mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-15 17:50:49 +00:00
Code Activity

Merge pull request #704 from marquiz/documentation/customization-guide

Browse source 
docs: add customization guide
This commit is contained in:
Kubernetes Prow Robot 2022-01-10 08:17:13 -08:00 committed by GitHub
commit 5a2e0ce5a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 1160 additions and 556 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/_config.yml
View file

@ -44,6 +44,14 @@ remote_theme: rundocs/jekyll-rtd-theme@v2.0.10
version: master version: master
display_version_list: true display_version_list: true
# Customize page width (make it wider) for large screens
scss: |
@media(min-width: 1280px){
.content-wrap{
max-width: 1200px
}
}
# Release is the full released version number. Used to make external links to # Release is the full released version number. Used to make external links to
# point to the correct blobs in the Github repo. This is also the version shown # point to the correct blobs in the Github repo. This is also the version shown
# in the sidebar (top left corner of the page) # in the sidebar (top left corner of the page)

1028
docs/advanced/customization-guide.md
View file

File diff suppressed because it is too large Load diff

664
docs/get-started/features.md
View file

@ -1,10 +1,10 @@
--- ---
title: "Feature discovery" title: "Feature labels"
layout: default layout: default
sort: 4 sort: 4
--- ---
# Feature discovery # Feature labels
{: .no_toc} {: .no_toc}
## Table of contents ## Table of contents
@ -15,100 +15,68 @@ sort: 4
--- ---
Feature discovery in nfd-worker is performed by a set of separate modules Features are advertised as labels in the Kubernetes Node object.
called feature sources. Most of them are specifically responsible for certain
domain of features (e.g. cpu). In addition there are two highly customizable
feature sources that work accross the system.
## Feature labels ## Built-in labels
Each discovered feature is advertised a label in the Kubernetes Node object. Label creation in nfd-worker is performed by a set of separate modules called
The published node labels encode a few pieces of information: label sources. The
[`core.labelSources`](../advanced/worker-configuration-reference#corelabelsources)
configuration option (or
[`-label-sources`](../advanced/worker-commandline-reference#-label-sources)
flag) of nfd-worker controls which sources to enable for label generation.
- Namespace All built-in labels use the `feature.node.kubernetes.io` label namespace and
- all built-in labels use `feature.node.kubernetes.io` have the following format.
- user-specified custom labels ([custom](#custom) and
[local](#local--user-specific-features) feature sources)
- `feature.node.kubernetes.io` and `profile.node.kubernetes.io` plus their
sub-namespaces (e.g. `vendor.profile.node.kubernetes.io` and
`sub.ns.profile.node.kubernetes.io`) are allowed by default
- additional namespaces may be enabled with the
[`-extra-label-ns`](../advanced/master-commandline-reference#-extra-label-ns)
command line flag of nfd-master
- The source for each label (e.g. `cpu`).
- The name of the discovered feature as it appears in the underlying
source, (e.g. `cpuid.AESNI` from cpu).
- The value of the discovered feature.
Feature label names adhere to the following pattern:
```plaintext ```plaintext
<namespace>/<source name>-<feature name>[.<attribute name>] feature.node.kubernetes.io/<feature> = <value>
``` ```
The last component (i.e. `attribute-name`) is optional, and only used if a
feature logically has sub-hierarchy, e.g. `sriov.capable` and
`sriov.configure` from the `network` source.
The `-label-sources` flag controls which sources to enable for label
generation.
