Build a "minimal" variant of the nfd image based on
gcr.io/distroless/base. The motivations behind the minimal image are
image hardening (security) and reducing the image footprint (from ca.
108MB down to about 40MB).
The practical effect of deploying the minimal image is that no runtimes
for running worker hooks are present, not even a shell. This means that
only statically linked linked hook binaries are supported. Also, because
of the image hardening live debugging of the minimal image by attaching
to the container is not possible, and, the "full" image needs to be used
for that purpose.
- update to golang 1.15.5 (was 1.15.4)
- Be more explicit about using the -buster variant for build image
- Update runtime image from -stretch to -buster to pick up security fixes
Introduce a new makefile variable and dockerfile build arg named
HOSTMOUNT_PREFIX for changing the prefix used for mounting host
directories inside the container. Adds a sed rule in Makefile to
generate deployment yamls accordingly.
Speeds up local builds considerably as the deps are cached (instead of
downloading them all on every build) - as long as go.mod and go.sum are
not changed.
Refactor NFD into a simple server-client system. Labeling is now done by
a separate 'nfd-master' server. It is a simple service with small
codebase, designed for easy isolation. The feature discovery part is
implemented in a 'nfd-worker' client which sends labeling requests to
nfd-server, thus, requiring no access/permissions to the Kubernetes API
itself.
Client-server communication is implemented by using gRPC. The protocol
currently consists of only one request, i.e. the labeling request.
The spec templates are converted to the new scheme. The nfd-master
server can be deployed using the nfd-master.yaml.template which now also
contains the necessary RBAC configuration. NFD workers can be deployed
by using the nfd-worker-daemonset.yaml.template or
nfd-worker-job.yaml.template (most easily used with the label-nodes.sh
script).
Only nfd-worker currently support config file or options. The (default)
NFD config file is renamed to nfd-worker.conf.
Glide is not actively developed anymore, and, its documentation
recommends migrating to dep. Also, dep is widely used in other k8s
projects.
Migrating to dep dramatically reduces the size of the populated vendor/
directory from 75MB down to about 20MB.
Get rid of the dependency on intel-cmt-cat library and rdt helper
binaries written in C. Significantly simplifies the build procedure.
Implements minimal support (in assembler) for getting the raw data from
the CPUID instruction. Also, implement a stub so that the code works on
other architectures than amd64, too.
Support yaml/json based config file for nfd. This commit does not add
any actual consumers for the config file, yet.
By default, nfd tries to read
/etc/kubernetes/node-feature-discovery/node-feature-discovery.conf.
This can be changed by specifying the --config command line flag.
To cut the image size further, down to about 75MB. We use Debian
strecth-slim as the base for the production image as golang docker
images use stretch as their base.
This reduces the size of the Docker image from ca. 1.2GB down to about
750MB.
Also, move unit tests from .travis.yml to Dockerfile. Final production
image is not able to run unit tests anymore, as sources are missing from
there.
intel-cmt-cat repo is located in github/intel/ now,
update links accordingly, correcting also some
source file names pointed from files under rdt-discovery/.
Updated also ref. to intel-cmt-cat in Dockerfile.
No functional changes.
This makes the build more deterministic. Previously, nfd just blindly
took the tip revision from intel-cmt-cat master branch which could brake
the build without any changes in nfd itself.
* Make rdt-discovery buildable outside hardcoded path
Do not assume that nfd sources always reside under hardcoded directory
"/go/src/github.com/kubernetes-incubator/node-feature-discovery/". This
makes it possible e.g. to build nfd locally outside the Docker
container.
* Do not hardcode the path for RDT helper binaries
Utilize the standard PATH env variable, instead.
currently, nfd framework can't be work on Arm64 platform.
Fix points:
1, removed rdt on Arm64 platform
2, optimized the code related to multi-arch
Change-Id: If605041f6d2243ae2afb3248edbf102083c6dcb4
Signed-off-by: Bin Lu <bin.lu@arm.com>
Jira: ENTOS-432
- Added interface FeatureSource, moved cpuid, rdt and pstate
discovery logic into implementations.
- Updated logging output to make it more machine-readable
(one feature, in label-format, per line).
- Normalized label names (derived from the underlying feature source).
- Added makefile.
- Added command-line argument parsing and proper CLI documentation.
- Added ability to filter the enabled feature sources: cpuid,rdt,pstate.
- Added ability to print the software version and exit.
- Added ability to print the CLI help.
- Updated README.
- Updated dep versions.
- Added -s -w to ldflags.
- Output version label along with discovered feature labels.
- Added sources section to README.
- Normalized README link for pstate
- Added git version to published labels.
- Minor formatting fix in job template.
- Added .travis.yml and added build status image link to README.
- Added .gitignore.