2020-09-08 07:17:40 +00:00
|
|
|
---
|
2021-03-09 11:38:09 +00:00
|
|
|
title: "Master cmdline reference"
|
2020-09-08 07:17:40 +00:00
|
|
|
layout: default
|
2022-11-02 12:34:37 +00:00
|
|
|
sort: 1
|
2020-09-08 07:17:40 +00:00
|
|
|
---
|
|
|
|
|
2021-03-09 11:38:09 +00:00
|
|
|
# Commandline flags of nfd-master
|
2021-09-27 12:31:49 +00:00
|
|
|
{: .no_toc}
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-03-09 11:38:09 +00:00
|
|
|
## Table of contents
|
2021-09-27 12:31:49 +00:00
|
|
|
{: .no_toc .text-delta}
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
1. TOC
|
|
|
|
{:toc}
|
|
|
|
|
|
|
|
---
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
To quickly view available command line flags execute `nfd-master -help`.
|
2020-09-08 07:17:40 +00:00
|
|
|
In a docker container:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
docker run {{ site.container_image }} nfd-master -help
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -h, -help
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Print usage and exit.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -version
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Print version and exit.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -prune
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-prune` flag is a sub-command like option for cleaning up the cluster. It
|
2020-09-08 07:17:40 +00:00
|
|
|
causes nfd-master to remove all NFD related labels, annotations and extended
|
|
|
|
resources from all Node objects of the cluster and exit.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -port
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-port` flag specifies the TCP port that nfd-master listens for incoming requests.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: 8080
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -port=443
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -instance
|
2021-02-03 17:49:02 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-instance` flag makes it possible to run multiple NFD deployments in
|
2021-02-03 17:49:02 +00:00
|
|
|
parallel. In practice, it separates the node annotations between deployments so
|
|
|
|
that each of them can store metadata independently. The instance name must
|
|
|
|
start and end with an alphanumeric character and may only contain alphanumeric
|
|
|
|
characters, `-`, `_` or `.`.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -instance=network
|
2021-02-03 17:49:02 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -ca-file
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-ca-file` is one of the three flags (together with `-cert-file` and
|
|
|
|
`-key-file`) controlling master-worker mutual TLS authentication on the
|
2020-09-08 07:17:40 +00:00
|
|
|
nfd-master side. This flag specifies the TLS root certificate that is used for
|
|
|
|
authenticating incoming connections. NFD-Worker side needs to have matching key
|
|
|
|
and cert files configured in order for the incoming requests to be accepted.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
Note: Must be specified together with `-cert-file` and `-key-file`
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -ca-file=/opt/nfd/ca.crt -cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -cert-file
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-cert-file` is one of the three flags (together with `-ca-file` and
|
|
|
|
`-key-file`) controlling master-worker mutual TLS authentication on the
|
2020-09-08 07:17:40 +00:00
|
|
|
nfd-master side. This flag specifies the TLS certificate presented for
|
|
|
|
authenticating outgoing traffic towards nfd-worker.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
Note: Must be specified together with `-ca-file` and `-key-file`
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key -ca-file=/opt/nfd/ca.crt
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -key-file
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-key-file` is one of the three flags (together with `-ca-file` and
|
|
|
|
`-cert-file`) controlling master-worker mutual TLS authentication on the
|
2020-09-08 07:17:40 +00:00
|
|
|
nfd-master side. This flag specifies the private key corresponding the given
|
2021-02-24 12:29:07 +00:00
|
|
|
certificate file (`-cert-file`) that is used for authenticating outgoing
|
2020-09-08 07:17:40 +00:00
|
|
|
traffic.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
Note: Must be specified together with `-cert-file` and `-ca-file`
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -key-file=/opt/nfd/master.key -cert-file=/opt/nfd/master.crt -ca-file=/opt/nfd/ca.crt
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -verify-node-name
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-verify-node-name` flag controls the NodeName based authorization of
|
2020-09-08 07:17:40 +00:00
|
|
|
incoming requests and only has effect when mTLS authentication has been enabled
|
2021-02-24 12:29:07 +00:00
|
|
|
(with `-ca-file`, `-cert-file` and `-key-file`). If enabled, the worker node
|
2021-04-20 08:44:32 +00:00
|
|
|
name of the incoming must match with the CN or a SAN in its TLS certificate. Thus,
|
2020-09-08 07:17:40 +00:00
|
|
|
workers are only able to label the node they are running on (or the node whose
|
2021-04-20 08:44:32 +00:00
|
|
|
certificate they present).
