1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00

Make mdlint v0.13 happy

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
This commit is contained in:
Carlos Eduardo Arango Gutierrez 2023-10-25 21:12:47 +02:00
parent 9de8f67e59
commit 150c394374
No known key found for this signature in database
GPG key ID: 42D9CB42F300A852
7 changed files with 339 additions and 334 deletions

View file

@ -91,19 +91,19 @@ We have introduced the following Chart parameters.
### General parameters ### General parameters
| Name | Type | Default | description | | Name | Type | Default | Description |
| ---- | ---- | ------- | ----------- | | --------------------- | ------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| `image.repository` | string | `{{ site.container_image | split: ":" | first }}` | NFD image repository | | `image.repository` | string | `{{ site.container_image \| split: ":" \| first }}` | NFD image repository |
| `image.tag` | string | `{{ site.release }}` | NFD image tag | | `image.tag` | string | `{{ site.release }}` | NFD image tag |
| `image.pullPolicy` | string | `Always` | Image pull policy | | `image.pullPolicy` | string | `Always` | Image pull policy |
| `imagePullSecrets` | list | [] | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. [More info](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod) | | `imagePullSecrets` | list | [] | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. [More info](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod) |
| `nameOverride` | string | | Override the name of the chart | | `nameOverride` | string | | Override the name of the chart |
| `fullnameOverride` | string | | Override a default fully qualified app name | | `fullnameOverride` | string | | Override a default fully qualified app name |
| `tls.enable` | bool | false | Specifies whether to use TLS for communications between components. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `tls.enable` | bool | false | Specifies whether to use TLS for communications between components. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `enableNodeFeatureApi` | bool | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `enableNodeFeatureApi`| bool | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `prometheus.enable` | bool | false | Specifies whether to expose metrics using prometheus operator | | `prometheus.enable` | bool | false | Specifies whether to expose metrics using prometheus operator |
| `prometheus.labels` | dict | {} | Specifies labels for use with the prometheus operator to control how it is selected | | `prometheus.labels` | dict | {} | Specifies labels for use with the prometheus operator to control how it is selected |
Metrics are configured to be exposed using prometheus operator API's by Metrics are configured to be exposed using prometheus operator API's by
default. If you want to expose metrics using the prometheus operator default. If you want to expose metrics using the prometheus operator
@ -115,54 +115,54 @@ API's you need to install the prometheus operator in your cluster.
|-----------------------------|---------|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| |-----------------------------|---------|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
| `master.*` | dict | | NFD master deployment configuration | | `master.*` | dict | | NFD master deployment configuration |
| `master.enable` | bool | true | Specifies whether nfd-master should be deployed | | `master.enable` | bool | true | Specifies whether nfd-master should be deployed |
| `master.port` | integer | | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `master.port` | integer | | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `master.metricsPort` | integer | 8081 | Port on which to expose metrics from components to prometheus operator | | `master.metricsPort` | integer | 8081 | Port on which to expose metrics from components to prometheus operator |
| `master.instance` | string | | Instance name. Used to separate annotation namespaces for multiple parallel deployments | | `master.instance` | string | | Instance name. Used to separate annotation namespaces for multiple parallel deployments |
| `master.resyncPeriod` | string | | NFD API controller resync period. | | `master.resyncPeriod` | string | | NFD API controller resync period. |
| `master.extraLabelNs` | array | [] | List of allowed extra label namespaces | | `master.extraLabelNs` | array | [] | List of allowed extra label namespaces |
| `master.resourceLabels` | array | [] | List of labels to be registered as extended resources | | `master.resourceLabels` | array | [] | List of labels to be registered as extended resources |
| `master.enableTaints` | bool | false | Specifies whether to enable or disable node tainting | | `master.enableTaints` | bool | false | Specifies whether to enable or disable node tainting |
| `master.crdController` | bool | null | Specifies whether the NFD CRD API controller is enabled. If not set, controller will be enabled if `master.instance` is empty. | | `master.crdController` | bool | null | Specifies whether the NFD CRD API controller is enabled. If not set, controller will be enabled if `master.instance` is empty. |
| `master.featureRulesController` | bool | null | DEPRECATED: use `master.crdController` instead | | `master.featureRulesController` | bool | null | DEPRECATED: use `master.crdController` instead |
| `master.replicaCount` | integer | 1 | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified | | `master.replicaCount` | integer | 1 | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified |
| `master.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | | `master.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `master.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)| | `master.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| `master.serviceAccount.create` | bool | true | Specifies whether a service account should be created | `master.serviceAccount.create` | bool | true | Specifies whether a service account should be created |
| `master.serviceAccount.annotations` | dict | {} | Annotations to add to the service account | `master.serviceAccount.annotations` | dict | {} | Annotations to add to the service account |
| `master.serviceAccount.name` | string | | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `master.serviceAccount.name` | string | | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| `master.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-master | `master.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-master |
| `master.service.type` | string | ClusterIP | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `master.service.type` | string | ClusterIP | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `master.service.port` | integer | 8080 | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `master.service.port` | integer | 8080 | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
| `master.resources` | dict | {} | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | `master.resources` | dict | {} | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `master.nodeSelector` | dict | {} | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | | `master.nodeSelector` | dict | {} | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `master.tolerations` | dict | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | `master.tolerations` | dict | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `master.annotations` | dict | {} | NFD master pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `master.annotations` | dict | {} | NFD master pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `master.affinity` | dict | | NFD master pod required [node affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | | `master.affinity` | dict | | NFD master pod required [node affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
| `master.deploymentAnnotations` | dict | {} | NFD master deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `master.deploymentAnnotations` | dict | {} | NFD master deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `master.nfdApiParallelism` | integer | 10 | Specifies the maximum number of concurrent node updates. | | `master.nfdApiParallelism` | integer | 10 | Specifies the maximum number of concurrent node updates. |
| `master.config` | dict | | NFD master [configuration](../reference/master-configuration-reference) | | `master.config` | dict | | NFD master [configuration](../reference/master-configuration-reference) |
### Worker pod parameters ### Worker pod parameters
| Name | Type | Default | description | | Name | Type | Default | description |
| ---- | ---- | ------- | ----------- | | --------------------------------- | ------ | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `worker.*` | dict | | NFD worker daemonset configuration | | `worker.*` | dict | | NFD worker daemonset configuration |
| `worker.enable` | bool | true | Specifies whether nfd-worker should be deployed | | `worker.enable` | bool | true | Specifies whether nfd-worker should be deployed |
| `worker.metricsPort*` | integer | 8081 | Port on which to expose metrics from components to prometheus operator | | `worker.metricsPort*` | int | 8081 | Port on which to expose metrics from components to prometheus operator |
| `worker.config` | dict | | NFD worker [configuration](../reference/worker-configuration-reference) | | `worker.config` | dict | | NFD worker [configuration](../reference/worker-configuration-reference) |
| `worker.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | | `worker.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `worker.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | `worker.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| `worker.serviceAccount.create` | bool | true | Specifies whether a service account for nfd-worker should be created | `worker.serviceAccount.create` | bool | true | Specifies whether a service account for nfd-worker should be created |
| `worker.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for nfd-worker | `worker.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for nfd-worker |
| `worker.serviceAccount.name` | string | | The name of the service account to use for nfd-worker. If not set and create is true, a name is generated using the fullname template (suffixed with `-worker`) | `worker.serviceAccount.name` | string | | The name of the service account to use for nfd-worker. If not set and create is true, a name is generated using the fullname template (suffixed with `-worker`) |
