diff --git a/cmd/nfd-master/main.go b/cmd/nfd-master/main.go index 4ba235349..520752441 100644 --- a/cmd/nfd-master/main.go +++ b/cmd/nfd-master/main.go @@ -80,16 +80,6 @@ func main() { args.Overrides.ResyncPeriod = overrides.ResyncPeriod case "nfd-api-parallelism": args.Overrides.NfdApiParallelism = overrides.NfdApiParallelism - case "ca-file": - klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "cert-file": - klog.InfoS("-cert-file is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "key-file": - klog.InfoS("-key-file is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "port": - klog.InfoS("-port is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "verify-node-name": - klog.InfoS("-verify-node-name is deprecated, will be removed in a future release along with the deprecated gRPC API") } }) @@ -122,39 +112,18 @@ func main() { func initFlags(flagset *flag.FlagSet) (*master.Args, *master.ConfigOverrideArgs) { args := &master.Args{} - flagset.StringVar(&args.CaFile, "ca-file", "", - "Root certificate for verifying connections."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") - flagset.StringVar(&args.CertFile, "cert-file", "", - "Certificate used for authenticating connections."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") flagset.StringVar(&args.Instance, "instance", "", "Instance name. Used to separate annotation namespaces for multiple parallel deployments.") - flagset.StringVar(&args.KeyFile, "key-file", "", - "Private key matching -cert-file."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") flagset.StringVar(&args.ConfigFile, "config", "/etc/kubernetes/node-feature-discovery/nfd-master.conf", "Config file to use.") flagset.StringVar(&args.Kubeconfig, "kubeconfig", "", "Kubeconfig to use") - flagset.BoolVar(&args.CrdController, "featurerules-controller", true, - "Enable NFD CRD API controller. DEPRECATED: use -crd-controller instead") - flagset.BoolVar(&args.CrdController, "crd-controller", true, - "Enable NFD CRD API controller for processing NodeFeature and NodeFeatureRule objects."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") - flagset.IntVar(&args.Port, "port", 8080, - "Port on which to listen for gRPC connections."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") flagset.IntVar(&args.MetricsPort, "metrics", 8081, "Port on which to expose metrics.") flagset.IntVar(&args.GrpcHealthPort, "grpc-health", 8082, "Port on which to expose the grpc health endpoint.") flagset.BoolVar(&args.Prune, "prune", false, "Prune all NFD related attributes from all nodes of the cluster and exit.") - flagset.BoolVar(&args.VerifyNodeName, "verify-node-name", false, - "Verify worker node name against the worker's TLS certificate. "+ - "Only takes effect when TLS authentication has been enabled."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") flagset.StringVar(&args.Options, "options", "", "Specify config options from command line. Config options are specified "+ "in the same format as in the config file (i.e. json or yaml). These options") diff --git a/cmd/nfd-worker/main.go b/cmd/nfd-worker/main.go index d6b478103..fe589f546 100644 --- a/cmd/nfd-worker/main.go +++ b/cmd/nfd-worker/main.go @@ -59,22 +59,6 @@ func main() { klog.InfoS("version not set! Set -ldflags \"-X sigs.k8s.io/node-feature-discovery/pkg/version.version=`git describe --tags --dirty --always`\" during build or run.") } - // Check deprecated flags - flags.Visit(func(f *flag.Flag) { - switch f.Name { - case "ca-file": - klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "cert-file": - klog.InfoS("-cert-file is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "key-file": - klog.InfoS("-key-file is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "server": - klog.InfoS("-server is deprecated, will be removed in a future release along with the deprecated gRPC API") - case "server-name-override": - klog.InfoS("-server-name-override is deprecated, will be removed in a future release along with the deprecated gRPC API") - } - }) - // Plug klog into grpc logging infrastructure utils.ConfigureGrpcKlog() @@ -119,17 +103,8 @@ func parseArgs(flags *flag.FlagSet, osArgs ...string) *worker.Args { func initFlags(flagset *flag.FlagSet) (*worker.Args, *worker.ConfigOverrideArgs) { args := &worker.Args{} - flagset.StringVar(&args.CaFile, "ca-file", "", - "Root certificate for verifying connections."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") - flagset.StringVar(&args.CertFile, "cert-file", "", - "Certificate used for authenticating connections."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") flagset.StringVar(&args.ConfigFile, "config", "/etc/kubernetes/node-feature-discovery/nfd-worker.conf", "Config file to use.") - flagset.StringVar(&args.KeyFile, "key-file", "", - "Private key matching -cert-file."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") flagset.StringVar(&args.Kubeconfig, "kubeconfig", "", "Kubeconfig to use") flagset.BoolVar(&args.Oneshot, "oneshot", false, @@ -141,12 +116,6 @@ func initFlags(flagset *flag.FlagSet) (*worker.Args, *worker.ConfigOverrideArgs) flagset.StringVar(&args.Options, "options", "", "Specify config options from command line. Config options are specified "+ "in the same format as in the config file (i.e. json or yaml). These options") - flagset.StringVar(&args.Server, "server", "localhost:8080", - "NFD server address to connecto to."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") - flagset.StringVar(&args.ServerNameOverride, "server-name-override", "", - "Hostname expected from server certificate, useful in testing."+ - " DEPRECATED: will be removed in a future release along with the deprecated gRPC API.") args.Klog = klogutils.InitKlogFlags(flagset) diff --git a/deployment/helm/node-feature-discovery/templates/cert-manager-certs.yaml b/deployment/helm/node-feature-discovery/templates/cert-manager-certs.yaml deleted file mode 100644 index 2d1576022..000000000 --- a/deployment/helm/node-feature-discovery/templates/cert-manager-certs.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.tls.certManager }} -{{- if .Values.master.enable }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-master-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - secretName: nfd-master-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-master - dnsNames: - # must match the service name - - {{ include "node-feature-discovery.fullname" . }}-master - # first one is configured for use by the worker; below are for completeness - - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc - - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - issuerRef: - name: {{ default "nfd-ca-issuer" .Values.tls.certManagerCertificate.issuerName }} - {{- if and .Values.tls.certManagerCertificate.issuerName .Values.tls.certManagerCertificate.issuerKind }} - kind: {{ .Values.tls.certManagerCertificate.issuerKind }} - {{- else }} - kind: Issuer - {{- end }} - group: cert-manager.io -{{- end }} ---- -{{- if .Values.worker.enable }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-worker-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - secretName: nfd-worker-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-worker - dnsNames: - - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - issuerRef: - name: {{ default "nfd-ca-issuer" .Values.tls.certManagerCertificate.issuerName }} - {{- if and .Values.tls.certManagerCertificate.issuerName .Values.tls.certManagerCertificate.issuerKind }} - kind: {{ .Values.tls.certManagerCertificate.issuerKind }} - {{- else }} - kind: Issuer - {{- end }} - group: cert-manager.io -{{- end }} - -{{- if .Values.topologyUpdater.enable }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-topology-updater-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - secretName: nfd-topology-updater-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-topology-updater - dnsNames: - - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - issuerRef: - name: {{ default "nfd-ca-issuer" .Values.tls.certManagerCertificate.issuerName }} - {{- if and .Values.tls.certManagerCertificate.issuerName .Values.tls.certManagerCertificate.issuerKind }} - kind: {{ .Values.tls.certManagerCertificate.issuerKind }} - {{- else }} - kind: Issuer - {{- end }} - group: cert-manager.io -{{- end }} - -{{- end }} diff --git a/deployment/helm/node-feature-discovery/templates/cert-manager-issuer.yaml b/deployment/helm/node-feature-discovery/templates/cert-manager-issuer.yaml deleted file mode 100644 index 874468908..000000000 --- a/deployment/helm/node-feature-discovery/templates/cert-manager-issuer.