mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity
node-feature-discovery/v0.14/usage/customization-guide.html
Github Actions 2f9239b1f6 Update documentation for v0.14 
Auto-generated from v0.14.6-2-gb2157384 by 'update-gh-pages.sh'
2024-06-03 08:38:21 +00:00

376 lines
No EOL
134 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html> <html lang="en" dir="auto"> <head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5, user-scalable=no"> <meta name="description" content="Customization guide Table of contents Overview NodeFeature custom resource A NodeFeature example Feature types NodeFeatureRule custom resource A No..."> <meta name="revised" content=""> <meta name="author" content="Kubernetes SIGs"> <meta name="generator" content="rundocs/jekyll-rtd-theme v2.0.10"><meta name="theme-color" content="#2980b9"> <title>Customization guide · Node Feature Discovery</title> <meta name="twitter:title" content="Customization guide · Node Feature Discovery"> <meta name="twitter:description" content="Customization guide Table of contents Overview NodeFeature custom resource A NodeFeature example Feature types NodeFeatureRule custom resource A No..."> <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@Kubernetes SIGs"> <meta name="twitter:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.14/usage/customization-guide.html"> <meta name="twitter:creator" content="@rundocs/jekyll-rtd-theme v2.0.10"> <meta property="og:title" content="Customization guide · Node Feature Discovery"> <meta property="og:description" content="Customization guide Table of contents Overview NodeFeature custom resource A NodeFeature example Feature types NodeFeatureRule custom resource A No..."> <meta property="og:locale" content="en"> <meta property="og:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.14/usage/customization-guide.html"> <meta property="og:type" content="article"> <meta property="article:author" content="Kubernetes SIGs"> <meta property="article:published_time" content="2016-07-23T05:07:52+00:00"> <meta property="article:modified_time" content="2024-06-03T08:38:11+00:00"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "mainEntityOfPage": { "@type": "WebPage", "@id": "https://kubernetes-sigs.github.com/node-feature-discovery/v0.14/usage/customization-guide.html" }, "headline": "Customization guide · Node Feature Discovery", "image": [], "author": { "@type": "Person", "name": "Kubernetes SIGs" }, "datePublished": "2016-07-23T05:07:52+00:00", "dateModified": "2024-06-03T08:38:11+00:00", "publisher": { "@type": "Organization", "name": "Kubernetes SIGs", "logo": { "@type": "ImageObject", "url": "https://avatars.githubusercontent.com/u/36015203?v=4" } }, "description": "Customization guide Table of contents Overview NodeFeature custom resource A NodeFeature example Feature types NodeFeatureRule custom resource A No..." } </script> <link rel="dns-prefetch" href="https://cdn.jsdelivr.net"><link rel="prev" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.14/usage/custom-resources.html"><link rel="next" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.14/usage/examples-and-demos.html"><link rel="canonical" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.14/usage/customization-guide.html"><link rel="icon" type="image/svg+xml" href="/node-feature-discovery/v0.14/assets/images/favicon.svg"><link rel="icon" type="image/png" href="/node-feature-discovery/v0.14/assets/images/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="/node-feature-discovery/v0.14/assets/images/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="/node-feature-discovery/v0.14/assets/images/favicon-96x96.png" sizes="96x96"><link rel="mask-icon" href="/node-feature-discovery/v0.14/assets/images/favicon.svg" color="#2980b9"><link rel="apple-touch-icon" href="/node-feature-discovery/v0.14/assets/images/apple-touch-icon-300x300.jpg"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/css/theme.min.css"><style>@media (min-width: 1280px){.content-wrap{max-width:1200px}}</style><script> window.ui = { title: "Node Feature Discovery", baseurl: "/node-feature-discovery/v0.14", i18n: { search_results: "Search Results", search_results_found: "Search finished, found # page(s) matching the search query.", search_results_not_found: "Your search did not match any documents, please make sure that all characters are spelled correctly!" } }; </script> </head> <body class="container"><div class="sidebar-wrap overflow-hidden"> <div class="sidebar height-full overflow-y-scroll overflow-x-hidden"> <div class="header d-flex flex-column p-3 text-center"> <div class="title pb-1"> <a class="h4 no-underline py-1 px-2 rounded-1" href="/node-feature-discovery/v0.14/" title="Documentation of Node Feature Discovery - a Kubernetes add-on for discovering and advertising hardware features and system configuration in the cluster."> <i class="fa fa-home"></i> Node Feature Discovery </a> </div> <span class="version">v0.14.6</span> <form class="search pt-2" action="/node-feature-discovery/v0.14/search.html" method="get" autocomplete="off"> <input class="form-control input-block input-sm" type="text" name="q" placeholder="Search docs..."> </form> </div> <div class="toctree py-2" data-spy="affix" role="navigation" aria-label="main navigation"> <ul> </ul> <a class="caption d-block text-uppercase no-wrap px-2 py-0" href="/node-feature-discovery/v0.14/get-started/"> Get started </a><ul> <li class="toc level-1 " data-sort="1" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/get-started/introduction.html">1. Introduction</a> </li> <li class="toc level-1 " data-sort="2" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/get-started/quick-start.html">2. Quick start</a> </li></ul> <a class="caption d-block text-uppercase no-wrap px-2 py-0" href="/node-feature-discovery/v0.14/deployment/"> Deployment </a><ul> <li class="toc level-1 " data-sort="1" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/image-variants.html">1. Image variants</a> </li> <li class="toc level-1 " data-sort="2" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/kustomize.html">2. Kustomize</a> </li> <li class="toc level-1 " data-sort="3" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/helm.html">3. Helm</a> </li> <li class="toc level-1 " data-sort="4" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/operator.html">4. NFD Operator</a> </li> <li class="toc level-1 " data-sort="5" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/tls.html">5. TLS authentication</a> </li> <li class="toc level-1 " data-sort="6" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/uninstallation.html">6. Uninstallation</a> </li> <li class="toc level-1 " data-sort="7" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/deployment/metrics.html">7. Metrics</a> </li></ul> <a class="caption d-block text-uppercase no-wrap px-2 py-0" href="/node-feature-discovery/v0.14/usage/"> Usage </a><ul> <li class="toc level-1 " data-sort="1" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/features.html">1. Feature labels</a> </li> <li class="toc level-1 " data-sort="2" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/using-labels.html">2. Using node labels</a> </li> <li class="toc level-1 " data-sort="3" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/nfd-master.html">3. NFD-Master</a> </li> <li class="toc level-1 " data-sort="4" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/nfd-worker.html">4. NFD-Worker</a> </li> <li class="toc level-1 " data-sort="5" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/nfd-topology-updater.html">5. NFD-Topology-Updater</a> </li> <li class="toc level-1 " data-sort="6" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/nfd-gc.html">6. NFD-Garbage-Collector</a> </li> <li class="toc level-1 " data-sort="7" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/custom-resources.html">7. CRDs</a> </li> <li class="toc level-1 current" data-sort="8" data-level="1"> <a class="d-flex flex-items-baseline current" href="/node-feature-discovery/v0.14/usage/customization-guide.html">8. Customization guide</a> </li> <li class="toc level-1 " data-sort="9" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/usage/examples-and-demos.html">9. Examples and demos</a> </li></ul> <a class="caption d-block text-uppercase no-wrap px-2 py-0" href="/node-feature-discovery/v0.14/reference/"> Reference </a><ul> <li class="toc level-1 " data-sort="1" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/master-commandline-reference.html">1. Master cmdline reference</a> </li> <li class="toc level-1 " data-sort="2" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/worker-commandline-reference.html">2. Worker cmdline reference</a> </li> <li class="toc level-1 " data-sort="3" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/master-configuration-reference.html">3. Master config reference</a> </li> <li class="toc level-1 " data-sort="4" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/worker-configuration-reference.html">4. Worker config reference</a> </li> <li class="toc level-1 " data-sort="5" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/topology-updater-commandline-reference.html">5. Topology Updater Cmdline Reference</a> </li> <li class="toc level-1 " data-sort="6" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/topology-updater-configuration-reference.html">6. Topology-Updater config reference</a> </li> <li class="toc level-1 " data-sort="7" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/gc-commandline-reference.html">7. Garbage Collector Cmdline Reference</a> </li> <li class="toc level-1 " data-sort="8" data-level="1"> <a class="d-flex flex-items-baseline " href="/node-feature-discovery/v0.14/reference/versions.html">8. Versions</a> </li></ul> <a class="caption d-block text-uppercase no-wrap px-2 py-0" href="/node-feature-discovery/v0.14/developer-guide/"> Developer guide </a><ul> </ul> <a class="caption d-block text-uppercase no-wrap px-2 py-0" href="/node-feature-discovery/v0.14/contributing/"> Contributing </a><ul> </ul> </div> </div> </div> <div class="content-wrap"> <div class="header d-flex flex-justify-between p-2 hide-lg hide-xl" aria-label="top navigation"> <button id="toggle" aria-label="Toggle menu" class="btn-octicon p-2 m-0 text-white" type="button"> <i class="fa fa-bars"></i> </button> <div class="title flex-1 d-flex flex-justify-center"> <a class="h4 no-underline py-1 px-2 rounded-1" href="/node-feature-discovery/v0.14/">Node Feature Discovery</a> </div> </div> <div class="bg-red-2"> <div class="content p-3 px-sm-5"> This documentation is for a Node Feature Discovery version that is no longer supported. Please upgrade and visit the <a class="no-underline" href="/node-feature-discovery/stable">documentation of the latest stable release</a>. </div> </div> <div class="content p-3 p-sm-5"> <div class="navigation-top d-flex flex-justify-between"> <ul class="breadcrumb" role="navigation" aria-label="breadcrumbs navigation"> <li class="breadcrumb-item"> <a class="no-underline" href="/node-feature-discovery/v0.14/" title="/"> <i class="fa fa-home"></i> </a> </li><li class="breadcrumb-item" ><a href="/node-feature-discovery/v0.14/usage/">usage</a></li><li class="breadcrumb-item" aria-current="page">customization-guide.md</li></ul> <a class="edit" href="https://github.com/kubernetes-sigs/node-feature-discovery/edit/gh-pages/usage/customization-guide.md" title="Edit on GitHub" rel="noreferrer" target="_blank"> <i class="fa fa-edit"></i> </a> </div> <hr> <div role="main" itemscope="itemscope" itemtype="https://schema.org/Article"> <div class="markdown-body" itemprop="articleBody"> <h1 class="no_toc" id="customization-guide">Customization guide</h1> <h2 class="no_toc text-delta" id="table-of-contents">Table of contents</h2> <ol id="markdown-toc"> <li><a href="#overview" id="markdown-toc-overview">Overview</a></li> <li><a href="#nodefeature-custom-resource" id="markdown-toc-nodefeature-custom-resource">NodeFeature custom resource</a> <ol> <li><a href="#a-nodefeature-example" id="markdown-toc-a-nodefeature-example">A NodeFeature example</a></li> <li><a href="#feature-types" id="markdown-toc-feature-types">Feature types</a></li> </ol> </li> <li><a href="#nodefeaturerule-custom-resource" id="markdown-toc-nodefeaturerule-custom-resource">NodeFeatureRule custom resource</a> <ol> <li><a href="#a-nodefeaturerule-example" id="markdown-toc-a-nodefeaturerule-example">A NodeFeatureRule example</a></li> <li><a href="#nodefeaturerule-tainting-feature" id="markdown-toc-nodefeaturerule-tainting-feature">NodeFeatureRule tainting feature</a></li> </ol> </li> <li><a href="#local-feature-source" id="markdown-toc-local-feature-source">Local feature source</a> <ol> <li><a href="#an-example" id="markdown-toc-an-example">An