diff --git a/docs/deployment/helm.md b/docs/deployment/helm.md index 0f2f3a291..5ff557f32 100644 --- a/docs/deployment/helm.md +++ b/docs/deployment/helm.md @@ -91,19 +91,19 @@ We have introduced the following Chart parameters. ### General parameters -| Name | Type | Default | description | -| ---- | ---- | ------- | ----------- | -| `image.repository` | string | `{{ site.container_image | split: ":" | first }}` | NFD image repository | -| `image.tag` | string | `{{ site.release }}` | NFD image tag | -| `image.pullPolicy` | string | `Always` | Image pull policy | -| `imagePullSecrets` | list | [] | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. [More info](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod) | -| `nameOverride` | string | | Override the name of the chart | -| `fullnameOverride` | string | | Override a default fully qualified app name | -| `tls.enable` | bool | false | Specifies whether to use TLS for communications between components. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `enableNodeFeatureApi` | bool | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `prometheus.enable` | bool | false | Specifies whether to expose metrics using prometheus operator | -| `prometheus.labels` | dict | {} | Specifies labels for use with the prometheus operator to control how it is selected | +| Name | Type | Default | Description | +| --------------------- | ------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | +| `image.repository` | string | `{{ site.container_image \| split: ":" \| first }}` | NFD image repository | +| `image.tag` | string | `{{ site.release }}` | NFD image tag | +| `image.pullPolicy` | string | `Always` | Image pull policy | +| `imagePullSecrets` | list | [] | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. [More info](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod) | +| `nameOverride` | string | | Override the name of the chart | +| `fullnameOverride` | string | | Override a default fully qualified app name | +| `tls.enable` | bool | false | Specifies whether to use TLS for communications between components. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | +| `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | +| `enableNodeFeatureApi`| bool | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | +| `prometheus.enable` | bool | false | Specifies whether to expose metrics using prometheus operator | +| `prometheus.labels` | dict | {} | Specifies labels for use with the prometheus operator to control how it is selected | Metrics are configured to be exposed using prometheus operator API's by default. If you want to expose metrics using the prometheus operator @@ -115,54 +115,54 @@ API's you need to install the prometheus operator in your cluster. |-----------------------------|---------|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| | `master.*` | dict | | NFD master deployment configuration | | `master.enable` | bool | true | Specifies whether nfd-master should be deployed | -| `master.port` | integer | | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `master.metricsPort` | integer | 8081 | Port on which to expose metrics from components to prometheus operator | -| `master.instance` | string | | Instance name. Used to separate annotation namespaces for multiple parallel deployments | -| `master.resyncPeriod` | string | | NFD API controller resync period. | -| `master.extraLabelNs` | array | [] | List of allowed extra label namespaces | -| `master.resourceLabels` | array | [] | List of labels to be registered as extended resources | -| `master.enableTaints` | bool | false | Specifies whether to enable or disable node tainting | -| `master.crdController` | bool | null | Specifies whether the NFD CRD API controller is enabled. If not set, controller will be enabled if `master.instance` is empty. | -| `master.featureRulesController` | bool | null | DEPRECATED: use `master.crdController` instead | -| `master.replicaCount` | integer | 1 | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified | +| `master.port` | integer | | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | +| `master.metricsPort` | integer | 8081 | Port on which to expose metrics from components to prometheus operator | +| `master.instance` | string | | Instance name. Used to separate annotation namespaces for multiple parallel deployments | +| `master.resyncPeriod` | string | | NFD API controller resync period. | +| `master.extraLabelNs` | array | [] | List of allowed extra label namespaces | +| `master.resourceLabels` | array | [] | List of labels to be registered as extended resources | +| `master.enableTaints` | bool | false | Specifies whether to enable or disable node tainting | +| `master.crdController` | bool | null | Specifies whether the NFD CRD API controller is enabled. If not set, controller will be enabled if `master.instance` is empty. | +| `master.featureRulesController` | bool | null | DEPRECATED: use `master.crdController` instead | +| `master.replicaCount` | integer | 1 | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified | | `master.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | -| `master.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)| -| `master.serviceAccount.create` | bool | true | Specifies whether a service account should be created -| `master.serviceAccount.annotations` | dict | {} | Annotations to add to the service account -| `master.serviceAccount.name` | string | | The name of the service account to use. If not set and create is true, a name is generated using the fullname template -| `master.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-master -| `master.service.type` | string | ClusterIP | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `master.service.port` | integer | 8080 | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `master.resources` | dict | {} | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| `master.nodeSelector` | dict | {} | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | -| `master.tolerations` | dict | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | -| `master.annotations` | dict | {} | NFD master pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| `master.affinity` | dict | | NFD master pod required [node affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | +| `master.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| `master.serviceAccount.create` | bool | true | Specifies whether a service account should be created | +| `master.serviceAccount.annotations` | dict | {} | Annotations to add to the service account | +| `master.serviceAccount.name` | string | | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| `master.