1apiVersion: v1
2kind: Namespace
3metadata:
4 name: node-feature-discovery
5---
6apiVersion: apiextensions.k8s.io/v1
7kind: CustomResourceDefinition
8metadata:
9 name: nodefeaturegroups.nfd.k8s-sigs.io
10 annotations:
11 controller-gen.kubebuilder.io/version: v0.14.0
12spec:
13 group: nfd.k8s-sigs.io
14 names:
15 kind: NodeFeatureGroup
16 listKind: NodeFeatureGroupList
17 plural: nodefeaturegroups
18 shortNames:
19 - nfg
20 singular: nodefeaturegroup
21 scope: Namespaced
22 versions:
23 - name: v1alpha1
24 schema:
25 openAPIV3Schema:
26 type: object
27 description: NodeFeatureGroup resource holds Node pools by featureGroup
28 properties:
29 apiVersion:
30 type: string
31 description: |-
32 APIVersion defines the versioned schema of this representation of an object.
33 Servers should convert recognized schemas to the latest internal value, and
34 may reject unrecognized values.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
36 kind:
37 type: string
38 description: |-
39 Kind is a string value representing the REST resource this object represents.
40 Servers may infer this from the endpoint the client submits requests to.
41 Cannot be updated.
42 In CamelCase.
43 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
44 metadata:
45 type: object
46 spec:
47 type: object
48 description: Spec defines the rules to be evaluated.
49 properties:
50 featureGroupRules:
51 type: array
52 description: List of rules to evaluate to determine nodes that belong in this group.
53 items:
54 type: object
55 description: GroupRule defines a rule for nodegroup filtering.
56 properties:
57 name:
58 type: string
59 description: Name of the rule.
60 matchAny:
61 type: array
62 description: MatchAny specifies a list of matchers one of which must match.
63 items:
64 type: object
65 description: MatchAnyElem specifies one sub-matcher of MatchAny.
66 properties:
67 matchFeatures:
68 type: array
69 description: MatchFeatures specifies a set of matcher terms all of which must match.
70 items:
71 type: object
72 description: |-
73 FeatureMatcherTerm defines requirements against one feature set. All
74 requirements (specified as MatchExpressions) are evaluated against each
75 element in the feature set.
76 properties:
77 feature:
78 type: string
79 description: Feature is the name of the feature set to match against.
80 matchExpressions:
81 type: object
82 additionalProperties:
83 type: object
84 description: |-
85 MatchExpression specifies an expression to evaluate against a set of input
86 values. It contains an operator that is applied when matching the input and
87 an array of values that the operator evaluates the input against.
88 properties:
89 value:
90 type: array
91 description: |-
92 Value is the list of values that the operand evaluates the input
93 against. Value should be empty if the operator is Exists, DoesNotExist,
94 IsTrue or IsFalse. Value should contain exactly one element if the
95 operator is Gt or Lt and exactly two elements if the operator is GtLt.
96 In other cases Value should contain at least one element.
97 items:
98 type: string
99 op:
100 type: string
101 description: Op is the operator to be applied.
102 enum:
103 - In
104 - NotIn
105 - InRegexp
106 - Exists
107 - DoesNotExist
108 - Gt
109 - Lt
110 - GtLt
111 - IsTrue
112 - IsFalse
113 required:
114 - op
115 description: |-
116 MatchExpressions is the set of per-element expressions evaluated. These
117 match against the value of the specified elements.
118 matchName:
119 type: object
120 description: |-
121 MatchName in an expression that is matched against the name of each
122 element in the feature set.
123 properties:
124 value:
125 type: array
126 description: |-
127 Value is the list of values that the operand evaluates the input
128 against. Value should be empty if the operator is Exists, DoesNotExist,
129 IsTrue or IsFalse. Value should contain exactly one element if the
130 operator is Gt or Lt and exactly two elements if the operator is GtLt.
131 In other cases Value should contain at least one element.
132 items:
133 type: string
134 op:
135 type: string
136 description: Op is the operator to be applied.
137 enum:
138 - In
139 - NotIn
140 - InRegexp
141 - Exists
142 - DoesNotExist
143 - Gt
144 - Lt
145 - GtLt
146 - IsTrue
147 - IsFalse
148 required:
149 - op
150 required:
151 - feature
152 required:
153 - matchFeatures
154 matchFeatures:
155 type: array
156 description: MatchFeatures specifies a set of matcher terms all of which must match.
157 items:
158 type: object
159 description: |-
160 FeatureMatcherTerm defines requirements against one feature set. All
161 requirements (specified as MatchExpressions) are evaluated against each
162 element in the feature set.
163 properties:
164 feature:
165 type: string
166 description: Feature is the name of the feature set to match against.
167 matchExpressions:
168 type: object
169 additionalProperties:
170 type: object
171 description: |-
172 MatchExpression specifies an expression to evaluate against a set of input
173 values. It contains an operator that is applied when matching the input and
174 an array of values that the operator evaluates the input against.
