2020-09-08 07:17:40 +00:00
|
|
|
---
|
2021-03-09 11:38:09 +00:00
|
|
|
title: "Master cmdline reference"
|
2020-09-08 07:17:40 +00:00
|
|
|
layout: default
|
2022-11-02 12:34:37 +00:00
|
|
|
sort: 1
|
2020-09-08 07:17:40 +00:00
|
|
|
---
|
|
|
|
|
2021-03-09 11:38:09 +00:00
|
|
|
# Commandline flags of nfd-master
|
2021-09-27 12:31:49 +00:00
|
|
|
{: .no_toc}
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-03-09 11:38:09 +00:00
|
|
|
## Table of contents
|
2021-09-27 12:31:49 +00:00
|
|
|
{: .no_toc .text-delta}
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
1. TOC
|
|
|
|
{:toc}
|
|
|
|
|
|
|
|
---
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
To quickly view available command line flags execute `nfd-master -help`.
|
2020-09-08 07:17:40 +00:00
|
|
|
In a docker container:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
docker run {{ site.container_image }} nfd-master -help
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -h, -help
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Print usage and exit.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -version
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Print version and exit.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -prune
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-prune` flag is a sub-command like option for cleaning up the cluster. It
|
2020-09-08 07:17:40 +00:00
|
|
|
causes nfd-master to remove all NFD related labels, annotations and extended
|
|
|
|
resources from all Node objects of the cluster and exit.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -port
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-port` flag specifies the TCP port that nfd-master listens for incoming requests.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: 8080
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -port=443
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -instance
|
2021-02-03 17:49:02 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-instance` flag makes it possible to run multiple NFD deployments in
|
2021-02-03 17:49:02 +00:00
|
|
|
parallel. In practice, it separates the node annotations between deployments so
|
|
|
|
that each of them can store metadata independently. The instance name must
|
|
|
|
start and end with an alphanumeric character and may only contain alphanumeric
|
|
|
|
characters, `-`, `_` or `.`.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -instance=network
|
2021-02-03 17:49:02 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -ca-file
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-ca-file` is one of the three flags (together with `-cert-file` and
|
|
|
|
`-key-file`) controlling master-worker mutual TLS authentication on the
|
2020-09-08 07:17:40 +00:00
|
|
|
nfd-master side. This flag specifies the TLS root certificate that is used for
|
|
|
|
authenticating incoming connections. NFD-Worker side needs to have matching key
|
|
|
|
and cert files configured in order for the incoming requests to be accepted.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
Note: Must be specified together with `-cert-file` and `-key-file`
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -ca-file=/opt/nfd/ca.crt -cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -cert-file
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-cert-file` is one of the three flags (together with `-ca-file` and
|
|
|
|
`-key-file`) controlling master-worker mutual TLS authentication on the
|
2020-09-08 07:17:40 +00:00
|
|
|
nfd-master side. This flag specifies the TLS certificate presented for
|
|
|
|
authenticating outgoing traffic towards nfd-worker.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
Note: Must be specified together with `-ca-file` and `-key-file`
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key -ca-file=/opt/nfd/ca.crt
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -key-file
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-key-file` is one of the three flags (together with `-ca-file` and
|
|
|
|
`-cert-file`) controlling master-worker mutual TLS authentication on the
|
2020-09-08 07:17:40 +00:00
|
|
|
nfd-master side. This flag specifies the private key corresponding the given
|
2021-02-24 12:29:07 +00:00
|
|
|
certificate file (`-cert-file`) that is used for authenticating outgoing
|
2020-09-08 07:17:40 +00:00
|
|
|
traffic.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
Note: Must be specified together with `-cert-file` and `-ca-file`
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -key-file=/opt/nfd/master.key -cert-file=/opt/nfd/master.crt -ca-file=/opt/nfd/ca.crt
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -verify-node-name
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-verify-node-name` flag controls the NodeName based authorization of
|
2020-09-08 07:17:40 +00:00
|
|
|
incoming requests and only has effect when mTLS authentication has been enabled
|
2021-02-24 12:29:07 +00:00
|
|
|
(with `-ca-file`, `-cert-file` and `-key-file`). If enabled, the worker node
|
2021-04-20 08:44:32 +00:00
|
|
|
name of the incoming must match with the CN or a SAN in its TLS certificate. Thus,
|
2020-09-08 07:17:40 +00:00
|
|
|
workers are only able to label the node they are running on (or the node whose
|
2021-04-20 08:44:32 +00:00
|
|
|
certificate they present).
