From af0592b87cfbad9608b21ede4f5025312cd3fc6c Mon Sep 17 00:00:00 2001 From: Tobias Giese Date: Tue, 17 Sep 2024 15:02:16 +0200 Subject: [PATCH] Add helm values to configure hostNetwork and additional env vars We have to run our NFD workers in the host network. Also we need additional env variables such as KUBERNETES_SERVICE_HOST and _PORT. To achieve this we can simply add generic helm values. The default behavior is not changed. Signed-off-by: Tobias Giese --- .../helm/node-feature-discovery/templates/master.yaml | 6 ++++++ .../helm/node-feature-discovery/templates/nfd-gc.yaml | 4 ++++ .../templates/topologyupdater.yaml | 10 ++++++++-- .../helm/node-feature-discovery/templates/worker.yaml | 10 ++++++++-- deployment/helm/node-feature-discovery/values.yaml | 10 +++++++++- docs/deployment/helm.md | 8 ++++++++ 6 files changed, 43 insertions(+), 5 deletions(-) diff --git a/deployment/helm/node-feature-discovery/templates/master.yaml b/deployment/helm/node-feature-discovery/templates/master.yaml index 53f44687d..88b898ec3 100644 --- a/deployment/helm/node-feature-discovery/templates/master.yaml +++ b/deployment/helm/node-feature-discovery/templates/master.yaml @@ -40,6 +40,7 @@ spec: enableServiceLinks: false securityContext: {{- toYaml .Values.master.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.master.hostNetwork }} containers: - name: master securityContext: @@ -55,11 +56,16 @@ spec: name: grpc - containerPort: {{ .Values.master.metricsPort | default "8081" }} name: metrics + - containerPort: 8082 + name: health env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName + {{- with .Values.master.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} command: - "nfd-master" resources: diff --git a/deployment/helm/node-feature-discovery/templates/nfd-gc.yaml b/deployment/helm/node-feature-discovery/templates/nfd-gc.yaml index e1acf01cf..f5f7575c7 100644 --- a/deployment/helm/node-feature-discovery/templates/nfd-gc.yaml +++ b/deployment/helm/node-feature-discovery/templates/nfd-gc.yaml @@ -39,6 +39,7 @@ spec: {{- end }} securityContext: {{- toYaml .Values.gc.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.gc.hostNetwork }} containers: - name: gc image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -48,6 +49,9 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + {{- with .Values.gc.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} command: - "nfd-gc" args: diff --git a/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml b/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml index ee2bedff3..483674bc5 100644 --- a/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml +++ b/deployment/helm/node-feature-discovery/templates/topologyupdater.yaml @@ -39,6 +39,7 @@ spec: {{- end }} securityContext: {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.topologyUpdater.hostNetwork }} containers: - name: topology-updater image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -56,6 +57,9 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP + {{- with .Values.topologyUpdater.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} command: - "nfd-topology-updater" args: @@ -90,8 +94,10 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} ports: - - name: metrics - containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}} + - containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}} + name: metrics + - containerPort: 8082 + name: health volumeMounts: {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} - name: kubelet-config diff --git a/deployment/helm/node-feature-discovery/templates/worker.yaml b/deployment/helm/node-feature-discovery/templates/worker.yaml index 2435d2079..4c31e84dd 100644 --- a/deployment/helm/node-feature-discovery/templates/worker.yaml +++ b/deployment/helm/node-feature-discovery/templates/worker.yaml @@ -39,6 +39,7 @@ spec: serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }} securityContext: {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.worker.hostNetwork }} containers: - name: worker securityContext: @@ -62,6 +63,9 @@ spec: valueFrom: fieldRef: fieldPath: metadata.uid + {{- with .Values.worker.