass="na">apiVersion</span><spanclass="pi">:</span><spanclass="s">v1</span>
</code></pre></div></div><p>For more details on targeting nodes, see <ahref="https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/">node selection</a>.</p><!-- Links --></div></div><divclass="navigation-bottom d-flex flex-justify-between py-3"role="navigation"aria-label="footer navigation"><divclass="prev"><ahref="/node-feature-discovery/v0.6/get-started/quick-start.html"class="btn"title="Quick Start"accesskey="p"rel="prev"><iclass="fa fa-arrow-circle-left"></i> Previous </a></div><divclass="next"><ahref="/node-feature-discovery/v0.6/get-started/features.html"class="btn"title="Feature Discovery"accesskey="n"rel="next"> Next <iclass="fa fa-arrow-circle-right"></i></a></div></div><hr><divclass="copyright text-center text-gray"role="contentinfo"><iclass="fa fa-copyright"></i><spanclass="time">2016-2021,</span><aclass="text-gray"href="https://github.com/kubernetes-sigs"rel="noreferrer"target="_blank">Kubernetes SIGs</a> Revision <aclass="text-gray"href="https://github.com/kubernetes-sigs/node-feature-discovery/commit/"title=""rel="noreferrer"target="_blank"></a><br><divclass="generator"> Built with <ahref="https://jekyllrb.com"rel="noreferrer"target="_blank">Jekyll</a> using a <ahref="https://github.com/rundocs/jekyll-rtd-theme"rel="noreferrer"target="_blank"title="remote theme: jekyll-rtd-theme v2.0.9">theme</a> provided by <ahref="https://rundocs.io"rel="noreferrer"target="_blank">RunDocs</a>. </div></div></div></div><divclass="addons-wrap d-flex flex-column overflow-y-auto"><divclass="status d-flex flex-justify-between p-2"><divclass="title p-1"><iclass="fa fa-book"></i> Node Feature Discovery </div><divclass="branch p-1"><spanclass="name"> v0.6 </span><iclass="fa fa-caret-down"></i></div></div><divclass="addons d-flex flex-column height-full p-2 d-none"><dlid="versions"><dt>Versions</dt><scriptsrc="/node-feature-discovery/versions.js"></script><script>vardt=document.getElementById('versions');varitems=getVersionListItems();for(vari=0;i<items.length;i++){vardd=document.createElement('dd');vara=dd.appendChild(document.createElement('a'));a.appendChild(document.createTextNode(items[i].name));a.href=items[i].url;dt.appendChild(dd);}</script></dl><dl><dt>GitHub</dt><dd><ahref="https://github.com/kubernetes-sigs/node-feature-discovery"title="Stars: 305"><iclass="fa fa-github"></i> Homepage </a></dd><dd><ahref="https://github.com/kubernetes-sigs/node-feature-discovery/issues"title="Open issues: 22"><iclass="fa fa-question-circle-o"></i> Issues </a></dd><dd><ahref="https://github.com/kubernetes-sigs/node-feature-discovery/zipball/gh-pages"title="Size: 79762 Kb"><iclass="fa fa-download"></i> Download </a></dd></dl><hr><divclass="license f6 pb-2"> The <ahref="/node-feature-discovery/v0.6/">software</a> is under the terms of <ahref="https://github.com/kubernetes-sigs/node-feature-discovery">Apache License 2.0</a>. </div></div></div><script>window.ui={title:"Node Feature Discovery",baseurl:"/node-feature-discovery/v0.6",i18n:{search_results:"Search Results",search_results_found:"Search finished, found # page(s) matching the search query.",search_results_not_found:"Your search did not match any documents, please make sure that all characters are spelled correctly!"}};</script><scriptsrc="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.9/assets/js/jquery.min.js"></script><scriptsrc="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.9/assets/js/theme.min.js"></script></body></html>
