mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-15 04:57:56 +00:00
Instead of relying on golang "net" package, use the configured host sysfs for all discovery. No need to use hostNetwork after that so drop it from the worker deployment templates.
80 lines
2.6 KiB
Text
80 lines
2.6 KiB
Text
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
labels:
|
|
app: nfd-worker
|
|
name: nfd-worker
|
|
namespace: node-feature-discovery
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: nfd-worker
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nfd-worker
|
|
spec:
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
containers:
|
|
- env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
image: quay.io/kubernetes_incubator/node-feature-discovery:v0.5.0
|
|
name: nfd-worker
|
|
command:
|
|
- "nfd-worker"
|
|
args:
|
|
- "--sleep-interval=60s"
|
|
- "--server=nfd-master:8080"
|
|
## Enable TLS authentication (1/3)
|
|
## The example below assumes having the root certificate named ca.crt stored in
|
|
## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
|
|
## in a TLS Secret named nfd-worker-cert
|
|
# - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
|
|
# - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
|
|
# - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
|
|
volumeMounts:
|
|
- name: host-boot
|
|
mountPath: "/host-boot"
|
|
readOnly: true
|
|
- name: host-os-release
|
|
mountPath: "/host-etc/os-release"
|
|
readOnly: true
|
|
- name: host-sys
|
|
mountPath: "/host-sys"
|
|
- name: source-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
## Enable TLS authentication (2/3)
|
|
# - name: nfd-ca-cert
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/trust"
|
|
# readOnly: true
|
|
# - name: nfd-worker-cert
|
|
# mountPath: "/etc/kubernetes/node-feature-discovery/certs"
|
|
# readOnly: true
|
|
volumes:
|
|
- name: host-boot
|
|
hostPath:
|
|
path: "/boot"
|
|
- name: host-os-release
|
|
hostPath:
|
|
path: "/etc/os-release"
|
|
- name: host-sys
|
|
hostPath:
|
|
path: "/sys"
|
|
- name: source-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/source.d/"
|
|
- name: features-d
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-feature-discovery/features.d/"
|
|
## Enable TLS authentication (3/3)
|
|
# - name: nfd-ca-cert
|
|
# configMap:
|
|
# name: nfd-ca-cert
|
|
# - name: nfd-worker-cert
|
|
# secret:
|
|
# secretName: nfd-worker-cert
|