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} resources: {{- toYaml .Values.worker.resources | nindent 12 }} command: @@ -84,8 +88,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} ports: - - name: metrics - containerPort: {{ .Values.worker.metricsPort | default "8081"}} + - containerPort: {{ .Values.worker.metricsPort | default "8081"}} + name: metrics + - containerPort: 8082 + name: health volumeMounts: - name: host-boot mountPath: "/host-boot" diff --git a/deployment/helm/node-feature-discovery/values.yaml b/deployment/helm/node-feature-discovery/values.yaml index db9432bce..db088410e 100644 --- a/deployment/helm/node-feature-discovery/values.yaml +++ b/deployment/helm/node-feature-discovery/values.yaml @@ -19,6 +19,8 @@ priorityClassName: "" master: enable: true extraArgs: [] + extraEnvs: [] + hostNetwork: false config: ### # noPublish: false # autoDefaultNs: true @@ -157,6 +159,8 @@ master: worker: enable: true extraArgs: [] + extraEnvs: [] + hostNetwork: false config: ### #core: # labelWhiteList: @@ -476,8 +480,10 @@ topologyUpdater: ### enable: false - extraArgs: [] createCRDs: false + extraArgs: [] + extraEnvs: [] + hostNetwork: false serviceAccount: create: true @@ -535,6 +541,8 @@ topologyUpdater: gc: enable: true extraArgs: [] + extraEnvs: [] + hostNetwork: false replicaCount: 1 serviceAccount: diff --git a/docs/deployment/helm.md b/docs/deployment/helm.md index c5160850a..d9e009f11 100644 --- a/docs/deployment/helm.md +++ b/docs/deployment/helm.md @@ -177,6 +177,7 @@ API's you need to install the prometheus operator in your cluster. | ----------------------------------- | ------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `master.*` | dict | | NFD master deployment configuration | | `master.enable` | bool | true | Specifies whether nfd-master should be deployed | +| `master.hostNetwork` | bool | false | Specifies whether to enable or disable running the container in the host's network namespace | | `master.port` | integer | | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `master.metricsPort` | integer | 8081 | Port on which to expose metrics from components to prometheus operator | | `master.instance` | string | | Instance name. Used to separate annotation namespaces for multiple parallel deployments | @@ -204,6 +205,7 @@ API's you need to install the prometheus operator in your cluster. | `master.nfdApiParallelism` | integer | 10 | Specifies the maximum number of concurrent node updates. | | `master.config` | dict | | NFD master [configuration](../reference/master-configuration-reference) | | `master.extraArgs` | array | [] | Additional [command line arguments](../reference/master-commandline-reference.md) to pass to nfd-master | +| `master.extraEnvs` | array | [] | Additional environment variables to pass to nfd-master | | `master.revisionHistoryLimit` | integer | | Specify how many old ReplicaSets for this Deployment you want to retain. [revisionHistoryLimit](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit) | | `master.livenessProbe` | dict | {"grpc":{"port":8082},"initialDelaySeconds":10} | NFD master pod [liveness probe](https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#liveness-probe) | | `master.readinessProbe` | dict | {"grpc":{"port":8082},"initialDelaySeconds":5,"failureThreshold": 10} | NFD master pod [readiness probe](https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#readiness-probe)| @@ -214,6 +216,7 @@ API's you need to install the prometheus operator in your cluster. | ----------------------------------- | ------ | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `worker.*` | dict | | NFD worker daemonset configuration | | `worker.enable` | bool | true | Specifies whether nfd-worker should be deployed | +| `worker.hostNetwork` | bool | false | Specifies whether to enable or disable running the container in the host's network namespace | | `worker.metricsPort*` | int | 8081 | Port on which to expose metrics from components to prometheus operator | | `worker.config` | dict | | NFD worker [configuration](../reference/worker-configuration-reference) | | `worker.