...

Text file src/edge-infra.dev/third_party/k8s/node-feature-discovery/base/manifests.yaml

Documentation: edge-infra.dev/third_party/k8s/node-feature-discovery/base

     1apiVersion: v1
     2kind: Namespace
     3metadata:
     4  name: node-feature-discovery
     5---
     6apiVersion: apiextensions.k8s.io/v1
     7kind: CustomResourceDefinition
     8metadata:
     9  name: nodefeaturegroups.nfd.k8s-sigs.io
    10  annotations:
    11    controller-gen.kubebuilder.io/version: v0.14.0
    12spec:
    13  group: nfd.k8s-sigs.io
    14  names:
    15    kind: NodeFeatureGroup
    16    listKind: NodeFeatureGroupList
    17    plural: nodefeaturegroups
    18    shortNames:
    19    - nfg
    20    singular: nodefeaturegroup
    21  scope: Namespaced
    22  versions:
    23  - name: v1alpha1
    24    schema:
    25      openAPIV3Schema:
    26        type: object
    27        description: NodeFeatureGroup resource holds Node pools by featureGroup
    28        properties:
    29          apiVersion:
    30            type: string
    31            description: |-
    32              APIVersion defines the versioned schema of this representation of an object.
    33              Servers should convert recognized schemas to the latest internal value, and
    34              may reject unrecognized values.
    35              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
    36          kind:
    37            type: string
    38            description: |-
    39              Kind is a string value representing the REST resource this object represents.
    40              Servers may infer this from the endpoint the client submits requests to.
    41              Cannot be updated.
    42              In CamelCase.
    43              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    44          metadata:
    45            type: object
    46          spec:
    47            type: object
    48            description: Spec defines the rules to be evaluated.
    49            properties:
    50              featureGroupRules:
    51                type: array
    52                description: List of rules to evaluate to determine nodes that belong in this group.
    53                items:
    54                  type: object
    55                  description: GroupRule defines a rule for nodegroup filtering.
    56                  properties:
    57                    name:
    58                      type: string
    59                      description: Name of the rule.
    60                    matchAny:
    61                      type: array
    62                      description: MatchAny specifies a list of matchers one of which must match.
    63                      items:
    64                        type: object
    65                        description: MatchAnyElem specifies one sub-matcher of MatchAny.
    66                        properties:
    67                          matchFeatures:
    68                            type: array
    69                            description: MatchFeatures specifies a set of matcher terms all of which must match.
    70                            items:
    71                              type: object
    72                              description: |-
    73                                FeatureMatcherTerm defines requirements against one feature set. All
    74                                requirements (specified as MatchExpressions) are evaluated against each
    75                                element in the feature set.
    76                              properties:
    77                                feature:
    78                                  type: string
    79                                  description: Feature is the name of the feature set to match against.
    80                                matchExpressions:
    81                                  type: object
    82                                  additionalProperties:
    83                                    type: object
    84                                    description: |-
    85                                      MatchExpression specifies an expression to evaluate against a set of input
    86                                      values. It contains an operator that is applied when matching the input and
    87                                      an array of values that the operator evaluates the input against.
    88                                    properties:
    89                                      value:
    90                                        type: array
    91                                        description: |-
    92                                          Value is the list of values that the operand evaluates the input
    93                                          against. Value should be empty if the operator is Exists, DoesNotExist,
    94                                          IsTrue or IsFalse. Value should contain exactly one element if the
    95                                          operator is Gt or Lt and exactly two elements if the operator is GtLt.
    96                                          In other cases Value should contain at least one element.
    97                                        items:
    98                                          type: string
    99                                      op:
   100                                        type: string
   101                                        description: Op is the operator to be applied.
   102                                        enum:
   103                                        - In
   104                                        - NotIn
   105                                        - InRegexp
   106                                        - Exists
   107                                        - DoesNotExist
   108                                        - Gt
   109                                        - Lt
   110                                        - GtLt
   111                                        - IsTrue
   112                                        - IsFalse
   113                                    required:
   114                                    - op
   115                                  description: |-
   116                                    MatchExpressions is the set of per-element expressions evaluated. These
   117                                    match against the value of the specified elements.
   118                                matchName:
   119                                  type: object
   120                                  description: |-
   121                                    MatchName in an expression that is matched against the name of each
   122                                    element in the feature set.
   123                                  properties:
   124                                    value:
   125                                      type: array
   126                                      description: |-
   127                                        Value is the list of values that the operand evaluates the input
   128                                        against. Value should be empty if the operator is Exists, DoesNotExist,
   129                                        IsTrue or IsFalse. Value should contain exactly one element if the
   130                                        operator is Gt or Lt and exactly two elements if the operator is GtLt.
   131                                        In other cases Value should contain at least one element.
   132                                      items:
   133                                        type: string
   134                                    op:
   135                                      type: string
   136                                      description: Op is the operator to be applied.
   137                                      enum:
   138                                      - In
   139                                      - NotIn
   140                                      - InRegexp
   141                                      - Exists
   142                                      - DoesNotExist
   143                                      - Gt
   144                                      - Lt
   145                                      - GtLt
   146                                      - IsTrue
   147                                      - IsFalse
   148                                  required:
   149                                  - op
   150                              required:
   151                              - feature
   152                        required:
   153                        - matchFeatures
   154                    matchFeatures:
   155                      type: array
   156                      description: MatchFeatures specifies a set of matcher terms all of which must match.
   157                      items:
   158                        type: object
   159                        description: |-
   160                          FeatureMatcherTerm defines requirements against one feature set. All
   161                          requirements (specified as MatchExpressions) are evaluated against each
   162                          element in the feature set.
   163                        properties:
   164                          feature:
   165                            type: string
   166                            description: Feature is the name of the feature set to match against.