175 properties:
176 value:
177 type: array
178 description: |-
179 Value is the list of values that the operand evaluates the input
180 against. Value should be empty if the operator is Exists, DoesNotExist,
181 IsTrue or IsFalse. Value should contain exactly one element if the
182 operator is Gt or Lt and exactly two elements if the operator is GtLt.
183 In other cases Value should contain at least one element.
184 items:
185 type: string
186 op:
187 type: string
188 description: Op is the operator to be applied.
189 enum:
190 - In
191 - NotIn
192 - InRegexp
193 - Exists
194 - DoesNotExist
195 - Gt
196 - Lt
197 - GtLt
198 - IsTrue
199 - IsFalse
200 required:
201 - op
202 description: |-
203 MatchExpressions is the set of per-element expressions evaluated. These
204 match against the value of the specified elements.
205 matchName:
206 type: object
207 description: |-
208 MatchName in an expression that is matched against the name of each
209 element in the feature set.
210 properties:
211 value:
212 type: array
213 description: |-
214 Value is the list of values that the operand evaluates the input
215 against. Value should be empty if the operator is Exists, DoesNotExist,
216 IsTrue or IsFalse. Value should contain exactly one element if the
217 operator is Gt or Lt and exactly two elements if the operator is GtLt.
218 In other cases Value should contain at least one element.
219 items:
220 type: string
221 op:
222 type: string
223 description: Op is the operator to be applied.
224 enum:
225 - In
226 - NotIn
227 - InRegexp
228 - Exists
229 - DoesNotExist
230 - Gt
231 - Lt
232 - GtLt
233 - IsTrue
234 - IsFalse
235 required:
236 - op
237 required:
238 - feature
239 required:
240 - name
241 required:
242 - featureGroupRules
243 status:
244 type: object
245 description: |-
246 Status of the NodeFeatureGroup after the most recent evaluation of the
247 specification.
248 properties:
249 nodes:
250 type: array
251 description: Nodes is a list of FeatureGroupNode in the cluster that match the featureGroupRules
252 items:
253 type: object
254 properties:
255 name:
256 type: string
257 description: Name of the node.
258 required:
259 - name
260 x-kubernetes-list-map-keys:
261 - name
262 x-kubernetes-list-type: map
263 required:
264 - spec
265 served: true
266 storage: true
267 subresources:
268 status: {}
269---
270apiVersion: apiextensions.k8s.io/v1
271kind: CustomResourceDefinition
272metadata:
273 name: nodefeaturerules.nfd.k8s-sigs.io
274 annotations:
275 controller-gen.kubebuilder.io/version: v0.14.0
276spec:
277 group: nfd.k8s-sigs.io
278 names:
279 kind: NodeFeatureRule
280 listKind: NodeFeatureRuleList
281 plural: nodefeaturerules
282 shortNames:
283 - nfr
284 singular: nodefeaturerule
285 scope: Cluster
286 versions:
287 - name: v1alpha1
288 schema:
289 openAPIV3Schema:
290 type: object
291 description: |-
292 NodeFeatureRule resource specifies a configuration for feature-based
293 customization of node objects, such as node labeling.
294 properties:
295 apiVersion:
296 type: string
297 description: |-
298 APIVersion defines the versioned schema of this representation of an object.
299 Servers should convert recognized schemas to the latest internal value, and
300 may reject unrecognized values.
301 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
302 kind:
303 type: string
304 description: |-
305 Kind is a string value representing the REST resource this object represents.
306 Servers may infer this from the endpoint the client submits requests to.
307 Cannot be updated.
308 In CamelCase.
309 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
310 metadata:
311 type: object
312 spec:
313 type: object
314 description: Spec defines the rules to be evaluated.
315 properties:
316 rules:
317 type: array
318 description: Rules is a list of node customization rules.
319 items:
320 type: object
321 description: Rule defines a rule for node customization such as labeling.
322 properties:
323 name:
324 type: string
325 description: Name of the rule.
326 labels:
327 type: object
328 additionalProperties:
329 type: string
330 description: Labels to create if the rule matches.
331 annotations:
332 type: object
333 additionalProperties:
334 type: string
335 description: Annotations to create if the rule matches.
336 extendedResources:
337 type: object
338 additionalProperties:
339 type: string
340 description: ExtendedResources to create if the rule matches.
341 labelsTemplate:
342 type: string
343 description: |-
344 LabelsTemplate specifies a template to expand for dynamically generating
345 multiple labels. Data (after template expansion) must be keys with an
346 optional value (<key>[=<value>]) separated by newlines.
347 matchAny:
348 type: array
349 description: MatchAny specifies a list of matchers one of which must match.
350 items:
351 type: object
352 description: MatchAnyElem specifies one sub-matcher of MatchAny.
353 properties:
354 matchFeatures:
355 type: array
356 description: MatchFeatures specifies a set of matcher terms all of which must match.
357 items:
358 type: object
359 description: |-
360 FeatureMatcherTerm defines requirements against one feature set. All
361 requirements (specified as MatchExpressions) are evaluated against each
362 element in the feature set.
363 properties:
364 feature:
365 type: string
366 description: Feature is the name of the feature set to match against.