| `worker.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-worker | `worker.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-worker |
| `worker.mountUsrSrc` | bool | false | Specifies whether to allow users to mount the hostpath /user/src. Does not work on systems without /usr/src AND a read-only /usr | | `worker.mountUsrSrc` | bool | false | Specifies whether to allow users to mount the hostpath /user/src. Does not work on systems without /usr/src AND a read-only /usr |
| `worker.resources` | dict | {} | NFD worker pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | `worker.resources` | dict | {} | NFD worker pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `worker.nodeSelector` | dict | {} | NFD worker pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | | `worker.nodeSelector` | dict | {} | NFD worker pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `worker.tolerations` | dict | {} | NFD worker pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | `worker.tolerations` | dict | {} | NFD worker pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `worker.priorityClassName` | string | | NFD worker pod [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | | `worker.priorityClassName` | string | | NFD worker pod [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) |
| `worker.annotations` | dict | {} | NFD worker pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `worker.annotations` | dict | {} | NFD worker pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `worker.daemonsetAnnotations` | dict | {} | NFD worker daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `worker.daemonsetAnnotations` | dict | {} | NFD worker daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
### Topology updater parameters ### Topology updater parameters
@ -172,45 +172,45 @@ API's you need to install the prometheus operator in your cluster.
| `topologyUpdater.enable` | bool | false | Specifies whether the NFD Topology Updater should be created | | `topologyUpdater.enable` | bool | false | Specifies whether the NFD Topology Updater should be created |
| `topologyUpdater.createCRDs` | bool | false | Specifies whether the NFD Topology Updater CRDs should be created | | `topologyUpdater.createCRDs` | bool | false | Specifies whether the NFD Topology Updater CRDs should be created |
| `topologyUpdater.serviceAccount.create` | bool | true | Specifies whether the service account for topology updater should be created | | `topologyUpdater.serviceAccount.create` | bool | true | Specifies whether the service account for topology updater should be created |
| `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater | | `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater |
| `topologyUpdater.serviceAccount.name` | string | | The name of the service account for topology updater to use. If not set and create is true, a name is generated using the fullname template and `-topology-updater` suffix | | `topologyUpdater.serviceAccount.name` | string | | The name of the service account for topology updater to use. If not set and create is true, a name is generated using the fullname template and `-topology-updater` suffix |
| `topologyUpdater.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology updater | | `topologyUpdater.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology updater |
| `topologyUpdater.metricsPort` | integer | 8081 | Port on which to expose prometheus metrics | | `topologyUpdater.metricsPort` | integer | 8081 | Port on which to expose prometheus metrics |
| `topologyUpdater.kubeletConfigPath` | string | "" | Specifies the kubelet config host path | | `topologyUpdater.kubeletConfigPath` | string | "" | Specifies the kubelet config host path |
| `topologyUpdater.kubeletPodResourcesSockPath` | string | "" | Specifies the kubelet sock path to read pod resources | | `topologyUpdater.kubeletPodResourcesSockPath` | string | "" | Specifies the kubelet sock path to read pod resources |
| `topologyUpdater.updateInterval` | string | 60s | Time to sleep between CR updates. Non-positive value implies no CR update. | | `topologyUpdater.updateInterval` | string | 60s | Time to sleep between CR updates. Non-positive value implies no CR update. |
| `topologyUpdater.watchNamespace` | string | `*` | Namespace to watch pods, `*` for all namespaces | | `topologyUpdater.watchNamespace` | string | `*` | Namespace to watch pods, `*` for all namespaces |
| `topologyUpdater.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | | `topologyUpdater.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `topologyUpdater.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | `topologyUpdater.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| `topologyUpdater.resources` | dict | {} | Topology updater pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | `topologyUpdater.resources` | dict | {} | Topology updater pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `topologyUpdater.nodeSelector` | dict | {} | Topology updater pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | | `topologyUpdater.nodeSelector` | dict | {} | Topology updater pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `topologyUpdater.tolerations` | dict | {} | Topology updater pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | `topologyUpdater.tolerations` | dict | {} | Topology updater pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `topologyUpdater.annotations` | dict | {} | Topology updater pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `topologyUpdater.annotations` | dict | {} | Topology updater pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `topologyUpdater.daemonsetAnnotations` | dict | {} | Topology updater daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `topologyUpdater.daemonsetAnnotations` | dict | {} | Topology updater daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `topologyUpdater.affinity` | dict | {} | Topology updater pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | | `topologyUpdater.affinity` | dict | {} | Topology updater pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
| `topologyUpdater.config` | dict | | [configuration](../reference/topology-updater-configuration-reference) | | `topologyUpdater.config` | dict | | [configuration](../reference/topology-updater-configuration-reference) |
| `topologyUpdater.podSetFingerprint` | bool | false | Enables compute and report of pod fingerprint in NRT objects. | | `topologyUpdater.podSetFingerprint` | bool | false | Enables compute and report of pod fingerprint in NRT objects. |
| `topologyUpdater.kubeletStateDir` | string | /var/lib/kubelet | Specifies kubelet state directory path for watching state and checkpoint files. Empty value disables kubelet state tracking. | | `topologyUpdater.kubeletStateDir` | string | /var/lib/kubelet | Specifies kubelet state directory path for watching state and checkpoint files. Empty value disables kubelet state tracking. |
### Garbage collector parameters ### Garbage collector parameters
| Name | Type | Default | description | | Name | Type | Default | description |
|---------------------------------------|--------|---------|-------------------- |---------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------|
| `gc.*` | dict | | NFD Garbage Collector configuration | `gc.*` | dict | | NFD Garbage Collector configuration |
| `gc.enable` | bool | true | Specifies whether the NFD Garbage Collector should be created | `gc.enable` | bool | true | Specifies whether the NFD Garbage Collector should be created |
| `gc.serviceAccount.create` | bool | true | Specifies whether the service account for garbage collector should be created | `gc.serviceAccount.create` | bool | true | Specifies whether the service account for garbage collector should be created |
| `gc.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for garbage collector | `gc.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for garbage collector |
| `gc.serviceAccount.name` | string | | The name of the service account for garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-gc` suffix | `gc.serviceAccount.name` | string | | The name of the service account for garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-gc` suffix |
| `gc.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for garbage collector | `gc.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for garbage collector |
| `gc.interval` | string | 1h | Time between periodic garbage collector runs | `gc.interval` | string | 1h | Time between periodic garbage collector runs |
| `gc.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | `gc.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings |
| `gc.resources` | dict | {} | Garbage collector pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | `gc.resources` | dict | {} | Garbage collector pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| `gc.metricsPort` | integer | 8081 | Port on which to serve Prometheus metrics | `gc.metricsPort` | integer | 8081 | Port on which to serve Prometheus metrics |
| `gc.nodeSelector` | dict | {} | Garbage collector pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `gc.nodeSelector` | dict | {} | Garbage collector pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
| `gc.tolerations` | dict | {} | Garbage collector pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | `gc.tolerations` | dict | {} | Garbage collector pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| `gc.annotations` | dict | {} | Garbage collector pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `gc.annotations` | dict | {} | Garbage collector pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `gc.deploymentAnnotations` | dict | {} | Garbage collector deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `gc.deploymentAnnotations` | dict | {} | Garbage collector deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) |
| `gc.affinity` | dict | {} | Garbage collector pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | `gc.affinity` | dict | {} | Garbage collector pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
<!-- Links --> <!-- Links -->
[rbac]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ [rbac]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/

