1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Commit graph

448 commits

Author SHA1 Message Date
Markus Lehtonen
9685d292a2 docs: add missing .md suffix to internal references
Commit bfbc47f55e added a lot of those and
this patch tries to cover all that we missed there. Having .md suffixes
in references to internal files makes it convenient to browse the
document locally, just as text files as the references work correctly.
2023-04-25 15:28:07 +03:00
Kubernetes Prow Robot
2356223ffc
Merge pull request #1139 from AhmedGrati/feat-configure-master-resync
feat: add master resync period configurability
2023-04-24 03:49:02 -07:00
AhmedGrati
7917434d38 feat: add master resync period configurability
This PR adds a config option for setting the NFD API controller resync period.
The resync period is only activated when the NodeFeature API has been
enabled (with -enable-nodefeature-api).

Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-04-24 11:52:38 +02:00
Carlos Eduardo Arango Gutierrez
05ef5d4e9d
cpu: expose the total number of AMD SEV ASID and ES
This patch add SEV ASIDs and the related (but distinct) SEV Encrypted State
(SEV-ES) IDs as two quantities to be exposed via extended resources.
In a kernel built with CONFIG_CGROUP_MISC on a suitably equipped AMD CPU, the
root control group will have a misc.capacity file that shows the number of
available IDs in each category.

The added extended resources are:
- sev.asids
- sev.encrypted_state_ids

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-04-17 19:34:39 +02:00
Mikko Ylinen
de1b69a8bf cpu: make SGX EPC resource available to NodeFeatureRules
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2023-04-14 15:31:54 +03:00
Markus Lehtonen
3320c74472 source/cpu: don't create cpu-security.tdx.total_keys label
Just have that as a feature for NodeFeatureRules to consume.
2023-04-14 13:33:13 +03:00
Kubernetes Prow Robot
84c348b69f
Merge pull request #1126 from marquiz/devel/er-deprecation
nfd-master: deprecate the -resource-labels flag
2023-04-13 10:52:39 -07:00
Kubernetes Prow Robot
8d71ed6755
Merge pull request #1086 from AhmedGrati/feat-support-builtin-kernel-mods
feat: support builtin kernel mods
2023-04-13 10:30:40 -07:00
AhmedGrati
109caa1f28 feat: support builtin kernel mods
This PR adds the combination of dynamic and builtin kernel modules into
one feature called `kernel.enabledmodule`. It's a superset of the
`kernel.loadedmodule` feature.

Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-04-13 10:19:24 +01:00
Markus Lehtonen
8511980bf4 nfd-master: deprecate the -resource-labels flag
Mark the -resource-labels flag (and the corresponding resourceLabels
config option) as deprecated. We now support managing extended resources
via NodeFeatureRule objects. This kludge deserves to go, eventually.
2023-04-13 11:30:58 +03:00
Markus Lehtonen
dcbb3bc450 docs: add missing mentions of extended resources and taints
A small update to fix some missing mentions of extended resources and
taints as assets managed by NFD.
2023-04-11 20:38:21 +03:00
Kubernetes Prow Robot
ad07829d0a
Merge pull request #1099 from ArangoGutierrez/extended_resources_v2
Create extended resources with NodeFeatureRule
2023-04-07 08:09:15 -07:00
Fabiano Fidêncio
250aea4741
Create extended resources with NodeFeatureRule
Add support for management of Extended Resources via the
NodeFeatureRule CRD API.

There are usage scenarios where users want to advertise features
as extended resources instead of labels (or annotations).

This patch enables the discovery of extended resources, via annotation
and patch of node.status.capacity and node.status.allocatable. By using
the NodeFeatureRule API.

Co-authored-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
Co-authored-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
2023-04-07 16:14:56 +02:00
Kubernetes Prow Robot
6740224a13
Merge pull request #1100 from PiotrProkop/expose-L3-num-closid
Advertise RDT L3 num_closid
2023-04-07 00:49:14 -07:00
Markus Lehtonen
cc6c20ff5f nfd-master: disallow unprefixed and kubernetes taints
Disallow taints having a key with "kubernetes.io/" or "*.kubernetes.io/"
prefix. This is a precaution to protect the user from messing up with
the "official" well-known taints from Kubernetes itself. The only
exception is that the "nfd.node.kubernetes.io/" prefix is allowed.

However, there is one allowed NFD-specific namespace (and its
sub-namespaces) i.e. "feature.node.kubernetes.io" under the
kubernetes.io domain that can be used for NFD-managed taints.

Also disallow unprefixed taint keys. We don't add a default prefix to
unprefixed taints (like we do for labels) from NodeFeatureRules. This is
to prevent unpleasant surprises to users that need to manage matching
tolerations for their workloads.
2023-04-06 16:12:37 +03:00
PiotrProkop
0e78eba40e Advertise RDT L3 num_closid
Signed-off-by: PiotrProkop <pprokop@nvidia.com>
2023-04-06 11:22:55 +02:00
Kubernetes Prow Robot
3c0c43b9be
Merge pull request #1114 from marquiz/devel/rdt-deprecate
source/cpu: deprecate cpu-rdt.* labels
2023-04-05 06:21:40 -07:00
Kubernetes Prow Robot
193c552b33
Merge pull request #1084 from AhmedGrati/feat-add-master-config-file
feat: add master config file
2023-04-04 10:41:40 -07:00
Markus Lehtonen
6cb5e99afa source/cpu: deprecate cpu-rdt.* labels
Document built-in RDT labels to be deprecated and removed in a future
release. The plan is that the default built-in RDT labels would not be
created anymore, but the RDT features would still be available for
NodeFeatureRules to consume.

The RDT labels are not very useful (they don't e.g indicate if the
features are really enabled in kernel or if the resctrlfs is mounted).
2023-04-04 11:54:57 +03:00
AhmedGrati
3fff409f6d Add master config file
Similar to the nfd-worker, in this PR we want to support the
dynamic run-time configurability through a config file for the nfd-master.

We'll use a json or yaml configuration file along with the fsnotify in
order to watch for changes in the config file. As a result, we're
allowing dynamic control of logging params, allowed namespaces,
extended resources, label whitelisting, and denied namespaces.

Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-04-03 09:52:09 +01:00
Fabiano Fidêncio
10672e1bba cpu: Expose the total number of keys for TDX
The total amount of keys that can be used on a specific TDX system is
exposed via the cgroups misc.capacity. See:

```
$ cat /sys/fs/cgroup/misc.capacity
tdx 31
```

The first step to properly manage the amount of keys present in a node
is exposing it via the NFD, and that's exactly what this commit does.

An example of how it ends up being exposed via the NFD:

```
$ kubectl get node 984fee00befb.jf.intel.com -o jsonpath='{.metadata.labels}'  | jq | grep tdx.total_keys
  "feature.node.kubernetes.io/cpu-security.tdx.total_keys": "31",
```

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2023-03-31 09:12:26 +02:00
Carlos Eduardo Arango Gutierrez
7171cfd4eb
cpu: expose AMD SEV support
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
2023-03-30 15:19:43 +02:00
AhmedGrati
02b3b7c7e0 feat: add enableTaints to helm chart
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-03-21 10:49:24 +01:00
Talor Itzhak
5c6be580f4 reactive updates: add an option to disable the feature
Access to the kubelet state directory may raise concerns in some setups, added an option to disable it.
The feature is enabled by default.

Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2023-03-16 11:53:16 +02:00
Talor Itzhak
727de56191 documentaion: document the reactive updates feature
Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2023-03-16 11:53:12 +02:00
Talor Itzhak
8924213d14 topology-updater: make it possible to disable sleep-interval
Especially convenient for testing porpuses and
completely harmless

Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2023-03-12 12:43:17 +02:00
Sajiyah Salat
7082c31d6c
Update worker-configuration-reference.md 2023-03-08 21:33:44 +05:30
Sajiyah Salat
fb2d70a313
Update worker-configuration-reference.md 2023-03-08 21:28:45 +05:30
AhmedGrati
ff2dddd27d docs: fix usage cusomization guide typos
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-02-27 10:26:25 +01:00
Jose Luis Ojosnegros Manchón
b340d112a8 topology-updater:compute pod set fingerprint
Add an option to compute the fingerprint of the current pod set on each
node.

