![\"asciicast\"](\"https://asciinema.org/a/247316.svg\")
Welcome to Node Feature Discovery – a Kubernetes add-on for detecting hardware\nfeatures and system configuration!
\n\nContinue to:
\n\nIntroduction for more details on the\nproject.
\nQuick start for quick step-by-step\ninstructions on how to get NFD running on your cluster.
\n$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/release-0.6/nfd-master.yaml.template\n namespace/node-feature-discovery created\n...\n\n$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/release-0.6/nfd-worker-daemonset.yaml.template\n daemonset.apps/nfd-worker created\n\n$ kubectl -n node-feature-discovery get all\n NAME READY STATUS RESTARTS AGE\n pod/nfd-master-555458dbbc-sxg6w 1/1 Running 0 56s\n pod/nfd-worker-mjg9f 1/1 Running 0 17s\n...\n\n$ kubectl get no -o json | jq .items[].metadata.labels\n {\n \"beta.kubernetes.io/arch\": \"amd64\",\n \"beta.kubernetes.io/os\": \"linux\",\n \"feature.node.kubernetes.io/cpu-cpuid.ADX\": \"true\",\n \"feature.node.kubernetes.io/cpu-cpuid.AESNI\": \"true\",\n...\n\nThis software enables node feature discovery for Kubernetes. It detects\nhardware features available on each node in a Kubernetes cluster, and\nadvertises those features using node labels.
\n\nNFD consists of two software components:
\n\nNfd-master is the daemon responsible for communication towards the Kubernetes\nAPI. That is, it receives labeling requests from the worker and modifies node\nobjects accordingly.
\n\nNfd-worker is a daemon responsible for feature detection. It then communicates\nthe information to nfd-master which does the actual node labeling. One\ninstance of nfd-worker is supposed to be running on each node of the cluster,
\n\nFeature discovery is divided into domain-specific feature sources:
\n\nEach feature source is responsible for detecting a set of features which. in\nturn, are turned into node feature labels. Feature labels are prefixed with\nfeature.node.kubernetes.io/ and also contain the name of the feature source.\nNon-standard user-specific feature labels can be created with the local and\ncustom feature sources.
An overview of the default feature labels:
\n\n{\n \"feature.node.kubernetes.io/cpu-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/custom-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/iommu-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/kernel-<feature name>\": \"<feature value>\",\n \"feature.node.kubernetes.io/memory-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/network-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/pci-<device label>.present\": \"true\",\n \"feature.node.kubernetes.io/storage-<feature-name>\": \"true\",\n \"feature.node.kubernetes.io/system-<feature name>\": \"<feature value>\",\n \"feature.node.kubernetes.io/usb-<device label>.present\": \"<feature value>\",\n \"feature.node.kubernetes.io/<file name>-<feature name>\": \"<feature value>\"\n}\nNFD also annotates nodes it is running on:
\n\n| Annotation | \nDescription | \n
|---|---|
| nfd.node.kubernetes.io/master.version | \nVersion of the nfd-master instance running on the node. Informative use only. | \n
| nfd.node.kubernetes.io/worker.version | \nVersion of the nfd-worker instance running on the node. Informative use only. | \n
| nfd.node.kubernetes.io/feature-labels | \nComma-separated list of node labels managed by NFD. NFD uses this internally so must not be edited by users. | \n
| nfd.node.kubernetes.io/extended-resources | \nComma-separated list of node extended resources managed by NFD. NFD uses this internally so must not be edited by users. | \n
Unapplicable annotations are not created, i.e. for example master.version is\nonly created on nodes running nfd-master.
\n","dir":"/get-started/","name":"introduction.md","path":"get-started/introduction.md","url":"/get-started/introduction.html"},{"title":"Developer Guide","layout":"default","sort":2,"content":"git clone https://github.com/kubernetes-sigs/node-feature-discovery\nSee customizing the build below for altering the\ncontainer image registry, for example.
\n\ncd <project-root>\nmake\nOptional, this example with Docker.
\n\ndocker push <IMAGE_TAG>\nTo use your published image from the step above instead of the\nk8s.gcr.io/nfd/node-feature-discovery image, edit image\nattribute in the spec template(s) to the new location\n(<registry-name>/<image-name>[:<version>]).
There are several Makefile variables that control the build process and the\nname of the resulting container image.
