mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-16 13:28:18 +00:00
d11edaa056
This updates the tolerations and affinities to also respect the term „control-plane“ which will eventually replace „master“
99 lines
2.4 KiB
Text
99 lines
2.4 KiB
Text
# All changes in this template should be applied to Helm chart too.
|
|
#
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: node-feature-discovery # NFD namespace
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: nfd-master
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
# when using command line flag --resource-labels to create extended resources
|
|
# you will need to uncomment "- nodes/status"
|
|
# - nodes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
# List only needed for --prune
|
|
- list
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: nfd-master
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: nfd-master
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: nfd-prune
|
|
namespace: node-feature-discovery
|
|
labels:
|
|
app: nfe-prune
|
|
spec:
|
|
completions: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nfd-prune
|
|
spec:
|
|
serviceAccount: nfd-master
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: In
|
|
values: [""]
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: In
|
|
values: [""]
|
|
tolerations:
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: "Equal"
|
|
value: ""
|
|
effect: "NoSchedule"
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Equal"
|
|
value: ""
|
|
effect: "NoSchedule"
|
|
containers:
|
|
- name: nfd-master
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-master"
|
|
args:
|
|
- "--prune"
|
|
restartPolicy: Never
|