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-04-20 08:44:32 +00:00
|
|
|
Node Name based authorization is disabled by default.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: *false*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -verify-node-name -ca-file=/opt/nfd/ca.crt \
|
|
|
|
-cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2022-10-12 10:45:11 +00:00
|
|
|
### -enable-nodefeature-api
|
|
|
|
|
|
|
|
The `-enable-nodefeature-api` flag enables the NodeFeature CRD API for
|
|
|
|
receiving feature requests. This will also automatically disable the gRPC
|
|
|
|
interface.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -enable-nodefeature-api
|
|
|
|
```
|
|
|
|
|
2022-12-13 15:14:30 +00:00
|
|
|
### -enable-taints
|
|
|
|
|
|
|
|
The `-enable-taints` flag enables/disables node tainting feature of NFD.
|
|
|
|
|
|
|
|
Default: *false*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -enable-taints=true
|
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -no-publish
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-06-08 13:30:35 +00:00
|
|
|
The `-no-publish` flag disables updates to the Node objects in the Kubernetes
|
|
|
|
API server, making a "dry-run" flag for nfd-master. No Labels, Annotations or
|
|
|
|
ExtendedResources of nodes are updated.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: *false*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -no-publish
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-06-09 04:41:39 +00:00
|
|
|
### -featurerules-controller
|
|
|
|
|
|
|
|
The `-featurerules-controller` flag controlers the processing of
|
|
|
|
NodeFeatureRule objects, effectively enabling/disabling labels from these
|
|
|
|
custom labeling rules.
|
|
|
|
|
|
|
|
Default: *true*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -featurerules-controller=false
|
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -label-whitelist
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-label-whitelist` specifies a regular expression for filtering feature
|
2020-09-08 07:17:40 +00:00
|
|
|
labels based on their name. Each label must match against the given reqular
|
|
|
|
expression in order to be published.
|
|
|
|
|
|
|
|
Note: The regular expression is only matches against the "basename" part of the
|
|
|
|
label, i.e. to the part of the name after '/'. The label namespace is omitted.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -label-whitelist='.*cpuid\.'
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -extra-label-ns
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-extra-label-ns` flag specifies a comma-separated list of allowed feature
|
2020-09-08 07:17:40 +00:00
|
|
|
label namespaces. By default, nfd-master only allows creating labels in the
|
2021-07-06 12:03:50 +00:00
|
|
|
default `feature.node.kubernetes.io` and `profile.node.kubernetes.io` label
|
|
|
|
namespaces and their sub-namespaces (e.g. `vendor.feature.node.kubernetes.io`
|
|
|
|
and `sub.ns.profile.node.kubernetes.io`). This option can be used to allow
|
2021-05-26 15:56:16 +00:00
|
|
|
other vendor or application specific namespaces for custom labels from the
|
|
|
|
local and custom feature sources.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
The same namespace control and this flag applies Extended Resources (created
|
2021-02-24 12:29:07 +00:00
|
|
|
with `-resource-labels`), too.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -extra-label-ns=vendor-1.com,vendor-2.io
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -resource-labels
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-resource-labels` flag specifies a comma-separated list of features to be
|
2020-09-08 07:17:40 +00:00
|
|
|
advertised as extended resources instead of labels. Features that have integer
|
|
|
|
values can be published as Extended Resources by listing them in this flag.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -resource-labels=vendor-1.com/feature-1,vendor-2.io/feature-2
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
2021-02-19 09:03:16 +00:00
|
|
|
|
|
|
|
### Logging
|
|
|
|
|
|
|
|
The following logging-related flags are inherited from the
|
|
|
|
[klog](https://pkg.go.dev/k8s.io/klog/v2) package.
|
|
|
|
|
|
|
|
#### -add_dir_header
|
|
|
|
|
|
|
|
If true, adds the file directory to the header of the log messages.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -alsologtostderr
|
|
|
|
|
|
|
|
Log to standard error as well as files.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -log_backtrace_at
|
|
|
|
|
|
|
|
When logging hits line file:N, emit a stack trace.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
#### -log_dir
|
|
|
|
|
|
|
|
If non-empty, write log files in this directory.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
#### -log_file
|
|
|
|
|
|
|
|
If non-empty, use this log file.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
#### -log_file_max_size
|
|
|
|
|
|
|
|
Defines the maximum size a log file can grow to. Unit is megabytes. If the
|
|
|
|
value is 0, the maximum file size is unlimited.
|
|
|
|
|
|
|
|
Default: 1800
|
|
|
|
|
|
|
|
#### -logtostderr
|
|
|
|
|
|
|
|
Log to standard error instead of files
|
|
|
|
|
|
|
|
Default: true
|
|
|
|
|
|
|
|
#### -skip_headers
|
|
|
|
|
|
|
|
If true, avoid header prefixes in the log messages.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -skip_log_headers
|
|
|
|
|
|
|
|
If true, avoid headers when opening log files.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -stderrthreshold
|
|
|
|
|
|
|
|
Logs at or above this threshold go to stderr.
|
|
|
|
|
|
|
|
Default: 2
|
|
|
|
|
|
|
|
#### -v
|
|
|
|
|
|
|
|
Number for the log level verbosity.
|
|
|
|
|
|
|
|
Default: 0
|
|
|
|
|
|
|
|
#### -vmodule
|
|
|
|
|
|
|
|
Comma-separated list of `pattern=N` settings for file-filtered logging.
|
|
|
|
|
|
|
|
Default: *empty*
|