1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
node-feature-discovery/docs/reference/topology-updater-commandline-reference.md
Talor Itzhak 5c6be580f4 reactive updates: add an option to disable the feature
Access to the kubelet state directory may raise concerns in some setups, added an option to disable it.
The feature is enabled by default.

Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2023-03-16 11:53:16 +02:00

177 lines
3.8 KiB
Markdown

---
title: "Topology Updater Cmdline Reference"
layout: default
sort: 4
---
# NFD-Topology-Updater Commandline Flags
{: .no_toc }
## Table of Contents
{: .no_toc .text-delta }
1. TOC
{:toc}
---
To quickly view available command line flags execute `nfd-topology-updater -help`.
In a docker container:
```bash
docker run {{ site.container_image }} \
nfd-topology-updater -help
```
### -h, -help
Print usage and exit.
### -version
Print version and exit.
### -config
The `-config` flag specifies the path of the nfd-topology-updater
configuration file to use.
Default: /etc/kubernetes/node-feature-discovery/nfd-topology-updater.conf
Example:
```bash
nfd-topology-updater -config=/opt/nfd/nfd-topology-updater.conf
```
### -no-publish
The `-no-publish` flag disables all communication with the nfd-master, making
it a "dry-run" flag for nfd-topology-updater. NFD-Topology-Updater runs
resource hardware topology detection normally, but no CR requests are sent to
nfd-master.
Default: *false*
Example:
```bash
nfd-topology-updater -no-publish
```
### -oneshot
The `-oneshot` flag causes nfd-topology-updater to exit after one pass of
resource hardware topology detection.
Default: *false*
Example:
```bash
nfd-topology-updater -oneshot -no-publish
```
### -sleep-interval
The `-sleep-interval` specifies the interval between resource hardware
topology re-examination (and CR updates). zero means no CR updates on interval basis.
Default: 60s
Example:
```bash
nfd-topology-updater -sleep-interval=1h
```
### -watch-namespace
The `-watch-namespace` specifies the namespace to ensure that resource
hardware topology examination only happens for the pods running in the
specified namespace. Pods that are not running in the specified namespace
are not considered during resource accounting. This is particularly useful
for testing/debugging purpose. A "*" value would mean that all the pods would
be considered during the accounting process.
Default: "*"
Example:
```bash
nfd-topology-updater -watch-namespace=rte
```
### -kubelet-config-uri
The `-kubelet-config-uri` specifies the path to the Kubelet's configuration.
Note that the URi could either be a local host file or an HTTP endpoint.
Default: `https://${NODE_NAME}:10250/configz`
Example:
```bash
nfd-topology-updater -kubelet-config-uri=file:///var/lib/kubelet/config.yaml
```
### -api-auth-token-file
The `-api-auth-token-file` specifies the path to the api auth token file
which is used to retrieve Kubelet's configuration from Kubelet secure port,
only taking effect when `-kubelet-config-uri` is https.
Note that this token file must bind to a role that has the `get` capability to
`nodes/proxy` resources.
Default: `/var/run/secrets/kubernetes.io/serviceaccount/token`
Example:
```bash
nfd-topology-updater -token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
```
### -podresources-socket
The `-podresources-socket` specifies the path to the Unix socket where kubelet
exports a gRPC service to enable discovery of in-use CPUs and devices, and to
provide metadata for them.
Default: /host-var/lib/kubelet/pod-resources/kubelet.sock
Example:
```bash
nfd-topology-updater -podresources-socket=/var/lib/kubelet/pod-resources/kubelet.sock
```
### -pods-fingerprint
Enables compute and report the pod set fingerprint in the NRT.
A pod fingerprint is a compact representation of the "node state" regarding resources.
Default: `false`
Example:
```bash
nfd-topology-updater -pods-fingerprint
```
### -kubelet-state-dir
The `-kubelet-state-dir` specifies the path to the Kubelet state directory,
where state and checkpoint files are stored.
The files are mount as read-only and cannot be change by the updater.
Enabled by default.
Passing an empty string will disable the watching.
Default: /host-var/lib/kubelet
Example:
```bash
nfd-topology-updater -kubelet-state-dir=/var/lib/kubelet
```