*Note: Consecutive runs of nfd-worker will update the labels on a *Note: Consecutive runs of nfd-worker will update the labels on a
given node. If features are not discovered on a consecutive run, the corresponding given node. If features are not discovered on a consecutive run, the corresponding
label will be removed. This includes any restrictions placed on the consecutive run, label will be removed. This includes any restrictions placed on the consecutive run,
such as restricting discovered features with the -label-whitelist option.* such as restricting discovered features with the -label-whitelist option.*
## Feature sources
### CPU ### CPU
The **cpu** feature source supports the following labels: | Feature name | Value | Description
| ----------------------- | ------------ | -----------
| **`cpu-cpuid.<cpuid-flag>`** | true | CPU capability is supported. **NOTE:** the capability might be supported but not enabled.
| **`cpu-hardware_multithreading`** | true | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs)
| **`cpu-power.sst_bf.enabled`** | true | Intel SST-BF ([Intel Speed Select Technology][intel-sst] - Base frequency) enabled
| **`cpu-pstate.status`** | string | The status of the [Intel pstate][intel-pstate] driver when in use and enabled, either 'active' or 'passive'.
| **`cpu-pstate.turbo`** | bool | Set to 'true' if turbo frequencies are enabled in Intel pstate driver, set to 'false' if they have been disabled.
| **`cpu-pstate.scaling_governor`** | string | The value of the Intel pstate scaling_governor when in use, either 'powersave' or 'performance'.
| **`cpu-cstate.enabled`** | bool | Set to 'true' if cstates are set in the intel_idle driver, otherwise set to 'false'. Unset if intel_idle cpuidle driver is not active.
| **`cpu-rdt.<rdt-flag>`** | true | [Intel RDT][intel-rdt] capability is supported. See [RDT flags](#intel-rdt-flags) for details.
| **`cpu-sgx.enabled`** | true | Set to 'true' if Intel SGX is enabled in BIOS (based a non-zero sum value of SGX EPC section sizes).
| Feature name | Attribute | Description | The CPU label source is configurable, see
| ----------------------- | ------------------ | ----------------------------- | [worker configuration](deployment-and-usage#worker-configuration) and
| cpuid | &lt;cpuid flag&gt; | CPU capability is supported [`sources.cpu`](../advanced/worker-configuration-reference#sourcescpu)
| hardware_multithreading | | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) configuration options for details.
| power | sst_bf.enabled | Intel SST-BF ([Intel Speed Select Technology][intel-sst] - Base frequency) enabled
| [pstate][intel-pstate] | status | The status of the Intel pstate driver when in use and enabled, either 'active' or 'passive'.
| | turbo | Set to 'true' if turbo frequencies are enabled in Intel pstate driver, set to 'false' if they have been disabled.
| | scaling_governor | The value of the Intel pstate scaling_governor when in use, either 'powersave' or 'performance'.
| cstate | enabled | Set to 'true' if cstates are set in the intel_idle driver, otherwise set to 'false'. Unset if intel_idle cpuidle driver is not active.
| [rdt][intel-rdt] | RDTMON | Intel RDT Monitoring Technology
| | RDTCMT | Intel Cache Monitoring (CMT)
| | RDTMBM | Intel Memory Bandwidth Monitoring (MBM)
| | RDTL3CA | Intel L3 Cache Allocation Technology
| | RDTL2CA | Intel L2 Cache Allocation Technology
| | RDTMBA | Intel Memory Bandwidth Allocation (MBA) Technology
| sgx | enabled | Set to 'true' if Intel SGX is enabled in BIOS (based a non-zero sum value of SGX EPC section sizes).
The (sub-)set of CPUID attributes to publish is configurable via the #### X86 CPUID flags (partial list)
`attributeBlacklist` and `attributeWhitelist` cpuid options of the cpu source.
If whitelist is specified, only whitelisted attributes will be published. With
blacklist, only blacklisted attributes are filtered out. `attributeWhitelist`
has priority over `attributeBlacklist`. For examples and more information
about configurability, see
[configuration](deployment-and-usage#worker-configuration).
By default, the following CPUID flags have been blacklisted:
BMI1, BMI2, CLMUL, CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT,
RDRAND, RDSEED, RDTSCP, SGX, SSE, SSE2, SSE3, SSE4, SSE42 and SSSE3.
**NOTE** The cpuid features advertise *supported* CPU capabilities, that is, a | Flag | Description |
capability might be supported but not enabled.