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.tls.certManager (not .Values.tls.certManagerCertificate.issuerName ) }} -# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers -# - Create a self signed issuer -# - Use this to create a CA cert -# - Use this to now create a CA issuer ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: nfd-ca-bootstrap - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-ca-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - isCA: true - secretName: nfd-ca-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-ca-cert - issuerRef: - name: nfd-ca-bootstrap - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: nfd-ca-issuer - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - ca: - secretName: nfd-ca-cert -{{- end }} diff --git a/deployment/helm/node-feature-discovery/templates/master.yaml b/deployment/helm/node-feature-discovery/templates/master.yaml index d3d7b604a..4795fc2cb 100644 --- a/deployment/helm/node-feature-discovery/templates/master.yaml +++ b/deployment/helm/node-feature-discovery/templates/master.yaml @@ -103,11 +103,7 @@ spec: {{- if .Values.master.instance | empty | not }} - "-instance={{ .Values.master.instance }}" {{- end }} - {{- if not .Values.featureGates.NodeFeatureAPI }} - - "-port={{ .Values.master.port | default "8080" }}" - {{- else if gt (int .Values.master.replicaCount) 1 }} - "-enable-leader-election" - {{- end }} {{- if .Values.master.extraLabelNs | empty | not }} - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}" {{- end }} @@ -120,12 +116,6 @@ spec: {{- if .Values.master.enableTaints }} - "-enable-taints" {{- end }} - {{- if .Values.master.crdController | kindIs "invalid" | not }} - - "-crd-controller={{ .Values.master.crdController }}" - {{- else }} - ## By default, disable crd controller for other than the default instances - - "-crd-controller={{ .Values.master.instance | empty }}" - {{- end }} {{- if .Values.master.featureRulesController | kindIs "invalid" | not }} - "-featurerules-controller={{ .Values.master.featureRulesController }}" {{- end }} @@ -135,11 +125,6 @@ spec: {{- if .Values.master.nfdApiParallelism | empty | not }} - "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}" {{- end }} - {{- if .Values.tls.enable }} - - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - {{- end }} # Go over featureGates and add the feature-gate flag {{- range $key, $value := .Values.featureGates }} - "-feature-gates={{ $key }}={{ $value }}" @@ -150,20 +135,10 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - {{- if .Values.tls.enable }} - - name: nfd-master-cert - mountPath: "/etc/kubernetes/node-feature-discovery/certs" - readOnly: true - {{- end }} - name: nfd-master-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true volumes: - {{- if .Values.tls.enable }} - - name: nfd-master-cert - secret: - secretName: nfd-master-cert - {{- end }} - name: nfd-master-conf configMap: name: {{ include "node-feature-discovery.fullname" . }}-master-conf diff --git a/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml b/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml index da01b1e1e..9a466f88e 100644 --- a/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml +++ b/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml @@ -103,11 +103,6 @@ spec: {{- else }} - "-watch-namespace=*" {{- end }} - {{- if .Values.tls.enable }} - - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - {{- end }} {{- if not .Values.topologyUpdater.podSetFingerprint }} - "-pods-fingerprint=false" {{- end }} @@ -142,11 +137,6 @@ spec: mountPath: /host-var/lib/kubelet readOnly: true {{- end }} - {{- if .Values.tls.enable }} - - name: nfd-topology-updater-cert - mountPath: "/etc/kubernetes/node-feature-discovery/certs" - readOnly: true - {{- end }} - name: nfd-topology-updater-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true @@ -182,12 +172,6 @@ spec: items: - key: nfd-topology-updater.conf path: nfd-topology-updater.conf - {{- if .Values.tls.enable }} - - name: nfd-topology-updater-cert - secret: - secretName: nfd-topology-updater-cert - {{- end }} - {{- with .Values.topologyUpdater.nodeSelector }} nodeSelector: diff --git a/deployment/helm/node-feature-discovery/templates/worker.yaml b/deployment/helm/node-feature-discovery/templates/worker.yaml index c4fbc6467..fbbc741e5 100644 --- a/deployment/helm/node-feature-discovery/templates/worker.yaml +++ b/deployment/helm/node-feature-discovery/templates/worker.yaml @@ -103,11 +103,6 @@ spec: {{- if not .Values.featureGates.NodeFeatureAPI }} - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" {{- end }} - {{- if .Values.tls.enable }} - - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - {{- end }} # Go over featureGate and add the feature-gate flag {{- range $key, $value := .Values.featureGates }} - "-feature-gates={{ $key }}={{ $value }}" @@ -155,11 +150,6 @@ spec: - name: nfd-worker-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true - {{- if .Values.tls.enable }} - - name: nfd-worker-cert - mountPath: "/etc/kubernetes/node-feature-discovery/certs" - readOnly: true - {{- end }} volumes: - name: host-boot hostPath: @@ -196,11 +186,6 @@ spec: items: - key: nfd-worker.conf path: nfd-worker.conf - {{- if .Values.tls.enable }} - - name: nfd-worker-cert - secret: - secretName: nfd-worker-cert - {{- end }} {{- with .Values.worker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deployment/helm/node-feature-discovery/values.yaml b/deployment/helm/node-feature-discovery/values.yaml index fef401d56..5ff0df68b 100644 --- a/deployment/helm/node-feature-discovery/values.yaml +++ b/deployment/helm/node-feature-discovery/values.yaml @@ -68,10 +68,6 @@ master: # retryPeriod: 2s # nfdApiParallelism: 10 ### - # The TCP port that nfd-master listens for incoming requests. Default: 8080 - # Deprecated this parameter is related to the deprecated gRPC API and will - # be removed with it in a future release - port: 8080 metricsPort: 8081 healthPort: 8082 instance: @@ -81,7 +77,6 @@ master: extraLabelNs: [] resourceLabels: [] enableTaints: false - crdController: null featureRulesController: null nfdApiParallelism: null deploymentAnnotations: {} @@ -601,18 +596,6 @@ gc: # specify how many old ReplicaSets for the Deployment to retain. revisionHistoryLimit: -# Optionally use encryption for worker <--> master comms -# TODO: verify hostname is not yet supported -# -# If you do not enable certManager (and have it installed) you will -# need to manually, or otherwise, provision the TLS certs as secrets -tls: - enable: false - certManager: false - certManagerCertificate: - issuerKind: - issuerName: - prometheus: enable: false scrapeInterval: 10s diff --git a/go.mod b/go.mod index 517732985..5070af95e 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.23.0 require ( github.com/fsnotify/fsnotify v1.7.0 - github.com/golang/protobuf v1.5.4 github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 github.com/jaypipes/ghw v0.13.0 @@ -23,7 +22,6 @@ require ( golang.org/x/net v0.30.0 golang.org/x/time v0.7.0 google.golang.org/grpc v1.63.2 - google.golang.org/protobuf v1.34.2 k8s.io/api v0.30.3 k8s.io/apiextensions-apiserver v0.30.3 k8s.io/apimachinery v0.30.3 @@ -69,6 +67,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/cel-go v0.17.8 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -132,6 +131,7 @@ require ( google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/pkg/labeler/doc.go b/pkg/labeler/doc.go deleted file mode 100644 index 4f0e89ade..000000000 --- a/pkg/labeler/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package labeler - -//go:generate protoc --go_opt=paths=source_relative --go_out=plugins=grpc:. -I . -I ../.. -I ../../vendor labeler.proto -//go:generate mockery --name=LabelerClient --inpackage diff --git a/pkg/labeler/labeler.pb.go b/pkg/labeler/labeler.pb.go deleted file mode 100644 index 742f4a77e..000000000 --- a/pkg/labeler/labeler.pb.go +++ /dev/null @@ -1,354 +0,0 @@ -// -//Copyright 2019 The Kubernetes Authors. -// -//Licensed under the Apache License, Version 2.0 (the "License"); -//you may not use this file except in compliance with the License. -//You may obtain a copy of the License at -// -//http://www.apache.org/licenses/LICENSE-2.0 -// -//Unless required by applicable law or agreed to in writing, software -//distributed under the License is distributed on an "AS IS" BASIS, -//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -//See