1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Commit graph

209 commits

Author SHA1 Message Date
Kubernetes Prow Robot
a530e7edd8
Merge pull request #100 from marquiz/feature/dockerignore
Update dockerignore
2019-05-08 10:04:36 -07:00
Markus Lehtonen
fbd76d7acd Update dockerignore
Exclude git files and dockerignore itself. Also, update some outdated
entries and sort the file.
2019-05-08 11:45:32 +03:00
Kubernetes Prow Robot
548c066ee9
Merge pull request #150 from marquiz/feature/logging
Simplify logging
2019-05-07 16:46:33 -07:00
Kubernetes Prow Robot
262e41a78c
Merge pull request #240 from marquiz/devel/fixes
apihelpers: drop unused fields from K8sHelpers
2019-05-07 09:01:51 -07:00
Kubernetes Prow Robot
75408d21fb
Merge pull request #238 from Ethyling/reviewer-ethyling
Add Ethyling to OWNERS file
2019-05-07 00:43:40 -07:00
Markus Lehtonen
5553259062 apihelpers: drop unused fields from K8sHelpers 2019-05-07 10:37:16 +03:00
Jordan Jacobelli
ec1ab2b74e
Add Ethyling to OWNERS file
Signed-off-by: Jordan Jacobelli <jjacobelli@nvidia.com>
2019-05-06 09:18:14 -07:00
Markus Lehtonen
75a8f0c146 Refactor APIHelpers
Remove functionality that was not interacting with Kubernetes API.
Makes the architecture a bit simpler and simplifies testing.
2019-05-06 16:26:41 +03:00
Markus Lehtonen
35d26001e4 nfd-worker: extend unit test to cover 'main'
Also, adds new method WaitForReady() into NfdMaster.

In practice, this quite widely tests nfd-master, too, as the tests
create an instance of NfdMaster and verify that the communication
between master and worker works.
2019-05-06 16:26:41 +03:00
Markus Lehtonen
2de0a019a3 Move most of functionality in cmd/ to pkg/
Move most of the code under cmd/nfd-master and cmd/nfd-worker into new
packages pkg/nfd-master and pk/nfd-worker, respectively. Makes extending
unit tests to "main" functions easier.
2019-05-06 16:26:41 +03:00
Kubernetes Prow Robot
92b0cd9834
Merge pull request #184 from marquiz/feature/travis-opt
travis: run in minimal environment and drop sudo
2019-04-27 15:02:22 -07:00
Markus Lehtonen
fa4d9b76e9 travis: run in minimal environment and drop sudo
Default language is ruby and we don't need that. The minimal environment
is enough. Also, no su privileges are needed to run the build.
2019-04-27 12:49:48 +03:00
Markus Lehtonen
d4cb0e742b Use standard logger for all feature sources 2019-04-25 17:17:41 +03:00
Markus Lehtonen
0c8fe34163 Drop glog based logging
Simplify logging of feature sources. Glog was used in some feature
sources, but, it was too complicated for the simple logging needs of
NFD.
2019-04-25 17:14:58 +03:00
Markus Lehtonen
e7d272ad0f Makefile: reorganise container image variables
Change the structure and naming of the make variables that control the
container image name/tag that gets created. Default values and behavior
stay the same, but, this change tries to make it easier to customize the
build from command line.