#### X86 CPUID attributes (partial list)
| Attribute | Description |
| --------- | ---------------------------------------------------------------- | | --------- | ---------------------------------------------------------------- |
| ADX | Multi-Precision Add-Carry Instruction Extensions (ADX) | ADX | Multi-Precision Add-Carry Instruction Extensions (ADX)
| AESNI | Advanced Encryption Standard (AES) New Instructions (AES-NI) | AESNI | Advanced Encryption Standard (AES) New Instructions (AES-NI)
| AVX | Advanced Vector Extensions (AVX) | AVX | Advanced Vector Extensions (AVX)
| AVX2 | Advanced Vector Extensions 2 (AVX2) | AVX2 | Advanced Vector Extensions 2 (AVX2)
By default, the following CPUID flags have been blacklisted: BMI1, BMI2, CLMUL,
CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT, RDRAND, RDSEED,
RDTSCP, SGX, SSE, SSE2, SSE3, SSE4, SSE42 and SSSE3. See
[`sources.cpu`](../advanced/worker-configuration-reference#sourcescpu)
configuration options to change the behavior.
See the full list in [github.com/klauspost/cpuid][klauspost-cpuid]. See the full list in [github.com/klauspost/cpuid][klauspost-cpuid].
#### Arm CPUID attribute (partial list) #### Arm CPUID flags (partial list)
| Attribute | Description | | Flag | Description |
| --------- | ---------------------------------------------------------------- | | --------- | ---------------------------------------------------------------- |
| IDIVA | Integer divide instructions available in ARM mode | IDIVA | Integer divide instructions available in ARM mode
| IDIVT | Integer divide instructions available in Thumb mode | IDIVT | Integer divide instructions available in Thumb mode
@ -123,9 +91,9 @@ See the full list in [github.com/klauspost/cpuid][klauspost-cpuid].
| NEON | NEON SIMD instructions | NEON | NEON SIMD instructions
| LPAE | Large Physical Address Extensions | LPAE | Large Physical Address Extensions
#### Arm64 CPUID attribute (partial list) #### Arm64 CPUID flags (partial list)
| Attribute | Description | | Flag | Description |
| --------- | ---------------------------------------------------------------- | | --------- | ---------------------------------------------------------------- |
| AES | Announcing the Advanced Encryption Standard | AES | Announcing the Advanced Encryption Standard
| EVSTRM | Event Stream Frequency Features | EVSTRM | Event Stream Frequency Features
@ -137,521 +105,113 @@ See the full list in [github.com/klauspost/cpuid][klauspost-cpuid].
| JSCVT | Perform Conversion to Match Javascript | JSCVT | Perform Conversion to Match Javascript
| DCPOP | Persistent Memory Support | DCPOP | Persistent Memory Support
### Custom #### Intel RDT flags
The Custom feature source allows the user to define features based on a mix of | Flag | Description |
predefined rules. A rule is provided input witch affects its process of | --------- | ---------------------------------------------------------------- |
matching for a defined feature. The rules are specified in the | RDTMON | Intel RDT Monitoring Technology
nfd-worker configuration file. See | RDTCMT | Intel Cache Monitoring (CMT)
[configuration](deployment-and-usage.md#worker-configuration) for instructions | RDTMBM | Intel Memory Bandwidth Monitoring (MBM)
and examples how to set-up and manage the worker configuration. | RDTL3CA | Intel L3 Cache Allocation Technology
| RDTl2CA | Intel L2 Cache Allocation Technology
To aid in making Custom Features clearer, we define a general and a per rule | RDTMBA | Intel Memory Bandwidth Allocation (MBA) Technology
nomenclature, keeping things as consistent as possible.
#### Additional configuration directory
Additionally to the rules defined in the nfd-worker configuration file, the
Custom feature can read more configuration files located in the
`/etc/kubernetes/node-feature-discovery/custom.d/` directory. This makes more
dynamic and flexible configuration easier. This directory must be available
inside the NFD worker container, so Volumes and VolumeMounts must be used for
mounting e.g. ConfigMap(s). The example deployment manifests provide an example
(commented out) for providing Custom configuration with an additional
ConfigMap, mounted into the `custom.d` directory.