the License for the specific language governing permissions and -//limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.23.0 -// protoc v4.25.3 -// source: labeler.proto - -package labeler - -import ( - context "context" - proto "github.com/golang/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - v1alpha1 "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -type SetLabelsRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - NfdVersion string `protobuf:"bytes,1,opt,name=nfd_version,json=nfdVersion,proto3" json:"nfd_version,omitempty"` - NodeName string `protobuf:"bytes,2,opt,name=node_name,json=nodeName,proto3" json:"node_name,omitempty"` - Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Features *v1alpha1.Features `protobuf:"bytes,4,opt,name=features,proto3" json:"features,omitempty"` -} - -func (x *SetLabelsRequest) Reset() { - *x = SetLabelsRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_labeler_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SetLabelsRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SetLabelsRequest) ProtoMessage() {} - -func (x *SetLabelsRequest) ProtoReflect() protoreflect.Message { - mi := &file_labeler_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SetLabelsRequest.ProtoReflect.Descriptor instead. -func (*SetLabelsRequest) Descriptor() ([]byte, []int) { - return file_labeler_proto_rawDescGZIP(), []int{0} -} - -func (x *SetLabelsRequest) GetNfdVersion() string { - if x != nil { - return x.NfdVersion - } - return "" -} - -func (x *SetLabelsRequest) GetNodeName() string { - if x != nil { - return x.NodeName - } - return "" -} - -func (x *SetLabelsRequest) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *SetLabelsRequest) GetFeatures() *v1alpha1.Features { - if x != nil { - return x.Features - } - return nil -} - -type SetLabelsReply struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *SetLabelsReply) Reset() { - *x = SetLabelsReply{} - if protoimpl.UnsafeEnabled { - mi := &file_labeler_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SetLabelsReply) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SetLabelsReply) ProtoMessage() {} - -func (x *SetLabelsReply) ProtoReflect() protoreflect.Message { - mi := &file_labeler_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SetLabelsReply.ProtoReflect.Descriptor instead. -func (*SetLabelsReply) Descriptor() ([]byte, []int) { - return file_labeler_proto_rawDescGZIP(), []int{1} -} - -var File_labeler_proto protoreflect.FileDescriptor - -var file_labeler_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x07, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x1a, 0x43, 0x73, 0x69, 0x67, 0x73, 0x2e, 0x6b, - 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2d, 0x66, 0x65, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x2d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x6e, 0x66, 0x64, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x67, 0x65, - 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xfa, 0x01, - 0x0a, 0x10, 0x53, 0x65, 0x74, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6e, 0x66, 0x64, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x66, 0x64, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, - 0x12, 0x3d, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x25, 0x2e, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x4c, 0x61, - 0x62, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, - 0x2e, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x65, 0x61, - 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, - 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x10, 0x0a, 0x0e, 0x53, 0x65, - 0x74, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x32, 0x4c, 0x0a, 0x07, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x09, 0x53, 0x65, 0x74, 0x4c, 0x61, - 0x62, 0x65, 0x6c, 0x73, 0x12, 0x19, 0x2e, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x2e, 0x53, - 0x65, 0x74, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x17, 0x2e, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x4c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x30, 0x5a, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2d, 0x66, - 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x2d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, - 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_labeler_proto_rawDescOnce sync.Once - file_labeler_proto_rawDescData = file_labeler_proto_rawDesc -) - -func file_labeler_proto_rawDescGZIP() []byte { - file_labeler_proto_rawDescOnce.Do(func() { - file_labeler_proto_rawDescData = protoimpl.X.CompressGZIP(file_labeler_proto_rawDescData) - }) - return file_labeler_proto_rawDescData -} - -var file_labeler_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_labeler_proto_goTypes = []interface{}{ - (*SetLabelsRequest)(nil), // 0: labeler.SetLabelsRequest - (*SetLabelsReply)(nil), // 1: labeler.SetLabelsReply - nil, // 2: labeler.SetLabelsRequest.LabelsEntry - (*v1alpha1.Features)(nil), // 3: v1alpha1.Features -} -var file_labeler_proto_depIdxs = []int32{ - 2, // 0: labeler.SetLabelsRequest.labels:type_name -> labeler.SetLabelsRequest.LabelsEntry - 3, // 1: labeler.SetLabelsRequest.features:type_name -> v1alpha1.Features - 0, // 2: labeler.Labeler.SetLabels:input_type -> labeler.SetLabelsRequest - 1, // 3: labeler.Labeler.SetLabels:output_type -> labeler.SetLabelsReply - 3, // [3:4] is the sub-list for method output_type - 2, // [2:3] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_labeler_proto_init() } -func file_labeler_proto_init() { - if File_labeler_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_labeler_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SetLabelsRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_labeler_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SetLabelsReply); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_labeler_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_labeler_proto_goTypes, - DependencyIndexes: file_labeler_proto_depIdxs, - MessageInfos: file_labeler_proto_msgTypes, - }.Build() - File_labeler_proto = out.File - file_labeler_proto_rawDesc = nil - file_labeler_proto_goTypes = nil - file_labeler_proto_depIdxs = nil -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// LabelerClient is the client API for Labeler service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type LabelerClient interface { - SetLabels(ctx context.Context, in *SetLabelsRequest, opts ...grpc.CallOption) (*SetLabelsReply, error) -} - -type labelerClient struct { - cc grpc.ClientConnInterface -} - -func NewLabelerClient(cc grpc.ClientConnInterface) LabelerClient { - return &labelerClient{cc} -} - -func (c *labelerClient) SetLabels(ctx context.Context, in *SetLabelsRequest, opts ...grpc.CallOption) (*SetLabelsReply, error) { - out := new(SetLabelsReply) - err := c.cc.Invoke(ctx, "/labeler.Labeler/SetLabels", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// LabelerServer is the server API for Labeler service. -type LabelerServer interface { - SetLabels(context.Context, *SetLabelsRequest) (*SetLabelsReply, error) -} - -// UnimplementedLabelerServer can be embedded to have forward compatible implementations. -type UnimplementedLabelerServer struct { -} - -func (*UnimplementedLabelerServer) SetLabels(context.Context, *SetLabelsRequest) (*SetLabelsReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetLabels not implemented") -} - -func RegisterLabelerServer(s *grpc.Server, srv LabelerServer) { - s.RegisterService(&_Labeler_serviceDesc, srv) -} - -func _Labeler_SetLabels_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SetLabelsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(LabelerServer).SetLabels(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/labeler.Labeler/SetLabels", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(LabelerServer).SetLabels(ctx, req.