mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-17 22:08:33 +00:00
7038e49d02
There are cases when the only available metadata for discovering features is the node's name. The "nodename" rule extends the custom source and matches when the node's name matches one of the given nodename regexp patterns. It is also possible now to set an optional "value" on custom rules, which overrides the default "true" label value in case the rule matches. In order to allow more dynamic configurations without having to modify the complete worker configuration, custom rules are additionally read from a "custom.d" directory now. Typically that directory will be filled by mounting one or more ConfigMaps. Signed-off-by: Marc Sluiter <msluiter@redhat.com>
237 lines
7.2 KiB
Text
237 lines
7.2 KiB
Text
# All changes in this template should be applied to Helm chart too.
|
|
#
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
labels:
|
|
app: node-feature-discovery
|
|
name: nfd-worker
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
completions: NUM_NODES
|
|
parallelism: NUM_NODES
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: node-feature-discovery
|
|
spec:
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- topologyKey: kubernetes.io/hostname
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- node-feature-discovery
|
|
containers:
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
imagePullPolicy: Always
|
|
name: nfd-worker
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-worker"
|
|
args:
|
|
- "--oneshot"
|
|
- "--server=nfd-master:8080"
|
|
## Enable TLS authentication (1/3)
|
|
## The example below assumes having the root certificate named ca.crt stored in
|
|
## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
|
|
## in a TLS Secret named nfd-worker-cert
|
|
# - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
|
|
# - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
|
|
# - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
|
|
volumeMounts:
|
|
- name: host-boot
|
|
mountPath: "/host-boot"
|
|
readOnly: true
|
|
- name: host-os-release
|
|
mountPath: "/host-etc/os-release"
|
|
readOnly: true
|
|
- name: host-sys
|
|
mountPath: "/host-sys"
|
|
readOnly: true
|
|
- name: source-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
readOnly: true
|
|
- name: features-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
readOnly: true
|
|
- name: nfd-worker-conf
|
|
mountPath: "/etc/kubernetes/node-feature-discovery"
|
|
readOnly: true
|
|
## Example for more custom configs in an additional configmap (1/3)
|
|
## Mounting into subdirectories of custom.d makes it easy to use multiple configmaps
|
|
# - name: custom-source-extra-rules
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/custom.d/extra-rules-1"
|
|
# readOnly: true
|
|
## Enable TLS authentication (2/3)
|
|
# - name: nfd-ca-cert
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/trust"
|
|
# readOnly: true
|
|
# - name: nfd-worker-cert
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/certs"
|
|
# readOnly: true
|
|
restartPolicy: Never
|
|
volumes:
|
|
- name: host-boot
|
|
hostPath:
|
|
path: "/boot"
|
|
- name: host-os-release
|
|
hostPath:
|
|
path: "/etc/os-release"
|
|
- name: host-sys
|
|
hostPath:
|
|
path: "/sys"
|
|
- name: source-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
- name: nfd-worker-conf
|
|
configMap:
|
|
name: nfd-worker-conf
|
|
## Example for more custom configs in an additional configmap (2/3)
|
|
# - name: custom-source-extra-rules
|
|
# configMap:
|
|
# name: custom-source-extra-rules
|
|
## Enable TLS authentication (3/3)
|
|
# - name: nfd-ca-cert
|
|
# configMap:
|
|
# name: nfd-ca-cert
|
|
# - name: nfd-worker-cert
|
|
# secret:
|
|
# secretName: nfd-worker-cert
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nfd-worker-conf
|
|
namespace: node-feature-discovery
|
|
data:
|
|
nfd-worker.conf: | ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
|
|
#core:
|
|
# labelWhiteList:
|
|
# noPublish: false
|
|
# sleepInterval: 60s
|
|
# sources: [all]
|
|
#sources:
|
|
# cpu:
|
|
# cpuid:
|
|
## NOTE: whitelist has priority over blacklist
|
|
# attributeBlacklist:
|
|
# - "BMI1"
|
|
# - "BMI2"
|
|
# - "CLMUL"
|
|
# - "CMOV"
|
|
# - "CX16"
|
|
# - "ERMS"
|
|
# - "F16C"
|
|
# - "HTT"
|
|
# - "LZCNT"
|
|
# - "MMX"
|
|
# - "MMXEXT"
|
|
# - "NX"
|
|
# - "POPCNT"
|
|
# - "RDRAND"
|
|
# - "RDSEED"
|
|
# - "RDTSCP"
|
|
# - "SGX"
|
|
# - "SSE"
|
|
# - "SSE2"
|
|
# - "SSE3"
|
|
# - "SSE4.1"
|
|
# - "SSE4.2"
|
|
# - "SSSE3"
|
|
# attributeWhitelist:
|
|
# kernel:
|
|
# kconfigFile: "/path/to/kconfig"
|
|
# configOpts:
|
|
# - "NO_HZ"
|
|
# - "X86"
|
|
# - "DMI"
|
|
# pci:
|
|
# deviceClassWhitelist:
|
|
# - "0200"
|
|
# - "03"
|
|
# - "12"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# - "subsystem_vendor"
|
|
# - "subsystem_device"
|
|
# usb:
|
|
# deviceClassWhitelist:
|
|
# - "0e"
|
|
# - "ef"
|
|
# - "fe"
|
|
# - "ff"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# custom:
|
|
# - name: "my.kernel.feature"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod1", "example_kmod2"]
|
|
# - name: "my.pci.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# class: ["0200"]
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# - pciId :
|
|
# vendor: ["8086"]
|
|
# device: ["1000", "1100"]
|
|
# - name: "my.usb.feature"
|
|
# matchOn:
|
|
# - usbId:
|
|
# class: ["ff"]
|
|
# vendor: ["03e7"]
|
|
# device: ["2485"]
|
|
# - usbId:
|
|
# class: ["fe"]
|
|
# vendor: ["1a6e"]
|
|
# device: ["089a"]
|
|
# - name: "my.combined.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
|
|
# - name: "feature.by.nodename"
|
|
# value: customValue
|
|
# matchOn:
|
|
# - nodename: ["worker-0", "my-.*-node"]
|
|
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
|
|
---
|
|
## Example for more custom configs in an additional configmap (3/3)
|
|
#apiVersion: v1
|
|
#kind: ConfigMap
|
|
#metadata:
|
|
# name: custom-source-extra-rules
|
|
# namespace: node-feature-discovery
|
|
#data:
|
|
## Filename doesn't matter, and there can be multiple. They just need to be unique.
|
|
# custom.conf: |
|
|
# - name: "more.kernel.features"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod3"]
|
|
# - name: "more.features.by.nodename"
|
|
# value: customValue
|
|
# matchOn:
|
|
# - nodename: ["special-.*-node-.*"]
|