Also, document all the relevant make variables in readme.
2019-04-25 15:25:49 +03:00
Markus Lehtonen
61ffd260bb README: move description of hooks to the end of the feature source list
Move the documentation of the feature detection hooks (i.e. 'local'
feature source) after all other feature sources. It is a more logical
place to document custom user-specific functionality after the built-in
features. Also, adjust the title a bit.
2019-04-25 15:24:56 +03:00
Kubernetes Prow Robot
de94376a09
Merge pull request #236 from Ethyling/default-mount
Mount source.d and features.d in template YAMLs
2019-04-23 02:46:15 -07:00
Jordan Jacobelli
5df5e5c187 Mount source.d and features.d in template YAMLs
Signed-off-by: Jordan Jacobelli <jjacobelli@nvidia.com>
2019-04-22 10:07:23 -07:00
Kubernetes Prow Robot
b3c942e47a
Merge pull request #235 from marquiz/devel/sst-bf
source/cpu: detect SST-BF
2019-04-12 05:24:46 -07:00
Markus Lehtonen
ad17e5088b source/cpu: detect SST-BF
Detect of the Intel SST-BF (Speed Select Technology - Base Frequency)
has been enabled.

Adds one new feature label:
  feature.node.kubernetes.io/cpu-power.sst_bf.enabled=true

Based on a patch from kuralamudhan.ramakrishnan@intel.com
2019-04-12 15:11:55 +03:00
Markus Lehtonen
86382afe56 Re-factor cpuid functionality out of source/rdt
Move the cpuid functionality into a separate library package so that it
can be easily re-used by other sources.
2019-04-12 14:36:08 +03:00
Markus Lehtonen
c54551f599 Only read NodeName from env once, at startup
Simplifies the code a bit. Also, log NodeName at startup.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
6f73106d01 FIX split 2019-04-04 22:40:24 +03:00
Markus Lehtonen
0a22564b9f Dockerfile: set verbosity of gRPC
Makes solving issues easier when gRPC prints out information e.g. about
TLS authentication problems on the server (nfd-master) side, too.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
c107284cc5 README: align documentation with master-worker architecture 2019-04-04 22:40:24 +03:00
Markus Lehtonen
6562784d9f Include example of enabling TLS auth in the yaml templates 2019-04-04 22:40:24 +03:00
Markus Lehtonen
4c1e892d88 nfd-master: implement --verify-node-name
Make NodeName based authorization of the workers optional (off by
default). This makes it possible for all nfd-worker pods in the cluster
to use one shared secret, making NFD deployment much easier. However,
this also opens a way for nfd-workers to label other nodes (than what it
is running on), too.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
40061e6a78 nfd-worker: add --server-name-override
Command line option for overriding the Common Name (CN) expected from
the nfd-master TLS certificate. This can be especially handy in
testing/development.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
5253d25d99 Add worker (client) authentication
Implement TLS client certificate authentication. It is enabled by
specifying --ca-file, --key-file and --cert-file, on both the nfd-master
and nfd-worker side. When enabled, nfd-master verifies that the client
(worker) presents a valid certificate signed by the root certificate
(--ca-file). In addition, nfd-master does authorization based on the Common Name
(CN) of the client certificate: CN must match the node name specified in
the labeling request. This ensures (assuming that the worker
certificates are correctly deployed) that nfd-worker is only able to label
the node it is running on, i.e. prevents it from labeling other nodes.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
bca194f6e6 Implement TLS server authentication
Add support for TLS authentication. When enabled, nfd-worker verifies
that nfd-master has a valid certificate, i.e. signed by the given root
certificate and its Common Name (CN) matches the DNS name of the
nfd-master service being used. TLS authentication is enabled by
specifying --key-file and --cert-file on nfd-master, and, --ca-file on
nfd-worker.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
97694c15d8 Add template spec for running master and worker in the same pod
Makes deployment simpler, but, "softens" the setup by basically giving
nodes the capability to label themselves.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
f8bc07952f Fix unit tests after master-worker split
Refactor old tests and add tests for new functions. Add 'test' target in
Makefile.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
39be798472 Split NFD into client and server
Refactor NFD into a simple server-client system. Labeling is now done by
a separate 'nfd-master' server. It is a simple service with small
codebase, designed for easy isolation. The feature discovery part is
implemented in a 'nfd-worker' client which sends labeling requests to
nfd-server, thus, requiring no access/permissions to the Kubernetes API
itself.