#### General nomenclature & definitions
```plaintext
Rule :Represents a matching logic that is used to match on a feature.
Rule Input :The input a Rule is provided. This determines how a Rule performs the match operation.
Matcher :A composition of Rules, each Matcher may be composed of at most one instance of each Rule.
```
#### Custom features format (using the nomenclature defined above)
Rules are specified under `sources.custom` in the nfd-worker configuration
file.
```yaml
sources:
custom:
- name: <feature name>
value: <optional feature value, defaults to "true">
matchOn:
- <Rule-1>: <Rule-1 Input>
[<Rule-2>: <Rule-2 Input>]
- <Matcher-2>
- ...
- ...
- <Matcher-N>
- <custom feature 2>
- ...
- ...
- <custom feature M>
```
#### Matching process
Specifying Rules to match on a feature is done by providing a list of Matchers.
Each Matcher contains one or more Rules.
Logical _OR_ is performed between Matchers and logical _AND_ is performed
between Rules of a given Matcher.
#### Rules
##### pciid rule
###### Nomenclature
```plaintext
Attribute :A PCI attribute.
Element :An identifier of the PCI attribute.
```
The PciId Rule allows matching the PCI devices in the system on the following
Attributes: `class`,`vendor` and `device`. A list of Elements is provided for
each Attribute.
###### Format
```yaml
pciId :
class: [<class id>, ...]
vendor: [<vendor id>, ...]
device: [<device id>, ...]
```
Matching is done by performing a logical _OR_ between Elements of an Attribute
and logical _AND_ between the specified Attributes for each PCI device in the
system. At least one Attribute must be specified. Missing attributes will not
partake in the matching process.
##### UsbId rule
###### Nomenclature
```plaintext
Attribute :A USB attribute.
Element :An identifier of the USB attribute.
```
The UsbId Rule allows matching the USB devices in the system on the following
Attributes: `class`,`vendor`, `device` and `serial`. A list of Elements is
provided for each Attribute.
###### Format
```yaml
usbId :
class: [<class id>, ...]
vendor: [<vendor id>, ...]
device: [<device id>, ...]
serial: [<serial>, ...]
```
Matching is done by performing a logical _OR_ between Elements of an Attribute
and logical _AND_ between the specified Attributes for each USB device in the
system. At least one Attribute must be specified. Missing attributes will not
partake in the matching process.
##### LoadedKMod rule
###### Nomenclature
```plaintext
Element :A kernel module
```
The LoadedKMod Rule allows matching the loaded kernel modules in the system
against a provided list of Elements.
###### Format
```yaml
loadedKMod : [<kernel module>, ...]
```
Matching is done by performing logical _AND_ for each provided Element, i.e
the Rule will match if all provided Elements (kernel modules) are loaded in the
system.
##### CpuId rule
###### Nomenclature
```plaintext
Element :A CPUID flag
```
The Rule allows matching the available CPUID flags in the system against a
provided list of Elements.
###### Format
```yaml
cpuId : [<CPUID flag string>, ...]
```
Matching is done by performing logical _AND_ for each provided Element, i.e the
Rule will match if all provided Elements (CPUID flag strings) are available in
the system.
##### Kconfig rule
###### Nomenclature
```plaintext
Element :A Kconfig option
```
The Rule allows matching the kconfig options in the system against a provided
list of Elements.
###### Format
```yaml
kConfig: [<kernel config option ('y' or 'm') or '=<value>'>, ...]
```
Matching is done by performing logical _AND_ for each provided Element, i.e the
Rule will match if all provided Elements (kernel config options) are enabled
(`y` or `m`) or matching `=<value>` in the kernel.
##### Nodename rule
###### Nomenclature
```plaintext
Element :A nodename regexp pattern
```
The Rule allows matching the node's name against a provided list of Elements.
###### Format
```yaml
nodename: [ <nodename regexp pattern>, ... ]
```
Matching is done by performing logical _OR_ for each provided Element, i.e the
Rule will match if one of the provided Elements (nodename regexp pattern)
matches the node's name.