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-04-20 08:44:32 +00:00
|
|
|
Node Name based authorization is disabled by default.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: *false*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -verify-node-name -ca-file=/opt/nfd/ca.crt \
|
|
|
|
-cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2022-10-12 10:45:11 +00:00
|
|
|
### -enable-nodefeature-api
|
|
|
|
|
2022-12-01 17:28:25 +00:00
|
|
|
The `-enable-nodefeature-api` flag enables the
|
2023-01-12 01:23:36 +00:00
|
|
|
[NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for receiving
|
2022-12-01 17:28:25 +00:00
|
|
|
feature requests. This will also automatically disable the gRPC interface.
|
2022-10-12 10:45:11 +00:00
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -enable-nodefeature-api
|
|
|
|
```
|
|
|
|
|
2023-05-05 10:01:32 +00:00
|
|
|
### -enable-leader-election
|
|
|
|
|
|
|
|
The `-enable-leader-election` flag enables leader election for NFD-Master.
|
|
|
|
It is advised to turn on this flag when running more than one instance of
|
|
|
|
NFD-Master.
|
|
|
|
|
|
|
|
This flag takes effect only when combined with `-enable-nodefeature-api` flag.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -enable-nodefeature-api -enable-leader-election
|
|
|
|
```
|
|
|
|
|
2022-12-13 15:14:30 +00:00
|
|
|
### -enable-taints
|
|
|
|
|
|
|
|
The `-enable-taints` flag enables/disables node tainting feature of NFD.
|
|
|
|
|
|
|
|
Default: *false*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -enable-taints=true
|
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -no-publish
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-06-08 13:30:35 +00:00
|
|
|
The `-no-publish` flag disables updates to the Node objects in the Kubernetes
|
|
|
|
API server, making a "dry-run" flag for nfd-master. No Labels, Annotations or
|
|
|
|
ExtendedResources of nodes are updated.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: *false*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -no-publish
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2022-11-22 09:51:20 +00:00
|
|
|
### -crd-controller
|
2021-06-09 04:41:39 +00:00
|
|
|
|
2022-11-22 09:51:20 +00:00
|
|
|
The `-crd-controller` flag specifies whether the NFD CRD API controller is
|
2022-12-01 17:28:25 +00:00
|
|
|
enabled or not. The controller is responsible for processing
|
2023-01-12 01:23:36 +00:00
|
|
|
[NodeFeature](../usage/custom-resources.md#nodefeature) and
|
|
|
|
[NodeFeatureRule](../usage/custom-resources.md#nodefeaturerule) objects.
|
2021-06-09 04:41:39 +00:00
|
|
|
|
|
|
|
Default: *true*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2022-11-22 09:51:20 +00:00
|
|
|
nfd-master -crd-controller=false
|
2021-06-09 04:41:39 +00:00
|
|
|
```
|
|
|
|
|
2022-11-22 09:51:20 +00:00
|
|
|
### -featurerules-controller
|
|
|
|
|
|
|
|
**DEPRECATED**: use [`-crd-controller`](#-crd-controller) instead.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -label-whitelist
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-label-whitelist` specifies a regular expression for filtering feature
|
2020-09-08 07:17:40 +00:00
|
|
|
labels based on their name. Each label must match against the given reqular
|
|
|
|
expression in order to be published.
|
|
|
|
|
|
|
|
Note: The regular expression is only matches against the "basename" part of the
|
|
|
|
label, i.e. to the part of the name after '/'. The label namespace is omitted.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -label-whitelist='.*cpuid\.'
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -extra-label-ns
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-extra-label-ns` flag specifies a comma-separated list of allowed feature
|
2023-02-03 19:27:26 +00:00
|
|
|
label namespaces. This option can be used to allow
|
2021-05-26 15:56:16 +00:00
|
|
|
other vendor or application specific namespaces for custom labels from the
|
2023-02-03 19:27:26 +00:00
|
|
|
local and custom feature sources, even though these labels were denied using
|
|
|
|
the `deny-label-ns` flag.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
The same namespace control and this flag applies Extended Resources (created
|
2021-02-24 12:29:07 +00:00
|
|
|
with `-resource-labels`), too.
|
2020-09-08 07:17:40 +00:00
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -extra-label-ns=vendor-1.com,vendor-2.io
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
|
|
|
|
2023-02-03 19:27:26 +00:00
|
|
|
### -deny-label-ns
|
|
|
|
|
|
|
|
The `-deny-label-ns` flag specifies a comma-separated list of excluded
|
|
|
|
label namespaces. By default, nfd-master allows creating labels in all
|
|
|
|
namespaces, excluding `kubernetes.io` namespace and its sub-namespaces
|
|
|
|
(i.e. `*.kubernetes.io`). However, you should note that
|
|
|
|
`kubernetes.io` and its sub-namespaces are always denied.
|
|
|
|
For example, `nfd-master -deny-label-ns=""` would still disallow
|
|
|
|
`kubernetes.io` and `*.kubernetes.io`.
|
|
|
|
This option can be used to exclude some vendors or application specific
|
|
|
|
namespaces.