example</a></li> <li><a href="#feature-files" id="markdown-toc-feature-files">Feature files</a></li> <li><a href="#hooks" id="markdown-toc-hooks">Hooks</a></li> <li><a href="#input-format" id="markdown-toc-input-format">Input format</a></li> <li><a href="#mounts" id="markdown-toc-mounts">Mounts</a></li> </ol> </li> <li><a href="#custom-feature-source" id="markdown-toc-custom-feature-source">Custom feature source</a> <ol> <li><a href="#an-example-custom-feature-source-configuration" id="markdown-toc-an-example-custom-feature-source-configuration">An example custom feature source configuration</a></li> <li><a href="#additional-configuration-directory" id="markdown-toc-additional-configuration-directory">Additional configuration directory</a></li> </ol> </li> <li><a href="#node-labels" id="markdown-toc-node-labels">Node labels</a></li> <li><a href="#label-rule-format" id="markdown-toc-label-rule-format">Label rule format</a> <ol> <li><a href="#fields" id="markdown-toc-fields">Fields</a></li> <li><a href="#available-features" id="markdown-toc-available-features">Available features</a></li> <li><a href="#templating" id="markdown-toc-templating">Templating</a></li> <li><a href="#backreferences" id="markdown-toc-backreferences">Backreferences</a></li> <li><a href="#examples" id="markdown-toc-examples">Examples</a></li> </ol> </li> <li><a href="#legacy-custom-rule-syntax" id="markdown-toc-legacy-custom-rule-syntax">Legacy custom rule syntax</a> <ol> <li><a href="#general-nomenclature-and-definitions" id="markdown-toc-general-nomenclature-and-definitions">General nomenclature and definitions</a></li> <li><a href="#custom-features-format-using-the-nomenclature-defined-above" id="markdown-toc-custom-features-format-using-the-nomenclature-defined-above">Custom features format (using the nomenclature defined above)</a></li> <li><a href="#matching-process" id="markdown-toc-matching-process">Matching process</a></li> <li><a href="#rules" id="markdown-toc-rules">Rules</a></li> <li><a href="#legacy-custom-rule-example" id="markdown-toc-legacy-custom-rule-example">Legacy custom rule example</a></li> </ol> </li> </ol> <hr /> <h2 id="overview">Overview</h2> <p>NFD provides multiple extension points for vendor and application specific labeling:</p> <ul> <li><a href="#nodefeature-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeature</code></a> objects can be used to communicate "raw" node features and node labeling requests to nfd-master.</li> <li><a href="#nodefeaturerule-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code></a> objects provide a way to deploy custom labeling rules via the Kubernetes API.</li> <li><a href="#local-feature-source"><code class="language-plaintext highlighter-rouge notranslate">local</code></a> feature source of nfd-worker creates labels by reading text files and executing hooks.</li> <li><a href="#custom-feature-source"><code class="language-plaintext highlighter-rouge notranslate">custom</code></a> feature source of nfd-worker creates labels based on user-specified rules.</li> </ul> <h2 id="nodefeature-custom-resource">NodeFeature custom resource</h2> <p>NodeFeature objects provide a way for 3rd party extensions to advertise custom features, both as "raw" features that serve as input to <a href="#nodefeaturerule-custom-resource">NodeFeatureRule</a> objects and as feature labels directly.</p> <p>Note that RBAC rules must be created for each extension for them to be able to create and manipulate NodeFeature objects in their namespace.</p> <p>The NodeFeature CRD API can be disabled with the <code class="language-plaintext highlighter-rouge notranslate">-enable-nodefeature-api=false</code> command line flag. This flag must be specified for both nfd-master and nfd-worker as it will enable the gRPC communication between them. Note that the gRPC API is <strong>DEPRECATED</strong> and will be removed in a future release, at which point the NodeFeature API cannot be disabled.</p> <h3 id="a-nodefeature-example">A NodeFeature example</h3> <p>Consider the following referential example:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">nfd.k8s-sigs.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">NodeFeature</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="s">nfd.node.kubernetes.io/node-name</span><span class="pi">:</span> <span class="s">node-1</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">vendor-features-for-node-1</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="c1"># Features for NodeFeatureRule matching</span>
<span class="na">features</span><span class="pi">:</span>
<span class="na">flags</span><span class="pi">:</span>
<span class="s">vendor.flags</span><span class="pi">:</span>
<span class="na">elements</span><span class="pi">:</span>
<span class="na">feature-x</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">feature-y</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">attributes</span><span class="pi">:</span>
<span class="s">vendor.config</span><span class="pi">:</span>
<span class="na">elements</span><span class="pi">:</span>
<span class="na">setting-a</span><span class="pi">:</span> <span class="s2">"</span><span class="s">auto"</span>
<span class="na">knob-b</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123"</span>
<span class="na">instances</span><span class="pi">:</span>
<span class="s">vendor.devices</span><span class="pi">:</span>
<span class="na">elements</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">attributes</span><span class="pi">:</span>
<span class="na">model</span><span class="pi">:</span> <span class="s2">"</span><span class="s">dev-1000"</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="s2">"</span><span class="s">acme"</span>
<span class="pi">-</span> <span class="na">attributes</span><span class="pi">:</span>
<span class="na">model</span><span class="pi">:</span> <span class="s2">"</span><span class="s">dev-2000"</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="s2">"</span><span class="s">acme"</span>
<span class="c1"># Labels to be created</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="s">vendor-feature.enabled</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
</code></pre> </div></div> <p>The object targets node named <code class="language-plaintext highlighter-rouge notranslate">node-1</code>. It lists two "flag type" features under the <code class="language-plaintext highlighter-rouge notranslate">vendor.flags</code> domain, two "attribute type" features and under the <code class="language-plaintext highlighter-rouge notranslate">vendor.config</code> domain and two "instance type" features under the <code class="language-plaintext highlighter-rouge notranslate">vendor.devices</code> domain. These features will not be directly affecting the node labels but they will be used as input when the <a href="#nodefeaturerule-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code></a> objects are evaluated.</p> <p>In addition, the example requests directly the <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubenernetes.io/vendor-feature.enabled=true</code> node label to be created.</p> <p>The <code class="language-plaintext highlighter-rouge notranslate">nfd.node.kubernetes.io/node-name=&lt;node-name&gt;</code> must be in place for each NodeFeature object as NFD uses it to determine the node which it is targeting.</p> <h3 id="feature-types">Feature types</h3> <p>Features are divided into three different types:</p> <ul> <li><strong>flag</strong> features: a set of names without any associated values, e.g. CPUID flags or loaded kernel modules</li> <li><strong>attribute</strong> features: a set of names each of which has a single value associated with it (essentially a map of key-value pairs), e.g. kernel config flags or os release information</li> <li><strong>instance</strong> features: a list of instances, each of which has multiple attributes (key-value pairs of their own) associated with it, e.g. PCI or USB devices</li> </ul> <h2 id="nodefeaturerule-custom-resource">NodeFeatureRule custom resource</h2> <p><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code> objects provide an easy way to create vendor or application specific labels and taints. It uses a flexible rule-based mechanism for creating labels and optionally taints based on node features.</p> <h3 id="a-nodefeaturerule-example">A NodeFeatureRule example</h3> <p>Consider the following referential example:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">nfd.k8s-sigs.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">NodeFeatureRule</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">my-sample-rule-object</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">rules</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">sample</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="s2">"</span><span class="s">my-sample-feature"</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">dummy</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.config</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">X86</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">y"</span><span class="pi">]}</span>
</code></pre> </div></div> <p>It specifies one rule which creates node label <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubenernetes.io/my-sample-feature=true</code> if both of the following conditions are true (<code class="language-plaintext highlighter-rouge notranslate">matchFeatures</code> implements a logical AND over the matchers):</p> <ul> <li>The <code class="language-plaintext highlighter-rouge notranslate">dummy</code> network driver module has been loaded</li> <li>X86 option in kernel config is set to <code class="language-plaintext highlighter-rouge notranslate">=y</code></li> </ul> <p>Create a <code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code> with a yaml file:</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.14.6/examples/nodefeaturerule.yaml
</code></pre> </div></div> <p>Now, on X86 platforms the feature label appears after doing <code class="language-plaintext highlighter-rouge notranslate">modprobe dummy</code> on a system and correspondingly the label is removed after <code class="language-plaintext highlighter-rouge notranslate">rmmod dummy</code>. Note a re-labeling delay up to the sleep-interval of nfd-worker (1 minute by default).</p> <p>See <a href="#label-rule-format">Label rule format</a> for detailed description of available fields and how to write labeling rules.</p> <h3 id="nodefeaturerule-tainting-feature">NodeFeatureRule tainting feature</h3> <p>This feature is experimental.</p> <p>In some circumstances, it is desirable to keep nodes with specialized hardware away from running general workload and instead leave them for workloads that need the specialized hardware. One way to achieve it is to taint the nodes with the specialized hardware and add corresponding toleration to pods that require the special hardware. NFD offers node tainting functionality which is disabled by default. User can define one or more custom taints via the <code class="language-plaintext highlighter-rouge notranslate">taints</code> field of the NodeFeatureRule CR. The same rule-based mechanism is applied here and the NFD taints only rule matching nodes.</p> <p>To enable the tainting feature, <code class="language-plaintext highlighter-rouge notranslate">--enable-taints</code> flag needs to be set to <code class="language-plaintext highlighter-rouge notranslate">true</code>. If the flag <code class="language-plaintext highlighter-rouge notranslate">--enable-taints</code> is set to <code class="language-plaintext highlighter-rouge notranslate">false</code> (i.e. disabled), taints defined in the NodeFeatureRule CR have no effect and will be ignored by the NFD master.</p> <blockquote> <p><strong>NOTE:</strong> Before enabling any taints, make sure to edit nfd-worker daemonset to tolerate the taints to be created. Otherwise, already running pods that do not tolerate the taint are evicted immediately from the node including the nfd-worker pod.</p> </blockquote> <p>Example NodeFeatureRule with custom taints:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">nfd.k8s-sigs.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">NodeFeatureRule</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">my-sample-rule-object</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">rules</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">sample</span><span class="nv"> </span><span class="s">taint</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">taints</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">effect</span><span class="pi">:</span> <span class="s">PreferNoSchedule</span>
