1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-15 17:50:49 +00:00
Commit graph

252 commits

Author SHA1 Message Date
Markus Lehtonen
32b1088f84 source/kernel: add unit tests for kernel version parsing 2024-02-15 14:44:18 +02:00
mantramantra12
ea4504a916
Prevent nfd-worker erroring when reading attributes from paravirtual devices (#1557)
* prevent erroring on paravirtual devices

* Use `errors.Is()` for error checking

Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>

* add imports

---------

Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
2024-01-23 22:20:43 +01:00
Markus Lehtonen
57b7a3c6a8 Wrap nested errors 2024-01-22 22:45:15 +02:00
Kubernetes Prow Robot
2694448a7f
Merge pull request #1530 from marquiz/devel/rdt
source/cpu: drop deprecated cpu-rdt labels
2024-01-16 11:08:18 +01:00
Kubernetes Prow Robot
b72000b933
Merge pull request #1505 from AhmedGrati/chore-refactor-topology-discover
chore: combine cpu count and thread_siblings functions into discover topology function
2024-01-16 11:08:09 +01:00
Markus Lehtonen
887f208f5d source/network: discover speed of virtual network interfaces 2024-01-04 14:14:56 +02:00
Markus Lehtonen
cd18fe8970 source/cpu: drop deprecated cpu-rdt labels
Drop RDT labels that were deprecated in NFD v0.13. The RDT features
remain available for NodeFeatureRules to serve custom labeling.
2023-12-22 17:29:00 +02:00
Markus Lehtonen
97bf841140 apis/nfd: split rule processing into a separate package
This patch tidies up the nfdv1alpha1 API package by refactoring out the
implementation of (NodeFeature)Rule evaluation into a separate package.
2023-12-20 12:52:15 +02:00
AhmedGrati
f962698c14 chore: combine cpu count and thread_siblings functions into discover topology function
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-12-18 16:29:38 +01:00
Markus Lehtonen
a8092927fc source/custom: use internal api for config parsing
Change the custom feature source of nfd-worker to use the newly added
internal config API for its own configuration. It now uses the internal
types for json/yaml unmarshalling but converts them to external
nfdv1alpha1 API to do the actual rule matching as the internal API does
not duplicate that functionality.
2023-12-18 15:19:19 +02:00
Markus Lehtonen
185b406ee7 source/custom: add internal rule api
Add internal API for the nfd-worker custom feature source rule
configuration. This API has already diverged from the NFD
NodeFeatureRule API in that annotations, extended resources or taints
are not supported. This patch basically copies the Rule type (and it's
sub-types) from the nfdv1alpha1 package. It also adds conversion
functions from the internal rule API to the "external" nfdv1alpha1 API.
This is done to use the same rule matching functionality (from the
nfdv1alpha1 package).

One notable remark is that the feature source rule config supports some
custom formatting (short forms, multi-type fields) that relies on
special json/yaml unmarshalling functions that are better to nuke from
the nfdv1alpha1 package (in another patch). These (legacy) syntax
specialities are most probably used by nobody but let's keep them as
they're already there.  Unit tests to cover the custom json
unmarshalling are now added.
2023-12-18 15:19:19 +02:00
Kubernetes Prow Robot
3ea2a38d73
Merge pull request #1497 from AhmedGrati/feat-add-cpu-socket-number
feat: add cpu socket count in `cpu.topology`
2023-12-15 13:29:51 +01:00
AhmedGrati
ebb08369d3 feat: add cpu socket number in cpu.topology
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-12-15 11:04:42 +01:00
Markus Lehtonen
fe412a54b9 apis/nfd: add matchName field in feature matcher terms
Extend the format of feature matcher terms (the elements of the
arrayspecified under under matchFeatures field) with new matchName
field. The value of this field is an expression that is evaluated
against the names of feature elements instead of their values (values
are matched with the matchExpressions field, instead).

The matchName field is useful e.g. in template rules for creating
per-feature-element labels based on feature names (instead of values)
and in non-template rules for checking if (at least) one of certain
feature element names are present.

If both matchExpressions and matchName for certain feature matcher term
is specified, they both must match in order to get an overall match.
Also, in this case the list of matched features (used in templating) is
the union of the results from matchExpressions and matchName.