(*SetLabelsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _Labeler_serviceDesc = grpc.ServiceDesc{ - ServiceName: "labeler.Labeler", - HandlerType: (*LabelerServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "SetLabels", - Handler: _Labeler_SetLabels_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "labeler.proto", -} diff --git a/pkg/labeler/labeler.proto b/pkg/labeler/labeler.proto deleted file mode 100644 index 57cd8daaa..000000000 --- a/pkg/labeler/labeler.proto +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -syntax = "proto3"; - -option go_package = "sigs.k8s.io/node-feature-discovery/pkg/labeler"; - -import "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1/generated.proto"; - -package labeler; - -service Labeler{ - rpc SetLabels(SetLabelsRequest) returns (SetLabelsReply) {} -} - -message SetLabelsRequest { - string nfd_version = 1; - string node_name = 2; - map labels = 3; - v1alpha1.Features features = 4; -} - -message SetLabelsReply { -} diff --git a/pkg/labeler/mock_LabelerClient.go b/pkg/labeler/mock_LabelerClient.go deleted file mode 100644 index 6323f8f18..000000000 --- a/pkg/labeler/mock_LabelerClient.go +++ /dev/null @@ -1,67 +0,0 @@ -// Code generated by mockery v2.42.0. DO NOT EDIT. - -package labeler - -import ( - context "context" - - grpc "google.golang.org/grpc" - - mock "github.com/stretchr/testify/mock" -) - -// MockLabelerClient is an autogenerated mock type for the LabelerClient type -type MockLabelerClient struct { - mock.Mock -} - -// SetLabels provides a mock function with given fields: ctx, in, opts -func (_m *MockLabelerClient) SetLabels(ctx context.Context, in *SetLabelsRequest, opts ...grpc.CallOption) (*SetLabelsReply, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for SetLabels") - } - - var r0 *SetLabelsReply - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *SetLabelsRequest, ...grpc.CallOption) (*SetLabelsReply, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *SetLabelsRequest, ...grpc.CallOption) *SetLabelsReply); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*SetLabelsReply) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *SetLabelsRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// NewMockLabelerClient creates a new instance of MockLabelerClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewMockLabelerClient(t interface { - mock.TestingT - Cleanup(func()) -}) *MockLabelerClient { - mock := &MockLabelerClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/nfd-master/nfd-master-internal_test.go b/pkg/nfd-master/nfd-master-internal_test.go index 6f7f7b0db..b1d72916c 100644 --- a/pkg/nfd-master/nfd-master-internal_test.go +++ b/pkg/nfd-master/nfd-master-internal_test.go @@ -40,12 +40,12 @@ import ( clienttesting "k8s.io/client-go/testing" "k8s.io/client-go/tools/cache" + nfdclientset "sigs.k8s.io/node-feature-discovery/api/generated/clientset/versioned" fakenfdclient "sigs.k8s.io/node-feature-discovery/api/generated/clientset/versioned/fake" nfdscheme "sigs.k8s.io/node-feature-discovery/api/generated/clientset/versioned/scheme" nfdinformers "sigs.k8s.io/node-feature-discovery/api/generated/informers/externalversions" nfdv1alpha1 "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" "sigs.k8s.io/node-feature-discovery/pkg/features" - "sigs.k8s.io/node-feature-discovery/pkg/labeler" "sigs.k8s.io/node-feature-discovery/pkg/utils" ) @@ -109,16 +109,28 @@ func withConfig(config *NFDConfig) NfdMasterOption { return &nfdMasterOpt{f: func(n *nfdMaster) { n.config = config }} } +// withNFDClient forces to use the given client for the NFD API, without +// initializing one from kubeconfig. +func withNFDClient(cli nfdclientset.Interface) NfdMasterOption { + return &nfdMasterOpt{f: func(n *nfdMaster) { n.nfdClient = cli }} +} + func newFakeMaster(opts ...NfdMasterOption) *nfdMaster { + nfdCli := fakenfdclient.NewSimpleClientset() defaultOpts := []NfdMasterOption{ withNodeName(testNodeName), withConfig(&NFDConfig{Restrictions: Restrictions{AllowOverwrite: true}}), WithKubernetesClient(fakeclient.NewSimpleClientset()), + withNFDClient(nfdCli), } m, err := NewNfdMaster(append(defaultOpts, opts...)...) if err != nil { panic(err) } + // Add FeatureGates + if err := features.NFDMutableFeatureGate.Add(features.DefaultNFDFeatureGates); err != nil { + panic(err) + } return m.(*nfdMaster) } @@ -331,90 +343,6 @@ func TestRemovingExtResources(t *testing.T) { }) } -func TestSetLabels(t *testing.T) { - Convey("When servicing SetLabels request", t, func() { - // Add feature gates as running nfd-master depends on that - err := features.NFDMutableFeatureGate.Add(features.DefaultNFDFeatureGates) - So(err, ShouldBeNil) - - testNode := newTestNode() - // We need to populate the node with some annotations or the patching in the fake client fails - testNode.Labels["feature.node.kubernetes.io/foo"] = "bar" - testNode.Annotations[nfdv1alpha1.FeatureLabelsAnnotation] = "foo" - - ctx := context.Background() - // In the gRPC request the label names may omit the default ns - featureLabels := map[string]string{ - "feature.node.kubernetes.io/feature-1": "1", - "example.io/feature-2": "val-2", - "feature.node.kubernetes.io/feature-3": "3", - } - req := &labeler.SetLabelsRequest{NodeName: testNodeName, NfdVersion: "0.1-test", Labels: featureLabels} - - Convey("When node update succeeds", func() { - fakeCli := fakeclient.NewSimpleClientset(testNode) - fakeMaster := newFakeMaster(WithKubernetesClient(fakeCli)) - - _, err := fakeMaster.SetLabels(ctx, req) - Convey("No error should be returned", func() { - So(err, ShouldBeNil) - }) - Convey("Node object should be updated", func() { - updatedNode, err := fakeCli.CoreV1().Nodes().Get(context.TODO(), testNodeName, metav1.GetOptions{}) - So(err, ShouldBeNil) - So(updatedNode.Labels, ShouldEqual, featureLabels) - }) - }) - - Convey("When -resource-labels is specified", func() { - fakeCli := fakeclient.NewSimpleClientset(testNode) - fakeMaster := newFakeMaster( - WithKubernetesClient(fakeCli), - withConfig(&NFDConfig{ - ResourceLabels: map[string]struct{}{ - "feature.node.kubernetes.io/feature-3": {}, - "feature-1": {}}, - })) - - _, err := fakeMaster.SetLabels(ctx, req) - Convey("Error is nil", func() { - So(err, ShouldBeNil) - }) - - Convey("Node object should be updated", func() { - updatedNode, err := fakeCli.CoreV1().Nodes().Get(context.TODO(), testNodeName, metav1.GetOptions{}) - So(err, ShouldBeNil) - So(updatedNode.Labels, ShouldEqual, map[string]string{"example.io/feature-2": "val-2"}) - }) - }) - - Convey("When node update fails", func() { - fakeCli := fakeclient.NewSimpleClientset(testNode) - fakeMaster := newFakeMaster(WithKubernetesClient(fakeCli)) - - fakeErr := errors.New("Fake error when patching node") - fakeCli.CoreV1().(*fakecorev1client.FakeCoreV1).PrependReactor("patch", "nodes", func(action clienttesting.Action) (handled bool, ret runtime.Object, err error) { - return true, &corev1.Node{}, fakeErr - }) - _, err := fakeMaster.SetLabels(ctx, req) - Convey("An error should be returned", func() { - So(err, ShouldWrap, fakeErr) - }) - }) - - Convey("With '-no-publish'", func() { - fakeCli := fakeclient.NewSimpleClientset(testNode) - fakeMaster := newFakeMaster(WithKubernetesClient(fakeCli)) - - fakeMaster.config.NoPublish = true - _, err := fakeMaster.SetLabels(ctx, req) - Convey("Operation should succeed", func() { - So(err, ShouldBeNil) - }) - }) - }) -} - func TestFilterLabels(t *testing.T) { fakeMaster := newFakeMaster() fakeMaster.config.ExtraLabelNs = map[string]struct{}{"example.io": {}} diff --git a/pkg/nfd-master/nfd-master.go b/pkg/nfd-master/nfd-master.go index 451d6b532..822ed8ffd 100644 --- a/pkg/nfd-master/nfd-master.go +++ b/pkg/nfd-master/nfd-master.go @@ -17,8 +17,6 @@ limitations under the License. package nfdmaster import ( - "crypto/tls" - "crypto/x509" "encoding/json" "fmt" "maps" @@ -35,10 +33,8 @@ import ( "github.com/google/uuid" "golang.org/x/net/context" "google.golang.org/grpc" - "google.golang.org/grpc/credentials" "google.golang.org/grpc/health" "google.golang.org/grpc/health/grpc_health_v1" - "google.golang.org/grpc/peer" corev1 "k8s.io/api/core/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -60,7 +56,6 @@ import ( "sigs.k8s.io/node-feature-discovery/pkg/apis/nfd/nodefeaturerule" "sigs.k8s.io/node-feature-discovery/pkg/apis/nfd/validate" nfdfeatures "sigs.k8s.io/node-feature-discovery/pkg/features" - pb "sigs.k8s.io/node-feature-discovery/pkg/labeler" "sigs.k8s.io/node-feature-discovery/pkg/utils" klogutils "sigs.k8s.io/node-feature-discovery/pkg/utils/klog" "sigs.k8s.io/node-feature-discovery/pkg/version" @@ -122,20 +117,15 @@ type ConfigOverrideArgs struct { // Args holds command line arguments type Args struct { - CaFile string - CertFile string - ConfigFile string - Instance string - KeyFile string - Klog map[string]*utils.KlogFlagVal - Kubeconfig string - CrdController bool - Port int + ConfigFile string + Instance string + Klog map[string]*utils.KlogFlagVal + Kubeconfig string + Port int // GrpcHealthPort is only needed to avoid races between tests (by skipping the health server). // Could be removed when gRPC labler service is