\n\n| Variable | \nDescription | \nDefault value | \n
|---|---|---|
| HOSTMOUNT_PREFIX | \nPrefix of system directories for feature discovery (local builds) | \n/ (local builds) /host- (container builds) | \n
| IMAGE_BUILD_CMD | \nCommand to build the image | \ndocker build | \n
| IMAGE_BUILD_EXTRA_OPTS | \nExtra options to pass to build command | \nempty | \n
| IMAGE_PUSH_CMD | \nCommand to push the image to remote registry | \ndocker push | \n
| IMAGE_REGISTRY | \nContainer image registry to use | \nk8s.gcr.io/nfd | \n
| IMAGE_TAG_NAME | \nContainer image tag name | \n<nfd version> | \n
| IMAGE_EXTRA_TAG_NAMES | \nAdditional container image tag(s) to create when building image | \nempty | \n
| K8S_NAMESPACE | \nnfd-master and nfd-worker namespace | \nkube-system | \n
| KUBECONFIG | \nKubeconfig for running e2e-tests | \nempty | \n
| E2E_TEST_CONFIG | \nParameterization file of e2e-tests (see example) | \nempty | \n
For example, to use a custom registry:
\n\nmake IMAGE_REGISTRY=<my custom registry uri>\n\nOr to specify a build tool different from Docker:
\n\nIt can be done in 2 ways, by pre-defining the variable
\n\nIMAGE_BUILD_CMD=\"buildah bud\" make\nOr By overriding the variable value
\n\nmake IMAGE_BUILD_CMD=\"buildah bud\"\nUnit tests are automatically run as part of the container image build. You can\nalso run them manually in the source code tree by simply running:
\n\nmake test\nEnd-to-end tests are built on top of the e2e test framework of Kubernetes, and,\nthey required a cluster to run them on. For running the tests on your test\ncluster you need to specify the kubeconfig to be used:
\n\nmake e2e-test KUBECONFIG=$HOME/.kube/config\nYou can run NFD locally, either directly on your host OS or in containers for\ntesting and development purposes. This may be useful e.g. for checking\nfeatures-detection.
\n\nWhen running as a standalone container labeling is expected to fail because\nKubernetes API is not available. Thus, it is recommended to use --no-publish\ncommand line flag. E.g.
$ NFD_CONTAINER_IMAGE=k8s.gcr.io/nfd/node-feature-discovery:v0.6.0\n$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master --no-publish\n2019/02/01 14:48:21 Node Feature Discovery Master <NFD_VERSION>\n2019/02/01 14:48:21 gRPC server serving on port: 8080\nCommand line flags of nfd-master:
\n\n$ docker run --rm ${NFD_CONTAINER_IMAGE} nfd-master --help\n...\nnfd-master.\n\n Usage:\n nfd-master [--no-publish] [--label-whitelist=<pattern>] [--port=<port>]\n [--ca-file=<path>] [--cert-file=<path>] [--key-file=<path>]\n [--verify-node-name] [--extra-label-ns=<list>] [--resource-labels=<list>]\n nfd-master -h | --help\n nfd-master --version\n\n Options:\n -h --help Show this screen.\n --version Output version and exit.\n --port=<port> Port on which to listen for connections.\n [Default: 8080]\n --ca-file=<path> Root certificate for verifying connections\n [Default: ]\n --cert-file=<path> Certificate used for authenticating connections\n [Default: ]\n --key-file=<path> Private key matching --cert-file\n [Default: ]\n --verify-node-name Verify worker node name against CN from the TLS\n certificate. Only has effect when TLS authentication\n has been enabled.\n --no-publish Do not publish feature labels\n --label-whitelist=<pattern> Regular expression to filter label names to\n publish to the Kubernetes API server.\n NB: the label namespace is omitted i.e. the filter\n is only applied to the name part after '/'.\n [Default: ]\n --extra-label-ns=<list> Comma separated list of allowed extra label namespaces\n [Default: ]\n --resource-labels=<list> Comma separated list of labels to be exposed as extended resources.\n [Default: ]\nIn order to run nfd-worker as a “stand-alone” container against your\nstandalone nfd-master you need to run them in the same network namespace:
\n\n$ docker run --rm --network=container:nfd-test <NFD_CONTAINER_IMAGE> nfd-worker\n2019/02/01 14:48:56 Node Feature Discovery Worker <NFD_VERSION>\n...\nIf you just want to try out feature discovery without connecting to nfd-master,\npass the --no-publish flag to nfd-worker.
