mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-13 20:30:03 +00:00
Document tainting feature
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
This commit is contained in:
parent
2bdf427b89
commit
984a3de198
3 changed files with 77 additions and 2 deletions
|
@ -7,6 +7,12 @@ spec:
|
|||
# The following feature demonstrates the capabilities of the matchFeatures and
|
||||
# matchAny matchers.
|
||||
- name: "my feature rule"
|
||||
taints:
|
||||
- effect: PreferNoSchedule
|
||||
key: "feature.node.kubernetes.io/special-node"
|
||||
value: "true"
|
||||
- effect: NoExecute
|
||||
key: "feature.node.kubernetes.io/dedicated-node"
|
||||
labels:
|
||||
"my-complex-feature": "my-value"
|
||||
# matchFeatures implements a logical AND over feature matchers.
|
||||
|
|
|
@ -99,6 +99,18 @@ Example:
|
|||
nfd-master -cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key -ca-file=/opt/nfd/ca.crt
|
||||
```
|
||||
|
||||
### -enable-taints
|
||||
|
||||
The `-enable-taints` flag enables/disables node tainting feature of NFD.
|
||||
|
||||
Default: *false*
|
||||
|
||||
Example:
|
||||
|
||||
```bash
|
||||
nfd-master -enable-taints=true
|
||||
```
|
||||
|
||||
### -key-file
|
||||
|
||||
The `-key-file` is one of the three flags (together with `-ca-file` and
|
||||
|
|
|
@ -30,8 +30,8 @@ labeling:
|
|||
## NodeFeatureRule custom resource
|
||||
|
||||
`NodeFeatureRule` objects provide an easy way to create vendor or application
|
||||
specific labels. It uses a flexible rule-based mechanism for creating labels
|
||||
based on node feature.
|
||||
specific labels and taints. It uses a flexible rule-based mechanism for creating
|
||||
labels and optionally taints based on node features.
|
||||
|
||||
### A NodeFeatureRule example
|
||||
|
||||
|
@ -76,6 +76,54 @@ re-labeling delay up to the sleep-interval of nfd-worker (1 minute by default).
|
|||
|
||||
See [Label rule format](#label-rule-format) for detailed description of
|
||||
available fields and how to write labeling rules.
|
||||
### NodeFeatureRule tainting feature
|
||||
|
||||
This feature is experimental.
|
||||
|
||||
In some circumstances it is desirable keep nodes with specialized hardware away from
|
||||
running general workload and instead leave them for workloads that need the specialized
|
||||
hardware. One way to achieve it is to taint the nodes with the specialized hardware
|
||||
and add corresponding toleration to pods that require the special hardware. NFD
|
||||
offers node tainting functionality which is disabled by default. User can define
|
||||
one or more custom taints via the `taints` field of the NodeFeatureRule CR. The
|
||||
same rule-based mechanism is applied here and the NFD taints only rule matching nodes.
|
||||
|
||||
To enable the tainting feature, `--enable-taints` flag needs to be set to `true`.
|
||||
If the flag `--enable-taints` is set to `false` (i.e. disabled), taints defined in
|
||||
the NodeFeatureRule CR have no effect and will be ignored by the NFD master.
|
||||
|
||||
**NOTE**: Before enabling any taints, make sure to edit nfd-worker daemonset to
|
||||
tolerate the taints to be created. Otherwise, already running pods that do not
|
||||
tolerate the taint are evicted immediately from the node including the nfd-worker
|
||||
pod.
|
||||
|
||||
Example NodeFeatureRule with custom taints:
|
||||
|
||||
```yaml
|
||||
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
||||
kind: NodeFeatureRule
|
||||
metadata:
|
||||
name: my-sample-rule-object
|
||||
spec:
|
||||
rules:
|
||||
- name: "my sample taint rule"
|
||||
taints:
|
||||
- effect: PreferNoSchedule
|
||||
key: "feature.node.kubernetes.io/special-node"
|
||||
value: "true"
|
||||
- effect: NoExecute
|
||||
key: "feature.node.kubernetes.io/dedicated-node"
|
||||
matchFeatures:
|
||||
- feature: kernel.loadedmodule
|
||||
matchExpressions:
|
||||
dummy: {op: Exists}
|
||||
- feature: kernel.config
|
||||
matchExpressions:
|
||||
X86: {op: In, value: ["y"]}
|
||||
```
|
||||
|
||||
In this example, if the `my sample taint rule` rule is matched, `feature.node.kubernetes.io/pci-0300_1d0f.present=true:NoExecute`
|
||||
and `feature.node.kubernetes.io/cpu-cpuid.ADX:NoExecute` taints are set on the node.
|
||||
|
||||
### NodeFeatureRule controller
|
||||
|
||||
|
@ -365,6 +413,15 @@ details.
|
|||
labels specified in the `labels` field will override anything
|
||||
originating from `labelsTemplate`.
|
||||
|
||||
### Taints
|
||||
|
||||
*taints* is a list of taint entries and each entry can have `key`, `value` and `effect`,
|
||||
where the `value` is optional. Effect could be `NoSchedule`, `PreferNoSchedule`
|
||||
or `NoExecute`. To learn more about the meaning of these effects, check out k8s [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).
|
||||
|
||||
**NOTE** taints field is not available for the custom rules of nfd-worker and only
|
||||
for NodeFeatureRule objects.
|
||||
|
||||
#### Vars
|
||||
|
||||
The `.vars` field is a map of values (key-value pairs) to store for subsequent
|
||||
|
|
Loading…
Add table
Reference in a new issue