![\"asciicast\"](\"https://asciinema.org/a/247316.svg\")
This software enables node feature discovery for Kubernetes. It detects\nhardware features available on each node in a Kubernetes cluster, and\nadvertises those features using node labels.
\n\nNFD consists of two software components:
\n\nNFD-Master is the daemon responsible for communication towards the Kubernetes\nAPI. That is, it receives labeling requests from the worker and modifies node\nobjects accordingly.
\n\nNFD-Worker is a daemon responsible for feature detection. It then communicates\nthe information to nfd-master which does the actual node labeling. One\ninstance of nfd-worker is supposed to be running on each node of the cluster,
\n\nFeature discovery is divided into domain-specific feature sources:
\n\nEach feature source is responsible for detecting a set of features which. in\nturn, are turned into node feature labels. Feature labels are prefixed with\nfeature.node.kubernetes.io/ and also contain the name of the feature source.\nNon-standard user-specific feature labels can be created with the local and\ncustom feature sources.
An overview of the default feature labels:
\n\n{\n \"feature.node.kubernetes.io/cpu-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/custom-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/iommu-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/kernel-<feature name>\": \"<feature value>\",\n \"feature.node.kubernetes.io/memory-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/network-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/pci-<device label>.present\": \"true\",\n \"feature.node.kubernetes.io/storage-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/system-<feature name>\": \"<feature value>\",\n \"feature.node.kubernetes.io/usb-<device label>.present\": \"<feature value>\",\n \"feature.node.kubernetes.io/<file name>-<feature name>\": \"<feature value>\"\n}\nNFD also annotates nodes it is running on:
\n\n| Annotation | \nDescription | \n
|---|---|
| nfd.node.kubernetes.io/master.version | \nVersion of the nfd-master instance running on the node. Informative use only. | \n
| nfd.node.kubernetes.io/worker.version | \nVersion of the nfd-worker instance running on the node. Informative use only. | \n
| nfd.node.kubernetes.io/feature-labels | \nComma-separated list of node labels managed by NFD. NFD uses this internally so must not be edited by users. | \n
| nfd.node.kubernetes.io/extended-resources | \nComma-separated list of node extended resources managed by NFD. NFD uses this internally so must not be edited by users. | \n
Unapplicable annotations are not created, i.e. for example master.version is only created on nodes running nfd-master.
\n\n","dir":"/get-started/","name":"introduction.md","path":"get-started/introduction.md","url":"/get-started/introduction.html"},{"title":"Get started","layout":"default","sort":1,"content":"Welcome to Node Feature Discovery – a Kubernetes add-on for detecting hardware\nfeatures and system configuration!
\n\nContinue to:
\n\nIntroduction for more details on the\nproject.
\nQuick start for quick step-by-step\ninstructions on how to get NFD running on your cluster.
\n$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-master.yaml.template\n namespace/node-feature-discovery created\n...\n\n$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-worker-daemonset.yaml.template\n daemonset.apps/nfd-worker created\n\n$ kubectl -n node-feature-discovery get all\n NAME READY STATUS RESTARTS AGE\n pod/nfd-master-555458dbbc-sxg6w 1/1 Running 0 56s\n pod/nfd-worker-mjg9f 1/1 Running 0 17s\n...\n\n$ kubectl get no -o json | jq .items[].metadata.labels\n {\n \"beta.kubernetes.io/arch\": \"amd64\",\n \"beta.kubernetes.io/os\": \"linux\",\n \"feature.node.kubernetes.io/cpu-cpuid.ADX\": \"true\",\n \"feature.node.kubernetes.io/cpu-cpuid.AESNI\": \"true\",\n...\n\ngit clone https://github.com/kubernetes-sigs/node-feature-discovery\ncd node-feature-discovery\nSee customizing the build below for altering the\ncontainer image registry, for example.
\n\nmake\nOptional, this example with Docker.
\n\ndocker push <IMAGE_TAG>\nTo use your published image from the step above instead of the\nk8s.gcr.io/nfd/node-feature-discovery image, edit image\nattribute in the spec template(s) to the new location\n(<registry-name>/<image-name>[:<version>]).
The yamls makefile generates deployment specs matching your locally built\nimage. See build customization below for\nconfigurability, e.g. changing the deployment namespace.
K8S_NAMESPACE=my-ns make yamls\nkubectl apply -f nfd-master.yaml\nkubectl apply -f nfd-worker-daemonset.yaml\nAlternatively, deploying worker and master in the same pod:
\n\nK8S_NAMESPACE=my-ns make yamls\nkubectl apply -f nfd-master.yaml\nkubectl apply -f nfd-daemonset-combined.yaml\nOr worker as a one-shot job:
\n\nK8S_NAMESPACE=my-ns make yamls\nkubectl apply -f nfd-master.yaml\nNUM_NODES=$(kubectl get no -o jsonpath='{.items[*].metadata.name}' | wc -w)\nsed s\"/NUM_NODES/$NUM_NODES/\" nfd-worker-job.yaml | kubectl apply -f -\nYou can also build the binaries locally
\n\nmake build\nThis will compile binaries under bin/
There are several Makefile variables that control the build process and the\nname of the resulting container image. The following are targeted targeted for\nbuild customization and they can be specified via environment variables or\nmakefile overrides.
\n\n| Variable | \nDescription | \nDefault value | \n
|---|---|---|
| HOSTMOUNT_PREFIX | \nPrefix of system directories for feature discovery (local builds) | \n/ (local builds) /host- (container builds) | \n
| IMAGE_BUILD_CMD | \nCommand to build the image | \ndocker build | \n
| IMAGE_BUILD_EXTRA_OPTS | \nExtra options to pass to build command | \nempty | \n
| IMAGE_PUSH_CMD | \nCommand to push the image to remote registry | \ndocker push | \n
| IMAGE_REGISTRY | \nContainer image registry to use | \nk8s.gcr.io/nfd | \n
| IMAGE_TAG_NAME | \nContainer image tag name | \n<nfd version> | \n
| IMAGE_EXTRA_TAG_NAMES | \nAdditional container image tag(s) to create when building image | \nempty | \n
| K8S_NAMESPACE | \nnfd-master and nfd-worker namespace | \nkube-system | \n
| KUBECONFIG | \nKubeconfig for running e2e-tests | \nempty | \n
| E2E_TEST_CONFIG | \nParameterization file of e2e-tests (see example) | \nempty | \n
For example, to use a custom registry:
\n\nmake IMAGE_REGISTRY=<my custom registry uri>\nOr to specify a build tool different from Docker, It can be done in 2 ways:
\n\nIMAGE_BUILD_CMD=\"buildah bud\" make\nmake IMAGE_BUILD_CMD=\"buildah bud\"\nUnit tests are automatically run as part of the container image build. You can\nalso run them manually in the source code tree by simply running:
\n\nmake test\nEnd-to-end tests are built on top of the e2e test framework of Kubernetes, and,\nthey required a cluster to run them on. For running the tests on your test\ncluster you need to specify the kubeconfig to be used:
\n\nmake e2e-test KUBECONFIG=$HOME/.kube/config\nYou can run NFD locally, either directly on your host OS or in containers for\ntesting and development purposes. This may be useful e.g. for checking\nfeatures-detection.