Command line flags of nfd-worker:
\n\n$ docker run --rm ${NFD_CONTAINER_IMAGE} nfd-worker --help\n...\nnfd-worker.\n\n Usage:\n nfd-worker [--no-publish] [--sources=<sources>] [--label-whitelist=<pattern>]\n [--oneshot | --sleep-interval=<seconds>] [--config=<path>]\n [--options=<config>] [--server=<server>] [--server-name-override=<name>]\n [--ca-file=<path>] [--cert-file=<path>] [--key-file=<path>]\n nfd-worker -h | --help\n nfd-worker --version\n\n Options:\n -h --help Show this screen.\n --version Output version and exit.\n --config=<path> Config file to use.\n [Default: /etc/kubernetes/node-feature-discovery/nfd-worker.conf]\n --options=<config> Specify config options from command line. Config\n options are specified in the same format as in the\n config file (i.e. json or yaml). These options\n will override settings read from the config file.\n [Default: ]\n --ca-file=<path> Root certificate for verifying connections\n [Default: ]\n --cert-file=<path> Certificate used for authenticating connections\n [Default: ]\n --key-file=<path> Private key matching --cert-file\n [Default: ]\n --server=<server> NFD server address to connecto to.\n [Default: localhost:8080]\n --server-name-override=<name> Name (CN) expect from server certificate, useful\n in testing\n [Default: ]\n --sources=<sources> Comma separated list of feature sources.\n [Default: cpu,custom,iommu,kernel,local,memory,network,pci,storage,system,usb]\n --no-publish Do not publish discovered features to the\n cluster-local Kubernetes API server.\n --label-whitelist=<pattern> Regular expression to filter label names to\n publish to the Kubernetes API server.\n NB: the label namespace is omitted i.e. the filter\n is only applied to the name part after '/'.\n [Default: ]\n --oneshot Label once and exit.\n --sleep-interval=<seconds> Time to sleep between re-labeling. Non-positive\n value implies no re-labeling (i.e. infinite\n sleep). [Default: 60s]\nNOTE Some feature sources need certain directories and/or files from the\nhost mounted inside the NFD container. Thus, you need to provide Docker with the\ncorrect --volume options in order for them to work correctly when run\nstand-alone directly with docker run. See the\ntemplate spec\nfor up-to-date information about the required volume mounts.
All documentation resides under the\ndocs\ndirectory in the source tree. It is designed to be served as a html site by\nGitHub Pages.
\n\nBuilding the documentation is containerized in order to fix the build\nenvironment. The recommended way for developing documentation is to run:
\n\nmake site-serve\nThis will build the documentation in a container and serve it under\nlocalhost:4000/ making it easy to verify the results.\nAny changes made to the docs/ will automatically re-trigger a rebuild and are\nreflected in the served content and can be inspected with a simple browser\nrefresh.
In order to just build the html documentation run:
\n\nmake site-build\nThis will generate html documentation under docs/_site/.
Minimal steps to deploy latest released version of NFD in your cluster.
\n\nDeploy nfd-master – creates a new namespace, service and required RBAC rules
\n\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/release-0.6/nfd-master.yaml.template\nDeploy nfd-worker as a daemonset
\n\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/release-0.6/nfd-worker-daemonset.yaml.template\nWait until NFD master and worker are running.
\n\n$ kubectl -n node-feature-discovery get ds,deploy\nNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\ndaemonset.apps/nfd-worker 3 3 3 3 3 <none> 5s\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/nfd-master 1/1 1 1 17s\nCheck that NFD feature labels have been created
\n\n$ kubectl get no -o json | jq .items[].metadata.labels\n{\n \"beta.kubernetes.io/arch\": \"amd64\",\n \"beta.kubernetes.io/os\": \"linux\",\n \"feature.node.kubernetes.io/cpu-cpuid.ADX\": \"true\",\n \"feature.node.kubernetes.io/cpu-cpuid.AESNI\": \"true\",\n \"feature.node.kubernetes.io/cpu-cpuid.AVX\": \"true\",\n...\nCreate a pod targeting a distinguishing feature (select a valid feature from\nthe list printed on the previous step)
\n\n$ cat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n name: feature-dependent-pod\nspec:\n containers:\n - image: k8s.gcr.io/pause\n name: pause\n nodeSelector:\n # Select a valid feature\n feature.node.kubernetes.io/cpu-cpuid.AESNI: 'true'\nEOF\npod/feature-dependent-pod created\nSee that the pod is running on a desired node
\n\n$ kubectl get po feature-dependent-pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nfeature-dependent-pod 1/1 Running 0 23s 10.36.0.4 node-2 <none> <none>\nNFD-Master runs as a deployment (with a replica count of 1), by default\nit prefers running on the cluster’s master nodes but will run on worker\nnodes if no master nodes are found.
\n\nFor High Availability, you should simply increase the replica count of\nthe deployment object. You should also look into adding\ninter-pod\naffinity to prevent masters from running on the same node.\nHowever note that inter-pod affinity is costly and is not recommended\nin bigger clusters.
\n\nYou can use the template spec provided to deploy nfd-master, or\nuse nfd-master.yaml generated by Makefile. The latter includes\nimage: and namespace: definitions that match the latest built\nimage. Example:
make IMAGE_TAG=<IMAGE_TAG>\ndocker push <IMAGE_TAG>\nkubectl create -f nfd-master.yaml\nNFD-Master listens for connections from nfd-worker(s) and connects to the\nKubernetes API server to add node labels advertised by them.
\n\nIf you have RBAC authorization enabled (as is the default e.g. with clusters\ninitialized with kubeadm) you need to configure the appropriate ClusterRoles,\nClusterRoleBindings and a ServiceAccount in order for NFD to create node\nlabels. The provided template will configure these for you.
\n\nNFD-Worker is preferably run as a Kubernetes DaemonSet. There is an\nexample spec (nfd-worker-daemonset.yaml.template) that can be used\nas a template, or, as is when just trying out the service. Similarly\nto nfd-master above, the Makefile also generates\nnfd-worker-daemonset.yaml from the template that you can use to\ndeploy the latest image. Example:
make IMAGE_TAG=<IMAGE_TAG>\ndocker push <IMAGE_TAG>\nkubectl create -f nfd-worker-daemonset.yaml\nNFD-Worker connects to the nfd-master service to advertise hardware features.