Report this new fingerprint using an attribute in NRT object.
2023-02-22 10:22:50 +01:00
Kubernetes Prow Robot
69440d7820
Merge pull request #1062 from yanggangtony/fix-doc
docs: describe nfd-topology-gc in introduction.md
2023-02-21 02:17:48 -08:00
Muyassarov, Feruzjon
0e2f2c4587 go.mod: bump cpuid to v2.2.4
Bump cpuid version to v2.2.4 in the go.mod so that WRMSRNS (
Non-Serializing Write to Model Specific Register) and MSRLIST
(Read/Write List of Model Specific Registers) instructions are
detectable.

Signed-off-by: Muyassarov, Feruzjon <feruzjon.muyassarov@intel.com>
2023-02-20 22:58:59 +02:00
yanggang
150d4f4db2
docs: describe nfd-topology-gc in introduction.md
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-02-18 06:12:35 +08:00
Guangwen Feng
8ad6c5b425 Fix some typos
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2023-02-16 22:08:00 +08:00
Kubernetes Prow Robot
a92614c292
Merge pull request #1051 from AhmedGrati/feat-add-deny-label-ns-with-wildcard
feat: add deny-label-ns flag which supports wildcard
2023-02-15 03:42:25 -08:00
AhmedGrati
b499799364 feat: add deny-label-ns flag which supports wildcard
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-02-15 09:47:00 +01:00
Kubernetes Prow Robot
e3b9184354
Merge pull request #1027 from marquiz/devel/image-full
images: base the default image on distroless/base
2023-02-10 08:07:30 -08:00
AhmedGrati
07d5ffe4b8 helm: make master port configurable
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-02-01 10:03:06 +01:00
Markus Lehtonen
cd62f6566f images: base the default image on distroless/base
Make distroless/base as the base image for the default image,
effectively making the minimal image as the default. Add a new "full"
image variant that corresponds the previous default image. The
"*-minimal" container image tag is provided for backwards compatibility.

The practical user impact of this change is that hook support is limited
to statically linked ELF binaries. Bash or Perl scripts are not
supported by the default image, anymore, but the new "full" image
variant can be used for backwards compatibility.
2023-01-31 11:30:38 +02:00
Chandan Abhyankar
d66096a491 cpu: support for detecting nx-gzip coprocessor feature
Nest accelerator gzip support for IBM Power systems.

Signed-off-by: Chandan Abhyankar <Chandan.Abhyankar@ibm.com>
2023-01-17 23:18:16 -08:00
Hiren Panchasara
bfbc47f55e docs: fix internal cross-page references by injecting .md 2023-01-16 20:53:36 -08:00
PiotrProkop
3143faf0ab Add documentation for topology garbage collector
Signed-off-by: PiotrProkop <pprokop@nvidia.com>
2023-01-11 10:15:38 +01:00
Kubernetes Prow Robot
0159ab04e7
Merge pull request #1021 from fmuyassarov/docs-taint
Docs: mention tainting in the intro section
2023-01-02 02:19:30 -08:00
Kubernetes Prow Robot
79cd4fc094
Merge pull request #1023 from fmuyassarov/sfr-support
Bump cpuid to v2.2.3
2023-01-02 01:27:31 -08:00
Muyassarov, Feruzjon
d9dc4b09d5 Bump cpuid to v2.2.3
Bump cpuid to v2.2.3 which adds support for detecting Intel Sierra
Forest instructions like AVXIFMA, AVXNECONVERT, AVXVNNIINT8 and
CMPCCXADD.
Signed-off-by: Muyassarov, Feruzjon <feruzjon.muyassarov@intel.com>
2022-12-30 11:42:05 +02:00
Muyassarov, Feruzjon
842153a907 Docs: mention tainting in the intro section
Signed-off-by: Muyassarov, Feruzjon <feruzjon.muyassarov@intel.com>
2022-12-28 14:00:04 +02:00
Markus Lehtonen
8c0e38d0c5 docs: fix typo in CRD name 2022-12-21 13:42:10 +02:00
Markus Lehtonen
b91922746a docs: mention NodeFeature as an extension point
In the CRD intro, mention that NodeFeature can be used as an integration
point for 3rd party extensions.
2022-12-21 13:26:31 +02:00
Markus Lehtonen
27c47bd088 docs: better document differences between deployment methods 2022-12-20 16:29:48 +02:00
Markus Lehtonen
3209c14bea docs: document NodeFeature API
Document the usage of the NodeFeature CRD API. Also re-organize the
documentation a bit, moving the description of NodeFeatureRule
controller from customization guide to nfd-master usage page.
2022-12-14 22:33:12 +02:00
Markus Lehtonen
9f0806593d nfd-master: rename -featurerules-controller flag to -crd-controller
Deprecate the '-featurerules-controller' command line flag as the name
does not describe the functionality anymore: in practice it controls the
CRD controller handling both NodeFeature and NodeFeatureRule objects.
The patch introduces a duplicate, more generally named, flag
'-crd-controller'. A warning is printed in the log if
'-featurerules-controller' flag is encountered.
2022-12-14 10:23:45 +02:00
Markus Lehtonen
5a717c418b docs: small reordering of master cmdline reference
Move documentation of -enable-taints near '-enable-nodefeature-api' and
'-no-publish' as they are related in that they control the enablement of
APIs.
2022-12-14 07:31:28 +02:00
Markus Lehtonen
6ddd87e465 nfd-master: support NodeFeature objects
Add initial support for handling NodeFeature objects. With this patch
nfd-master watches NodeFeature objects in all namespaces and reacts to
changes in any of these. The node which a certain NodeFeature object
affects is determined by the "nfd.node.kubernetes.io/node-name"
annotation of the object. When a NodeFeature object targeting certain
node is changed, nfd-master needs to process all other objects targeting
the same node, too, because there may be dependencies between them.

Add a new command line flag for selecting between gRPC and NodeFeature
CRD API as the source of feature requests. Enabling NodeFeature API
disables the gRPC interface.

 -enable-nodefeature-api   enable NodeFeature CRD API for incoming
                           feature requests, will disable the gRPC
                           interface (defaults to false)

It is not possible to serve gRPC and watch NodeFeature objects at the
same time. This is deliberate to avoid labeling races e.g. by nfd-worker
sending gRPC requests but NodeFeature objects in the cluster
"overriding" those changes (labels from the gRPC requests will get
overridden when NodeFeature objects are processed).
2022-12-14 07:31:28 +02:00
Markus Lehtonen
237494463b nfd-worker: support creating NodeFeatures object
Support the new NodeFeatures object of the NFD CRD api. Add two new
command line options to nfd-worker:

 -kubeconfig               specifies the kubeconfig to use for
                           connecting k8s api (defaults to empty which
                           implies in-cluster config)
 -enable-nodefeature-api   enable the NodeFeature CRD API for
                           communicating node features to nfd-master,
                           will also automatically disable gRPC
                           (defgault to false)

No config file option for selecting the API is available as there should
be no need for dynamically selecting between gRPC and CRD. The
nfd-master configuration must be changed in tandem and it is safer (and
avoid awkward configuration races) to configure the whole NFD deployment
at once.

Default behavior of nfd-worker is not changed i.e. NodeFeatures object
creation is not enabled by default (but must be enabled with the command
line flag).

The patch also updates the kustomize and Helm deployment, adding RBAC
rules for nfd-worker and updating the example worker configuration.
2022-12-14 07:31:28 +02:00
Kubernetes Prow Robot
776a8c335c
Merge pull request #980 from marquiz/devel/topology-updater
nfd-topology-updater: update NodeResourceTopology objects directly
2022-12-08 01:44:22 -08:00
Markus Lehtonen
f13ed2d91c nfd-topology-updater: update NodeResourceTopology objects directly
Drop the gRPC communication to nfd-master and connect to the Kubernetes
API server directly when updating NodeResourceTopology objects.
Topology-updater already has connection to the API server for listing
Pods so this is not that dramatic change. It also simplifies the code
a lot as there is no need for the NFD gRPC client and no need for
managing TLS certs/keys.

