apiVersion: v1 kind: Namespace metadata: name: node-feature-discovery # NFD namespace --- apiVersion: v1 kind: ServiceAccount metadata: name: nfd-master namespace: node-feature-discovery --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nfd-master rules: - apiGroups: - "" resources: - nodes # when using command line flag --resource-labels to create extended resources # you will need to uncomment "- nodes/status" # - nodes/status verbs: - get - patch - update # List only needed for --prune - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nfd-master roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nfd-master subjects: - kind: ServiceAccount name: nfd-master namespace: node-feature-discovery --- apiVersion: batch/v1 kind: Job metadata: name: nfd-prune namespace: node-feature-discovery labels: app: nfe-prune spec: completions: 1 template: metadata: labels: app: nfd-prune spec: serviceAccount: nfd-master affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: "node-role.kubernetes.io/master" operator: In values: [""] tolerations: - key: "node-role.kubernetes.io/master" operator: "Equal" value: "" effect: "NoSchedule" containers: - name: nfd-master image: gcr.io/k8s-staging-nfd/node-feature-discovery:master imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] readOnlyRootFilesystem: true runAsNonRoot: true command: - "nfd-master" args: - "--prune" restartPolicy: Never