367 matchExpressions:
368 type: object
369 additionalProperties:
370 type: object
371 description: |-
372 MatchExpression specifies an expression to evaluate against a set of input
373 values. It contains an operator that is applied when matching the input and
374 an array of values that the operator evaluates the input against.
375 properties:
376 value:
377 type: array
378 description: |-
379 Value is the list of values that the operand evaluates the input
380 against. Value should be empty if the operator is Exists, DoesNotExist,
381 IsTrue or IsFalse. Value should contain exactly one element if the
382 operator is Gt or Lt and exactly two elements if the operator is GtLt.
383 In other cases Value should contain at least one element.
384 items:
385 type: string
386 op:
387 type: string
388 description: Op is the operator to be applied.
389 enum:
390 - In
391 - NotIn
392 - InRegexp
393 - Exists
394 - DoesNotExist
395 - Gt
396 - Lt
397 - GtLt
398 - IsTrue
399 - IsFalse
400 required:
401 - op
402 description: |-
403 MatchExpressions is the set of per-element expressions evaluated. These
404 match against the value of the specified elements.
405 matchName:
406 type: object
407 description: |-
408 MatchName in an expression that is matched against the name of each
409 element in the feature set.
410 properties:
411 value:
412 type: array
413 description: |-
414 Value is the list of values that the operand evaluates the input
415 against. Value should be empty if the operator is Exists, DoesNotExist,
416 IsTrue or IsFalse. Value should contain exactly one element if the
417 operator is Gt or Lt and exactly two elements if the operator is GtLt.
418 In other cases Value should contain at least one element.
419 items:
420 type: string
421 op:
422 type: string
423 description: Op is the operator to be applied.
424 enum:
425 - In
426 - NotIn
427 - InRegexp
428 - Exists
429 - DoesNotExist
430 - Gt
431 - Lt
432 - GtLt
433 - IsTrue
434 - IsFalse
435 required:
436 - op
437 required:
438 - feature
439 required:
440 - matchFeatures
441 matchFeatures:
442 type: array
443 description: MatchFeatures specifies a set of matcher terms all of which must match.
444 items:
445 type: object
446 description: |-
447 FeatureMatcherTerm defines requirements against one feature set. All
448 requirements (specified as MatchExpressions) are evaluated against each
449 element in the feature set.
450 properties:
451 feature:
452 type: string
453 description: Feature is the name of the feature set to match against.
454 matchExpressions:
455 type: object
456 additionalProperties:
457 type: object
458 description: |-
459 MatchExpression specifies an expression to evaluate against a set of input
460 values. It contains an operator that is applied when matching the input and
461 an array of values that the operator evaluates the input against.
462 properties:
463 value:
464 type: array
465 description: |-
466 Value is the list of values that the operand evaluates the input
467 against. Value should be empty if the operator is Exists, DoesNotExist,
468 IsTrue or IsFalse. Value should contain exactly one element if the
469 operator is Gt or Lt and exactly two elements if the operator is GtLt.
470 In other cases Value should contain at least one element.
471 items:
472 type: string
473 op:
474 type: string
475 description: Op is the operator to be applied.
476 enum:
477 - In
478 - NotIn
479 - InRegexp
480 - Exists
481 - DoesNotExist
482 - Gt
483 - Lt
484 - GtLt
485 - IsTrue
486 - IsFalse
487 required:
488 - op
489 description: |-
490 MatchExpressions is the set of per-element expressions evaluated. These
491 match against the value of the specified elements.
492 matchName:
493 type: object
494 description: |-
495 MatchName in an expression that is matched against the name of each
496 element in the feature set.
497 properties:
498 value:
499 type: array
500 description: |-
501 Value is the list of values that the operand evaluates the input
502 against. Value should be empty if the operator is Exists, DoesNotExist,
503 IsTrue or IsFalse. Value should contain exactly one element if the
504 operator is Gt or Lt and exactly two elements if the operator is GtLt.
505 In other cases Value should contain at least one element.
506 items:
507 type: string
508 op:
509 type: string
510 description: Op is the operator to be applied.
511 enum:
512 - In
513 - NotIn
514 - InRegexp
515 - Exists
516 - DoesNotExist
517 - Gt
518 - Lt
519 - GtLt
520 - IsTrue
521 - IsFalse
522 required:
523 - op
524 required:
525 - feature
526 taints:
527 type: array
528 description: Taints to create if the rule matches.
529 items:
530 type: object
531 description: |-
532 The node this Taint is attached to has the "effect" on
533 any pod that does not tolerate the Taint.
534 properties:
535 value:
536 type: string
537 description: The taint value corresponding to the taint key.
538 effect:
539 type: string
540 description: |-
541 Required. The effect of the taint on pods
542 that do not tolerate the taint.
543 Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
544 key:
545 type: string
546 description: Required. The taint key to be applied to a node.
