mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity
node-feature-discovery/docs/reference/topology-updater-commandline-reference.md
Talor Itzhak d495376f06 docs: topology-updater: update docs for exclude-list feature 
Update the docs with explanations and examples
about the exclude-list feature.

Signed-off-by: Talor Itzhak <titzhak@redhat.com>
2022-11-21 21:31:51 +02:00

227 lines
5.2 KiB
Markdown
Raw Blame History

---
title: "Topology Updater Cmdline Reference"
layout: default
sort: 4
---
# NFD-Topology-Updater Commandline Flags
{: .no_toc }
## Table of Contents
{: .no_toc .text-delta }
1. TOC
{:toc}
---
To quickly view available command line flags execute `nfd-topology-updater -help`.
In a docker container:
```bash
docker run {{ site.container_image }} \
nfd-topology-updater -help
```
### -h, -help
Print usage and exit.
### -version
Print version and exit.
### -config
The `-config` flag specifies the path of the nfd-topology-updater
configuration file to use.
Default: /etc/kubernetes/node-feature-discovery/nfd-topology-updater.conf
Example:
```bash
nfd-topology-updater -config=/opt/nfd/nfd-topology-updater.conf
```
### -server
The `-server` flag specifies the address of the nfd-master endpoint where to
connect to.
Default: localhost:8080
Example:
```bash
nfd-topology-updater -server=nfd-master.nfd.svc.cluster.local:443
```
### -ca-file
The `-ca-file` is one of the three flags (together with `-cert-file` and
`-key-file`) controlling the mutual TLS authentication on the topology-updater side.
This flag specifies the TLS root certificate that is used for verifying the
authenticity of nfd-master.
Default: *empty*
Note: Must be specified together with `-cert-file` and `-key-file`
Example:
```bash
nfd-topology-updater -ca-file=/opt/nfd/ca.crt -cert-file=/opt/nfd/updater.crt -key-file=/opt/nfd/updater.key
```
### -cert-file
The `-cert-file` is one of the three flags (together with `-ca-file` and
`-key-file`) controlling mutual TLS authentication on the topology-updater
side. This flag specifies the TLS certificate presented for authenticating
outgoing requests.
Default: *empty*
Note: Must be specified together with `-ca-file` and `-key-file`
Example:
```bash
nfd-topology-updater -cert-file=/opt/nfd/updater.crt -key-file=/opt/nfd/updater.key -ca-file=/opt/nfd/ca.crt
```
### -key-file
The `-key-file` is one of the three flags (together with `-ca-file` and
`-cert-file`) controlling the mutual TLS authentication on topology-updater
side. This flag specifies the private key corresponding the given certificate file
(`-cert-file`) that is used for authenticating outgoing requests.
Default: *empty*
Note: Must be specified together with `-cert-file` and `-ca-file`
Example:
```bash
nfd-topology-updater -key-file=/opt/nfd/updater.key -cert-file=/opt/nfd/updater.crt -ca-file=/opt/nfd/ca.crt
```
### -server-name-override
The `-server-name-override` flag specifies the common name (CN) which to
expect from the nfd-master TLS certificate. This flag is mostly intended for
development and debugging purposes.
Default: *empty*
Example:
```bash
nfd-topology-updater -server-name-override=localhost
```
### -no-publish
The `-no-publish` flag disables all communication with the nfd-master, making
it a "dry-run" flag for nfd-topology-updater. NFD-Topology-Updater runs
resource hardware topology detection normally, but no CR requests are sent to
nfd-master.
Default: *false*
Example:
```bash
nfd-topology-updater -no-publish
```
### -oneshot
The `-oneshot` flag causes nfd-topology-updater to exit after one pass of
resource hardware topology detection.
Default: *false*
Example:
```bash
nfd-topology-updater -oneshot -no-publish
```
### -sleep-interval
The `-sleep-interval` specifies the interval between resource hardware
topology re-examination (and CR updates). A non-positive value implies
infinite sleep interval, i.e. no re-detection is done.
Default: 60s
Example:
```bash
nfd-topology-updater -sleep-interval=1h
```
### -watch-namespace
The `-watch-namespace` specifies the namespace to ensure that resource
hardware topology examination only happens for the pods running in the
specified namespace. Pods that are not running in the specified namespace
are not considered during resource accounting. This is particularly useful
for testing/debugging purpose. A "*" value would mean that all the pods would
be considered during the accounting process.
Default: "*"
Example:
```bash
nfd-topology-updater -watch-namespace=rte
```
### -kubelet-config-uri
The `-kubelet-config-uri` specifies the path to the Kubelet's configuration.
Note that the URi could either be a local host file or an HTTP endpoint.
Default: `https://${NODE_NAME}:10250/configz`
Example:
```bash
nfd-topology-updater -kubelet-config-uri=file:///var/lib/kubelet/config.yaml
```
### -api-auth-token-file
The `-api-auth-token-file` specifies the path to the api auth token file
which is used to retrieve Kubelet's configuration from Kubelet secure port,
only taking effect when `-kubelet-config-uri` is https.
Note that this token file must bind to a role that has the `get` capability to
`nodes/proxy` resources.
Default: `/var/run/secrets/kubernetes.io/serviceaccount/token`
Example:
```bash
nfd-topology-updater -token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
```
### -podresources-socket
The `-podresources-socket` specifies the path to the Unix socket where kubelet
exports a gRPC service to enable discovery of in-use CPUs and devices, and to
provide metadata for them.
Default: /host-var/lib/kubelet/pod-resources/kubelet.sock
Example:
```bash
nfd-topology-updater -podresources-socket=/var/lib/kubelet/pod-resources/kubelet.sock
```
View git blame Copy permalink