mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-31 04:04:51 +00:00
e6bdc17d8c
Allows dynamic (re-)configuration of most nfd-worker options. The goal is to have most configuration parameters specified in the configuration file and deprecate most of the command line flags. The priority is intended to be such that command line flags override whatever is specified in the configuration file. Thus, specifying something on the command line effectively disables dynamic configurability of that parameter. This patch adds core.noPublish config file option to demonstrate how the new mechanism is supposed to work. The --no-publish command line flag takes precedence over this config file option.
232 lines
5.9 KiB
Text
232 lines
5.9 KiB
Text
# This template contains an example of running nfd-master and nfd-worker in the
|
|
# same pod.
|
|
#
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: node-feature-discovery # NFD namespace
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: nfd-master
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
# when using command line flag --resource-labels to create extended resources
|
|
# you will need to uncomment "- nodes/status"
|
|
# - nodes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
# List only needed for --prune
|
|
- list
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: nfd-master
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: nfd-master
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: nfd-master
|
|
namespace: node-feature-discovery
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
labels:
|
|
app: nfd
|
|
name: nfd
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: nfd
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nfd
|
|
spec:
|
|
serviceAccount: nfd-master
|
|
containers:
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
imagePullPolicy: Always
|
|
name: nfd-master
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-master"
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: gcr.io/k8s-staging-nfd/node-feature-discovery:master
|
|
imagePullPolicy: Always
|
|
name: nfd-worker
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
command:
|
|
- "nfd-worker"
|
|
args:
|
|
- "--sleep-interval=60s"
|
|
volumeMounts:
|
|
- name: host-boot
|
|
mountPath: "/host-boot"
|
|
readOnly: true
|
|
- name: host-os-release
|
|
mountPath: "/host-etc/os-release"
|
|
readOnly: true
|
|
- name: host-sys
|
|
mountPath: "/host-sys"
|
|
readOnly: true
|
|
- name: source-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
readOnly: true
|
|
- name: features-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
readOnly: true
|
|
- name: nfd-worker-conf
|
|
mountPath: "/etc/kubernetes/node-feature-discovery"
|
|
readOnly: true
|
|
volumes:
|
|
- name: host-boot
|
|
hostPath:
|
|
path: "/boot"
|
|
- name: host-os-release
|
|
hostPath:
|
|
path: "/etc/os-release"
|
|
- name: host-sys
|
|
hostPath:
|
|
path: "/sys"
|
|
- name: source-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
- name: nfd-worker-conf
|
|
configMap:
|
|
name: nfd-worker-conf
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nfd-worker-conf
|
|
namespace: node-feature-discovery
|
|
data:
|
|
nfd-worker.conf: | ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
|
|
#core:
|
|
# noPublish: false
|
|
#sources:
|
|
# cpu:
|
|
# cpuid:
|
|
## NOTE: whitelist has priority over blacklist
|
|
# attributeBlacklist:
|
|
# - "BMI1"
|
|
# - "BMI2"
|
|
# - "CLMUL"
|
|
# - "CMOV"
|
|
# - "CX16"
|
|
# - "ERMS"
|
|
# - "F16C"
|
|
# - "HTT"
|
|
# - "LZCNT"
|
|
# - "MMX"
|
|
# - "MMXEXT"
|
|
# - "NX"
|
|
# - "POPCNT"
|
|
# - "RDRAND"
|
|
# - "RDSEED"
|
|
# - "RDTSCP"
|
|
# - "SGX"
|
|
# - "SSE"
|
|
# - "SSE2"
|
|
# - "SSE3"
|
|
# - "SSE4.1"
|
|
# - "SSE4.2"
|
|
# - "SSSE3"
|
|
# attributeWhitelist:
|
|
# kernel:
|
|
# kconfigFile: "/path/to/kconfig"
|
|
# configOpts:
|
|
# - "NO_HZ"
|
|
# - "X86"
|
|
# - "DMI"
|
|
# pci:
|
|
# deviceClassWhitelist:
|
|
# - "0200"
|
|
# - "03"
|
|
# - "12"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# - "subsystem_vendor"
|
|
# - "subsystem_device"
|
|
# usb:
|
|
# deviceClassWhitelist:
|
|
# - "0e"
|
|
# - "ef"
|
|
# - "fe"
|
|
# - "ff"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# custom:
|
|
# - name: "my.kernel.feature"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod1", "example_kmod2"]
|
|
# - name: "my.pci.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# class: ["0200"]
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# - pciId :
|
|
# vendor: ["8086"]
|
|
# device: ["1000", "1100"]
|
|
# - name: "my.usb.feature"
|
|
# matchOn:
|
|
# - usbId:
|
|
# class: ["ff"]
|
|
# vendor: ["03e7"]
|
|
# device: ["2485"]
|
|
# - usbId:
|
|
# class: ["fe"]
|
|
# vendor: ["1a6e"]
|
|
# device: ["089a"]
|
|
# - name: "my.combined.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
|
|
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
|