547 timeAdded:
548 type: string
549 description: |-
550 TimeAdded represents the time at which the taint was added.
551 It is only written for NoExecute taints.
552 format: date-time
553 required:
554 - effect
555 - key
556 vars:
557 type: object
558 additionalProperties:
559 type: string
560 description: |-
561 Vars is the variables to store if the rule matches. Variables do not
562 directly inflict any changes in the node object. However, they can be
563 referenced from other rules enabling more complex rule hierarchies,
564 without exposing intermediary output values as labels.
565 varsTemplate:
566 type: string
567 description: |-
568 VarsTemplate specifies a template to expand for dynamically generating
569 multiple variables. Data (after template expansion) must be keys with an
570 optional value (<key>[=<value>]) separated by newlines.
571 required:
572 - name
573 required:
574 - rules
575 required:
576 - spec
577 served: true
578 storage: true
579---
580apiVersion: apiextensions.k8s.io/v1
581kind: CustomResourceDefinition
582metadata:
583 name: nodefeatures.nfd.k8s-sigs.io
584 annotations:
585 controller-gen.kubebuilder.io/version: v0.14.0
586spec:
587 group: nfd.k8s-sigs.io
588 names:
589 kind: NodeFeature
590 listKind: NodeFeatureList
591 plural: nodefeatures
592 singular: nodefeature
593 scope: Namespaced
594 versions:
595 - name: v1alpha1
596 schema:
597 openAPIV3Schema:
598 type: object
599 description: |-
600 NodeFeature resource holds the features discovered for one node in the
601 cluster.
602 properties:
603 apiVersion:
604 type: string
605 description: |-
606 APIVersion defines the versioned schema of this representation of an object.
607 Servers should convert recognized schemas to the latest internal value, and
608 may reject unrecognized values.
609 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
610 kind:
611 type: string
612 description: |-
613 Kind is a string value representing the REST resource this object represents.
614 Servers may infer this from the endpoint the client submits requests to.
615 Cannot be updated.
616 In CamelCase.
617 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
618 metadata:
619 type: object
620 spec:
621 type: object
622 description: Specification of the NodeFeature, containing features discovered for a node.
623 properties:
624 labels:
625 type: object
626 additionalProperties:
627 type: string
628 description: Labels is the set of node labels that are requested to be created.
629 features:
630 type: object
631 description: Features is the full "raw" features data that has been discovered.
632 properties:
633 attributes:
634 type: object
635 additionalProperties:
636 type: object
637 description: AttributeFeatureSet is a set of features having string value.
638 properties:
639 elements:
640 type: object
641 additionalProperties:
642 type: string
643 description: Individual features of the feature set.
644 required:
645 - elements
646 description: Attributes contains all the attribute-type features of the node.
647 flags:
648 type: object
649 additionalProperties:
650 type: object
651 description: FlagFeatureSet is a set of simple features only containing names without values.
652 properties:
653 elements:
654 type: object
655 additionalProperties:
656 type: object
657 description: Nil is a dummy empty struct for protobuf compatibility
658 description: Individual features of the feature set.
659 required:
660 - elements
661 description: Flags contains all the flag-type features of the node.
662 instances:
663 type: object
664 additionalProperties:
665 type: object
666 description: InstanceFeatureSet is a set of features each of which is an instance having multiple attributes.
667 properties:
668 elements:
669 type: array
670 description: Individual features of the feature set.
671 items:
672 type: object
673 description: InstanceFeature represents one instance of a complex features, e.g. a device.
674 properties:
675 attributes:
676 type: object
677 additionalProperties:
678 type: string
679 description: Attributes of the instance feature.
680 required:
681 - attributes
682 required:
683 - elements
684 description: Instances contains all the instance-type features of the node.