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-master | +| `master.service.type` | string | ClusterIP | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | +| `master.service.port` | integer | 8080 | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | +| `master.resources` | dict | {} | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `master.nodeSelector` | dict | {} | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | +| `master.tolerations` | dict | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| `master.annotations` | dict | {} | NFD master pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| `master.affinity` | dict | | NFD master pod required [node affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | | `master.deploymentAnnotations` | dict | {} | NFD master deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| `master.nfdApiParallelism` | integer | 10 | Specifies the maximum number of concurrent node updates. | -| `master.config` | dict | | NFD master [configuration](../reference/master-configuration-reference) | +| `master.nfdApiParallelism` | integer | 10 | Specifies the maximum number of concurrent node updates. | +| `master.config` | dict | | NFD master [configuration](../reference/master-configuration-reference) | ### Worker pod parameters -| Name | Type | Default | description | -| ---- | ---- | ------- | ----------- | -| `worker.*` | dict | | NFD worker daemonset configuration | -| `worker.enable` | bool | true | Specifies whether nfd-worker should be deployed | -| `worker.metricsPort*` | integer | 8081 | Port on which to expose metrics from components to prometheus operator | -| `worker.config` | dict | | NFD worker [configuration](../reference/worker-configuration-reference) | -| `worker.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | -| `worker.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| `worker.serviceAccount.create` | bool | true | Specifies whether a service account for nfd-worker should be created -| `worker.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for nfd-worker -| `worker.serviceAccount.name` | string | | The name of the service account to use for nfd-worker. If not set and create is true, a name is generated using the fullname template (suffixed with `-worker`) -| `worker.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-worker -| `worker.mountUsrSrc` | bool | false | Specifies whether to allow users to mount the hostpath /user/src. Does not work on systems without /usr/src AND a read-only /usr | -| `worker.resources` | dict | {} | NFD worker pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| `worker.nodeSelector` | dict | {} | NFD worker pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | -| `worker.tolerations` | dict | {} | NFD worker pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | -| `worker.priorityClassName` | string | | NFD worker pod [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | -| `worker.annotations` | dict | {} | NFD worker pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| `worker.daemonsetAnnotations` | dict | {} | NFD worker daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| Name | Type | Default | description | +| --------------------------------- | ------ | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `worker.*` | dict | | NFD worker daemonset configuration | +| `worker.enable` | bool | true | Specifies whether nfd-worker should be deployed | +| `worker.metricsPort*` | int | 8081 | Port on which to expose metrics from components to prometheus operator | +| `worker.config` | dict | | NFD worker [configuration](../reference/worker-configuration-reference) | +| `worker.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | +| `worker.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| `worker.serviceAccount.create` | bool | true | Specifies whether a service account for nfd-worker should be created | +| `worker.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for nfd-worker | +| `worker.serviceAccount.name` | string | | The name of the service account to use for nfd-worker. If not set and create is true, a name is generated using the fullname template (suffixed with `-worker`) | +| `worker.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-worker | +| `worker.mountUsrSrc` | bool | false | Specifies whether to allow users to mount the hostpath /user/src. Does not work on systems without /usr/src AND a read-only /usr | +| `worker.resources` | dict | {} | NFD worker pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `worker.nodeSelector` | dict | {} | NFD worker pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | +| `worker.tolerations` | dict | {} | NFD worker pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| `worker.priorityClassName` | string | | NFD worker pod [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | +| `worker.annotations` | dict | {} | NFD worker pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| `worker.daemonsetAnnotations` | dict | {} | NFD worker daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | ### Topology updater parameters @@ -172,45 +172,45 @@ API's you need to install the prometheus operator in your cluster. | `topologyUpdater.enable` | bool | false | Specifies whether the NFD Topology Updater should be created | | `topologyUpdater.createCRDs` | bool | false | Specifies whether the NFD Topology Updater CRDs should be created | | `topologyUpdater.serviceAccount.create` | bool | true | Specifies whether the service account for topology updater should be created | -| `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater | -| `topologyUpdater.serviceAccount.name` | string | | The name of the service account for topology updater to use. If not set and create is true, a name is generated using the fullname template and `-topology-updater` suffix | -| `topologyUpdater.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology updater | -| `topologyUpdater.metricsPort` | integer | 8081 | Port on which to expose prometheus metrics | -| `topologyUpdater.kubeletConfigPath` | string | "" | Specifies the kubelet config host path | -| `topologyUpdater.kubeletPodResourcesSockPath` | string | "" | Specifies the kubelet sock path to read pod resources | -| `topologyUpdater.updateInterval` | string | 60s | Time to sleep between CR updates. Non-positive value implies no CR update. | -| `topologyUpdater.watchNamespace` | string | `*` | Namespace to watch pods, `*` for all namespaces | +| `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater | +| `topologyUpdater.serviceAccount.name` | string | | The name of the service account for topology updater to use. If not set and create is true, a name is generated using the fullname template and `-topology-updater` suffix | +| `topologyUpdater.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology updater | +| `topologyUpdater.metricsPort` | integer | 8081 | Port on which to expose prometheus metrics | +| `topologyUpdater.kubeletConfigPath` | string | "" | Specifies the kubelet config host path | +| `topologyUpdater.kubeletPodResourcesSockPath` | string | "" | Specifies the kubelet sock path to read pod resources | +| `topologyUpdater.updateInterval` | string | 60s | Time to sleep between CR updates. Non-positive value implies no CR update. | +| `topologyUpdater.watchNamespace` | string | `*` | Namespace to watch pods, `*` for all namespaces | | `topologyUpdater.