mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-17 22:08:33 +00:00
7038e49d02
There are cases when the only available metadata for discovering features is the node's name. The "nodename" rule extends the custom source and matches when the node's name matches one of the given nodename regexp patterns. It is also possible now to set an optional "value" on custom rules, which overrides the default "true" label value in case the rule matches. In order to allow more dynamic configurations without having to modify the complete worker configuration, custom rules are additionally read from a "custom.d" directory now. Typically that directory will be filled by mounting one or more ConfigMaps. Signed-off-by: Marc Sluiter <msluiter@redhat.com>
265 lines
7.1 KiB
Text
265 lines
7.1 KiB
Text
# This template contains an example of running nfd-master and nfd-worker in the
|
|
# same pod. All changes in this template should be applied to Helm chart too.
|
|
#
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: node-feature-discovery # NFD namespace
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: nfd-master
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
# when using command line flag --resource-labels to create extended resources
|
|
# you will need to uncomment "- nodes/status"
|
|
# - nodes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
# List only needed for --prune
|
|
- list
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: nfd-master
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: nfd-master
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
labels:
|
|
app: nfd
|
|
name: nfd
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: nfd
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nfd
|
|
spec:
|
|
serviceAccount: nfd-master
|
|
containers:
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
imagePullPolicy: Always
|
|
name: nfd-master
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-master"
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
imagePullPolicy: Always
|
|
name: nfd-worker
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-worker"
|
|
args:
|
|
- "--sleep-interval=60s"
|
|
volumeMounts:
|
|
- name: host-boot
|
|
mountPath: "/host-boot"
|
|
readOnly: true
|
|
- name: host-os-release
|
|
mountPath: "/host-etc/os-release"
|
|
readOnly: true
|
|
- name: host-sys
|
|
mountPath: "/host-sys"
|
|
readOnly: true
|
|
- name: source-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
readOnly: true
|
|
- name: features-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
readOnly: true
|
|
- name: nfd-worker-conf
|
|
mountPath: "/etc/kubernetes/node-feature-discovery"
|
|
readOnly: true
|
|
## Example for more custom configs in an additional configmap (1/3)
|
|
## Mounting into subdirectories of custom.d makes it easy to use multiple configmaps
|
|
# - name: custom-source-extra-rules
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/custom.d/extra-rules-1"
|
|
# readOnly: true
|
|
volumes:
|
|
- name: host-boot
|
|
hostPath:
|
|
path: "/boot"
|
|
- name: host-os-release
|
|
hostPath:
|
|
path: "/etc/os-release"
|
|
- name: host-sys
|
|
hostPath:
|
|
path: "/sys"
|
|
- name: source-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
- name: nfd-worker-conf
|
|
configMap:
|
|
name: nfd-worker-conf
|
|
## Example for more custom configs in an additional configmap (2/3)
|
|
# - name: custom-source-extra-rules
|
|
# configMap:
|
|
# name: custom-source-extra-rules
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nfd-worker-conf
|
|
namespace: node-feature-discovery
|
|
data:
|
|
nfd-worker.conf: | ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
|
|
#core:
|
|
# labelWhiteList:
|
|
# noPublish: false
|
|
# sleepInterval: 60s
|
|
# sources: [all]
|
|
#sources:
|
|
# cpu:
|
|
# cpuid:
|
|
## NOTE: whitelist has priority over blacklist
|
|
# attributeBlacklist:
|
|
# - "BMI1"
|
|
# - "BMI2"
|
|
# - "CLMUL"
|
|
# - "CMOV"
|
|
# - "CX16"
|
|
# - "ERMS"
|
|
# - "F16C"
|
|
# - "HTT"
|
|
# - "LZCNT"
|
|
# - "MMX"
|
|
# - "MMXEXT"
|
|
# - "NX"
|
|
# - "POPCNT"
|
|
# - "RDRAND"
|
|
# - "RDSEED"
|
|
# - "RDTSCP"
|
|
# - "SGX"
|
|
# - "SSE"
|
|
# - "SSE2"
|
|
# - "SSE3"
|
|
# - "SSE4.1"
|
|
# - "SSE4.2"
|
|
# - "SSSE3"
|
|
# attributeWhitelist:
|
|
# kernel:
|
|
# kconfigFile: "/path/to/kconfig"
|
|
# configOpts:
|
|
# - "NO_HZ"
|
|
# - "X86"
|
|
# - "DMI"
|
|
# pci:
|
|
# deviceClassWhitelist:
|
|
# - "0200"
|
|
# - "03"
|
|
# - "12"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# - "subsystem_vendor"
|
|
# - "subsystem_device"
|
|
# usb:
|
|
# deviceClassWhitelist:
|
|
# - "0e"
|
|
# - "ef"
|
|
# - "fe"
|
|
# - "ff"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# custom:
|
|
# - name: "my.kernel.feature"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod1", "example_kmod2"]
|
|
# - name: "my.pci.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# class: ["0200"]
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# - pciId :
|
|
# vendor: ["8086"]
|
|
# device: ["1000", "1100"]
|
|
# - name: "my.usb.feature"
|
|
# matchOn:
|
|
# - usbId:
|
|
# class: ["ff"]
|
|
# vendor: ["03e7"]
|
|
# device: ["2485"]
|
|
# - usbId:
|
|
# class: ["fe"]
|
|
# vendor: ["1a6e"]
|
|
# device: ["089a"]
|
|
# - name: "my.combined.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
|
|
# - name: "feature.by.nodename"
|
|
# value: customValue
|
|
# matchOn:
|
|
# - nodename: ["worker-0", "my-.*-node"]
|
|
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
|
|
---
|
|
## Example for more custom configs in an additional configmap (3/3)
|
|
#apiVersion: v1
|
|
#kind: ConfigMap
|
|
#metadata:
|
|
# name: custom-source-extra-rules
|
|
# namespace: node-feature-discovery
|
|
#data:
|
|
## Filename doesn't matter, and there can be multiple. They just need to be unique.
|
|
# custom.conf: |
|
|
# - name: "more.kernel.features"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod3"]
|
|
# - name: "more.features.by.nodename"
|
|
# value: customValue
|
|
# matchOn:
|
|
# - nodename: ["special-.*-node-.*"]
|