This change aligns nfd-topology-updater with the future direction of
nfd-worker where the gRPC API is being dropped and replaced by a
CRD-based API.

This patch also update deployment files and documentation to reflect
this change.
2022-12-08 11:03:22 +02:00
Markus Lehtonen
881ee13654 docs: remove non-existent nodeFeatureRule.createCRD parameter
This value was recently dropped.
2022-12-07 16:25:43 +02:00
Markus Lehtonen
0834ec5cbf go.mod: update to klauspost/cpuid to v2.2.2
Support detection of Intel TME (Total Memory Encryption) plus AMXFP16
and PREFETCHI.
2022-12-07 13:58:19 +02:00
Feruzjon Muyassarov
984a3de198 Document tainting feature
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2022-12-02 17:29:10 +02:00
Kubernetes Prow Robot
f740f084e0
Merge pull request #976 from marquiz/docs/customization-guide
docs: small update to customization guide
2022-12-01 12:51:55 -08:00
Markus Lehtonen
72e523f277 scripts/mdlint: update mdlint to v0.12.0 2022-12-01 20:57:21 +02:00
Markus Lehtonen
32b252147c docs: small update to customization guide
Add a reference to the label rule format in the NodeFeatureRule section.
Also make it explicit in the beginning of Hooks section that hooks are
deprecated.
2022-12-01 18:33:48 +02:00
Markus Lehtonen
8a45384037 docs: simplify quick-start page
Move topology-updater deployment notes to the topology-updater usage
page. Also, rework the plaintext and headings a bit.
2022-12-01 12:22:23 +02:00
Markus Lehtonen
cdc7558f6f docs: better document custom resources
Add a separate page for describing the custom resources used by NFD.
Simplify the Introduction page by moving the details of
NodeResourceTopology from there. Similarly, drop long
NodeResourceTopology example from the quick-start page, making the page
shorter and simpler.
2022-12-01 11:12:59 +02:00
Kubernetes Prow Robot
efc833d1c7
Merge pull request #970 from marquiz/docs/worker-helm-sa-params
docs: document helm chart params related to worker serviceaccount
2022-11-28 08:36:08 -08:00
Markus Lehtonen
d0a4cf7564 docs: document helm chart params related to worker serviceaccount 2022-11-28 18:07:17 +02:00
Markus Lehtonen
c1fa8b2f28 docs: revise topology-updater helm chart rbac parameters 2022-11-28 17:49:19 +02:00
Markus Lehtonen
eb8e29c80a nfd-worker: drop deprecated command line flags
Drop the following flags that were deprecated already in v0.8.0:

-sleep-interval  (replaced by core.sleepInterval config file option)
-label-whitelist (replaced by core.labelWhiteList config file option)
-sources         (replaced by -label-sources flag)
2022-11-23 22:33:51 +02:00
Talor Itzhak
d495376f06 docs: topology-updater: update docs for exclude-list feature
Update the docs with explanations and examples
about the exclude-list feature.

Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2022-11-21 21:31:51 +02:00
Markus Lehtonen
6f49421c0e docs: update github-pages gem to v227 2022-11-16 21:08:13 +02:00
Garrybest
3ec1b94020 get kubelet config from configz
Signed-off-by: Garrybest <garrybest@foxmail.com>
2022-11-08 23:52:35 +08:00
Markus Lehtonen
6171c745a4 docs: restructure docs
Introduce two main sections "Deployment" and "Usage" and move "Developer
guide" to the top level, too. In particular, split the huge
deployment-and-usage file into multiple parts under the new main
sections. Move customization guide from "Advanced" to "Usage".
This patch also renames "Advanced" to "Reference" as only that is left
there is reference documentation.
2022-11-03 10:26:56 +02:00
Markus Lehtonen
3a279ce751 docs: update the name of the base image 2022-11-02 15:10:46 +02:00
Kubernetes Prow Robot
e5c8180558
Merge pull request #937 from pacoxu/master
Stop using the beta.kubernetes.io/os and arch labels
2022-10-27 05:36:32 -07:00
Paco Xu
4e12ed8aac Stop using the beta.kubernetes.io/os and arch labels 2022-10-27 11:03:14 +08:00
Fabiano Fidêncio
d5db1cf907 cpu: Discover Intel TDX
Set `cpu-security.tdx.enable` to `true` when TDX is avialable and has
been enabled. otherwise it'll be set to `false`.

`/sys/module/kvm_intel/parameters/tdx` presence and content is used to
detect whether a CPU is Intel TDX capable.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-10-03 09:56:24 +02:00
Kubernetes Prow Robot
8662d17530
Merge pull request #871 from fmuyassarov/disable-hook
Config option to disable hooks
2022-09-26 10:40:08 -07:00
Markus Lehtonen
db7dd93a64 docs: fix incorrect shell snippet for removing labels 2022-09-15 16:18:09 +03:00
Markus Lehtonen
f21315d85f Update kubernetes registry to registry.k8s.io
Update registry location for non-nfd images.
2022-09-12 11:23:04 +03:00
Markus Lehtonen
4f34451db8 Update NFD registry to registry.k8s.io
Kubernetes has moved to a new container image registry:
https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c/m/FpHqeVR2BAAJ
2022-09-12 11:21:12 +03:00
Kubernetes Prow Robot
77af16fe9d
Merge pull request #880 from fmuyassarov/add-tiltfile/feruz
Add Tilt option for developing NFD
2022-09-06 12:06:23 -07:00
Kubernetes Prow Robot
81da164b7f
Merge pull request #833 from marquiz/devel/security-refactor
cpu: re-organize security features
2022-09-01 05:29:06 -07:00
Feruzjon Muyassarov
e7af8d068f Update documentation about hooks depreciation
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2022-09-01 10:58:35 +03:00
Feruzjon Muyassarov
a675fd93fd Don't advertise BASE_IMAGE_FULL and BASE_IMAGE_MINIMAL
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2022-08-30 17:37:01 +03:00
Feruzjon Muyassarov
a30ceb2973 Describe how to develop locally with Tilt
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2022-08-30 17:36:58 +03:00
Viktor Oreshkin
7498e49ba5 helm: add priorityClassName to worker
Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
2022-08-22 06:45:52 +03:00
Francesco Romani
622adf3863 test: e2e: configurable pull policy
In some cases (CI) it is useful to run NFD e2e tests using
ephemeral clusters. To save time and bandwidth, it is also useful
to prime the ephemeral cluster with the images under test.

In these circumstances there is no risk of running a stale image,
and having a `Always` PullPolicy hardcoded actually makes
the whole exercise null.

So we add a new option, disabled by default, to make the e2e
manifest use the `IfNotPresent` pull policy, to effectively
cover this use case.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2022-08-10 15:06:59 +02:00
Mikko Ylinen
026fcb2199 go.mod: update github.com/klauspost/cpuid to v2.1.0
The release relaxes detection of features that have non-AVX512
versions etc..

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-08-09 11:25:39 +03:00
Markus Lehtonen
f62b057bcd cpu: re-organize security features
Move existing security/trusted-execution related features (i.e. SGX and
SE) under the same "security" feature, deprecating the old features. The
motivation for the change is to keep the source code and user interface
more organized as we experience a constant inflow of similar security
related features. This change will affect the user interface so it is
less painful to do it early on.

