1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-15 04:57:56 +00:00

Merge pull request #536 from marquiz/devel/label-sub-ns

nfd-master: allow sub-namespaces of the default label ns
This commit is contained in:
Kubernetes Prow Robot 2021-08-10 04:19:18 -07:00 committed by GitHub
commit 4a22a39928
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 11 deletions

View file

@ -175,9 +175,10 @@ nfd-master -label-whitelist='.*cpuid\.'
The `-extra-label-ns` flag specifies a comma-separated list of allowed feature The `-extra-label-ns` flag specifies a comma-separated list of allowed feature
label namespaces. By default, nfd-master only allows creating labels in the label namespaces. By default, nfd-master only allows creating labels in the
default `feature.node.kubernetes.io` label namespace. This option can be used default `feature.node.kubernetes.io` label namespace and its sub-namespaces
to allow vendor-specific namespaces for custom labels from the local and custom (e.g. `vendor.feature.node.kubernetes.io`). This option can be used to allow
feature sources. other vendor or application specific namespaces for custom labels from the
local and custom feature sources.
The same namespace control and this flag applies Extended Resources (created The same namespace control and this flag applies Extended Resources (created
with `-resource-labels`), too. with `-resource-labels`), too.

View file

@ -27,7 +27,15 @@ feature sources that work accross the system.
Each discovered feature is advertised a label in the Kubernetes Node object. Each discovered feature is advertised a label in the Kubernetes Node object.
The published node labels encode a few pieces of information: The published node labels encode a few pieces of information:
- Namespace, (all built-in labels use `feature.node.kubernetes.io`) - Namespace
- all built-in labels use `feature.node.kubernetes.io`
- user-specified custom labels ([custom](#custom) and
[local](#local--user-specific-features) feature sources)
- `feature.node.kubernetes.io` and its sub-namespaces (e.g.
`vendor.profile.node.kubernetes.io`) are allowed by default
- additional namespaces may be enabled with the
[`--extra-label-ns`](../advanced/master-commandline-reference#-extra-label-ns)
command line flag of nfd-master
- The source for each label (e.g. `cpu`). - The source for each label (e.g. `cpu`).
- The name of the discovered feature as it appears in the underlying - The name of the discovered feature as it appears in the underlying
source, (e.g. `cpuid.AESNI` from cpu). source, (e.g. `cpuid.AESNI` from cpu).
@ -354,7 +362,7 @@ custom:
pciId: pciId:
vendor: ["15b3"] vendor: ["15b3"]
device: ["1014", "1017"] device: ["1014", "1017"]
- name: "my.accumulated.feature" - name: "vendor.feature.node.kubernetes.io/accumulated.feature"
matchOn: matchOn:
- loadedKMod : ["some_kmod1", "some_kmod2"] - loadedKMod : ["some_kmod1", "some_kmod2"]
- pciId: - pciId:
@ -392,7 +400,7 @@ __In the example above:__
contains a PCI device contains a PCI device
with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _or_ `1017`. with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _or_ `1017`.
- A node would contain the label: - A node would contain the label:
`feature.node.kubernetes.io/custom-my.accumulated.feature=true` if `vendor.feature.node.kubernetes.io/accumulated.feature=true` if
`some_kmod1` _AND_ `some_kmod2` kernel modules are loaded __OR__ the node `some_kmod1` _AND_ `some_kmod2` kernel modules are loaded __OR__ the node
contains a PCI device contains a PCI device
with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _OR_ `1017`. with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _OR_ `1017`.
@ -568,8 +576,10 @@ This makes it possible for the user to fully control the feature label names,
e.g. for overriding labels created by other feature sources. e.g. for overriding labels created by other feature sources.
You can also override the default namespace of your labels using this format: You can also override the default namespace of your labels using this format:
`<namespace>/<name>[=<value>]`. You must whitelist your namespace using the `<namespace>/<name>[=<value>]`. If using something else than
`-extra-label-ns` option on the master. In this case, the name of the `[<sub-ns>.]feature.node.kubernetes.io`, you must whitelist your namespace
using the `-extra-label-ns` option on the master.
In this case, the name of the
file will not be added to the label name. For example, if you want to add the file will not be added to the label name. For example, if you want to add the
label `my.namespace.org/my-label=value`, your hook output or file must contains label `my.namespace.org/my-label=value`, your hook output or file must contains
`my.namespace.org/my-label=value` and you must add `my.namespace.org/my-label=value` and you must add