View file

@ -13,24 +13,24 @@ By default NFD Master and Worker expose metrics on port 8081.
The exposed metrics are The exposed metrics are
| Metric | Type | Description | Metric | Type | Description |
| ------------------------------------------------- | --------- | --------------------------------------- | ------------------------------------------------- | --------- | ------------------------------------------------------- |
| `nfd_master_build_info` | Gauge | Version from which nfd-master was built | `nfd_master_build_info` | Gauge | Version from which nfd-master was built |
| `nfd_worker_build_info` | Gauge | Version from which nfd-worker was built | `nfd_worker_build_info` | Gauge | Version from which nfd-worker was built |
| `nfd_gc_build_info` | Gauge | Version from which nfd-gc was built | `nfd_gc_build_info` | Gauge | Version from which nfd-gc was built |
| `nfd_topology_updater_build_info` | Gauge | Version from which nfd-topology-updater was built | `nfd_topology_updater_build_info` | Gauge | Version from which nfd-topology-updater was built |
| `nfd_node_update_requests_total` | Counter | Number of node update requests received by the master over gRPC | `nfd_node_update_requests_total` | Counter | Number of node update requests received by the master over gRPC |
| `nfd_node_updates_total` | Counter | Number of nodes updated | `nfd_node_updates_total` | Counter | Number of nodes updated |
| `nfd_node_update_failures_total` | Counter | Number of nodes update failures | `nfd_node_update_failures_total` | Counter | Number of nodes update failures |
| `nfd_node_labels_rejected_total` | Counter | Number of nodes labels rejected by nfd-master | `nfd_node_labels_rejected_total` | Counter | Number of nodes labels rejected by nfd-master |
| `nfd_node_extendedresources_rejected_total` | Counter | Number of nodes extended resources rejected by nfd-master | `nfd_node_extendedresources_rejected_total` | Counter | Number of nodes extended resources rejected by nfd-master |
| `nfd_node_taints_rejected_total` | Counter | Number of nodes taints rejected by nfd-master | `nfd_node_taints_rejected_total` | Counter | Number of nodes taints rejected by nfd-master |
| `nfd_nodefeaturerule_processing_duration_seconds` | Histogram | Time taken to process NodeFeatureRule objects | `nfd_nodefeaturerule_processing_duration_seconds` | Histogram | Time taken to process NodeFeatureRule objects |
| `nfd_nodefeaturerule_processing_errors_total` | Counter | Number or errors encountered while processing NodeFeatureRule objects | `nfd_nodefeaturerule_processing_errors_total` | Counter | Number or errors encountered while processing NodeFeatureRule objects |
| `nfd_feature_discovery_duration_seconds` | Histogram | Time taken to discover features on a node | `nfd_feature_discovery_duration_seconds` | Histogram | Time taken to discover features on a node |
| `nfd_topology_updater_scan_errors_total` | Counter | Number of errors in scanning resource allocation of pods. | `nfd_topology_updater_scan_errors_total` | Counter | Number of errors in scanning resource allocation of pods. |
| `nfd_gc_objects_deleted_total` | Counter | Number of NodeFeature and NodeResourceTopology objects garbage collected. | `nfd_gc_objects_deleted_total` | Counter | Number of NodeFeature and NodeResourceTopology objects garbage collected. |
| `nfd_gc_object_delete_failures_total` | Counter | Number of errors in deleting NodeFeature and NodeResourceTopology objects. | `nfd_gc_object_delete_failures_total` | Counter | Number of errors in deleting NodeFeature and NodeResourceTopology objects. |
## Kustomize ## Kustomize

View file

@ -110,22 +110,22 @@ name of the resulting container image. The following are targeted targeted for
build customization and they can be specified via environment variables or build customization and they can be specified via environment variables or
makefile overrides. makefile overrides.
| Variable | Description | Default value | Variable | Description | Default value |
| -------------------------- | ----------------------------------------------------------------- | ----------- | | -------------------------- | ----------------------------------------------------------------- | ------------- |
| HOSTMOUNT_PREFIX | Prefix of system directories for feature discovery (local builds) | / (*local builds*) /host- (*container builds*) | HOSTMOUNT_PREFIX | Prefix of system directories for feature discovery (local builds) | / (*local builds*) /host- (*container builds*) |
| IMAGE_BUILD_CMD | Command to build the image | docker build | IMAGE_BUILD_CMD | Command to build the image | docker build |
| IMAGE_BUILD_EXTRA_OPTS | Extra options to pass to build command | *empty* | IMAGE_BUILD_EXTRA_OPTS | Extra options to pass to build command | *empty* |
| IMAGE_BUILDX_CMD | Command to build and push multi-arch images with buildx | DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --platform=${IMAGE_ALL_PLATFORMS} --progress=auto --pull | IMAGE_BUILDX_CMD | Command to build and push multi-arch images with buildx | DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --platform=${IMAGE_ALL_PLATFORMS} --progress=auto --pull |
| IMAGE_ALL_PLATFORMS | Comma separated list of OS/ARCH tuples for mulit-arch builds | linux/amd64,linux/arm64 | IMAGE_ALL_PLATFORMS | Comma separated list of OS/ARCH tuples for mulit-arch builds | linux/amd64,linux/arm64 |
| IMAGE_PUSH_CMD | Command to push the image to remote registry | docker push | IMAGE_PUSH_CMD | Command to push the image to remote registry | docker push |
| IMAGE_REGISTRY | Container image registry to use | registry.k8s.io/nfd | IMAGE_REGISTRY | Container image registry to use | registry.k8s.io/nfd |
| IMAGE_TAG_NAME | Container image tag name | &lt;nfd version&gt; | IMAGE_TAG_NAME | Container image tag name | &lt;nfd version&gt; |
| IMAGE_EXTRA_TAG_NAMES | Additional container image tag(s) to create when building image | *empty* | IMAGE_EXTRA_TAG_NAMES | Additional container image tag(s) to create when building image | *empty* |
| K8S_NAMESPACE | nfd-master and nfd-worker namespace | node-feature-discovery | K8S_NAMESPACE | nfd-master and nfd-worker namespace | node-feature-discovery |
| KUBECONFIG | Kubeconfig for running e2e-tests | *empty* | KUBECONFIG | Kubeconfig for running e2e-tests | *empty* |
| E2E_TEST_CONFIG | Parameterization file of e2e-tests (see [example][e2e-config-sample]) | *empty* | E2E_TEST_CONFIG | Parameterization file of e2e-tests (see [example][e2e-config-sample]) | *empty* |
| E2E_PULL_IF_NOT_PRESENT | True-ish value makes the image pull policy IfNotPresent (to be used only in e2e tests) | false | E2E_PULL_IF_NOT_PRESENT | True-ish value makes the image pull policy IfNotPresent (to be used only in e2e tests) | false |
| OPENSHIFT | Non-empty value enables OpenShift specific support (currently only effective in e2e tests) | *empty* | OPENSHIFT | Non-empty value enables OpenShift specific support (currently only effective in e2e tests) | *empty* |
For example, to use a custom registry: For example, to use a custom registry:

View file

@ -100,10 +100,10 @@ An overview of the default feature labels:
NFD also annotates nodes it is running on: NFD also annotates nodes it is running on:
| Annotation | Description | Annotation | Description |
| ------------------------------------------------------------ | ----------- | ------------------------------------------------------------ | ----------------------------------------------------------- |
| [&lt;instance&gt;.]nfd.node.kubernetes.io/feature-labels | Comma-separated list of node labels managed by NFD. NFD uses this internally so must not be edited by users. | [&lt;instance&gt;.]nfd.node.kubernetes.io/feature-labels | Comma-separated list of node labels managed by NFD. NFD uses this internally so must not be edited by users. |
| [&lt;instance&gt;.]nfd.node.kubernetes.io/extended-resources | Comma-separated list of node extended resources managed by NFD. NFD uses this internally so must not be edited by users. | [&lt;instance&gt;.]nfd.node.kubernetes.io/extended-resources | Comma-separated list of node extended resources managed by NFD. NFD uses this internally so must not be edited by users. |
> **NOTE:** the [`-instance`](../reference/master-commandline-reference.md#instance) > **NOTE:** the [`-instance`](../reference/master-commandline-reference.md#instance)
> command line flag affects the annotation names > command line flag affects the annotation names

View file

@ -8,3 +8,6 @@ rule 'MD013', :tables => false
rule 'MD007', :indent => 2 rule 'MD007', :indent => 2
rule 'MD013', :ignore_code_blocks => true rule 'MD013', :ignore_code_blocks => true
rule 'MD024', :allow_different_nesting => true rule 'MD024', :allow_different_nesting => true
# MD056 - Inconsistent number of columns in table
# docs/deployment/helm.md:98
exclude_rule 'MD056'