dropped (when nfd-worker tests stop running nfd-master). GrpcHealthPort int Prune bool - VerifyNodeName bool Options string EnableLeaderElection bool MetricsPort int @@ -167,7 +157,7 @@ type nfdMaster struct { ready chan struct{} kubeconfig *restclient.Config k8sClient k8sclient.Interface - nfdClient *nfdclientset.Clientset + nfdClient nfdclientset.Interface updaterPool *updaterPool deniedNs config *NFDConfig @@ -194,19 +184,6 @@ func NewNfdMaster(opts ...NfdMasterOption) (NfdMaster, error) { } } - // Check TLS related args - if nfd.args.CertFile != "" || nfd.args.KeyFile != "" || nfd.args.CaFile != "" { - if nfd.args.CertFile == "" { - return nfd, fmt.Errorf("-cert-file needs to be specified alongside -key-file and -ca-file") - } - if nfd.args.KeyFile == "" { - return nfd, fmt.Errorf("-key-file needs to be specified alongside -cert-file and -ca-file") - } - if nfd.args.CaFile == "" { - return nfd, fmt.Errorf("-ca-file needs to be specified alongside -cert-file and -key-file") - } - } - if nfd.args.ConfigFile != "" { nfd.configFilePath = filepath.Clean(nfd.args.ConfigFile) } @@ -232,11 +209,11 @@ func NewNfdMaster(opts ...NfdMasterOption) (NfdMaster, error) { return nfd, err } nfd.kubeconfig = kubeconfig - nfdClient, err := nfdclientset.NewForConfig(nfd.kubeconfig) + c, err := nfdclientset.NewForConfig(nfd.kubeconfig) if err != nil { return nfd, err } - nfd.nfdClient = nfdClient + nfd.nfdClient = c } nfd.updaterPool = newUpdaterPool(nfd) @@ -311,11 +288,8 @@ func (m *nfdMaster) Run() error { return m.prune() } - if m.args.CrdController { - err := m.startNfdApiController() - if err != nil { - return err - } + if err := m.startNfdApiController(); err != nil { + return err } m.updaterPool.start(m.config.NfdApiParallelism) @@ -344,14 +318,6 @@ func (m *nfdMaster) Run() error { defer m.Stop() } - // Run gRPC server - grpcErr := make(chan error) - // If the NodeFeature API is enabled, don'tregister the labeler API - // server. Otherwise, register the labeler server. - if !nfdfeatures.NFDFeatureGate.Enabled(nfdfeatures.NodeFeatureAPI) { - go m.runGrpcServer(grpcErr) - } - // Run updater that handles events from the nfd CRD API. if m.nfdController != nil { if m.args.EnableLeaderElection { @@ -362,6 +328,7 @@ func (m *nfdMaster) Run() error { } // Start gRPC server for liveness probe (at this point we're "live") + grpcErr := make(chan error) if m.args.GrpcHealthPort != 0 { if err := m.startGrpcHealthServer(grpcErr); err != nil { return fmt.Errorf("failed to start gRPC health server: %w", err) @@ -410,68 +377,11 @@ func (m *nfdMaster) startGrpcHealthServer(errChan chan<- error) error { return nil } -func (m *nfdMaster) runGrpcServer(errChan chan<- error) { - // Create server listening for TCP connections - lis, err := net.Listen("tcp", fmt.Sprintf(":%d", m.args.Port)) - if err != nil { - errChan <- fmt.Errorf("failed to listen: %w", err) - return - } - - serverOpts := []grpc.ServerOption{} - tlsConfig := utils.TlsConfig{} - // Create watcher for TLS cert files - certWatch, err := utils.CreateFsWatcher(time.Second, m.args.CertFile, m.args.KeyFile, m.args.CaFile) - if err != nil { - errChan <- err - return - } - // Enable mutual TLS authentication if -cert-file, -key-file or -ca-file - // is defined - if m.args.CertFile != "" || m.args.KeyFile != "" || m.args.CaFile != "" { - if err := tlsConfig.UpdateConfig(m.args.CertFile, m.args.KeyFile, m.args.CaFile); err != nil { - errChan <- err - return - } - - tlsConfig := &tls.Config{GetConfigForClient: tlsConfig.GetConfig} - serverOpts = append(serverOpts, grpc.Creds(credentials.NewTLS(tlsConfig))) - } - m.server = grpc.NewServer(serverOpts...) - - pb.RegisterLabelerServer(m.server, m) - - klog.InfoS("gRPC server serving", "port", m.args.Port) - - // Run gRPC server - grpcErr := make(chan error) - go func() { - defer lis.Close() - grpcErr <- m.server.Serve(lis) - }() - - for { - select { - case <-certWatch.Events: - klog.InfoS("reloading TLS certificates") - if err := tlsConfig.UpdateConfig(m.args.CertFile, m.args.KeyFile, m.args.CaFile); err != nil { - errChan <- err - } - - case err := <-grpcErr: - if err != nil { - errChan <- fmt.Errorf("gRPC server exited with an error: %w", err) - } - klog.InfoS("gRPC server stopped") - } - } -} - // nfdAPIUpdateHandler handles events from the nfd API controller. func (m *nfdMaster) nfdAPIUpdateHandler() { // We want to unconditionally update all nodes at startup if gRPC is // disabled (i.e. NodeFeature API is enabled) - updateAll := nfdfeatures.NFDFeatureGate.Enabled(nfdfeatures.NodeFeatureAPI) + updateAll := true updateNodes := make(map[string]struct{}) nodeFeatureGroup := make(map[string]struct{}) updateAllNodeFeatureGroups := false @@ -717,18 +627,6 @@ func filterTaints(taints []corev1.Taint) []corev1.Taint { return outTaints } -func verifyNodeName(cert *x509.Certificate, nodeName string) error { - if cert.Subject.CommonName == nodeName { - return nil - } - - err := cert.VerifyHostname(nodeName) - if err != nil { - return fmt.Errorf("certificate %q not valid for node %q: %v", cert.Subject.CommonName, nodeName, err) - } - return nil -} - func isNamespaceDenied(labelNs string, wildcardDeniedNs map[string]struct{}, normalDeniedNs map[string]struct{}) bool { for deniedNs := range normalDeniedNs { if labelNs == deniedNs { @@ -743,38 +641,6 @@ func isNamespaceDenied(labelNs string, wildcardDeniedNs map[string]struct{}, nor return false } -// SetLabels implements LabelerServer -func (m *nfdMaster) SetLabels(c context.Context, r *pb.SetLabelsRequest) (*pb.SetLabelsReply, error) { - nodeUpdateRequests.Inc() - err := authorizeClient(c, m.args.VerifyNodeName, r.NodeName) - if err != nil { - klog.ErrorS(err, "gRPC client authorization failed", "nodeName", r.NodeName) - return &pb.SetLabelsReply{}, err - } - - switch { - case klog.V(4).Enabled(): - klog.InfoS("gRPC SetLabels request received", "setLabelsRequest", utils.DelayedDumper(r)) - case klog.V(1).Enabled(): - klog.InfoS("gRPC SetLabels request received", "nodeName", r.NodeName, "nfdVersion", r.NfdVersion, "labels", r.Labels) - default: - klog.InfoS("gRPC SetLabels request received", "nodeName", r.NodeName) - } - if !m.config.NoPublish { - // Fetch the node object. - node, err := getNode(m.k8sClient, r.NodeName) - if err != nil { - return &pb.SetLabelsReply{}, err - } - // Create labels et al - if err := m.refreshNodeFeatures(m.k8sClient, node, r.GetLabels(), r.GetFeatures()); err != nil { - nodeUpdateFailures.Inc() - return &pb.SetLabelsReply{}, err - } - } - return &pb.SetLabelsReply{}, nil -} - func (m *nfdMaster) nfdAPIUpdateAllNodes() error { klog.InfoS("will process all nodes in the cluster") @@ -918,7 +784,7 @@ func (m *nfdMaster) nfdAPIUpdateAllNodeFeatureGroups() error { return nil } -func (m *nfdMaster) nfdAPIUpdateNodeFeatureGroup(nfdClient *nfdclientset.Clientset, nodeFeatureGroup *nfdv1alpha1.NodeFeatureGroup) error { +func (m *nfdMaster) nfdAPIUpdateNodeFeatureGroup(nfdClient nfdclientset.Interface, nodeFeatureGroup *nfdv1alpha1.NodeFeatureGroup) error { klog.V(2).InfoS("evaluating NodeFeatureGroup", "nodeFeatureGroup", klog.KObj(nodeFeatureGroup)) if m.nfdController == nil || m.nfdController.featureLister == nil { return nil @@ -1146,30 +1012,6 @@ func (m *nfdMaster) setTaints(cli k8sclient.Interface, taints []corev1.Taint, no return nil } -func authorizeClient(c context.Context, checkNodeName bool, nodeName string) error { - if checkNodeName { - // Client authorization. - // Check that the node name matches the CN from the TLS cert - client, ok := peer.FromContext(c) - if !ok { - return fmt.Errorf("failed to get peer (client)") - } - tlsAuth, ok := client.AuthInfo.