Merge pull request #386 from marquiz/devel/default-configmap

Add nfd-worker-conf ConfigMap to deployment templates
2025-04-06 00:53:40 +00:00 · 2020-11-23 09:07:34 -08:00 · 2020-11-23 09:07:34 -08:00 · def4b60d65
commit def4b60d65
parent 83e2a9defb 979d3b88fe
6 changed files with 348 additions and 28 deletions
--- a/11
+++ b/11
@ -1,4 +1,4 @@
-.PHONY: all test yamls
+.PHONY: all test templates yamls
 .FORCE:
 GO_CMD ?= go
@ -80,8 +80,17 @@ yamls: $(yaml_instances)
 	     -e s',^(\s*)image:.+$$,\1image: ${IMAGE_TAG},' \
 	     -e s',^(\s*)namespace:.+$$,\1namespace: ${K8S_NAMESPACE},' \
 	     -e s',^(\s*)mountPath: "/host-,\1mountPath: "${CONTAINER_HOSTMOUNT_PREFIX},' \
 	     -e '/nfd-worker.conf:/r nfd-worker.conf.tmp' \
 	     $< > $@
 templates: $(yaml_templates)
 	@# Need to prepend each line in the sample config with spaces in order to
 	@# fit correctly in the configmap spec.
 	@sed s'/^/    /' nfd-worker.conf.example > nfd-worker.conf.tmp
 	@# The quick-n-dirty sed below expects the configmap data to be at the very end of the file
 	@for f in $+; do sed -e '/nfd-worker\.conf/r nfd-worker.conf.tmp' -e '/nfd-worker\.conf/q' -i $$f; done
 	@rm nfd-worker.conf.tmp
 mock:
 	mockery --name=FeatureSource --dir=source --inpkg --note="Re-generate by running 'make mock'"
 	mockery --name=APIHelpers --dir=pkg/apihelper --inpkg --note="Re-generate by running 'make mock'"
--- a/docs/get-started/deployment-and-usage.md
+++ b/docs/get-started/deployment-and-usage.md
@ -174,39 +174,19 @@ possible.
 Worker configuration file is read inside the container, and thus, Volumes and
 VolumeMounts are needed to make your configuration available for NFD. The
 preferred method is to use a ConfigMap which provides easy deployment and
-re-configurability.  For example, create a config map using the example config
+re-configurability.
-as a template:
+
 The provided nfd-worker deployment templates create an empty configmap and
 mount it inside the nfd-worker containers. Configuration can be edited with:
 ```bash
 cp nfd-worker.conf.example nfd-worker.conf
 vim nfd-worker.conf  # edit the configuration
 kubectl create configmap nfd-worker-config --from-file=nfd-worker.conf
 ```
-
+kubectl -n ${NFD_NS} edit configmap nfd-worker-conf
 Then, configure Volumes and VolumeMounts in the Pod spec (just the relevant
 snippets shown below):
 ```yaml
 ...
  containers:
      volumeMounts:
        - name: nfd-worker-config
          mountPath: "/etc/kubernetes/node-feature-discovery/"
 ...
  volumes:
    - name: nfd-worker-config
      configMap:
        name: nfd-worker-config
 ...
 ```
 You could also use other types of volumes, of course. That is, hostPath if
 different config for different nodes would be required, for example.
 The (empty-by-default)
 [example config](https://github.com/kubernetes-sigs/node-feature-discovery/blob/{{ site.release }}/nfd-worker.conf.example)
-is used as a config in the NFD Docker image. Thus, this can be used as a default
+contains all available configuration options and can be used as a reference
-configuration in custom-built images.
+for creating creating a configuration.