New feature labels will be:

  feature.node.kubernetes.io/cpu-security.se.enabled
  feature.node.kubernetes.io/cpu-security.sgx.enabled

and correspondingly new "cpu.security" feature with "se.enabled" and
"sgx.enabled" elements will be available for custom rules, for example:

      - name: "sample sgx rule"
        labels:
          sgx.sample.feature: "true"
        matchFeatures:
          - feature: cpu.security
            matchExpressions:
              "sgx.enabled": {op: IsTrue}

At the same time deprecate old labels "cpu-sgx.enabled" and
"cpu-se.enabled" feature labels and the corresponding features for
custom rules. These will be removed in the future causing an effective
change in NFDs user interface.
2022-06-28 13:38:31 +03:00
Markus Lehtonen
136c036d4d Drop the iommu source
It was deprecated in v0.10.0.
2022-06-14 15:00:29 +03:00
Markus Lehtonen
b480f5b0ba docs: small typo fix in cpuid feature list 2022-06-08 09:16:37 +03:00
Markus Lehtonen
cc1da2efe3 docs: update x86 cpuid feature list
Update the partial list of x86 cpuid features that are presented in the
NFD documentation. In particular, the following instructions were left
out of the list: AVXSLOW, CETIBT, CETSS, CLDEMOTE, HLE, MPX, RTM,
RTM_ALWAYS_ABORT, SERIALIZE, SHA, TSXLDTRK.
2022-06-07 11:56:12 +03:00
Markus Lehtonen
05af1841cd docs: fix operator deployment instructions
Namespace parameter was dropped in operator v0.4.0.
2022-05-02 13:27:18 +03:00
Markus Lehtonen
9424eb7042 docs: remove fixed release tag in developer guide
Let the documentation follow the latest release name. Even if it's just
referential here it would look odd in the future if we refer to some
ancient version.
2022-03-29 09:47:42 +03:00
Jakob Naucke
9e95dde38b
cpu: Discover IBM Secure Execution
Set `cpu.se-enabled` to `true` when IBM Secure Execution for Linux
(IBM Z & LinuxONE) is available and has been enabled.

Uses `/sys/firmware/uv/prot_virt_host`, which is available in kernels
>=5.12 + backports. For simplicity, skip more complicated facility &
kernel cmdline lookups.
2022-03-28 12:28:07 +02:00
Carlos Eduardo Arango Gutierrez
cb0a6fca53
Add cpu-model feature detection (#792)
* Add cpu-model feature detection

Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>

* Apply suggestions from code review

Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>

Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
2022-03-28 02:51:23 -07:00
Kubernetes Prow Robot
f952b9feed
Merge pull request #794 from dailymotion-oss/feat/add-annotations-dp-ds
helm: add annotations to daemonset and deployment
2022-03-25 07:37:59 -07:00
Cyril Corbon
eeb1f0d5e5
helm: add annotations to daemonset and deployment
Signed-off-by: Cyril Corbon <cyril.corbon@dailymotion.com>
2022-03-24 12:13:29 +01:00
Markus Lehtonen
36341bf4c7 apis/nfd: empty match expression set returns no features for templates
This patch changes a rare corner case of custom label rules with an
empty set of matchexpressions. The patch removes a special case where an
empty match expression set matched everything and returned all feature
elements for templates to consume. With this patch the match expression
set logically evaluates all expressions in the set and returns all
matches - if there are no expressions there are no matches and no
matched features are returned. However, the overall match result
(determining if "non-template" labels will be created) in this special
case will be "true" as before as none of the zero match expressions
failed.

The former behavior was somewhat illogical and counterintuitive: having
1 to N expressions matched and returned 1 to N features (at most), but,
having 0 expressions always matched everything and returned all
features. This was some leftover proof-of-concept functionality (for
some possible future extensions) that should have been removed before
merging.
2022-03-24 11:43:42 +02:00
Carlos Eduardo Arango Gutierrez
73d874b92f
Fix a couple typos
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
2022-03-23 19:16:01 -04:00
Mikko Ylinen
9bbb960d35 deployment/helm: add resourceLabels to master args
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-23 06:59:49 +02:00
Kubernetes Prow Robot
dbc70713f7
Merge pull request #716 from marquiz/devel/iommu-version
source/pci: detect intel-iommu/version
2022-03-15 05:32:12 -07:00
Vaibhav Goel
b070684af0
Fixed the incorrect references (#769)
* Fixed the incorrect references in customization guide

* Fixd the line length issue on PR

* Fixed again the length issue

* Updated customization.md
2022-03-15 05:16:11 -07:00
Cam Hutchison
678080c5f1 docs: Update default K8S_NAMESPACE
Change the default K8S_NAMESPACE to node-feature-discovery from
kube-system. The default was changed in the Makefile in commit
5d4484a1d9, but the docs were not updated
to correspond with that.
2022-02-14 19:19:49 +11:00
Kubernetes Prow Robot
27ccbcec55
Merge pull request #754 from marquiz/documentation/custom-config
docs: use new custom rule format in worker config reference
2022-01-25 09:30:31 -08:00
Markus Lehtonen
fc32386287 docs: re-fix operator deployment instructions
Back to how it was - the 'stable' channel went away in the latest NFD
update on community-opetors (operatorhub.io).
2022-01-25 18:27:15 +02:00
Kubernetes Prow Robot
8bb3c84578
Merge pull request #726 from marquiz/documentation/operator-deployment
docs: fix operator deployment instructions
2022-01-25 05:42:32 -08:00
Kaito Ii
a717cfd716
docs: update helm document to match values.yaml (#727)
* update helm document to match values.yaml

* Add links
2022-01-25 01:00:32 -08:00
Markus Lehtonen
e3661bda30 docs: use new custom rule format in worker config reference
Also, update the reference linking to the documentation of the custom
source to point to the customization guide.
2022-01-25 10:31:21 +02:00
Markus Lehtonen
3a70803352 docs: drop topology-updater cmdline help from developer guide
Similar to what we did for nfd-master and nfd-worker in
0d21b3d720.
2022-01-21 17:06:52 +02:00
Markus Lehtonen
7e1f5cb347 docs: clarify deployment requirements 2022-01-21 15:21:51 +02:00
Markus Lehtonen
64b3838579 source/pci: detect intel-iommu/version
Discover "iommu/intel-iommu/version" sysfs attribute for pci devices.
This information is available for custom label rules.

An example custom rule:

  - name: "iommu version rule"
    labels:
      iommu.version_1: "true"
    matchFeatures:
      - feature: pci.device
        matchExpressions:
          "iommu/intel-iommu/version": {op: In, value: ["1:0"]}
2022-01-21 15:16:37 +02:00
Markus Lehtonen
f302962519 docs: fix operator deployment instructions 2022-01-21 15:15:20 +02:00
Kubernetes Prow Robot
8ea6b765c8
Merge pull request #698 from zvonkok/multi-arch
Multi ARCH build amd64, arm64
2022-01-20 07:21:52 -08:00
Zvonko Kaiser
c69e47a27a Iniital multi arch build 2022-01-20 15:41:08 +01:00
Kubernetes Prow Robot
cc08c39902
Merge pull request #715 from marquiz/documentation/features
docs: small fix in block and net features in customization guide
2022-01-11 06:41:17 -08:00
Markus Lehtonen
58a1b04b2f docs: small fix in block and net features in customization guide
In the list of available features, list 'name' separately as it's not
from a sysfs file like the other attributes.
2022-01-11 12:01:55 +02:00
Markus Lehtonen
152f3531fe source/pci: add iommu_group/type attribute
Add "iommu_group/type" to the list of PCI device attributes that are
discovered. The value is the raw value from sysfs (i.e DMA, DMA-FQ or
identity).