(credentials.TLSInfo) - if !ok { - return fmt.Errorf("incorrect client credentials") - } - if len(tlsAuth.State.VerifiedChains) == 0 || len(tlsAuth.State.VerifiedChains[0]) == 0 { - return fmt.Errorf("client certificate verification failed") - } - - err := verifyNodeName(tlsAuth.State.VerifiedChains[0][0], nodeName) - if err != nil { - return err - } - } - return nil -} - func (m *nfdMaster) processNodeFeatureRule(nodeName string, features *nfdv1alpha1.Features) (Labels, Annotations, ExtendedResources, []corev1.Taint) { if m.nfdController == nil { return nil, nil, nil, nil @@ -1533,7 +1375,6 @@ func (m *nfdMaster) startNfdApiController() error { } klog.InfoS("starting the nfd api controller") m.nfdController, err = newNfdController(kubeconfig, nfdApiControllerOptions{ - DisableNodeFeature: !nfdfeatures.NFDFeatureGate.Enabled(nfdfeatures.NodeFeatureAPI), ResyncPeriod: m.config.ResyncPeriod.Duration, K8sClient: m.k8sClient, NodeFeatureNamespaceSelector: m.config.Restrictions.NodeFeatureNamespaceSelector, diff --git a/pkg/nfd-master/nfd-master_test.go b/pkg/nfd-master/nfd-master_test.go index 412a8a233..bb9b72042 100644 --- a/pkg/nfd-master/nfd-master_test.go +++ b/pkg/nfd-master/nfd-master_test.go @@ -26,23 +26,11 @@ import ( func TestNewNfdMaster(t *testing.T) { Convey("When initializing new NfdMaster instance", t, func() { - Convey("When one of -cert-file, -key-file or -ca-file is missing", func() { - _, err := m.NewNfdMaster(m.WithArgs(&m.Args{CertFile: "crt", KeyFile: "key"})) - _, err2 := m.NewNfdMaster(m.WithArgs(&m.Args{KeyFile: "key", CaFile: "ca"})) - _, err3 := m.NewNfdMaster(m.WithArgs(&m.Args{CertFile: "crt", CaFile: "ca"})) - Convey("An error should be returned", func() { - So(err, ShouldNotBeNil) - So(err2, ShouldNotBeNil) - So(err3, ShouldNotBeNil) - }) - }) Convey("When -config is supplied", func() { _, err := m.NewNfdMaster( m.WithArgs(&m.Args{ - CertFile: "crt", - KeyFile: "key", - CaFile: "ca", - ConfigFile: "master-config.yaml"}), + ConfigFile: "master-config.yaml", + }), m.WithKubernetesClient(fakeclient.NewSimpleClientset())) Convey("An error should not be returned", func() { So(err, ShouldBeNil) diff --git a/pkg/nfd-master/updater-pool.go b/pkg/nfd-master/updater-pool.go index b65b1942f..e23d9541a 100644 --- a/pkg/nfd-master/updater-pool.go +++ b/pkg/nfd-master/updater-pool.go @@ -27,7 +27,6 @@ import ( "k8s.io/klog/v2" nfdclientset "sigs.k8s.io/node-feature-discovery/api/generated/clientset/versioned" nfdv1alpha1 "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" - "sigs.k8s.io/node-feature-discovery/pkg/features" ) type updaterPool struct { @@ -120,7 +119,14 @@ func (u *updaterPool) processNodeFeatureGroupUpdateRequest(cli nfdclientset.Inte } func (u *updaterPool) runNodeFeatureGroupUpdater() { - cli := nfdclientset.NewForConfigOrDie(u.nfdMaster.kubeconfig) + var cli nfdclientset.Interface + if u.nfdMaster.kubeconfig != nil { + // For normal execution, initialize a separate api client for each updater + cli = nfdclientset.NewForConfigOrDie(u.nfdMaster.kubeconfig) + } else { + // For tests, re-use the api client from nfd-master + cli = u.nfdMaster.nfdClient + } for u.processNodeFeatureGroupUpdateRequest(cli) { } u.nfgWg.Done() @@ -149,10 +155,8 @@ func (u *updaterPool) start(parallelism int) { for i := 0; i < parallelism; i++ { u.wg.Add(1) go u.runNodeUpdater() - if features.NFDFeatureGate.Enabled(features.NodeFeatureGroupAPI) { - u.nfgWg.Add(1) - go u.runNodeFeatureGroupUpdater() - } + u.nfgWg.Add(1) + go u.runNodeFeatureGroupUpdater() } u.started = true } diff --git a/pkg/nfd-worker/nfd-worker-internal_test.go b/pkg/nfd-worker/nfd-worker-internal_test.go index 2ff380571..3aeee92f8 100644 --- a/pkg/nfd-worker/nfd-worker-internal_test.go +++ b/pkg/nfd-worker/nfd-worker-internal_test.go @@ -24,12 +24,10 @@ import ( "time" . "github.com/smartystreets/goconvey/convey" - "github.com/stretchr/testify/mock" "github.com/vektra/errors" fakeclient "k8s.io/client-go/kubernetes/fake" nfdv1alpha1 "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" - "sigs.k8s.io/node-feature-discovery/pkg/labeler" "sigs.k8s.io/node-feature-discovery/pkg/utils" "sigs.k8s.io/node-feature-discovery/source" "sigs.k8s.io/node-feature-discovery/source/cpu" @@ -266,32 +264,3 @@ func TestCreateFeatureLabels(t *testing.T) { }) }) } - -func TestAdvertiseFeatureLabels(t *testing.T) { - Convey("When advertising labels", t, func() { - w, err := NewNfdWorker(WithArgs(&Args{}), WithKubernetesClient(fakeclient.NewSimpleClientset())) - So(err, ShouldBeNil) - worker := w.(*nfdWorker) - - mockClient := &labeler.MockLabelerClient{} - worker.grpcClient = mockClient - - labels := map[string]string{"feature-1": "value-1"} - - Convey("Correct labeling request is sent", func() { - mockClient.On("SetLabels", mock.AnythingOfType("*context.timerCtx"), mock.AnythingOfType("*labeler.SetLabelsRequest")).Return(&labeler.SetLabelsReply{}, nil) - err := worker.advertiseFeatureLabels(labels) - Convey("There should be no error", func() { - So(err, ShouldBeNil) - }) - }) - Convey("Labeling request fails", func() { - mockErr := errors.New("mock-error") - mockClient.On("SetLabels", mock.AnythingOfType("*context.timerCtx"), mock.AnythingOfType("*labeler.SetLabelsRequest")).Return(&labeler.SetLabelsReply{}, mockErr) - err := worker.advertiseFeatureLabels(labels) - Convey("An error should be returned", func() { - So(err, ShouldEqual, mockErr) - }) - }) - }) -} diff --git a/pkg/nfd-worker/nfd-worker.go b/pkg/nfd-worker/nfd-worker.go index 4e4c3d09e..0c65a59f2 100644 --- a/pkg/nfd-worker/nfd-worker.go +++ b/pkg/nfd-worker/nfd-worker.go @@ -17,8 +17,6 @@ limitations under the License. package nfdworker import ( - "crypto/tls" - "crypto/x509" "encoding/json" "fmt" "net" @@ -32,8 +30,6 @@ import ( "golang.org/x/exp/maps" "golang.org/x/net/context" "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/health" "google.golang.org/grpc/health/grpc_health_v1" "k8s.io/apimachinery/pkg/api/errors" @@ -48,8 +44,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" nfdclient "sigs.k8s.io/node-feature-discovery/api/generated/clientset/versioned" nfdv1alpha1 "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" - "sigs.k8s.io/node-feature-discovery/pkg/features" - pb "sigs.k8s.io/node-feature-discovery/pkg/labeler" "sigs.k8s.io/node-feature-discovery/pkg/utils" "sigs.k8s.io/node-feature-discovery/pkg/version" "sigs.k8s.io/node-feature-discovery/source" @@ -97,18 +91,13 @@ type Labels map[string]string // Args are the command line arguments of NfdWorker. type Args struct { - CaFile string - CertFile string - ConfigFile string - KeyFile string - Klog map[string]*utils.KlogFlagVal - Kubeconfig string - Oneshot bool - Options string - Server string - ServerNameOverride string - MetricsPort int - GrpcHealthPort int + ConfigFile string + Klog map[string]*utils.KlogFlagVal + Kubeconfig string + Oneshot bool + Options string + MetricsPort int + GrpcHealthPort int Overrides ConfigOverrideArgs } @@ -123,12 +112,9 @@ type ConfigOverrideArgs struct { type nfdWorker struct { args Args - certWatch *utils.FsWatcher - clientConn *grpc.ClientConn configFilePath string config *NFDConfig kubernetesNamespace string - grpcClient pb.LabelerClient healthServer *grpc.Server k8sClient k8sclient.Interface nfdClient nfdclient.Interface @@ -185,19 +171,6 @@ func NewNfdWorker(opts ...NfdWorkerOption) (NfdWorker, error) { o.apply(nfd) } - // Check TLS related args - if nfd.args.CertFile != "" || nfd.args.KeyFile != "" || nfd.args.CaFile != "" { - if nfd.args.CertFile == "" { - return nfd, fmt.Errorf("-cert-file needs to be specified alongside -key-file and -ca-file") - } - if nfd.args.KeyFile == "" { - return nfd, fmt.Errorf("-key-file needs to be specified alongside -cert-file and -ca-file") - } - if nfd.args.CaFile == "" { - return nfd, fmt.Errorf("-ca-file needs to be specified alongside -cert-file and -key-file") - } - } - if nfd.args.ConfigFile != "" { nfd.configFilePath = filepath.Clean(nfd.args.ConfigFile) } @@ -303,14 +276,6 @@ func (w *nfdWorker) Run() error { return err } - // Create watcher for TLS certificates - w.certWatch, err = utils.CreateFsWatcher(time.Second, w.args.CaFile, w.args.CertFile, w.args.KeyFile) - if err != nil { - return err - } - - defer w.grpcDisconnect() - // Create ticker for feature discovery and run feature discovery once before the loop. labelTrigger := infiniteTicker{Ticker: time.NewTicker(1)} labelTrigger.Reset(w.config.Core.SleepInterval.Duration) @@ -387,16 +352,11 @@ func (w *nfdWorker) Run() error { return err } - case <-w.certWatch.Events: - klog.InfoS("TLS certificate update, renewing connection to nfd-master") - w.grpcDisconnect() - case <-w.stop: klog.InfoS("shutting down nfd-worker") if w.healthServer != nil { w.healthServer.GracefulStop() } - w.certWatch.Close() return nil } } @@ -407,69 +367,6 @@ func (w *nfdWorker) Stop() { close(w.stop) } -// getGrpcClient returns client connection to the NFD gRPC server. It creates a -// connection if one hasn't yet been established,. -func (w *nfdWorker) getGrpcClient() (pb.LabelerClient, error) { - if w.grpcClient != nil { - return w.grpcClient, nil - } - - // Check that if a connection already exists - if w.clientConn != nil { - return nil, fmt.Errorf("client connection already exists") - } - - // Dial and create a client - dialCtx, cancel := context.WithTimeout(context.Background(), 60*time.Second) - defer