mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-17 05:48:21 +00:00
Support backreferencing of output values from previous rules. Enables complex rule setups where custom features are further combined together to form even more sophisticated higher level labels. The labels created by preceding rules are available as a special 'rule.matched' feature (for matchFeatures to use). If referencing rules accross multiple configs/CRDs care must be taken with the ordering. Processing order of rules in nfd-worker: 1. Static rules 2. Files from /etc/kubernetes/node-feature-discovery/custom.d/ in alphabetical order. Subdirectories are processed by reading their files in alphabetical order. 3. Custom rules from main nfd-worker.conf In nfd-master, NodeFeatureRule objects are processed in alphabetical order (based on their metadata.name). This patch also adds new 'vars' fields to the rule spec. Like 'labels', it is a map of key-value pairs but no labels are generated from these. The values specified in 'vars' are only added for backreferencing into the 'rules.matched' feature. This may by desired in schemes where the output of certain rules is only used as intermediate variables for other rules and no labels out of these are wanted. An example setup: - name: "kernel feature" labels: kernel-feature: matchFeatures: - feature: kernel.version matchExpressions: major: {op: Gt, value: ["4"]} - name: "intermediate var feature" vars: nolabel-feature: "true" matchFeatures: - feature: cpu.cpuid matchExpressions: AVX512F: {op: Exists} - feature: pci.device matchExpressions: vendor: {op: In, value: ["8086"]} device: {op: In, value: ["1234", "1235"]} - name: top-level-feature matchFeatures: - feature: rule.matched matchExpressions: kernel-feature: "true" nolabel-feature: "true"
430 lines
13 KiB
YAML
430 lines
13 KiB
YAML
image:
|
|
repository: gcr.io/k8s-staging-nfd/node-feature-discovery
|
|
# This should be set to 'IfNotPresent' for released version
|
|
pullPolicy: Always
|
|
# tag, if defined will use the given image tag, else Chart.AppVersion will be used
|
|
# tag
|
|
imagePullSecrets: []
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name:
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
nodeFeatureRule:
|
|
createCRD: true
|
|
|
|
master:
|
|
instance:
|
|
extraLabelNs: []
|
|
featureRulesController: true
|
|
|
|
replicaCount: 1
|
|
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: [ "ALL" ]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations:
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: "Equal"
|
|
value: ""
|
|
effect: "NoSchedule"
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Equal"
|
|
value: ""
|
|
effect: "NoSchedule"
|
|
|
|
annotations: {}
|
|
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: In
|
|
values: [""]
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: In
|
|
values: [""]
|
|
|
|
worker:
|
|
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
|
|
#core:
|
|
# labelWhiteList:
|
|
# noPublish: false
|
|
# sleepInterval: 60s
|
|
# sources: [all]
|
|
# klog:
|
|
# addDirHeader: false
|
|
# alsologtostderr: false
|
|
# logBacktraceAt:
|
|
# logtostderr: true
|
|
# skipHeaders: false
|
|
# stderrthreshold: 2
|
|
# v: 0
|
|
# vmodule:
|
|
## NOTE: the following options are not dynamically run-time configurable
|
|
## and require a nfd-worker restart to take effect after being changed
|
|
# logDir:
|
|
# logFile:
|
|
# logFileMaxSize: 1800
|
|
# skipLogHeaders: false
|
|
#sources:
|
|
# cpu:
|
|
# cpuid:
|
|
## NOTE: whitelist has priority over blacklist
|
|
# attributeBlacklist:
|
|
# - "BMI1"
|
|
# - "BMI2"
|
|
# - "CLMUL"
|
