diff --git a/cmd/nfd-master/main.go b/cmd/nfd-master/main.go index 101132d1e..40dba0588 100644 --- a/cmd/nfd-master/main.go +++ b/cmd/nfd-master/main.go @@ -185,9 +185,9 @@ func initFlags(flagset *flag.FlagSet) (*master.Args, *master.ConfigOverrideArgs) "Comma separated list of labels to be exposed as extended resources. DEPRECATED: use NodeFeatureRule objects instead") flagset.Var(overrides.ResyncPeriod, "resync-period", "Specify the NFD API controller resync period."+ - "It has an effect when the NodeFeature API has been enabled (with -enable-nodefeature-api).") + "It does not have effect when the NodeFeature API has been disabled (with -feature-gates NodeFeatureAPI=false).") overrides.NfdApiParallelism = flagset.Int("nfd-api-parallelism", 10, "Defines the maximum number of goroutines responsible of updating nodes. "+ - "Can be used for the throttling mechanism. It has effect only when -enable-nodefeature-api has been set.") + "Can be used for the throttling mechanism. It does not have effect if NodeFeatureAPI feature gate is disabled.") return args, overrides } diff --git a/cmd/nfd-worker/main.go b/cmd/nfd-worker/main.go index 91fbe78e6..5a3434541 100644 --- a/cmd/nfd-worker/main.go +++ b/cmd/nfd-worker/main.go @@ -62,8 +62,6 @@ func main() { // Check deprecated flags flags.Visit(func(f *flag.Flag) { switch f.Name { - case "enable-nodefeature-api": - klog.InfoS("-enable-nodefeature-api is deprecated, will be removed in a future release along with the deprecated gRPC API") case "ca-file": klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API") case "cert-file": diff --git a/docs/deployment/tls.md b/docs/deployment/tls.md index 4de3440a7..15e4db541 100644 --- a/docs/deployment/tls.md +++ b/docs/deployment/tls.md @@ -16,9 +16,9 @@ sort: 5 --- > **DEPRECATED**: this section only applies when the gRPC API is used, i.e. -> when the NodeFeature API is disabled via the `-enable-nodefeature-api=false` -> flag on both nfd-master and nfd-worker. The gRPC API is deprecated and will -> be removed in a future release. +> when the NodeFeature API is disabled (via the `-feature-gates +> NodeFeatureAPI=false` flag) on both nfd-master and nfd-worker. The gRPC API +> is deprecated and will be removed in a future release. NFD supports mutual TLS authentication between the nfd-master and nfd-worker instances. That is, nfd-worker and nfd-master both verify that the other end diff --git a/docs/developer-guide/index.md b/docs/developer-guide/index.md index 2bb5c858c..86a42aef8 100644 --- a/docs/developer-guide/index.md +++ b/docs/developer-guide/index.md @@ -175,8 +175,8 @@ e2e-tests: > ****DEPRECATED**: Running NFD locally is deprecated and will be removed in a > future release. It depends on the gRPC API which is deprecated and will be -> removed in a future release. To run NFD locally, use the -> `-enable-nodefeature-api=false` flag. +> removed in a future release. To run NFD locally, disable the NodeFeature API +> with `-feature-gates NodeFeatureAPI=false` flag. You can run NFD locally, either directly on your host OS or in containers for testing and development purposes. This may be useful e.g. for checking @@ -186,12 +186,12 @@ features-detection. When running as a standalone container labeling is expected to fail because Kubernetes API is not available. Thus, it is recommended to use `-no-publish` -Also specify `-crd-controller=false` and `-enable-nodefeature-api=false` +Also specify `-crd-controller=false` and `-feature-gates NodeFeatureAPI=false` command line flags to disable CRD controller and enable gRPC. E.g. ```bash $ export NFD_CONTAINER_IMAGE={{ site.container_image }} -$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master -no-publish -crd-controller=false -enable-nodefeature-api=false +$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master -no-publish -crd-controller=false -feature-gates NodeFeatureAPI=false 2019/02/01 14:48:21 Node Feature Discovery Master 2019/02/01 14:48:21 gRPC server serving on port: 8080 ``` @@ -202,7 +202,7 @@ To run nfd-worker as a "stand-alone" container you need to run it in the same network namespace as the nfd-master container: ```bash -$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker -enable-nodefeature-api=false +$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker -feature-gates NodeFeatureAPI=false 2019/02/01 14:48:56 Node Feature Discovery Worker ... ``` diff --git a/docs/reference/master-commandline-reference.md b/docs/reference/master-commandline-reference.md index 6ab261057..ffdd07e90 100644 --- a/docs/reference/master-commandline-reference.md +++ b/docs/reference/master-commandline-reference.md @@ -181,12 +181,13 @@ The `-enable-leader-election` flag enables leader election for NFD-Master. It is advised to turn on this flag when running more than one instance of NFD-Master. -This flag takes effect only when combined with `-enable-nodefeature-api` flag. +Does not have effect if the [NodeFeatureAPI](feature-gates.md#nodefeatureapi) +feature gate is disabled. Default: false ```bash -nfd-master -enable-nodefeature-api -enable-leader-election +nfd-master -enable-leader-election ``` ### -enable-taints @@ -346,7 +347,8 @@ nfd-master -options='{"noPublish": true}' The `-nfd-api-parallelism` flag can be used to specify the maximum number of concurrent node updates. -It takes effect only when `-enable-nodefeature-api` has been set. +Does not have effect if the [NodeFeatureAPI](feature-gates.md#nodefeatureapi) +feature gate is disabled. Default: 10 @@ -440,8 +442,9 @@ The `-resync-period` flag specifies the NFD API controller resync period. The resync means nfd-master replaying all NodeFeature and NodeFeatureRule objects, thus effectively re-syncing all nodes in the cluster (i.e. ensuring labels, annotations, extended resources and taints are in place). -Only has effect when the [NodeFeature](../usage/custom-resources.md#nodefeature) -CRD API has been enabled with [`-enable-nodefeature-api`](master-commandline-reference.md#-enable-nodefeature-api). + +Does not have effect if the [NodeFeatureAPI](feature-gates.md#nodefeatureapi) +feature gate is disabled. Default: 1 hour. diff --git a/docs/reference/master-configuration-reference.md b/docs/reference/master-configuration-reference.md index e58cb1e45..610248982 100644 --- a/docs/reference/master-configuration-reference.md +++ b/docs/reference/master-configuration-reference.md @@ -152,8 +152,9 @@ The `resyncPeriod` option specifies the NFD API controller resync period. The resync means nfd-master replaying all NodeFeature and NodeFeatureRule objects, thus effectively re-syncing all nodes in the cluster (i.e. ensuring labels, annotations, extended resources and taints are in place). -Only has effect when the [NodeFeature](../usage/custom-resources.md#nodefeature) -CRD API has been enabled with [`-enable-nodefeature-api`](master-commandline-reference.md#-enable-nodefeature-api). + +Does not have effect if the [NodeFeatureAPI](feature-gates.md#nodefeatureapi) +feature gate is disabled. Default: 1 hour. @@ -227,7 +228,8 @@ leaderElection: The `nfdApiParallelism` option can be used to specify the maximum number of concurrent node updates. -It takes effect only when `-enable-nodefeature-api` has been set. +Does not have effect if the [NodeFeatureAPI](feature-gates.md#nodefeatureapi) +feature gate is disabled. Default: 10 diff --git a/docs/reference/worker-commandline-reference.md b/docs/reference/worker-commandline-reference.md index 20d12ff08..738eb36ce 100644 --- a/docs/reference/worker-commandline-reference.md +++ b/docs/reference/worker-commandline-reference.md @@ -149,11 +149,12 @@ nfd-worker -key-file=/opt/nfd/worker.key -cert-file=/opt/nfd/worker.crt -ca-file ### -kubeconfig The `-kubeconfig` flag specifies the kubeconfig to use for connecting to the -Kubernetes API server. It is only needed for manipulating -[NodeFeature](../usage/custom-resources.md#nodefeature) objects, and thus the flag -only takes effect when -[`-enable-nodefeature-api`](#-enable-nodefeature-api)) is specified. An empty -value (which is also the default) implies in-cluster kubeconfig. +Kubernetes API server. It is needed for manipulating +[NodeFeature](../usage/custom-resources.md#nodefeature) objects. An empty value +(which is also the default) implies in-cluster kubeconfig. + +Does not have effect if the [NodeFeatureAPI](feature-gates.md#nodefeatureapi) +feature gate is disabled. Default: *empty* diff --git a/docs/usage/customization-guide.md b/docs/usage/customization-guide.md index b01d29c32..35cc83539 100644 --- a/docs/usage/customization-guide.md +++ b/docs/usage/customization-guide.md @@ -41,10 +41,12 @@ Note that RBAC rules must be created for each extension for them to be able to create and manipulate NodeFeature objects in their namespace. The NodeFeature CRD API can be disabled with the -`-enable-nodefeature-api=false` command line flag. This flag must be specified -for both nfd-master and nfd-worker as it will enable the gRPC communication -between them. Note that the gRPC API is **DEPRECATED** and will be removed in a -future release, at which point the NodeFeature API cannot be disabled. +[NodeFeatureAPI](../reference/feature-gates.md#nodefeatureapi) feature gate +(`-feature-gates NodeFeatureAPI=false` on command line). The `-feature-gates` +command line flag must be specified for both nfd-master and nfd-worker as it +will enable the gRPC communication between them. Note that the gRPC API is +**DEPRECATED** and will be removed in a future release, at which point the +NodeFeature API cannot be disabled. ### A NodeFeature example diff --git a/test/e2e/node_feature_discovery_test.go b/test/e2e/node_feature_discovery_test.go index d1d51f72f..224dece28 100644 --- a/test/e2e/node_feature_discovery_test.go +++ b/test/e2e/node_feature_discovery_test.go @@ -190,7 +190,7 @@ var _ = NFDDescribe(Label("nfd-master"), func() { nfdTestSuite := func(useNodeFeatureApi bool) { createPodSpecOpts := func(opts ...testpod.SpecOption) []testpod.SpecOption { if !useNodeFeatureApi { - return append(opts, testpod.SpecWithContainerExtraArgs("-enable-nodefeature-api=false")) + return append(opts, testpod.SpecWithContainerExtraArgs("-feature-gates", "NodeFeatureAPI=false")) } return opts }