#### Example
```yaml
custom:
- name: "my.kernel.feature"
matchOn:
- loadedKMod: ["kmod1", "kmod2"]
- name: "my.pci.feature"
matchOn:
- pciId:
vendor: ["15b3"]
device: ["1014", "1017"]
- name: "my.usb.feature"
matchOn:
- usbId:
vendor: ["1d6b"]
device: ["0003"]
serial: ["090129a"]
- name: "my.combined.feature"
matchOn:
- loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
pciId:
vendor: ["15b3"]
device: ["1014", "1017"]
- name: "vendor.feature.node.kubernetes.io/accumulated.feature"
matchOn:
- loadedKMod : ["some_kmod1", "some_kmod2"]
- pciId:
vendor: ["15b3"]
device: ["1014", "1017"]
- name: "my.kernel.featureneedscpu"
matchOn:
- kConfig: ["KVM_INTEL"]
- cpuId: ["VMX"]
- name: "my.kernel.modulecompiler"
matchOn:
- kConfig: ["GCC_VERSION=100101"]
loadedKMod: ["kmod1"]
- name: "profile.node.kubernetes.io/my-datacenter"
value: "datacenter-1"
matchOn:
- nodename: [ "node-datacenter1-rack.*-server.*" ]
```
__In the example above:__
- A node would contain the label:
`feature.node.kubernetes.io/custom-my.kernel.feature=true` if the node has
`kmod1` _AND_ `kmod2` kernel modules loaded.
- A node would contain the label:
`feature.node.kubernetes.io/custom-my.pci.feature=true` if the node contains
a PCI device with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _OR_
`1017`.
- A node would contain the label:
`feature.node.kubernetes.io/custom-my.usb.feature=true` if the node contains
a USB device with a USB vendor ID of `1d6b` _AND_ USB device ID of `0003`.
- A node would contain the label:
`feature.node.kubernetes.io/custom-my.combined.feature=true` if
`vendor_kmod1` _AND_ `vendor_kmod2` kernel modules are loaded __AND__ the node
contains a PCI device
with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _or_ `1017`.
- A node would contain the label:
`vendor.feature.node.kubernetes.io/accumulated.feature=true` if
`some_kmod1` _AND_ `some_kmod2` kernel modules are loaded __OR__ the node
contains a PCI device
with a PCI vendor ID of `15b3` _AND_ PCI device ID of `1014` _OR_ `1017`.
- A node would contain the label:
`feature.node.kubernetes.io/custom-my.kernel.featureneedscpu=true` if
`KVM_INTEL` kernel config is enabled __AND__ the node CPU supports `VMX`
virtual machine extensions
- A node would contain the label:
`feature.node.kubernetes.io/custom-my.kernel.modulecompiler=true` if the
in-tree `kmod1` kernel module is loaded __AND__ it's built with
`GCC_VERSION=100101`.
- A node would contain the label:
`profile.node.kubernetes.io/my-datacenter=datacenter-1` if the node's name
matches the `node-datacenter1-rack.*-server.*` pattern, e.g.
`node-datacenter1-rack2-server42`
#### Statically defined features
Some feature labels which are common and generic are defined statically in the
`custom` feature source. A user may add additional Matchers to these feature
labels by defining them in the `nfd-worker` configuration file.
| Feature | Attribute | Description |
| ------- | --------- | -----------|
| rdma | capable | The node has an RDMA capable Network adapter |
| rdma | enabled | The node has the needed RDMA modules loaded to run RDMA traffic |
### IOMMU (deprecated) ### IOMMU (deprecated)
The **iommu** feature source supports the following labels: | Feature | Value | Description
| ------------------- | ----- | -----------
| Feature name | Description | | **`iommu.enabled`** | true | IOMMU is present and enabled in the kernel
| :------------: | :---------------------------------------------------------: |
| enabled | IOMMU is present and enabled in the kernel
**DEPRECATED**: The **iommu** source is deprecated and not enabled by default. **DEPRECATED**: The **iommu** source is deprecated and not enabled by default.
