cert-manager can be used to automate TLS certificate management for
nfd-master and the nfd-worker pod(s).
Add a template to deploy cert-manager CA Issuer and Certificates and
document steps how to use them.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Build a "minimal" variant of the nfd image based on
gcr.io/distroless/base. The motivations behind the minimal image are
image hardening (security) and reducing the image footprint (from ca.
108MB down to about 40MB).
The practical effect of deploying the minimal image is that no runtimes
for running worker hooks are present, not even a shell. This means that
only statically linked linked hook binaries are supported. Also, because
of the image hardening live debugging of the minimal image by attaching
to the container is not possible, and, the "full" image needs to be used
for that purpose.
This commit adds Helm chart for node-feature-discovery
Signed-off-by: Adrian Chiris <adrianc@nvidia.com>
Signed-off-by: Ivan Kolodiazhnyi <ikolodiazhny@nvidia.com>
Rely on markers instead which makes the update work also in the middle
of a template file. Previously it relied on the configuration data to be
at the very end of the file to be updated.
This Patch adds a check on make target e2e-test, to check if the
KUBECONFIG env var is set before running the test suite.
if not pressent return a valid error message.
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
Add a virtually empty ConfigMap that is mounted inside the workers.
Makes it easier to start customizing the worker deployment e.g. with just:
$ kubectl -n ${NFD_NS} edit configmap nfd-worker-conf
Create a new 'templates' make target for inserting the content of
nfd-worker.conf.example into the configmap spec of the templates. Thus,
'make templates' should be run whenever the example config is update.
Update the verify.sh prow script to check that the templates are up to
date.
This patch also streamlines the documentation about configuration
management, reflecting the changes.
Change build configuration related to site baseurl and Jekyll output
directory a bit. Making it more coherent e.g. by removing the need to
override baseurl for 'site-serve' makefile target.
Only show the dynamic version menu in production environment where it's
available. Local (development) builds only show a stub version menu with
one item.
Also, fix the theme customization. Append version list items to the
correct element in html so that they are displayed correctly. Drop
unnecessary <div/>.
Add rules for building and serving the html documentation inside a
container.
- 'make site-build' will build the html content unders docs/_site.
- 'make site-serve' builds the site content and serves it at
http://localhost:4000/
Change the default namespace used in deployment yamls from 'kube-system'
to 'node-feature-discovery'. Sync with what the templates have. Also,
this should be a safer and more desirable default for people just trying
out node-feature-discovery.
An attempt to organize the Makefile variables a bit further. The idea is
to only document variables that are really intended for build
customization and initialize all these variables in the Makefile with
'=?' so that they can be specified in the environment (and not just with
variable overrides). Thus, this patch drops some variables from the
README and change the initialization of some variables in the Makefile
so that the two files would be in sync.
make image and make push fails when trying to use an ENV VAR value, as
it is now they can only be overrided.
the Var modified are
GO_CMD
GO_FMT
IMAGE_BUILD_EXTRA_OPTS
IMAGE_BUILD_CMD
IMAGE_PUSH_CMD
IMAGE_TAG_NAME
IMAGE_REGISTRY
IMAGE_NAME
IMAGE_EXTRA_TAG_NAMES
K8S_NAMESPACE
HOSTMOUNT_PREFIX
This new behaviour has also been updated on the README.
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
Add a new script for running end-to-end tests. Implement a Makefile rule
for polling the container image. We need this for prow as there is no
other way for syncing the jobs (e2e postsubmit job must wait until the
image-pushing job has built and published the image). This is
implemented in the Makefile as all the image-related variables are also
defined/available there.
Also, adapt the TravisCI config to use the new script.
Introduce a new makefile variable and dockerfile build arg named
HOSTMOUNT_PREFIX for changing the prefix used for mounting host
directories inside the container. Adds a sed rule in Makefile to
generate deployment yamls accordingly.
Implement an end-to-end test with all feature sources enabled. The new
test runs nfd-worker as a daemonset on all (schedulable) nodes of the
test cluster which makes it possible to cover a wide range features,
assuming the test cluster is heterogenous containing nodes with varying
system configurations.
The features available depends on the node(s) the e2e testa are run on.
Thus, some runtime parameterization of the tests is needed. The patch
adds a new command line test flag 'nfd.e2e-config' that is used to
specify the per-node feature labels and annotations that is expected to
be present in the cluster. An example configuration file is provided
with the patch. The pod spec of nfd-worker deployment is changed to
better correspond the default deployment and thus enable wider feature
discovery. This means using hostnetwork and adding mounts for /sys /boot
and /etc/os-release.
The patch changes node object management so that all nfd-related labels
are removed after each test (not just the ones the test is expected to
add). Also, all nfd-related annotations are now removed.
For running end-to-end tests it is required to explicitly specify in the
command line the kubeconfig to be used, e.g.:
$ make e2e-test KUBECONFIG=$HOME/.kube/config
- Create default yamls for deploying master and worker.
- Use kube-system namespace by default.
- Configurable namespace:
make IMAGE_REGISTRY=myhost:5000 K8S_NAMESPACE=my-nfd-devel
Change the structure and naming of the make variables that control the
container image name/tag that gets created. Default values and behavior
stay the same, but, this change tries to make it easier to customize the
build from command line.
Also, document all the relevant make variables in readme.
Add a new Makefile target for regenerating these files. Also, add a
note that the files are auto-generated, including instructions how to
re-generate them.
Renames the mock files, using the defaults provided by the mockery tool,
in order to make their generation easier.
Docker v17.07 and later supports configuring proxy servers via the
docker client configuration (https://docs.docker.com/network/proxy/).
This is better than using --build-args for passing the proxy settings to
the build environment. Previously, we could end up with empty variables
values which could cause the build to fail. E.g. if you had
http_proxy=<myproxy> defined but HTTP_PROXY unset in the host
environment, you ended up with http_proxy=<myproxy> and HTTP_PROXY=""
(i.e. empty value) inside the build which caused problems in some cases.
In addition, this makes builds via make and directly with docker more
similar.
Make it possible to specify an image build tool other than docker - a
limitation is that the build tool must be compatible with docker files,
of course. This makes it possible to build an NFD image without the
Docker daemon, for example.
The image build command is specified in a makefile variable and can be
overridden from command line, for example:
$ make IMAGE_BUILD_CMD="buildah bud"
Thanks: Zvonko Kosic for suggesting this
Without correct proxy settings propagated to docker build it is not possible to
build node-feature-discovery from behind a proxy server, e.g. in corporate
networks. This patch fixes the issue by exporting all http(s) proxy related
environment variables as build-time variables.
- Added interface FeatureSource, moved cpuid, rdt and pstate
discovery logic into implementations.
- Updated logging output to make it more machine-readable
(one feature, in label-format, per line).
- Normalized label names (derived from the underlying feature source).
- Added makefile.
- Added command-line argument parsing and proper CLI documentation.
- Added ability to filter the enabled feature sources: cpuid,rdt,pstate.
- Added ability to print the software version and exit.
- Added ability to print the CLI help.
- Updated README.
- Updated dep versions.
- Added -s -w to ldflags.
- Output version label along with discovered feature labels.
- Added sources section to README.
- Normalized README link for pstate