An example of creating an "avx512" label if any AVX512* CPUID feature is
present:

  - name: "avx wildcard rule"
    labels:
        avx512: "true"
    matchFeatures:
      - feature: cpu.cpuid
        matchName: {op: InRegexp, value: ["^AVX512"]}

An example of a template rule creating a dynamic set of labels  based on
the existence of certain kconfig options.

  - name: "kconfig template rule"
    labelsTemplate: |
      {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
      {{ end }}
    matchFeatures:
      - feature: kernel.config
        matchName: {op: In, value: ["SWAP", "X86", "ARM"]}

NOTE: this patch changes the corner case of nil/null match expressions
with instance features (i.e. "matchExpressions: null"). Previously, we
returned all instances for templating but now a nil match expression is
not evaluated and no instances for templating are returned.
2023-12-15 11:32:23 +02:00
Markus Lehtonen
0bc1b6c28f apis/nfd: drop creation helper functions
Drop the creation helper functions as one step in an effort to tidy up
the api package. These functions were not much used outside unit tests
anyway, the static rules of the nfd-worker custom feature source being
the only exception (and if those happened to be invalid we'd catch that
e.g. in the e2e-tests).
2023-12-14 15:54:51 +02:00
Markus Lehtonen
cb0a46ec0e Use generics for maps and slices 2023-12-13 12:09:53 +02:00
AhmedGrati
6aa6590665 docs: add network.virtual in customization guide
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-11-09 16:44:30 +01:00
AhmedGrati
ae08e5998f feat: discover virtual network interfaces
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-11-05 19:46:33 +01:00
Markus Lehtonen
eebd246bd7 source/network: refactor readIfaceInfo
Make the function more generic and re-usable.
2023-11-03 13:51:17 +02:00
Markus Lehtonen
7d1df87305 source/custom: drop support for the legacy rule format 2023-10-05 16:15:37 +03:00
AhmedGrati
3130898d58 feat: support raw features
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-10-04 22:37:42 +01:00
AhmedGrati
6c895b496a feat: ignore hidden feature files
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-09-11 15:11:31 +01:00
Kubernetes Prow Robot
b7aa0b2273
Merge pull request #1351 from marquiz/devel/local-refactor
source/local: simplify feature file size checking
2023-09-08 07:10:17 -07:00
Markus Lehtonen
a5e78f0849 source/local: simplify feature file size checking 2023-09-08 15:05:31 +03:00
Markus Lehtonen
c126764d7a cpu: drop the deprecated sgx and se labels
Drop the deprecated cpu-sgx.enabled and cpu-se.enabled labels and the
corresponding "raw" features. These have been replaced by
cpu-security.sgx.enabled and cpu-security.se.enabled.
2023-09-08 14:28:04 +03:00
Markus Lehtonen
b1b3061738 sources/custom: convert static rules to new format
Also add a log message warning about legacy rule format.
2023-09-06 14:29:56 +03:00
AhmedGrati
124dfbf6df docs: add notes in the customization guide about the feature file size limit
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-09-06 11:15:45 +01:00
AhmedGrati
026534e355 feat: add feature file size limit
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-09-06 10:23:33 +01:00
AhmedGrati
47aec15ea1 test: add unit tests for the expiration date function
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-09-01 20:04:24 +01:00
AhmedGrati
f0edc6532a docs: add the support of the exipration date in the input format of the feature files
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-08-05 20:39:09 +01:00
AhmedGrati
bd3ccf1e33 feat: add support for feature files expiration
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-08-05 20:38:44 +01:00
Markus Lehtonen
4aa7a8f8f8 source/local: support comments in input
Lines starting with '#' are treated as comments and ignored when parsing
feature files and hook output.
2023-08-04 16:46:22 +03:00
Markus Lehtonen
181b4e0168 source/local: trim whitespace from input
Trim leading and trailing whitespace from the input (from feature files
and hooks). Makes it a bit more relaxed on the expected input format.
2023-08-04 15:24:46 +03:00
Markus Lehtonen
7e375ad1f0 generate: bump tools to their latest versions
Bump tools versions and re-auto-generate files.
2023-07-27 14:29:48 +03:00
Fabiano Fidêncio
7532ac3192 cpu: Add retrieveCgroupMiscCapacityValue() for legibility
Let's refactor part of the getCgroupMiscCapacity() out to its own
retrieveCgroupMiscCapacityValue(), for the legibility sake.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2023-07-19 12:03:27 +02:00
Fabiano Fidêncio
8ed5a2343f cpu: Take cgroupsv1 into account when reading misc.capacity
We've been only considering cgroupsv2 when trying to read misc.capacity.
However, there are still a bunch of systems out there relying on
cgroupsv1.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2023-07-19 10:49:53 +02:00
Kubernetes Prow Robot
407a610e0c
Merge pull request #1182 from fmuyassarov/disable-hooks-by-default
hooks: disable hooks by default from v0.14
2023-06-22 04:43:40 -07:00
Muyassarov, Feruzjon
19527be924
hooks: disable hooks by default
We have deprecated hooks in v0.12.0 but kept it enabled by default.
Starting from v0.14 we are starting to disable it by default and
plan to fully remove it in the near future.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2023-06-07 13:04:23 +03:00
Hairong Chen
e8a00ba7da cpu: Discover TDX guests based on cpuid information
NFD already has the capability to discover whether baremetal / host
machines support Intel TDX.  Now, the next step is to add support for
discovering whether a node is TDX protected (as in, a virtual machine
started using Intel TDX).