<span class="na">key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">feature.node.kubernetes.io/special-node"</span>
<span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="pi">-</span> <span class="na">effect</span><span class="pi">:</span> <span class="s">NoExecute</span>
<span class="na">key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">feature.node.kubernetes.io/dedicated-node"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">dummy</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.config</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">X86</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">y"</span><span class="pi">]}</span>
</code></pre> </div></div> <p>In this example, if the <code class="language-plaintext highlighter-rouge notranslate">my sample taint rule</code> rule is matched, <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/pci-0300_1d0f.present=true:NoExecute</code> and <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/cpu-cpuid.ADX:NoExecute</code> taints are set on the node.</p> <p>There are some limitations to the namespace part (i.e. prefix/) of the taint key:</p> <ul> <li><code class="language-plaintext highlighter-rouge notranslate">kubernetes.io/</code> and its sub-namespaces (like <code class="language-plaintext highlighter-rouge notranslate">sub.ns.kubernetes.io/</code>) cannot generally be used</li> <li>the only exception is <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/</code> and its sub-namespaces (like <code class="language-plaintext highlighter-rouge notranslate">sub.ns.feature.node.kubernetes.io</code>)</li> <li>unprefixed keys (like <code class="language-plaintext highlighter-rouge notranslate">foo</code>) keys are disallowed</li> </ul> <h2 id="local-feature-source">Local feature source</h2> <p>NFD-Worker has a special feature source named <code class="language-plaintext highlighter-rouge notranslate">local</code> which is an integration point for external feature detectors. It provides a mechanism for pluggable extensions, allowing the creation of new user-specific features and even overriding built-in labels.</p> <p>The <code class="language-plaintext highlighter-rouge notranslate">local</code> feature source has two methods for detecting features, feature files and hooks (deprecated). The features discovered by the <code class="language-plaintext highlighter-rouge notranslate">local</code> source can further be used in label rules specified in <a href="#nodefeaturerule-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code></a> objects and the <a href="#custom-feature-source"><code class="language-plaintext highlighter-rouge notranslate">custom</code></a> feature source.</p> <blockquote> <p><strong>NOTE:</strong> Be careful when creating and/or updating hook or feature files while NFD is running. In order to avoid race conditions you should write into a temporary file (outside the <code class="language-plaintext highlighter-rouge notranslate">source.d</code> and <code class="language-plaintext highlighter-rouge notranslate">features.d</code> directories), and, atomically create/update the original file by doing a filesystem move operation.</p> </blockquote> <h3 id="an-example">An example</h3> <p>Consider a plaintext file <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/features.d/my-features</code> having the following contents (or alternatively a shell script <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/source.d/my-hook.sh</code> having the following stdout output):</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>my-feature.1
my-feature.2=myvalue
my.namespace/my-feature.3=456
</code></pre> </div></div> <p>This will translate into the following node labels:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="s">feature.node.kubernetes.io/my-feature.1</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="s">feature.node.kubernetes.io/my-feature.2</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myvalue"</span>
<span class="s">my.namespace/my-feature.3</span><span class="pi">:</span> <span class="s2">"</span><span class="s">456"</span>
</code></pre> </div></div> <h3 id="feature-files">Feature files</h3> <p>The <code class="language-plaintext highlighter-rouge notranslate">local</code> source reads files found in <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/features.d/</code>. File content is parsed and translated into node labels, see the <a href="#input-format">input format below</a>.</p> <h3 id="hooks">Hooks</h3> <p><strong>DEPRECATED</strong> The <code class="language-plaintext highlighter-rouge notranslate">local</code> source executes hooks found in <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/source.d/</code>. The hook files must be executable and they are supposed to print all discovered features in <code class="language-plaintext highlighter-rouge notranslate">stdout</code>. Since NFD v0.13 the default container image only supports statically linked ELF binaries.</p> <p><code class="language-plaintext highlighter-rouge notranslate">stderr</code> output of hooks is propagated to NFD log so it can be used for debugging and logging.</p> <p>NFD tries to execute any regular files found from the hooks directory. Any additional data files the hook might need (e.g. a configuration file) should be placed in a separate directory in order to avoid NFD unnecessarily trying to execute them. A subdirectory under the hooks directory can be used, for example <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/source.d/conf/</code>.</p> <blockquote> <p><strong>NOTE:</strong> Hooks are being DEPRECATED and will be removed in a future release. Starting from release v0.14 hooks are disabled by default and can be enabled via <code class="language-plaintext highlighter-rouge notranslate">sources.local.hooksEnabled</code> field in the worker configuration.</p> </blockquote> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">sources</span><span class="pi">:</span>
<span class="na">local</span><span class="pi">:</span>
<span class="na">hooksEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="c1"># true by default at this point</span>
</code></pre> </div></div> <blockquote> <p><strong>NOTE:</strong> NFD will blindly run any executables placed/mounted in the hooks directory. It is the user's responsibility to review the hooks for e.g. possible security implications.</p> <p><strong>NOTE:</strong> The <a href="/node-feature-discovery/v0.14/deployment/image-variants.html#full">full</a> image variant provides backwards-compatibility with older NFD versions by including a more expanded environment, supporting bash and perl runtimes.</p> </blockquote> <h3 id="input-format">Input format</h3> <p>The hook stdout and feature files are expected to contain features in simple key-value pairs, separated by newlines:</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code># This is a comment
&lt;name&gt;[=&lt;value&gt;]
</code></pre> </div></div> <p>The label value defaults to <code class="language-plaintext highlighter-rouge notranslate">true</code>, if not specified.</p> <p>Label namespace may be specified with <code class="language-plaintext highlighter-rouge notranslate">&lt;namespace&gt;/&lt;name&gt;[=&lt;value&gt;]</code>.</p> <blockquote> <p><strong>NOTE:</strong> The feature file size limit it 64kB. The feature file will be ignored if the size limit is exceeded.</p> </blockquote> <p>Comment lines (starting with <code class="language-plaintext highlighter-rouge notranslate">#</code>) are ignored.</p> <p>Adding following line anywhere to feature file defines date when its content expires / is ignored:</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code># +expiry-time=2023-07-29T11:22:33Z
</code></pre> </div></div> <p>Also, the expiry-time value would stay the same during the processing of the feature file until another expiry-time directive is encountered. Considering the following file:</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code># +expiry-time=2012-07-28T11:22:33Z
featureKey=featureValue
# +expiry-time=2080-07-28T11:22:33Z
featureKey2=featureValue2
# +expiry-time=2070-07-28T11:22:33Z
featureKey3=featureValue3
# +expiry-time=2002-07-28T11:22:33Z
featureKey4=featureValue4
</code></pre> </div></div> <p>After processing the above file, only <code class="language-plaintext highlighter-rouge notranslate">featureKey2</code> and <code class="language-plaintext highlighter-rouge notranslate">featureKey3</code> would be included in the list of accepted features.</p> <blockquote> <p><strong>NOTE:</strong> The time format that we are supporting is RFC3339. Also, the <code class="language-plaintext highlighter-rouge notranslate">expiry-time</code> tag is only evaluated in each re-discovery period, and the expiration of node labels is not tracked.</p> </blockquote> <h3 id="mounts">Mounts</h3> <p>The standard NFD deployments contain <code class="language-plaintext highlighter-rouge notranslate">hostPath</code> mounts for <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/source.d/</code> and <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/features.d/</code>, making these directories from the host available inside the nfd-worker container.</p> <h4 id="injecting-labels-from-other-pods">Injecting labels from other pods</h4> <p>One use case for the feature files and hooks is detecting features in other Pods outside NFD, e.g. in Kubernetes device plugins. By using the same <code class="language-plaintext highlighter-rouge notranslate">hostPath</code> mounts for <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/source.d/</code> and <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/features.d/</code> in the side-car (e.g. device plugin) creates a shared area for deploying feature files and hooks to NFD. NFD periodically scans the directories and reads any feature files and runs any hooks it finds.</p> <h2 id="custom-feature-source">Custom feature source</h2> <p>The <code class="language-plaintext highlighter-rouge notranslate">custom</code> feature source in nfd-worker provides a rule-based mechanism for label creation, similar to the <a href="#nodefeaturerule-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code></a> objects. The difference is that the rules are specified in the worker configuration instead of a Kubernetes API object.</p> <p>See <a href="/node-feature-discovery/v0.14/usage/nfd-worker.html#worker-configuration">worker configuration</a> for instructions how to set-up and manage the worker configuration.</p> <h3 id="an-example-custom-feature-source-configuration">An example custom feature source configuration</h3> <p>Consider the following referential configuration for nfd-worker:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">core</span><span class="pi">:</span>
<span class="na">labelSources</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">custom"</span><span class="pi">]</span>
<span class="na">sources</span><span class="pi">:</span>
<span class="na">custom</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">sample</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="s2">"</span><span class="s">my-sample-feature"</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">dummy</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.config</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">X86</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">y"</span><span class="pi">]}</span>
</code></pre> </div></div> <p>It specifies one rule which creates node label <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubenernetes.io/my-sample-feature=true</code> if both of the following conditions are true (<code class="language-plaintext highlighter-rouge notranslate">matchFeatures</code> implements a logical AND over the matchers):</p> <ul> <li>The <code class="language-plaintext highlighter-rouge notranslate">dummy</code> network driver module has been loaded</li> <li>X86 option in kernel config is set to <code class="language-plaintext highlighter-rouge notranslate">=y</code></li> </ul> <p>In addition, the configuration only enables the <code class="language-plaintext highlighter-rouge notranslate">custom</code> source, disabling all built-in labels.</p> <p>Now, on X86 platforms the feature label appears after doing <code class="language-plaintext highlighter-rouge notranslate">modprobe dummy</code> on a system and correspondingly the label is removed after <code class="language-plaintext highlighter-rouge notranslate">rmmod dummy</code>. Note a re-labeling delay up to the sleep-interval of nfd-worker (1 minute by default).</p> <h3 id="additional-configuration-directory">Additional configuration directory</h3> <p>In addition to the rules defined in the nfd-worker configuration file, the <code class="language-plaintext highlighter-rouge notranslate">custom</code> feature source can read more configuration files located in the <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/custom.d/</code> directory. This makes more dynamic and flexible configuration easier.</p> <p>As an example, consider having file <code class="language-plaintext highlighter-rouge notranslate">/etc/kubernetes/node-feature-discovery/custom.d/my-rule.yaml</code> with the following content:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">e1000</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="s2">"</span><span class="s">e1000.present"</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">e1000</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