\n\nWhen running as a standalone container labeling is expected to fail because\nKubernetes API is not available. Thus, it is recommended to use --no-publish\ncommand line flag. E.g.
$ export NFD_CONTAINER_IMAGE=k8s.gcr.io/nfd/node-feature-discovery:v0.7.0\n$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master --no-publish\n2019/02/01 14:48:21 Node Feature Discovery Master <NFD_VERSION>\n2019/02/01 14:48:21 gRPC server serving on port: 8080\nCommand line flags of nfd-master:
\n\n$ docker run --rm ${NFD_CONTAINER_IMAGE} nfd-master --help\n...\nUsage:\n nfd-master [--prune] [--no-publish] [--label-whitelist=<pattern>] [--port=<port>]\n [--ca-file=<path>] [--cert-file=<path>] [--key-file=<path>]\n [--verify-node-name] [--extra-label-ns=<list>] [--resource-labels=<list>]\n [--kubeconfig=<path>]\n nfd-master -h | --help\n nfd-master --version\n\n Options:\n -h --help Show this screen.\n --version Output version and exit.\n --prune Prune all NFD related attributes from all nodes\n of the cluster and exit.\n --kubeconfig=<path> Kubeconfig to use [Default: ]\n --port=<port> Port on which to listen for connections.\n [Default: 8080]\n --ca-file=<path> Root certificate for verifying connections\n [Default: ]\n --cert-file=<path> Certificate used for authenticating connections\n [Default: ]\n --key-file=<path> Private key matching --cert-file\n [Default: ]\n --verify-node-name Verify worker node name against CN from the TLS\n certificate. Only has effect when TLS authentication\n has been enabled.\n --no-publish Do not publish feature labels\n --label-whitelist=<pattern> Regular expression to filter label names to\n publish to the Kubernetes API server.\n NB: the label namespace is omitted i.e. the filter\n is only applied to the name part after '/'.\n [Default: ]\n --extra-label-ns=<list> Comma separated list of allowed extra label namespaces\n [Default: ]\n --resource-labels=<list> Comma separated list of labels to be exposed as extended resources.\n [Default: ]\nIn order to run nfd-worker as a “stand-alone” container against your\nstandalone nfd-master you need to run them in the same network namespace:
\n\n$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker\n2019/02/01 14:48:56 Node Feature Discovery Worker <NFD_VERSION>\n...\nIf you just want to try out feature discovery without connecting to nfd-master,\npass the --no-publish flag to nfd-worker.
Command line flags of nfd-worker:
\n\n$ docker run --rm ${NFD_CONTAINER_IMAGE} nfd-worker --help\n...\n Usage:\n nfd-worker [--no-publish] [--sources=<sources>] [--label-whitelist=<pattern>]\n [--oneshot | --sleep-interval=<seconds>] [--config=<path>]\n [--options=<config>] [--server=<server>] [--server-name-override=<name>]\n [--ca-file=<path>] [--cert-file=<path>] [--key-file=<path>]\n nfd-worker -h | --help\n nfd-worker --version\n\n Options:\n -h --help Show this screen.\n --version Output version and exit.\n --config=<path> Config file to use.\n [Default: /etc/kubernetes/node-feature-discovery/nfd-worker.conf]\n --options=<config> Specify config options from command line. Config\n options are specified in the same format as in the\n config file (i.e. json or yaml). These options\n will override settings read from the config file.\n [Default: ]\n --ca-file=<path> Root certificate for verifying connections\n [Default: ]\n --cert-file=<path> Certificate used for authenticating connections\n [Default: ]\n --key-file=<path> Private key matching --cert-file\n [Default: ]\n --server=<server> NFD server address to connecto to.\n [Default: localhost:8080]\n --server-name-override=<name> Name (CN) expect from server certificate, useful\n in testing\n [Default: ]\n --sources=<sources> Comma separated list of feature sources. Special\n value 'all' enables all feature sources.\n [Default: all]\n --no-publish Do not publish discovered features to the\n cluster-local Kubernetes API server.\n --label-whitelist=<pattern> Regular expression to filter label names to\n publish to the Kubernetes API server.\n NB: the label namespace is omitted i.e. the filter\n is only applied to the name part after '/'.\n [Default: ]\n --oneshot Label once and exit.\n --sleep-interval=<seconds> Time to sleep between re-labeling. Non-positive\n value implies no re-labeling (i.e. infinite\n sleep). [Default: 60s]\n\nNOTE Some feature sources need certain directories and/or files from the\nhost mounted inside the NFD container. Thus, you need to provide Docker with the\ncorrect --volume options in order for them to work correctly when run\nstand-alone directly with docker run. See the\ntemplate spec\nfor up-to-date information about the required volume mounts.
All documentation resides under the\ndocs\ndirectory in the source tree. It is designed to be served as a html site by\nGitHub Pages.
\n\nBuilding the documentation is containerized in order to fix the build\nenvironment. The recommended way for developing documentation is to run:
\n\nmake site-serve\nThis will build the documentation in a container and serve it under\nlocalhost:4000/ making it easy to verify the results.\nAny changes made to the docs/ will automatically re-trigger a rebuild and are\nreflected in the served content and can be inspected with a simple browser\nrefresh.
In order to just build the html documentation run:
\n\nmake site-build\nThis will generate html documentation under docs/_site/.
Advanced topics and reference.
\n","dir":"/advanced/","name":"index.md","path":"advanced/index.md","url":"/advanced/"},{"title":"Master cmdline reference","layout":"default","sort":2,"content":"To quickly view available command line flags execute nfd-master --help.\nIn a docker container:
docker run k8s.gcr.io/nfd/node-feature-discovery:v0.7.0 nfd-master --help\nPrint usage and exit.