In order to do so, we've decided to go for a new `cpu-security.tdx`
property, called `protected` (`cpu-security.tdx.protected`).

Signed-off-by: Hairong Chen <hairong.chen@intel.com>
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2023-06-05 11:06:28 +02:00
Markus Lehtonen
bf670de68d pkg/utils: migrate KlogDump to structured logging
Drop the KlogDump helper in favor of klog.InfoS. However, that patch
introduces a new DelayedDumper() helper to avoid processing
(marshalling) of object unless really evaluated by the logging function.
2023-05-31 14:43:08 +03:00
Markus Lehtonen
fe267a634b source: migrate to structured logging
The custom.d config file parsing is made a bit less verbose.
2023-05-31 14:43:08 +03:00
Markus Lehtonen
18f7bfa8e8 generate: update mockery to v2.25.1
Bump the vektra/mockery tool to the latest release.
2023-04-19 13:33:42 +03:00
Carlos Eduardo Arango Gutierrez
05ef5d4e9d
cpu: expose the total number of AMD SEV ASID and ES
This patch add SEV ASIDs and the related (but distinct) SEV Encrypted State
(SEV-ES) IDs as two quantities to be exposed via extended resources.
In a kernel built with CONFIG_CGROUP_MISC on a suitably equipped AMD CPU, the
root control group will have a misc.capacity file that shows the number of
available IDs in each category.

The added extended resources are:
- sev.asids
- sev.encrypted_state_ids

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-04-17 19:34:39 +02:00
Mikko Ylinen
de1b69a8bf cpu: make SGX EPC resource available to NodeFeatureRules
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2023-04-14 15:31:54 +03:00
Markus Lehtonen
3320c74472 source/cpu: don't create cpu-security.tdx.total_keys label
Just have that as a feature for NodeFeatureRules to consume.
2023-04-14 13:33:13 +03:00
Kubernetes Prow Robot
8d71ed6755
Merge pull request #1086 from AhmedGrati/feat-support-builtin-kernel-mods
feat: support builtin kernel mods
2023-04-13 10:30:40 -07:00
AhmedGrati
109caa1f28 feat: support builtin kernel mods
This PR adds the combination of dynamic and builtin kernel modules into
one feature called `kernel.enabledmodule`. It's a superset of the
`kernel.loadedmodule` feature.

Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-04-13 10:19:24 +01:00
PiotrProkop
0e78eba40e Advertise RDT L3 num_closid
Signed-off-by: PiotrProkop <pprokop@nvidia.com>
2023-04-06 11:22:55 +02:00
Fabiano Fidêncio
10672e1bba cpu: Expose the total number of keys for TDX
The total amount of keys that can be used on a specific TDX system is
exposed via the cgroups misc.capacity. See:

```
$ cat /sys/fs/cgroup/misc.capacity
tdx 31
```

The first step to properly manage the amount of keys present in a node
is exposing it via the NFD, and that's exactly what this commit does.

An example of how it ends up being exposed via the NFD:

```
$ kubectl get node 984fee00befb.jf.intel.com -o jsonpath='{.metadata.labels}'  | jq | grep tdx.total_keys
  "feature.node.kubernetes.io/cpu-security.tdx.total_keys": "31",
```

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2023-03-31 09:12:26 +02:00
Carlos Eduardo Arango Gutierrez
7171cfd4eb
cpu: expose AMD SEV support
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
2023-03-30 15:19:43 +02:00