View file

@ -706,18 +706,18 @@ which to evaluate against the elements of the feature.
In each MatchExpression `op` specifies the operator to apply. Valid values are In each MatchExpression `op` specifies the operator to apply. Valid values are
described below. described below.
| Operator | Number of values | Matches when | Operator | Number of values | Matches when |
| --------------- | ---------------- | ----------- | --------------- | ---------------- | ----------- |
| `In` | 1 or greater | Input is equal to one of the values | `In` | 1 or greater | Input is equal to one of the values |
| `NotIn` | 1 or greater | Input is not equal to any of the values | `NotIn` | 1 or greater | Input is not equal to any of the values |
| `InRegexp` | 1 or greater | Values of the MatchExpression are treated as regexps and input matches one or more of them | `InRegexp` | 1 or greater | Values of the MatchExpression are treated as regexps and input matches one or more of them |
| `Exists` | 0 | The key exists | `Exists` | 0 | The key exists |
| `DoesNotExist` | 0 | The key does not exists | `DoesNotExist` | 0 | The key does not exists |
| `Gt` | 1 | Input is greater than the value. Both the input and value must be integer numbers. | `Gt` | 1 | Input is greater than the value. Both the input and value must be integer numbers. |
| `Lt` | 1 | Input is less than the value. Both the input and value must be integer numbers. | `Lt` | 1 | Input is less than the value. Both the input and value must be integer numbers. |
| `GtLt` | 2 | Input is between two values. Both the input and value must be integer numbers. | `GtLt` | 2 | Input is between two values. Both the input and value must be integer numbers. |
| `IsTrue` | 0 | Input is equal to "true" | `IsTrue` | 0 | Input is equal to "true" |
| `IsFalse` | 0 | Input is equal "false" | `IsFalse` | 0 | Input is equal "false" |
The `value` field of MatchExpression is a list of string arguments to the The `value` field of MatchExpression is a list of string arguments to the
operator. operator.
@ -765,86 +765,86 @@ true).
The following features are available for matching: The following features are available for matching:
| Feature | [Feature type](#feature-types) | Elements | Value type | Description | Feature | [Feature type](#feature-types) | Elements | Value type | Description |
| ---------------- | ------------ | -------- | ---------- | ----------- | ---------------- | ------------ | -------- | ---------- | ----------- |
| **`cpu.cpuid`** | flag | | | Supported CPU capabilities | **`cpu.cpuid`** | flag | | | Supported CPU capabilities |
| | | **`<cpuid-flag>`** | | CPUID flag is present | | | **`<cpuid-flag>`** | | CPUID flag is present |
| **`cpu.cstate`** | attribute | | | Status of cstates in the intel_idle cpuidle driver | **`cpu.cstate`** | attribute | | | Status of cstates in the intel_idle cpuidle driver |
| | | **`enabled`** | bool | 'true' if cstates are set, otherwise 'false'. Does not exist of intel_idle driver is not active. | | | **`enabled`** | bool | 'true' if cstates are set, otherwise 'false'. Does not exist of intel_idle driver is not active. |
| **`cpu.model`** | attribute | | | CPU model related attributes | **`cpu.model`** | attribute | | | CPU model related attributes |
| | | **`family`** | int | CPU family | | | **`family`** | int | CPU family |
| | | **`vendor_id`** | string | CPU vendor ID | | | **`vendor_id`** | string | CPU vendor ID |
| | | **`id`** | int | CPU model ID | | | **`id`** | int | CPU model ID |
| **`cpu.pstate`** | attribute | | | State of the Intel pstate driver. Does not exist if the driver is not enabled. | **`cpu.pstate`** | attribute | | | State of the Intel pstate driver. Does not exist if the driver is not enabled. |
| | | **`status`** | string | Status of the driver, possible values are 'active' and 'passive' | | | **`status`** | string | Status of the driver, possible values are 'active' and 'passive' |
| | | **`turbo`** | bool | 'true' if turbo frequencies are enabled, otherwise 'false' | | | **`turbo`** | bool | 'true' if turbo frequencies are enabled, otherwise 'false' |
| | | **`scaling`** | string | Active scaling_governor, possible values are 'powersave' or 'performance'. | | | **`scaling`** | string | Active scaling_governor, possible values are 'powersave' or 'performance'. |
| **`cpu.rdt`** | attribute | | | Intel RDT capabilities supported by the system | **`cpu.rdt`** | attribute | | | Intel RDT capabilities supported by the system |
| | | **`<rdt-flag>`** | | RDT capability is supported, see [RDT flags](#intel-rdt-flags) for details | | | **`<rdt-flag>`** | | RDT capability is supported, see [RDT flags](#intel-rdt-flags) for details |
| | | **`RDTL3CA_NUM_CLOSID`** | int | The number or available CLOSID (Class of service ID) for Intel L3 Cache Allocation Technology | | | **`RDTL3CA_NUM_CLOSID`** | int | The number or available CLOSID (Class of service ID) for Intel L3 Cache Allocation Technology |
| **`cpu.security`** | attribute | | | Features related to security and trusted execution environments | **`cpu.security`** | attribute | | | Features related to security and trusted execution environments |
| | | **`sgx.enabled`** | bool | `true` if Intel SGX (Software Guard Extensions) has been enabled, otherwise does not exist | | | **`sgx.enabled`** | bool | `true` if Intel SGX (Software Guard Extensions) has been enabled, otherwise does not exist |
| | | **`sgx.epc`** | int | The total amount Intel SGX Encrypted Page Cache memory in bytes. It's only present if `sgx.enabled` is `true`. | | | **`sgx.epc`** | int | The total amount Intel SGX Encrypted Page Cache memory in bytes. It's only present if `sgx.enabled` is `true`. |
| | | **`se.enabled`** | bool | `true` if IBM Secure Execution for Linux is available and has been enabled, otherwise does not exist | | | **`se.enabled`** | bool | `true` if IBM Secure Execution for Linux is available and has been enabled, otherwise does not exist |
| | | **`tdx.enabled`** | bool | `true` if Intel TDX (Trusted Domain Extensions) is available on the host and has been enabled, otherwise does not exist | | | **`tdx.enabled`** | bool | `true` if Intel TDX (Trusted Domain Extensions) is available on the host and has been enabled, otherwise does not exist |
| | | **`tdx.total_keys`** | int | The total amount of keys an Intel TDX (Trusted Domain Extensions) host can provide. It's only present if `tdx.enabled` is `true`. | | | **`tdx.total_keys`** | int | The total amount of keys an Intel TDX (Trusted Domain Extensions) host can provide. It's only present if `tdx.enabled` is `true`. |
| | | **`tdx.protected`** | bool | `true` if a guest VM was started using Intel TDX (Trusted Domain Extensions), otherwise does not exist. | | | **`tdx.protected`** | bool | `true` if a guest VM was started using Intel TDX (Trusted Domain Extensions), otherwise does not exist. |
| | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist | | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist |
| | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist | | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist |
| | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist | | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist |
| **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities | **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities |
| | | **`bf.enabled`** | bool | `true` if Intel SST-BF (Intel Speed Select Technology - Base frequency) has been enabled, otherwise does not exist | | | **`bf.enabled`** | bool | `true` if Intel SST-BF (Intel Speed Select Technology - Base frequency) has been enabled, otherwise does not exist |
| **`cpu.topology`** | attribute | | | CPU topology related features | **`cpu.topology`** | attribute | | | CPU topology related features |