\n\nPrint version and exit.
\n\nThe --prune flag is a sub-command like option for cleaning up the cluster. It\ncauses nfd-master to remove all NFD related labels, annotations and extended\nresources from all Node objects of the cluster and exit.
The --port flag specifies the TCP port that nfd-master listens for incoming requests.
Default: 8080
\n\nExample:
\n\nnfd-master --port=443\nThe --ca-file is one of the three flags (together with --cert-file and\n--key-file) controlling master-worker mutual TLS authentication on the\nnfd-master side. This flag specifies the TLS root certificate that is used for\nauthenticating incoming connections. NFD-Worker side needs to have matching key\nand cert files configured in order for the incoming requests to be accepted.
Default: empty
\n\nNote: Must be specified together with --cert-file and --key-file
Example:
\n\nnfd-master --ca-file=/opt/nfd/ca.crt --cert-file=/opt/nfd/master.crt --key-file=/opt/nfd/master.key\nThe --cert-file is one of the three flags (together with --ca-file and\n--key-file) controlling master-worker mutual TLS authentication on the\nnfd-master side. This flag specifies the TLS certificate presented for\nauthenticating outgoing traffic towards nfd-worker.
Default: empty
\n\nNote: Must be specified together with --ca-file and --key-file
Example:
\n\nnfd-master --cert-file=/opt/nfd/master.crt --key-file=/opt/nfd/master.key --ca-file=/opt/nfd/ca.crt\nThe --key-file is one of the three flags (together with --ca-file and\n--cert-file) controlling master-worker mutual TLS authentication on the\nnfd-master side. This flag specifies the private key corresponding the given\ncertificate file (--cert-file) that is used for authenticating outgoing\ntraffic.
Default: empty
\n\nNote: Must be specified together with --cert-file and --ca-file
Example:
\n\nnfd-master --key-file=/opt/nfd/master.key --cert-file=/opt/nfd/master.crt --ca-file=/opt/nfd/ca.crt\nThe --verify-node-name flag controls the NodeName based authorization of\nincoming requests and only has effect when mTLS authentication has been enabled\n(with --ca-file, --cert-file and --key-file). If enabled, the worker node\nname of the incoming must match with the CN in its TLS certificate. Thus,\nworkers are only able to label the node they are running on (or the node whose\ncertificate they present), and, each worker must have an individual\ncertificate.
Node Name based authorization is disabled by default and thus it is possible\nfor all nfd-worker pods in the cluster to use one shared certificate, making\nNFD deployment much easier.
\n\nDefault: false
\n\nExample:
\n\nnfd-master --verify-node-name --ca-file=/opt/nfd/ca.crt \\\n --cert-file=/opt/nfd/master.crt --key-file=/opt/nfd/master.key\nThe --no-publish flag disables all communication with the Kubernetes API\nserver, making a “dry-run” flag for nfd-master. No Labels, Annotations or\nExtendedResources (or any other properties of any Kubernetes API objects) are\nmodified.
Default: false
\n\nExample:
\n\nnfd-master --no-publish\nThe --label-whitelist specifies a regular expression for filtering feature\nlabels based on their name. Each label must match against the given reqular\nexpression in order to be published.
Note: The regular expression is only matches against the “basename” part of the\nlabel, i.e. to the part of the name after ‘/’. The label namespace is omitted.
\n\nDefault: empty
\n\nExample:
\n\nnfd-master --label-whitelist='.*cpuid\\.'\nThe --extra-label-ns flag specifies a comma-separated list of allowed feature\nlabel namespaces. By default, nfd-master only allows creating labels in the\ndefault feature.node.kubernetes.io label namespace. This option can be used\nto allow vendor-specific namespaces for custom labels from the local and custom\nfeature sources.
The same namespace control and this flag applies Extended Resources (created\nwith --resource-labels), too.
Default: empty
\n\nExample:
\n\nnfd-master --extra-label-ns=vendor-1.com,vendor-2.io\nThe --resource-labels flag specifies a comma-separated list of features to be\nadvertised as extended resources instead of labels. Features that have integer\nvalues can be published as Extended Resources by listing them in this flag.
Default: empty
\n\nExample:
\n\nnfd-master --resource-labels=vendor-1.com/feature-1,vendor-2.io/feature-2\nMinimal steps to deploy latest released version of NFD in your cluster.
\n\nDeploy nfd-master – creates a new namespace, service and required RBAC rules
\n\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-master.yaml.template\nDeploy nfd-worker as a daemonset
\n\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-worker-daemonset.yaml.template\nWait until NFD master and worker are running.
\n\n$ kubectl -n node-feature-discovery get ds,deploy\nNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\ndaemonset.apps/nfd-worker 3 3 3 3 3 <none> 5s\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/nfd-master 1/1 1 1 17s\nCheck that NFD feature labels have been created
\n\n$ kubectl get no -o json | jq .items[].metadata.labels\n{\n \"beta.kubernetes.io/arch\": \"amd64\",\n \"beta.kubernetes.io/os\": \"linux\",\n \"feature.node.kubernetes.io/cpu-cpuid.ADX\": \"true\",\n \"feature.node.kubernetes.io/cpu-cpuid.AESNI\": \"true\",\n \"feature.node.kubernetes.io/cpu-cpuid.AVX\": \"true\",\n...\nCreate a pod targeting a distinguishing feature (select a valid feature from\nthe list printed on the previous step)
\n\n$ cat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n name: feature-dependent-pod\nspec:\n containers:\n - image: k8s.gcr.io/pause\n name: pause\n nodeSelector:\n # Select a valid feature\n feature.node.kubernetes.io/cpu-cpuid.AESNI: 'true'\nEOF\npod/feature-dependent-pod created\nSee that the pod is running on a desired node
\n\n$ kubectl get po feature-dependent-pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nfeature-dependent-pod 1/1 Running 0 23s 10.36.0.4 node-2 <none> <none>\nYou can reach us via the following channels:
\n\nThis is a\nSIG-node\nsubproject, hosted under the\nKubernetes SIGs organization in Github.\nThe project was established in 2016 and was migrated to Kubernetes SIGs in 2018.
\n\nThis is open source software released under the Apache 2.0 License.
\n","dir":"/contributing/","name":"index.md","path":"contributing/index.md","url":"/contributing/"},{"title":"Worker cmdline reference","layout":"default","sort":3,"content":"To quickly view available command line flags execute nfd-worker --help.\nIn a docker container:
docker run k8s.gcr.io/nfd/node-feature-discovery:v0.7.0 nfd-worker --help\nPrint usage and exit.