Client-server communication is implemented by using gRPC. The protocol
currently consists of only one request, i.e. the labeling request.

The spec templates are converted to the new scheme. The nfd-master
server can be deployed using the nfd-master.yaml.template which now also
contains the necessary RBAC configuration. NFD workers can be deployed
by using the nfd-worker-daemonset.yaml.template or
nfd-worker-job.yaml.template (most easily used with the label-nodes.sh
script).

Only nfd-worker currently support config file or options. The (default)
NFD config file is renamed to nfd-worker.conf.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
61bcacc172 Update k8s go client to v1.10
Update client-go and related packages to the latest version.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
c1377589b3 Move version information into a separate module 2019-04-04 22:40:24 +03:00
Markus Lehtonen
2bf4d6f1f4 Migrate from glide to dep
Glide is not actively developed anymore, and, its documentation
recommends migrating to dep. Also, dep is widely used in other k8s
projects.

Migrating to dep dramatically reduces the size of the populated vendor/
directory from 75MB down to about 20MB.
2019-04-04 22:40:24 +03:00
Markus Lehtonen
12d6c2410e Re-generate mock sources
Add a new Makefile target for regenerating these files.  Also, add a
note that the files are auto-generated, including instructions how to
re-generate them.

Renames the mock files, using the defaults provided by the mockery tool,
in order to make their generation easier.
2019-04-04 22:40:24 +03:00
Kubernetes Prow Robot
effd6d436a
Merge pull request #228 from Ethyling/local-source-read-files
Allow to get labels by reading files in local source
2019-04-03 10:27:41 -07:00
Jordan Jacobelli
00f96c69d7 Allow to get labels by reading files in local source
The aim here is to add another way to specify labels using the local
source by reading files in a specific directory. That avoids us to
execute a hook when we just need to get the content of a file.
See https://github.com/kubernetes-sigs/node-feature-discovery/issues/226

Signed-off-by: Jordan Jacobelli <jjacobelli@nvidia.com>
2019-04-03 09:26:40 -07:00
Markus Lehtonen
3e8217e9ef source/memory: detect presence of NVDIMM devices
Add a new (binary) label indicating the presence of non-volatile DIMM
devices:
  feature.node.kubernetes.io/memory-nv.present
2019-03-19 09:38:30 +02:00
Markus Lehtonen
c52d01a6cb source/memory: refactor numa detection into a separate func 2019-03-19 09:38:30 +02:00
Kubernetes Prow Robot
c91af2a2f4
Merge pull request #225 from zvonkok/master
Add zvonkok to OWNERS file as a reviewer
2019-03-15 03:42:57 -07:00
Zvonko Kosic
16f5737853 Add zvonkok to OWNERS file 2019-03-14 13:29:26 -03:00
Alexander Kanevskiy
e26da96a6c Add kad as reviewer in OWNERS file 2019-03-14 17:16:49 +02:00
Markus Lehtonen
e866b6ee1c Implement RDT detection in go
Get rid of the dependency on intel-cmt-cat library and rdt helper
binaries written in C. Significantly simplifies the build procedure.

Implements minimal support (in assembler) for getting the raw data from
the CPUID instruction. Also, implement a stub so that the code works on
other architectures than amd64, too.
2019-02-22 22:23:13 +02:00
Markus Lehtonen
91b0714ab7 Use k8s apimachinery for label validation 2019-02-22 09:45:31 +02:00
Markus Lehtonen
7009fa2b5b Add validation for feature label values
Prevents NFD errors e.g. in the case custom hooks happen to output
invalid label values.
2019-02-20 08:41:34 +02:00
Markus Lehtonen
ab5b286bd7 Correct links to template specs in the release documentation 2019-02-19 12:51:07 +02:00
Markus Lehtonen
b0e368fafc README: minor correction of wording 2019-02-13 21:00:45 +02:00
Markus Lehtonen
db622683db README: document pstate feature source 2019-02-13 20:59:33 +02:00