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | -| `topologyUpdater.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| `topologyUpdater.resources` | dict | {} | Topology updater pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| `topologyUpdater.nodeSelector` | dict | {} | Topology updater pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | -| `topologyUpdater.tolerations` | dict | {} | Topology updater pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | -| `topologyUpdater.annotations` | dict | {} | Topology updater pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| `topologyUpdater.daemonsetAnnotations` | dict | {} | Topology updater daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| `topologyUpdater.affinity` | dict | {} | Topology updater pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | -| `topologyUpdater.config` | dict | | [configuration](../reference/topology-updater-configuration-reference) | -| `topologyUpdater.podSetFingerprint` | bool | false | Enables compute and report of pod fingerprint in NRT objects. | -| `topologyUpdater.kubeletStateDir` | string | /var/lib/kubelet | Specifies kubelet state directory path for watching state and checkpoint files. Empty value disables kubelet state tracking. | +| `topologyUpdater.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| `topologyUpdater.resources` | dict | {} | Topology updater pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `topologyUpdater.nodeSelector` | dict | {} | Topology updater pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | +| `topologyUpdater.tolerations` | dict | {} | Topology updater pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| `topologyUpdater.annotations` | dict | {} | Topology updater pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| `topologyUpdater.daemonsetAnnotations` | dict | {} | Topology updater daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| `topologyUpdater.affinity` | dict | {} | Topology updater pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | +| `topologyUpdater.config` | dict | | [configuration](../reference/topology-updater-configuration-reference) | +| `topologyUpdater.podSetFingerprint` | bool | false | Enables compute and report of pod fingerprint in NRT objects. | +| `topologyUpdater.kubeletStateDir` | string | /var/lib/kubelet | Specifies kubelet state directory path for watching state and checkpoint files. Empty value disables kubelet state tracking. | ### Garbage collector parameters -| Name | Type | Default | description | -|---------------------------------------|--------|---------|-------------------- -| `gc.*` | dict | | NFD Garbage Collector configuration -| `gc.enable` | bool | true | Specifies whether the NFD Garbage Collector should be created -| `gc.serviceAccount.create` | bool | true | Specifies whether the service account for garbage collector should be created -| `gc.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for garbage collector -| `gc.serviceAccount.name` | string | | The name of the service account for garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-gc` suffix -| `gc.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for garbage collector -| `gc.interval` | string | 1h | Time between periodic garbage collector runs -| `gc.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings -| `gc.resources` | dict | {} | Garbage collector pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) -| `gc.metricsPort` | integer | 8081 | Port on which to serve Prometheus metrics -| `gc.nodeSelector` | dict | {} | Garbage collector pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) -| `gc.tolerations` | dict | {} | Garbage collector pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) -| `gc.annotations` | dict | {} | Garbage collector pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) -| `gc.deploymentAnnotations` | dict | {} | Garbage collector deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) -| `gc.affinity` | dict | {} | Garbage collector pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) +| Name | Type | Default | description | +|---------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------| +| `gc.*` | dict | | NFD Garbage Collector configuration | +| `gc.enable` | bool | true | Specifies whether the NFD Garbage Collector should be created | +| `gc.serviceAccount.create` | bool | true | Specifies whether the service account for garbage collector should be created | +| `gc.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for garbage collector | +| `gc.serviceAccount.name` | string | | The name of the service account for garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-gc` suffix | +| `gc.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for garbage collector | +| `gc.interval` | string | 1h | Time between periodic garbage collector runs | +| `gc.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | +| `gc.resources` | dict | {} | Garbage collector pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `gc.metricsPort` | integer | 8081 | Port on which to serve Prometheus metrics | +| `gc.nodeSelector` | dict | {} | Garbage collector pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | +| `gc.tolerations` | dict | {} | Garbage collector pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| `gc.annotations` | dict | {} | Garbage collector pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| `gc.deploymentAnnotations` | dict | {} | Garbage collector deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| `gc.affinity` | dict | {} | Garbage collector pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | [rbac]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ diff --git a/docs/deployment/metrics.md b/docs/deployment/metrics.md index a58d66d38..a8ddc1956 100644 --- a/docs/deployment/metrics.md +++ b/docs/deployment/metrics.md @@ -13,24 +13,24 @@ By default NFD Master and Worker expose metrics on port 8081. The exposed metrics are -| Metric | Type | Description -| ------------------------------------------------- | --------- | --------------------------------------- -| `nfd_master_build_info` | Gauge | Version from which nfd-master was built -| `nfd_worker_build_info` | Gauge | Version from which nfd-worker was built -| `nfd_gc_build_info` | Gauge | Version from which nfd-gc was built -| `nfd_topology_updater_build_info` | Gauge | Version from which nfd-topology-updater was built -| `nfd_node_update_requests_total` | Counter | Number of node update requests received by the master over gRPC -| `nfd_node_updates_total` | Counter | Number of nodes updated -| `nfd_node_update_failures_total` | Counter | Number of nodes update failures -| `nfd_node_labels_rejected_total` | Counter | Number of nodes labels rejected by nfd-master -| `nfd_node_extendedresources_rejected_total` | Counter | Number of nodes extended resources rejected by nfd-master -| `nfd_node_taints_rejected_total` | Counter | Number of nodes taints rejected by nfd-master -| `nfd_nodefeaturerule_processing_duration_seconds` | Histogram | Time taken to process