   167                          matchExpressions:
   168                            type: object
   169                            additionalProperties:
   170                              type: object
   171                              description: |-
   172                                MatchExpression specifies an expression to evaluate against a set of input
   173                                values. It contains an operator that is applied when matching the input and
   174                                an array of values that the operator evaluates the input against.
   175                              properties:
   176                                value:
   177                                  type: array
   178                                  description: |-
   179                                    Value is the list of values that the operand evaluates the input
   180                                    against. Value should be empty if the operator is Exists, DoesNotExist,
   181                                    IsTrue or IsFalse. Value should contain exactly one element if the
   182                                    operator is Gt or Lt and exactly two elements if the operator is GtLt.
   183                                    In other cases Value should contain at least one element.
   184                                  items:
   185                                    type: string
   186                                op:
   187                                  type: string
   188                                  description: Op is the operator to be applied.
   189                                  enum:
   190                                  - In
   191                                  - NotIn
   192                                  - InRegexp
   193                                  - Exists
   194                                  - DoesNotExist
   195                                  - Gt
   196                                  - Lt
   197                                  - GtLt
   198                                  - IsTrue
   199                                  - IsFalse
   200                              required:
   201                              - op
   202                            description: |-
   203                              MatchExpressions is the set of per-element expressions evaluated. These
   204                              match against the value of the specified elements.
   205                          matchName:
   206                            type: object
   207                            description: |-
   208                              MatchName in an expression that is matched against the name of each
   209                              element in the feature set.
   210                            properties:
   211                              value:
   212                                type: array
   213                                description: |-
   214                                  Value is the list of values that the operand evaluates the input
   215                                  against. Value should be empty if the operator is Exists, DoesNotExist,
   216                                  IsTrue or IsFalse. Value should contain exactly one element if the
   217                                  operator is Gt or Lt and exactly two elements if the operator is GtLt.
   218                                  In other cases Value should contain at least one element.
   219                                items:
   220                                  type: string
   221                              op:
   222                                type: string
   223                                description: Op is the operator to be applied.
   224                                enum:
   225                                - In
   226                                - NotIn
   227                                - InRegexp
   228                                - Exists
   229                                - DoesNotExist
   230                                - Gt
   231                                - Lt
   232                                - GtLt
   233                                - IsTrue
   234                                - IsFalse
   235                            required:
   236                            - op
   237                        required:
   238                        - feature
   239                  required:
   240                  - name
   241            required:
   242            - featureGroupRules
   243          status:
   244            type: object
   245            description: |-
   246              Status of the NodeFeatureGroup after the most recent evaluation of the
   247              specification.
   248            properties:
   249              nodes:
   250                type: array
   251                description: Nodes is a list of FeatureGroupNode in the cluster that match the featureGroupRules
   252                items:
   253                  type: object
   254                  properties:
   255                    name:
   256                      type: string
   257                      description: Name of the node.
   258                  required:
   259                  - name
   260                x-kubernetes-list-map-keys:
   261                - name
   262                x-kubernetes-list-type: map
   263        required:
   264        - spec
   265    served: true
   266    storage: true
   267    subresources:
   268      status: {}
   269---
   270apiVersion: apiextensions.k8s.io/v1
   271kind: CustomResourceDefinition
   272metadata:
   273  name: nodefeaturerules.nfd.k8s-sigs.io
   274  annotations:
   275    controller-gen.kubebuilder.io/version: v0.14.0
   276spec:
   277  group: nfd.k8s-sigs.io
   278  names:
   279    kind: NodeFeatureRule
   280    listKind: NodeFeatureRuleList
   281    plural: nodefeaturerules
   282    shortNames:
   283    - nfr
   284    singular: nodefeaturerule
   285  scope: Cluster
   286  versions:
   287  - name: v1alpha1
   288    schema:
   289      openAPIV3Schema:
   290        type: object
   291        description: |-
   292          NodeFeatureRule resource specifies a configuration for feature-based
   293          customization of node objects, such as node labeling.
   294        properties:
   295          apiVersion:
   296            type: string
   297            description: |-
   298              APIVersion defines the versioned schema of this representation of an object.
   299              Servers should convert recognized schemas to the latest internal value, and
   300              may reject unrecognized values.
   301              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
   302          kind:
   303            type: string
   304            description: |-
   305              Kind is a string value representing the REST resource this object represents.
   306              Servers may infer this from the endpoint the client submits requests to.
   307              Cannot be updated.
   308              In CamelCase.
   309              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
   310          metadata:
   311            type: object
   312          spec:
   313            type: object
   314            description: Spec defines the rules to be evaluated.
   315            properties:
   316              rules:
   317                type: array
   318                description: Rules is a list of node customization rules.
   319                items:
   320                  type: object
   321                  description: Rule defines a rule for node customization such as labeling.
   322                  properties:
   323                    name:
   324                      type: string
   325                      description: Name of the rule.
   326                    labels:
   327                      type: object
   328                      additionalProperties:
   329                        type: string
   330                      description: Labels to create if the rule matches.
   331                    annotations:
   332                      type: object
   333                      additionalProperties:
   334                        type: string
   335                      description: Annotations to create if the rule matches.
   336                    extendedResources:
   337                      type: object
   338                      additionalProperties:
   339                        type: string
   340                      description: ExtendedResources to create if the rule matches.
   341                    labelsTemplate:
   342                      type: string
   343                      description: |-
   344                        LabelsTemplate specifies a template to expand for dynamically generating
   345                        multiple labels. Data (after template expansion) must be keys with an
   346                        optional value (<key>[=<value>]) separated by newlines.
   347                    matchAny:
   348                      type: array
   349                      description: MatchAny specifies a list of matchers one of which must match.
   350                      items:
   351                        type: object
   352                        description: MatchAnyElem specifies one sub-matcher of MatchAny.
