node-feature-discovery/master/get-started/deployment-and-usage.html

<!DOCTYPE html> <html lang="en" dir="auto"> <head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> <meta name="description" content="Deployment and Usage Table of Contents Requirements Deployment options Operator Deployment Templates Build Your Own Usage NFD-Master NFD-Worker TLS..."> <meta name="revised" content=""> <meta name="author" content="Kubernetes SIGs"> <meta name="generator" content="jekyll-rtd-theme v2.0.9"> <meta property="og:title" content="Deployment and Usage · Node Feature Discovery"> <meta property="og:description" content="Deployment and Usage Table of Contents Requirements Deployment options Operator Deployment Templates Build Your Own Usage NFD-Master NFD-Worker TLS..."> <meta property="og:locale" content="en"> <meta property="og:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/master/get-started/deployment-and-usage.html"> <meta property="og:type" content="article"> <meta property="article:author" content="Kubernetes SIGs"> <meta property="article:published_time" content="2016-07-23T00:07:52-05:00"> <meta property="article:modified_time" content="2020-12-03T06:21:14-06:00"> <meta name="twitter:title" content="Deployment and Usage · Node Feature Discovery"> <meta name="twitter:description" content="Deployment and Usage Table of Contents Requirements Deployment options Operator Deployment Templates Build Your Own Usage NFD-Master NFD-Worker TLS..."> <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@Kubernetes SIGs"> <meta name="twitter:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/master/get-started/deployment-and-usage.html"> <meta name="twitter:creator" content="@jekyll-rtd-theme v2.0.9"> <title>Deployment and Usage · Node Feature Discovery</title> <link rel="dns-prefetch" href="https://rundocs-analytics.glitch.me"> <link rel="dns-prefetch" href="https://cdn.jsdelivr.net"> <link rel="canonical" href="https://kubernetes-sigs.github.com/node-feature-discovery/master/get-started/deployment-and-usage.html"><link rel="prev" href="https://kubernetes-sigs.github.com/node-feature-discovery/master/get-started/quick-start.html"><link rel="next" href="https://kubernetes-sigs.github.com/node-feature-discovery/master/get-started/features.html"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.9/assets/css/theme.min.css"> <link rel="icon" type="image/svg+xml" href="/node-feature-discovery/master/assets/images/favicon.svg"> <link rel="icon" type="image/png" href="/node-feature-discovery/master/assets/images/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="/node-feature-discovery/master/assets/images/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="/node-feature-discovery/master/assets/images/favicon-96x96.png" sizes="96x96"> <link rel="mask-icon" href="/node-feature-discovery/master/assets/images/favicon.svg" color="#2980b9"> <link rel="apple-touch-icon" href="/node-feature-discovery/master/assets/images/apple-touch-icon-300x300.jpg"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "mainEntityOfPage": { "@type": "WebPage", "@id": "https://kubernetes-sigs.github.com/node-feature-discovery/master/get-started/deployment-and-usage.html" }, "headline": "Deployment and Usage · Node Feature Discovery", "image": [], "author": { "@type": "Person", "name": "Kubernetes SIGs" }, "datePublished": "2016-07-23T00:07:52-05:00", "dateModified": "2020-12-03T06:21:14-06:00", "publisher": { "@type": "Organization", "name": "Kubernetes SIGs", "logo": { "@type": "ImageObject", "url": "https://avatars1.githubusercontent.com/u/36015203?v=4" } }, "description": "Deployment and Usage Table of Contents Requirements Deployment options Operator Deployment Templates Build Your Own Usage NFD-Master NFD-Worker TLS..." } </script> </head> <body class="container"><div class="sidebar-wrap overflow-hidden"> <div class="sidebar height-full overflow-y-scroll over
</code></pre>  </div> </div> </li> <li>Create NodeFeatureDiscovery resource (in <code class="language-plaintext highlighter-rouge notranslate">nfd</code> namespace here): <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh"> | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
  name: nfd
---
apiVersion: nfd.kubernetes.io/v1alpha1
kind: NodeFeatureDiscovery
metadata:
  name: my-nfd-deployment
  namespace: nfd
</span><span class="no">EOF
</span></code></pre>  </div> </div> </li> </ol> <h3 id="deployment-templates">Deployment Templates</h3> <p>The template specs provided in the repo can be used directly:</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/nfd-master.yaml.template
kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/nfd-worker-daemonset.yaml.template
</code></pre>  </div></div> <p>This will required RBAC rules and deploy nfd-master (as a deployment) and nfd-worker (as a daemonset) in the <code class="language-plaintext highlighter-rouge notranslate">node-feature-discovery</code> namespace.</p> <p>Alternatively you can download the templates and customize the deployment manually.</p> <h4 id="master-worker-pod">Master-Worker Pod</h4> <p>You can also run nfd-master and nfd-worker inside the same pod</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/nfd-daemonset-combined.yaml.template
</code></pre>  </div></div> <p>This creates a DaemonSet runs both nfd-worker and nfd-master in the same Pod. In this case no nfd-master is run on the master node(s), but, the worker nodes are able to label themselves which may be desirable e.g. in single-node setups.</p> <h4 id="worker-one-shot">Worker One-shot</h4> <p>Feature discovery can alternatively be configured as a one-shot job. The Job template may be used to achieve this:</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nv">NUM_NODES</span><span class="o">=</span><span class="si">$(</span>kubectl get no <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[*].metadata.name}'</span> | <span class="nb">wc</span> <span class="nt">-w</span><span class="si">)</span>
curl <span class="nt">-fs</span> https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/nfd-worker-job.yaml.template | <span class="se">\</span>
    <span class="nb">sed </span>s<span class="s2">"/NUM_NODES/</span><span class="nv">$NUM_NODES</span><span class="s2">/"</span> | <span class="se">\</span>
    kubectl apply <span class="nt">-f</span> -
</code></pre>  </div></div> <p>The example above launces as many jobs as there are non-master nodes. Note that this approach does not guarantee running once on every node. For example, tainted, non-ready nodes or some other reasons in Job scheduling may cause some node(s) will run extra job instance(s) to satisfy the request.</p> <h3 id="build-your-own">Build Your Own</h3> <p>If you want to use the latest development version (master branch) you need to build your own custom image. See the <a href="../advanced/developer-guide">Developer Guide</a> for instructions how to build images and deploy them on your cluster.</p> <h2 id="usage">Usage</h2> <h3 id="nfd-master">NFD-Master</h3> <p>NFD-Master runs as a deployment (with a replica count of 1), by default it prefers running on the cluster's master nodes but will run on worker nodes if no master nodes are found.</p> <p>For High Availability, you should simply increase the replica count of the deployment object. You should also look into adding <a href="https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity">inter-pod</a> affinity to prevent masters from running on the same node. However note that inter-pod affinity is costly and is not recommended in bigger clusters.</p> <p>NFD-Master listens for connections from nfd-worker(s) and connects to the Kubernetes API server to add node labels advertised by them.</p> <p>If you have RBAC authorization enabled (as is the default e.g. with clusters initialized with kubeadm) you need to configure the appropriate ClusterRoles, ClusterRoleBindings and a ServiceAccount in order for NFD to create node labels. The provided template will configure these for you.</p> <h3 id="nfd-worker">NFD-Worker</h3> <p>NFD-Worker is preferably run as a Kubernetes DaemonSet. This assures re-labeling on regular intervals capturing changes in the system configuration and mames sure that new nodes are labeled as they are added to the cluster. Worker connects to the nfd-master service to advertise hardware features.</p> <p>When run as a daemonset, nodes are re-labeled at an interval specified using the <code class="language-plaintext highlighter-rouge notranslate">--sleep-interval</code> option. In the <a href="https://github.com/kubernetes-sigs/node-feature-discovery/blob/master/nfd-worker-daemonset.yaml.template#L26">template</a> the default interval is set to 60s which is also the default when no <code class="language-plaintext highlighter-rouge notranslate">--sleep-interval</code> is specified. Also, the configuration file is re-read on each iteration providing a simple mechanism of run-time reconfiguration.</p> <h3 id="tls-authentication">TLS authentication</h3> <p>NFD supports mutual TLS authentication between the nfd-master and nfd-worker instances. That is, nfd-worker and nfd-master both verify that the other end presents a valid certificate.