\n\nPrint version and exit.
\n\nThe --config flag specifies the path of the nfd-worker configuration file to\nuse.
Default: /etc/kubernetes/node-feature-discovery/nfd-worker.conf
\n\nExample:
\n\nnfd-worker --config=/opt/nfd/worker.conf\nThe --options flag may be used to specify and override configuration file\noptions directly from the command line. The required format is the same as in\nthe config file i.e. JSON or YAML. Configuration options specified via this\nflag will override those from the configuration file:
Default: empty
\n\nExample:
\n\nnfd-worker --options='{\"sources\":{\"cpu\":{\"cpuid\":{\"attributeWhitelist\":[\"AVX\",\"AVX2\"]}}}}'\nThe --server flag specifies the address of the nfd-master endpoint where to\nconnect to.
Default: localhost:8080
\n\nExample:
\n\nnfd-worker --server=nfd-master.nfd.svc.cluster.local:443\nThe --ca-file is one of the three flags (together with --cert-file and\n--key-file) controlling the mutual TLS authentication on the worker side.\nThis flag specifies the TLS root certificate that is used for verifying the\nauthenticity of nfd-master.
Default: empty
\n\nNote: Must be specified together with --cert-file and --key-file
Example:
\n\nnfd-worker --ca-file=/opt/nfd/ca.crt --cert-file=/opt/nfd/worker.crt --key-file=/opt/nfd/worker.key\nThe --cert-file is one of the three flags (together with --ca-file and\n--key-file) controlling mutual TLS authentication on the worker side. This\nflag specifies the TLS certificate presented for authenticating outgoing\nrequests.
Default: empty
\n\nNote: Must be specified together with --ca-file and --key-file
Example:
\n\nnfd-workerr --cert-file=/opt/nfd/worker.crt --key-file=/opt/nfd/worker.key --ca-file=/opt/nfd/ca.crt\nThe --key-file is one of the three flags (together with --ca-file and\n--cert-file) controlling the mutual TLS authentication on the worker side.\nThis flag specifies the private key corresponding the given certificate file\n(--cert-file) that is used for authenticating outgoing requests.
Default: empty
\n\nNote: Must be specified together with --cert-file and --ca-file
Example:
\n\nnfd-worker --key-file=/opt/nfd/worker.key --cert-file=/opt/nfd/worker.crt --ca-file=/opt/nfd/ca.crt\nThe --server-name-override flag specifies the common name (CN) which to\nexpect from the nfd-master TLS certificate. This flag is mostly intended for\ndevelopment and debugging purposes.
Default: empty
\n\nExample:
\n\nnfd-worker --server-name-override=localhost\nThe --sources flag specifies a comma-separated list of enabled feature\nsources. A special value all enables all feature sources.
Default: all
\n\nExample:
\n\nnfd-worker --sources=kernel,system,local\nThe --no-publish flag disables all communication with the nfd-master, making\nit a “dry-run” flag for nfd-worker. NFD-Worker runs feature detection normally,\nbut no labeling requests are sent to nfd-master.
Default: false
\n\nExample:
\n\nnfd-worker --no-publish\nThe --label-whitelist specifies a regular expression for filtering feature\nlabels based on their name. Each label must match against the given reqular\nexpression in order to be published.
Note: The regular expression is only matches against the “basename” part of the\nlabel, i.e. to the part of the name after ‘/’. The label namespace is omitted.
\n\nDefault: empty
\n\nExample:
\n\nnfd-worker --label-whitelist='.*cpuid\\.'\nThe --oneshot flag causes nfd-worker to exit after one pass of feature\ndetection.
Default: false
\n\nExample:
\n\nnfd-worker --oneshot --no-publish\nThe --sleep-interval specifies the interval between feature re-detection (and\nnode re-labeling). A non-positive value implies infinite sleep interval, i.e.\nno re-detection or re-labeling is done.
Default: 60s
\n\nExample:
\n\nnfd-worker --sleep-interval=1h\nDeployment using the\nNode Feature Discovery Operator\nis recommended to be done via\noperatorhub.io.
\n\nkubectl create -f https://operatorhub.io/install/nfd-operator.yaml\nnfd namespace here):\n cat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Namespace\nmetadata:\n name: nfd\n---\napiVersion: nfd.kubernetes.io/v1alpha1\nkind: NodeFeatureDiscovery\nmetadata:\n name: my-nfd-deployment\n namespace: nfd\nEOF\nThe template specs provided in the repo can be used directly:
\n\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-master.yaml.template\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-worker-daemonset.yaml.template\nThis will required RBAC rules and deploy nfd-master (as a deployment) and\nnfd-worker (as a daemonset) in the node-feature-discovery namespace.
Alternatively you can download the templates and customize the deployment\nmanually.
\n\nYou can also run nfd-master and nfd-worker inside the same pod
\n\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-daemonset-combined.yaml.template\nThis creates a DaemonSet runs both nfd-worker and nfd-master in the same Pod.\nIn this case no nfd-master is run on the master node(s), but, the worker nodes\nare able to label themselves which may be desirable e.g. in single-node setups.
\n\nFeature discovery can alternatively be configured as a one-shot job.\nThe Job template may be used to achieve this:
\n\nNUM_NODES=$(kubectl get no -o jsonpath='{.items[*].metadata.name}' | wc -w)\ncurl -fs https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-worker-job.yaml.template | \\\n sed s\"/NUM_NODES/$NUM_NODES/\" | \\\n kubectl apply -f -\nThe example above launces as many jobs as there are non-master nodes. Note that\nthis approach does not guarantee running once on every node. For example,\ntainted, non-ready nodes or some other reasons in Job scheduling may cause some\nnode(s) will run extra job instance(s) to satisfy the request.
\n\nIf you want to use the latest development version (master branch) you need to\nbuild your own custom image.\nSee the Developer Guide for instructions how to\nbuild images and deploy them on your cluster.
\n\nNFD-Master runs as a deployment (with a replica count of 1), by default\nit prefers running on the cluster’s master nodes but will run on worker\nnodes if no master nodes are found.
\n\nFor High Availability, you should simply increase the replica count of\nthe deployment object. You should also look into adding\ninter-pod\naffinity to prevent masters from running on the same node.\nHowever note that inter-pod affinity is costly and is not recommended\nin bigger clusters.