\n\nWhen run as a daemonset, nodes are re-labeled at an interval specified using\nthe --sleep-interval option. In the\ntemplate\nthe default interval is set to 60s which is also the default when no\n--sleep-interval is specified. Also, the configuration file is re-read on\neach iteration providing a simple mechanism of run-time reconfiguration.
Feature discovery can alternatively be configured as a one-shot job. There is\nan example script in this repo that demonstrates how to deploy the job in the\ncluster.
\n\n./label-nodes.sh [<IMAGE_TAG>]\nThe label-nodes.sh script tries to launch as many jobs as there are Ready\nnodes. Note that this approach does not guarantee running once on every node.\nFor example, if some node is tainted NoSchedule or fails to start a job for\nsome other reason, then some other node will run extra job instance(s) to\nsatisfy the request and the tainted/failed node does not get labeled.
\n\nYou can also run nfd-master and nfd-worker inside a single pod (skip the sed\npart if running the latest released version):
sed -E s',^(\\s*)image:.+$,\\1image: <YOUR_IMAGE_REPO>:<YOUR_IMAGE_TAG>,' nfd-daemonset-combined.yaml.template > nfd-daemonset-combined.yaml\nkubectl apply -f nfd-daemonset-combined.yaml\nSimilar to the nfd-worker setup above, this creates a DaemonSet that schedules\nan NFD Pod an all worker nodes, with the difference that the Pod also also\ncontains an nfd-master instance. In this case no nfd-master service is run on\nthe master node(s), but, the worker nodes are able to label themselves.
\n\nThis may be desirable e.g. in single-node setups.
\n\nNFD supports mutual TLS authentication between the nfd-master and nfd-worker\ninstances. That is, nfd-worker and nfd-master both verify that the other end\npresents a valid certificate.
\n\nTLS authentication is enabled by specifying --ca-file, --key-file and\n--cert-file args, on both the nfd-master and nfd-worker instances.\nThe template specs provided with NFD contain (commented out) example\nconfiguration for enabling TLS authentication.
The Common Name (CN) of the nfd-master certificate must match the DNS name of\nthe nfd-master Service of the cluster. By default, nfd-master only check that\nthe nfd-worker has been signed by the specified root certificate (–ca-file).\nAdditional hardening can be enabled by specifying –verify-node-name in\nnfd-master args, in which case nfd-master verifies that the NodeName presented\nby nfd-worker matches the Common Name (CN) of its certificate. This means that\neach nfd-worker requires a individual node-specific TLS certificate.
\n\nFor a stable version with ready-built images see the\nlatest release.
\n\nIf you want to use the latest development version (master branch) you need to\nbuild your own custom image.\nSee the Developer Guide for instructions how to\nbuild images and deploy them on your cluster.
\n\nNFD-Worker supports a configuration file. The default location is\n/etc/kubernetes/node-feature-discovery/nfd-worker.conf, but,\nthis can be changed by specifying the--config command line flag.\nConfiguration file is re-read on each labeling pass (determined by\n--sleep-interval) which makes run-time re-configuration of nfd-worker\npossible.
Worker configuration file is read inside the container, and thus, Volumes and\nVolumeMounts are needed to make your configuration available for NFD. The\npreferred method is to use a ConfigMap which provides easy deployment and\nre-configurability. For example, create a config map using the example config\nas a template:
\ncp nfd-worker.conf.example nfd-worker.conf\nvim nfd-worker.conf # edit the configuration\nkubectl create configmap nfd-worker-config --from-file=nfd-worker.conf\nThen, configure Volumes and VolumeMounts in the Pod spec (just the relevant\nsnippets shown below):
\n\n...\n containers:\n volumeMounts:\n - name: nfd-worker-config\n mountPath: \"/etc/kubernetes/node-feature-discovery/\"\n...\n volumes:\n - name: nfd-worker-config\n configMap:\n name: nfd-worker-config\n...\nYou could also use other types of volumes, of course. That is, hostPath if\ndifferent config for different nodes would be required, for example.
\n\nThe (empty-by-default)\nexample config\nis used as a config in the NFD Docker image. Thus, this can be used as a default\nconfiguration in custom-built images.
\n\nConfiguration options can also be specified via the --options command line\nflag, in which case no mounts need to be used. The same format as in the config\nfile must be used, i.e. JSON (or YAML). For example:
--options='{\"sources\": { \"pci\": { \"deviceClassWhitelist\": [\"12\"] } } }'\nConfiguration options specified from the command line will override those read\nfrom the config file.
\n\nNodes with specific features can be targeted using the nodeSelector field. The\nfollowing example shows how to target nodes with Intel TurboBoost enabled.