NodeFeatureRule objects -| `nfd_nodefeaturerule_processing_errors_total` | Counter | Number or errors encountered while processing NodeFeatureRule objects -| `nfd_feature_discovery_duration_seconds` | Histogram | Time taken to discover features on a node -| `nfd_topology_updater_scan_errors_total` | Counter | Number of errors in scanning resource allocation of pods. -| `nfd_gc_objects_deleted_total` | Counter | Number of NodeFeature and NodeResourceTopology objects garbage collected. -| `nfd_gc_object_delete_failures_total` | Counter | Number of errors in deleting NodeFeature and NodeResourceTopology objects. +| Metric | Type | Description | +| ------------------------------------------------- | --------- | ------------------------------------------------------- | +| `nfd_master_build_info` | Gauge | Version from which nfd-master was built | +| `nfd_worker_build_info` | Gauge | Version from which nfd-worker was built | +| `nfd_gc_build_info` | Gauge | Version from which nfd-gc was built | +| `nfd_topology_updater_build_info` | Gauge | Version from which nfd-topology-updater was built | +| `nfd_node_update_requests_total` | Counter | Number of node update requests received by the master over gRPC | +| `nfd_node_updates_total` | Counter | Number of nodes updated | +| `nfd_node_update_failures_total` | Counter | Number of nodes update failures | +| `nfd_node_labels_rejected_total` | Counter | Number of nodes labels rejected by nfd-master | +| `nfd_node_extendedresources_rejected_total` | Counter | Number of nodes extended resources rejected by nfd-master | +| `nfd_node_taints_rejected_total` | Counter | Number of nodes taints rejected by nfd-master | +| `nfd_nodefeaturerule_processing_duration_seconds` | Histogram | Time taken to process NodeFeatureRule objects | +| `nfd_nodefeaturerule_processing_errors_total` | Counter | Number or errors encountered while processing NodeFeatureRule objects | +| `nfd_feature_discovery_duration_seconds` | Histogram | Time taken to discover features on a node | +| `nfd_topology_updater_scan_errors_total` | Counter | Number of errors in scanning resource allocation of pods. | +| `nfd_gc_objects_deleted_total` | Counter | Number of NodeFeature and NodeResourceTopology objects garbage collected. | +| `nfd_gc_object_delete_failures_total` | Counter | Number of errors in deleting NodeFeature and NodeResourceTopology objects. | ## Kustomize diff --git a/docs/developer-guide/index.md b/docs/developer-guide/index.md index a40400c8e..2666016a4 100644 --- a/docs/developer-guide/index.md +++ b/docs/developer-guide/index.md @@ -110,22 +110,22 @@ name of the resulting container image. The following are targeted targeted for build customization and they can be specified via environment variables or makefile overrides. -| Variable | Description | Default value -| -------------------------- | ----------------------------------------------------------------- | ----------- | -| HOSTMOUNT_PREFIX | Prefix of system directories for feature discovery (local builds) | / (*local builds*) /host- (*container builds*) -| IMAGE_BUILD_CMD | Command to build the image | docker build -| IMAGE_BUILD_EXTRA_OPTS | Extra options to pass to build command | *empty* -| IMAGE_BUILDX_CMD | Command to build and push multi-arch images with buildx | DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --platform=${IMAGE_ALL_PLATFORMS} --progress=auto --pull -| IMAGE_ALL_PLATFORMS | Comma separated list of OS/ARCH tuples for mulit-arch builds | linux/amd64,linux/arm64 -| IMAGE_PUSH_CMD | Command to push the image to remote registry | docker push -| IMAGE_REGISTRY | Container image registry to use | registry.k8s.io/nfd -| IMAGE_TAG_NAME | Container image tag name | <nfd version> -| IMAGE_EXTRA_TAG_NAMES | Additional container image tag(s) to create when building image | *empty* -| K8S_NAMESPACE | nfd-master and nfd-worker namespace | node-feature-discovery -| KUBECONFIG | Kubeconfig for running e2e-tests | *empty* -| E2E_TEST_CONFIG | Parameterization file of e2e-tests (see [example][e2e-config-sample]) | *empty* -| E2E_PULL_IF_NOT_PRESENT | True-ish value makes the image pull policy IfNotPresent (to be used only in e2e tests) | false -| OPENSHIFT | Non-empty value enables OpenShift specific support (currently only effective in e2e tests) | *empty* +| Variable | Description | Default value | +| -------------------------- | ----------------------------------------------------------------- | ------------- | +| HOSTMOUNT_PREFIX | Prefix of system directories for feature discovery (local builds) | / (*local builds*) /host- (*container builds*) | +| IMAGE_BUILD_CMD | Command to build the image | docker build | +| IMAGE_BUILD_EXTRA_OPTS | Extra options to pass to build command | *empty* | +| IMAGE_BUILDX_CMD | Command to build and push multi-arch images with buildx | DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --platform=${IMAGE_ALL_PLATFORMS} --progress=auto --pull | +| IMAGE_ALL_PLATFORMS | Comma separated list of OS/ARCH tuples for mulit-arch builds | linux/amd64,linux/arm64 | +| IMAGE_PUSH_CMD | Command to push the image to remote registry | docker push | +| IMAGE_REGISTRY | Container image registry to use | registry.k8s.io/nfd | +| IMAGE_TAG_NAME | Container image tag name | <nfd version> | +| IMAGE_EXTRA_TAG_NAMES | Additional container image tag(s) to create when building image | *empty* | +| K8S_NAMESPACE | nfd-master and nfd-worker namespace | node-feature-discovery | +| KUBECONFIG | Kubeconfig for running e2e-tests | *empty* | +| E2E_TEST_CONFIG | Parameterization file of e2e-tests (see [example][e2e-config-sample]) | *empty* | +| E2E_PULL_IF_NOT_PRESENT | True-ish value makes the image pull policy IfNotPresent (to be used only in e2e tests) | false | +| OPENSHIFT | Non-empty value enables OpenShift specific support (currently only effective in e2e tests) | *empty* | For example, to use a custom registry: diff --git a/docs/get-started/introduction.md b/docs/get-started/introduction.md index 34f57fea9..86b0c55d2 100644 --- a/docs/get-started/introduction.md +++ b/docs/get-started/introduction.md @@ -100,10 +100,10 @@ An overview of the default feature labels: NFD also annotates nodes it is running on: -| Annotation | Description -| ------------------------------------------------------------ | ----------- -| [<instance>.]nfd.node.kubernetes.io/feature-labels | Comma-separated list of node labels managed by NFD. NFD uses this internally so must not be edited by users. -| [<instance>.]nfd.node.kubernetes.io/extended-resources | Comma-separated list of node extended resources managed by NFD. NFD uses this internally so must not be edited by users. +| Annotation | Description | +| ------------------------------------------------------------ | ----------------------------------------------------------- | +| [<instance>.]nfd.node.kubernetes.io/feature-labels | Comma-separated list of node labels managed by NFD. NFD uses this internally so must not be edited by users. | +| [<instance>.]nfd.node.kubernetes.io/extended-resources | Comma-separated list of node extended resources