\n\nNFD-Master listens for connections from nfd-worker(s) and connects to the\nKubernetes API server to add node labels advertised by them.
\n\nIf you have RBAC authorization enabled (as is the default e.g. with clusters\ninitialized with kubeadm) you need to configure the appropriate ClusterRoles,\nClusterRoleBindings and a ServiceAccount in order for NFD to create node\nlabels. The provided template will configure these for you.
\n\nNFD-Worker is preferably run as a Kubernetes DaemonSet. This assures\nre-labeling on regular intervals capturing changes in the system configuration\nand mames sure that new nodes are labeled as they are added to the cluster.\nWorker connects to the nfd-master service to advertise hardware features.
\n\nWhen run as a daemonset, nodes are re-labeled at an interval specified using\nthe --sleep-interval option. In the\ntemplate\nthe default interval is set to 60s which is also the default when no\n--sleep-interval is specified. Also, the configuration file is re-read on\neach iteration providing a simple mechanism of run-time reconfiguration.
NFD supports mutual TLS authentication between the nfd-master and nfd-worker\ninstances. That is, nfd-worker and nfd-master both verify that the other end\npresents a valid certificate.
\n\nTLS authentication is enabled by specifying --ca-file, --key-file and\n--cert-file args, on both the nfd-master and nfd-worker instances.\nThe template specs provided with NFD contain (commented out) example\nconfiguration for enabling TLS authentication.
The Common Name (CN) of the nfd-master certificate must match the DNS name of\nthe nfd-master Service of the cluster. By default, nfd-master only check that\nthe nfd-worker has been signed by the specified root certificate (–ca-file).\nAdditional hardening can be enabled by specifying –verify-node-name in\nnfd-master args, in which case nfd-master verifies that the NodeName presented\nby nfd-worker matches the Common Name (CN) of its certificate. This means that\neach nfd-worker requires a individual node-specific TLS certificate.
\n\nNFD-Worker supports a configuration file. The default location is\n/etc/kubernetes/node-feature-discovery/nfd-worker.conf, but,\nthis can be changed by specifying the--config command line flag.\nConfiguration file is re-read on each labeling pass (determined by\n--sleep-interval) which makes run-time re-configuration of nfd-worker\npossible.
Worker configuration file is read inside the container, and thus, Volumes and\nVolumeMounts are needed to make your configuration available for NFD. The\npreferred method is to use a ConfigMap which provides easy deployment and\nre-configurability.
\n\nThe provided nfd-worker deployment templates create an empty configmap and\nmount it inside the nfd-worker containers. Configuration can be edited with:
\n\nkubectl -n ${NFD_NS} edit configmap nfd-worker-conf\nThe (empty-by-default)\nexample config\ncontains all available configuration options and can be used as a reference\nfor creating creating a configuration.
\n\nConfiguration options can also be specified via the --options command line\nflag, in which case no mounts need to be used. The same format as in the config\nfile must be used, i.e. JSON (or YAML). For example:
--options='{\"sources\": { \"pci\": { \"deviceClassWhitelist\": [\"12\"] } } }'\nConfiguration options specified from the command line will override those read\nfrom the config file.
\n\nNodes with specific features can be targeted using the nodeSelector field. The\nfollowing example shows how to target nodes with Intel TurboBoost enabled.
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n env: test\n name: golang-test\nspec:\n containers:\n - image: golang\n name: go1\n nodeSelector:\n feature.node.kubernetes.io/cpu-pstate.turbo: 'true'\nFor more details on targeting nodes, see\nnode selection.
\n\nIf you followed the deployment instructions above you can simply do:
\n\nkubectl -n nfd delete NodeFeatureDiscovery my-nfd-deployment\nOptionally, you can also remove the namespace:
\n\nkubectl delete ns nfd\nSee the node-feature-discovery-operator and OLM project\ndocumentation for instructions for uninstalling the operator and operator\nlifecycle manager, respectively.
\n\nSimplest way is to invoke kubectl delete on the deployment files you used.\nBeware that this will also delete the namespace that NFD is running in. For\nexample:
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-worker-daemonset.yaml.template\nkubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-master.yaml.template\nAlternatively you can delete create objects one-by-one, depending on the type\nof deployment, for example:
\n\nNFD_NS=node-feature-discovery\nkubectl -n $NFD_NS delete ds nfd-worker\nkubectl -n $NFD_NS delete deploy nfd-master\nkubectl -n $NFD_NS delete svc nfd-master\nkubectl -n $NFD_NS delete sa nfd-master\nkubectl delete clusterrole nfd-master\nkubectl delete clusterrolebinding nfd-master\nNFD-Master has a special --prune command line flag for removing all\nnfd-related node labels, annotations and extended resources from the cluster.
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-prune.yaml.template\nkubectl -n node-feature-discovery wait job.batch/nfd-prune --for=condition=complete && \\\n kubectl delete -f kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.7.0/nfd-prune.yaml.template\nNOTE: You must run prune before removing the RBAC rules (serviceaccount,\nclusterrole and clusterrolebinding).
\n\n\n","dir":"/get-started/","name":"deployment-and-usage.md","path":"get-started/deployment-and-usage.md","url":"/get-started/deployment-and-usage.html"},{"title":"Feature discovery","layout":"default","sort":4,"content":"Feature discovery in nfd-worker is performed by a set of separate modules\ncalled feature sources. Most of them are specifically responsible for certain\ndomain of features (e.g. cpu). In addition there are two highly customizable\nfeature sources that work accross the system.
\n\nEach discovered feature is advertised a label in the Kubernetes Node object.\nThe published node labels encode a few pieces of information:
\n\nfeature.node.kubernetes.io)cpu).cpuid.AESNI from cpu).Feature label names adhere to the following pattern:
\n\n<namespace>/<source name>-<feature name>[.<attribute name>]\nThe last component (i.e. attribute-name) is optional, and only used if a\nfeature logically has sub-hierarchy, e.g. sriov.capable and\nsriov.configure from the network source.
The --sources flag controls which sources to use for discovery.
Note: Consecutive runs of nfd-worker will update the labels on a\ngiven node. If features are not discovered on a consecutive run, the corresponding\nlabel will be removed. This includes any restrictions placed on the consecutive run,\nsuch as restricting discovered features with the –label-whitelist option.