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n env: test\n name: golang-test\nspec:\n containers:\n - image: golang\n name: go1\n nodeSelector:\n feature.node.kubernetes.io/cpu-pstate.turbo: 'true'\nFor more details on targeting nodes, see\nnode selection.
\n\n\n","dir":"/get-started/","name":"deployment-and-usage.md","path":"get-started/deployment-and-usage.md","url":"/get-started/deployment-and-usage.html"},{"title":"Contributing","layout":"default","sort":3,"content":"You can reach us via the following channels:
\n\nThis is a SIG-node\nsubproject, hosted under the\nKubernetes SIGs organization in Github.\nThe project was established in 2016 and was migrated to Kubernetes SIGs in 2018.
\n\nThis is open source software released under the Apache 2.0 License.
\n","dir":"/contributing/","name":"index.md","path":"contributing/index.md","url":"/contributing/"},{"title":"Feature Discovery","layout":"default","sort":4,"content":"Feature discovery in nfd-worker is performed by a set of separate modules\ncalled feature sources. Most of them are specifically responsible for certain\ndomain of features (e.g. cpu). In addition there are two highly customizable\nfeature sources that work accross the system.
\n\nThe published node labels encode a few pieces of information:
\n\nfeature.node.kubernetes.iocpu).cpuid.AESNI from cpu).Feature label names adhere to the following pattern:
\n\n<namespace>/<source name>-<feature name>[.<attribute name>]\nThe last component (i.e. attribute-name) is optional, and only used if a\nfeature logically has sub-hierarchy, e.g. sriov.capable and\nsriov.configure from the network source.
The --sources flag controls which sources to use for discovery.
Note: Consecutive runs of nfd-worker will update the labels on a\ngiven node. If features are not discovered on a consecutive run, the corresponding\nlabel will be removed. This includes any restrictions placed on the consecutive run,\nsuch as restricting discovered features with the –label-whitelist option.
\n\n| Feature name | \nAttribute | \nDescription | \n
|---|---|---|
| cpuid | \n<cpuid flag> | \nCPU capability is supported | \n
| hardware_multithreading | \n\n | Hardware multithreading, such as Intel HTT, enabled (number of logical CPUs is greater than physical CPUs) | \n
| power | \nsst_bf.enabled | \nIntel SST-BF (Intel Speed Select Technology - Base frequency) enabled | \n
| pstate | \nturbo | \nSet to ‘true’ if turbo frequencies are enabled in Intel pstate driver, set to ‘false’ if they have been disabled. | \n
| rdt | \nRDTMON | \nIntel RDT Monitoring Technology | \n
| \n | RDTCMT | \nIntel Cache Monitoring (CMT) | \n
| \n | RDTMBM | \nIntel Memory Bandwidth Monitoring (MBM) | \n
| \n | RDTL3CA | \nIntel L3 Cache Allocation Technology | \n
| \n | RDTL2CA | \nIntel L2 Cache Allocation Technology | \n
| \n | RDTMBA | \nIntel Memory Bandwidth Allocation (MBA) Technology | \n
The (sub-)set of CPUID attributes to publish is configurable via the\nattributeBlacklist and attributeWhitelist cpuid options of the cpu source.\nIf whitelist is specified, only whitelisted attributes will be published. With\nblacklist, only blacklisted attributes are filtered out. attributeWhitelist\nhas priority over attributeBlacklist. For examples and more information\nabout configurability, see configuration.\nBy default, the following CPUID flags have been blacklisted:\nBMI1, BMI2, CLMUL, CMOV, CX16, ERMS, F16C, HTT, LZCNT, MMX, MMXEXT, NX, POPCNT,\nRDRAND, RDSEED, RDTSCP, SGX, SSE, SSE2, SSE3, SSE4.1, SSE4.2 and SSSE3.
NOTE The cpuid features advertise supported CPU capabilities, that is, a\ncapability might be supported but not enabled.
\n\n| Attribute | \nDescription | \n
|---|---|
| ADX | \nMulti-Precision Add-Carry Instruction Extensions (ADX) | \n
| AESNI | \nAdvanced Encryption Standard (AES) New Instructions (AES-NI) | \n
| AVX | \nAdvanced Vector Extensions (AVX) | \n
| AVX2 | \nAdvanced Vector Extensions 2 (AVX2) | \n
| Attribute | \nDescription | \n
|---|---|
| IDIVA | \nInteger divide instructions available in ARM mode | \n
| IDIVT | \nInteger divide instructions available in Thumb mode | \n
| THUMB | \nThumb instructions | \n
| FASTMUL | \nFast multiplication | \n
| VFP | \nVector floating point instruction extension (VFP) | \n
| VFPv3 | \nVector floating point extension v3 | \n
| VFPv4 | \nVector floating point extension v4 | \n
| VFPD32 | \nVFP with 32 D-registers | \n
| HALF | \nHalf-word loads and stores | \n
| EDSP | \nDSP extensions | \n
| NEON | \nNEON SIMD instructions | \n
| LPAE | \nLarge Physical Address Extensions | \n
| Attribute | \nDescription | \n
|---|---|
| AES | \nAnnouncing the Advanced Encryption Standard | \n
| EVSTRM | \nEvent Stream Frequency Features | \n
| FPHP | \nHalf Precision(16bit) Floating Point Data Processing Instructions | \n
| ASIMDHP | \nHalf Precision(16bit) Asimd Data Processing Instructions | \n
| ATOMICS | \nAtomic Instructions to the A64 | \n
| ASIMRDM | \nSupport for Rounding Double Multiply Add/Subtract | \n
| PMULL | \nOptional Cryptographic and CRC32 Instructions | \n
| JSCVT | \nPerform Conversion to Match Javascript | \n
| DCPOP | \nPersistent Memory Support | \n
The Custom feature source allows the user to define features based on a mix of\npredefined rules. A rule is provided input witch affects its process of\nmatching for a defined feature.