View file

@ -354,15 +354,18 @@ func TestSetLabels(t *testing.T) {
Convey("When --extra-label-ns and --instance are specified", func() { Convey("When --extra-label-ns and --instance are specified", func() {
// In the gRPC request the label names may omit the default ns // In the gRPC request the label names may omit the default ns
instance := "foo" instance := "foo"
vendorLabel := "vendor." + LabelNs + "/feature-4"
mockLabels := map[string]string{"feature-1": "val-1", mockLabels := map[string]string{"feature-1": "val-1",
"valid.ns/feature-2": "val-2", "valid.ns/feature-2": "val-2",
"invalid.ns/feature-3": "val-3"} "invalid.ns/feature-3": "val-3",
vendorLabel: " val-4"}
expectedPatches := []apihelper.JsonPatch{ expectedPatches := []apihelper.JsonPatch{
apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+wvAnnotation, workerVer), apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+wvAnnotation, workerVer),
apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+flAnnotation, "feature-1,valid.ns/feature-2"), apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+flAnnotation, "feature-1,valid.ns/feature-2,"+vendorLabel),
apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+erAnnotation, ""), apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+erAnnotation, ""),
apihelper.NewJsonPatch("add", "/metadata/labels", LabelNs+"/feature-1", mockLabels["feature-1"]), apihelper.NewJsonPatch("add", "/metadata/labels", LabelNs+"/feature-1", mockLabels["feature-1"]),
apihelper.NewJsonPatch("add", "/metadata/labels", "valid.ns/feature-2", mockLabels["valid.ns/feature-2"]), apihelper.NewJsonPatch("add", "/metadata/labels", "valid.ns/feature-2", mockLabels["valid.ns/feature-2"]),
apihelper.NewJsonPatch("add", "/metadata/labels", vendorLabel, mockLabels[vendorLabel]),
} }
mockMaster.args.ExtraLabelNs = map[string]struct{}{"valid.ns": {}} mockMaster.args.ExtraLabelNs = map[string]struct{}{"valid.ns": {}}

View file

@ -46,6 +46,9 @@ const (
// LabelNs defines the namespace for feature labels // LabelNs defines the namespace for feature labels
LabelNs = "feature.node.kubernetes.io" LabelNs = "feature.node.kubernetes.io"
// LabelSubNsSuffix is the suffix for allowed label sub-namespaces
LabelSubNsSuffix = "." + LabelNs
// AnnotationNsBase namespace for all NFD-related annotations // AnnotationNsBase namespace for all NFD-related annotations
AnnotationNsBase = "nfd.node.kubernetes.io" AnnotationNsBase = "nfd.node.kubernetes.io"
@ -314,7 +317,7 @@ func filterFeatureLabels(labels Labels, extraLabelNs map[string]struct{}, labelW
ns, name := splitNs(label) ns, name := splitNs(label)
// Check label namespace, filter out if ns is not whitelisted // Check label namespace, filter out if ns is not whitelisted
if ns != LabelNs { if ns != LabelNs && !strings.HasSuffix(ns, LabelSubNsSuffix) {
if _, ok := extraLabelNs[ns]; !ok { if _, ok := extraLabelNs[ns]; !ok {
klog.Errorf("Namespace %q is not allowed. Ignoring label %q\n", ns, label) klog.Errorf("Namespace %q is not allowed. Ignoring label %q\n", ns, label)
continue continue