   353                        properties:
   354                          matchFeatures:
   355                            type: array
   356                            description: MatchFeatures specifies a set of matcher terms all of which must match.
   357                            items:
   358                              type: object
   359                              description: |-
   360                                FeatureMatcherTerm defines requirements against one feature set. All
   361                                requirements (specified as MatchExpressions) are evaluated against each
   362                                element in the feature set.
   363                              properties:
   364                                feature:
   365                                  type: string
   366                                  description: Feature is the name of the feature set to match against.
   367                                matchExpressions:
   368                                  type: object
   369                                  additionalProperties:
   370                                    type: object
   371                                    description: |-
   372                                      MatchExpression specifies an expression to evaluate against a set of input
   373                                      values. It contains an operator that is applied when matching the input and
   374                                      an array of values that the operator evaluates the input against.
   375                                    properties:
   376                                      value:
   377                                        type: array
   378                                        description: |-
   379                                          Value is the list of values that the operand evaluates the input
   380                                          against. Value should be empty if the operator is Exists, DoesNotExist,
   381                                          IsTrue or IsFalse. Value should contain exactly one element if the
   382                                          operator is Gt or Lt and exactly two elements if the operator is GtLt.
   383                                          In other cases Value should contain at least one element.
   384                                        items:
   385                                          type: string
   386                                      op:
   387                                        type: string
   388                                        description: Op is the operator to be applied.
   389                                        enum:
   390                                        - In
   391                                        - NotIn
   392                                        - InRegexp
   393                                        - Exists
   394                                        - DoesNotExist
   395                                        - Gt
   396                                        - Lt
   397                                        - GtLt
   398                                        - IsTrue
   399                                        - IsFalse
   400                                    required:
   401                                    - op
   402                                  description: |-
   403                                    MatchExpressions is the set of per-element expressions evaluated. These
   404                                    match against the value of the specified elements.
   405                                matchName:
   406                                  type: object
   407                                  description: |-
   408                                    MatchName in an expression that is matched against the name of each
   409                                    element in the feature set.
   410                                  properties:
   411                                    value:
   412                                      type: array
   413                                      description: |-
   414                                        Value is the list of values that the operand evaluates the input
   415                                        against. Value should be empty if the operator is Exists, DoesNotExist,
   416                                        IsTrue or IsFalse. Value should contain exactly one element if the
   417                                        operator is Gt or Lt and exactly two elements if the operator is GtLt.
   418                                        In other cases Value should contain at least one element.
   419                                      items:
   420                                        type: string
   421                                    op:
   422                                      type: string
   423                                      description: Op is the operator to be applied.
   424                                      enum:
   425                                      - In
   426                                      - NotIn
   427                                      - InRegexp
   428                                      - Exists
   429                                      - DoesNotExist
   430                                      - Gt
   431                                      - Lt
   432                                      - GtLt
   433                                      - IsTrue
   434                                      - IsFalse
   435                                  required:
   436                                  - op
   437                              required:
   438                              - feature
   439                        required:
   440                        - matchFeatures
   441                    matchFeatures:
   442                      type: array
   443                      description: MatchFeatures specifies a set of matcher terms all of which must match.
   444                      items:
   445                        type: object
   446                        description: |-
   447                          FeatureMatcherTerm defines requirements against one feature set. All
   448                          requirements (specified as MatchExpressions) are evaluated against each
   449                          element in the feature set.
   450                        properties:
   451                          feature:
   452                            type: string
   453                            description: Feature is the name of the feature set to match against.
   454                          matchExpressions:
   455                            type: object
   456                            additionalProperties:
   457                              type: object
   458                              description: |-
   459                                MatchExpression specifies an expression to evaluate against a set of input
   460                                values. It contains an operator that is applied when matching the input and
   461                                an array of values that the operator evaluates the input against.
   462                              properties:
   463                                value:
   464                                  type: array
   465                                  description: |-
   466                                    Value is the list of values that the operand evaluates the input
   467                                    against. Value should be empty if the operator is Exists, DoesNotExist,
   468                                    IsTrue or IsFalse. Value should contain exactly one element if the
   469                                    operator is Gt or Lt and exactly two elements if the operator is GtLt.
   470                                    In other cases Value should contain at least one element.
   471                                  items:
   472                                    type: string
   473                                op:
   474                                  type: string
   475                                  description: Op is the operator to be applied.
   476                                  enum:
   477                                  - In
   478                                  - NotIn
   479                                  - InRegexp
   480                                  - Exists
   481                                  - DoesNotExist
   482                                  - Gt
   483                                  - Lt
   484                                  - GtLt
   485                                  - IsTrue
   486                                  - IsFalse
   487                              required:
   488                              - op
   489                            description: |-
   490                              MatchExpressions is the set of per-element expressions evaluated. These
   491                              match against the value of the specified elements.
   492                          matchName:
   493                            type: object
   494                            description: |-
   495                              MatchName in an expression that is matched against the name of each
   496                              element in the feature set.
   497                            properties:
   498                              value:
   499                                type: array
   500                                description: |-
   501                                  Value is the list of values that the operand evaluates the input
   502                                  against. Value should be empty if the operator is Exists, DoesNotExist,
   503                                  IsTrue or IsFalse. Value should contain exactly one element if the
   504                                  operator is Gt or Lt and exactly two elements if the operator is GtLt.
   505                                  In other cases Value should contain at least one element.
   506                                items:
   507                                  type: string
   508                              op:
   509                                type: string
   510                                description: Op is the operator to be applied.
   511                                enum:
   512                                - In
   513                                - NotIn
   514                                - InRegexp
   515                                - Exists
   516                                - DoesNotExist
   517                                - Gt
   518                                - Lt
   519                                - GtLt
   520                                - IsTrue
   521                                - IsFalse
   522                            required:
   523                            - op
   524                        required:
   525                        - feature
   526                    taints:
   527                      type: array
   528                      description: Taints to create if the rule matches.
