mirrors/node-feature-discovery
mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-14 20:56:42 +00:00
Code Activity

Merge pull request #1436 from marquiz/devel/docs-customization-guide

Browse source 
docs: edits to customization guide
This commit is contained in:
Kubernetes Prow Robot 2023-10-26 15:58:11 +02:00 committed by GitHub
commit dabd766531
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 60 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
docs/usage/customization-guide.md
View file

@ -158,10 +158,10 @@ Now, on X86 platforms the feature label appears after doing `modprobe dummy` on
a system and correspondingly the label is removed after `rmmod dummy`. Note a
re-labeling delay up to the sleep-interval of nfd-worker (1 minute by default).
See [Label rule format](#label-rule-format) for detailed description of
See [Feature rule format](#feature-rule-format) for detailed description of
available fields and how to write labeling rules.
### NodeFeatureRule tainting feature
### Node tainting
This feature is experimental.
@ -178,48 +178,14 @@ To enable the tainting feature, `--enable-taints` flag needs to be set to `true`
If the flag `--enable-taints` is set to `false` (i.e. disabled), taints defined in
the NodeFeatureRule CR have no effect and will be ignored by the NFD master.
See documentation of the [taints field](#taints) for detailed description how
to specify taints in the NodeFeatureRule object.
> **NOTE:** Before enabling any taints, make sure to edit nfd-worker daemonset
> to tolerate the taints to be created. Otherwise, already running pods that do
> not tolerate the taint are evicted immediately from the node including the
> nfd-worker pod.
Example NodeFeatureRule with custom taints:
```yaml
apiVersion: nfd.k8s-sigs.io/v1alpha1
kind: NodeFeatureRule
metadata:
name: my-sample-rule-object
spec:
rules:
- name: "my sample taint rule"
taints:
- effect: PreferNoSchedule
key: "feature.node.kubernetes.io/special-node"
value: "true"
- effect: NoExecute
key: "feature.node.kubernetes.io/dedicated-node"
matchFeatures:
- feature: kernel.loadedmodule
matchExpressions:
dummy: {op: Exists}
- feature: kernel.config
matchExpressions:
X86: {op: In, value: ["y"]}
```
In this example, if the `my sample taint rule` rule is matched, `feature.node.kubernetes.io/pci-0300_1d0f.present=true:NoExecute`
and `feature.node.kubernetes.io/cpu-cpuid.ADX:NoExecute` taints are set on the node.
There are some limitations to the namespace part (i.e. prefix/) of the taint
key:
- `kubernetes.io/` and its sub-namespaces (like `sub.ns.kubernetes.io/`) cannot
generally be used
- the only exception is `feature.node.kubernetes.io/` and its sub-namespaces
(like `sub.ns.feature.node.kubernetes.io`)
- unprefixed keys (like `foo`) keys are disallowed
## Local feature source
NFD-Worker has a special feature source named `local` which is an integration
@ -503,7 +469,7 @@ The namespace part (i.e. prefix) of the labels is controlled by nfd:
command line flag of nfd-master.
e.g: `nfd-master -deny-label-ns="*" -extra-label-ns=example.com`
## Label rule format
## Feature rule format
This section describes the rule format used in
[`NodeFeatureRule`](#nodefeaturerule-custom-resource) objects and in the
@ -544,11 +510,11 @@ the matchers):
### Fields
#### Name
#### name
The `.name` field is required and used as an identifier of the rule.
#### Labels
#### labels
The `.labels` is a map of the node labels to create if the rule matches.
@ -584,7 +550,7 @@ This will yield into the following node label:
feature.node.kubernetes.io/custom-label: "customlabel"
```
#### Labels template
#### labelsTemplate
The `.labelsTemplate` field specifies a text template for dynamically creating
labels based on the matched features. See [templating](#templating) for
@ -594,9 +560,10 @@ details.
> labels specified in the `labels` field will override anything
> originating from `labelsTemplate`.
#### Node Annotations
#### annotations
The `.annotations` field is a list of features to be advertised as annotations.
The `.annotations` field is a list of features to be advertised as node
annotations.
Take this rule as a referential example:
@ -642,23 +609,61 @@ NFD enforces some limitations to the namespace (or prefix)/ of the annotations:
> annotations the features won't be advertised as node labels unless they are
> specified in the `labels` field.
#### Taints
#### taints
*taints* is a list of taint entries and each entry can have `key`, `value` and `effect`,
where the `value` is optional. Effect could be `NoSchedule`, `PreferNoSchedule`
or `NoExecute`. To learn more about the meaning of these effects, check out k8s [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).
Example NodeFeatureRule with taints:
```yaml
apiVersion: nfd.k8s-sigs.io/v1alpha1
kind: NodeFeatureRule
metadata:
name: my-sample-rule-object
spec:
rules:
- name: "my sample taint rule"
taints:
- effect: PreferNoSchedule
key: "feature.node.kubernetes.io/special-node"
value: "true"
- effect: NoExecute
key: "feature.node.kubernetes.io/dedicated-node"
matchFeatures:
- feature: kernel.loadedmodule
matchExpressions:
dummy: {op: Exists}
- feature: kernel.config
matchExpressions:
X86: {op: In, value: ["y"]}
```
In this example, if the `my sample taint rule` rule is matched,
`feature.node.kubernetes.io/pci-0300_1d0f.present=true:NoExecute`
and `feature.node.kubernetes.io/cpu-cpuid.ADX:NoExecute` taints are set on the node.
There are some limitations to the namespace part (i.e. prefix/) of the taint
key:
- `kubernetes.io/` and its sub-namespaces (like `sub.ns.kubernetes.io/`) cannot
generally be used
- the only exception is `feature.node.kubernetes.io/` and its sub-namespaces
(like `sub.ns.feature.node.kubernetes.io`)
- unprefixed keys (like `foo`) keys are disallowed
> **NOTE:** taints field is not available for the custom rules of nfd-worker
> and only for NodeFeatureRule objects.
#### Vars
#### vars
The `.vars` field is a map of values (key-value pairs) to store for subsequent
rules to use. In other words, these are variables that are not advertised as
node labels. See [backreferences](#backreferences) for more details on the
usage of vars.
#### Extended resources
#### extendedResources
The `.extendedResources` field is a list of extended resources to advertise.
See [extended resources](#extended-resources) for more details.
@ -717,7 +722,11 @@ Resources names:
- unprefixed names will get prefixed with `feature.node.kubernetes.io/`
automatically (e.g. `foo` becomes `feature.node.kubernetes.io/foo`)
#### Vars template
> **NOTE:** `.extendedResources` is not supported by the
> [custom feature source](#custom-feature-source) -- it can only be used in
> NodeFeatureRule objects.
#### varsTemplate
The `.varsTemplate` field specifies a text template for dynamically creating
vars based on the matched features. See [templating](#templating) for details
@ -728,7 +737,7 @@ the usage of vars.
> vars specified in the `vars` field will override anything originating from
> `varsTemplate`.
#### MatchFeatures
#### matchFeatures
The `.matchFeatures` field specifies a feature matcher, consisting of a list of
feature matcher terms. It implements a logical AND over the terms i.e. all
@ -776,7 +785,7 @@ element whose name matches the `<key>`. However, for *instance* features all
MatchExpressions are evaluated against the attributes of each instance
separately.
#### MatchAny
#### matchAny
The `.matchAny` field is a list of of [`matchFeatures`](#matchfeatures)
matchers. A logical OR is applied over the matchers, i.e. at least one of them