managed by NFD. NFD uses this internally so must not be edited by users. | > **NOTE:** the [`-instance`](../reference/master-commandline-reference.md#instance) > command line flag affects the annotation names diff --git a/docs/mdl-style.rb b/docs/mdl-style.rb index 04c7dbe41..ec51c7f96 100644 --- a/docs/mdl-style.rb +++ b/docs/mdl-style.rb @@ -8,3 +8,6 @@ rule 'MD013', :tables => false rule 'MD007', :indent => 2 rule 'MD013', :ignore_code_blocks => true rule 'MD024', :allow_different_nesting => true +# MD056 - Inconsistent number of columns in table +# docs/deployment/helm.md:98 +exclude_rule 'MD056' diff --git a/docs/usage/customization-guide.md b/docs/usage/customization-guide.md index c5d7676fc..35040e0f8 100644 --- a/docs/usage/customization-guide.md +++ b/docs/usage/customization-guide.md @@ -706,18 +706,18 @@ which to evaluate against the elements of the feature. In each MatchExpression `op` specifies the operator to apply. Valid values are described below. -| Operator | Number of values | Matches when -| --------------- | ---------------- | ----------- -| `In` | 1 or greater | Input is equal to one of the values -| `NotIn` | 1 or greater | Input is not equal to any of the values -| `InRegexp` | 1 or greater | Values of the MatchExpression are treated as regexps and input matches one or more of them -| `Exists` | 0 | The key exists -| `DoesNotExist` | 0 | The key does not exists -| `Gt` | 1 | Input is greater than the value. Both the input and value must be integer numbers. -| `Lt` | 1 | Input is less than the value. Both the input and value must be integer numbers. -| `GtLt` | 2 | Input is between two values. Both the input and value must be integer numbers. -| `IsTrue` | 0 | Input is equal to "true" -| `IsFalse` | 0 | Input is equal "false" +| Operator | Number of values | Matches when | +| --------------- | ---------------- | ----------- | +| `In` | 1 or greater | Input is equal to one of the values | +| `NotIn` | 1 or greater | Input is not equal to any of the values | +| `InRegexp` | 1 or greater | Values of the MatchExpression are treated as regexps and input matches one or more of them | +| `Exists` | 0 | The key exists | +| `DoesNotExist` | 0 | The key does not exists | +| `Gt` | 1 | Input is greater than the value. Both the input and value must be integer numbers. | +| `Lt` | 1 | Input is less than the value. Both the input and value must be integer numbers. | +| `GtLt` | 2 | Input is between two values. Both the input and value must be integer numbers. | +| `IsTrue` | 0 | Input is equal to "true" | +| `IsFalse` | 0 | Input is equal "false" | The `value` field of MatchExpression is a list of string arguments to the operator. @@ -765,86 +765,86 @@ true). The following features are available for matching: -| Feature | [Feature type](#feature-types) | Elements | Value type | Description -| ---------------- | ------------ | -------- | ---------- | ----------- -| **`cpu.cpuid`** | flag | | | Supported CPU capabilities -| | | **``** | | CPUID flag is present -| **`cpu.cstate`** | attribute | | | Status of cstates in the intel_idle cpuidle driver -| | | **`enabled`** | bool | 'true' if cstates are set, otherwise 'false'. Does not exist of intel_idle driver is not active. -| **`cpu.model`** | attribute | | | CPU model related attributes -| | | **`family`** | int | CPU family -| | | **`vendor_id`** | string | CPU vendor ID -| | | **`id`** | int | CPU model ID -| **`cpu.pstate`** | attribute | | | State of the Intel pstate driver. Does not exist if the driver is not enabled. -| | | **`status`** | string | Status of the driver, possible values are 'active' and 'passive' -| | | **`turbo`** | bool | 'true' if turbo frequencies are enabled, otherwise 'false' -| | | **`scaling`** | string | Active scaling_governor, possible values are 'powersave' or 'performance'. -| **`cpu.rdt`** | attribute | | | Intel RDT capabilities supported by the system -| | | **``** | | RDT capability is supported, see [RDT flags](#intel-rdt-flags) for details -| | | **`RDTL3CA_NUM_CLOSID`** | int | The number or available CLOSID (Class of service ID) for Intel L3 Cache Allocation Technology -| **`cpu.security`** | attribute | | | Features related to security and trusted execution environments -| | | **`sgx.enabled`** | bool | `true` if Intel SGX (Software Guard Extensions) has been enabled, otherwise does not exist -| | | **`sgx.epc`** | int | The total amount Intel SGX Encrypted Page Cache memory in bytes. It's only present if `sgx.enabled` is `true`. -| | | **`se.enabled`** | bool | `true` if IBM Secure Execution for Linux is available and has been enabled, otherwise does not exist -| | | **`tdx.enabled`** | bool | `true` if Intel TDX (Trusted Domain Extensions) is available on the host and has been enabled, otherwise does not exist -| | | **`tdx.total_keys`** | int | The total amount of keys an Intel TDX (Trusted Domain Extensions) host can provide. It's only present if `tdx.enabled` is `true`. -| | | **`tdx.protected`** | bool | `true` if a guest VM was started using Intel TDX (Trusted Domain Extensions), otherwise does not exist. -| | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist -| | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist -| | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist -| **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities -| | | **`bf.enabled`** | bool | `true` if Intel SST-BF (Intel Speed Select Technology - Base frequency) has been enabled, otherwise does not exist -| **`cpu.topology`** | attribute | | | CPU topology related features -| | | **`hardware_multithreading`** | bool | Hardware multithreading, such as Intel HTT, is enabled -| **`cpu.coprocessor`** | attribute | | | CPU Coprocessor related features -| | | **`nx_gzip`** | bool | Nest Accelerator GZIP support is enabled -| **`kernel.config`** | attribute | | | Kernel configuration options -| | | **``** | string | Value of the kconfig option -| **`kernel.loadedmodule`** | flag | | | Kernel modules loaded on the node as reported by `/proc/modules` -| **`kernel.enabledmodule`** | flag | | | Kernel modules loaded on the node and available as built-ins as reported by `modules.builtin` -| | | **`mod-name`** | | Kernel module `` is loaded -| **`kernel.selinux`** | attribute | | | Kernel SELinux related features -| | | **`enabled`** | bool | `true` if SELinux has been enabled and is in enforcing mode, otherwise `false` -| **`kernel.version`** | attribute | | | Kernel version information -| | | **`full`** | string | Full kernel version (e.g. ‘4.5.6-7-g123abcde') -| | | **`major`** | int | First component of the kernel version (e.g. ‘4') -| | | **`minor`** | int | Second component of the kernel version (e.g. ‘5') -| | | **`revision`** | int | Third component of the kernel version (e.g. ‘6') -| **`local.label`** | attribute | | | Labels from feature files and hooks, i.e. labels from the [*local* feature source](#local-feature-source) -| **`local.feature`** | attribute | | | Features from feature files and hooks, i.e. features from the [*local* feature source](#local-feature-source) -| | | **``** | string | Label `` created by the local feature source, value equals the value of the label -| **`memory.nv`** | instance | | | NVDIMM devices present in the system -| | | **``** | string | Value of the sysfs device attribute, available attributes: `devtype`, `mode` -| **`memory.numa`** | attribute | | | NUMA nodes -| | | **`is_numa`** | bool | `true` if NUMA architecture, `false` otherwise -| | | **`node_count`** | int | Number of NUMA nodes -| **`network.device`** | instance | | | Physical (non-virtual) network interfaces present in the system -| | | **`name`** | string | Name of the network interface -| | | **``** | string | Sysfs network interface attribute, available attributes: `operstate`, `speed`, `sriov_numvfs`, `sriov_totalvfs` -| **`pci.device`** | instance | | | PCI devices present in the system -| | | **``** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `subsystem_vendor`, `subsystem_device`, `sriov_totalvfs`, `iommu_group/type`, `iommu/intel-iommu/version` -| **`storage.device`** | instance | | | Block storage devices present in the system -| | | **`name`** | string | Name of the block device -| | | **``** | string | Sysfs network interface attribute, available attributes: `dax`, `rotational`, `nr_zones`, `zoned` -| **`system.osrelease`** | attribute | | | System identification data from `/etc/os-release` -| | | **``** | string | One parameter from `/etc/os-release` -| **`system.name`** | attribute | | | System name information -| | | **`nodename`** | string | Name of the kubernetes node object -| **`usb.device`** | instance | | | USB devices present in the system -| | | **``** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `serial` -| **`rule.matched`** | attribute | | | Previously matched rules -| | | **``** | string | Label or var from a preceding rule that matched +| Feature | [Feature type](#feature-types) | Elements | Value type | Description | +| ---------------- | ------------ | -------- | ---------- | ----------- | +| **`cpu.cpuid`** | flag | | | Supported CPU capabilities | +| | | **``** | | CPUID flag is present | +| **`cpu.cstate`** | attribute | | | Status of cstates in the intel_idle cpuidle driver | +| | | **`enabled`** | bool | 'true' if cstates are set, otherwise 'false'. Does not exist of intel_idle driver is not active. | +| **`cpu.model`** | attribute | | | CPU model related attributes | +| | | **`family`** | int | CPU family | +| | | **`vendor_id`** | string | CPU vendor ID | +| | | **`id`** | int | CPU model ID | +| **`cpu.pstate`** | attribute | | | State of the Intel pstate driver. Does not exist if the driver is not enabled. | +| | | **`status`** | string | Status of the driver, possible values are 'active' and 'passive' | +| | | **`turbo`** | bool | 'true' if turbo frequencies are enabled, otherwise 'false' | +| | | **`scaling`** | string | Active scaling_governor, possible values are 'powersave' or 'performance'. | +| **`cpu.rdt`** | attribute | | | Intel RDT capabilities supported by the system | +| | | **``** | | RDT capability is supported, see [RDT flags](#intel-rdt-flags) for details | +| | | **`RDTL3CA_NUM_CLOSID`** | int | The number or available CLOSID (Class of service ID) for Intel L3 Cache Allocation Technology | +| **`cpu.security`** | attribute | | | Features related to security and trusted execution environments | +| | | **`sgx.enabled`** | bool | `true` if Intel SGX (Software Guard Extensions) has been enabled, otherwise does not exist | +| | | **`sgx.epc`** | int | The total amount Intel SGX Encrypted Page Cache memory in bytes. It's only present if `sgx.enabled` is `true`. | +| | | **`se.enabled`** | bool | `true` if IBM Secure Execution for Linux is available and has been enabled, otherwise does not exist | +| | | **`tdx.enabled`** | bool | `true` if Intel TDX (Trusted Domain Extensions) is available on the host and has been enabled, otherwise does not exist | +| | | **`tdx.total_keys`** | int | The total amount of keys an Intel TDX (Trusted Domain Extensions) host can provide. It's only present if `tdx.enabled` is `true`. | +| | | **`tdx.protected`** | bool | `true` if a guest VM was started using Intel TDX (Trusted Domain Extensions), otherwise does not exist. | +| | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist | +| | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist | +| | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist | +| **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities | +| | | **`bf.enabled`** | bool | `true` if Intel SST-BF (Intel Speed Select Technology - Base frequency) has been enabled, otherwise does not exist | +| **`cpu.topology`** | attribute | | | CPU topology related features | +| | | **`hardware_multithreading`** | bool | Hardware multithreading, such as Intel HTT, is enabled | +| **`cpu.coprocessor`** | attribute | | | CPU Coprocessor related features | +| | | **`nx_gzip`** | bool | Nest Accelerator GZIP support is enabled | +| **`kernel.config`** | attribute | | | Kernel configuration options | +| | | **``** | string | Value of the kconfig option | +| **`kernel.loadedmodule`** | flag | | | Kernel modules loaded on the node as reported by `/proc/modules` | +| **`kernel.enabledmodule`** | flag | | | Kernel modules loaded on the node and available as built-ins as reported by `modules.builtin` | +| | | **`mod-name`** | | Kernel module `` is loaded | +| **`kernel.selinux`** | attribute | | | Kernel SELinux related features | +| | | **`enabled`** | bool | `true` if SELinux has been enabled and is in enforcing mode, otherwise `false` | +| **`kernel.version`** | attribute | | | Kernel version information | +| | | **`full`** | string | Full kernel version (e.g. ‘4.5.6-7-g123abcde') | +| | | **`major`** | int | First component of the kernel version (e.g. ‘4') | +| | | **`minor`** | int | Second component of the kernel version (e.g. ‘5') | +| | | **`revision`** | int | Third component of the kernel version (e.g. ‘6') | +| **`local.label`** | attribute | | | Labels from feature files and hooks, i.e. labels from the [*local* feature source](#local-feature-source) | +| **`local.feature`** | attribute | | | Features from feature files and hooks, i.e. features from the [*local* feature source](#local-feature-source) | +| | | **``** | string | Label `` created by the local feature source, value equals the value of the label | +| **`memory.nv`** | instance | | | NVDIMM devices present in the system | +| | | **``** | string | Value of the sysfs device attribute, available attributes: `devtype`, `mode` | +| **`memory.numa`** | attribute | | | NUMA nodes | +| | | **`is_numa`** | bool | `true` if NUMA architecture, `false` otherwise | +| | | **`node_count`** | int | Number of NUMA nodes | +| **`network.device`** | instance | | | Physical (non-virtual) network interfaces present in the system | +| | | **`name`** | string | Name of the network interface | +| | | **``** | string | Sysfs network interface attribute, available attributes: `operstate`, `speed`, `sriov_numvfs`, `sriov_totalvfs` | +| **`pci.device`** | instance | | | PCI devices