mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-17 22:08:33 +00:00
979d3b88fe
Add a virtually empty ConfigMap that is mounted inside the workers.
Makes it easier to start customizing the worker deployment e.g. with just:
$ kubectl -n ${NFD_NS} edit configmap nfd-worker-conf
Create a new 'templates' make target for inserting the content of
nfd-worker.conf.example into the configmap spec of the templates. Thus,
'make templates' should be run whenever the example config is update.
Update the verify.sh prow script to check that the templates are up to
date.
This patch also streamlines the documentation about configuration
management, reflecting the changes.
198 lines
5.8 KiB
Text
198 lines
5.8 KiB
Text
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
labels:
|
|
app: node-feature-discovery
|
|
name: nfd-worker
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
completions: NUM_NODES
|
|
parallelism: NUM_NODES
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: node-feature-discovery
|
|
spec:
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- topologyKey: kubernetes.io/hostname
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- node-feature-discovery
|
|
containers:
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
name: nfd-worker
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-worker"
|
|
args:
|
|
- "--oneshot"
|
|
- "--server=nfd-master:8080"
|
|
## Enable TLS authentication (1/3)
|
|
## The example below assumes having the root certificate named ca.crt stored in
|
|
## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
|
|
## in a TLS Secret named nfd-worker-cert
|
|
# - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
|
|
# - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
|
|
# - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
|
|
volumeMounts:
|
|
- name: host-boot
|
|
mountPath: "/host-boot"
|
|
readOnly: true
|
|
- name: host-os-release
|
|
mountPath: "/host-etc/os-release"
|
|
readOnly: true
|
|
- name: host-sys
|
|
mountPath: "/host-sys"
|
|
readOnly: true
|
|
- name: source-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
readOnly: true
|
|
- name: features-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
readOnly: true
|
|
- name: nfd-worker-conf
|
|
mountPath: "/etc/kubernetes/node-feature-discovery"
|
|
readOnly: true
|
|
## Enable TLS authentication (2/3)
|
|
# - name: nfd-ca-cert
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/trust"
|
|
# readOnly: true
|
|
# - name: nfd-worker-cert
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/certs"
|
|
# readOnly: true
|
|
restartPolicy: Never
|
|
volumes:
|
|
- name: host-boot
|
|
hostPath:
|
|
path: "/boot"
|
|
- name: host-os-release
|
|
hostPath:
|
|
path: "/etc/os-release"
|
|
- name: host-sys
|
|
hostPath:
|
|
path: "/sys"
|
|
- name: source-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
- name: nfd-worker-conf
|
|
configMap:
|
|
name: nfd-worker-conf
|
|
## Enable TLS authentication (3/3)
|
|
# - name: nfd-ca-cert
|
|
# configMap:
|
|
# name: nfd-ca-cert
|
|
# - name: nfd-worker-cert
|
|
# secret:
|
|
# secretName: nfd-worker-cert
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nfd-worker-conf
|
|
namespace: node-feature-discovery
|
|
data:
|
|
nfd-worker.conf: |
|
|
#sources:
|
|
# cpu:
|
|
# cpuid:
|
|
## NOTE: whitelist has priority over blacklist
|
|
# attributeBlacklist:
|
|
# - "BMI1"
|
|
# - "BMI2"
|
|
# - "CLMUL"
|
|
# - "CMOV"
|
|
# - "CX16"
|
|
# - "ERMS"
|
|
# - "F16C"
|
|
# - "HTT"
|
|
# - "LZCNT"
|
|
# - "MMX"
|
|
# - "MMXEXT"
|
|
# - "NX"
|
|
# - "POPCNT"
|
|
# - "RDRAND"
|
|
# - "RDSEED"
|
|
# - "RDTSCP"
|
|
# - "SGX"
|
|
# - "SSE"
|
|
# - "SSE2"
|
|
# - "SSE3"
|
|
# - "SSE4.1"
|
|
# - "SSE4.2"
|
|
# - "SSSE3"
|
|
# attributeWhitelist:
|
|
# kernel:
|
|
# kconfigFile: "/path/to/kconfig"
|
|
# configOpts:
|
|
# - "NO_HZ"
|
|
# - "X86"
|
|
# - "DMI"
|
|
# pci:
|
|
# deviceClassWhitelist:
|
|
# - "0200"
|
|
# - "03"
|
|
# - "12"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# - "subsystem_vendor"
|
|
# - "subsystem_device"
|
|
# usb:
|
|
# deviceClassWhitelist:
|
|
# - "0e"
|
|
# - "ef"
|
|
# - "fe"
|
|
# - "ff"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# custom:
|
|
# - name: "my.kernel.feature"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod1", "example_kmod2"]
|
|
# - name: "my.pci.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# class: ["0200"]
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# - pciId :
|
|
# vendor: ["8086"]
|
|
# device: ["1000", "1100"]
|
|
# - name: "my.usb.feature"
|
|
# matchOn:
|
|
# - usbId:
|
|
# class: ["ff"]
|
|
# vendor: ["03e7"]
|
|
# device: ["2485"]
|
|
# - usbId:
|
|
# class: ["fe"]
|
|
# vendor: ["1a6e"]
|
|
# device: ["089a"]
|
|
# - name: "my.combined.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
|