</code></pre> </div></div> <p>This simple rule will create <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubenernetes.io/e1000.present=true</code> label if the <code class="language-plaintext highlighter-rouge notranslate">e1000</code> kernel module has been loaded.</p> <p>The <a href="https://github.com/kubernetes-sigs/node-feature-discovery/blob/v0.14.6/deployment/overlays/samples/custom-rules"><code class="language-plaintext highlighter-rouge notranslate">samples/custom-rules</code></a> kustomize overlay sample contains an example for deploying a custom rule from a ConfigMap.</p> <h2 id="node-labels">Node labels</h2> <p>Feature labels have the following format:</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>&lt;namespace&gt;/&lt;name&gt; = &lt;value&gt;
</code></pre> </div></div> <p>The namespace part (i.e. prefix) of the labels is controlled by nfd:</p> <ul> <li>All built-in labels use <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io</code>. This is also the default for user defined features that don't specify any namespace.</li> <li>Namespaces may be excluded with the <a href="/node-feature-discovery/v0.14/reference/master-commandline-reference.html#-deny-label-ns"><code class="language-plaintext highlighter-rouge notranslate">-deny-label-ns</code></a> command line flag of nfd-master <ul> <li>To allow specific namespaces that were denied, you can use <a href="/node-feature-discovery/v0.14/reference/master-commandline-reference.html#-extra-label-ns"><code class="language-plaintext highlighter-rouge notranslate">-extra-label-ns</code></a> command line flag of nfd-master. e.g: <code class="language-plaintext highlighter-rouge notranslate">nfd-master -deny-label-ns="*" -extra-label-ns=example.com</code></li> </ul> </li> </ul> <h2 id="label-rule-format">Label rule format</h2> <p>This section describes the rule format used in <a href="#nodefeaturerule-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code></a> objects and in the configuration of the <a href="#custom-feature-source"><code class="language-plaintext highlighter-rouge notranslate">custom</code></a> feature source.</p> <p>It is based on a generic feature matcher that covers all features discovered by nfd-worker. The rules rely on a unified data model of the available features and a generic expression-based format. Features that can be used in the rules are described in detail in <a href="#available-features">available features</a> below.</p> <p>Take this rule as a referential example:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">feature</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="s2">"</span><span class="s">my-special-feature"</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my-value"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">cpu.cpuid</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">AVX512F</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.version</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">major</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">5"</span><span class="pi">]}</span>
<span class="na">minor</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Gt</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">1"</span><span class="pi">]}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">pci.device</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8086"</span><span class="pi">]}</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0200"</span><span class="pi">]}</span>
</code></pre> </div></div> <p>This will yield <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubenernetes.io/my-special-feature=my-value</code> node label if all of these are true (<code class="language-plaintext highlighter-rouge notranslate">matchFeatures</code> implements a logical AND over the matchers):</p> <ul> <li>the CPU has AVX512F capability</li> <li>kernel version is 5.2 or later (must be v5.x)</li> <li>an Intel network controller is present</li> </ul> <h3 id="fields">Fields</h3> <h4 id="name">Name</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.name</code> field is required and used as an identifier of the rule.</p> <h4 id="labels">Labels</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.labels</code> is a map of the node labels to create if the rule matches.</p> <p>Take this rule as a referential example:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">nfd.k8s-sigs.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">NodeFeatureRule</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">my-sample-rule-object</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">rules</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">dynamic</span><span class="nv"> </span><span class="s">label</span><span class="nv"> </span><span class="s">value</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">linux-lsm-enabled</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@kernel.config.LSM"</span>
<span class="na">custom-label</span><span class="pi">:</span> <span class="s2">"</span><span class="s">customlabel"</span>
</code></pre> </div></div> <p>Label <code class="language-plaintext highlighter-rouge notranslate">linux-lsm-enabled</code> uses the <code class="language-plaintext highlighter-rouge notranslate">@</code> notation for dynamic values. The value of the label will be the value of the attribute <code class="language-plaintext highlighter-rouge notranslate">LSM</code> of the feature <code class="language-plaintext highlighter-rouge notranslate">kernel.config</code>.</p> <p>The <code class="language-plaintext highlighter-rouge notranslate">@&lt;feature-name&gt;.&lt;element-name&gt;</code> format can be used to inject values of detected features to the label. See <a href="#available-features">available features</a> for possible values to use.</p> <p>This will yield into the following node label:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">labels</span><span class="pi">:</span>
<span class="s">...</span>
<span class="s">feature.node.kubernetes.io/linux-lsm-enabled</span><span class="pi">:</span> <span class="s">apparmor</span>
<span class="s">feature.node.kubernetes.io/custom-label</span><span class="pi">:</span> <span class="s2">"</span><span class="s">customlabel"</span>
</code></pre> </div></div> <h4 id="labels-template">Labels template</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.labelsTemplate</code> field specifies a text template for dynamically creating labels based on the matched features. See <a href="#templating">templating</a> for details.</p> <blockquote> <p><strong>NOTE:</strong> The <code class="language-plaintext highlighter-rouge notranslate">labels</code> field has priority over <code class="language-plaintext highlighter-rouge notranslate">labelsTemplate</code>, i.e. labels specified in the <code class="language-plaintext highlighter-rouge notranslate">labels</code> field will override anything originating from <code class="language-plaintext highlighter-rouge notranslate">labelsTemplate</code>.</p> </blockquote> <h4 id="taints">Taints</h4> <p><em>taints</em> is a list of taint entries and each entry can have <code class="language-plaintext highlighter-rouge notranslate">key</code>, <code class="language-plaintext highlighter-rouge notranslate">value</code> and <code class="language-plaintext highlighter-rouge notranslate">effect</code>, where the <code class="language-plaintext highlighter-rouge notranslate">value</code> is optional. Effect could be <code class="language-plaintext highlighter-rouge notranslate">NoSchedule</code>, <code class="language-plaintext highlighter-rouge notranslate">PreferNoSchedule</code> or <code class="language-plaintext highlighter-rouge notranslate">NoExecute</code>. To learn more about the meaning of these effects, check out k8s <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/">documentation</a>.</p> <blockquote> <p><strong>NOTE:</strong> taints field is not available for the custom rules of nfd-worker and only for NodeFeatureRule objects.</p> </blockquote> <h4 id="vars">Vars</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.vars</code> field is a map of values (key-value pairs) to store for subsequent rules to use. In other words, these are variables that are not advertised as node labels. See <a href="#backreferences">backreferences</a> for more details on the usage of vars.</p> <h4 id="extended-resources">Extended resources</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.extendedResources</code> field is a list of extended resources to advertise. See <a href="#extended-resources">extended resources</a> for more details.</p> <p>Take this rule as a referential example:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">nfd.k8s-sigs.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">NodeFeatureRule</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">my-extended-resource-rule</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">rules</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">extended</span><span class="nv"> </span><span class="s">resource</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">extendedResources</span><span class="pi">:</span>
<span class="s">vendor.io/dynamic</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@kernel.version.major"</span>
<span class="s">vendor.io/static</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.version</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">major</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
</code></pre> </div></div> <p>The extended resource <code class="language-plaintext highlighter-rouge notranslate">vendor.io/dynamic</code> is defined in the form <code class="language-plaintext highlighter-rouge notranslate">@feature.attribute</code>. The value of the extended resource will be the value of the attribute <code class="language-plaintext highlighter-rouge notranslate">major</code> of the feature <code class="language-plaintext highlighter-rouge notranslate">kernel.version</code>.</p> <p>The <code class="language-plaintext highlighter-rouge notranslate">@&lt;feature-name&gt;.&lt;element-name&gt;</code> format can be used to inject values of detected features to the extended resource. See <a href="#available-features">available features</a> for possible values to use. Note that the value must be eligible as a Kubernetes resource quantity.</p> <p>This will yield into the following node status:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">allocatable</span><span class="pi">:</span>
<span class="s">...</span>
<span class="s">vendor.io/dynamic</span><span class="pi">:</span> <span class="s2">"</span><span class="s">5"</span>
<span class="s">vendor.io/static</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123"</span>
<span class="s">...</span>
<span class="na">capacity</span><span class="pi">:</span>
<span class="s">...</span>
<span class="s">vendor.io/dynamic</span><span class="pi">:</span> <span class="s2">"</span><span class="s">5"</span>
<span class="s">vendor.io/static</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123"</span>
<span class="s">...</span>