present in the system | +| | | **``** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `subsystem_vendor`, `subsystem_device`, `sriov_totalvfs`, `iommu_group/type`, `iommu/intel-iommu/version` | +| **`storage.device`** | instance | | | Block storage devices present in the system | +| | | **`name`** | string | Name of the block device | +| | | **``** | string | Sysfs network interface attribute, available attributes: `dax`, `rotational`, `nr_zones`, `zoned` | +| **`system.osrelease`** | attribute | | | System identification data from `/etc/os-release` | +| | | **``** | string | One parameter from `/etc/os-release` | +| **`system.name`** | attribute | | | System name information | +| | | **`nodename`** | string | Name of the kubernetes node object | +| **`usb.device`** | instance | | | USB devices present in the system | +| | | **``** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `serial` | +| **`rule.matched`** | attribute | | | Previously matched rules | +| | | **``** | string | Label or var from a preceding rule that matched | #### Intel RDT flags | Flag | Description | | --------- | ---------------------------------------------------------------- | -| RDTMON | Intel RDT Monitoring Technology -| RDTCMT | Intel Cache Monitoring (CMT) -| RDTMBM | Intel Memory Bandwidth Monitoring (MBM) -| RDTL3CA | Intel L3 Cache Allocation Technology -| RDTl2CA | Intel L2 Cache Allocation Technology -| RDTMBA | Intel Memory Bandwidth Allocation (MBA) Technology +| RDTMON | Intel RDT Monitoring Technology | +| RDTCMT | Intel Cache Monitoring (CMT) | +| RDTMBM | Intel Memory Bandwidth Monitoring (MBM) | +| RDTL3CA | Intel L3 Cache Allocation Technology | +| RDTl2CA | Intel L2 Cache Allocation Technology | +| RDTMBA | Intel Memory Bandwidth Allocation (MBA) Technology | ### Templating diff --git a/docs/usage/features.md b/docs/usage/features.md index 936202e5f..d42044bf2 100644 --- a/docs/usage/features.md +++ b/docs/usage/features.md @@ -44,29 +44,29 @@ feature.node.kubernetes.io/ = ### CPU -| Feature name | Value | Description -| ----------------------- | ------------ | ----------- -| **`cpu-cpuid.`** | true | CPU capability is supported. **NOTE:** the capability might be supported but not enabled. -| **`cpu-hardware_multithreading`** | true | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) -| **`cpu-coprocessor.nx_gzip`** | true | Nest Accelerator for GZIP is supported(Power). -| **`cpu-power.sst_bf.enabled`** | true | Intel SST-BF ([Intel Speed Select Technology][intel-sst] - Base frequency) enabled -| **`cpu-pstate.status`** | string | The status of the [Intel pstate][intel-pstate] driver when in use and enabled, either 'active' or 'passive'. -| **`cpu-pstate.turbo`** | bool | Set to 'true' if turbo frequencies are enabled in Intel pstate driver, set to 'false' if they have been disabled. -| **`cpu-pstate.scaling_governor`** | string | The value of the Intel pstate scaling_governor when in use, either 'powersave' or 'performance'. -| **`cpu-cstate.enabled`** | bool | Set to 'true' if cstates are set in the intel_idle driver, otherwise set to 'false'. Unset if intel_idle cpuidle driver is not active. -| **`cpu-rdt.`** | true | **DEPRECATED** [Intel RDT][intel-rdt] capability is supported. See [RDT flags](customization-guide.md#intel-rdt-flags) for details. -| **`cpu-security.sgx.enabled`** | true | Set to 'true' if Intel SGX is enabled in BIOS (based on a non-zero sum value of SGX EPC section sizes). -| **`cpu-security.se.enabled`** | true | Set to 'true' if IBM Secure Execution for Linux (IBM Z & LinuxONE) is available and enabled (requires `/sys/firmware/uv/prot_virt_host` facility) -| **`cpu-security.tdx.enabled`** | true | Set to 'true' if Intel TDX is available on the host and has been enabled (requires `/sys/module/kvm_intel/parameters/tdx`). -| **`cpu-security.tdx.protected`** | true | Set to 'true' if Intel TDX was used to start the guest node, based on the existence of the "TDX_GUEST" information as part of cpuid features. -| **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`). -| **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`). -| **`cpu-security.sev.snp.enabled`**| true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`). -| **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information. -| **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information. -| **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID. -| **`cpu-model.family`** | int | CPU family. -| **`cpu-model.id`** | int | CPU model number. +| Feature name | Value | Description | +| ----------------------------------- | ------ | --------------------------------------------------------------------------- | +| **`cpu-cpuid.`** | true | CPU capability is supported. **NOTE:** the capability might be supported but not enabled. | +| **`cpu-hardware_multithreading`** | true | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) | +| **`cpu-coprocessor.nx_gzip`** | true | Nest Accelerator for GZIP is supported(Power). | +| **`cpu-power.sst_bf.enabled`** | true | Intel SST-BF ([Intel Speed Select Technology][intel-sst] - Base frequency) enabled | +| **`cpu-pstate.status`** | string | The status of the [Intel pstate][intel-pstate] driver when in use and enabled, either 'active' or 'passive'. | +| **`cpu-pstate.turbo`** | bool | Set to 'true' if turbo frequencies are enabled in Intel pstate driver, set to 'false' if they have been disabled. | +| **`cpu-pstate.scaling_governor`** | string | The value of the Intel pstate scaling_governor when in use, either 'powersave' or 'performance'. | +| **`cpu-cstate.enabled`** | bool | Set to 'true' if cstates are set in the intel_idle driver, otherwise set to 'false'. Unset if intel_idle cpuidle driver is not active. | +| **`cpu-rdt.`** | true | **DEPRECATED** [Intel RDT][intel-rdt] capability is supported. See [RDT flags](customization-guide.md#intel-rdt-flags) for details. | +| **`cpu-security.sgx.enabled`** | true | Set to 'true' if Intel SGX is enabled in BIOS (based on a non-zero sum value of SGX EPC section sizes). | +| **`cpu-security.se.enabled`** | true | Set to 'true' if IBM Secure Execution for Linux (IBM Z & LinuxONE) is available and enabled (requires `/sys/firmware/uv/prot_virt_host` facility) | +| **`cpu-security.tdx.enabled`** | true | Set to 'true' if Intel TDX is available on the host and has been enabled (requires `/sys/module/kvm_intel/parameters/tdx`). | +| **`cpu-security.tdx.protected`** | true | Set to 'true' if Intel TDX was used to start the guest node, based on the existence of the "TDX_GUEST" information as part of cpuid features. | +| **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`). | +| **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`). | +| **`cpu-security.sev.snp.enabled`** | true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`). | +| **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information. | +| **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information. | +| **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID. | +| **`cpu-model.family`** | int | CPU family. | +| **`cpu-model.id`** | int | CPU model number. | > **NOTE:** the `cpu-rdt.