kustomize: add standard-combined overlay

Replicates nfd-daemonset-combined.yaml.template. In addition to the overlay we need to add a separate set of patches under components/common in order to handle the double-container pod.
2025-03-28 18:57:10 +00:00 · 2021-03-16 16:20:42 +02:00 · 2021-03-16 16:20:42 +02:00 · 1f8a6d7819
commit 1f8a6d7819
parent b38cf997d5
8 changed files with 157 additions and 0 deletions
--- a/deployment/base/master-worker-combined/kustomization.yaml
+++ b/deployment/base/master-worker-combined/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: node-feature-discovery
+
+resources:
+- master-worker-daemonset.yaml
--- a/deployment/base/master-worker-combined/master-worker-daemonset.yaml
+++ b/deployment/base/master-worker-combined/master-worker-daemonset.yaml
@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: nfd
+  name: nfd
+spec:
+  selector:
+    matchLabels:
+      app: nfd
+  template:
+    metadata:
+      labels:
+        app: nfd
+    spec:
+      serviceAccount: nfd-master
+      tolerations: []
+      containers:
+      - name: nfd-master
+        image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
+        imagePullPolicy: Always
+        command:
+        - "nfd-master"
+      - name: nfd-worker
+        image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
+        imagePullPolicy: Always
+        command:
+        - "nfd-worker"
+        args: []
--- a/deployment/components/common/env-combined.yaml
+++ b/deployment/components/common/env-combined.yaml
@ -0,0 +1,14 @@
+- op: add
+  path: "/spec/template/spec/containers/0/env"
+  value:
+    - name: NODE_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.nodeName
+- op: add
+  path: "/spec/template/spec/containers/1/env"
+  value:
+    - name: NODE_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.nodeName
--- a/deployment/components/common/kustomization.yaml
+++ b/deployment/components/common/kustomization.yaml
@ -18,3 +18,20 @@ patches:
  target:
    labelSelector: app=nfd
    name: nfd-worker
+# We need separate patches for the "combined" daemonset with two containers in the pod :/
+- path: env-combined.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd
+- path: securitycontext-combined.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd
+- path: master-affinity.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd
+- path: worker-mounts-combined.yaml
+  target:
+    labelSelector: app=nfd
+    name: nfd
--- a/deployment/components/common/securitycontext-combined.yaml
+++ b/deployment/components/common/securitycontext-combined.yaml
@ -0,0 +1,16 @@
+- op: add
+  path: "/spec/template/spec/containers/0/securityContext"
+  value:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+- op: add
+  path: "/spec/template/spec/containers/1/securityContext"
+  value:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
--- a/deployment/components/common/worker-mounts-combined.yaml
+++ b/deployment/components/common/worker-mounts-combined.yaml
@ -0,0 +1,55 @@
+- op: add
+  path: /spec/template/spec/volumes
+  value:
+  - name: host-boot
+    hostPath:
+      path: "/boot"
+  - name: host-os-release
+    hostPath:
+      path: "/etc/os-release"
+  - name: host-sys
+    hostPath:
+      path: "/sys"
+  - name: host-usr-lib
+    hostPath:
+      path: "/usr/lib"
+  - name: host-usr-src
+    hostPath:
+      path: "/usr/src"
+  - name: source-d
+    hostPath:
+      path: "/etc/kubernetes/node-feature-discovery/source.d/"
+  - name: features-d
+    hostPath:
+      path: "/etc/kubernetes/node-feature-discovery/features.d/"
+  - name: nfd-worker-conf
+    configMap:
+      name: nfd-worker-conf
+
+- op: add
+  path: /spec/template/spec/containers/1/volumeMounts
+  value:
+  - name: host-boot
+    mountPath: "/host-boot"
+    readOnly: true
+  - name: host-os-release
+    mountPath: "/host-etc/os-release"
+    readOnly: true
+  - name: host-sys
+    mountPath: "/host-sys"
+    readOnly: true
+  - name: host-usr-lib
+    mountPath: "/host-usr/lib"
+    readOnly: true
+  - name: host-usr-src
+    mountPath: "/host-usr/src"
+    readOnly: true
+  - name: source-d
+    mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
+    readOnly: true
+  - name: features-d
+    mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
+    readOnly: true
+  - name: nfd-worker-conf
+    mountPath: "/etc/kubernetes/node-feature-discovery"
+    readOnly: true
--- a/deployment/overlays/default-combined/kustomization.yaml
+++ b/deployment/overlays/default-combined/kustomization.yaml
@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: node-feature-discovery
+
+bases:
+- ../../base/rbac
+- ../../base/master-worker-combined
+
+resources:
+- namespace.yaml
+
+components:
+- ../../components/worker-config
+- ../../components/common
--- a/deployment/overlays/default-combined/namespace.yaml
+++ b/deployment/overlays/default-combined/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: node-feature-discovery