\n\nThe cpu feature source supports the following labels:
\n\n| Feature name | \nAttribute | \nDescription | \n
|---|---|---|
| cpuid | \n<cpuid flag> | \nCPU capability is supported | \n
| hardware_multithreading | \n\n | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) | \n
| power | \nsst_bf.enabled | \nIntel SST-BF (Intel Speed Select Technology - Base frequency) enabled | \n
| pstate | \nturbo | \nSet to ‘true’ if turbo frequencies are enabled in Intel pstate driver, set to ‘false’ if they have been disabled. | \n
| rdt | \nRDTMON | \nIntel RDT Monitoring Technology | \n
| \n | RDTCMT | \nIntel Cache Monitoring (CMT) | \n
| \n | RDTMBM | \nIntel Memory Bandwidth Monitoring (MBM) | \n
| \n | RDTL3CA | \nIntel L3 Cache Allocation Technology | \n
| \n | RDTL2CA | \nIntel L2 Cache Allocation Technology | \n
| \n | RDTMBA | \nIntel Memory Bandwidth Allocation (MBA) Technology | \n
The (sub-)set of CPUID attributes to publish is configurable via the\nattributeBlacklist and attributeWhitelist cpuid options of the cpu source.\nIf whitelist is specified, only whitelisted attributes will be published. With\nblacklist, only blacklisted attributes are filtered out. attributeWhitelist\nhas priority over attributeBlacklist. For examples and more information\nabout configurability, see configuration.\nBy default, the following CPUID flags have been blacklisted:\nBMI1, BMI2, CLMUL, CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT,\nRDRAND, RDSEED, RDTSCP, SGX, SSE, SSE2, SSE3, SSE4.1, SSE4.2 and SSSE3.
NOTE The cpuid features advertise supported CPU capabilities, that is, a\ncapability might be supported but not enabled.
\n\n| Attribute | \nDescription | \n
|---|---|
| ADX | \nMulti-Precision Add-Carry Instruction Extensions (ADX) | \n
| AESNI | \nAdvanced Encryption Standard (AES) New Instructions (AES-NI) | \n
| AVX | \nAdvanced Vector Extensions (AVX) | \n
| AVX2 | \nAdvanced Vector Extensions 2 (AVX2) | \n
See the full list in github.com/klauspost/cpuid.
\n\n| Attribute | \nDescription | \n
|---|---|
| IDIVA | \nInteger divide instructions available in ARM mode | \n
| IDIVT | \nInteger divide instructions available in Thumb mode | \n
| THUMB | \nThumb instructions | \n
| FASTMUL | \nFast multiplication | \n
| VFP | \nVector floating point instruction extension (VFP) | \n
| VFPv3 | \nVector floating point extension v3 | \n
| VFPv4 | \nVector floating point extension v4 | \n
| VFPD32 | \nVFP with 32 D-registers | \n
| HALF | \nHalf-word loads and stores | \n
| EDSP | \nDSP extensions | \n
| NEON | \nNEON SIMD instructions | \n
| LPAE | \nLarge Physical Address Extensions | \n
| Attribute | \nDescription | \n
|---|---|
| AES | \nAnnouncing the Advanced Encryption Standard | \n
| EVSTRM | \nEvent Stream Frequency Features | \n
| FPHP | \nHalf Precision(16bit) Floating Point Data Processing Instructions | \n
| ASIMDHP | \nHalf Precision(16bit) Asimd Data Processing Instructions | \n
| ATOMICS | \nAtomic Instructions to the A64 | \n
| ASIMRDM | \nSupport for Rounding Double Multiply Add/Subtract | \n
| PMULL | \nOptional Cryptographic and CRC32 Instructions | \n
| JSCVT | \nPerform Conversion to Match Javascript | \n
| DCPOP | \nPersistent Memory Support | \n
The Custom feature source allows the user to define features based on a mix of\npredefined rules. A rule is provided input witch affects its process of\nmatching for a defined feature. The rules are specified in the\nnfd-worker configuration file. See\nconfiguration for instructions and\nexamples how to set-up and manage the worker configuration.
\n\nTo aid in making Custom Features clearer, we define a general and a per rule\nnomenclature, keeping things as consistent as possible.
\n\nRule :Represents a matching logic that is used to match on a feature.\nRule Input :The input a Rule is provided. This determines how a Rule performs the match operation.\nMatcher :A composition of Rules, each Matcher may be composed of at most one instance of each Rule.\nRules are specified under sources.custom in the nfd-worker configuration\nfile.
sources:\n custom:\n - name: <feature name>\n matchOn:\n - <Rule-1>: <Rule-1 Input>\n [<Rule-2>: <Rule-2 Input>]\n - <Matcher-2>\n - ...\n - ...\n - <Matcher-N>\n - <custom feature 2>\n - ...\n - ...\n - <custom feature M>\nSpecifying Rules to match on a feature is done by providing a list of Matchers.\nEach Matcher contains one or more Rules.
\n\nLogical OR is performed between Matchers and logical AND is performed\nbetween Rules of a given Matcher.
\n\nAttribute :A PCI attribute.\nElement :An identifier of the PCI attribute.\nThe PciId Rule allows matching the PCI devices in the system on the following\nAttributes: class,vendor and device. A list of Elements is provided for\neach Attribute.
pciId :\n class: [<class id>, ...]\n vendor: [<vendor id>, ...]\n device: [<device id>, ...]\nMatching is done by performing a logical OR between Elements of an Attribute\nand logical AND between the specified Attributes for each PCI device in the\nsystem. At least one Attribute must be specified. Missing attributes will not\npartake in the matching process.
\n\nAttribute :A USB attribute.\nElement :An identifier of the USB attribute.\nThe UsbId Rule allows matching the USB devices in the system on the following\nAttributes: class,vendor and device. A list of Elements is provided for\neach Attribute.
usbId :\n class: [<class id>, ...]\n vendor: [<vendor id>, ...]\n device: [<device id>, ...]\nMatching is done by performing a logical OR between Elements of an Attribute\nand logical AND between the specified Attributes for each USB device in the\nsystem. At least one Attribute must be specified. Missing attributes will not\npartake in the matching process.
\n\nElement :A kernel module\nThe LoadedKMod Rule allows matching the loaded kernel modules in the system\nagainst a provided list of Elements.
\n\nloadedKMod : [<kernel module>, ...]\nMatching is done by performing logical AND for each provided Element, i.e\nthe Rule will match if all provided Elements (kernel modules) are loaded in the\nsystem.
\n\nElement :A CPUID flag\nThe Rule allows matching the available CPUID flags in the system against a\nprovided list of Elements.