|
# - "CMOV"
|
|
# - "CX16"
|
|
# - "ERMS"
|
|
# - "F16C"
|
|
# - "HTT"
|
|
# - "LZCNT"
|
|
# - "MMX"
|
|
# - "MMXEXT"
|
|
# - "NX"
|
|
# - "POPCNT"
|
|
# - "RDRAND"
|
|
# - "RDSEED"
|
|
# - "RDTSCP"
|
|
# - "SGX"
|
|
# - "SSE"
|
|
# - "SSE2"
|
|
# - "SSE3"
|
|
# - "SSE4"
|
|
# - "SSE42"
|
|
# - "SSSE3"
|
|
# attributeWhitelist:
|
|
# kernel:
|
|
# kconfigFile: "/path/to/kconfig"
|
|
# configOpts:
|
|
# - "NO_HZ"
|
|
# - "X86"
|
|
# - "DMI"
|
|
# pci:
|
|
# deviceClassWhitelist:
|
|
# - "0200"
|
|
# - "03"
|
|
# - "12"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# - "subsystem_vendor"
|
|
# - "subsystem_device"
|
|
# usb:
|
|
# deviceClassWhitelist:
|
|
# - "0e"
|
|
# - "ef"
|
|
# - "fe"
|
|
# - "ff"
|
|
# deviceLabelFields:
|
|
# - "class"
|
|
# - "vendor"
|
|
# - "device"
|
|
# custom:
|
|
# - name: "my.kernel.feature"
|
|
# matchOn:
|
|
# - loadedKMod: ["example_kmod1", "example_kmod2"]
|
|
# - name: "my.pci.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# class: ["0200"]
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# - pciId:
|
|
# vendor: ["8086"]
|
|
# device: ["1000", "1100"]
|
|
# - name: "my.usb.feature"
|
|
# matchOn:
|
|
# - usbId:
|
|
# class: ["ff"]
|
|
# vendor: ["03e7"]
|
|
# device: ["2485"]
|
|
# - usbId:
|
|
# class: ["fe"]
|
|
# vendor: ["1a6e"]
|
|
# device: ["089a"]
|
|
# - name: "my.combined.feature"
|
|
# matchOn:
|
|
# - pciId:
|
|
# vendor: ["15b3"]
|
|
# device: ["1014", "1017"]
|
|
# loadedKMod: ["vendor_kmod1", "vendor_kmod2"]
|
|
# - name: "feature.by.nodename"
|
|
# value: customValue
|
|
# matchOn:
|
|
# - nodename: ["worker-0", "my-.*-node"]
|
|
#
|
|
# # The following feature demonstrates the capabilities of the matchFeatures
|
|
# - name: "my.ng.feature"
|
|
# labels:
|
|
# my-ng-feature: "true"
|
|
# # matchFeatures implements a logical AND over all matcher terms in the
|
|
# # list (i.e. all of the terms, or per-feature matchers, must match)
|
|
# matchFeatures:
|
|
# - feature: cpu.cpuid
|
|
# matchExpressions:
|
|
# AVX512F: {op: Exists}
|
|
# - feature: cpu.cstate
|
|
# matchExpressions:
|
|
# enabled: {op: IsTrue}
|
|
# - feature: cpu.pstate
|
|
# matchExpressions:
|
|
# no_turbo: {op: IsFalse}
|
|
# scaling_governor: {op: In, value: ["performance"]}
|
|
# - feature: cpu.rdt
|
|
# matchExpressions:
|
|
# RDTL3CA: {op: Exists}
|
|
# - feature: cpu.sst
|
|
# matchExpressions:
|
|
# bf.enabled: {op: IsTrue}
|
|
# - feature: cpu.topology
|
|
# matchExpressions:
|
|
# hardware_multithreading: {op: IsFalse}
|
|
#
|
|
# - feature: kernel.config
|
|
# matchExpressions:
|
|
# X86: {op: Exists}
|
|
# LSM: {op: InRegexp, value: ["apparmor"]}
|
|
# - feature: kernel.loadedmodule
|
|
# matchExpressions:
|
|
# e1000e: {op: Exists}
|
|
# - feature: kernel.selinux
|
|
# matchExpressions:
|
|
# enabled: {op: IsFalse}
|
|
# - feature: kernel.version
|
|
# matchExpressions:
|
|
# major: {op: In, value: ["5"]}
|
|
# minor: {op: Gt, value: ["10"]}
|
|
#
|
|
# - feature: storage.block
|
|
# matchExpressions:
|
|
# rotational: {op: In, value: ["0"]}
|
|
# dax: {op: In, value: ["0"]}
|
|
#
|
|
# - feature: network.device
|
|
# matchExpressions:
|
|
# operstate: {op: In, value: ["up"]}
|
|
# speed: {op: Gt, value: ["100"]}
|
|
#
|
|
# - feature: memory.numa
|
|
# matchExpressions:
|
|
# node_count: {op: Gt, value: ["2"]}
|
|
# - feature: memory.nv
|
|
# matchExpressions:
|
|
# devtype: {op: In, value: ["nd_dax"]}
|
|
# mode: {op: In, value: ["memory"]}
|
|
#
|
|
# - feature: system.osrelease
|
|
# matchExpressions:
|
|
# ID: {op: In, value: ["fedora", "centos"]}
|
|
# - feature: system.name
|
|
# matchExpressions:
|
|
