# This template contains an example of running nfd-master and nfd-worker in the # same pod. All changes in this template should be applied to Helm chart too. # apiVersion: v1 kind: Namespace metadata: name: node-feature-discovery # NFD namespace --- apiVersion: v1 kind: ServiceAccount metadata: name: nfd-master namespace: node-feature-discovery --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nfd-master rules: - apiGroups: - "" resources: - nodes # when using command line flag --resource-labels to create extended resources # you will need to uncomment "- nodes/status" # - nodes/status verbs: - get - patch - update # List only needed for --prune - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nfd-master roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nfd-master subjects: - kind: ServiceAccount name: nfd-master namespace: node-feature-discovery --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app: nfd name: nfd namespace: node-feature-discovery spec: selector: matchLabels: app: nfd template: metadata: labels: app: nfd spec: serviceAccount: nfd-master containers: - env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: k8s.gcr.io/nfd/node-feature-discovery:v0.8.2 imagePullPolicy: IfNotPresent name: nfd-master securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] readOnlyRootFilesystem: true runAsNonRoot: true command: - "nfd-master" - env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: k8s.gcr.io/nfd/node-feature-discovery:v0.8.2 imagePullPolicy: IfNotPresent name: nfd-worker securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] readOnlyRootFilesystem: true runAsNonRoot: true command: - "nfd-worker" volumeMounts: - name: host-boot mountPath: "/host-boot" readOnly: true - name: host-os-release mountPath: "/host-etc/os-release" readOnly: true - name: host-sys mountPath: "/host-sys" readOnly: true - name: source-d mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" readOnly: true - name: features-d mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" readOnly: true - name: nfd-worker-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true ## Example for more custom configs in an additional configmap (1/3) ## Mounting into subdirectories of custom.d makes it easy to use multiple configmaps # - name: custom-source-extra-rules # mountPath: "/etc/kubernetes/node-feature-discovery/custom.d/extra-rules-1" # readOnly: true volumes: - name: host-boot hostPath: path: "/boot" - name: host-os-release hostPath: path: "/etc/os-release" - name: host-sys hostPath: path: "/sys" - name: source-d hostPath: path: "/etc/kubernetes/node-feature-discovery/source.d/" - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" - name: nfd-worker-conf configMap: name: nfd-worker-conf ## Example for more custom configs in an additional configmap (2/3) # - name: custom-source-extra-rules # configMap: # name: custom-source-extra-rules --- apiVersion: v1 kind: ConfigMap metadata: name: nfd-worker-conf namespace: node-feature-discovery data: nfd-worker.conf: | ### #core: # labelWhiteList: # noPublish: false # sleepInterval: 60s # sources: [all] # klog: # addDirHeader: false # alsologtostderr: false # logBacktraceAt: # logtostderr: true # skipHeaders: false # stderrthreshold: 2 # v: 0 # vmodule: ## NOTE: the following options are not dynamically run-time configurable ## and require a nfd-worker restart to take effect after being changed # logDir: # logFile: # logFileMaxSize: 1800 # skipLogHeaders: false #sources: # cpu: # cpuid: ## NOTE: whitelist has priority over blacklist # attributeBlacklist: # - "BMI1" # - "BMI2" # - "CLMUL" # - "CMOV" # - "CX16" # - "ERMS" # - "F16C" # - "HTT" # - "LZCNT" # - "MMX" # - "MMXEXT" # - "NX" # - "POPCNT" # - "RDRAND" # - "RDSEED" # - "RDTSCP" # - "SGX" # - "SSE" # - "SSE2" # - "SSE3" # - "SSE4.1" # - "SSE4.2" # - "SSSE3" # attributeWhitelist: # kernel: # kconfigFile: "/path/to/kconfig" # configOpts: # - "NO_HZ" # - "X86" # - "DMI" # pci: # deviceClassWhitelist: # - "0200" # - "03" # - "12" # deviceLabelFields: # - "class" # - "vendor" # - "device" # - "subsystem_vendor" # - "subsystem_device" # usb: # deviceClassWhitelist: # - "0e" # - "ef" # - "fe" # - "ff" # deviceLabelFields: # - "class" # - "vendor" # - "device" # custom: # - name: "my.kernel.feature" # matchOn: # - loadedKMod: ["example_kmod1", "example_kmod2"] # - name: "my.pci.feature" # matchOn: # - pciId: # class: ["0200"] # vendor: ["15b3"] # device: ["1014", "1017"] # - pciId : # vendor: ["8086"] # device: ["1000", "1100"] # - name: "my.usb.feature" # matchOn: # - usbId: # class: ["ff"] # vendor: ["03e7"] # device: ["2485"] # - usbId: # class: ["fe"] # vendor: ["1a6e"] # device: ["089a"] # - name: "my.combined.feature" # matchOn: # - pciId: # vendor: ["15b3"] # device: ["1014", "1017"] # loadedKMod : ["vendor_kmod1", "vendor_kmod2"] # - name: "feature.by.nodename" # value: customValue # matchOn: # - nodename: ["worker-0", "my-.*-node"] ### --- ## Example for more custom configs in an additional configmap (3/3) #apiVersion: v1 #kind: ConfigMap #metadata: # name: custom-source-extra-rules # namespace: node-feature-discovery #data: ## Filename doesn't matter, and there can be multiple. They just need to be unique. # custom.conf: | # - name: "more.kernel.features" # matchOn: # - loadedKMod: ["example_kmod3"] # - name: "more.features.by.nodename" # value: customValue # matchOn: # - nodename: ["special-.*-node-.*"]