` labels are deprecated and will be removed > in a future release. They will remain to be available as features @@ -83,43 +83,43 @@ configuration options for details. | Flag | Description | | ------------------ | ------------------------------------------------------- | -| ADX | Multi-Precision Add-Carry Instruction Extensions (ADX) -| AESNI | Advanced Encryption Standard (AES) New Instructions (AES-NI) -| AVX | Advanced Vector Extensions (AVX) -| AVX2 | Advanced Vector Extensions 2 (AVX2) -| AVXVNNI | AVX (VEX encoded) VNNI neural network instructions -| AMXBF16 | Advanced Matrix Extension, tile multiplication operations on BFLOAT16 numbers -| AMXINT8 | Advanced Matrix Extension, tile multiplication operations on 8-bit integers -| AMXFP16 | Advanced Matrix Extension, tile multiplication operations on FP16 numbers -| AMXTILE | Advanced Matrix Extension, base tile architecture support -| AVX512BF16 | AVX-512 BFLOAT16 instructions -| AVX512BITALG | AVX-512 bit Algorithms -| AVX512BW | AVX-512 byte and word Instructions -| AVX512CD | AVX-512 conflict detection instructions -| AVX512DQ | AVX-512 doubleword and quadword instructions -| AVX512ER | AVX-512 exponential and reciprocal instructions -| AVX512F | AVX-512 foundation -| AVX512FP16 | AVX-512 FP16 instructions -| AVX512IFMA | AVX-512 integer fused multiply-add instructions -| AVX512PF | AVX-512 prefetch instructions -| AVX512VBMI | AVX-512 vector bit manipulation instructions -| AVX512VBMI2 | AVX-512 vector bit manipulation instructions, version 2 -| AVX512VL | AVX-512 vector length extensions -| AVX512VNNI | AVX-512 vector neural network instructions -| AVX512VP2INTERSECT | AVX-512 intersect for D/Q -| AVX512VPOPCNTDQ | AVX-512 vector population count doubleword and quadword -| AVXIFMA | AVX-IFMA instructions -| AVXNECONVERT | AVX-NE-CONVERT instructions -| AVXVNNIINT8 | AVX-VNNI-INT8 instructions -| CMPCCXADD | CMPCCXADD instructions -| ENQCMD | Enqueue Command -| GFNI | Galois Field New Instructions -| HYPERVISOR | Running under hypervisor -| MSRLIST | Read/Write List of Model Specific Registers -| PREFETCHI | PREFETCHIT0/1 instructions -| VAES | AVX-512 vector AES instructions -| VPCLMULQDQ | Carry-less multiplication quadword -| WRMSRNS | Non-Serializing Write to Model Specific Register +| ADX | Multi-Precision Add-Carry Instruction Extensions (ADX) | +| AESNI | Advanced Encryption Standard (AES) New Instructions (AES-NI) | +| AVX | Advanced Vector Extensions (AVX) | +| AVX2 | Advanced Vector Extensions 2 (AVX2) | +| AVXVNNI | AVX (VEX encoded) VNNI neural network instructions | +| AMXBF16 | Advanced Matrix Extension, tile multiplication operations on BFLOAT16 numbers | +| AMXINT8 | Advanced Matrix Extension, tile multiplication operations on 8-bit integers | +| AMXFP16 | Advanced Matrix Extension, tile multiplication operations on FP16 numbers | +| AMXTILE | Advanced Matrix Extension, base tile architecture support | +| AVX512BF16 | AVX-512 BFLOAT16 instructions | +| AVX512BITALG | AVX-512 bit Algorithms | +| AVX512BW | AVX-512 byte and word Instructions | +| AVX512CD | AVX-512 conflict detection instructions | +| AVX512DQ | AVX-512 doubleword and quadword instructions | +| AVX512ER | AVX-512 exponential and reciprocal instructions | +| AVX512F | AVX-512 foundation | +| AVX512FP16 | AVX-512 FP16 instructions | +| AVX512IFMA | AVX-512 integer fused multiply-add instructions | +| AVX512PF | AVX-512 prefetch instructions | +| AVX512VBMI | AVX-512 vector bit manipulation instructions | +| AVX512VBMI2 | AVX-512 vector bit manipulation instructions, version 2 | +| AVX512VL | AVX-512 vector length extensions | +| AVX512VNNI | AVX-512 vector neural network instructions | +| AVX512VP2INTERSECT | AVX-512 intersect for D/Q | +| AVX512VPOPCNTDQ | AVX-512 vector population count doubleword and quadword | +| AVXIFMA | AVX-IFMA instructions | +| AVXNECONVERT | AVX-NE-CONVERT instructions | +| AVXVNNIINT8 | AVX-VNNI-INT8 instructions | +| CMPCCXADD | CMPCCXADD instructions | +| ENQCMD | Enqueue Command | +| GFNI | Galois Field New Instructions | +| HYPERVISOR | Running under hypervisor | +| MSRLIST | Read/Write List of Model Specific Registers | +| PREFETCHI | PREFETCHIT0/1 instructions | +| VAES | AVX-512 vector AES instructions | +| VPCLMULQDQ | Carry-less multiplication quadword | +| WRMSRNS | Non-Serializing Write to Model Specific Register | By default, the following CPUID flags have been blacklisted: BMI1, BMI2, CLMUL, CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT, RDRAND, RDSEED, @@ -133,43 +133,43 @@ See the full list in [github.com/klauspost/cpuid][klauspost-cpuid]. | Flag | Description | | --------- | ---------------------------------------------------------------- | -| IDIVA | Integer divide instructions available in ARM mode -| IDIVT | Integer divide instructions available in Thumb mode -| THUMB | Thumb instructions -| FASTMUL | Fast multiplication -| VFP | Vector floating point instruction extension (VFP) -| VFPv3 | Vector floating point extension v3 -| VFPv4 | Vector floating point extension v4 -| VFPD32 | VFP with 32 D-registers -| HALF | Half-word loads and stores -| EDSP | DSP extensions -| NEON | NEON SIMD instructions -| LPAE | Large Physical Address Extensions +| IDIVA | Integer divide instructions available in ARM mode | +| IDIVT | Integer divide instructions available in Thumb mode | +| THUMB | Thumb instructions | +| FASTMUL | Fast multiplication | +| VFP | Vector floating point instruction extension (VFP) | +| VFPv3 | Vector floating point extension v3 | +| VFPv4 | Vector floating point extension v4 | +| VFPD32 | VFP with 32 D-registers | +| HALF | Half-word loads and stores | +| EDSP | DSP extensions | +| NEON | NEON SIMD instructions | +| LPAE | Large Physical Address Extensions | #### Arm64 CPUID flags (partial list) | Flag | Description | | --------- | ---------------------------------------------------------------- | -| AES | Announcing the Advanced Encryption Standard -| EVSTRM | Event Stream Frequency Features -| FPHP | Half Precision(16bit) Floating Point Data Processing Instructions -| ASIMDHP | Half Precision(16bit) Asimd Data Processing Instructions -| ATOMICS | Atomic Instructions to the A64 -| ASIMRDM | Support for Rounding Double Multiply Add/Subtract -| PMULL | Optional Cryptographic and CRC32 Instructions -| JSCVT | Perform Conversion to Match Javascript -| DCPOP | Persistent Memory Support +| AES | Announcing the Advanced Encryption Standard | +| EVSTRM | Event Stream Frequency Features | +| FPHP | Half Precision(16bit) Floating Point Data Processing Instructions | +| ASIMDHP | Half Precision(16bit) Asimd Data Processing Instructions | +| ATOMICS | Atomic Instructions to the A64 | +| ASIMRDM | Support for Rounding Double Multiply Add/Subtract | +| PMULL | Optional Cryptographic and CRC32 Instructions | +| JSCVT | Perform Conversion to Match Javascript | +| DCPOP | Persistent Memory Support | ### Kernel -| Feature | Value | Description -| ------- | ------ | ----------- -| **`kernel-config.