No built-in (automatic) labels are generated based on this, but, the
attribute is available for custom label rules to use. Examples of custom
rules:

  - name: "iommu enabled rule"
    labels:
      iommu.enabled: "true"
    matchFeatures:
      - feature: pci.device
        matchExpressions:
          "iommu_group/type": {op: NotIn, value: ["unknown"]}

  - name: "iommu passthrough rule"
    labels:
      iommu.passthrough: "true"
    matchFeatures:
      - feature: pci.device
        matchExpressions:
          "iommu_group/type": {op: In, value: ["identity"]}
2022-01-11 11:54:54 +02:00
Markus Lehtonen
fc25bf2dc2 docs: small tinkering on the TLS documentation
Add cross-referencing links to the helm deployment and configuration
sections. Use correct names for the tls related helm options
(tls.enabled and tls.certManager).
2022-01-10 19:12:05 +02:00
Kubernetes Prow Robot
5a2e0ce5a6
Merge pull request #704 from marquiz/documentation/customization-guide
docs: add customization guide
2022-01-10 08:17:13 -08:00
Dave Baker
9215d171c5 Initial bash at new TLS docs 2022-01-10 11:40:43 +00:00
Markus Lehtonen
302aa5a82a docs: add customization guide
Add a separate customization guide. Move documentation of the custom and
local sources there. Also, cover the new NodeFeatureRules custom
resource and the new expression-based label rule format.

This patch also simplifies the "Feature labels" page, describing
built-in labels. Reformat the tables describing feature labels.
2022-01-08 09:56:05 +02:00
Kubernetes Prow Robot
1567900238
Merge pull request #677 from marquiz/devel/iommu-deprecation
source/iommu: deprecate and disable by default
2022-01-05 10:05:48 -08:00
Kubernetes Prow Robot
ffb6a294e5
Merge pull request #699 from marquiz/devel/helm-featurerule-controller
deployment/helm: disable nfr controller for parallel instances
2022-01-05 06:08:34 -08:00
Markus Lehtonen
edb3e6824c deployment/helm: disable nfr controller for parallel instances
Change the helm chart so that the NodeFeatureRule controller will be
disabled for other than the default deployment (i.e. all deployments
where master.instance is non-empty), unless explicitly set to true. With
this we try to ensure that there is only on controller instance for the
CR, avoiding contention and conflicts.
2022-01-04 21:25:02 +02:00
Markus Lehtonen
812073a025 deployment/helm: refactor nfd-master rbac parameters
Move top-level serviceAccount and rbac fields under master, making the
Helm chart more coherent.

Also, drop unused rbac.serviceAccountName and
rbac.serviceAccountAnnotations from values.yaml.
2022-01-04 16:30:11 +02:00
Dave Baker
b0834d7862 Enable TLS and cert-manager created certs for helm chart 2022-01-04 12:27:02 +00:00
Markus Lehtonen
838a375f85 source/iommu: deprecate and disable by default
Deprecate the iommu source and disable it by default.
2021-12-20 10:21:29 +02:00
Markus Lehtonen
b89429a4db source/local: don't prefix label names with the filename
Implicitly injecting the filename of the hook/featurefile into the name
of the label is confusing, counter-intuitive and unnecessarily complex
to understand. It's much clearer to advertise features and labels as
presented in the feature file / output of the hook.

NOTE: this breaks backwards compatibility with usage scenarios that rely
on prefixing the label with the filename.
2021-12-13 09:00:59 +02:00
Markus Lehtonen
df25b81c2e docs: fix mistake in md format
Accidentally introduced in a57a25f63c.
2021-12-08 14:39:30 +02:00
Markus Lehtonen
58e1461d90 nfd-worker: add -feature-sources command line flag
Allows controlling (enable/disable) the "raw" feature detection.
Especially useful for development and testing.
2021-12-03 09:42:35 +02:00
Markus Lehtonen
df6909ed5e nfd-worker: add core.featureSources config option
Add a configuration option for controlling the enabled "raw" feature
sources. This is useful e.g. in testing and development, plus it also
allows fully shutting down discovery of features that are not needed in
a deployment. Supplements core.labelSources which controls the
enablement of label sources.
2021-12-03 09:42:35 +02:00
Markus Lehtonen
8cd58af613 nfd-worker: disable sources more easily
Make it easier to disable single sources by prefixing the source name
with a dash ('-') in the core.sources config option (or -sources cmdline
flag).
2021-12-02 10:36:51 +02:00
Markus Lehtonen
f00be091e3 docs: amend the documentation of core.labelSources option 2021-12-02 10:36:51 +02:00
Markus Lehtonen
a22bab2d3d docs: update docs on label-sources option
Update documentation on core.labelSources/core.sources config file
options and -label-sources/-sources command line flags.
2021-12-01 17:11:49 +02:00
Kubernetes Prow Robot
86bfe74cd7 Merge pull request #671 from marquiz/fixes/single-dash-flags
Use single-dash format of cmdline flags
2021-12-01 06:45:15 -08:00
Markus Lehtonen
a57a25f63c Use single-dash format of cmdline flags
Use the single-dash (i.e. '-option' instead of '--option') format
consistently accross log messages and documentation. This is the format
that was mostly used, already, and shown by command line help of the
binaries, for example.
2021-11-25 18:03:54 +02:00
Markus Lehtonen
0d21b3d720 docs: drop cmdline help from developer guide
These just keep getting out of sync and do not provide much value. Also,
we do have dedicated cmdline reference for all the executables.
2021-11-25 13:56:09 +02:00
Mikko Ylinen
8a39434659 source/cpu: detect Intel SGX
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-11-23 15:57:31 +02:00
Markus Lehtonen
e8872462dc nfd-master: add -featurerules-controller flag
Add a new command line flag for disabling/enabling the controller for
NodeFeatureRule objects. In practice, disabling the controller disables
all labels generated from rules in NodeFeatureRule objects.
2021-11-22 16:57:42 +02:00
Markus Lehtonen
e6e32a88c3 nfd-master: implement controller for NodeFeatureRule CRs
Implement a simple controller stub that operates on NodeFeatureRule
objects. The controller does not yet have any functionality other than
logging changes in the (NodeFeatureRule) objecs it is watching.

Also update the documentation on the -no-publish flag to match the new
functionality.
2021-11-22 16:57:42 +02:00
Kubernetes Prow Robot
ec57057d3c
Merge pull request #659 from vaibhav2107/contri-slack
Update the link of slack channel
2021-11-18 00:19:04 -08:00
Vaibhav
e4385d2402 Update the link of slack channel 2021-11-18 11:39:18 +05:30
Markus Lehtonen
c3e2315834 pkg/apis/nfd: specify CRD for custom labeling rules
Add a cluster-scoped Custom Resource Definition for specifying labeling
rules. Nodes (node features, node objects) are cluster-level objects and
thus the natural and encouraged setup is to only have one NFD deployment
per cluster - the set of underlying features of the node stays the same
independent of how many parallel NFD deployments you have. Our extension
points (hooks, feature files and now CRs) can be be used by multiple
actors (depending on us) simultaneously. Having the CRD cluster-scoped
hopefully drives deployments in this direction. It also should make
deployment of vendor-specific labeling rules easy as there is no need to
worry about the namespace.

This patch virtually replicates the source.custom.FeatureSpec in a CRD
API (located in the pkg/apis/nfd/v1alpha1 package) with the notable
exception that "MatchOn" legacy rules are not supported. Legacy rules
are left out in order to keep the CRD simple and clean.

The duplicate functionality in source/custom will be dropped by upcoming
patches.

This patch utilizes controller-gen (from sigs.k8s.io/controller-tools)
for generating the CRD and deepcopy methods. Code can be (re-)generated
with "make generate". Install controller-gen with:

  go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0

Update kustomize and helm deployments to deploy the CRD.
2021-11-17 13:40:23 +02:00
Swati Sehgal
b444ef95a8 NFD-Topology-Updater: Bump NRT API to version v0.0.12
The NodeResourceTopology API has been made cluster
scoped as in the current context a CR corresponds to
a Node and since Node is a cluster scoped resource it
makes sense to make NRT cluster scoped as well.