</code></pre> </div></div> <p>There are some limitations to the namespace part (i.e. prefix)/ of the Extended Resources names:</p> <ul> <li><code class="language-plaintext highlighter-rouge notranslate">kubernetes.io/</code> and its sub-namespaces (like <code class="language-plaintext highlighter-rouge notranslate">sub.ns.kubernetes.io/</code>) cannot generally be used</li> <li>the only exception is <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/</code> and its sub-namespaces (like <code class="language-plaintext highlighter-rouge notranslate">sub.ns.feature.node.kubernetes.io</code>)</li> <li>unprefixed names will get prefixed with <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/</code> automatically (e.g. <code class="language-plaintext highlighter-rouge notranslate">foo</code> becomes <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/foo</code>)</li> </ul> <h4 id="vars-template">Vars template</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.varsTemplate</code> field specifies a text template for dynamically creating vars based on the matched features. See <a href="#templating">templating</a> for details on using templates and <a href="#backreferences">backreferences</a> for more details on the usage of vars.</p> <blockquote> <p><strong>NOTE:</strong> The <code class="language-plaintext highlighter-rouge notranslate">vars</code> field has priority over <code class="language-plaintext highlighter-rouge notranslate">varsTemplate</code>, i.e. vars specified in the <code class="language-plaintext highlighter-rouge notranslate">vars</code> field will override anything originating from <code class="language-plaintext highlighter-rouge notranslate">varsTemplate</code>.</p> </blockquote> <h4 id="matchfeatures">MatchFeatures</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.matchFeatures</code> field specifies a feature matcher, consisting of a list of feature matcher terms. It implements a logical AND over the terms i.e. all of them must match in order for the rule to trigger.</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">&lt;feature-name&gt;</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="s">&lt;key&gt;</span><span class="pi">:</span>
<span class="na">op</span><span class="pi">:</span> <span class="s">&lt;op&gt;</span>
<span class="na">value</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">&lt;value-1&gt;</span>
<span class="pi">-</span> <span class="s">...</span>
</code></pre> </div></div> <p>The <code class="language-plaintext highlighter-rouge notranslate">.matchFeatures[].feature</code> field specifies the feature against which to match.</p> <p>The <code class="language-plaintext highlighter-rouge notranslate">.matchFeatures[].matchExpressions</code> field specifies a map of expressions which to evaluate against the elements of the feature.</p> <p>In each MatchExpression <code class="language-plaintext highlighter-rouge notranslate">op</code> specifies the operator to apply. Valid values are described below.</p> <table> <thead> <tr> <th>Operator</th> <th>Number of values</th> <th>Matches when</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">In</code></td> <td>1 or greater</td> <td>Input is equal to one of the values</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">NotIn</code></td> <td>1 or greater</td> <td>Input is not equal to any of the values</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">InRegexp</code></td> <td>1 or greater</td> <td>Values of the MatchExpression are treated as regexps and input matches one or more of them</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">Exists</code></td> <td>0</td> <td>The key exists</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">DoesNotExist</code></td> <td>0</td> <td>The key does not exists</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">Gt</code></td> <td>1</td> <td>Input is greater than the value. Both the input and value must be integer numbers.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">Lt</code></td> <td>1</td> <td>Input is less than the value. Both the input and value must be integer numbers.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">GtLt</code></td> <td>2</td> <td>Input is between two values. Both the input and value must be integer numbers.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">IsTrue</code></td> <td>0</td> <td>Input is equal to "true"</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge notranslate">IsFalse</code></td> <td>0</td> <td>Input is equal "false"</td> </tr> </tbody> </table> <p>The <code class="language-plaintext highlighter-rouge notranslate">value</code> field of MatchExpression is a list of string arguments to the operator.</p> <p>The behavior of MatchExpression depends on the <a href="#feature-types">feature type</a>: for <em>flag</em> and <em>attribute</em> features the MatchExpression operates on the feature element whose name matches the <code class="language-plaintext highlighter-rouge notranslate">&lt;key&gt;</code>. However, for <em>instance</em> features all MatchExpressions are evaluated against the attributes of each instance separately.</p> <h4 id="matchany">MatchAny</h4> <p>The <code class="language-plaintext highlighter-rouge notranslate">.matchAny</code> field is a list of of <a href="#matchfeatures"><code class="language-plaintext highlighter-rouge notranslate">matchFeatures</code></a> matchers. A logical OR is applied over the matchers, i.e. at least one of them must match in order for the rule to trigger.</p> <p>Consider the following example:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">matchAny</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">kmod-1</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">pci.device</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0eee"</span><span class="pi">]}</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0200"</span><span class="pi">]}</span>
<span class="pi">-</span> <span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">kmod-2</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">pci.device</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0fff"</span><span class="pi">]}</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0200"</span><span class="pi">]}</span>
</code></pre> </div></div> <p>This matches if kernel module kmod-1 is loaded and a network controller from vendor 0eee is present, OR, if kernel module kmod-2 has been loaded and a network controller from vendor 0fff is present (OR both of these conditions are true).</p> <h3 id="available-features">Available features</h3> <p>The following features are available for matching:</p> <table> <thead> <tr> <th>Feature</th> <th><a href="#feature-types">Feature type</a></th> <th>Elements</th> <th>Value type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.cpuid</code></strong></td> <td>flag</td> <td> </td> <td> </td> <td>Supported CPU capabilities</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;cpuid-flag&gt;</code></strong></td> <td> </td> <td>CPUID flag is present</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.cstate</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Status of cstates in the intel_idle cpuidle driver</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">enabled</code></strong></td> <td>bool</td> <td>true' if cstates are set, otherwise false'. Does not exist of intel_idle driver is not active.</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.model</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>CPU model related attributes</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">family</code></strong></td> <td>int</td> <td>CPU family</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">vendor_id</code></strong></td> <td>string</td> <td>CPU vendor ID</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">id</code></strong></td> <td>int</td> <td>CPU model ID</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.pstate</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>State of the Intel pstate driver. Does not exist if the driver is not enabled.</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">status</code></strong></td> <td>string</td> <td>Status of the driver, possible values are active' and passive'</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">turbo</code></strong></td> <td>bool</td> <td>true' if turbo frequencies are enabled, otherwise false'</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">scaling</code></strong></td> <td>string</td> <td>Active scaling_governor, possible values are powersave' or performance'.</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.rdt</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Intel RDT capabilities supported by the system</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;rdt-flag&gt;</code></strong></td> <td> </td> <td>RDT capability is supported, see <a href="#intel-rdt-flags">RDT flags</a> for details</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">RDTL3CA_NUM_CLOSID</code></strong></td> <td>int</td> <td>The number or available CLOSID (Class of service ID) for Intel L3 Cache Allocation Technology</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.security</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Features related to security and trusted execution environments</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sgx.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if Intel SGX (Software Guard Extensions) has been enabled, otherwise does not exist</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sgx.epc</code></strong></td> <td>int</td> <td>The total amount Intel SGX Encrypted Page Cache memory in bytes. It's only present if <code class="language-plaintext highlighter-rouge notranslate">sgx.enabled</code> is <code class="language-plaintext highlighter-rouge notranslate">true</code>.</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">se.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if IBM Secure Execution for Linux is available and has been enabled, otherwise does not exist</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">tdx.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if Intel TDX (Trusted Domain Extensions) is available on the host and has been enabled, otherwise does not exist</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">tdx.total_keys</code></strong></td> <td>int</td> <td>The total amount of keys an Intel TDX (Trusted Domain Extensions) host can provide. It's only present if <code class="language-plaintext highlighter-rouge notranslate">tdx.enabled</code> is <code class="language-plaintext highlighter-rouge notranslate">true</code>.</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">tdx.protected</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if a guest VM was started using Intel TDX (Trusted Domain Extensions), otherwise does not exist.</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sev.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sev.es.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sev.snp.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sev.asids</code></strong></td> <td>int</td> <td>The total amount of AMD SEV address-space identifiers (ASIDs), based on the <code class="language-plaintext highlighter-rouge notranslate">/sys/fs/cgroup/misc.capacity</code> information.</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">sev.encrypted_state_ids</code></strong></td> <td>int</td> <td>The total amount of AMD SEV-ES and SEV-SNP supported, based on the <code class="language-plaintext highlighter-rouge notranslate">/sys/fs/cgroup/misc.capacity</code> information.