### Kernel ### Kernel
The **kernel** feature source supports the following labels: | Feature | Value | Description
| ------- | ------ | -----------
| **`kernel-config.<option>`** | true | Kernel config option is enabled (set 'y' or 'm'). Default options are `NO_HZ`, `NO_HZ_IDLE`, `NO_HZ_FULL` and `PREEMPT`
| **`kernel-selinux.enabled`** | true | Selinux is enabled on the node
| **`kernel-version.full`** | string | Full kernel version as reported by `/proc/sys/kernel/osrelease` (e.g. '4.5.6-7-g123abcde')
| **`kernel-version.major`** | string | First component of the kernel version (e.g. '4')
| **`kernel-version.minor`** | string | Second component of the kernel version (e.g. '5')
| **`kernel-version.revision`** | string | Third component of the kernel version (e.g. '6')
| Feature | Attribute | Description | The kernel label source is configurable, see
| ------- | ------------------- | -------------------------------------------- | [worker configuration](deployment-and-usage#worker-configuration) and
| config | &lt;option name&gt; | Kernel config option is enabled (set 'y' or 'm'). Default options are `NO_HZ`, `NO_HZ_IDLE`, `NO_HZ_FULL` and `PREEMPT` [`sources.kernel`](../advanced/worker-configuration-reference#sourceskernel)
| selinux | enabled | Selinux is enabled on the node configuration options for details.
| version | full | Full kernel version as reported by `/proc/sys/kernel/osrelease` (e.g. '4.5.6-7-g123abcde')
| | major | First component of the kernel version (e.g. '4')
| | minor | Second component of the kernel version (e.g. '5')
| | revision | Third component of the kernel version (e.g. '6')
Kernel config file to use, and, the set of config options to be detected are
configurable. See [configuration](deployment-and-usage#worker-configuration)
for more information.
### Memory ### Memory
The **memory** feature source supports the following labels: | Feature | Value | Description
| ----------- | ----- | -----------
| Feature | Attribute | Description | | **`memory-numa`** | true | Multiple memory nodes i.e. NUMA architecture detected
| ------- | --------- | ------------------------------------------------------ | | **`memory-nv.present`** | true | NVDIMM device(s) are present
| numa | | Multiple memory nodes i.e. NUMA architecture detected | **`memory-nv.dax`** | true | NVDIMM region(s) configured in DAX mode are present
| nv | present | NVDIMM device(s) are present
| nv | dax | NVDIMM region(s) configured in DAX mode are present
### Network ### Network
The **network** feature source supports the following labels: | Feature | Value | Description
| ----------- | ----- | -----------
| Feature | Attribute | Description | | **`network-sriov.capable`** | true | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled Network Interface Card(s) present
| ------- | ---------- | ----------------------------------------------------- | | **`network-sriov.configured`** | true | SR-IOV virtual functions have been configured
| sriov | capable | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled Network Interface Card(s) present
| | configured | SR-IOV virtual functions have been configured
### PCI ### PCI
The **pci** feature source supports the following labels: | Feature | Value | Description
| ----------- | ----- | -----------
| **`pci-<device label>.present`** | true | PCI device is detected
| **`pci-<device label>.sriov.capable`** | true | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled PCI device present
| Feature | Attribute | Description | `<device label>` is format is configurable and set to `<class>_<vendor>` by
| -------------------- | ------------- | ------------------------------------- | default. For more more details about configuration of the pci labels, see
| &lt;device label&gt; | present | PCI device is detected [`sources.pci`](../advanced/worker-configuration-reference#sourcespci) options
| &lt;device label&gt; | sriov.capable | [Single Root Input/Output Virtualization][sriov] (SR-IOV) enabled PCI device present and [worker configuration](deployment-and-usage#worker-configuration)
instructions.