Ref: https://github.com/k8stopologyawareschedwg/noderesourcetopology-api/pull/18
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
2021-11-16 13:28:23 +00:00
Ukri Niemimuukko
90598d3b5a More topology updater documentation typo fixes
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2021-11-12 14:25:32 +02:00
Kubernetes Prow Robot
b26a12cc17
Merge pull request #640 from eliaskoromilas/worker-config
deployment: Implicitly generate the worker ConfigMap name
2021-11-12 03:38:28 -08:00
Ukri Niemimuukko
0a2e3bb18d Topology-updater introduction typo fix
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2021-11-12 12:10:33 +02:00
Elias Koromilas
e22b937391 Implicitly generate the worker ConfigMap name
Signed-off-by: Elias Koromilas <elias.koromilas@gmail.com>
2021-11-03 11:21:58 +02:00
Swati Sehgal
ab62172a8d Documentation capturing enablement of NFD-Topology-Updater in NFD
Prior to this feature, NFD consisted of only software components namely
nfd-master and nfd-worker. We have introduced another software component
called nfd-topology-updater.

NFD-Topology-Updater is a daemon responsible for examining allocated resources
on a worker node to account for allocatable resources on a per-zone basis (where
a zone can be a NUMA node). It then communicates the information to nfd-master
which does the CRD creation corresponding to all the nodes in the cluster. One
instance of nfd-topology-updater is supposed to be running on each node of the
cluster.

Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
2021-10-29 10:14:38 +01:00
Markus Lehtonen
9e9ff951b2 docs: mention minimum required kubectl version
Kubectl prior to v1.21 contains too old version of kustomize for our
(kustomize-based) deployment to work.
2021-10-26 18:01:25 +03:00
Wei Zhang
158a5590ab deployment: add topology updater helm chart
Signed-off-by: Wei Zhang <kweizh@gmail.com>
2021-10-26 10:52:40 +08:00
Elias Koromilas
c17a898c4c
deployment: Simplify NFD worker configuration in Helm (#627)
* Simplify NFD worker service configuration in Helm

Signed-off-by: Elias Koromilas <elias.koromilas@gmail.com>

* Update docs/get-started/deployment-and-usage.md

Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>

Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
2021-10-25 09:34:23 -07:00
Markus Lehtonen
d65d6ab2f4 docs: update ruby deps 2021-10-11 11:27:16 +03:00
Markus Lehtonen
f8bacd9097 docs: update jekyll-rdt-theme to v2.0.10
Update jekyll-rdt-theme to the latest released version. Also sync site
customization (docs/_includes) with that.
2021-10-11 11:26:37 +03:00
Markus Lehtonen
819f333118 docs: fix TOCs
Make table of contents in the pages cleaner and more readable by
dropping the main heading (H1 level) from TOCs. This was the original
intention with the usage of "no_toc" kramdown magic, which was broken,
however. The kramdown class magic needs to be specified on the line
immediately following the headinds, otherwise it has no effect. We need
to disable MD022 rule of mdlint as it does not understand this magic.
2021-09-30 10:26:25 +03:00
krishna2603
dbb99c6f18
Update developer-guide.md
changed exapmle to example
2021-09-29 23:58:27 +05:30
Markus Lehtonen
89d0f4ff3c docs: remote wip note from worker configuration reference
All configuration options are documented.
2021-09-27 15:37:50 +03:00
Carlos Eduardo Arango Gutierrez
6f4fbefacd
Fix broken link on docs/get-started
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
2021-09-21 07:57:55 -05:00
Carlos Eduardo Arango Gutierrez
f9e09e5fd4
Fix broken link for worker-conf example
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
2021-09-02 11:41:03 -05:00
Kubernetes Prow Robot
92920d48d3
Merge pull request #589 from vaibhav2107/link-deploy
Fix a link in deployment-and-usage.md
2021-09-02 05:46:10 -07:00
Vaibhav
ac720ef57a Fix a link in deployment-and-usage.md 2021-09-01 22:41:04 +05:30
Kubernetes Prow Robot
189f86bec8
Merge pull request #548 from marquiz/devel/profile-ns
nfd-master: allow profile.node.kubernetes.io label ns
2021-08-27 07:24:04 -07:00
Vaibhav Goel
87feb9610b
Fix the typo in deployment-and-usage.md (#575)
* Fix the typo in deployment-and-usage.md

* Update in doc/get-started/deployment-and-usage.md
2021-08-25 00:32:39 -07:00
Kubernetes Prow Robot
c07c6354fc
Merge pull request #572 from marquiz/docs/cstate
docs: clarify the cpu.cstate feature
2021-08-19 07:55:24 -07:00
Markus Lehtonen
7dfd7d289f docs: document all the provided kustomize overlays 2021-08-18 15:10:25 +03:00
Markus Lehtonen
63c1256d08 Drop deployment templates
Resort to kustomize, instead. Update docs and scripts, accordingly.

Bump cert-manager version in the deployment instructions to v1.5.1.
2021-08-18 15:10:25 +03:00
Markus Lehtonen
0f2554abf1 helm: move files under deployment/helm 2021-08-16 14:44:26 +03:00
Markus Lehtonen
4ef58d7fc8 docs: clarify the cpu.cstate feature 2021-08-13 11:43:03 +03:00
Markus Lehtonen
55bd633425 nfd-master: allow profile.node.kubernetes.io label ns
Add a separate label namespace for profile labels, intended for
user-specified higher level "meta features". Also sub-namespaces of this
(i.e. <sub-ns>.profile.node.kubernetes.io) are allowed.
2021-08-10 19:39:59 +03:00
Kubernetes Prow Robot
4a22a39928
Merge pull request #536 from marquiz/devel/label-sub-ns
nfd-master: allow sub-namespaces of the default label ns
2021-08-10 04:19:18 -07:00
Markus Lehtonen
eb666f521d nfd-master: allow sub-namespaces of the default label ns
Allow <sub-ns>.feature.node.kubernetes.io label namespaces. Makes it
possible to have e.g. vendor specific label ns without the need to user
-extra-label-ns.
2021-08-10 11:41:52 +03:00
Carlos Eduardo Arango Gutierrez
59172007b2
Remove wrong comands
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
2021-08-04 21:01:02 -05:00
Markus Lehtonen
31bd91988f cpuid: correct the name of SSE4* cpuid flags
The naming was changed in when with cpuid v2
(github.com/klauspost/cpuid/v2) and we didn't catch this in NFD. No
issue reports of the inadvertent naming change so let's just adapt to
the updated naming in NFD configuration. The SSE4* labels are disabled
by default so they're not widely used, if at all.
2021-07-06 11:54:55 +03:00
Markus Lehtonen
4d19e1ab85 docs: show full version number in sidebar
Change the sidebar customization so that the full version (e.g. v0.8.2)
is displayed, instead of the truncated "releae branch version" (e.g.
v0.8) in the top left corner of the page. The items in the version menu
are unchanged and will still show the shorter form.
2021-05-19 11:02:10 +03:00
Jorik Jonker
d857f88d2d Add support for using USB device serial number
In my homelab, I have different FTDI serial converters connected to
several utility meters. They all have identical vendor/device, but
different serials.

In order to detect a specific FTDI unit (eg.  the one connected to my
electricity meter), I'd like feature labels triggered by a specific USB
serial.

Signed-off-by: Jorik Jonker <jorik@kippendief.biz>
2021-05-06 13:34:39 +00:00
Jordan Jacobelli
630e97a52c helm: add extraLabelNs master flag
Signed-off-by: Jordan Jacobelli <jordanjacobelli04@gmail.com>
2021-04-20 16:25:12 +02:00
robertdavidsmith
77bd4e4cf6
Accept client certs based on SAN, not just CN (#514)
* first attempt at SAN-based VerifyNodeName

* Update docs on verify-node-name
2021-04-20 01:44:32 -07:00
rmr-silicom
a896ff3011
Add support for configurable runtime full and minimal images. (#513)
* Add support for configurable runtime full and minimal images.

* Fixups and renamings.