685 required:
686 - spec
687 served: true
688 storage: true
689---
690apiVersion: v1
691kind: ServiceAccount
692metadata:
693 name: nfd-gc
694 namespace: node-feature-discovery
695---
696apiVersion: v1
697kind: ServiceAccount
698metadata:
699 name: nfd-master
700 namespace: node-feature-discovery
701---
702apiVersion: v1
703kind: ServiceAccount
704metadata:
705 name: nfd-worker
706 namespace: node-feature-discovery
707---
708apiVersion: rbac.authorization.k8s.io/v1
709kind: Role
710metadata:
711 name: nfd-worker
712 namespace: node-feature-discovery
713rules:
714- resources:
715 - nodefeatures
716 apiGroups:
717 - nfd.k8s-sigs.io
718 verbs:
719 - create
720 - get
721 - update
722- resources:
723 - pods
724 apiGroups:
725 - ""
726 verbs:
727 - get
728---
729apiVersion: rbac.authorization.k8s.io/v1
730kind: ClusterRole
731metadata:
732 name: nfd-gc
733rules:
734- resources:
735 - nodes
736 apiGroups:
737 - ""
738 verbs:
739 - list
740 - watch
741- resources:
742 - nodes/proxy
743 apiGroups:
744 - ""
745 verbs:
746 - get
747- resources:
748 - noderesourcetopologies
749 apiGroups:
750 - topology.node.k8s.io
751 verbs:
752 - delete
753 - list
754- resources:
755 - nodefeatures
756 apiGroups:
757 - nfd.k8s-sigs.io
758 verbs:
759 - delete
760 - list
761---
762apiVersion: rbac.authorization.k8s.io/v1
763kind: ClusterRole
764metadata:
765 name: nfd-master
766rules:
767- resources:
768 - nodes
769 - nodes/status
770 apiGroups:
771 - ""
772 verbs:
773 - get
774 - patch
775 - update
776 - list
777- resources:
778 - nodefeatures
779 - nodefeaturerules
780 - nodefeaturegroups
781 apiGroups:
782 - nfd.k8s-sigs.io
783 verbs:
784 - get
785 - list
786 - watch
787- resources:
788 - nodefeaturegroup/status
789 apiGroups:
790 - nfd.k8s-sigs.io
791 verbs:
792 - patch
793 - update
794- resources:
795 - leases
796 apiGroups:
797 - coordination.k8s.io
798 verbs:
799 - create
800- resources:
801 - leases
802 apiGroups:
803 - coordination.k8s.io
804 resourceNames:
805 - nfd-master.nfd.kubernetes.io
806 verbs:
807 - get
808 - update
809---
810apiVersion: rbac.authorization.k8s.io/v1
811kind: RoleBinding
812metadata:
813 name: nfd-worker
814 namespace: node-feature-discovery
815roleRef:
816 name: nfd-worker
817 kind: Role
818 apiGroup: rbac.authorization.k8s.io
819subjects:
820- name: nfd-worker
821 namespace: node-feature-discovery
822 kind: ServiceAccount
823---
824apiVersion: rbac.authorization.k8s.io/v1
825kind: ClusterRoleBinding
826metadata:
827 name: nfd-gc
828roleRef:
829 name: nfd-gc
830 kind: ClusterRole
831 apiGroup: rbac.authorization.k8s.io
832subjects:
833- name: nfd-gc
834 namespace: node-feature-discovery
835 kind: ServiceAccount
836---
837apiVersion: rbac.authorization.k8s.io/v1
838kind: ClusterRoleBinding
839metadata:
840 name: nfd-master
841roleRef:
842 name: nfd-master
843 kind: ClusterRole
844 apiGroup: rbac.authorization.k8s.io
845subjects:
846- name: nfd-master
847 namespace: node-feature-discovery
848 kind: ServiceAccount
849---
850apiVersion: v1
851kind: ConfigMap
852metadata:
853 name: nfd-master-conf
854 namespace: node-feature-discovery
855data:
856 nfd-master.conf: |
857 # noPublish: false
858 # autoDefaultNs: true
859 # extraLabelNs: ["added.ns.io","added.kubernets.io"]
860 # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
861 # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
862 # enableTaints: false
863 # labelWhiteList: "foo"
864 # resyncPeriod: "2h"
865 # klog:
866 # addDirHeader: false
867 # alsologtostderr: false
868 # logBacktraceAt:
869 # logtostderr: true
870 # skipHeaders: false
871 # stderrthreshold: 2
872 # v: 0
873 # vmodule:
874 ## NOTE: the following options are not dynamically run-time configurable
875 ## and require a nfd-master restart to take effect after being changed
876 # logDir:
877 # logFile:
878 # logFileMaxSize: 1800
879 # skipLogHeaders: false
880 # leaderElection:
881 # leaseDuration: 15s
882 # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
883 # renewDeadline: 10s
884 # # this value has to be greater than 0
885 # retryPeriod: 2s
886 # nfdApiParallelism: 10
887---
888apiVersion: v1
889kind: ConfigMap
890metadata:
891 name: nfd-worker-conf
892 namespace: node-feature-discovery
893data:
894 nfd-worker.conf: |
895 #core:
896 # labelWhiteList:
897 # noPublish: false
898 # sleepInterval: 60s
899 # featureSources: [all]
900 # labelSources: [all]
901 # klog:
902 # addDirHeader: false
903 # alsologtostderr: false
904 # logBacktraceAt:
905 # logtostderr: true
906 # skipHeaders: false
907 # stderrthreshold: 2
908 # v: 0
909 # vmodule:
910 ## NOTE: the following options are not dynamically run-time configurable
911 ## and require a nfd-worker restart to take effect after being changed
912 # logDir:
913 # logFile:
914 # logFileMaxSize: 1800
915 # skipLogHeaders: false
916 #sources:
917 # cpu:
918 # cpuid:
919 ## NOTE: whitelist has priority over blacklist
920 # attributeBlacklist:
921 # - "AVX10"
922 # - "BMI1"
923 # - "BMI2"
924 # - "CLMUL"
925 # - "CMOV"
926 # - "CX16"
927 # - "ERMS"
928 # - "F16C"
929 # - "HTT"
930 # - "LZCNT"
931 # - "MMX"
932 # - "MMXEXT"
933 # - "NX"
934 # - "POPCNT"
935 # - "RDRAND"
936 # - "RDSEED"
937 # - "RDTSCP"
938 # - "SGX"
939 # - "SSE"
940 # - "SSE2"
941 # - "SSE3"
942 # - "SSE4"
943 # - "SSE42"
944 # - "SSSE3"
945 # - "TDX_GUEST"
946 # attributeWhitelist:
947 # kernel:
948 # kconfigFile: "/path/to/kconfig"
949 # configOpts:
950 # - "NO_HZ"
951 # - "X86"
952 # - "DMI"
953 # pci:
954 # deviceClassWhitelist:
955 # - "0200"
956 # - "03"
957 # - "12"
958 # deviceLabelFields:
959 # - "class"
960 # - "vendor"
961 # - "device"
962 # - "subsystem_vendor"
963 # - "subsystem_device"
964 # usb:
965 # deviceClassWhitelist:
966 # - "0e"
967 # - "ef"
968 # - "fe"
969 # - "ff"
970 # deviceLabelFields:
971 # - "class"
972 # - "vendor"
973 # - "device"
974 # local:
975 # hooksEnabled: false
976 # custom:
977 # # The following feature demonstrates the capabilities of the matchFeatures
978 # - name: "my custom rule"
979 # labels:
980 # "vendor.io/my-ng-feature": "true"
981 # # matchFeatures implements a logical AND over all matcher terms in the
982 # # list (i.e. all of the terms, or per-feature matchers, must match)
983 # matchFeatures:
984 # - feature: cpu.cpuid
985 # matchExpressions:
986 # AVX512F: {op: Exists}
987 # - feature: cpu.cstate
988 # matchExpressions:
989 # enabled: {op: IsTrue}
990 # - feature: cpu.pstate
991 # matchExpressions:
992 # no_turbo: {op: IsFalse}
993 # scaling_governor: {op: In, value: ["performance"]}
994 # - feature: cpu.rdt
995 # matchExpressions:
996 # RDTL3CA: {op: Exists}
997 # - feature: cpu.sst
998 # matchExpressions:
999 # bf.enabled: {op: IsTrue}
1000 # - feature: cpu.topology
1001 # matchExpressions:
1002 # hardware_multithreading: {op: IsFalse}
1003 #
1004 # - feature: kernel.config
1005 # matchExpressions:
1006 # X86: {op: Exists}
1007 # LSM: {op: InRegexp, value: ["apparmor"]}
1008 # - feature: kernel.loadedmodule
1009 # matchExpressions:
1010 # e1000e: {op: Exists}
1011 # - feature: kernel.selinux
1012 # matchExpressions:
1013 # enabled: {op: IsFalse}
1014 # - feature: kernel.version
1015 # matchExpressions:
1016 # major: {op: In, value: ["5"]}
1017 # minor: {op: Gt, value: ["10"]}
1018 #
1019 # - feature: storage.block
1020 # matchExpressions:
1021 # rotational: {op: In, value: ["0"]}
1022 # dax: {op: In, value: ["0"]}
1023 #
1024 # - feature: network.device
1025 # matchExpressions:
1026 # operstate: {op: In, value: ["up"]}
1027 # speed: {op: Gt, value: ["100"]}
1028 #
1029 # - feature: memory.numa
1030 # matchExpressions:
1031 # node_count: {op: Gt, value: ["2"]}
1032 # - feature: memory.nv
1033 # matchExpressions:
1034 # devtype: {op: In, value: ["nd_dax"]}
1035 # mode: {op: In, value: ["memory"]}
1036 #
1037 # - feature: system.osrelease
1038 # matchExpressions:
1039 # ID: {op: In, value: ["fedora", "centos"]}
1040 # - feature: system.name
1041 # matchExpressions:
1042 # nodename: {op: InRegexp, value: ["^worker-X"]}
1043 #
1044 # - feature: local.label
1045 # matchExpressions:
1046 # custom-feature-knob: {op: Gt, value: ["100"]}
1047 #
1048 # # The following feature demonstrates the capabilities of the matchAny
1049 # - name: "my matchAny rule"
1050 # labels:
1051 # "vendor.io/my-ng-feature-2": "my-value"
1052 # # matchAny implements a logical IF over all elements (sub-matchers) in
1053 # # the list (i.e. at least one feature matcher must match)
1054 # matchAny:
1055 # - matchFeatures:
1056 # - feature: kernel.loadedmodule
1057 # matchExpressions:
1058 # driver-module-X: {op: Exists}