|
|
|
|
Note that the namespaces `feature.node.kubernetes.io` and `profile.node.kubernetes.io`
|
|
|
|
and their sub-namespaces are always allowed and cannot be denied.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -deny-label-ns=*.vendor.com,vendor-2.io
|
|
|
|
```
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
### -resource-labels
|
2020-09-08 07:17:40 +00:00
|
|
|
|
2023-04-13 08:14:43 +00:00
|
|
|
**DEPRECATED**: [NodeFeatureRule](../usage/custom-resources.md#nodefeaturerule)
|
|
|
|
should be used for managing extended resources in NFD.
|
|
|
|
|
2021-02-24 12:29:07 +00:00
|
|
|
The `-resource-labels` flag specifies a comma-separated list of features to be
|
2020-09-08 07:17:40 +00:00
|
|
|
advertised as extended resources instead of labels. Features that have integer
|
|
|
|
values can be published as Extended Resources by listing them in this flag.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
2021-02-24 12:29:07 +00:00
|
|
|
nfd-master -resource-labels=vendor-1.com/feature-1,vendor-2.io/feature-2
|
2020-09-08 07:17:40 +00:00
|
|
|
```
|
2021-02-19 09:03:16 +00:00
|
|
|
|
2023-03-05 21:56:46 +00:00
|
|
|
### -config
|
|
|
|
|
|
|
|
The `-config` flag specifies the path of the nfd-master configuration file to
|
|
|
|
use.
|
|
|
|
|
|
|
|
Default: /etc/kubernetes/node-feature-discovery/nfd-master.conf
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -config=/opt/nfd/master.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
### -options
|
|
|
|
|
|
|
|
The `-options` flag may be used to specify and override configuration file
|
|
|
|
options directly from the command line. The required format is the same as in
|
|
|
|
the config file i.e. JSON or YAML. Configuration options specified via this
|
|
|
|
flag will override those from the configuration file:
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -options='{"noPublish": true}'
|
|
|
|
```
|
|
|
|
|
2021-02-19 09:03:16 +00:00
|
|
|
### Logging
|
|
|
|
|
|
|
|
The following logging-related flags are inherited from the
|
|
|
|
[klog](https://pkg.go.dev/k8s.io/klog/v2) package.
|
|
|
|
|
|
|
|
#### -add_dir_header
|
|
|
|
|
|
|
|
If true, adds the file directory to the header of the log messages.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -alsologtostderr
|
|
|
|
|
|
|
|
Log to standard error as well as files.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -log_backtrace_at
|
|
|
|
|
|
|
|
When logging hits line file:N, emit a stack trace.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
#### -log_dir
|
|
|
|
|
|
|
|
If non-empty, write log files in this directory.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
#### -log_file
|
|
|
|
|
|
|
|
If non-empty, use this log file.
|
|
|
|
|
|
|
|
Default: *empty*
|
|
|
|
|
|
|
|
#### -log_file_max_size
|
|
|
|
|
|
|
|
Defines the maximum size a log file can grow to. Unit is megabytes. If the
|
|
|
|
value is 0, the maximum file size is unlimited.
|
|
|
|
|
|
|
|
Default: 1800
|
|
|
|
|
|
|
|
#### -logtostderr
|
|
|
|
|
|
|
|
Log to standard error instead of files
|
|
|
|
|
|
|
|
Default: true
|
|
|
|
|
|
|
|
#### -skip_headers
|
|
|
|
|
|
|
|
If true, avoid header prefixes in the log messages.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -skip_log_headers
|
|
|
|
|
|
|
|
If true, avoid headers when opening log files.
|
|
|
|
|
|
|
|
Default: false
|
|
|
|
|
|
|
|
#### -stderrthreshold
|
|
|
|
|
|
|
|
Logs at or above this threshold go to stderr.
|
|
|
|
|
|
|
|
Default: 2
|
|
|
|
|
|
|
|
#### -v
|
|
|
|
|
|
|
|
Number for the log level verbosity.
|
|
|
|
|
|
|
|
Default: 0
|
|
|
|
|
|
|
|
#### -vmodule
|
|
|
|
|
|
|
|
Comma-separated list of `pattern=N` settings for file-filtered logging.
|
|
|
|
|
|
|
|
Default: *empty*
|
2023-04-15 15:11:59 +00:00
|
|
|
|
|
|
|
### -resync-period
|
|
|
|
|
|
|
|
The `-resync-period` flag specifies the NFD API controller resync period.
|
|
|
|
The resync means nfd-master replaying all NodeFeature and NodeFeatureRule objects,
|
|
|
|
thus effectively re-syncing all nodes in the cluster (i.e. ensuring labels, annotations,
|
|
|
|
extended resources and taints are in place).
|
|
|
|
Only has effect when the [NodeFeature](../usage/custom-resources.md#nodefeature)
|
|
|
|
CRD API has been enabled with [`-enable-nodefeature-api`](master-commandline-reference.md#-enable-nodefeature-api).
|
|
|
|
|
|
|
|
Default: 1 hour.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nfd-master -resync-period=2h
|
|
|
|
```
|