</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.sgx</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td><strong>DEPRECATED</strong>: replaced by <strong><code class="language-plaintext highlighter-rouge notranslate">cpu.security</code></strong> feature</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">enabled</code></strong></td> <td>bool</td> <td><strong>DEPRECATED</strong>: use <strong><code class="language-plaintext highlighter-rouge notranslate">sgx.enabled</code></strong> from <strong><code class="language-plaintext highlighter-rouge notranslate">cpu.security</code></strong> instead</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.sst</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Intel SST (Speed Select Technology) capabilities</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">bf.enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if Intel SST-BF (Intel Speed Select Technology - Base frequency) has been enabled, otherwise does not exist</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.se</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td><strong>DEPRECATED</strong>: replaced by <strong><code class="language-plaintext highlighter-rouge notranslate">cpu.security</code></strong> feature</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">enabled</code></strong></td> <td>bool</td> <td><strong>DEPRECATED</strong>: use <strong><code class="language-plaintext highlighter-rouge notranslate">se.enabled</code></strong> from <strong><code class="language-plaintext highlighter-rouge notranslate">cpu.security</code></strong> instead</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.topology</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>CPU topology related features</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">hardware_multithreading</code></strong></td> <td>bool</td> <td>Hardware multithreading, such as Intel HTT, is enabled</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">cpu.coprocessor</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>CPU Coprocessor related features</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">nx_gzip</code></strong></td> <td>bool</td> <td>Nest Accelerator GZIP support is enabled</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">kernel.config</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Kernel configuration options</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;config-flag&gt;</code></strong></td> <td>string</td> <td>Value of the kconfig option</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">kernel.loadedmodule</code></strong></td> <td>flag</td> <td> </td> <td> </td> <td>Kernel modules loaded on the node as reported by <code class="language-plaintext highlighter-rouge notranslate">/proc/modules</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">kernel.enabledmodule</code></strong></td> <td>flag</td> <td> </td> <td> </td> <td>Kernel modules loaded on the node and available as built-ins as reported by <code class="language-plaintext highlighter-rouge notranslate">modules.builtin</code></td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">mod-name</code></strong></td> <td> </td> <td>Kernel module <code class="language-plaintext highlighter-rouge notranslate">&lt;mod-name&gt;</code> is loaded</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">kernel.selinux</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Kernel SELinux related features</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">enabled</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if SELinux has been enabled and is in enforcing mode, otherwise <code class="language-plaintext highlighter-rouge notranslate">false</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">kernel.version</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Kernel version information</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">full</code></strong></td> <td>string</td> <td>Full kernel version (e.g. 4.5.6-7-g123abcde')</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">major</code></strong></td> <td>int</td> <td>First component of the kernel version (e.g. 4')</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">minor</code></strong></td> <td>int</td> <td>Second component of the kernel version (e.g. 5')</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">revision</code></strong></td> <td>int</td> <td>Third component of the kernel version (e.g. 6')</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">local.label</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Features feature files and hooks, i.e. labels from the <a href="#local-feature-source"><em>local</em> feature source</a></td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;label-name&gt;</code></strong></td> <td>string</td> <td>Label <code class="language-plaintext highlighter-rouge notranslate">&lt;label-name&gt;</code> created by the local feature source, value equals the value of the label</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">memory.nv</code></strong></td> <td>instance</td> <td> </td> <td> </td> <td>NVDIMM devices present in the system</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;sysfs-attribute&gt;</code></strong></td> <td>string</td> <td>Value of the sysfs device attribute, available attributes: <code class="language-plaintext highlighter-rouge notranslate">devtype</code>, <code class="language-plaintext highlighter-rouge notranslate">mode</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">memory.numa</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>NUMA nodes</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">is_numa</code></strong></td> <td>bool</td> <td><code class="language-plaintext highlighter-rouge notranslate">true</code> if NUMA architecture, <code class="language-plaintext highlighter-rouge notranslate">false</code> otherwise</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">node_count</code></strong></td> <td>int</td> <td>Number of NUMA nodes</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">network.device</code></strong></td> <td>instance</td> <td> </td> <td> </td> <td>Physical (non-virtual) network interfaces present in the system</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">name</code></strong></td> <td>string</td> <td>Name of the network interface</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;sysfs-attribute&gt;</code></strong></td> <td>string</td> <td>Sysfs network interface attribute, available attributes: <code class="language-plaintext highlighter-rouge notranslate">operstate</code>, <code class="language-plaintext highlighter-rouge notranslate">speed</code>, <code class="language-plaintext highlighter-rouge notranslate">sriov_numvfs</code>, <code class="language-plaintext highlighter-rouge notranslate">sriov_totalvfs</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">pci.device</code></strong></td> <td>instance</td> <td> </td> <td> </td> <td>PCI devices present in the system</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;sysfs-attribute&gt;</code></strong></td> <td>string</td> <td>Value of the sysfs device attribute, available attributes: <code class="language-plaintext highlighter-rouge notranslate">class</code>, <code class="language-plaintext highlighter-rouge notranslate">vendor</code>, <code class="language-plaintext highlighter-rouge notranslate">device</code>, <code class="language-plaintext highlighter-rouge notranslate">subsystem_vendor</code>, <code class="language-plaintext highlighter-rouge notranslate">subsystem_device</code>, <code class="language-plaintext highlighter-rouge notranslate">sriov_totalvfs</code>, <code class="language-plaintext highlighter-rouge notranslate">iommu_group/type</code>, <code class="language-plaintext highlighter-rouge notranslate">iommu/intel-iommu/version</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">storage.block</code></strong></td> <td>instance</td> <td> </td> <td> </td> <td>Block storage devices present in the system</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">name</code></strong></td> <td>string</td> <td>Name of the block device</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;sysfs-attribute&gt;</code></strong></td> <td>string</td> <td>Sysfs network interface attribute, available attributes: <code class="language-plaintext highlighter-rouge notranslate">dax</code>, <code class="language-plaintext highlighter-rouge notranslate">rotational</code>, <code class="language-plaintext highlighter-rouge notranslate">nr_zones</code>, <code class="language-plaintext highlighter-rouge notranslate">zoned</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">system.osrelease</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>System identification data from <code class="language-plaintext highlighter-rouge notranslate">/etc/os-release</code></td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;parameter&gt;</code></strong></td> <td>string</td> <td>One parameter from <code class="language-plaintext highlighter-rouge notranslate">/etc/os-release</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">system.name</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>System name information</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">nodename</code></strong></td> <td>string</td> <td>Name of the kubernetes node object</td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">usb.device</code></strong></td> <td>instance</td> <td> </td> <td> </td> <td>USB devices present in the system</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;sysfs-attribute&gt;</code></strong></td> <td>string</td> <td>Value of the sysfs device attribute, available attributes: <code class="language-plaintext highlighter-rouge notranslate">class</code>, <code class="language-plaintext highlighter-rouge notranslate">vendor</code>, <code class="language-plaintext highlighter-rouge notranslate">device</code>, <code class="language-plaintext highlighter-rouge notranslate">serial</code></td> </tr> <tr> <td><strong><code class="language-plaintext highlighter-rouge notranslate">rule.matched</code></strong></td> <td>attribute</td> <td> </td> <td> </td> <td>Previously matched rules</td> </tr> <tr> <td> </td> <td> </td> <td><strong><code class="language-plaintext highlighter-rouge notranslate">&lt;label-or-var&gt;</code></strong></td> <td>string</td> <td>Label or var from a preceding rule that matched</td> </tr> </tbody> </table> <h4 id="intel-rdt-flags">Intel RDT flags</h4> <table> <thead> <tr> <th>Flag</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>RDTMON</td> <td>Intel RDT Monitoring Technology</td> </tr> <tr> <td>RDTCMT</td> <td>Intel Cache Monitoring (CMT)</td> </tr> <tr> <td>RDTMBM</td> <td>Intel Memory Bandwidth Monitoring (MBM)</td> </tr> <tr> <td>RDTL3CA</td> <td>Intel L3 Cache Allocation Technology</td> </tr> <tr> <td>RDTl2CA</td> <td>Intel L2 Cache Allocation Technology</td> </tr> <tr> <td>RDTMBA</td> <td>Intel Memory Bandwidth Allocation (MBA) Technology</td> </tr> </tbody> </table> <h3 id="templating">Templating</h3> <p>Rules support template-based creation of labels and vars with the <code class="language-plaintext highlighter-rouge notranslate">.labelsTemplate</code> and <code class="language-plaintext highlighter-rouge notranslate">.varsTemplate</code> fields. These makes it possible to dynamically generate labels and vars based on the features that matched.</p> <p>The template must expand into a simple format with <code class="language-plaintext highlighter-rouge notranslate">&lt;key&gt;=&lt;value&gt;</code> pairs separated by newline.</p> <p>Consider the following example: <!-- --></p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">labelsTemplate</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">{{ range .pci.device }}vendor-{{ .class }}-{{ .device }}.present=true</span>
<span class="s">{{ end }}</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">pci.device</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">InRegexp</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">^02"</span><span class="pi">]}</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0fff"</span><span class="pi">]</span>
</code></pre> </div></div> <!-- --> <p>The rule above will create individual labels <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/vendor-&lt;class-id&gt;-&lt;device-id&gt;.present=true</code> for each network controller device (device class starting with 02) from vendor 0ffff.</p> <p>All the matched features of each feature matcher term under <code class="language-plaintext highlighter-rouge notranslate">matchFeatures</code> fields are available for the template engine. Matched features can be referenced with <code class="language-plaintext highlighter-rouge notranslate">{{ .&lt;feature-name&gt; }}</code> in the template, and the available data could be described in yaml as follows:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="s">.</span>
<span class="s">&lt;key-feature&gt;</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">&lt;matched-key&gt;</span>
<span class="pi">-</span> <span class="s">...</span>
<span class="s">&lt;value-feature&gt;</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">&lt;matched-key&gt;</span>
<span class="na">Value</span><span class="pi">:</span> <span class="s">&lt;matched-value&gt;</span>
<span class="pi">-</span> <span class="s">...</span>
<span class="s">&lt;instance-feature&gt;</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">&lt;attribute-1-name&gt;</span><span class="pi">:</span> <span class="s">&lt;attribute-1-value&gt;</span>
<span class="s">&lt;attribute-2-name&gt;</span><span class="pi">:</span> <span class="s">&lt;attribute-2-value&gt;</span>
<span class="s">...</span>
<span class="pi">-</span> <span class="s">...</span>
</code></pre> </div></div> <p>That is, the per-feature data is a list of objects whose data fields depend on the type of the feature:</p> <ul> <li>for <em>flag</em> features only Name' is available</li> <li>for <em>value</em> features Name' and Value' are available</li> <li>for <em>instance</em> features all attributes of the matched instance are available</li> </ul> <p>A simple example of a template utilizing name and value from an <em>attribute</em> feature: <!-- --></p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">labelsTemplate</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">{{ range .system.osrelease }}system-{{ .Name }}={{ .Value }}</span>