\n\nTo aid in making Custom Features clearer, we define a general and a per rule\nnomenclature, keeping things as consistent as possible.
\n\nRule :Represents a matching logic that is used to match on a feature.\nRule Input :The input a Rule is provided. This determines how a Rule performs the match operation.\nMatcher :A composition of Rules, each Matcher may be composed of at most one instance of each Rule.\n- name: <feature name>\n matchOn:\n - <Rule-1>: <Rule-1 Input>\n [<Rule-2>: <Rule-2 Input>]\n - <Matcher-2>\n - ...\n - ...\n - <Matcher-N>\n- <custom feature 2>\n- ...\n- ...\n- <custom feature M>\nSpecifying Rules to match on a feature is done by providing a list of Matchers.\nEach Matcher contains one or more Rules.
\n\nLogical OR is performed between Matchers and logical AND is performed\nbetween Rules of a given Matcher.
\n\nAttribute :A PCI attribute.\nElement :An identifier of the PCI attribute.\nThe PciId Rule allows matching the PCI devices in the system on the following\nAttributes: class,vendor and device. A list of Elements is provided for\neach Attribute.
pciId :\n class: [<class id>, ...]\n vendor: [<vendor id>, ...]\n device: [<device id>, ...]\nMatching is done by performing a logical OR between Elements of an Attribute\nand logical AND between the specified Attributes for each PCI device in the\nsystem. At least one Attribute must be specified. Missing attributes will not\npartake in the matching process.
\n\nAttribute :A USB attribute.\nElement :An identifier of the USB attribute.\nThe UsbId Rule allows matching the USB devices in the system on the following Attributes: class,vendor and\ndevice. A list of Elements is provided for each Attribute.
usbId :\n class: [<class id>, ...]\n vendor: [<vendor id>, ...]\n device: [<device id>, ...]\nMatching is done by performing a logical OR between Elements of an Attribute\nand logical AND between the specified Attributes for each USB device in the\nsystem. At least one Attribute must be specified. Missing attributes will not\npartake in the matching process.
\n\nElement :A kernel module\nThe LoadedKMod Rule allows matching the loaded kernel modules in the system against a provided list of Elements.
\n\nloadedKMod : [<kernel module>, ...]\nMatching is done by performing logical AND for each provided Element, i.e the\nRule will match if all provided Elements (kernel modules) are loaded\n in the system.
\n\ncustom:\n - name: \"my.kernel.feature\"\n matchOn:\n - loadedKMod: [\"kmod1\", \"kmod2\"]\n - name: \"my.pci.feature\"\n matchOn:\n - pciId:\n vendor: [\"15b3\"]\n device: [\"1014\", \"1017\"]\n - name: \"my.usb.feature\"\n matchOn:\n - usbId:\n vendor: [\"1d6b\"]\n device: [\"0003\"]\n - name: \"my.combined.feature\"\n matchOn:\n - loadedKMod : [\"vendor_kmod1\", \"vendor_kmod2\"]\n pciId:\n vendor: [\"15b3\"]\n device: [\"1014\", \"1017\"]\n - name: \"my.accumulated.feature\"\n matchOn:\n - loadedKMod : [\"some_kmod1\", \"some_kmod2\"]\n - pciId:\n vendor: [\"15b3\"]\n device: [\"1014\", \"1017\"]\nIn the example above:
\n\nfeature.node.kubernetes.io/custom-my.kernel.feature=true if the node has\nkmod1 AND kmod2 kernel modules loaded.feature.node.kubernetes.io/custom-my.pci.feature=true if the node contains\na PCI device with a PCI vendor ID of 15b3 AND PCI device ID of 1014\nOR 1017.feature.node.kubernetes.io/custom-my.usb.feature=true if the node contains\na USB device with a USB vendor ID of 1d6b AND USB device ID of 0003.feature.node.kubernetes.io/custom-my.combined.feature=true if\nvendor_kmod1 AND vendor_kmod2 kernel modules are loaded AND the\nnode contains a PCI device with a PCI vendor ID of 15b3 AND PCI device ID\nof 1014 or 1017.feature.node.kubernetes.io/custom-my.accumulated.feature=true if\nsome_kmod1 AND some_kmod2 kernel modules are loaded OR the node\ncontains a PCI device with a PCI vendor ID of 15b3 AND PCI device ID of\n1014 OR 1017.Some feature labels which are common and generic are defined statically in the\ncustom feature source. A user may add additional Matchers to these feature\nlabels by defining them in the nfd-worker configuration file.
| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| rdma | \ncapable | \nThe node has an RDMA capable Network adapter | \n
| rdma | \nenabled | \nThe node has the needed RDMA modules loaded to run RDMA traffic | \n
| Feature name | \nDescription | \n
|---|---|
| enabled | \nIOMMU is present and enabled in the kernel | \n
| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| config | \n<option name> | \nKernel config option is enabled (set ‘y’ or ‘m’). Default options are NO_HZ, NO_HZ_IDLE, NO_HZ_FULL and PREEMPT | \n
| selinux | \nenabled | \nSelinux is enabled on the node | \n
| version | \nfull | \nFull kernel version as reported by /proc/sys/kernel/osrelease (e.g. ‘4.5.6-7-g123abcde’) | \n
| \n | major | \nFirst component of the kernel version (e.g. ‘4’) | \n
| \n | minor | \nSecond component of the kernel version (e.g. ‘5’) | \n
| \n | revision | \nThird component of the kernel version (e.g. ‘6’) | \n
Kernel config file to use, and, the set of config options to be detected are\nconfigurable.\nSee configuration for\nmore information.
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| numa | \n\n | Multiple memory nodes i.e. NUMA architecture detected | \n
| nv | \npresent | \nNVDIMM device(s) are present | \n
| nv | \ndax | \nNVDIMM region(s) configured in DAX mode are present | \n
| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| sriov | \ncapable | \nSingle Root Input/Output Virtualization (SR-IOV) enabled Network Interface Card(s) present | \n
| \n | configured | \nSR-IOV virtual functions have been configured | \n
| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| <device label> | \npresent | \nPCI device is detected | \n
| <device label> | \nsriov.capable | \nSingle Root Input/Output Virtualization (SR-IOV) enabled PCI device present | \n
<device label> is composed of raw PCI IDs, separated by underscores.\nThe set of fields used in <device label> is configurable, valid fields being\nclass, vendor, device, subsystem_vendor and subsystem_device.\nDefaults are class and vendor. An example label using the default\nlabel fields:
feature.node.kubernetes.io/pci-1200_8086.present=true\nAlso the set of PCI device classes that the feature source detects is\nconfigurable. By default, device classes (0x)03, (0x)0b40 and (0x)12, i.e.\nGPUs, co-processors and accelerator cards are detected.
\n\n| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| <device label> | \npresent | \nUSB device is detected | \n
<device label> is composed of raw USB IDs, separated by underscores.\nThe set of fields used in <device label> is configurable, valid fields being\nclass, vendor, and device.\nDefaults are class, vendor and device. An example label using the default\nlabel fields:
feature.node.kubernetes.io/usb-fe_1a6e_089a.present=true\nSee configuration for more\ninformation on NFD config.
\n\n| Feature name | \nDescription | \n
|---|---|
| nonrotationaldisk | \nNon-rotational disk, like SSD, is present in the node | \n
| Feature | \nAttribute | \nDescription | \n
|---|---|---|
| os_release | \nID | \nOperating system identifier | \n
| \n | VERSION_ID | \nOperating system version identifier (e.g. ‘6.7’) | \n
| \n | VERSION_ID.major | \nFirst component of the OS version id (e.g. ‘6’) | \n
| \n | VERSION_ID.minor | \nSecond component of the OS version id (e.g. ‘7’) | \n
NFD has a special feature source named local which is designed for getting the\nlabels from user-specific feature detector. It provides a mechanism for users to\nimplement custom feature sources in a pluggable way, without modifying nfd\nsource code or Docker images. The local feature source can be used to advertise\nnew user-specific features, and, for overriding labels created by the other\nfeature sources.
\n\nThe local feature source gets its labels by two different ways:
\n\n/etc/kubernetes/node-feature-discovery/source.d/ directory. The hook files\nmust be executable and they are supposed to print all discovered features in\nstdout, one per line. With ELF binaries static linking is recommended as\nthe selection of system libraries available in the NFD release image is very\nlimited. Other runtimes currently supported by the NFD stock image are bash\nand perl./etc/kubernetes/node-feature-discovery/features.d/ directory. The file\ncontent is expected to be similar to the hook output (described above).These directories must be available inside the Docker image so Volumes and\nVolumeMounts must be used if standard NFD images are used. The given template\nfiles mount by default the source.d and the features.d directories\nrespectively from /etc/kubernetes/node-feature-discovery/source.d/ and\n/etc/kubernetes/node-feature-discovery/features.d/ from the host. You should\nupdate them to match your needs.