   529                      items:
   530                        type: object
   531                        description: |-
   532                          The node this Taint is attached to has the "effect" on
   533                          any pod that does not tolerate the Taint.
   534                        properties:
   535                          value:
   536                            type: string
   537                            description: The taint value corresponding to the taint key.
   538                          effect:
   539                            type: string
   540                            description: |-
   541                              Required. The effect of the taint on pods
   542                              that do not tolerate the taint.
   543                              Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
   544                          key:
   545                            type: string
   546                            description: Required. The taint key to be applied to a node.
   547                          timeAdded:
   548                            type: string
   549                            description: |-
   550                              TimeAdded represents the time at which the taint was added.
   551                              It is only written for NoExecute taints.
   552                            format: date-time
   553                        required:
   554                        - effect
   555                        - key
   556                    vars:
   557                      type: object
   558                      additionalProperties:
   559                        type: string
   560                      description: |-
   561                        Vars is the variables to store if the rule matches. Variables do not
   562                        directly inflict any changes in the node object. However, they can be
   563                        referenced from other rules enabling more complex rule hierarchies,
   564                        without exposing intermediary output values as labels.
   565                    varsTemplate:
   566                      type: string
   567                      description: |-
   568                        VarsTemplate specifies a template to expand for dynamically generating
   569                        multiple variables. Data (after template expansion) must be keys with an
   570                        optional value (<key>[=<value>]) separated by newlines.
   571                  required:
   572                  - name
   573            required:
   574            - rules
   575        required:
   576        - spec
   577    served: true
   578    storage: true
   579---
   580apiVersion: apiextensions.k8s.io/v1
   581kind: CustomResourceDefinition
   582metadata:
   583  name: nodefeatures.nfd.k8s-sigs.io
   584  annotations:
   585    controller-gen.kubebuilder.io/version: v0.14.0
   586spec:
   587  group: nfd.k8s-sigs.io
   588  names:
   589    kind: NodeFeature
   590    listKind: NodeFeatureList
   591    plural: nodefeatures
   592    singular: nodefeature
   593  scope: Namespaced
   594  versions:
   595  - name: v1alpha1
   596    schema:
   597      openAPIV3Schema:
   598        type: object
   599        description: |-
   600          NodeFeature resource holds the features discovered for one node in the
   601          cluster.
   602        properties:
   603          apiVersion:
   604            type: string
   605            description: |-
   606              APIVersion defines the versioned schema of this representation of an object.
   607              Servers should convert recognized schemas to the latest internal value, and
   608              may reject unrecognized values.
   609              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
   610          kind:
   611            type: string
   612            description: |-
   613              Kind is a string value representing the REST resource this object represents.
   614              Servers may infer this from the endpoint the client submits requests to.
   615              Cannot be updated.
   616              In CamelCase.
   617              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
   618          metadata:
   619            type: object
   620          spec:
   621            type: object
   622            description: Specification of the NodeFeature, containing features discovered for a node.
   623            properties:
   624              labels:
   625                type: object
   626                additionalProperties:
   627                  type: string
   628                description: Labels is the set of node labels that are requested to be created.
   629              features:
   630                type: object
   631                description: Features is the full "raw" features data that has been discovered.
   632                properties:
   633                  attributes:
   634                    type: object
   635                    additionalProperties:
   636                      type: object
   637                      description: AttributeFeatureSet is a set of features having string value.
   638                      properties:
   639                        elements:
   640                          type: object
   641                          additionalProperties:
   642                            type: string
   643                          description: Individual features of the feature set.
   644                      required:
   645                      - elements
   646                    description: Attributes contains all the attribute-type features of the node.
   647                  flags:
   648                    type: object
   649                    additionalProperties:
   650                      type: object
   651                      description: FlagFeatureSet is a set of simple features only containing names without values.
   652                      properties:
   653                        elements:
   654                          type: object
   655                          additionalProperties:
   656                            type: object
   657                            description: Nil is a dummy empty struct for protobuf compatibility
   658                          description: Individual features of the feature set.
   659                      required:
   660                      - elements
   661                    description: Flags contains all the flag-type features of the node.
   662                  instances:
   663                    type: object
   664                    additionalProperties:
   665                      type: object
   666                      description: InstanceFeatureSet is a set of features each of which is an instance having multiple attributes.
   667                      properties:
   668                        elements:
   669                          type: array
   670                          description: Individual features of the feature set.
   671                          items:
   672                            type: object
   673                            description: InstanceFeature represents one instance of a complex features, e.g. a device.
   674                            properties:
   675                              attributes:
   676                                type: object
   677                                additionalProperties:
   678                                  type: string
   679                                description: Attributes of the instance feature.
   680                            required:
   681                            - attributes
   682                      required:
   683                      - elements
   684                    description: Instances contains all the instance-type features of the node.