<span class="s">{{ end }}</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">system.osRelease</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">ID</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="s">VERSION_ID.major</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
</code></pre> </div></div> <!-- --> <blockquote> <p><strong>NOTE:</strong> In case of matchAny is specified, the template is executed separately against each individual <code class="language-plaintext highlighter-rouge notranslate">matchFeatures</code> field and the final set of labels will be superset of all these separate template expansions. E.g. consider the following:</p> </blockquote> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;name&gt;</span>
<span class="na">labelsTemplate</span><span class="pi">:</span> <span class="s">&lt;template&gt;</span>
<span class="na">matchFeatures</span><span class="pi">:</span> <span class="s">&lt;matcher#1&gt;</span>
<span class="na">matchAny</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">matchFeatures</span><span class="pi">:</span> <span class="s">&lt;matcher#2&gt;</span>
<span class="pi">-</span> <span class="na">matchFeatures</span><span class="pi">:</span> <span class="s">&lt;matcher#3&gt;</span>
</code></pre> </div></div> <p>In the example above (assuming the overall result is a match) the template would be executed on matcher#1 as well as on matcher#2 and/or matcher#3 (depending on whether both or only one of them match). All the labels from these separate expansions would be created, i.e. the end result would be a union of all the individual expansions.</p> <p>Rule templates use the Golang <a href="https://pkg.go.dev/text/template">text/template</a> package and all its built-in functionality (e.g. pipelines and functions) can be used. An example template taking use of the built-in <code class="language-plaintext highlighter-rouge notranslate">len</code> function, advertising the number of PCI network controllers from a specific vendor: <!-- --></p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="na">labelsTemplate</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">num-intel-network-controllers={{ .pci.device | len }}</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">pci.device</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8086"</span><span class="pi">]}</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0200"</span><span class="pi">]}</span>
</code></pre> </div></div> <!-- --> <p>Imaginative template pipelines are possible, but care must be taken in order to produce understandable and maintainable rule sets.</p> <h3 id="backreferences">Backreferences</h3> <p>Rules support referencing the output of preceding rules. This enables sophisticated scenarios where multiple rules are combined together to for more complex heuristics than a single rule can provide. The labels and vars created by the execution of preceding rules are available as a special <code class="language-plaintext highlighter-rouge notranslate">rule.matched</code> feature.</p> <p>Consider the following configuration:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">kernel</span><span class="nv"> </span><span class="s">label</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">kernel-feature</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.version</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">major</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Gt</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">4"</span><span class="pi">]}</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">var</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">vars</span><span class="pi">:</span>
<span class="na">nolabel-feature</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">cpu.cpuid</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">AVX512F</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">pci.device</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0fff"</span><span class="pi">]}</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">In</span><span class="pi">,</span> <span class="nv">value</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">1234"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">1235"</span><span class="pi">]}</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">high</span><span class="nv"> </span><span class="s">level</span><span class="nv"> </span><span class="s">feature</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">high-level-feature</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">rule.matched</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">kernel-feature</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">IsTrue</span><span class="pi">}</span>
<span class="na">nolabel-feature</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">IsTrue</span><span class="pi">}</span>
</code></pre> </div></div> <p>The <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/high-level-feature = true</code> label depends on the two previous rules.</p> <p>Note that when referencing rules across multiple <a href="#nodefeaturerule-custom-resource"><code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code></a> objects attention must be paid to the ordering. <code class="language-plaintext highlighter-rouge notranslate">NodeFeatureRule</code> objects are processed in alphabetical order (based on their <code class="language-plaintext highlighter-rouge notranslate">.metadata.name</code>).</p> <h3 id="examples">Examples</h3> <p>Some more configuration examples below.</p> <p>Match certain CPUID features:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example</span><span class="nv"> </span><span class="s">cpuid</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">my-special-cpu-feature</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">cpu.cpuid</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">AESNI</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="na">AVX</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
</code></pre> </div></div> <p>Require a certain loaded kernel module and OS version:</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">multi-feature</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">my-special-multi-feature</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">e1000</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">system.osrelease</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">NAME</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">InRegexp</span><span class="pi">,</span> <span class="nv">values</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">^openSUSE"</span><span class="pi">]}</span>
<span class="s">VERSION_ID.major</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Gt</span><span class="pi">,</span> <span class="nv">values</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">14"</span><span class="pi">]}</span>
</code></pre> </div></div> <p>Require a loaded kernel module and two specific PCI devices (both of which must be present):</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my</span><span class="nv"> </span><span class="s">multi-device</span><span class="nv"> </span><span class="s">rule"</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">my-multi-device-feature</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span>
<span class="na">matchFeatures</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">feature</span><span class="pi">:</span> <span class="s">kernel.loadedmodule</span>
<span class="na">matchExpressions</span><span class="pi">:</span>
<span class="na">my-driver-module</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">op</span><span class="pi">:</span> <span class="nv">Exists</span><span class="pi">}</span>
<span class="pi">-</span> <span class="s">pci.device</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0fff"</span>
<span class="na">device</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1234"</span>
<span class="pi">-</span> <span class="s">pci.device</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0fff"</span>
<span class="na">device</span><span class="pi">:</span> <span class="s2">"</span><span class="s">abcd"</span>
</code></pre> </div></div> <h2 id="legacy-custom-rule-syntax">Legacy custom rule syntax</h2> <p><strong>DEPRECATED</strong>: use the new rule syntax instead.</p> <p>The <code class="language-plaintext highlighter-rouge notranslate">custom</code> source supports the legacy <code class="language-plaintext highlighter-rouge notranslate">matchOn</code> rule syntax for backwards-compatibility.</p> <p>To aid in making the legacy rule syntax clearer, we define a general and a per rule nomenclature, keeping things as consistent as possible.</p> <h3 id="general-nomenclature-and-definitions">General nomenclature and definitions</h3> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Rule :Represents a matching logic that is used to match on a feature.
Rule Input :The input a Rule is provided. This determines how a Rule performs the match operation.
Matcher :A composition of Rules, each Matcher may be composed of at most one instance of each Rule.
</code></pre> </div></div> <h3 id="custom-features-format-using-the-nomenclature-defined-above">Custom features format (using the nomenclature defined above)</h3> <p>Rules are specified under <code class="language-plaintext highlighter-rouge notranslate">sources.custom</code> in the nfd-worker configuration file.</p> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">sources</span><span class="pi">:</span>
<span class="na">custom</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;feature name&gt;</span>
<span class="na">value</span><span class="pi">:</span> <span class="s">&lt;optional feature value, defaults to "true"&gt;</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">&lt;Rule-1&gt;</span><span class="pi">:</span> <span class="s">&lt;Rule-1 Input&gt;</span>
<span class="pi">[</span><span class="nv">&lt;Rule-2&gt;</span><span class="pi">:</span> <span class="nv">&lt;Rule-2 Input&gt;</span><span class="pi">]</span>
<span class="pi">-</span> <span class="s">&lt;Matcher-2&gt;</span>
<span class="pi">-</span> <span class="s">...</span>
<span class="pi">-</span> <span class="s">...</span>
<span class="pi">-</span> <span class="s">&lt;Matcher-N&gt;</span>
<span class="pi">-</span> <span class="s">&lt;custom feature 2&gt;</span>
<span class="pi">-</span> <span class="s">...</span>
<span class="pi">-</span> <span class="s">...</span>
<span class="pi">-</span> <span class="s">&lt;custom feature M&gt;</span>
</code></pre> </div></div> <p>The label is constructed by adding <code class="language-plaintext highlighter-rouge notranslate">custom-</code> prefix to the name field, label value defaults to <code class="language-plaintext highlighter-rouge notranslate">true</code> if not specified in the rule spec:</p> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>feature.node.kubernetes.io/custom-&lt;name&gt; = &lt;value&gt;
</code></pre> </div></div> <h3 id="matching-process">Matching process</h3> <p>Specifying Rules to match on a feature is done by providing a list of Matchers. Each Matcher contains one or more Rules.</p> <p>Logical <em>OR</em> is performed between Matchers and logical <em>AND</em> is performed between Rules of a given Matcher.</p> <h3 id="rules">Rules</h3> <h4 id="pciid-rule">pciid rule</h4> <h5 id="nomenclature">Nomenclature</h5> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Attribute :A PCI attribute.
Element :An identifier of the PCI attribute.
</code></pre> </div></div> <p>The PciId Rule allows matching the PCI devices in the system on the following Attributes: <code class="language-plaintext highlighter-rouge notranslate">class</code>,<code class="language-plaintext highlighter-rouge notranslate">vendor</code> and <code class="language-plaintext highlighter-rouge notranslate">device</code>. A list of Elements is provided for each Attribute.</p> <h5 id="format">Format</h5> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">pciId </span><span class="pi">:</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;class id&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;vendor id&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;device id&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
</code></pre> </div></div> <p>Matching is done by performing a logical <em>OR</em> between Elements of an Attribute and logical <em>AND</em> between the specified Attributes for each PCI device in the system. At least one Attribute must be specified. Missing attributes will not partake in the matching process.</p> <h4 id="usbid-rule">UsbId rule</h4> <h5 id="nomenclature-1">Nomenclature</h5> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Attribute :A USB attribute.
Element :An identifier of the USB attribute.