cancel() - dialOpts := []grpc.DialOption{grpc.WithBlock()} - if w.args.CaFile != "" || w.args.CertFile != "" || w.args.KeyFile != "" { - // Load client cert for client authentication - cert, err := tls.LoadX509KeyPair(w.args.CertFile, w.args.KeyFile) - if err != nil { - return nil, fmt.Errorf("failed to load client certificate: %v", err) - } - // Load CA cert for server cert verification - caCert, err := os.ReadFile(w.args.CaFile) - if err != nil { - return nil, fmt.Errorf("failed to read root certificate file: %v", err) - } - caPool := x509.NewCertPool() - if ok := caPool.AppendCertsFromPEM(caCert); !ok { - return nil, fmt.Errorf("failed to add certificate from '%s'", w.args.CaFile) - } - // Create TLS config - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{cert}, - RootCAs: caPool, - ServerName: w.args.ServerNameOverride, - MinVersion: tls.VersionTLS13, - } - dialOpts = append(dialOpts, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) - } else { - dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) - } - klog.InfoS("connecting to nfd-master", "address", w.args.Server) - conn, err := grpc.DialContext(dialCtx, w.args.Server, dialOpts...) - if err != nil { - return nil, err - } - w.clientConn = conn - - w.grpcClient = pb.NewLabelerClient(w.clientConn) - - return w.grpcClient, nil -} - -// grpcDisconnect closes the gRPC connection to NFD master -func (w *nfdWorker) grpcDisconnect() { - if w.clientConn != nil { - klog.InfoS("closing connection to nfd-master") - w.clientConn.Close() - } - w.clientConn = nil - w.grpcClient = nil -} func (c *coreConfig) sanitize() { if c.SleepInterval.Duration > 0 && c.SleepInterval.Duration < time.Second { klog.InfoS("too short sleep interval specified, forcing to 1s", @@ -718,42 +615,9 @@ func getFeatureLabels(source source.LabelSource, labelWhiteList regexp.Regexp) ( // advertiseFeatures advertises the features of a Kubernetes node func (w *nfdWorker) advertiseFeatures(labels Labels) error { - if features.NFDFeatureGate.Enabled(features.NodeFeatureAPI) { - // Create/update NodeFeature CR object - if err := w.updateNodeFeatureObject(labels); err != nil { - return fmt.Errorf("failed to advertise features (via CRD API): %w", err) - } - } else { - // Create/update feature labels through gRPC connection to nfd-master - if err := w.advertiseFeatureLabels(labels); err != nil { - return fmt.Errorf("failed to advertise features (via gRPC): %w", err) - } - } - return nil -} - -// advertiseFeatureLabels advertises the feature labels to a Kubernetes node -// via the NFD server. -func (w *nfdWorker) advertiseFeatureLabels(labels Labels) error { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - klog.InfoS("sending labeling request to nfd-master") - - labelReq := pb.SetLabelsRequest{Labels: labels, - Features: source.GetAllFeatures(), - NfdVersion: version.Get(), - NodeName: utils.NodeName()} - - cli, err := w.getGrpcClient() - if err != nil { - return err - } - - _, err = cli.SetLabels(ctx, &labelReq) - if err != nil { - klog.ErrorS(err, "failed to label node") - return err + // Create/update NodeFeature CR object + if err := w.updateNodeFeatureObject(labels); err != nil { + return fmt.Errorf("failed to advertise features (via CRD API): %w", err) } return nil diff --git a/pkg/nfd-worker/nfd-worker_test.go b/pkg/nfd-worker/nfd-worker_test.go index 91ed23c92..1095b718e 100644 --- a/pkg/nfd-worker/nfd-worker_test.go +++ b/pkg/nfd-worker/nfd-worker_test.go @@ -17,11 +17,8 @@ limitations under the License. package nfdworker_test import ( - "fmt" "os" - "regexp" "testing" - "time" . "github.com/smartystreets/goconvey/convey" "golang.org/x/net/context" @@ -33,17 +30,10 @@ import ( "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" nfdv1alpha1 "sigs.k8s.io/node-feature-discovery/api/nfd/v1alpha1" "sigs.k8s.io/node-feature-discovery/pkg/features" - master "sigs.k8s.io/node-feature-discovery/pkg/nfd-master" worker "sigs.k8s.io/node-feature-discovery/pkg/nfd-worker" "sigs.k8s.io/node-feature-discovery/pkg/utils" - "sigs.k8s.io/node-feature-discovery/test/data" ) -type testContext struct { - master master.NfdMaster - errs chan error -} - func initializeFeatureGates() { if err := features.NFDMutableFeatureGate.Add(features.DefaultNFDFeatureGates); err != nil { klog.ErrorS(err, "failed to add default feature gates") @@ -51,69 +41,6 @@ func initializeFeatureGates() { } } -func setupTest(args *master.Args) testContext { - // Fixed port and no-publish, for convenience - publish := true - args.Overrides = master.ConfigOverrideArgs{ - NoPublish: &publish, - LabelWhiteList: &utils.RegexpVal{Regexp: *regexp.MustCompile("")}, - } - args.Port = 8192 - // Add FeatureGates flag - initializeFeatureGates() - _ = features.NFDMutableFeatureGate.OverrideDefault(features.NodeFeatureAPI, false) - _ = features.NFDMutableFeatureGate.OverrideDefault(features.NodeFeatureGroupAPI, false) - m, err := master.NewNfdMaster( - master.WithArgs(args), - master.WithKubernetesClient(fakeclient.NewSimpleClientset())) - if err != nil { - fmt.Printf("Test setup failed: %v\n", err) - os.Exit(1) - } - ctx := testContext{master: m, errs: make(chan error)} - - // Run nfd-master instance, intended to be used as the server counterpart - go func() { - ctx.errs <- ctx.master.Run() - close(ctx.errs) - }() - ready := ctx.master.WaitForReady(5 * time.Second) - if !ready { - fmt.Println("Test setup failed: timeout while waiting for nfd-master") - os.Exit(1) - } - - return ctx -} - -func teardownTest(ctx testContext) { - ctx.master.Stop() - for e := range ctx.errs { - if e != nil { - fmt.Printf("Error in test context: %v\n", e) - os.Exit(1) - } - } -} - -func TestNewNfdWorker(t *testing.T) { - Convey("When initializing new NfdWorker instance", t, func() { - Convey("When one of -cert-file, -key-file or -ca-file is missing", func() { - _, err := worker.NewNfdWorker(worker.WithArgs(&worker.Args{CertFile: "crt", KeyFile: "key"}), - worker.WithKubernetesClient(fakeclient.NewSimpleClientset())) - _, err2 := worker.NewNfdWorker(worker.WithArgs(&worker.Args{KeyFile: "key", CaFile: "ca"}), - worker.WithKubernetesClient(fakeclient.NewSimpleClientset())) - _, err3 := worker.NewNfdWorker(worker.WithArgs(&worker.Args{CertFile: "crt", CaFile: "ca"}), - worker.WithKubernetesClient(fakeclient.NewSimpleClientset())) - Convey("An error should be returned", func() { - So(err, ShouldNotBeNil) - So(err2, ShouldNotBeNil) - So(err3, ShouldNotBeNil) - }) - }) - }) -} - func TestRun(t *testing.T) { nfdCli := fakenfdclient.NewSimpleClientset() initializeFeatureGates() @@ -207,36 +134,3 @@ func TestRun(t *testing.T) { }) }) } - -// TODO: remove this test with the rest of the TLS code and docs. -// Also drop the certs from test/data/. -func TestRunTls(t *testing.T) { - t.Skip("gRPC cannot be enabled, NodeFeatureAPI GA") - masterArgs := &master.Args{ - CaFile: data.FilePath("ca.crt"), - CertFile: data.FilePath("nfd-test-master.crt"), - KeyFile: data.FilePath("nfd-test-master.key"), - VerifyNodeName: false, - } - ctx := setupTest(masterArgs) - defer teardownTest(ctx) - Convey("When running nfd-worker against nfd-master with mutual TLS auth enabled", t, func() { - Convey("When publishing features from fake source", func() { - workerArgs := worker.Args{ - CaFile: data.FilePath("ca.crt"), - CertFile: data.FilePath("nfd-test-worker.crt"), - KeyFile: data.FilePath("nfd-test-worker.key"), - Server: "localhost:8192", - ServerNameOverride: "nfd-test-master", - Oneshot: true, - Overrides: worker.ConfigOverrideArgs{LabelSources: &utils.StringSliceVal{"fake"}}, - } - w, _ := worker.NewNfdWorker(worker.WithArgs(&workerArgs), - worker.WithKubernetesClient(fakeclient.NewSimpleClientset())) - err := w.Run() - Convey("No error should be returned", func() { - So(err, ShouldBeNil) - }) - }) - }) -} diff --git a/pkg/utils/tls.go b/pkg/utils/tls.go deleted file mode 100644 index 45f8b3cd4..000000000 --- a/pkg/utils/tls.