`<device label>` is composed of raw PCI IDs, separated by underscores. The set
of fields used in `<device label>` is configurable, valid fields being `class`,
`vendor`, `device`, `subsystem_vendor` and `subsystem_device`. Defaults are
`class` and `vendor`. An example label using the default label fields:
```plaintext
feature.node.kubernetes.io/pci-1200_8086.present=true
```
Also the set of PCI device classes that the feature source detects is
configurable. By default, device classes (0x)03, (0x)0b40 and (0x)12, i.e.
GPUs, co-processors and accelerator cards are detected.
### USB ### USB
The **usb** feature source supports the following labels: | Feature | Value | Description
| ----------- | ----- | -----------
| **`usb-<device label>.present`** | true | USB device is detected
| Feature | Attribute | Description | `<device label>` is format is configurable and set to
| -------------------- | ------------- | ------------------------------------- | `<class>_<vendor>_<device>` by default. For more more details about
| &lt;device label&gt; | present | USB device is detected configuration of the usb labels, see
[`sources.usb`](../advanced/worker-configuration-reference#sourcesusb) options
`<device label>` is composed of raw USB IDs, separated by underscores. The set and [worker configuration](deployment-and-usage#worker-configuration)
of fields used in `<device label>` is configurable, valid fields being `class`, instructions.
`vendor`, `device` and `serial`. Defaults are `class`, `vendor` and `device`.
An example label using the default label fields:
```plaintext
feature.node.kubernetes.io/usb-fe_1a6e_089a.present=true
```
See [configuration](deployment-and-usage#worker-configuration) for more
information on NFD config.
### Storage ### Storage
The **storage** feature source supports the following labels: | Feature | Value | Description
| ----------- | ----- | -----------
| Feature name | Description | | **`storage-nonrotationaldisk`** | true | Non-rotational disk, like SSD, is present in the node
| ------------------ | ------------------------------------------------------- |
| nonrotationaldisk | Non-rotational disk, like SSD, is present in the node
### System ### System
The **system** feature source supports the following labels: | Feature | Value | Description
| ----------- | ----- | -----------
| **`system-os_release.ID`** | string | Operating system identifier
| **`system-os_release.VERSION_ID`** | string |Operating system version identifier (e.g. '6.7')
| **`system-os_release.VERSION_ID.major`** | string |First component of the OS version id (e.g. '6')
| **`system-os_release.VERSION_ID.minor`** | string | Second component of the OS version id (e.g. '7')
| Feature | Attribute | Description | ### Custom
| ----------- | ---------------- | --------------------------------------------|
| os_release | ID | Operating system identifier
| | VERSION_ID | Operating system version identifier (e.g. '6.7')
| | VERSION_ID.major | First component of the OS version id (e.g. '6')
| | VERSION_ID.minor | Second component of the OS version id (e.g. '7')
### Local -- user-specific features The custom label source is designed for creating
[user defined labels](#user-defined-labels). However, it has a few statically
defined built-in labels:
NFD has a special feature source named *local* which is designed for getting | Feature | Value | Description
the labels from user-specific feature detector. It provides a mechanism for | ----------- | ----- | -----------
users to implement custom feature sources in a pluggable way, without modifying | **`custom-rdma.capable`** | true | The node has an RDMA capable Network adapter |
nfd source code or Docker images. The local feature source can be used to | **`custom-rdma.enabled`** | true | The node has the needed RDMA modules loaded to run RDMA traffic |
advertise new user-specific features, and, for overriding labels created by the
other feature sources.
The *local* feature source gets its labels by two different ways: ## User defined labels
- It tries to execute files found under NFD has many extension points for creating vendor and application specific
`/etc/kubernetes/node-feature-discovery/source.d/` directory. The hook files labels. See the [customization guide](../advanced/customization-guide.md) for
must be executable and they are supposed to print all discovered features in detailed documentation.
`stdout`, one per line. With ELF binaries static linking is recommended as
the selection of system libraries available in the NFD release image is very
limited. Other runtimes currently supported by the NFD stock image are bash
and perl.
