mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2024-12-15 17:50:49 +00:00
2bdf427b89
This commits extends NFD master code to support adding node taints from NodeFeatureRule CR. We also introduce a new annotation for taints which helps to identify if the taint set on node is owned by NFD or not. When user deletes the taint entry from NodeFeatureRule CR, NFD will remove the taint from the node. But to avoid accidental deletion of taints not owned by the NFD, it needs to know the owner. Keeping track of NFD set taints in the annotation can be used during the filtering of the owner. Also enable-taints flag is added to allow users opt in/out for node tainting feature. The flag takes precedence over taints defined in NodeFeatureRule CR. In other words, if enbale-taints is set to false(disabled) and user still defines taints on the CR, NFD will ignore those taints and skip them from setting on the node. Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
114 lines
3.8 KiB
Go
114 lines
3.8 KiB
Go
/*
|
|
Copyright 2019-2021 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"os"
|
|
"regexp"
|
|
|
|
"k8s.io/klog/v2"
|
|
|
|
master "sigs.k8s.io/node-feature-discovery/pkg/nfd-master"
|
|
"sigs.k8s.io/node-feature-discovery/pkg/utils"
|
|
"sigs.k8s.io/node-feature-discovery/pkg/version"
|
|
)
|
|
|
|
const (
|
|
// ProgramName is the canonical name of this program
|
|
ProgramName = "nfd-master"
|
|
)
|
|
|
|
func main() {
|
|
flags := flag.NewFlagSet(ProgramName, flag.ExitOnError)
|
|
|
|
printVersion := flags.Bool("version", false, "Print version and exit.")
|
|
|
|
args := initFlags(flags)
|
|
// Inject klog flags
|
|
klog.InitFlags(flags)
|
|
|
|
_ = flags.Parse(os.Args[1:])
|
|
if len(flags.Args()) > 0 {
|
|
fmt.Fprintf(flags.Output(), "unknown command line argument: %s\n", flags.Args()[0])
|
|
flags.Usage()
|
|
os.Exit(2)
|
|
}
|
|
|
|
if *printVersion {
|
|
fmt.Println(ProgramName, version.Get())
|
|
os.Exit(0)
|
|
}
|
|
|
|
// Assert that the version is known
|
|
if version.Undefined() {
|
|
klog.Warningf("version not set! Set -ldflags \"-X sigs.k8s.io/node-feature-discovery/pkg/version.version=`git describe --tags --dirty --always`\" during build or run.")
|
|
}
|
|
|
|
// Plug klog into grpc logging infrastructure
|
|
utils.ConfigureGrpcKlog()
|
|
|
|
// Get new NfdMaster instance
|
|
instance, err := master.NewNfdMaster(args)
|
|
if err != nil {
|
|
klog.Exitf("failed to initialize NfdMaster instance: %v", err)
|
|
}
|
|
|
|
if err = instance.Run(); err != nil {
|
|
klog.Exit(err)
|
|
}
|
|
}
|
|
|
|
func initFlags(flagset *flag.FlagSet) *master.Args {
|
|
args := &master.Args{
|
|
LabelWhiteList: utils.RegexpVal{Regexp: *regexp.MustCompile("")},
|
|
}
|
|
|
|
flagset.StringVar(&args.CaFile, "ca-file", "",
|
|
"Root certificate for verifying connections")
|
|
flagset.StringVar(&args.CertFile, "cert-file", "",
|
|
"Certificate used for authenticating connections")
|
|
flagset.Var(&args.ExtraLabelNs, "extra-label-ns",
|
|
"Comma separated list of allowed extra label namespaces")
|
|
flagset.StringVar(&args.Instance, "instance", "",
|
|
"Instance name. Used to separate annotation namespaces for multiple parallel deployments.")
|
|
flagset.StringVar(&args.KeyFile, "key-file", "",
|
|
"Private key matching -cert-file")
|
|
flagset.StringVar(&args.Kubeconfig, "kubeconfig", "",
|
|
"Kubeconfig to use")
|
|
flagset.Var(&args.LabelWhiteList, "label-whitelist",
|
|
"Regular expression to filter label names to publish to the Kubernetes API server. "+
|
|
"NB: the label namespace is omitted i.e. the filter is only applied to the name part after '/'.")
|
|
flagset.BoolVar(&args.NoPublish, "no-publish", false,
|
|
"Do not publish feature labels")
|
|
flagset.BoolVar(&args.EnableTaints, "enable-taints", false,
|
|
"Enable node tainting feature")
|
|
flagset.BoolVar(&args.FeatureRulesController, "featurerules-controller", true,
|
|
"Enable controller for NodeFeatureRule objects. Generates node labels based on the rules in these CRs.")
|
|
flagset.IntVar(&args.Port, "port", 8080,
|
|
"Port on which to listen for connections.")
|
|
flagset.BoolVar(&args.Prune, "prune", false,
|
|
"Prune all NFD related attributes from all nodes of the cluaster and exit.")
|
|
flagset.Var(&args.ResourceLabels, "resource-labels",
|
|
"Comma separated list of labels to be exposed as extended resources.")
|
|
flagset.BoolVar(&args.VerifyNodeName, "verify-node-name", false,
|
|
"Verify worker node name against the worker's TLS certificate. "+
|
|
"Only takes effect when TLS authentication has been enabled.")
|
|
|
|
return args
|
|
}
|