| | | **`hardware_multithreading`** | bool | Hardware multithreading, such as Intel HTT, is enabled | | | **`hardware_multithreading`** | bool | Hardware multithreading, such as Intel HTT, is enabled |
| **`cpu.coprocessor`** | attribute | | | CPU Coprocessor related features | **`cpu.coprocessor`** | attribute | | | CPU Coprocessor related features |
| | | **`nx_gzip`** | bool | Nest Accelerator GZIP support is enabled | | | **`nx_gzip`** | bool | Nest Accelerator GZIP support is enabled |
| **`kernel.config`** | attribute | | | Kernel configuration options | **`kernel.config`** | attribute | | | Kernel configuration options |
| | | **`<config-flag>`** | string | Value of the kconfig option | | | **`<config-flag>`** | string | Value of the kconfig option |
| **`kernel.loadedmodule`** | flag | | | Kernel modules loaded on the node as reported by `/proc/modules` | **`kernel.loadedmodule`** | flag | | | Kernel modules loaded on the node as reported by `/proc/modules` |
| **`kernel.enabledmodule`** | flag | | | Kernel modules loaded on the node and available as built-ins as reported by `modules.builtin` | **`kernel.enabledmodule`** | flag | | | Kernel modules loaded on the node and available as built-ins as reported by `modules.builtin` |
| | | **`mod-name`** | | Kernel module `<mod-name>` is loaded | | | **`mod-name`** | | Kernel module `<mod-name>` is loaded |
| **`kernel.selinux`** | attribute | | | Kernel SELinux related features | **`kernel.selinux`** | attribute | | | Kernel SELinux related features |
| | | **`enabled`** | bool | `true` if SELinux has been enabled and is in enforcing mode, otherwise `false` | | | **`enabled`** | bool | `true` if SELinux has been enabled and is in enforcing mode, otherwise `false` |
| **`kernel.version`** | attribute | | | Kernel version information | **`kernel.version`** | attribute | | | Kernel version information |
| | | **`full`** | string | Full kernel version (e.g. 4.5.6-7-g123abcde') | | | **`full`** | string | Full kernel version (e.g. 4.5.6-7-g123abcde') |
| | | **`major`** | int | First component of the kernel version (e.g. 4') | | | **`major`** | int | First component of the kernel version (e.g. 4') |
| | | **`minor`** | int | Second component of the kernel version (e.g. 5') | | | **`minor`** | int | Second component of the kernel version (e.g. 5') |
| | | **`revision`** | int | Third component of the kernel version (e.g. 6') | | | **`revision`** | int | Third component of the kernel version (e.g. 6') |
| **`local.label`** | attribute | | | Labels from feature files and hooks, i.e. labels from the [*local* feature source](#local-feature-source) | **`local.label`** | attribute | | | Labels from feature files and hooks, i.e. labels from the [*local* feature source](#local-feature-source) |
| **`local.feature`** | attribute | | | Features from feature files and hooks, i.e. features from the [*local* feature source](#local-feature-source) | **`local.feature`** | attribute | | | Features from feature files and hooks, i.e. features from the [*local* feature source](#local-feature-source) |
| | | **`<label-name>`** | string | Label `<label-name>` created by the local feature source, value equals the value of the label | | | **`<label-name>`** | string | Label `<label-name>` created by the local feature source, value equals the value of the label |
| **`memory.nv`** | instance | | | NVDIMM devices present in the system | **`memory.nv`** | instance | | | NVDIMM devices present in the system |
| | | **`<sysfs-attribute>`** | string | Value of the sysfs device attribute, available attributes: `devtype`, `mode` | | | **`<sysfs-attribute>`** | string | Value of the sysfs device attribute, available attributes: `devtype`, `mode` |
| **`memory.numa`** | attribute | | | NUMA nodes | **`memory.numa`** | attribute | | | NUMA nodes |
| | | **`is_numa`** | bool | `true` if NUMA architecture, `false` otherwise | | | **`is_numa`** | bool | `true` if NUMA architecture, `false` otherwise |
| | | **`node_count`** | int | Number of NUMA nodes | | | **`node_count`** | int | Number of NUMA nodes |
| **`network.device`** | instance | | | Physical (non-virtual) network interfaces present in the system | **`network.device`** | instance | | | Physical (non-virtual) network interfaces present in the system |
| | | **`name`** | string | Name of the network interface | | | **`name`** | string | Name of the network interface |
| | | **`<sysfs-attribute>`** | string | Sysfs network interface attribute, available attributes: `operstate`, `speed`, `sriov_numvfs`, `sriov_totalvfs` | | | **`<sysfs-attribute>`** | string | Sysfs network interface attribute, available attributes: `operstate`, `speed`, `sriov_numvfs`, `sriov_totalvfs` |
| **`pci.device`** | instance | | | PCI devices present in the system | **`pci.device`** | instance | | | PCI devices present in the system |
| | | **`<sysfs-attribute>`** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `subsystem_vendor`, `subsystem_device`, `sriov_totalvfs`, `iommu_group/type`, `iommu/intel-iommu/version` | | | **`<sysfs-attribute>`** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `subsystem_vendor`, `subsystem_device`, `sriov_totalvfs`, `iommu_group/type`, `iommu/intel-iommu/version` |
| **`storage.device`** | instance | | | Block storage devices present in the system | **`storage.device`** | instance | | | Block storage devices present in the system |
| | | **`name`** | string | Name of the block device | | | **`name`** | string | Name of the block device |
| | | **`<sysfs-attribute>`** | string | Sysfs network interface attribute, available attributes: `dax`, `rotational`, `nr_zones`, `zoned` | | | **`<sysfs-attribute>`** | string | Sysfs network interface attribute, available attributes: `dax`, `rotational`, `nr_zones`, `zoned` |
| **`system.osrelease`** | attribute | | | System identification data from `/etc/os-release` | **`system.osrelease`** | attribute | | | System identification data from `/etc/os-release` |
| | | **`<parameter>`** | string | One parameter from `/etc/os-release` | | | **`<parameter>`** | string | One parameter from `/etc/os-release` |
| **`system.name`** | attribute | | | System name information | **`system.name`** | attribute | | | System name information |
| | | **`nodename`** | string | Name of the kubernetes node object | | | **`nodename`** | string | Name of the kubernetes node object |
| **`usb.device`** | instance | | | USB devices present in the system | **`usb.device`** | instance | | | USB devices present in the system |
| | | **`<sysfs-attribute>`** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `serial` | | | **`<sysfs-attribute>`** | string | Value of the sysfs device attribute, available attributes: `class`, `vendor`, `device`, `serial` |
| **`rule.matched`** | attribute | | | Previously matched rules | **`rule.matched`** | attribute | | | Previously matched rules |
| | | **`<label-or-var>`** | string | Label or var from a preceding rule that matched | | | **`<label-or-var>`** | string | Label or var from a preceding rule that matched |
#### Intel RDT flags #### Intel RDT flags
| Flag | Description | | Flag | Description |
| --------- | ---------------------------------------------------------------- | | --------- | ---------------------------------------------------------------- |
| RDTMON | Intel RDT Monitoring Technology | RDTMON | Intel RDT Monitoring Technology |
| RDTCMT | Intel Cache Monitoring (CMT) | RDTCMT | Intel Cache Monitoring (CMT) |
| RDTMBM | Intel Memory Bandwidth Monitoring (MBM) | RDTMBM | Intel Memory Bandwidth Monitoring (MBM) |
| RDTL3CA | Intel L3 Cache Allocation Technology | RDTL3CA | Intel L3 Cache Allocation Technology |
| RDTl2CA | Intel L2 Cache Allocation Technology | RDTl2CA | Intel L2 Cache Allocation Technology |
| RDTMBA | Intel Memory Bandwidth Allocation (MBA) Technology | RDTMBA | Intel Memory Bandwidth Allocation (MBA) Technology |
### Templating ### Templating