\n\ncpuId : [<CPUID flag string>, ...]\nMatching is done by performing logical AND for each provided Element, i.e the\nRule will match if all provided Elements (CPUID flag strings) are available in\nthe system.
\n\nElement :A Kconfig option\nThe Rule allows matching the kconfig options in the system against a provided\nlist of Elements.
\n\nkConfig: [<kernel config option ('y' or 'm') or '=<value>'>, ...]\nMatching is done by performing logical AND for each provided Element, i.e the\nRule will match if all provided Elements (kernel config options) are enabled\n(y or m) or matching =<value> in the kernel.
custom:\n - name: \"my.kernel.feature\"\n matchOn:\n - loadedKMod: [\"kmod1\", \"kmod2\"]\n - name: \"my.pci.feature\"\n matchOn:\n - pciId:\n vendor: [\"15b3\"]\n device: [\"1014\", \"1017\"]\n - name: \"my.usb.feature\"\n matchOn:\n - usbId:\n vendor: [\"1d6b\"]\n device: [\"0003\"]\n - name: \"my.combined.feature\"\n matchOn:\n - loadedKMod : [\"vendor_kmod1\", \"vendor_kmod2\"]\n pciId:\n vendor: [\"15b3\"]\n device: [\"1014\", \"1017\"]\n - name: \"my.accumulated.feature\"\n matchOn:\n - loadedKMod : [\"some_kmod1\", \"some_kmod2\"]\n - pciId:\n vendor: [\"15b3\"]\n device: [\"1014\", \"1017\"]\n - name: \"my.kernel.featureneedscpu\"\n matchOn:\n - kConfig: [\"KVM_INTEL\"]\n - cpuId: [\"VMX\"]\n - name: \"my.kernel.modulecompiler\"\n matchOn:\n - kConfig: [\"GCC_VERSION=100101\"]\n loadedKMod: [\"kmod1\"]\nIn the example above:
\n\nfeature.node.kubernetes.io/custom-my.kernel.feature=true if the node has\nkmod1 AND kmod2 kernel modules loaded.feature.node.kubernetes.io/custom-my.pci.feature=true if the node contains\na PCI device with a PCI vendor ID of 15b3 AND PCI device ID of 1014 OR\n1017.feature.node.kubernetes.io/custom-my.usb.feature=true if the node contains\na USB device with a USB vendor ID of 1d6b AND USB device ID of 0003.feature.node.kubernetes.io/custom-my.combined.feature=true if\nvendor_kmod1 AND vendor_kmod2 kernel modules are loaded AND the node\ncontains a PCI device\nwith a PCI vendor ID of 15b3 AND PCI device ID of 1014 or 1017.feature.node.kubernetes.io/custom-my.accumulated.feature=true if\nsome_kmod1 AND some_kmod2 kernel modules are loaded OR the node\ncontains a PCI device\nwith a PCI vendor ID of 15b3 AND PCI device ID of 1014 OR 1017.feature.node.kubernetes.io/custom-my.kernel.featureneedscpu=true if\nKVM_INTEL kernel config is enabled AND the node CPU supports VMX\nvirtual machine extensionsfeature.node.kubernetes.io/custom-my.kernel.modulecompiler=true if the\nin-tree kmod1 kernel module is loaded AND it’s built with\nGCC_VERSION=100101.Some feature labels which are common and generic are defined statically in the\ncustom feature source. A user may add additional Matchers to these feature\nlabels by defining them in the nfd-worker configuration file.
| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| rdma | \ncapable | \nThe node has an RDMA capable Network adapter | \n
| rdma | \nenabled | \nThe node has the needed RDMA modules loaded to run RDMA traffic | \n
The iommu feature source supports the following labels:
\n\n| Feature name | \nDescription | \n
|---|---|
| enabled | \nIOMMU is present and enabled in the kernel | \n
The kernel feature source supports the following labels:
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| config | \n<option name> | \nKernel config option is enabled (set ‘y’ or ‘m’). Default options are NO_HZ, NO_HZ_IDLE, NO_HZ_FULL and PREEMPT | \n
| selinux | \nenabled | \nSelinux is enabled on the node | \n
| version | \nfull | \nFull kernel version as reported by /proc/sys/kernel/osrelease (e.g. ‘4.5.6-7-g123abcde’) | \n
| \n | major | \nFirst component of the kernel version (e.g. ‘4’) | \n
| \n | minor | \nSecond component of the kernel version (e.g. ‘5’) | \n
| \n | revision | \nThird component of the kernel version (e.g. ‘6’) | \n
Kernel config file to use, and, the set of config options to be detected are\nconfigurable.\nSee configuration for\nmore information.
\n\nThe memory feature source supports the following labels:
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| numa | \n\n | Multiple memory nodes i.e. NUMA architecture detected | \n
| nv | \npresent | \nNVDIMM device(s) are present | \n
| nv | \ndax | \nNVDIMM region(s) configured in DAX mode are present | \n
The network feature source supports the following labels:
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| sriov | \ncapable | \nSingle Root Input/Output Virtualization (SR-IOV) enabled Network Interface Card(s) present | \n
| \n | configured | \nSR-IOV virtual functions have been configured | \n
The pci feature source supports the following labels:
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| <device label> | \npresent | \nPCI device is detected | \n
| <device label> | \nsriov.capable | \nSingle Root Input/Output Virtualization (SR-IOV) enabled PCI device present | \n
<device label> is composed of raw PCI IDs, separated by underscores. The set\nof fields used in <device label> is configurable, valid fields being class,\nvendor, device, subsystem_vendor and subsystem_device. Defaults are\nclass and vendor. An example label using the default label fields:
feature.node.kubernetes.io/pci-1200_8086.present=true\nAlso the set of PCI device classes that the feature source detects is\nconfigurable. By default, device classes (0x)03, (0x)0b40 and (0x)12, i.e.\nGPUs, co-processors and accelerator cards are detected.
\n\nThe usb feature source supports the following labels:
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| <device label> | \npresent | \nUSB device is detected | \n
<device label> is composed of raw USB IDs, separated by underscores. The set\nof fields used in <device label> is configurable, valid fields being class,\nvendor, and device. Defaults are class, vendor and device. An\nexample label using the default label fields:
feature.node.kubernetes.io/usb-fe_1a6e_089a.present=true\nSee configuration for more information on NFD\nconfig.