   685        required:
   686        - spec
   687    served: true
   688    storage: true
   689---
   690apiVersion: v1
   691kind: ServiceAccount
   692metadata:
   693  name: nfd-gc
   694  namespace: node-feature-discovery
   695---
   696apiVersion: v1
   697kind: ServiceAccount
   698metadata:
   699  name: nfd-master
   700  namespace: node-feature-discovery
   701---
   702apiVersion: v1
   703kind: ServiceAccount
   704metadata:
   705  name: nfd-worker
   706  namespace: node-feature-discovery
   707---
   708apiVersion: rbac.authorization.k8s.io/v1
   709kind: Role
   710metadata:
   711  name: nfd-worker
   712  namespace: node-feature-discovery
   713rules:
   714- resources:
   715  - nodefeatures
   716  apiGroups:
   717  - nfd.k8s-sigs.io
   718  verbs:
   719  - create
   720  - get
   721  - update
   722- resources:
   723  - pods
   724  apiGroups:
   725  - ""
   726  verbs:
   727  - get
   728---
   729apiVersion: rbac.authorization.k8s.io/v1
   730kind: ClusterRole
   731metadata:
   732  name: nfd-gc
   733rules:
   734- resources:
   735  - nodes
   736  apiGroups:
   737  - ""
   738  verbs:
   739  - list
   740  - watch
   741- resources:
   742  - nodes/proxy
   743  apiGroups:
   744  - ""
   745  verbs:
   746  - get
   747- resources:
   748  - noderesourcetopologies
   749  apiGroups:
   750  - topology.node.k8s.io
   751  verbs:
   752  - delete
   753  - list
   754- resources:
   755  - nodefeatures
   756  apiGroups:
   757  - nfd.k8s-sigs.io
   758  verbs:
   759  - delete
   760  - list
   761---
   762apiVersion: rbac.authorization.k8s.io/v1
   763kind: ClusterRole
   764metadata:
   765  name: nfd-master
   766rules:
   767- resources:
   768  - nodes
   769  - nodes/status
   770  apiGroups:
   771  - ""
   772  verbs:
   773  - get
   774  - patch
   775  - update
   776  - list
   777- resources:
   778  - nodefeatures
   779  - nodefeaturerules
   780  - nodefeaturegroups
   781  apiGroups:
   782  - nfd.k8s-sigs.io
   783  verbs:
   784  - get
   785  - list
   786  - watch
   787- resources:
   788  - nodefeaturegroup/status
   789  apiGroups:
   790  - nfd.k8s-sigs.io
   791  verbs:
   792  - patch
   793  - update
   794- resources:
   795  - leases
   796  apiGroups:
   797  - coordination.k8s.io
   798  verbs:
   799  - create
   800- resources:
   801  - leases
   802  apiGroups:
   803  - coordination.k8s.io
   804  resourceNames:
   805  - nfd-master.nfd.kubernetes.io
   806  verbs:
   807  - get
   808  - update
   809---
   810apiVersion: rbac.authorization.k8s.io/v1
   811kind: RoleBinding
   812metadata:
   813  name: nfd-worker
   814  namespace: node-feature-discovery
   815roleRef:
   816  name: nfd-worker
   817  kind: Role
   818  apiGroup: rbac.authorization.k8s.io
   819subjects:
   820- name: nfd-worker
   821  namespace: node-feature-discovery
   822  kind: ServiceAccount
   823---
   824apiVersion: rbac.authorization.k8s.io/v1
   825kind: ClusterRoleBinding
   826metadata:
   827  name: nfd-gc
   828roleRef:
   829  name: nfd-gc
   830  kind: ClusterRole
   831  apiGroup: rbac.authorization.k8s.io
   832subjects:
   833- name: nfd-gc
   834  namespace: node-feature-discovery
   835  kind: ServiceAccount
   836---
   837apiVersion: rbac.authorization.k8s.io/v1
   838kind: ClusterRoleBinding
   839metadata:
   840  name: nfd-master
   841roleRef:
   842  name: nfd-master
   843  kind: ClusterRole
   844  apiGroup: rbac.authorization.k8s.io
   845subjects:
   846- name: nfd-master
   847  namespace: node-feature-discovery
   848  kind: ServiceAccount
   849---
   850apiVersion: v1
   851kind: ConfigMap
   852metadata:
   853  name: nfd-master-conf
   854  namespace: node-feature-discovery
   855data:
   856  nfd-master.conf: |
   857    # noPublish: false
   858    # autoDefaultNs: true
   859    # extraLabelNs: ["added.ns.io","added.kubernets.io"]
   860    # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
   861    # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
   862    # enableTaints: false
   863    # labelWhiteList: "foo"
   864    # resyncPeriod: "2h"
   865    # klog:
   866    #    addDirHeader: false
   867    #    alsologtostderr: false
   868    #    logBacktraceAt:
   869    #    logtostderr: true
   870    #    skipHeaders: false
   871    #    stderrthreshold: 2
   872    #    v: 0
   873    #    vmodule:
   874    ##   NOTE: the following options are not dynamically run-time configurable
   875    ##         and require a nfd-master restart to take effect after being changed
   876    #    logDir:
   877    #    logFile:
   878    #    logFileMaxSize: 1800
   879    #    skipLogHeaders: false
   880    # leaderElection:
   881    #   leaseDuration: 15s
   882    #   # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
   883    #   renewDeadline: 10s
   884    #   # this value has to be greater than 0
   885    #   retryPeriod: 2s
   886    # nfdApiParallelism: 10
   887---
   888apiVersion: v1
   889kind: ConfigMap
   890metadata:
   891  name: nfd-worker-conf
   892  namespace: node-feature-discovery
   893data:
   894  nfd-worker.conf: |
   895    #core:
   896    #  labelWhiteList:
   897    #  noPublish: false
   898    #  sleepInterval: 60s
   899    #  featureSources: [all]
   900    #  labelSources: [all]
   901    #  klog:
   902    #    addDirHeader: false
   903    #    alsologtostderr: false
   904    #    logBacktraceAt:
   905    #    logtostderr: true
   906    #    skipHeaders: false
   907    #    stderrthreshold: 2
   908    #    v: 0
   909    #    vmodule:
   910    ##   NOTE: the following options are not dynamically run-time configurable
   911    ##         and require a nfd-worker restart to take effect after being changed
   912    #    logDir:
   913    #    logFile:
   914    #    logFileMaxSize: 1800
   915    #    skipLogHeaders: false