 Configuration options can also be specified via the `--options` command line
 flag, in which case no mounts need to be used. The same format as in the config
--- a/nfd-daemonset-combined.yaml.template
+++ b/nfd-daemonset-combined.yaml.template
@ -110,6 +110,9 @@ spec:
            - name: features-d
              mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
              readOnly: true
            - name: nfd-worker-conf
              mountPath: "/etc/kubernetes/node-feature-discovery"
              readOnly: true
      volumes:
        - name: host-boot
          hostPath:
@ -126,3 +129,99 @@ spec:
        - name: features-d
          hostPath:
            path: "/etc/kubernetes/node-feature-discovery/features.d/"
        - name: nfd-worker-conf
          configMap:
            name: nfd-worker-conf
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: nfd-worker-conf
  namespace: node-feature-discovery
 data:
  nfd-worker.conf: |
    #sources:
    #  cpu:
    #    cpuid:
    ##     NOTE: whitelist has priority over blacklist
    #      attributeBlacklist:
    #        - "BMI1"
    #        - "BMI2"
    #        - "CLMUL"
    #        - "CMOV"
    #        - "CX16"
    #        - "ERMS"
    #        - "F16C"
    #        - "HTT"
    #        - "LZCNT"
    #        - "MMX"
    #        - "MMXEXT"
    #        - "NX"
    #        - "POPCNT"
    #        - "RDRAND"
    #        - "RDSEED"
    #        - "RDTSCP"
    #        - "SGX"
    #        - "SSE"
    #        - "SSE2"
    #        - "SSE3"
    #        - "SSE4.1"
    #        - "SSE4.2"
    #        - "SSSE3"
    #      attributeWhitelist:
    #  kernel:
    #    kconfigFile: "/path/to/kconfig"
    #    configOpts:
    #      - "NO_HZ"
    #      - "X86"
    #      - "DMI"
    #  pci:
    #    deviceClassWhitelist:
    #      - "0200"
    #      - "03"
    #      - "12"
    #    deviceLabelFields:
    #      - "class"
    #      - "vendor"
    #      - "device"
    #      - "subsystem_vendor"
    #      - "subsystem_device"
    #  usb:
    #    deviceClassWhitelist:
    #      - "0e"
    #      - "ef"
    #      - "fe"
    #      - "ff"
    #    deviceLabelFields:
    #      - "class"
    #      - "vendor"
    #      - "device"
    #  custom:
    #    - name: "my.kernel.feature"
    #      matchOn:
    #        - loadedKMod: ["example_kmod1", "example_kmod2"]
    #    - name: "my.pci.feature"
    #      matchOn:
    #        - pciId:
    #            class: ["0200"]
    #            vendor: ["15b3"]
    #            device: ["1014", "1017"]
    #        - pciId :
    #            vendor: ["8086"]
    #            device: ["1000", "1100"]
    #    - name: "my.usb.feature"
    #      matchOn:
    #        - usbId:
    #          class: ["ff"]
    #          vendor: ["03e7"]
    #          device: ["2485"]
    #        - usbId:
    #          class: ["fe"]
    #          vendor: ["1a6e"]
    #          device: ["089a"]
    #    - name: "my.combined.feature"
    #      matchOn:
    #        - pciId:
    #            vendor: ["15b3"]
    #            device: ["1014", "1017"]
    #          loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
--- a/nfd-worker-daemonset.yaml.template
+++ b/nfd-worker-daemonset.yaml.template
@ -57,6 +57,9 @@ spec:
            - name: features-d
              mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
              readOnly: true
            - name: nfd-worker-conf
              mountPath: "/etc/kubernetes/node-feature-discovery"
              readOnly: true
 ## Enable TLS authentication (2/3)
 #            - name: nfd-ca-cert
 #              mountPath: "/etc/kubernetes/node-feature-discovery/trust"
@ -80,6 +83,9 @@ spec:
        - name: features-d
          hostPath:
            path: "/etc/kubernetes/node-feature-discovery/features.d/"
        - name: nfd-worker-conf
          configMap:
            name: nfd-worker-conf
 ## Enable TLS authentication (3/3)
 #        - name: nfd-ca-cert
 #          configMap:
@ -87,3 +93,96 @@ spec:
 #        - name: nfd-worker-cert
 #          secret:
 #            secretName: nfd-worker-cert
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: nfd-worker-conf
  namespace: node-feature-discovery
 data:
  nfd-worker.conf: |
    #sources:
    #  cpu:
    #    cpuid:
    ##     NOTE: whitelist has priority over blacklist
    #      attributeBlacklist:
    #        - "BMI1"
    #        - "BMI2"
    #        - "CLMUL"
    #        - "CMOV"
    #        - "CX16"
    #        - "ERMS"
    #        - "F16C"
    #        - "HTT"
    #        - "LZCNT"
    #        - "MMX"
    #        - "MMXEXT"
    #        - "NX"
    #        - "POPCNT"
    #        - "RDRAND"
    #        - "RDSEED"
    #        - "RDTSCP"
    #        - "SGX"
    #        - "SSE"
    #        - "SSE2"
    #        - "SSE3"
    #        - "SSE4.1"
    #        - "SSE4.2"
    #        - "SSSE3"
    #      attributeWhitelist:
    #  kernel:
    #    kconfigFile: "/path/to/kconfig"
    #    configOpts:
    #      - "NO_HZ"
    #      - "X86"
    #      - "DMI"
    #  pci:
    #    deviceClassWhitelist:
    #      - "0200"
    #      - "03"
    #      - "12"
    #    deviceLabelFields:
    #      - "class"
    #      - "vendor"
    #      - "device"
    #      - "subsystem_vendor"
    #      - "subsystem_device"
    #  usb:
    #    deviceClassWhitelist:
    #      - "0e"
    #      - "ef"
    #      - "fe"
    #      - "ff"
    #    deviceLabelFields:
    #      - "class"
    #      - "vendor"
    #      - "device"
    #  custom:
    #    - name: "my.kernel.feature"
    #      matchOn:
    #        - loadedKMod: ["example_kmod1", "example_kmod2"]
    #    - name: "my.pci.feature"
    #      matchOn:
    #        - pciId:
    #            class: ["0200"]
    #            vendor: ["15b3"]
    #            device: ["1014", "1017"]
    #        - pciId :
    #            vendor: ["8086"]
    #            device: ["1000", "1100"]
    #    - name: "my.usb.feature"
    #      matchOn:
    #        - usbId:
    #          class: ["ff"]
    #          vendor: ["03e7"]
    #          device: ["2485"]
    #        - usbId:
    #          class: ["fe"]
    #          vendor: ["1a6e"]
    #          device: ["089a"]
    #    - name: "my.combined.feature"
    #      matchOn:
    #        - pciId:
    #            vendor: ["15b3"]
    #            device: ["1014", "1017"]
    #          loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
--- a/nfd-worker-job.yaml.template
+++ b/nfd-worker-job.yaml.template
@ -43,6 +43,13 @@ spec:
          args:
            - "--oneshot"
            - "--server=nfd-master:8080"
 ## Enable TLS authentication (1/3)
 ## The example below assumes having the root certificate named ca.crt stored in
 ## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
 ## in a TLS Secret named nfd-worker-cert
 #            - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
 #            - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
 #            - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
          volumeMounts:
            - name: host-boot
              mountPath: "/host-boot"
@ -59,6 +66,16 @@ spec:
            - name: features-d
              mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
              readOnly: true
            - name: nfd-worker-conf
              mountPath: "/etc/kubernetes/node-feature-discovery"
              readOnly: true
 ## Enable TLS authentication (2/3)
 #            - name: nfd-ca-cert
 #              mountPath: "/etc/kubernetes/node-feature-discovery/trust"
 #              readOnly: true
 #            - name: nfd-worker-cert
 #              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
 #              readOnly: true
      restartPolicy: Never
      volumes:
        - name: host-boot
@ -76,3 +93,106 @@ spec:
        - name: features-d
          hostPath:
            path: "/etc/kubernetes/node-feature-discovery/features.d/"
        - name: nfd-worker-conf
          configMap:
            name: nfd-worker-conf
 ## Enable TLS authentication (3/3)
 #        - name: nfd-ca-cert
 #          configMap:
 #            name: nfd-ca-cert
 #        - name: nfd-worker-cert
 #          secret:
 #            secretName: nfd-worker-cert
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: nfd-worker-conf
  namespace: node-feature-discovery
 data:
  nfd-worker.conf: |
    #sources:
    #  cpu:
    #    cpuid:
    ##     NOTE: whitelist has priority over blacklist
    #      attributeBlacklist:
    #        - "BMI1"
    #        - "BMI2"
    #        - "CLMUL"
    #        - "CMOV"
    #        - "CX16"
    #        - "ERMS"
    #        - "F16C"
    #        - "HTT"
    #        - "LZCNT"
    #        - "MMX"
    #        - "MMXEXT"
    #        - "NX"
    #        - "POPCNT"
    #        - "RDRAND"
    #        - "RDSEED"
    #        - "RDTSCP"
    #        - "SGX"
    #        - "SSE"
    #        - "SSE2"
    #        - "SSE3"
    #        - "SSE4.1"
    #        - "SSE4.2"
    #        - "SSSE3"
    #      attributeWhitelist:
    #  kernel:
    #    kconfigFile: "/path/to/kconfig"
    #    configOpts:
    #      - "NO_HZ"
    #      - "X86"
    #      - "DMI"
    #  pci:
    #    deviceClassWhitelist:
    #      - "0200"
    #      - "03"
    #      - "12"
    #    deviceLabelFields:
    #      - "class"
    #      - "vendor"
    #      - "device"
    #      - "subsystem_vendor"
    #      - "subsystem_device"
    #  usb:
    #    deviceClassWhitelist:
    #      - "0e"
    #      - "ef"
    #      - "fe"
    #      - "ff"
    #    deviceLabelFields:
    #      - "class"
    #      - "vendor"
    #      - "device"
    #  custom:
    #    - name: "my.kernel.feature"
    #      matchOn:
    #        - loadedKMod: ["example_kmod1", "example_kmod2"]
    #    - name: "my.pci.feature"
    #      matchOn:
    #        - pciId:
    #            class: ["0200"]
    #            vendor: ["15b3"]
    #            device: ["1014", "1017"]
    #        - pciId :
    #            vendor: ["8086"]
    #            device: ["1000", "1100"]
    #    - name: "my.usb.feature"
    #      matchOn:
    #        - usbId:
    #          class: ["ff"]
    #          vendor: ["03e7"]
    #          device: ["2485"]
    #        - usbId:
    #          class: ["fe"]
    #          vendor: ["1a6e"]
    #          device: ["089a"]
    #    - name: "my.combined.feature"
    #      matchOn:
    #        - pciId:
    #            vendor: ["15b3"]
    #            device: ["1014", "1017"]
    #          loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
--- a/scripts/test-infra/verify.sh
+++ b/scripts/test-infra/verify.sh
@ -7,3 +7,16 @@ export PATH=$PATH:$(go env GOPATH)/bin
 # Run verify steps
 make gofmt-verify
 make ci-lint
 # Check that repo is clean
 if ! git diff --quiet; then
    echo "Repository is dirty!"
    exit 1
 fi
 # Check that templates are up-to-date
 make templates
 if ! git diff --quiet; then
    echo "Deployment templates are not up-to-date. Run 'make templates' to update"
    exit 1
 fi