# nodename: {op: InRegexp, value: ["^worker-X"]}
|
|
#
|
|
# - feature: local.label
|
|
# matchExpressions:
|
|
# custom-feature-knob: {op: Gt, value: ["100"]}
|
|
#
|
|
# # The following feature demonstrates the capabilities of the matchAny
|
|
# - name: "my.ng.feature.2"
|
|
# labels:
|
|
# my-ng-feature-2: "my-value"
|
|
# # matchAny implements a logical IF over all elements (sub-matchers) in
|
|
# # the list (i.e. at least one feature matcher must match)
|
|
# matchAny:
|
|
# - matchFeatures:
|
|
# - feature: kernel.loadedmodule
|
|
# matchExpressions:
|
|
# driver-module-X: {op: Exists}
|
|
# - feature: pci.device
|
|
# matchExpressions:
|
|
# vendor: {op: In, value: ["8086"]}
|
|
# class: {op: In, value: ["0200"]}
|
|
# - matchFeatures:
|
|
# - feature: kernel.loadedmodule
|
|
# matchExpressions:
|
|
# driver-module-Y: {op: Exists}
|
|
# - feature: usb.device
|
|
# matchExpressions:
|
|
# vendor: {op: In, value: ["8086"]}
|
|
# class: {op: In, value: ["02"]}
|
|
#
|
|
# # The following features demonstreate label templating capabilities
|
|
# - name: "my-template-test"
|
|
# labelsTemplate: |
|
|
# {{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }}
|
|
# {{ end }}
|
|
# matchFeatures:
|
|
# - feature: system.osrelease
|
|
# matchExpressions:
|
|
# ID: {op: InRegexp, value: ["^open.*"]}
|
|
# VERSION_ID.major: {op: In, value: ["13", "15"]}
|
|
#
|
|
# - name: "my-template-test-2"
|
|
# labelsTemplate: |
|
|
# {{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
|
|
# {{ end }}
|
|
# matchFeatures:
|
|
# - feature: pci.device
|
|
# matchExpressions:
|
|
# class: {op: InRegexp, value: ["^06"]}
|
|
# vendor: ["8086"]
|
|
# - feature: cpu.cpuid
|
|
# matchExpressions:
|
|
# AVX: {op: Exists}
|
|
#
|
|
# # The following examples demonstrate vars field and back-referencing
|
|
# # previous labels and vars
|
|
# - name: "my dummy kernel rule"
|
|
# labels:
|
|
# "my.kernel.feature": "true"
|
|
# matchFeatures:
|
|
# - feature: kernel.version
|
|
# matchExpressions:
|
|
# major: {op: Gt, value: ["2"]}
|
|
#
|
|
# - name: "my dummy rule with no labels"
|
|
# vars:
|
|
# "my.dummy.var": "1"
|
|
# matchFeatures:
|
|
# - feature: cpu.cpuid
|
|
# matchExpressions: {}
|
|
#
|
|
# - name: "my rule using backrefs"
|
|
# labels:
|
|
# "my.backref.feature": "true"
|
|
# matchFeatures:
|
|
# - feature: rule.matched
|
|
# matchExpressions:
|
|
# my.kernel.feature: {op: IsTrue}
|
|
# my.dummy.var: {op: Gt, value: ["0"]}
|
|
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
|
|
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: [ "ALL" ]
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
# Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x
|
|
# Does not work on systems without /usr/src AND a read-only /usr, such as Talos
|
|
mountUsrSrc: false
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
annotations: {}
|
|
|
|
affinity: {}
|
|
|
|
topologyUpdater:
|
|
enable: false
|
|
createCRDs: false
|
|
|
|
serviceAccount:
|
|
create: false
|
|
annotations: {}
|
|
name:
|
|
rbac:
|
|
create: false
|
|
|
|
kubeletConfigPath:
|
|
kubeletPodResourcesSockPath:
|
|
updateInterval: 60s
|
|
watchNamespace: "*"
|
|
|
|
podSecurityContext: {}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: [ "ALL" ]
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 0
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
annotations: {}
|
|
affinity: {}
|
|
|
|
## RBAC parameteres
|
|
## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
|
|
##
|
|
rbac:
|
|
create: true
|
|
serviceAccountName:
|
|
## Annotations for the Service Account
|
|
##
|
|
serviceAccountAnnotations: {}
|