1059 # - feature: pci.device
1060 # matchExpressions:
1061 # vendor: {op: In, value: ["8086"]}
1062 # class: {op: In, value: ["0200"]}
1063 # - matchFeatures:
1064 # - feature: kernel.loadedmodule
1065 # matchExpressions:
1066 # driver-module-Y: {op: Exists}
1067 # - feature: usb.device
1068 # matchExpressions:
1069 # vendor: {op: In, value: ["8086"]}
1070 # class: {op: In, value: ["02"]}
1071 #
1072 # - name: "avx wildcard rule"
1073 # labels:
1074 # "my-avx-feature": "true"
1075 # matchFeatures:
1076 # - feature: cpu.cpuid
1077 # matchName: {op: InRegexp, value: ["^AVX512"]}
1078 #
1079 # # The following features demonstreate label templating capabilities
1080 # - name: "my template rule"
1081 # labelsTemplate: |
1082 # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
1083 # {{ end }}
1084 # matchFeatures:
1085 # - feature: system.osrelease
1086 # matchExpressions:
1087 # ID: {op: InRegexp, value: ["^open.*"]}
1088 # VERSION_ID.major: {op: In, value: ["13", "15"]}
1089 #
1090 # - name: "my template rule 2"
1091 # labelsTemplate: |
1092 # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
1093 # {{ end }}
1094 # matchFeatures:
1095 # - feature: pci.device
1096 # matchExpressions:
1097 # class: {op: InRegexp, value: ["^06"]}
1098 # vendor: ["8086"]
1099 # - feature: cpu.cpuid
1100 # matchExpressions:
1101 # AVX: {op: Exists}
1102 #
1103 # # The following examples demonstrate vars field and back-referencing
1104 # # previous labels and vars
1105 # - name: "my dummy kernel rule"
1106 # labels:
1107 # "vendor.io/my.kernel.feature": "true"
1108 # matchFeatures:
1109 # - feature: kernel.version
1110 # matchExpressions:
1111 # major: {op: Gt, value: ["2"]}
1112 #
1113 # - name: "my dummy rule with no labels"
1114 # vars:
1115 # "my.dummy.var": "1"
1116 # matchFeatures:
1117 # - feature: cpu.cpuid
1118 # matchExpressions: {}
1119 #
1120 # - name: "my rule using backrefs"
1121 # labels:
1122 # "vendor.io/my.backref.feature": "true"
1123 # matchFeatures:
1124 # - feature: rule.matched
1125 # matchExpressions:
1126 # vendor.io/my.kernel.feature: {op: IsTrue}
1127 # my.dummy.var: {op: Gt, value: ["0"]}
1128 #
1129 # - name: "kconfig template rule"
1130 # labelsTemplate: |
1131 # {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
1132 # {{ end }}
1133 # matchFeatures:
1134 # - feature: kernel.config
1135 # matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
1136---
1137apiVersion: apps/v1
1138kind: Deployment
1139metadata:
1140 name: nfd-gc
1141 namespace: node-feature-discovery
1142 labels:
1143 app: nfd
1144spec:
1145 selector:
1146 matchLabels:
1147 app: nfd-gc
1148 template:
1149 metadata:
1150 labels:
1151 app: nfd-gc
1152 spec:
1153 dnsPolicy: ClusterFirstWithHostNet
1154 serviceAccount: nfd-gc
1155 containers:
1156 - name: nfd-gc
1157 image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5
1158 command:
1159 - nfd-gc
1160 ports:
1161 - name: metrics
1162 containerPort: 8081
1163 env:
1164 - name: NODE_NAME
1165 valueFrom:
1166 fieldRef:
1167 fieldPath: spec.nodeName
1168 - name: POD_NAME
1169 valueFrom:
1170 fieldRef:
1171 fieldPath: metadata.name
1172 - name: POD_UID
1173 valueFrom:
1174 fieldRef:
1175 fieldPath: metadata.uid
1176 resources:
1177 limits:
1178 cpu: "20m"
1179 memory: 1Gi
1180 requests:
1181 cpu: 10m
1182 memory: 128Mi
1183 imagePullPolicy: IfNotPresent
1184 securityContext:
1185 allowPrivilegeEscalation: false
1186 capabilities:
1187 drop:
1188 - ALL
1189 readOnlyRootFilesystem: true
1190 runAsNonRoot: true
1191---
1192apiVersion: apps/v1
1193kind: Deployment
1194metadata:
1195 name: nfd-master
1196 namespace: node-feature-discovery
1197 labels:
1198 app: nfd
1199spec:
1200 replicas: 1
1201 selector:
1202 matchLabels:
1203 app: nfd-master
1204 template:
1205 metadata:
1206 labels:
1207 app: nfd-master
1208 spec:
1209 serviceAccount: nfd-master
1210 enableServiceLinks: false
1211 containers:
1212 - name: nfd-master
1213 image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5
1214 command:
1215 - nfd-master
1216 ports:
1217 - name: metrics
1218 containerPort: 8081
1219 env:
1220 - name: NODE_NAME
1221 valueFrom:
1222 fieldRef:
1223 fieldPath: spec.nodeName
1224 - name: POD_NAME
1225 valueFrom:
1226 fieldRef:
1227 fieldPath: metadata.name