View file

@ -44,29 +44,29 @@ feature.node.kubernetes.io/<feature> = <value>
### CPU ### CPU
| Feature name | Value | Description | Feature name | Value | Description |
| ----------------------- | ------------ | ----------- | ----------------------------------- | ------ | --------------------------------------------------------------------------- |
| **`cpu-cpuid.<cpuid-flag>`** | true | CPU capability is supported. **NOTE:** the capability might be supported but not enabled. | **`cpu-cpuid.<cpuid-flag>`** | true | CPU capability is supported. **NOTE:** the capability might be supported but not enabled. |
| **`cpu-hardware_multithreading`** | true | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) | **`cpu-hardware_multithreading`** | true | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) |
| **`cpu-coprocessor.nx_gzip`** | true | Nest Accelerator for GZIP is supported(Power). | **`cpu-coprocessor.nx_gzip`** | true | Nest Accelerator for GZIP is supported(Power). |
| **`cpu-power.sst_bf.enabled`** | true | Intel SST-BF ([Intel Speed Select Technology][intel-sst] - Base frequency) enabled | **`cpu-power.sst_bf.enabled`** | true | Intel SST-BF ([Intel Speed Select Technology][intel-sst] - Base frequency) enabled |
| **`cpu-pstate.status`** | string | The status of the [Intel pstate][intel-pstate] driver when in use and enabled, either 'active' or 'passive'. | **`cpu-pstate.status`** | string | The status of the [Intel pstate][intel-pstate] driver when in use and enabled, either 'active' or 'passive'. |
| **`cpu-pstate.turbo`** | bool | Set to 'true' if turbo frequencies are enabled in Intel pstate driver, set to 'false' if they have been disabled. | **`cpu-pstate.turbo`** | bool | Set to 'true' if turbo frequencies are enabled in Intel pstate driver, set to 'false' if they have been disabled. |
| **`cpu-pstate.scaling_governor`** | string | The value of the Intel pstate scaling_governor when in use, either 'powersave' or 'performance'. | **`cpu-pstate.scaling_governor`** | string | The value of the Intel pstate scaling_governor when in use, either 'powersave' or 'performance'. |
| **`cpu-cstate.enabled`** | bool | Set to 'true' if cstates are set in the intel_idle driver, otherwise set to 'false'. Unset if intel_idle cpuidle driver is not active. | **`cpu-cstate.enabled`** | bool | Set to 'true' if cstates are set in the intel_idle driver, otherwise set to 'false'. Unset if intel_idle cpuidle driver is not active. |
| **`cpu-rdt.<rdt-flag>`** | true | **DEPRECATED** [Intel RDT][intel-rdt] capability is supported. See [RDT flags](customization-guide.md#intel-rdt-flags) for details. | **`cpu-rdt.<rdt-flag>`** | true | **DEPRECATED** [Intel RDT][intel-rdt] capability is supported. See [RDT flags](customization-guide.md#intel-rdt-flags) for details. |
| **`cpu-security.sgx.enabled`** | true | Set to 'true' if Intel SGX is enabled in BIOS (based on a non-zero sum value of SGX EPC section sizes). | **`cpu-security.sgx.enabled`** | true | Set to 'true' if Intel SGX is enabled in BIOS (based on a non-zero sum value of SGX EPC section sizes). |
| **`cpu-security.se.enabled`** | true | Set to 'true' if IBM Secure Execution for Linux (IBM Z & LinuxONE) is available and enabled (requires `/sys/firmware/uv/prot_virt_host` facility) | **`cpu-security.se.enabled`** | true | Set to 'true' if IBM Secure Execution for Linux (IBM Z & LinuxONE) is available and enabled (requires `/sys/firmware/uv/prot_virt_host` facility) |
| **`cpu-security.tdx.enabled`** | true | Set to 'true' if Intel TDX is available on the host and has been enabled (requires `/sys/module/kvm_intel/parameters/tdx`). | **`cpu-security.tdx.enabled`** | true | Set to 'true' if Intel TDX is available on the host and has been enabled (requires `/sys/module/kvm_intel/parameters/tdx`). |
| **`cpu-security.tdx.protected`** | true | Set to 'true' if Intel TDX was used to start the guest node, based on the existence of the "TDX_GUEST" information as part of cpuid features. | **`cpu-security.tdx.protected`** | true | Set to 'true' if Intel TDX was used to start the guest node, based on the existence of the "TDX_GUEST" information as part of cpuid features. |
| **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`). | **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`). |
| **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`). | **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`). |
| **`cpu-security.sev.snp.enabled`**| true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`). | **`cpu-security.sev.snp.enabled`** | true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`). |
| **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information. | **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information. |
| **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information. | **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information. |
| **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID. | **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID. |
| **`cpu-model.family`** | int | CPU family. | **`cpu-model.family`** | int | CPU family. |
| **`cpu-model.id`** | int | CPU model number. | **`cpu-model.id`** | int | CPU model number. |
> **NOTE:** the `cpu-rdt.<rdt-flag>` labels are deprecated and will be removed > **NOTE:** the `cpu-rdt.<rdt-flag>` labels are deprecated and will be removed
> in a future release. They will remain to be available as features > in a future release. They will remain to be available as features
@ -83,43 +83,43 @@ configuration options for details.
| Flag | Description | | Flag | Description |
| ------------------ | ------------------------------------------------------- | | ------------------ | ------------------------------------------------------- |
| ADX | Multi-Precision Add-Carry Instruction Extensions (ADX) | ADX | Multi-Precision Add-Carry Instruction Extensions (ADX) |
| AESNI | Advanced Encryption Standard (AES) New Instructions (AES-NI) | AESNI | Advanced Encryption Standard (AES) New Instructions (AES-NI) |
| AVX | Advanced Vector Extensions (AVX) | AVX | Advanced Vector Extensions (AVX) |
| AVX2 | Advanced Vector Extensions 2 (AVX2) | AVX2 | Advanced Vector Extensions 2 (AVX2) |
| AVXVNNI | AVX (VEX encoded) VNNI neural network instructions | AVXVNNI | AVX (VEX encoded) VNNI neural network instructions |
| AMXBF16 | Advanced Matrix Extension, tile multiplication operations on BFLOAT16 numbers | AMXBF16 | Advanced Matrix Extension, tile multiplication operations on BFLOAT16 numbers |
| AMXINT8 | Advanced Matrix Extension, tile multiplication operations on 8-bit integers | AMXINT8 | Advanced Matrix Extension, tile multiplication operations on 8-bit integers |
| AMXFP16 | Advanced Matrix Extension, tile multiplication operations on FP16 numbers | AMXFP16 | Advanced Matrix Extension, tile multiplication operations on FP16 numbers |
| AMXTILE | Advanced Matrix Extension, base tile architecture support | AMXTILE | Advanced Matrix Extension, base tile architecture support |
| AVX512BF16 | AVX-512 BFLOAT16 instructions | AVX512BF16 | AVX-512 BFLOAT16 instructions |
| AVX512BITALG | AVX-512 bit Algorithms | AVX512BITALG | AVX-512 bit Algorithms |
| AVX512BW | AVX-512 byte and word Instructions | AVX512BW | AVX-512 byte and word Instructions |
| AVX512CD | AVX-512 conflict detection instructions | AVX512CD | AVX-512 conflict detection instructions |
| AVX512DQ | AVX-512 doubleword and quadword instructions | AVX512DQ | AVX-512 doubleword and quadword instructions |
| AVX512ER | AVX-512 exponential and reciprocal instructions | AVX512ER | AVX-512 exponential and reciprocal instructions |
| AVX512F | AVX-512 foundation | AVX512F | AVX-512 foundation |
| AVX512FP16 | AVX-512 FP16 instructions | AVX512FP16 | AVX-512 FP16 instructions |
| AVX512IFMA | AVX-512 integer fused multiply-add instructions | AVX512IFMA | AVX-512 integer fused multiply-add instructions |
| AVX512PF | AVX-512 prefetch instructions | AVX512PF | AVX-512 prefetch instructions |
| AVX512VBMI | AVX-512 vector bit manipulation instructions | AVX512VBMI | AVX-512 vector bit manipulation instructions |
| AVX512VBMI2 | AVX-512 vector bit manipulation instructions, version 2 | AVX512VBMI2 | AVX-512 vector bit manipulation instructions, version 2 |
| AVX512VL | AVX-512 vector length extensions | AVX512VL | AVX-512 vector length extensions |
| AVX512VNNI | AVX-512 vector neural network instructions | AVX512VNNI | AVX-512 vector neural network instructions |
| AVX512VP2INTERSECT | AVX-512 intersect for D/Q | AVX512VP2INTERSECT | AVX-512 intersect for D/Q |
| AVX512VPOPCNTDQ | AVX-512 vector population count doubleword and quadword | AVX512VPOPCNTDQ | AVX-512 vector population count doubleword and quadword |
| AVXIFMA | AVX-IFMA instructions | AVXIFMA | AVX-IFMA instructions |
| AVXNECONVERT | AVX-NE-CONVERT instructions | AVXNECONVERT | AVX-NE-CONVERT instructions |
| AVXVNNIINT8 | AVX-VNNI-INT8 instructions | AVXVNNIINT8 | AVX-VNNI-INT8 instructions |
| CMPCCXADD | CMPCCXADD instructions | CMPCCXADD | CMPCCXADD instructions |
| ENQCMD | Enqueue Command | ENQCMD | Enqueue Command |
| GFNI | Galois Field New Instructions | GFNI | Galois Field New Instructions |
| HYPERVISOR | Running under hypervisor | HYPERVISOR | Running under hypervisor |
| MSRLIST | Read/Write List of Model Specific Registers | MSRLIST | Read/Write List of Model Specific Registers |
| PREFETCHI | PREFETCHIT0/1 instructions | PREFETCHI | PREFETCHIT0/1 instructions |
| VAES | AVX-512 vector AES instructions | VAES | AVX-512 vector AES instructions |
| VPCLMULQDQ | Carry-less multiplication quadword | VPCLMULQDQ | Carry-less multiplication quadword |