* Change variables *_IMG_* to *_IMAGE_*

* Fix args in Dockerfile also.
2021-04-20 00:42:33 -07:00
Markus Lehtonen
72a4162c98 docs: fixes in Helm documentation
Use correct spelling of Helm in heading (start with a capital letter).
Use https url for the chart repo.
2021-04-13 10:09:43 +03:00
Kubernetes Prow Robot
ba51a92d63
Merge pull request #492 from adrianchiris/doc-fix-1
Docs: Add Table header to master/worker chart parameters
2021-03-18 10:11:20 -07:00
Adrian Chiris
30dabcf7bf Docs: Add Table header to master/worker chart parameters
While on the project website it looks OK, it does
not render correctly in Markdown.

Signed-off-by: Adrian Chiris <adrianc@nvidia.com>
2021-03-18 15:31:41 +00:00
Markus Lehtonen
11def7b459 docs: describe Helm repo as the primary option for Helm 2021-03-18 16:55:28 +02:00
Kubernetes Prow Robot
b8a1426252
Merge pull request #481 from marquiz/docs/config-reference
docs: document all config file options
2021-03-17 06:28:56 -07:00
Markus Lehtonen
c670526d9f docs: unify the presentation of defaults in worker config reference 2021-03-16 15:09:53 +02:00
Markus Lehtonen
30ef376568 docs: document all config file options
Add rudimentary documentation of all options related to feature sources.
Now all options are covered in the config reference.
2021-03-16 15:09:53 +02:00
Markus Lehtonen
9ba153e081 docs: fix some internal references
Some reference point to the wrong section after headings have changed.
2021-03-16 14:24:15 +02:00
Kubernetes Prow Robot
a78a5d5973
Merge pull request #472 from marquiz/documentation/helm
docs: updates to documentation of Helm parameters
2021-03-16 02:46:34 -07:00
Kubernetes Prow Robot
d15227fe5b
Merge pull request #471 from marquiz/devel/image-minimal
docs: describe deployment of the minimal image
2021-03-15 08:05:05 -07:00
Mikko Ylinen
ee261b8288 Document cert-manager usage
cert-manager can be used to automate TLS certificate management for
nfd-master and the nfd-worker pod(s).

Add a template to deploy cert-manager CA Issuer and Certificates and
document steps how to use them.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-03-12 09:39:30 +02:00
Markus Lehtonen
02e5e50dbb docs: describe deployment of the minimal image 2021-03-11 20:35:21 +02:00
Kubernetes Prow Robot
e0d700d378
Merge pull request #463 from bfournie/new_cpu_features
Support for additional cpu features
2021-03-11 07:30:21 -08:00
Kubernetes Prow Robot
344f412e95
Merge pull request #470 from marquiz/docs/headings
docs: unify capitalization of headings
2021-03-11 02:12:24 -08:00
Markus Lehtonen
7fc6cd632c docs: unify capitalization of headings 2021-03-11 12:07:01 +02:00
Markus Lehtonen
708576cd71 docs: change the default of Helm image.repository parameter
Take the default value displayed for the image.repository Helm chart
parameter dynamically from the Jekyll configuration. This way, we
get the correct value for releases/release branches.
2021-03-10 14:21:19 +02:00
Markus Lehtonen
4039278fdf docs: document the image.tag helm parameter 2021-03-10 14:21:17 +02:00
Markus Lehtonen
f4e0c589b8 docs: update documentation on the image variants 2021-03-10 11:10:08 +02:00
Bob Fournier
a65f73e834 Support for additional cpu features
This adds additional cpu features:
- pstate status from status of intel_pstate driver
- pstate scaling settings from scaling_governor
- cstate enable from max_cstates in intel_idle driver
2021-03-05 13:15:49 -05:00
Markus Lehtonen
7e6f740c9f test/e2e: make openshift bits optional
Only enabled if OPENSHIFT is specified in the environment when running
make e2e-test, for example:

  $ OPENSHIFT=y make e2e-test
2021-02-25 17:54:07 +02:00
Markus Lehtonen
3f18e880b4 nfd-worker: dynamic configuration of klog
Make it possible to dynamically (at run-time) alter most of the logging
configuration from the config file.
2021-02-25 16:10:43 +02:00
Markus Lehtonen
7da7fde8f6 nfd-worker: switch to klog
Greatly expands logging capabilities and flexibility with verbosity
options, among other things.
2021-02-25 16:10:43 +02:00
Kubernetes Prow Robot
efa74905ba
Merge pull request #445 from marquiz/devel/klog
nfd-master: switch to klog
2021-02-25 05:43:25 -08:00
Markus Lehtonen
3886cfb99e docs: fix mdlint issues 2021-02-25 15:13:40 +02:00
Markus Lehtonen
bc289d0783 docs: enable markdown linting 2021-02-25 15:13:40 +02:00
Markus Lehtonen
3ffb7b8fc5 nfd-master: switch to klog 2021-02-25 07:50:37 +02:00
Markus Lehtonen
7c9943e634 docs: align docs with the single-dash command line flags
After moving to the flags package for command line argument parsing NFD
accepts command line arguments (flags) starting with a single dash (e.g.
-no-publish in addition to --no-publish). Even if double-dash can be
used the single-dash version is printed e.g. in the usage string (from
-h, -help) so align documentation with that.
2021-02-24 21:31:07 +02:00
Kubernetes Prow Robot
d36500789e
Merge pull request #429 from slintes/configmap-hostname-labels
Added nodename rule to custom source
2021-02-24 09:20:50 -08:00
Marc Sluiter
7038e49d02
source/custom: Add nodename rule
There are cases when the only available metadata for discovering
features is the node's name. The "nodename" rule extends the custom
source and matches when the node's name matches one of the given
nodename regexp patterns.
It is also possible now to set an optional "value" on custom rules,
which overrides the default "true" label value in case the rule matches.
In order to allow more dynamic configurations without having to modify
the complete worker configuration, custom rules are additionally read
from a "custom.d" directory now. Typically that directory will be filled
by mounting one or more ConfigMaps.

Signed-off-by: Marc Sluiter <msluiter@redhat.com>
2021-02-24 16:26:35 +01:00
Markus Lehtonen
3fd61eacdb nfd-worker: switch to flag in command line parsing 2021-02-24 12:06:16 +02:00
Markus Lehtonen
47033db9c1 nfd-master: use flag for command line parsing 2021-02-24 12:06:16 +02:00
Ivan Kolodyazhny
88bd80d415 Add NFD master '--instance' flag support to Helm chart 2021-02-21 09:45:20 +02:00
Adrian Chiris
e80900b8ee Add helm chart for NFD
This commit adds Helm chart for node-feature-discovery

Signed-off-by: Adrian Chiris <adrianc@nvidia.com>
Signed-off-by: Ivan Kolodiazhnyi <ikolodiazhny@nvidia.com>
2021-02-18 17:19:09 +02:00
Markus Lehtonen
d761bc4fcd docs: update documentation regarding configuration
Publish an incomplete version of the NFD Worker Configuration File
Reference, currently covering only the newly added 'core' configuration
flags.
2021-02-17 21:42:52 +02:00
Markus Lehtonen
7e88f00e05 nfd-worker: add core.sources config option
Add a config file option for controlling the enabled feature sources,
aimed at replacing the --sources command line flag which is now marked
as deprecated. The command line flag takes precedence over the config
file option.
2021-02-17 21:36:20 +02:00
Markus Lehtonen
ed177350fc nfd-worker: add core.labelWhiteList config option
Add a config file option for label whitelisting. Deprecate the
--label-whitelist command line flag. Note that the command line flag has
higher priority than the config file option.
2021-02-17 21:35:44 +02:00
Markus Lehtonen
d1d8de944e nfd-worker: add core.sleepInterval config option
Add a new config file option for (dynamically) controlling the sleep
interval. At the same time, deprecate the --sleep-interval command line
flag. The command line flag takes precedence over the config file option.
2021-02-17 21:35:13 +02:00
Markus Lehtonen
e52ec3480f nfd-master: implement --instance flag
This can be used to help running multiple parallel NFD deployments in
the same cluster. The flag changes the node annotation namespace to
<instance>.nfd.node.kubernetes.io allowing different nfd-master intances
to store metadata in separate annotations.
2021-02-10 13:48:31 +02:00
Kubernetes Prow Robot
8aa9460e66
Merge pull request #406 from mythi/cpuid-v2.0
go.mod: update klauspost/cpuid
2020-12-04 06:21:59 -08:00
Kubernetes Prow Robot
c624c88b10
Merge pull request #412 from marquiz/devel/prune
Add namespace and RBAC rules to nfd-prune.yaml.template
2020-12-03 05:41:00 -08:00
Markus Lehtonen
c7e66d910f Add namespace and RBAC rules to nfd-prune.yaml.template
Makes it possible to run prune on its own. Reflect this change in the
documentation.
2020-12-03 14:41:54 +02:00
Markus Lehtonen
d2bfa3c39b docs: more options in uninstallation instructions 2020-12-03 14:36:42 +02:00
Mikko Ylinen
94f49b9418 go.mod: update klauspost/cpuid
The latest changes in klauspost/cpuid add detection for Sapphire Rapids
new instructions.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2020-11-30 19:04:41 +02:00
Markus Lehtonen
979d3b88fe Add nfd-worker-conf ConfigMap to deployment templates
Add a virtually empty ConfigMap that is mounted inside the workers.
Makes it easier to start customizing the worker deployment e.g. with just:

  $ kubectl -n ${NFD_NS} edit configmap nfd-worker-conf

Create a new 'templates' make target for inserting the content of
nfd-worker.conf.example into the configmap spec of the templates. Thus,
'make templates' should be run whenever the example config is update.
Update the verify.sh prow script to check that the templates are up to
date.

This patch also streamlines the documentation about configuration
management, reflecting the changes.
2020-11-23 18:49:52 +02:00
Kubernetes Prow Robot
83e2a9defb
Merge pull request #356 from marquiz/devel/sources-flag
nfd-worker: add special handling for --sources=all
2020-11-22 01:53:33 -08:00
Markus Lehtonen
40be2c7e0c docs: specify container image in config 2020-11-20 17:00:19 +02:00
Markus Lehtonen
29cbb2429c nfd-worker: add special handling for --sources=all
A new special value 'all' is a shortcut for enabling all feature
sources. It should be the only name specified -- if any other names are
specified 'all' does not take effect, but, we only enable the listed
feature sources. E.g.
  --sources=all enables all sources, but
  --sources=all,cpu only enables the cpu source

Also, print a warning if unknown sources are specified.
2020-11-20 16:23:53 +02:00
Markus Lehtonen
417bc6cdcf docs: improve documentation of the custom source
Better explain where the rules configuration is supposed to be
specified.
2020-11-20 12:10:02 +02:00
Markus Lehtonen
880ef462f7 docs: drop broken/outdated reference to kubernetes-incubator 2020-11-02 17:07:12 +02:00
Markus Lehtonen
f3db20bdcb docs: support versioned links to gihub blobs
Make the links point to the blob from the release corresponding the
documentation.
2020-11-02 17:05:39 +02:00
Markus Lehtonen
18ffd2a06d docs: fix broken refs 2020-11-02 13:51:09 +02:00
Markus Lehtonen
5295feb1ee docs: polish the version menu
Only show the dynamic version menu in production environment where it's
available. Local (development) builds only show a stub version menu with
one item.

Also, fix the theme customization. Append version list items to the
correct element in html so that they are displayed correctly. Drop
unnecessary <div/>.
2020-10-30 08:41:33 +02:00
Markus Lehtonen
e036d26953 docs: update the navbar versions menu
Make it hidden, by default. Unify style with other items in the navbar
(making version list horizontal, for example). Show current version next
to the caret mark that opens the menu.
2020-10-29 22:32:25 +02:00
Markus Lehtonen
82f5c89e1a docs: sync navbar from jekyll-rdt-theme v2.0.9 2020-10-29 22:27:42 +02:00
Kubernetes Prow Robot
12b6812456
Merge pull request #371 from marquiz/documentation/dynamic-version-menu
docs: make the list of available versions dynamic
2020-10-29 13:08:07 -07:00
Markus Lehtonen
f6669e7d66 docs: add todo/placeholder pages under advanced
Placeholders for content that will be added in the future. Do not
publish these virtually empty pages.
2020-10-29 14:08:16 +02:00
Markus Lehtonen
fb106558e8 docs: instructions for uninstallation and operator usage
Describe NFD deployment via the operator.

Add minimal documentation for uninnstalling NFD. Add instructions and
template spec for running "nfd-master --prune".  Also modify the RBAC
rules in nfd-master spec template to make it possible doing --prune
(allow nfd-master to list nodes in the cluster).
2020-10-29 14:08:16 +02:00
Markus Lehtonen
409ad01a1c docs: describe deployment using templates
Use the existing content as a base but with heave editing. Move local
examples involving make to the developers guide.

Drop the really hackish label-nodes.sh. Just replace it with command
line examples in the documentation. If somebody really is dying for this
write it from scratch and put under scripts/hack.
2020-10-29 14:08:16 +02:00
Markus Lehtonen
0c276b6298 docs: add instructions for working on documentation 2020-10-29 14:08:16 +02:00
Markus Lehtonen
6c0d6c9003 docs: add commandline references for nfd-master and nfd-worker 2020-10-29 14:08:16 +02:00
Markus Lehtonen
2469db839f docs: markdown style fixes
Fix markdown syntax and style for content that was moved from README.md
to docs/:
- get-started/introduction
- examples-and-demos
- get-started/features
- contributing

Unify the spelling of master and worker in headings and beginning of
senctences.

Also, env variable for container name in developers-guide.
2020-10-29 14:08:16 +02:00
Markus Lehtonen
a9d45c80ac README: move content over to docs/
Move all content from README.md to the Jekyll site under docs/. Also
re-organize it into multiple sub-pages.

Populate README with fresh content turning it into virtually a big link
to the html-based documentation site. Spiced up with super-quick-start
instructions.
2020-10-29 14:07:08 +02:00
Markus Lehtonen
2215cfa7c6 docs: add landing page and quick-start guide 2020-10-29 13:29:10 +02:00
Markus Lehtonen
c05c6f2e5b docs: make the list of available versions dynamic
Make the list of available versions dynamic. The items displayed is now
generated with javascript. The parent directory of the site is supposed
to contain versions.js providing getVersionListItems() that returns the
available versions.

The update-gh-pages.sh script is modified to update/create versions.js
on every invocation. It simply lists all directories in the root
directory and adds them to the version list.
2020-10-22 21:44:49 +03:00
Markus Lehtonen
194f42f5c9 docs: pin version of jekyll-rtd-theme
Sync our customizations under _includes/ with v2.0.9 of
jekyll-rtd-theme. Also, pin the theme version in order to avoid abrupt
build failures in the future (caused by our customization becoming
incompatible with the rolling latest version).

Also, drop jekyll-rtd-theme from the Gemfile. It's useless there as it's
being mandated by remote-theme setting in _config.yml.
2020-10-22 21:32:17 +03:00
Markus Lehtonen
37cbf80c19 docs: customize the theme to show current version
Show current version (configured in _config.yml) in the sidebar instead
of the latest release from Github.
2020-10-08 10:53:27 +03:00
Markus Lehtonen
611612fd97 docs: add support for versioned documentation
Customize the Jekyll theme to add a simple list of versions.
2020-10-08 10:51:13 +03:00
Markus Lehtonen
5ec91935df Makefile: add rules for building html docs
Add rules for building and serving the html documentation inside a
container.
- 'make site-build' will build the html content unders docs/_site.
- 'make site-serve' builds the site content and serves it at
  http://localhost:4000/
2020-10-08 10:51:13 +03:00
Markus Lehtonen
d8ed7a7131 docs: initial site setup
Bootstrap a new Jekyll site with stub content for testing gh-pages
integration.

Use jekyll-rdt-theme from
https://github.com/rundocs/jekyll-rtd-theme
2020-10-08 10:50:04 +03:00