1228 - name: POD_UID
1229 valueFrom:
1230 fieldRef:
1231 fieldPath: metadata.uid
1232 resources:
1233 limits:
1234 cpu: "300m"
1235 memory: 4Gi
1236 requests:
1237 cpu: 100m
1238 memory: 128Mi
1239 volumeMounts:
1240 - name: nfd-master-conf
1241 readOnly: true
1242 mountPath: /etc/kubernetes/node-feature-discovery
1243 livenessProbe:
1244 grpc:
1245 port: 8082
1246 initialDelaySeconds: 10
1247 periodSeconds: 10
1248 readinessProbe:
1249 failureThreshold: 10
1250 grpc:
1251 port: 8082
1252 initialDelaySeconds: 5
1253 periodSeconds: 10
1254 imagePullPolicy: IfNotPresent
1255 securityContext:
1256 allowPrivilegeEscalation: false
1257 capabilities:
1258 drop:
1259 - ALL
1260 readOnlyRootFilesystem: true
1261 runAsNonRoot: true
1262 volumes:
1263 - name: nfd-master-conf
1264 configMap:
1265 name: nfd-master-conf
1266 affinity:
1267 nodeAffinity:
1268 preferredDuringSchedulingIgnoredDuringExecution:
1269 - preference:
1270 matchExpressions:
1271 - key: node-role.kubernetes.io/master
1272 operator: In
1273 values:
1274 - ""
1275 weight: 1
1276 - preference:
1277 matchExpressions:
1278 - key: node-role.kubernetes.io/control-plane
1279 operator: In
1280 values:
1281 - ""
1282 weight: 1
1283 tolerations:
1284 - value: ""
1285 effect: NoSchedule
1286 key: node-role.kubernetes.io/master
1287 operator: Equal
1288 - value: ""
1289 effect: NoSchedule
1290 key: node-role.kubernetes.io/control-plane
1291 operator: Equal
1292---
1293apiVersion: apps/v1
1294kind: DaemonSet
1295metadata:
1296 name: nfd-worker
1297 namespace: node-feature-discovery
1298 labels:
1299 app: nfd
1300spec:
1301 selector:
1302 matchLabels:
1303 app: nfd-worker
1304 template:
1305 metadata:
1306 labels:
1307 app: nfd-worker
1308 spec:
1309 dnsPolicy: ClusterFirstWithHostNet
1310 serviceAccount: nfd-worker
1311 containers:
1312 - name: nfd-worker
1313 image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5
1314 command:
1315 - nfd-worker
1316 args:
1317 - -server=nfd-master:8080
1318 ports:
1319 - name: metrics
1320 containerPort: 8081
1321 env:
1322 - name: NODE_NAME
1323 valueFrom:
1324 fieldRef:
1325 fieldPath: spec.nodeName
1326 - name: POD_NAME
1327 valueFrom:
1328 fieldRef:
1329 fieldPath: metadata.name
1330 - name: POD_UID
1331 valueFrom:
1332 fieldRef:
1333 fieldPath: metadata.uid
1334 resources:
1335 limits:
1336 cpu: "200m"
1337 memory: 512Mi
1338 requests:
1339 cpu: 5m
1340 memory: 64Mi
1341 volumeMounts:
1342 - name: host-boot
1343 readOnly: true
1344 mountPath: /host-boot
1345 - name: host-os-release
1346 readOnly: true
1347 mountPath: /host-etc/os-release
1348 - name: host-sys
1349 readOnly: true
1350 mountPath: /host-sys
1351 - name: host-proc-swaps
1352 readOnly: true
1353 mountPath: /host-proc/swaps
1354 - name: host-usr-lib
1355 readOnly: true
1356 mountPath: /host-usr/lib
1357 - name: host-lib
1358 readOnly: true
1359 mountPath: /host-lib
1360 - name: source-d
1361 readOnly: true
1362 mountPath: /etc/kubernetes/node-feature-discovery/source.d/
1363 - name: features-d
1364 readOnly: true
1365 mountPath: /etc/kubernetes/node-feature-discovery/features.d/
1366 - name: nfd-worker-conf
1367 readOnly: true
1368 mountPath: /etc/kubernetes/node-feature-discovery
1369 livenessProbe:
1370 grpc:
1371 port: 8082
1372 initialDelaySeconds: 10
1373 periodSeconds: 10
1374 readinessProbe:
1375 failureThreshold: 10
1376 grpc:
1377 port: 8082
1378 initialDelaySeconds: 5
1379 periodSeconds: 10
1380 imagePullPolicy: IfNotPresent
1381 securityContext:
1382 allowPrivilegeEscalation: false
1383 capabilities:
1384 drop:
1385 - ALL
1386 readOnlyRootFilesystem: true
1387 runAsNonRoot: true
1388 volumes:
1389 - name: features-d
1390 hostPath:
1391 path: /etc/kubernetes/node-feature-discovery/features.d/
1392 - name: host-boot
1393 hostPath:
1394 path: /boot
1395 - name: host-lib
1396 hostPath:
1397 path: /lib
1398 - name: host-os-release
1399 hostPath:
1400 path: /etc/os-release
1401 - name: host-proc-swaps
1402 hostPath:
1403 path: /proc/swaps
1404 - name: host-sys
1405 hostPath:
1406 path: /sys
1407 - name: host-usr-lib
1408 hostPath:
1409 path: /usr/lib
1410 - name: nfd-worker-conf
1411 configMap:
1412 name: nfd-worker-conf
1413 - name: source-d
1414 hostPath:
1415 path: /etc/kubernetes/node-feature-discovery/source.d/
View as plain text