   916    #sources:
   917    #  cpu:
   918    #    cpuid:
   919    ##     NOTE: whitelist has priority over blacklist
   920    #      attributeBlacklist:
   921    #        - "AVX10"
   922    #        - "BMI1"
   923    #        - "BMI2"
   924    #        - "CLMUL"
   925    #        - "CMOV"
   926    #        - "CX16"
   927    #        - "ERMS"
   928    #        - "F16C"
   929    #        - "HTT"
   930    #        - "LZCNT"
   931    #        - "MMX"
   932    #        - "MMXEXT"
   933    #        - "NX"
   934    #        - "POPCNT"
   935    #        - "RDRAND"
   936    #        - "RDSEED"
   937    #        - "RDTSCP"
   938    #        - "SGX"
   939    #        - "SSE"
   940    #        - "SSE2"
   941    #        - "SSE3"
   942    #        - "SSE4"
   943    #        - "SSE42"
   944    #        - "SSSE3"
   945    #        - "TDX_GUEST"
   946    #      attributeWhitelist:
   947    #  kernel:
   948    #    kconfigFile: "/path/to/kconfig"
   949    #    configOpts:
   950    #      - "NO_HZ"
   951    #      - "X86"
   952    #      - "DMI"
   953    #  pci:
   954    #    deviceClassWhitelist:
   955    #      - "0200"
   956    #      - "03"
   957    #      - "12"
   958    #    deviceLabelFields:
   959    #      - "class"
   960    #      - "vendor"
   961    #      - "device"
   962    #      - "subsystem_vendor"
   963    #      - "subsystem_device"
   964    #  usb:
   965    #    deviceClassWhitelist:
   966    #      - "0e"
   967    #      - "ef"
   968    #      - "fe"
   969    #      - "ff"
   970    #    deviceLabelFields:
   971    #      - "class"
   972    #      - "vendor"
   973    #      - "device"
   974    #  local:
   975    #    hooksEnabled: false
   976    #  custom:
   977    #    # The following feature demonstrates the capabilities of the matchFeatures
   978    #    - name: "my custom rule"
   979    #      labels:
   980    #        "vendor.io/my-ng-feature": "true"
   981    #      # matchFeatures implements a logical AND over all matcher terms in the
   982    #      # list (i.e. all of the terms, or per-feature matchers, must match)
   983    #      matchFeatures:
   984    #        - feature: cpu.cpuid
   985    #          matchExpressions:
   986    #            AVX512F: {op: Exists}
   987    #        - feature: cpu.cstate
   988    #          matchExpressions:
   989    #            enabled: {op: IsTrue}
   990    #        - feature: cpu.pstate
   991    #          matchExpressions:
   992    #            no_turbo: {op: IsFalse}
   993    #            scaling_governor: {op: In, value: ["performance"]}
   994    #        - feature: cpu.rdt
   995    #          matchExpressions:
   996    #            RDTL3CA: {op: Exists}
   997    #        - feature: cpu.sst
   998    #          matchExpressions:
   999    #            bf.enabled: {op: IsTrue}
  1000    #        - feature: cpu.topology
  1001    #          matchExpressions:
  1002    #            hardware_multithreading: {op: IsFalse}
  1003    #
  1004    #        - feature: kernel.config
  1005    #          matchExpressions:
  1006    #            X86: {op: Exists}
  1007    #            LSM: {op: InRegexp, value: ["apparmor"]}
  1008    #        - feature: kernel.loadedmodule
  1009    #          matchExpressions:
  1010    #            e1000e: {op: Exists}
  1011    #        - feature: kernel.selinux
  1012    #          matchExpressions:
  1013    #            enabled: {op: IsFalse}
  1014    #        - feature: kernel.version
  1015    #          matchExpressions:
  1016    #            major: {op: In, value: ["5"]}
  1017    #            minor: {op: Gt, value: ["10"]}
  1018    #
  1019    #        - feature: storage.block
  1020    #          matchExpressions:
  1021    #            rotational: {op: In, value: ["0"]}
  1022    #            dax: {op: In, value: ["0"]}
  1023    #
  1024    #        - feature: network.device
  1025    #          matchExpressions:
  1026    #            operstate: {op: In, value: ["up"]}
  1027    #            speed: {op: Gt, value: ["100"]}
  1028    #
  1029    #        - feature: memory.numa
  1030    #          matchExpressions:
  1031    #            node_count: {op: Gt, value: ["2"]}
  1032    #        - feature: memory.nv
  1033    #          matchExpressions:
  1034    #            devtype: {op: In, value: ["nd_dax"]}
  1035    #            mode: {op: In, value: ["memory"]}
  1036    #
  1037    #        - feature: system.osrelease
  1038    #          matchExpressions:
  1039    #            ID: {op: In, value: ["fedora", "centos"]}
  1040    #        - feature: system.name
  1041    #          matchExpressions:
  1042    #            nodename: {op: InRegexp, value: ["^worker-X"]}
  1043    #
  1044    #        - feature: local.label
  1045    #          matchExpressions:
  1046    #            custom-feature-knob: {op: Gt, value: ["100"]}
  1047    #
  1048    #    # The following feature demonstrates the capabilities of the matchAny
  1049    #    - name: "my matchAny rule"
  1050    #      labels:
  1051    #        "vendor.io/my-ng-feature-2": "my-value"
  1052    #      # matchAny implements a logical IF over all elements (sub-matchers) in
  1053    #      # the list (i.e. at least one feature matcher must match)
  1054    #      matchAny:
  1055    #        - matchFeatures:
  1056    #            - feature: kernel.loadedmodule
  1057    #              matchExpressions:
  1058    #                driver-module-X: {op: Exists}
  1059    #            - feature: pci.device
  1060    #              matchExpressions:
  1061    #                vendor: {op: In, value: ["8086"]}
  1062    #                class: {op: In, value: ["0200"]}
  1063    #        - matchFeatures:
  1064    #            - feature: kernel.loadedmodule
  1065    #              matchExpressions:
  1066    #                driver-module-Y: {op: Exists}
  1067    #            - feature: usb.device
  1068    #              matchExpressions:
  1069    #                vendor: {op: In, value: ["8086"]}
  1070    #                class: {op: In, value: ["02"]}
  1071    #
  1072    #    - name: "avx wildcard rule"
  1073    #      labels:
  1074    #        "my-avx-feature": "true"
  1075    #      matchFeatures:
  1076    #        - feature: cpu.cpuid
  1077    #          matchName: {op: InRegexp, value: ["^AVX512"]}
  1078    #
  1079    #    # The following features demonstreate label templating capabilities
  1080    #    - name: "my template rule"
  1081    #      labelsTemplate: |
  1082    #        {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
  1083    #        {{ end }}
  1084    #      matchFeatures:
  1085    #        - feature: system.osrelease
  1086    #          matchExpressions:
  1087    #            ID: {op: InRegexp, value: ["^open.*"]}
  1088    #            VERSION_ID.major: {op: In, value: ["13", "15"]}
  1089    #
  1090    #    - name: "my template rule 2"
  1091    #      labelsTemplate: |
  1092    #        {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
  1093    #        {{ end }}
  1094    #      matchFeatures:
  1095    #        - feature: pci.device
  1096    #          matchExpressions:
  1097    #            class: {op: InRegexp, value: ["^06"]}
  1098    #            vendor: ["8086"]
  1099    #        - feature: cpu.cpuid
  1100    #          matchExpressions:
  1101    #            AVX: {op: Exists}
  1102    #
  1103    #    # The following examples demonstrate vars field and back-referencing
  1104    #    # previous labels and vars
  1105    #    - name: "my dummy kernel rule"
  1106    #      labels:
  1107    #        "vendor.io/my.kernel.feature": "true"
  1108    #      matchFeatures:
  1109    #        - feature: kernel.version
  1110    #          matchExpressions:
  1111    #            major: {op: Gt, value: ["2"]}
  1112    #
  1113    #    - name: "my dummy rule with no labels"
  1114    #      vars:
  1115    #        "my.dummy.var": "1"
  1116    #      matchFeatures:
  1117    #        - feature: cpu.cpuid
  1118    #          matchExpressions: {}
  1119    #
  1120    #    - name: "my rule using backrefs"
  1121    #      labels:
  1122    #        "vendor.io/my.backref.feature": "true"
  1123    #      matchFeatures:
  1124    #        - feature: rule.matched
  1125    #          matchExpressions:
  1126    #            vendor.io/my.kernel.feature: {op: IsTrue}
  1127    #            my.dummy.var: {op: Gt, value: ["0"]}
  1128    #
  1129    #    - name: "kconfig template rule"
  1130    #      labelsTemplate: |
  1131    #        {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
  1132    #        {{ end }}
  1133    #      matchFeatures:
  1134    #        - feature: kernel.config
  1135    #          matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
  1136---
  1137apiVersion: apps/v1
  1138kind: Deployment
  1139metadata:
  1140  name: nfd-gc
  1141  namespace: node-feature-discovery
  1142  labels:
  1143    app: nfd
  1144spec:
  1145  selector:
  1146    matchLabels:
  1147      app: nfd-gc
  1148  template:
  1149    metadata:
  1150      labels:
  1151        app: nfd-gc
  1152    spec:
  1153      dnsPolicy: ClusterFirstWithHostNet
  1154      serviceAccount: nfd-gc
  1155      containers:
  1156      - name: nfd-gc
  1157        image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5
  1158        command:
  1159        - nfd-gc
  1160        ports:
  1161        - name: metrics
  1162          containerPort: 8081
  1163        env:
  1164        - name: NODE_NAME
  1165          valueFrom:
  1166            fieldRef:
  1167              fieldPath: spec.nodeName
  1168        - name: POD_NAME
  1169          valueFrom:
  1170            fieldRef:
  1171              fieldPath: metadata.name
  1172        - name: POD_UID
  1173          valueFrom:
  1174            fieldRef:
  1175              fieldPath: metadata.uid
  1176        resources:
  1177          limits:
  1178            cpu: "20m"
  1179            memory: 1Gi
  1180          requests:
  1181            cpu: 10m
  1182            memory: 128Mi
  1183        imagePullPolicy: IfNotPresent
  1184        securityContext:
  1185          allowPrivilegeEscalation: false
  1186          capabilities:
  1187            drop:
  1188            - ALL
  1189          readOnlyRootFilesystem: true
  1190          runAsNonRoot: true
  1191---
  1192apiVersion: apps/v1
  1193kind: Deployment
  1194metadata:
  1195  name: nfd-master
  1196  namespace: node-feature-discovery
  1197  labels:
  1198    app: nfd
  1199spec:
  1200  replicas: 1
  1201  selector:
  1202    matchLabels:
  1203      app: nfd-master
  1204  template:
  1205    metadata:
  1206      labels:
  1207        app: nfd-master
  1208    spec:
  1209      serviceAccount: nfd-master
  1210      enableServiceLinks: false
  1211      containers:
  1212      - name: nfd-master
  1213        image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5
  1214        command:
  1215        - nfd-master
  1216        ports:
  1217        - name: metrics
  1218          containerPort: 8081
  1219        env:
  1220        - name: NODE_NAME
  1221          valueFrom:
  1222            fieldRef:
  1223              fieldPath: spec.nodeName
  1224        - name: POD_NAME
  1225          valueFrom:
  1226            fieldRef:
  1227              fieldPath: metadata.name
  1228        - name: POD_UID
  1229          valueFrom:
  1230            fieldRef:
  1231              fieldPath: metadata.uid
  1232        resources:
  1233          limits:
  1234            cpu: "300m"
  1235            memory: 4Gi
  1236          requests:
  1237            cpu: 100m
