mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity

docs: slightly rework how tainting is documented

Browse source 
Small edit to how tainting is documented in the customization guide.
First, make the heading shorter. Then, move the detailed example yaml
and its description further down in the document to the section that
describes the "taints" field - this is now similar how extended
resources are documented.
This commit is contained in:
Markus Lehtonen 2023-10-24 21:06:30 +03:00
parent d555109a17
commit 258152923a
1 changed files with 42 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
docs/usage/customization-guide.md
View file

@ -161,7 +161,7 @@ re-labeling delay up to the sleep-interval of nfd-worker (1 minute by default).
See [Feature rule format](#feature-rule-format) for detailed description of
available fields and how to write labeling rules.
### NodeFeatureRule tainting feature
### Node tainting
This feature is experimental.
@ -178,48 +178,14 @@ To enable the tainting feature, `--enable-taints` flag needs to be set to `true`
If the flag `--enable-taints` is set to `false` (i.e. disabled), taints defined in
the NodeFeatureRule CR have no effect and will be ignored by the NFD master.
See documentation of the [taints field](#taints) for detailed description how
to specify taints in the NodeFeatureRule object.
> **NOTE:** Before enabling any taints, make sure to edit nfd-worker daemonset
> to tolerate the taints to be created. Otherwise, already running pods that do
> not tolerate the taint are evicted immediately from the node including the
> nfd-worker pod.
Example NodeFeatureRule with custom taints:
```yaml
apiVersion: nfd.k8s-sigs.io/v1alpha1
kind: NodeFeatureRule
metadata:
name: my-sample-rule-object
spec:
rules:
- name: "my sample taint rule"
taints:
- effect: PreferNoSchedule
key: "feature.node.kubernetes.io/special-node"
value: "true"
- effect: NoExecute
key: "feature.node.kubernetes.io/dedicated-node"
matchFeatures:
- feature: kernel.loadedmodule
matchExpressions:
dummy: {op: Exists}
- feature: kernel.config
matchExpressions:
X86: {op: In, value: ["y"]}
```
In this example, if the `my sample taint rule` rule is matched, `feature.node.kubernetes.io/pci-0300_1d0f.present=true:NoExecute`
and `feature.node.kubernetes.io/cpu-cpuid.ADX:NoExecute` taints are set on the node.
There are some limitations to the namespace part (i.e. prefix/) of the taint
key:
- `kubernetes.io/` and its sub-namespaces (like `sub.ns.kubernetes.io/`) cannot
generally be used
- the only exception is `feature.node.kubernetes.io/` and its sub-namespaces
(like `sub.ns.feature.node.kubernetes.io`)
- unprefixed keys (like `foo`) keys are disallowed
## Local feature source
NFD-Worker has a special feature source named `local` which is an integration
@ -648,6 +614,44 @@ NFD enforces some limitations to the namespace (or prefix)/ of the annotations:
where the `value` is optional. Effect could be `NoSchedule`, `PreferNoSchedule`
or `NoExecute`. To learn more about the meaning of these effects, check out k8s [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).
Example NodeFeatureRule with taints:
```yaml
apiVersion: nfd.k8s-sigs.io/v1alpha1
kind: NodeFeatureRule
metadata:
name: my-sample-rule-object
spec:
rules:
- name: "my sample taint rule"
taints:
- effect: PreferNoSchedule
key: "feature.node.kubernetes.io/special-node"
value: "true"
- effect: NoExecute
key: "feature.node.kubernetes.io/dedicated-node"
matchFeatures:
- feature: kernel.loadedmodule
matchExpressions:
dummy: {op: Exists}
- feature: kernel.config
matchExpressions:
X86: {op: In, value: ["y"]}
```
In this example, if the `my sample taint rule` rule is matched,
`feature.node.kubernetes.io/pci-0300_1d0f.present=true:NoExecute`
and `feature.node.kubernetes.io/cpu-cpuid.ADX:NoExecute` taints are set on the node.
There are some limitations to the namespace part (i.e. prefix/) of the taint
key:
- `kubernetes.io/` and its sub-namespaces (like `sub.ns.kubernetes.io/`) cannot
generally be used
- the only exception is `feature.node.kubernetes.io/` and its sub-namespaces
(like `sub.ns.feature.node.kubernetes.io`)
- unprefixed keys (like `foo`) keys are disallowed
> **NOTE:** taints field is not available for the custom rules of nfd-worker
> and only for NodeFeatureRule objects.