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package utils - -import ( - "crypto/tls" - "crypto/x509" - "fmt" - "os" - "sync" -) - -// TlsConfig is a TLS config wrapper/helper for cert rotation -type TlsConfig struct { - sync.Mutex - config *tls.Config -} - -// GetConfig returns the current TLS configuration. Intended to be used as the -// GetConfigForClient callback in tls.Config. -func (c *TlsConfig) GetConfig(*tls.ClientHelloInfo) (*tls.Config, error) { - c.Lock() - defer c.Unlock() - - return c.config, nil -} - -// UpdateConfig updates the wrapped TLS config -func (c *TlsConfig) UpdateConfig(certFile, keyFile, caFile string) error { - c.Lock() - defer c.Unlock() - - // Load cert for authenticating this server - cert, err := tls.LoadX509KeyPair(certFile, keyFile) - if err != nil { - return fmt.Errorf("failed to load server certificate: %w", err) - } - // Load CA cert for client cert verification - caCert, err := os.ReadFile(caFile) - if err != nil { - return fmt.Errorf("failed to read root certificate file: %w", err) - } - caPool := x509.NewCertPool() - if ok := caPool.AppendCertsFromPEM(caCert); !ok { - return fmt.Errorf("failed to add certificate from '%s'", caFile) - } - - // Create TLS config - c.config = &tls.Config{ - Certificates: []tls.Certificate{cert}, - ClientCAs: caPool, - ClientAuth: tls.RequireAndVerifyClientCert, - GetConfigForClient: c.GetConfig, - MinVersion: tls.VersionTLS13, - } - return nil -} diff --git a/test/data/ca.crt b/test/data/ca.crt deleted file mode 100644 index 1447a246c..000000000 --- a/test/data/ca.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICAjCCAaygAwIBAgIJAOA69K1GekHnMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV -BAYTAkZJMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC25mZC10ZXN0LWNhMB4XDTIwMTExODEz -MTQxNFoXDTMwMTExNjEzMTQxNFowWzELMAkGA1UEBhMCRkkxEzARBgNVBAgMClNv -bWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIG -A1UEAwwLbmZkLXRlc3QtY2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA/JUnIBRK -a3sktLZWAf2T6yAHXL5ZAqKRqQQABvCPKn1HBNdraDlmIrptrCBm8EaArmdMfdn0 -F/G13eQpJD7NQQIDAQABo1MwUTAdBgNVHQ4EFgQUJM9Ncnmog7n3t5KA5SS67DTD -peIwHwYDVR0jBBgwFoAUJM9Ncnmog7n3t5KA5SS67DTDpeIwDwYDVR0TAQH/BAUw -AwEB/zANBgkqhkiG9w0BAQsFAANBAH25kXrAyI/akygdv77tQyz5Lc+wwLsduJfi -djDXYIfZSrUNaM7Jm4Wby1/0feeKEQjCOQ8Oa8SXn23A21SGhsc= ------END CERTIFICATE----- diff --git a/test/data/data.go b/test/data/data.go deleted file mode 100644 index 9d1fd9c0a..000000000 --- a/test/data/data.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package data - -import ( - "path/filepath" - "runtime" -) - -var packagePath string - -func init() { - _, thisFile, _, _ := runtime.Caller(0) - packagePath = filepath.Dir(thisFile) -} - -func FilePath(filePath string) string { - return filepath.Join(packagePath, filePath) -} diff --git a/test/data/nfd-test-master.crt b/test/data/nfd-test-master.crt deleted file mode 100644 index 7e647d08f..000000000 --- a/test/data/nfd-test-master.crt +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBwzCCAW2gAwIBAgIJAMRplUIVEGN6MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV -BAYTAkZJMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC25mZC10ZXN0LWNhMB4XDTIwMTExODEz -NTAzMVoXDTMwMTExNjEzNTAzMVowDTELMAkGA1UEBhMCRkkwgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAOGUDjt7jPwZRoYLZVD8T9HnmRLZnCil4ai3JQpKUF3b -ONhEFdv23y3rVeGkqHsEYNcn//nxwedCYr6qZ8cNvvZC+x+I6IOq6VmFR94kmL8I -7IXPgX/3jylCxNpYb3tP4Dcpa4UX4YhQa/WB6tgWo+obvZAicKi/DIrE/sZDbbZJ -AgMBAAGjHjAcMBoGA1UdEQQTMBGCD25mZC10ZXN0LW1hc3RlcjANBgkqhkiG9w0B -AQsFAANBAOFHpexL1Ltl+fjRDY/P3gXe6YALJVZzXQfpQ4/xKP0wOWMFowcmnHaq -ew4vICQvfvO7I52UIE3d8srPv9ZPI8g= ------END CERTIFICATE----- diff --git a/test/data/nfd-test-master.key b/test/data/nfd-test-master.key deleted file mode 100644 index 1348716c3..000000000 --- a/test/data/nfd-test-master.key +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOGUDjt7jPwZRoYL -ZVD8T9HnmRLZnCil4ai3JQpKUF3bONhEFdv23y3rVeGkqHsEYNcn//nxwedCYr6q -Z8cNvvZC+x+I6IOq6VmFR94kmL8I7IXPgX/3jylCxNpYb3tP4Dcpa4UX4YhQa/WB -6tgWo+obvZAicKi/DIrE/sZDbbZJAgMBAAECgYEAvKHFQQJxA8LTEXZoE8/Zo4qK -m5OzHN6SFDaKV8+K4uFV6KsOqHEJcemwWE8LwEsJ/AFr8YOzhQIjdpMi0vZwrwWE -0wBTkKctYEpuKLCFROkIiDPV1c1m5i5+kjDpvHvhwnufIozgLz7rFcC5ucR5gSMq -Uy1V3sfF9DM0UBBuoX0CQQD3Ogmfgmffi8gCq1zsQcp99u5R3Yj/ApQjQgRz0k6g -IhbY1i3u+fY7pTc/nBO9ezbvy4SHFP0rkfVbINQ25mdnAkEA6ZVZxUmI0r3GnTsZ -Rrya2lYXA9KfhgLFvpx7eAaaejClQyCP+fpoyV3KXPlI9J9bWAazO4k0jbmeNEL9 -F9DWzwJBAIdjfzWdQqlHcWcU1TSE6xGEkwq+GXIdxWZxluKev3QudviUgl8nAFO1 -rMXnAWB5A6Laf19CfUrJCea32b+e+e0CQCdMW0gX8Q8ToqC9WqlN/feR2FlqTDBt -svs4tIUjB0ZbfNJoXhC+knaecvdlcWLGlMWgivMPSGo3umgshQxGtH0CQQDlTjdU -stoxEneM2vIv9doqmXo80zkoMIG4gdsaINnfcbpnh7Is+mEdDGll/eSrekgBDpGw -rk9C6sqYwFFCY3Re ------END PRIVATE KEY----- diff --git a/test/data/nfd-test-topology-updater.crt b/test/data/nfd-test-topology-updater.crt deleted file mode 100644 index 3e891ce94..000000000 --- a/test/data/nfd-test-topology-updater.crt +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBwzCCAW2gAwIBAgIJAMRplUIVEGN7MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV -BAYTAkZJMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC25mZC10ZXN0LWNhMB4XDTIwMTExODEz -NTIxOFoXDTMwMTExNjEzNTIxOFowDTELMAkGA1UEBhMCRkkwgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAOX+AzRK17SFuhgSeWrf+B8SZUEdBhZGjBK6ypmAZgMW -6JWwTbsdJRU6uorTX2XvgOtRolXbwSTwWjFpkvYgK0Eo8kKLU5tOE6XYi04UVYRv -Ha26pQKpfseUug641GOtUlWYUgGmvSMikEIilh+b/aAG+5/K+fNqi08fLmX6t2XL -AgMBAAGjHjAcMBoGA1UdEQQTMBGCD25mZC10ZXN0LXdvcmtlcjANBgkqhkiG9w0B -AQsFAANBAGuSwyPjduIQz4n7L+tRPs3+XPJ8fvbzC0pADYA0geow/m+X784If8nT -Pj+8quQn9zPsaQ+1bNahobTlHRmQcPE= ------END CERTIFICATE----- diff --git a/test/data/nfd-test-topology-updater.key b/test/data/nfd-test-topology-updater.key deleted file mode 100644 index 4f3ed3125..000000000 --- a/test/data/nfd-test-topology-updater.key +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOX+AzRK17SFuhgS -eWrf+B8SZUEdBhZGjBK6ypmAZgMW6JWwTbsdJRU6uorTX2XvgOtRolXbwSTwWjFp -kvYgK0Eo8kKLU5tOE6XYi04UVYRvHa26pQKpfseUug641GOtUlWYUgGmvSMikEIi -lh+b/aAG+5/K+fNqi08fLmX6t2XLAgMBAAECgYEAqsA7gMdP/iaKUvTkUASYIfl2 -UzFJI6CcvgsP/4bkNcb8RqXuD81Dis9fT1I+sV9vR0YET9onO1V2oNjQ0wpvETjO -bk5veRfqFLOTavl64pAPGLEvOTWHSHQ9rtFZst1FFfehB1Vw69nBs9E40Zo2Y9yv -gkK+RIKUc2oPqMOigQECQQD8k2jxRX1COF+GO+pBTOTAr3pAmd0ahWAQGoqLwteQ -x+ARRZss1nuX0IGEyJ89hD6dHLv/FhhUxGE1R0xdQ31JAkEA6Rw5VYrAphATPCCX -h2gboAbHTOFAzwjnlW1pU6nlZI89kDAD3TF8d+eq906J8y7ji0YE89/G4HEzHqtQ -vMsucwJBAId2VAlauJRkga8PwVKmd+Vz98BgBTqtH9ljMr1EkbK/0EfTKieBHSZO -GLjrlKQ8ogxHlfh4lDIaZPxbMfSvNqkCQDkEfEmeHK0BtZK5bhbisg8cWVdGqXF6 -fhqgnmimX8OO/cHs3KUX25gAhGLlRPzEdUe1orR8AcsYJSbVRHRJRl0CQQC7VBgp -04kaZzLFf61TmqMGVDoG2Wi5HwXYyzAEEEYFW61kwfZ6vuq3AP7NPMfW1F94welg -8LfkI2NBgjyKGiqn ------END PRIVATE KEY----- diff --git a/test/data/nfd-test-worker.crt b/test/data/nfd-test-worker.crt deleted file mode 100644 index 3e891ce94..000000000 --- a/test/data/nfd-test-worker.crt +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBwzCCAW2gAwIBAgIJAMRplUIVEGN7MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV -BAYTAkZJMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC25mZC10ZXN0LWNhMB4XDTIwMTExODEz -NTIxOFoXDTMwMTExNjEzNTIxOFowDTELMAkGA1UEBhMCRkkwgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAOX+AzRK17SFuhgSeWrf+B8SZUEdBhZGjBK6ypmAZgMW -6JWwTbsdJRU6uorTX2XvgOtRolXbwSTwWjFpkvYgK0Eo8kKLU5tOE6XYi04UVYRv -Ha26pQKpfseUug641GOtUlWYUgGmvSMikEIilh+b/aAG+5/K+fNqi08fLmX6t2XL -AgMBAAGjHjAcMBoGA1UdEQQTMBGCD25mZC10ZXN0LXdvcmtlcjANBgkqhkiG9w0B -AQsFAANBAGuSwyPjduIQz4n7L+tRPs3+XPJ8fvbzC0pADYA0geow/m+X784If8nT -Pj+8quQn9zPsaQ+1bNahobTlHRmQcPE= ------END CERTIFICATE----- diff --git a/test/data/nfd-test-worker.key b/test/data/nfd-test-worker.key deleted file mode 100644 index 4f3ed3125..000000000 --- a/test/data/nfd-test-worker.key +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOX+AzRK17SFuhgS -eWrf+B8SZUEdBhZGjBK6ypmAZgMW6JWwTbsdJRU6uorTX2XvgOtRolXbwSTwWjFp -kvYgK0Eo8kKLU5tOE6XYi04UVYRvHa26pQKpfseUug641GOtUlWYUgGmvSMikEIi -lh+b/aAG+5/K+fNqi08fLmX6t2XLAgMBAAECgYEAqsA7gMdP/iaKUvTkUASYIfl2 -UzFJI6CcvgsP/4bkNcb8RqXuD81Dis9fT1I+sV9vR0YET9onO1V2oNjQ0wpvETjO -bk5veRfqFLOTavl64pAPGLEvOTWHSHQ9rtFZst1FFfehB1Vw69nBs9E40Zo2Y9yv -gkK+RIKUc2oPqMOigQECQQD8k2jxRX1COF+GO+pBTOTAr3pAmd0ahWAQGoqLwteQ -x+ARRZss1nuX0IGEyJ89hD6dHLv/FhhUxGE1R0xdQ31JAkEA6Rw5VYrAphATPCCX -h2gboAbHTOFAzwjnlW1pU6nlZI89kDAD3TF8d+eq906J8y7ji0YE89/G4HEzHqtQ -vMsucwJBAId2VAlauJRkga8PwVKmd+Vz98BgBTqtH9ljMr1EkbK/0EfTKieBHSZO -GLjrlKQ8ogxHlfh4lDIaZPxbMfSvNqkCQDkEfEmeHK0BtZK5bhbisg8cWVdGqXF6 -fhqgnmimX8OO/cHs3KUX25gAhGLlRPzEdUe1orR8AcsYJSbVRHRJRl0CQQC7VBgp -04kaZzLFf61TmqMGVDoG2Wi5HwXYyzAEEEYFW61kwfZ6vuq3AP7NPMfW1F94welg -8LfkI2NBgjyKGiqn ------END PRIVATE KEY----- diff --git a/test/e2e/utils/pod/pod.go b/test/e2e/utils/pod/pod.go index 56b421ad3..1029dca0c 100644 --- a/test/e2e/utils/pod/pod.go +++ b/test/e2e/utils/pod/pod.go @@ -256,7 +256,7 @@ func nfdWorkerSpec(opts ...SpecOption) *corev1.PodSpec { Name: "node-feature-discovery", ImagePullPolicy: pullPolicy(), Command: []string{"nfd-worker"}, - Args: []string{"-server=nfd-master-e2e:8080"}, + Args: []string{}, Env: []corev1.EnvVar{ { Name: "NODE_NAME",