  1238            memory: 128Mi
  1239        volumeMounts:
  1240        - name: nfd-master-conf
  1241          readOnly: true
  1242          mountPath: /etc/kubernetes/node-feature-discovery
  1243        livenessProbe:
  1244          grpc:
  1245            port: 8082
  1246          initialDelaySeconds: 10
  1247          periodSeconds: 10
  1248        readinessProbe:
  1249          failureThreshold: 10
  1250          grpc:
  1251            port: 8082
  1252          initialDelaySeconds: 5
  1253          periodSeconds: 10
  1254        imagePullPolicy: IfNotPresent
  1255        securityContext:
  1256          allowPrivilegeEscalation: false
  1257          capabilities:
  1258            drop:
  1259            - ALL
  1260          readOnlyRootFilesystem: true
  1261          runAsNonRoot: true
  1262      volumes:
  1263      - name: nfd-master-conf
  1264        configMap:
  1265          name: nfd-master-conf
  1266      affinity:
  1267        nodeAffinity:
  1268          preferredDuringSchedulingIgnoredDuringExecution:
  1269          - preference:
  1270              matchExpressions:
  1271              - key: node-role.kubernetes.io/master
  1272                operator: In
  1273                values:
  1274                - ""
  1275            weight: 1
  1276          - preference:
  1277              matchExpressions:
  1278              - key: node-role.kubernetes.io/control-plane
  1279                operator: In
  1280                values:
  1281                - ""
  1282            weight: 1
  1283      tolerations:
  1284      - value: ""
  1285        effect: NoSchedule
  1286        key: node-role.kubernetes.io/master
  1287        operator: Equal
  1288      - value: ""
  1289        effect: NoSchedule
  1290        key: node-role.kubernetes.io/control-plane
  1291        operator: Equal
  1292---
  1293apiVersion: apps/v1
  1294kind: DaemonSet
  1295metadata:
  1296  name: nfd-worker
  1297  namespace: node-feature-discovery
  1298  labels:
  1299    app: nfd
  1300spec:
  1301  selector:
  1302    matchLabels:
  1303      app: nfd-worker
  1304  template:
  1305    metadata:
  1306      labels:
  1307        app: nfd-worker
  1308    spec:
  1309      dnsPolicy: ClusterFirstWithHostNet
  1310      serviceAccount: nfd-worker
  1311      containers:
  1312      - name: nfd-worker
  1313        image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5
  1314        command:
  1315        - nfd-worker
  1316        args:
  1317        - -server=nfd-master:8080
  1318        ports:
  1319        - name: metrics
  1320          containerPort: 8081
  1321        env:
  1322        - name: NODE_NAME
  1323          valueFrom:
  1324            fieldRef:
  1325              fieldPath: spec.nodeName
  1326        - name: POD_NAME
  1327          valueFrom:
  1328            fieldRef:
  1329              fieldPath: metadata.name
  1330        - name: POD_UID
  1331          valueFrom:
  1332            fieldRef:
  1333              fieldPath: metadata.uid
  1334        resources:
  1335          limits:
  1336            cpu: "200m"
  1337            memory: 512Mi
  1338          requests:
  1339            cpu: 5m
  1340            memory: 64Mi
  1341        volumeMounts:
  1342        - name: host-boot
  1343          readOnly: true
  1344          mountPath: /host-boot
  1345        - name: host-os-release
  1346          readOnly: true
  1347          mountPath: /host-etc/os-release
  1348        - name: host-sys
  1349          readOnly: true
  1350          mountPath: /host-sys
  1351        - name: host-proc-swaps
  1352          readOnly: true
  1353          mountPath: /host-proc/swaps
  1354        - name: host-usr-lib
  1355          readOnly: true
  1356          mountPath: /host-usr/lib
  1357        - name: host-lib
  1358          readOnly: true
  1359          mountPath: /host-lib
  1360        - name: source-d
  1361          readOnly: true
  1362          mountPath: /etc/kubernetes/node-feature-discovery/source.d/
  1363        - name: features-d
  1364          readOnly: true
  1365          mountPath: /etc/kubernetes/node-feature-discovery/features.d/
  1366        - name: nfd-worker-conf
  1367          readOnly: true
  1368          mountPath: /etc/kubernetes/node-feature-discovery
  1369        livenessProbe:
  1370          grpc:
  1371            port: 8082
  1372          initialDelaySeconds: 10
  1373          periodSeconds: 10
  1374        readinessProbe:
  1375          failureThreshold: 10
  1376          grpc:
  1377            port: 8082
  1378          initialDelaySeconds: 5
  1379          periodSeconds: 10
  1380        imagePullPolicy: IfNotPresent
  1381        securityContext:
  1382          allowPrivilegeEscalation: false
  1383          capabilities:
  1384            drop:
  1385            - ALL
  1386          readOnlyRootFilesystem: true
  1387          runAsNonRoot: true
  1388      volumes:
  1389      - name: features-d
  1390        hostPath:
  1391          path: /etc/kubernetes/node-feature-discovery/features.d/
  1392      - name: host-boot
  1393        hostPath:
  1394          path: /boot
  1395      - name: host-lib
  1396        hostPath:
  1397          path: /lib
  1398      - name: host-os-release
  1399        hostPath:
  1400          path: /etc/os-release
  1401      - name: host-proc-swaps
  1402        hostPath:
  1403          path: /proc/swaps
  1404      - name: host-sys
  1405        hostPath:
  1406          path: /sys
  1407      - name: host-usr-lib
  1408        hostPath:
  1409          path: /usr/lib
  1410      - name: nfd-worker-conf
  1411        configMap:
  1412          name: nfd-worker-conf
  1413      - name: source-d
  1414        hostPath:
  1415          path: /etc/kubernetes/node-feature-discovery/source.d/

View as plain text