mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2024-12-14 11:57:51 +00:00
227 lines
5.7 KiB
Text
227 lines
5.7 KiB
Text
# This template contains an example of running nfd-master and nfd-worker in the
|
|
# same pod.
|
|
#
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: node-feature-discovery # NFD namespace
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: nfd-master
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
# when using command line flag --resource-labels to create extended resources
|
|
# you will need to uncomment "- nodes/status"
|
|
# - nodes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
# List only needed for --prune
|
|
- list
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: nfd-master
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: nfd-master
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
labels:
|
|
app: nfd
|
|
name: nfd
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: nfd
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nfd
|
|
spec:
|
|
serviceAccount: nfd-master
|
|
containers:
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: k8s.gcr.io/nfd/node-feature-discovery:v0.7.0
|
|
name: nfd-master
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-master"
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: k8s.gcr.io/nfd/node-feature-discovery:v0.7.0
|
|
name: nfd-worker
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-worker"
|
|
args:
|
|
- "--sleep-interval=60s"
|
|
volumeMounts:
|
|
- name: host-boot
|
|
mountPath: "/host-boot"
|
|
readOnly: true
|
|
- name: host-os-release
|
|
mountPath: "/host-etc/os-release"
|
|
readOnly: true
|
|
- name: host-sys
|
|
mountPath: "/host-sys"
|
|
readOnly: true
|
|
- name: source-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
readOnly: true
|
|
- name: features-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
readOnly: true
|
|
- name: nfd-worker-conf
|
|
mountPath: "/etc/kubernetes/node-feature-discovery"
|
|
readOnly: true
|
|
volumes:
|
|
- name: host-boot
|
|
hostPath:
|
|
path: "/boot"
|
|
- name: host-os-release
|
|
hostPath:
|
|
path: "/etc/os-release"
|
|
- name: host-sys
|
|
hostPath:
|
|
path: "/sys"
|
|
- name: source-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
- name: nfd-worker-conf
|
|
configMap:
|
|
name: nfd-worker-conf
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nfd-worker-conf
|
|
namespace: node-feature-discovery
|
|
data:
|
|
nfd-worker.conf: |
|
|
#sources:
|
|
# cpu:
|
|
# cpuid:
|
|
## NOTE: whitelist has priority over blacklist
|
|
# attributeBlacklist:
|
|
# - "BMI1"
|
|
# - "BMI2"
|
|
# - "CLMUL"
|
|
# - "CMOV"
|
|
# - "CX16"
|
|
# - "ERMS"
|
|
# - "F16C"
|
|
# - "HTT"
|
|
# - "LZCNT"
|
|
# - "MMX"
|
|
# - "MMXEXT"
|
|
# - "NX"
|
|
# - "POPCNT"
|
|
# - "RDRAND"
|
|
# - "RDSEED"
|
|
# - "RDTSCP"
|
|
# - "SGX"
|
|
# - "SSE"
|
|
# - "SSE2"
|
|
# - "SSE3"
|
|
# - "SSE4.1"
|
|
# - "SSE4.2"
|
|
# - "SSSE3"
|
|
# attributeWhitelist:
|
|
# kernel:
|
|
# kconfigFile: "/path/to/kconfig"
|
|
# configOpts:
|
|
# - "NO_HZ"
|
|
# - "X86"
|
|
# - "DMI"
|
|
# pci:
|
|
# deviceClassWhitelist:
|
|
# - "0200"
|
|
# - "03"
|
|
# - "12"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# - "subsystem_vendor"
|
|
# - "subsystem_device"
|
|
# usb:
|
|
# deviceClassWhitelist:
|
|
# - "0e"
|
|
# - "ef"
|
|
# - "fe"
|
|
# - "ff"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# custom:
|
|
# - name: "my.kernel.feature"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod1", "example_kmod2"]
|
|
# - name: "my.pci.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# class: ["0200"]
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# - pciId :
|
|
# vendor: ["8086"]
|
|
# device: ["1000", "1100"]
|
|
# - name: "my.usb.feature"
|
|
# matchOn:
|
|
# - usbId:
|
|
# class: ["ff"]
|
|
# vendor: ["03e7"]
|
|
# device: ["2485"]
|
|
# - usbId:
|
|
# class: ["fe"]
|
|
# vendor: ["1a6e"]
|
|
# device: ["089a"]
|
|
# - name: "my.combined.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
|