- It reads files found under
`/etc/kubernetes/node-feature-discovery/features.d/` directory. The file
content is expected to be similar to the hook output (described above).
**NOTE:** The [minimal](deployment-and-usage#minimal) image variant only
supports running statically linked binaries.
These directories must be available inside the Docker image so Volumes and
VolumeMounts must be used if standard NFD images are used. The given template
files mount by default the `source.d` and the `features.d` directories
respectively from `/etc/kubernetes/node-feature-discovery/source.d/` and
`/etc/kubernetes/node-feature-discovery/features.d/` from the host. You should
update them to match your needs.
In both cases, the labels can be binary or non binary, using either `<name>` or
`<name>=<value>` format.
`local` has precedence over other label sources which makes it possible to
override labels created by them.
You can also override the default namespace of your labels using this format:
`<namespace>/<name>[=<value>]`. If using something else than
`[<sub-ns>.]feature.node.kubernetes.io` or
`[<sub-ns>.]profile.node.kubernetes.io`, you must whitelist your namespace
using the `-extra-label-ns` option on the master.
For example, if you want to add the
label `my.namespace.org/my-label=value`, your hook output or file must contains
`my.namespace.org/my-label=value` and you must add
`-extra-label-ns=my.namespace.org` on the master command line.
`stderr` output of the hooks is propagated to NFD log so it can be used for
debugging and logging.
#### Injecting labels from other pods
One use case for the hooks and/or feature files is detecting features in other
Pods outside NFD, e.g. in Kubernetes device plugins. It is possible to mount
the `source.d` and/or `features.d` directories common with the NFD Pod and
deploy the custom hooks/features there. NFD will periodically scan the
directories and run any hooks and read any feature files it finds. The
default deployments contain `hostPath` mounts for `sources.d` and `features.d`
directories. By using the same mounts in the secondary Pod (e.g. device plugin)
you have created a shared area for delivering hooks and feature files to NFD.
#### A hook example
User has a shell script
`/etc/kubernetes/node-feature-discovery/source.d/my-hook.sh` which has the
following `stdout` output:
```plaintext
my-feature.1
my-feature.2=myvalue
my.namespace/my-feature.3=456
```
which, in turn, will translate into the following node labels:
```plaintext
feature.node.kubernetes.io/my-feature.1=true
feature.node.kubernetes.io/my-feature.2=myvalue
my.namespace/my-feature.3=456
```
#### A file example
User has a file `/etc/kubernetes/node-feature-discovery/features.d/my-features`
which contains the following lines:
```plaintext
my-feature.4
my-feature.5=myvalue
my.namespace/my-feature.6=456
```
which, in turn, will translate into the following node labels:
```plaintext
feature.node.kubernetes.io/my-feature.4=true
feature.node.kubernetes.io/my-feature.5=myvalue
my.namespace/my-feature.6=456
```
NFD tries to run any regular files found from the hooks directory. Any
additional data files your hook might need (e.g. a configuration file) should
be placed in a separate directory in order to avoid NFD unnecessarily trying to
execute these. You can use a subdirectory under the hooks directory, for
example `/etc/kubernetes/node-feature-discovery/source.d/conf/`.
**NOTE!** NFD will blindly run any executables placed/mounted in the hooks
directory. It is the user's responsibility to review the hooks for e.g.
possible security implications.
**NOTE!** Be careful when creating and/or updating hook or feature files while
NFD is running. In order to avoid race conditions you should write into a
temporary file (outside the `source.d` and `features.d` directories), and,
atomically create/update the original file by doing a filesystem move
operation.
## Extended resources ## Extended resources

16
examples/nodefeaturerule.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: nfd.k8s-sigs.io/v1alpha1
kind: NodeFeatureRule
metadata:
name: my-sample-rule-object
spec:
rules:
- name: "my sample rule"
labels:
"my-sample-feature": "true"
matchFeatures:
- feature: kernel.loadedmodule
matchExpressions:
dummy: {op: Exists}
- feature: kernel.config
matchExpressions:
X86: {op: In, value: ["y"]}