\n\nThe storage feature source supports the following labels:
\n\n| Feature name | \nDescription | \n
|---|---|
| nonrotationaldisk | \nNon-rotational disk, like SSD, is present in the node | \n
The system feature source supports the following labels:
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| os_release | \nID | \nOperating system identifier | \n
| \n | VERSION_ID | \nOperating system version identifier (e.g. ‘6.7’) | \n
| \n | VERSION_ID.major | \nFirst component of the OS version id (e.g. ‘6’) | \n
| \n | VERSION_ID.minor | \nSecond component of the OS version id (e.g. ‘7’) | \n
NFD has a special feature source named local which is designed for getting\nthe labels from user-specific feature detector. It provides a mechanism for\nusers to implement custom feature sources in a pluggable way, without modifying\nnfd source code or Docker images. The local feature source can be used to\nadvertise new user-specific features, and, for overriding labels created by the\nother feature sources.
\n\nThe local feature source gets its labels by two different ways:
\n\n/etc/kubernetes/node-feature-discovery/source.d/ directory. The hook files\nmust be executable and they are supposed to print all discovered features in\nstdout, one per line. With ELF binaries static linking is recommended as\nthe selection of system libraries available in the NFD release image is very\nlimited. Other runtimes currently supported by the NFD stock image are bash\nand perl./etc/kubernetes/node-feature-discovery/features.d/ directory. The file\ncontent is expected to be similar to the hook output (described above).These directories must be available inside the Docker image so Volumes and\nVolumeMounts must be used if standard NFD images are used. The given template\nfiles mount by default the source.d and the features.d directories\nrespectively from /etc/kubernetes/node-feature-discovery/source.d/ and\n/etc/kubernetes/node-feature-discovery/features.d/ from the host. You should\nupdate them to match your needs.
In both cases, the labels can be binary or non binary, using either <name> or\n<name>=<value> format.
Unlike the other feature sources, the name of the file, instead of the name of\nthe feature source (that would be local in this case), is used as a prefix in\nthe label name, normally. However, if the <name> of the label starts with a\nslash (/) it is used as the label name as is, without any additional prefix.\nThis makes it possible for the user to fully control the feature label names,\ne.g. for overriding labels created by other feature sources.
You can also override the default namespace of your labels using this format:\n<namespace>/<name>[=<value>]. You must whitelist your namespace using the\n--extra-label-ns option on the master. In this case, the name of the\nfile will not be added to the label name. For example, if you want to add the\nlabel my.namespace.org/my-label=value, your hook output or file must contains\nmy.namespace.org/my-label=value and you must add\n--extra-label-ns=my.namespace.org on the master command line.
stderr output of the hooks is propagated to NFD log so it can be used for\ndebugging and logging.
One use case for the hooks and/or feature files is detecting features in other\nPods outside NFD, e.g. in Kubernetes device plugins. It is possible to mount\nthe source.d and/or features.d directories common with the NFD Pod and\ndeploy the custom hooks/features there. NFD will periodically scan the\ndirectories and run any hooks and read any feature files it finds. The\nexample nfd-worker deployment template\ncontains hostPath mounts for sources.d and features.d directories. By\nusing the same mounts in the secondary Pod (e.g. device plugin) you have\ncreated a shared area for delivering hooks and feature files to NFD.
User has a shell script\n/etc/kubernetes/node-feature-discovery/source.d/my-source which has the\nfollowing stdout output:
MY_FEATURE_1\nMY_FEATURE_2=myvalue\n/override_source-OVERRIDE_BOOL\n/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nwhich, in turn, will translate into the following node labels:
\n\nfeature.node.kubernetes.io/my-source-MY_FEATURE_1=true\nfeature.node.kubernetes.io/my-source-MY_FEATURE_2=myvalue\nfeature.node.kubernetes.io/override_source-OVERRIDE_BOOL=true\nfeature.node.kubernetes.io/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nUser has a file /etc/kubernetes/node-feature-discovery/features.d/my-source\nwhich contains the following lines:
MY_FEATURE_1\nMY_FEATURE_2=myvalue\n/override_source-OVERRIDE_BOOL\n/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nwhich, in turn, will translate into the following node labels:
\n\nfeature.node.kubernetes.io/my-source-MY_FEATURE_1=true\nfeature.node.kubernetes.io/my-source-MY_FEATURE_2=myvalue\nfeature.node.kubernetes.io/override_source-OVERRIDE_BOOL=true\nfeature.node.kubernetes.io/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nNFD tries to run any regular files found from the hooks directory. Any\nadditional data files your hook might need (e.g. a configuration file) should\nbe placed in a separate directory in order to avoid NFD unnecessarily trying to\nexecute these. You can use a subdirectory under the hooks directory, for\nexample /etc/kubernetes/node-feature-discovery/source.d/conf/.
NOTE! NFD will blindly run any executables placed/mounted in the hooks\ndirectory. It is the user’s responsibility to review the hooks for e.g.\npossible security implications.
\n\nNOTE! Be careful when creating and/or updating hook or feature files while\nNFD is running. In order to avoid race conditions you should write into a\ntemporary file (outside the source.d and features.d directories), and,\natomically create/update the original file by doing a filesystem move\noperation.
This feature is experimental and by no means a replacement for the usage of\ndevice plugins.
\n\nLabels which have integer values, can be promoted to Kubernetes extended\nresources by listing them to the master --resource-labels command line flag.\nThese labels won’t then show in the node label section, they will appear only\nas extended resources.
An example use-case for the extended resources could be based on a hook which\ncreates a label for the node SGX EPC memory section size. By giving the name of\nthat label in the --resource-labels flag, that value will then turn into an\nextended resource of the node, allowing PODs to request that resource and the\nKubernetes scheduler to schedule such PODs to only those nodes which have a\nsufficient capacity of said resource left.
Similar to labels, the default namespace feature.node.kubernetes.io is\nautomatically prefixed to the extended resource, if the promoted label doesn’t\nhave a namespace.
Example usage of the command line arguments, using a new namespace:\nnfd-master --resource-labels=my_source-my.feature,sgx.some.ns/epc --extra-label-ns=sgx.some.ns
The above would result in following extended resources provided that related\nlabels exist:
\n\n sgx.some.ns/epc: <label value>\n feature.node.kubernetes.io/my_source-my.feature: <label value>\nThis page contains usage examples and demos.
\n\n
A demo on the benefits of using node feature discovery can be found in the\nsource code repository under\ndemo/.
\n","dir":"/get-started/","name":"examples-and-demos.md","path":"get-started/examples-and-demos.md","url":"/get-started/examples-and-demos.html"}]