</p> <p>TLS authentication is enabled by specifying <code class="language-plaintext highlighter-rouge notranslate">--ca-file</code>, <code class="language-plaintext highlighter-rouge notranslate">--key-file</code> and <code class="language-plaintext highlighter-rouge notranslate">--cert-file</code> args, on both the nfd-master and nfd-worker instances. The template specs provided with NFD contain (commented out) example configuration for enabling TLS authentication.</p> <p>The Common Name (CN) of the nfd-master certificate must match the DNS name of the nfd-master Service of the cluster. By default, nfd-master only check that the nfd-worker has been signed by the specified root certificate (–ca-file). Additional hardening can be enabled by specifying –verify-node-name in nfd-master args, in which case nfd-master verifies that the NodeName presented by nfd-worker matches the Common Name (CN) of its certificate. This means that each nfd-worker requires a individual node-specific TLS certificate.</p> <h2 id="configuration">Configuration</h2> <p>NFD-Worker supports a configuration file. The default location is <code class="language-plaintext highlighter-rouge notranslate">/etc
</code></pre>  </div></div> <p>The (empty-by-default) <a href="https://github.com/kubernetes-sigs/node-feature-discovery/blob/master/nfd-worker.conf.example">example config</a> contains all available configuration options and can be used as a reference for creating creating a configuration.</p> <p>Configuration options can also be specified via the <code class="language-plaintext highlighter-rouge notranslate">--options</code> command line flag, in which case no mounts need to be used. The same format as in the config file must be used, i.e. JSON (or YAML). For example:</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>--options='{"sources": { "pci": { "deviceClassWhitelist": ["12"] } } }'
</code></pre>  </div></div> <p>Configuration options specified from the command line will override those read from the config file.</p> <h2 id="using-node-labels">Using Node Labels</h2> <p>Nodes with specific features can be targeted using the <code class="language-plaintext highlighter-rouge notranslate">nodeSelector</code> field. The following example shows how to target nodes with Intel TurboBoost enabled.</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span>
<span class="na">metadata</span><span class="pi">:</span>
  <span class="na">labels</span><span class="pi">:</span>
    <span class="na">env</span><span class="pi">:</span> <span class="s">test</span>
  <span class="na">name</span><span class="pi">:</span> <span class="s">golang-test</span>
<span class="na">spec</span><span class="pi">:</span>
  <span class="na">containers</span><span class="pi">:</span>
    <span class="pi">-</span> <span class="na">image</span><span class="pi">:</span> <span class="s">golang</span>
      <span class="na">name</span><span class="pi">:</span> <span class="s">go1</span>
  <span class="na">nodeSelector</span><span class="pi">:</span>
    <span class="s">feature.node.kubernetes.io/cpu-pstate.turbo</span><span class="pi">:</span> <span class="s1">'</span><span class="s">true'</span>
</code></pre>  </div></div> <p>For more details on targeting nodes, see <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/">node selection</a>.</p> <h2 id="uninstallation">Uninstallation</h2> <h3 id="operator-was-used-for-deployment">Operator Was Used for Deployment</h3> <p>If you followed the deployment instructions above you can simply do:</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>kubectl <span class="nt">-n</span> nfd delete NodeFeatureDiscovery my-nfd-deployment
</code></pre>  </div></div> <p>Optionally, you can also remove the namespace:</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>kubectl delete ns nfd
</code></pre>  </div></div> <p>See the <a href="https://github.com/kubernetes-sigs/node-feature-discovery-operator">node-feature-discovery-operator</a> and <a href="https://github.com/operator-framework/operator-lifecycle-manager">OLM</a> project documentation for instructions for uninstalling the operator and operator lifecycle manager, respectively.</p> <h3 id="manual">Manual</h3> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nv">NFD_NS</span><span class="o">=</span>node-feature-discovery
kubectl <span class="nt">-n</span> <span class="nv">$NFD_NS</span> delete ds nfd-worker
kubectl <span class="nt">-n</span> <span class="nv">$NFD_NS</span> delete deploy nfd-master