In both cases, the labels can be binary or non binary, using either <name> or\n<name>=<value> format.
Unlike the other feature sources, the name of the file, instead of the name of\nthe feature source (that would be local in this case), is used as a prefix in\nthe label name, normally. However, if the <name> of the label starts with a\nslash (/) it is used as the label name as is, without any additional prefix.\nThis makes it possible for the user to fully control the feature label names,\ne.g. for overriding labels created by other feature sources.
You can also override the default namespace of your labels using this format:\n<namespace>/<name>[=<value>]. You must whitelist your namespace using the\n--extra-label-ns option on the master. In this case, the name of the\nfile will not be added to the label name. For example, if you want to add the\nlabel my.namespace.org/my-label=value, your hook output or file must contains\nmy.namespace.org/my-label=value and you must add\n--extra-label-ns=my.namespace.org on the master command line.
stderr output of the hooks is propagated to NFD log so it can be used for\ndebugging and logging.
One use case for the hooks and/or feature files is detecting features in other\nPods outside NFD, e.g. in Kubernetes device plugins. It is possible to mount\nthe source.d and/or features.d directories common with the NFD Pod and\ndeploy the custom hooks/features there. NFD will periodically scan the\ndirectories and run any hooks and read any feature files it finds. The\nexample nfd-worker deployment template\ncontains hostPath mounts for sources.d and features.d directories. By\nusing the same mounts in the secondary Pod (e.g. device plugin) you have\ncreated a shared area for delivering hooks and feature files to NFD.
User has a shell script\n/etc/kubernetes/node-feature-discovery/source.d/my-source which has the\nfollowing stdout output:
MY_FEATURE_1\nMY_FEATURE_2=myvalue\n/override_source-OVERRIDE_BOOL\n/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nwhich, in turn, will translate into the following node labels:
\n\nfeature.node.kubernetes.io/my-source-MY_FEATURE_1=true\nfeature.node.kubernetes.io/my-source-MY_FEATURE_2=myvalue\nfeature.node.kubernetes.io/override_source-OVERRIDE_BOOL=true\nfeature.node.kubernetes.io/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nUser has a file\n/etc/kubernetes/node-feature-discovery/features.d/my-source which contains the\nfollowing lines:
MY_FEATURE_1\nMY_FEATURE_2=myvalue\n/override_source-OVERRIDE_BOOL\n/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nwhich, in turn, will translate into the following node labels:
\n\nfeature.node.kubernetes.io/my-source-MY_FEATURE_1=true\nfeature.node.kubernetes.io/my-source-MY_FEATURE_2=myvalue\nfeature.node.kubernetes.io/override_source-OVERRIDE_BOOL=true\nfeature.node.kubernetes.io/override_source-OVERRIDE_VALUE=123\noverride.namespace/value=456\nNFD tries to run any regular files found from the hooks directory. Any\nadditional data files your hook might need (e.g. a configuration file) should\nbe placed in a separate directory in order to avoid NFD unnecessarily trying to\nexecute these. You can use a subdirectory under the hooks directory, for\nexample /etc/kubernetes/node-feature-discovery/source.d/conf/.
NOTE! NFD will blindly run any executables placed/mounted in the hooks\ndirectory. It is the user’s responsibility to review the hooks for e.g.\npossible security implications.
\n\nNOTE! Be careful when creating and/or updating hook or feature files while\nNFD is running. In order to avoid race conditions you should write into a\ntemporary file (outside the source.d and features.d directories), and,\natomically create/update the original file by doing a filesystem move\noperation.
This feature is experimental and by no means a replacement for the usage of\ndevice plugins.
\n\nLabels which have integer values, can be promoted to Kubernetes extended\nresources by listing them to the master --resource-labels command line flag.\nThese labels won’t then show in the node label section, they will appear only\nas extended resources.
An example use-case for the extended resources could be based on a hook which\ncreates a label for the node SGX EPC memory section size. By giving the name of\nthat label in the --resource-labels flag, that value will then turn into an\nextended resource of the node, allowing PODs to request that resource and the\nKubernetes scheduler to schedule such PODs to only those nodes which have a\nsufficient capacity of said resource left.
Similar to labels, the default namespace feature.node.kubernetes.io is\nautomatically prefixed to the extended resource, if the promoted label doesn’t\nhave a namespace.
Example usage of the command line arguments, using a new namespace:\nnfd-master --resource-labels=my_source-my.feature,sgx.some.ns/epc --extra-label-ns=sgx.some.ns
The above would result in following extended resources provided that related\nlabels exist:
\n\n sgx.some.ns/epc: <label value>\n feature.node.kubernetes.io/my_source-my.feature: <label value>\nThis page contains usage examples and demos.
\n\n
A demo on the benefits of using node feature discovery can be found in the\nsource code repository under\ndemo/.
\n","dir":"/get-started/","name":"examples-and-demos.md","path":"get-started/examples-and-demos.md","url":"/get-started/examples-and-demos.html"}]