</code></pre> </div></div> <p>The UsbId Rule allows matching the USB devices in the system on the following Attributes: <code class="language-plaintext highlighter-rouge notranslate">class</code>,<code class="language-plaintext highlighter-rouge notranslate">vendor</code>, <code class="language-plaintext highlighter-rouge notranslate">device</code> and <code class="language-plaintext highlighter-rouge notranslate">serial</code>. A list of Elements is provided for each Attribute.</p> <h5 id="format-1">Format</h5> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">usbId </span><span class="pi">:</span>
<span class="na">class</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;class id&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;vendor id&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;device id&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
<span class="na">serial</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;serial&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
</code></pre> </div></div> <p>Matching is done by performing a logical <em>OR</em> between Elements of an Attribute and logical <em>AND</em> between the specified Attributes for each USB device in the system. At least one Attribute must be specified. Missing attributes will not partake in the matching process.</p> <h4 id="loadedkmod-rule">LoadedKMod rule</h4> <h5 id="nomenclature-2">Nomenclature</h5> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Element :A kernel module
</code></pre> </div></div> <p>The LoadedKMod Rule allows matching the loaded kernel modules in the system against a provided list of Elements.</p> <h5 id="format-2">Format</h5> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">loadedKMod </span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;kernel module&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
</code></pre> </div></div> <p>Matching is done by performing logical <em>AND</em> for each provided Element, i.e the Rule will match if all provided Elements (kernel modules) are loaded in the system.</p> <h4 id="cpuid-rule">CpuId rule</h4> <h5 id="nomenclature-3">Nomenclature</h5> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Element :A CPUID flag
</code></pre> </div></div> <p>The Rule allows matching the available CPUID flags in the system against a provided list of Elements.</p> <h5 id="format-3">Format</h5> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">cpuId </span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;CPUID flag string&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
</code></pre> </div></div> <p>Matching is done by performing logical <em>AND</em> for each provided Element, i.e the Rule will match if all provided Elements (CPUID flag strings) are available in the system.</p> <h4 id="kconfig-rule">Kconfig rule</h4> <h5 id="nomenclature-4">Nomenclature</h5> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Element :A Kconfig option
</code></pre> </div></div> <p>The Rule allows matching the kconfig options in the system against a provided list of Elements.</p> <h5 id="format-4">Format</h5> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">kConfig</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;kernel config option ('y' or 'm') or '=&lt;value&gt;'&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span>
</code></pre> </div></div> <p>Matching is done by performing logical <em>AND</em> for each provided Element, i.e the Rule will match if all provided Elements (kernel config options) are enabled (<code class="language-plaintext highlighter-rouge notranslate">y</code> or <code class="language-plaintext highlighter-rouge notranslate">m</code>) or matching <code class="language-plaintext highlighter-rouge notranslate">=&lt;value&gt;</code> in the kernel.</p> <h4 id="nodename-rule">Nodename rule</h4> <h5 id="nomenclature-5">Nomenclature</h5> <div class="language-plaintext highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>Element :A nodename regexp pattern
</code></pre> </div></div> <p>The Rule allows matching the node's name against a provided list of Elements.</p> <h5 id="format-5">Format</h5> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">nodename</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">&lt;nodename regexp pattern&gt;</span><span class="pi">,</span> <span class="nv">...</span> <span class="pi">]</span>
</code></pre> </div></div> <p>Matching is done by performing logical <em>OR</em> for each provided Element, i.e the Rule will match if one of the provided Elements (nodename regexp pattern) matches the node's name.</p> <h3 id="legacy-custom-rule-example">Legacy custom rule example</h3> <div class="language-yaml highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="na">custom</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my.kernel.feature"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">loadedKMod</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">kmod1"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">kmod2"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my.pci.feature"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">pciId</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">15b3"</span><span class="pi">]</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">1014"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">1017"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my.usb.feature"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">usbId</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">1d6b"</span><span class="pi">]</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">0003"</span><span class="pi">]</span>
<span class="na">serial</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">090129a"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my.combined.feature"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">loadedKMod </span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">vendor_kmod1"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">vendor_kmod2"</span><span class="pi">]</span>
<span class="na">pciId</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">15b3"</span><span class="pi">]</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">1014"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">1017"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">vendor.feature.node.kubernetes.io/accumulated.feature"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">loadedKMod </span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">some_kmod1"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">some_kmod2"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">pciId</span><span class="pi">:</span>
<span class="na">vendor</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">15b3"</span><span class="pi">]</span>
<span class="na">device</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">1014"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">1017"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my.kernel.featureneedscpu"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">kConfig</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">KVM_INTEL"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">cpuId</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">VMX"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my.kernel.modulecompiler"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">kConfig</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">GCC_VERSION=100101"</span><span class="pi">]</span>
<span class="na">loadedKMod</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">kmod1"</span><span class="pi">]</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">profile.node.kubernetes.io/my-datacenter"</span>
<span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">datacenter-1"</span>
<span class="na">matchOn</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">nodename</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">node-datacenter1-rack.*-server.*"</span> <span class="pi">]</span>
</code></pre> </div></div> <p><strong>In the example above:</strong></p> <ul> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/custom-my.kernel.feature=true</code> if the node has <code class="language-plaintext highlighter-rouge notranslate">kmod1</code> <em>AND</em> <code class="language-plaintext highlighter-rouge notranslate">kmod2</code> kernel modules loaded.</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/custom-my.pci.feature=true</code> if the node contains a PCI device with a PCI vendor ID of <code class="language-plaintext highlighter-rouge notranslate">15b3</code> <em>AND</em> PCI device ID of <code class="language-plaintext highlighter-rouge notranslate">1014</code> <em>OR</em> <code class="language-plaintext highlighter-rouge notranslate">1017</code>.</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/custom-my.usb.feature=true</code> if the node contains a USB device with a USB vendor ID of <code class="language-plaintext highlighter-rouge notranslate">1d6b</code> <em>AND</em> USB device ID of <code class="language-plaintext highlighter-rouge notranslate">0003</code>.</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/custom-my.combined.feature=true</code> if <code class="language-plaintext highlighter-rouge notranslate">vendor_kmod1</code> <em>AND</em> <code class="language-plaintext highlighter-rouge notranslate">vendor_kmod2</code> kernel modules are loaded <strong>AND</strong> the node contains a PCI device with a PCI vendor ID of <code class="language-plaintext highlighter-rouge notranslate">15b3</code> <em>AND</em> PCI device ID of <code class="language-plaintext highlighter-rouge notranslate">1014</code> <em>or</em> <code class="language-plaintext highlighter-rouge notranslate">1017</code>.</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">vendor.feature.node.kubernetes.io/accumulated.feature=true</code> if <code class="language-plaintext highlighter-rouge notranslate">some_kmod1</code> <em>AND</em> <code class="language-plaintext highlighter-rouge notranslate">some_kmod2</code> kernel modules are loaded <strong>OR</strong> the node contains a PCI device with a PCI vendor ID of <code class="language-plaintext highlighter-rouge notranslate">15b3</code> <em>AND</em> PCI device ID of <code class="language-plaintext highlighter-rouge notranslate">1014</code> <em>OR</em> <code class="language-plaintext highlighter-rouge notranslate">1017</code>.</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/custom-my.kernel.featureneedscpu=true</code> if <code class="language-plaintext highlighter-rouge notranslate">KVM_INTEL</code> kernel config is enabled <strong>AND</strong> the node CPU supports <code class="language-plaintext highlighter-rouge notranslate">VMX</code> virtual machine extensions</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">feature.node.kubernetes.io/custom-my.kernel.modulecompiler=true</code> if the in-tree <code class="language-plaintext highlighter-rouge notranslate">kmod1</code> kernel module is loaded <strong>AND</strong> it's built with <code class="language-plaintext highlighter-rouge notranslate">GCC_VERSION=100101</code>.</li> <li>A node would contain the label: <code class="language-plaintext highlighter-rouge notranslate">profile.node.kubernetes.io/my-datacenter=datacenter-1</code> if the node's name matches the <code class="language-plaintext highlighter-rouge notranslate">node-datacenter1-rack.*-server.*</code> pattern, e.g. <code class="language-plaintext highlighter-rouge notranslate">node-datacenter1-rack2-server42</code></li> </ul> </div> </div> <div class="navigation-bottom d-flex flex-justify-between py-3" role="navigation" aria-label="footer navigation"> <div class="prev"><a href="/node-feature-discovery/v0.14/usage/custom-resources.html" class="btn" title="CRDs" accesskey="p" rel="prev"> <i class="fa fa-arrow-circle-left"></i> Previous </a></div> <div class="next"><a href="/node-feature-discovery/v0.14/usage/examples-and-demos.html" class="btn" title="Examples and demos" accesskey="n" rel="next"> Next <i class="fa fa-arrow-circle-right"></i> </a></div> </div><hr> <div class="copyright text-center text-gray" role="contentinfo"> <i class="fa fa-copyright"></i> <span class="time">2016-2024,</span> <a class="text-gray" href="https://github.com/kubernetes-sigs" rel="noreferrer" target="_blank">Kubernetes SIGs</a> Revision <a class="text-gray" href="https://github.com/kubernetes-sigs/node-feature-discovery/commit/" title="" rel="noreferrer" target="_blank"></a> <br> <div class="generator"> Built with <a href="https://pages.github.com" rel="noreferrer" target="_blank" title="github-pages v228">GitHub Pages</a> using a <a href="https://github.com/rundocs/jekyll-rtd-theme" rel="noreferrer" target="_blank" title="rundocs/jekyll-rtd-theme v2.0.10">theme</a> provided by <a href="https://rundocs.io" rel="noreferrer" target="_blank">RunDocs</a>. </div> </div> </div> </div> <div class="addons-wrap d-flex flex-column overflow-y-auto"> <div class="status d-flex flex-justify-between p-2"> <div class="title p-1"> <i class="fa fa-book"></i> Node Feature Discovery </div> <div class="branch p-1"> <span class="name"> v0.14 </span> <i class="fa fa-caret-down"></i> </div> </div> <div class="addons d-flex flex-column height-full p-2 d-none"> <dl id="versions"> <dt>Versions</dt> <script src="/node-feature-discovery/versions.js"></script> <script> var dt = document.getElementById('versions'); var items = getVersionListItems(); for (var i=0; i < items.length; i++) { var dd = document.createElement('dd'); var a = dd.appendChild(document.createElement('a')); a.appendChild(document.createTextNode(items[i].name)); a.href = items[i].url; dt.appendChild(dd); } </script> </dl> <dl> <dt>GitHub</dt> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery" title="Stars: 705"> <i class="fa fa-github"></i> Homepage </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/issues" title="Open issues: 26"> <i class="fa fa-question-circle-o"></i> Issues </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/zipball/gh-pages" title="Size: 103163 Kb"> <i class="fa fa-download"></i> Download </a> </dd> </dl> <hr> <div class="license f6 pb-2"> This <a href="/node-feature-discovery/v0.14/" title="Node Feature Discovery">Software</a> is under the terms of <a href="https://github.com/kubernetes-sigs/node-feature-discovery">Apache License 2.0</a>. </div> </div> </div> <script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/js/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/js/theme.min.js"></script> </body> </html>
View git blame Copy permalink