kubectl <span class="nt">-n</span> <span class="nv">$NFD_NS</span> delete svc nfd-master
kubectl <span class="nt">-n</span> <span class="nv">$NFD_NS</span> delete sa nfd-master
kubectl delete clusterrole nfd-master
kubectl delete clusterrolebinding nfd-master
</code></pre>  </div></div> <h3 id="removing-feature-labels">Removing Feature Labels</h3> <p>NFD-Master has a special <code class="language-plaintext highlighter-rouge notranslate">--prune</code> command line flag for removing all nfd-related node labels, annotations and extended resources from the cluster.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/nfd-prune.yaml.template
kubectl <span class="nt">-n</span> node-feature-discovery <span class="nb">wait </span>job.batch/nfd-prune <span class="nt">--for</span><span class="o">=</span><span class="nv">condition</span><span class="o">=</span><span class="nb">complete</span> <span class="o">&amp;&amp;</span> <span class="se">\</span>
    kubectl <span class="nt">-n</span> node-feature-discovery delete job/nfd-prune
</code></pre>  </div></div> <p><strong>NOTE:</strong> You must run prune before removing the RBAC rules (serviceaccount, clusterrole and clusterrolebinding).</p> <!-- Links --> </div> </div> <div class="navigation-bottom d-flex flex-justify-between py-3" role="navigation" aria-label="footer navigation"> <div class="prev"><a href="/node-feature-discovery/master/get-started/quick-start.html" class="btn" title="Quick Start" accesskey="p" rel="prev"> <i class="fa fa-arrow-circle-left"></i> Previous </a></div> <div class="next"><a href="/node-feature-discovery/master/get-started/features.html" class="btn" title="Feature Discovery" accesskey="n" rel="next"> Next <i class="fa fa-arrow-circle-right"></i> </a></div> </div><hr> <div class="copyright text-center text-gray" role="contentinfo"> <i class="fa fa-copyright"></i> <span class="time">2016-2020,</span> <a class="text-gray" href="https://github.com/kubernetes-sigs" rel="noreferrer" target="_blank">Kubernetes SIGs</a> Revision <a class="text-gray" href="https://github.com/kubernetes-sigs/node-feature-discovery/commit/" title="" rel="noreferrer" target="_blank"></a> <br> <div class="generator"> Built with <a href="https://jekyllrb.com" rel="noreferrer" target="_blank">Jekyll</a> using a <a href="https://github.com/rundocs/jekyll-rtd-theme" rel="noreferrer" target="_blank" title="remote theme: jekyll-rtd-theme v2.0.9">theme</a> provided by <a href="https://rundocs.io" rel="noreferrer" target="_blank">RunDocs</a>. </div> </div> </div> </div> <div class="addons-wrap d-flex flex-column overflow-y-auto"> <div class="status d-flex flex-justify-between p-2"> <div class="title p-1"> <i class="fa fa-book"></i> Node Feature Discovery </div> <div class="branch p-1"> <span class="name"> master </span> <i class="fa fa-caret-down"></i> </div> </div> <div class="addons d-flex flex-column height-full p-2 d-none"> <dl id="versions"> <dt>Versions</dt> <script src="/node-feature-discovery/versions.js"></script> <script> var dt = document.getElementById('versions'); var items = getVersionListItems(); for (var i=0; i < items.length; i++) { var dd = document.createElement('dd'); var a = dd.appendChild(document.createElement('a')); a.appendChild(document.createTextNode(items[i].name)); a.href = items[i].url; dt.appendChild(dd); } </script> </dl> <dl> <dt>GitHub</dt> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery" title="Stars: 234"> <i class="fa fa-github"></i> Homepage </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/issues" title="Open issues: 12"> <i class="fa fa-question-circle-o"></i> Issues </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/zipball/gh-pages" title="Size: 78611 Kb"> <i class="fa fa-download"></i> Download </a> </dd> </dl> <hr> <div class="license f6 pb-2"> The <a href="/node-feature-discovery/master/">software</a> is under the terms of <a href="https://github.com/kubernetes-sigs/node-feature-discovery">Apache License 2.0</a>. </div> </div> </div> <script> window.ui = { title: "Node Feature Discovery", baseurl: "/node-feature-discovery/master", i18n: { search_results: "Search Results", search_results_found: "Search finished, found # page(s) matching the search query.", search_results_not_found: "Your search did not match any documents, please make sure that all characters are spelled correctly!" } }; </script> <script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.9/assets/js/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.9/assets/js/theme.min.js"></script> </body> </html>