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settins | @@ -231,6 +234,7 @@ API's you need to install the prometheus operator in your cluster. | `worker.annotations` | dict | {} | NFD worker pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `worker.daemonsetAnnotations` | dict | {} | NFD worker daemonset [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `worker.extraArgs` | array | [] | Additional [command line arguments](../reference/worker-commandline-reference.md) to pass to nfd-worker | +| `worker.extraEnvs` | array | [] | Additional environment variables to pass to nfd-worker | | `worker.revisionHistoryLimit` | integer | | Specify how many old ControllerRevisions for this DaemonSet you want to retain. [revisionHistoryLimit](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/ #DaemonSetSpec) | | `worker.livenessProbe` | dict | {"grpc":{"port":8082},"initialDelaySeconds":10} | NFD worker pod [liveness probe](https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#liveness-probe) | | `worker.readinessProbe` | dict | {"grpc":{"port":8082},"initialDelaySeconds":5,"failureThreshold": 10} | NFD worker pod [readiness probe](https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#readiness-probe)| @@ -241,6 +245,7 @@ API's you need to install the prometheus operator in your cluster. | --------------------------------------------- | ------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `topologyUpdater.*` | dict | | NFD Topology Updater configuration | | `topologyUpdater.enable` | bool | false | Specifies whether the NFD Topology Updater should be created | +| `topologyUpdater.hostNetwork` | bool | false | Specifies whether to enable or disable running the container in the host's network namespace | | `topologyUpdater.createCRDs` | bool | false | Specifies whether the NFD Topology Updater CRDs should be created | | `topologyUpdater.serviceAccount.create` | bool | true | Specifies whether the service account for topology updater should be created | | `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater | @@ -264,6 +269,7 @@ API's you need to install the prometheus operator in your cluster. | `topologyUpdater.podSetFingerprint` | bool | true | Enables compute and report of pod fingerprint in NRT objects. | | `topologyUpdater.kubeletStateDir` | string | /var/lib/kubelet | Specifies kubelet state directory path for watching state and checkpoint files. Empty value disables kubelet state tracking. | | `topologyUpdater.extraArgs` | array | [] | Additional [command line arguments](../reference/topology-updater-commandline-reference.md) to pass to nfd-topology-updater | +| `topologyUpdater.extraEnvs` | array | [] | Additional environment variables to pass to nfd-topology-updater | | `topologyUpdater.revisionHistoryLimit` | integer | | Specify how many old ControllerRevisions for this DaemonSet you want to retain. [revisionHistoryLimit](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec) | | `topologyUpdater.livenessProbe` | dict | {"grpc":{"port":8082},"initialDelaySeconds":10} | Topology updater pod [liveness probe](https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#liveness-probe) | | `topologyUpdater.readinessProbe` | dict | {"grpc":{"port":8082},"initialDelaySeconds":5,"failureThreshold": 10} | Topology updater pod [readiness probe](https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#readiness-probe)| @@ -274,6 +280,7 @@ API's you need to install the prometheus operator in your cluster. | ------------------------------------- | ------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `gc.*` | dict | | NFD Garbage Collector configuration | | `gc.enable` | bool | true | Specifies whether the NFD Garbage Collector should be created | +| `gc.hostNetwork` | bool | false | Specifies whether to enable or disable running the container in the host's network namespace | | `gc.serviceAccount.create` | bool | true | Specifies whether the service account for garbage collector should be created | | `gc.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for garbage collector | | `gc.serviceAccount.name` | string | | The name of the service account for garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-gc` suffix | @@ -289,6 +296,7 @@ API's you need to install the prometheus operator in your cluster. | `gc.deploymentAnnotations` | dict | {} | Garbage collector deployment [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `gc.affinity` | dict | {} | Garbage collector pod [affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | | `gc.extraArgs` | array | [] | Additional [command line arguments](../reference/gc-commandline-reference.md) to pass to nfd-gc | +| `gc.extraEnvs` | array | [] | Additional environment variables to pass to nfd-gc | | `gc.revisionHistoryLimit` | integer | | Specify how many old ReplicaSets for this Deployment you want to retain. [revisionHistoryLimit](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit) |