| WRMSRNS | Non-Serializing Write to Model Specific Register | WRMSRNS | Non-Serializing Write to Model Specific Register |
By default, the following CPUID flags have been blacklisted: BMI1, BMI2, CLMUL, By default, the following CPUID flags have been blacklisted: BMI1, BMI2, CLMUL,
CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT, RDRAND, RDSEED, CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT, RDRAND, RDSEED,
@ -133,43 +133,43 @@ See the full list in [github.com/klauspost/cpuid][klauspost-cpuid].
| Flag | Description | | Flag | Description |
| --------- | ---------------------------------------------------------------- | | --------- | ---------------------------------------------------------------- |
| IDIVA | Integer divide instructions available in ARM mode | IDIVA | Integer divide instructions available in ARM mode |
| IDIVT | Integer divide instructions available in Thumb mode | IDIVT | Integer divide instructions available in Thumb mode |
| THUMB | Thumb instructions | THUMB | Thumb instructions |
| FASTMUL | Fast multiplication | FASTMUL | Fast multiplication |
| VFP | Vector floating point instruction extension (VFP) | VFP | Vector floating point instruction extension (VFP) |
| VFPv3 | Vector floating point extension v3 | VFPv3 | Vector floating point extension v3 |
| VFPv4 | Vector floating point extension v4 | VFPv4 | Vector floating point extension v4 |
| VFPD32 | VFP with 32 D-registers | VFPD32 | VFP with 32 D-registers |
| HALF | Half-word loads and stores | HALF | Half-word loads and stores |
| EDSP | DSP extensions | EDSP | DSP extensions |
| NEON | NEON SIMD instructions | NEON | NEON SIMD instructions |
| LPAE | Large Physical Address Extensions | LPAE | Large Physical Address Extensions |
#### Arm64 CPUID flags (partial list) #### Arm64 CPUID flags (partial list)
| Flag | Description | | Flag | Description |
| --------- | ---------------------------------------------------------------- | | --------- | ---------------------------------------------------------------- |
| AES | Announcing the Advanced Encryption Standard | AES | Announcing the Advanced Encryption Standard |
| EVSTRM | Event Stream Frequency Features | EVSTRM | Event Stream Frequency Features |
| FPHP | Half Precision(16bit) Floating Point Data Processing Instructions | FPHP | Half Precision(16bit) Floating Point Data Processing Instructions |
| ASIMDHP | Half Precision(16bit) Asimd Data Processing Instructions | ASIMDHP | Half Precision(16bit) Asimd Data Processing Instructions |
| ATOMICS | Atomic Instructions to the A64 | ATOMICS | Atomic Instructions to the A64 |
| ASIMRDM | Support for Rounding Double Multiply Add/Subtract | ASIMRDM | Support for Rounding Double Multiply Add/Subtract |
| PMULL | Optional Cryptographic and CRC32 Instructions | PMULL | Optional Cryptographic and CRC32 Instructions |
| JSCVT | Perform Conversion to Match Javascript | JSCVT | Perform Conversion to Match Javascript |
| DCPOP | Persistent Memory Support | DCPOP | Persistent Memory Support |
### Kernel ### Kernel
| Feature | Value | Description | Feature | Value | Description |
| ------- | ------ | ----------- | ----------------------------| ------ | --------------------------------------------------------- |
| **`kernel-config.<option>`** | true | Kernel config option is enabled (set 'y' or 'm'). Default options are `NO_HZ`, `NO_HZ_IDLE`, `NO_HZ_FULL` and `PREEMPT` | **`kernel-config.<option>`** | true | Kernel config option is enabled (set 'y' or 'm'). Default options are `NO_HZ`, `NO_HZ_IDLE`, `NO_HZ_FULL` and `PREEMPT` |
| **`kernel-selinux.enabled`** | true | Selinux is enabled on the node | **`kernel-selinux.enabled`** | true | Selinux is enabled on the node |
| **`kernel-version.full`** | string | Full kernel version as reported by `/proc/sys/kernel/osrelease` (e.g. '4.5.6-7-g123abcde') | **`kernel-version.full`** | string | Full kernel version as reported by `/proc/sys/kernel/osrelease` (e.g. '4.5.6-7-g123abcde') |
| **`kernel-version.major`** | string | First component of the kernel version (e.g. '4') | **`kernel-version.major`** | string | First component of the kernel version (e.g. '4') |
| **`kernel-version.minor`** | string | Second component of the kernel version (e.g. '5') | **`kernel-version.minor`** | string | Second component of the kernel version (e.g. '5') |
| **`kernel-version.revision`** | string | Third component of the kernel version (e.g. '6') | **`kernel-version.revision`**| string | Third component of the kernel version (e.g. '6') |
The kernel label source is configurable, see The kernel label source is configurable, see
[worker configuration](nfd-worker.md#worker-configuration) and [worker configuration](nfd-worker.md#worker-configuration) and
@ -178,25 +178,26 @@ configuration options for details.
### Memory ### Memory
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | --------------------| ----- | --------------------------------------------------------- |
| **`memory-numa`** | true | Multiple memory nodes i.e. NUMA architecture detected | **`memory-numa`** | true | Multiple memory nodes i.e. NUMA architecture detected |
| **`memory-nv.present`** | true | NVDIMM device(s) are present | **`memory-nv.present`** | true | NVDIMM device(s) are present |
| **`memory-nv.dax`** | true | NVDIMM region(s) configured in DAX mode are present | **`memory-nv.dax`** | true | NVDIMM region(s) configured in DAX mode are present |
### Network ### Network
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | ------------------------------| ----- | --------------------------------------------------------------- |
| **`network-sriov.capable`** | true | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled Network Interface Card(s) present | **`network-sriov.capable`** | true | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled Network Interface Card(s) present |
| **`network-sriov.configured`** | true | SR-IOV virtual functions have been configured | **`network-sriov.configured`**| true | SR-IOV virtual functions have been configured |
### PCI ### PCI
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | --------------------------------------- | ----- | ---------------------------------------------------------------- |
| **`pci-<device label>.present`** | true | PCI device is detected | **`pci-<device label>.present`** | true | PCI device is detected |
| **`pci-<device label>.sriov.capable`** | true | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled PCI device present | **`pci-<device label>.sriov.capable`** | true | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled PCI device present |
| | | |
`<device label>` is format is configurable and set to `<class>_<vendor>` by `<device label>` is format is configurable and set to `<class>_<vendor>` by
default. For more more details about configuration of the pci labels, see default. For more more details about configuration of the pci labels, see
@ -206,9 +207,9 @@ instructions.
### USB ### USB
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | ----------- | ----- | --------------------------------------------------------- |
| **`usb-<device label>.present`** | true | USB device is detected | **`usb-<device label>.present`** | true | USB device is detected |
`<device label>` is format is configurable and set to `<device label>` is format is configurable and set to
`<class>_<vendor>_<device>` by default. For more more details about `<class>_<vendor>_<device>` by default. For more more details about
@ -219,18 +220,18 @@ instructions.
### Storage ### Storage
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | --------------------------------| ----- | ----------------------------------------------------------- |
| **`storage-nonrotationaldisk`** | true | Non-rotational disk, like SSD, is present in the node | **`storage-nonrotationaldisk`** | true | Non-rotational disk, like SSD, is present in the node |
### System ### System
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | --------------------------------------- | ------ | ----------------------------------------------------------- |
| **`system-os_release.ID`** | string | Operating system identifier | **`system-os_release.ID`** | string | Operating system identifier |
| **`system-os_release.VERSION_ID`** | string |Operating system version identifier (e.g. '6.7') | **`system-os_release.VERSION_ID`** | string | Operating system version identifier (e.g. '6.7') |
| **`system-os_release.VERSION_ID.major`** | string |First component of the OS version id (e.g. '6') | **`system-os_release.VERSION_ID.major`**| string | First component of the OS version id (e.g. '6') |
| **`system-os_release.VERSION_ID.minor`** | string | Second component of the OS version id (e.g. '7') | **`system-os_release.VERSION_ID.minor`**| string | Second component of the OS version id (e.g. '7') |
### Custom ### Custom
@ -238,10 +239,11 @@ The custom label source is designed for creating
[user defined labels](#user-defined-labels). However, it has a few statically [user defined labels](#user-defined-labels). However, it has a few statically
defined built-in labels: defined built-in labels:
| Feature | Value | Description | Feature | Value | Description |
| ----------- | ----- | ----------- | ---------------------------- | ----- | ----------------------------------------------------------- |
| **`custom-rdma.capable`** | true | The node has an RDMA capable Network adapter | | **`custom-rdma.capable`** | true | The node has an RDMA capable Network adapter |
| **`custom-rdma.enabled`** | true | The node has the needed RDMA modules loaded to run RDMA traffic | | **`custom-rdma.enabled`** | true | The node has the needed RDMA modules loaded to run RDMA traffic |
| | | |
## User defined labels ## User defined labels