apiVersion: v1 kind: Namespace metadata: name: node-feature-discovery --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: nodefeaturegroups.nfd.k8s-sigs.io annotations: controller-gen.kubebuilder.io/version: v0.14.0 spec: group: nfd.k8s-sigs.io names: kind: NodeFeatureGroup listKind: NodeFeatureGroupList plural: nodefeaturegroups shortNames: - nfg singular: nodefeaturegroup scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: NodeFeatureGroup resource holds Node pools by featureGroup properties: apiVersion: type: string description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object description: Spec defines the rules to be evaluated. properties: featureGroupRules: type: array description: List of rules to evaluate to determine nodes that belong in this group. items: type: object description: GroupRule defines a rule for nodegroup filtering. properties: name: type: string description: Name of the rule. matchAny: type: array description: MatchAny specifies a list of matchers one of which must match. items: type: object description: MatchAnyElem specifies one sub-matcher of MatchAny. properties: matchFeatures: type: array description: MatchFeatures specifies a set of matcher terms all of which must match. items: type: object description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: type: string description: Feature is the name of the feature set to match against. matchExpressions: type: object additionalProperties: type: object description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. matchName: type: object description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op required: - feature required: - matchFeatures matchFeatures: type: array description: MatchFeatures specifies a set of matcher terms all of which must match. items: type: object description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: type: string description: Feature is the name of the feature set to match against. matchExpressions: type: object additionalProperties: type: object description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. matchName: type: object description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op required: - feature required: - name required: - featureGroupRules status: type: object description: |- Status of the NodeFeatureGroup after the most recent evaluation of the specification. properties: nodes: type: array description: Nodes is a list of FeatureGroupNode in the cluster that match the featureGroupRules items: type: object properties: name: type: string description: Name of the node. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map required: - spec served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: nodefeaturerules.nfd.k8s-sigs.io annotations: controller-gen.kubebuilder.io/version: v0.14.0 spec: group: nfd.k8s-sigs.io names: kind: NodeFeatureRule listKind: NodeFeatureRuleList plural: nodefeaturerules shortNames: - nfr singular: nodefeaturerule scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: |- NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling. properties: apiVersion: type: string description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object description: Spec defines the rules to be evaluated. properties: rules: type: array description: Rules is a list of node customization rules. items: type: object description: Rule defines a rule for node customization such as labeling. properties: name: type: string description: Name of the rule. labels: type: object additionalProperties: type: string description: Labels to create if the rule matches. annotations: type: object additionalProperties: type: string description: Annotations to create if the rule matches. extendedResources: type: object additionalProperties: type: string description: ExtendedResources to create if the rule matches. labelsTemplate: type: string description: |- LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value ([=]) separated by newlines. matchAny: type: array description: MatchAny specifies a list of matchers one of which must match. items: type: object description: MatchAnyElem specifies one sub-matcher of MatchAny. properties: matchFeatures: type: array description: MatchFeatures specifies a set of matcher terms all of which must match. items: type: object description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: type: string description: Feature is the name of the feature set to match against. matchExpressions: type: object additionalProperties: type: object description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. matchName: type: object description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op required: - feature required: - matchFeatures matchFeatures: type: array description: MatchFeatures specifies a set of matcher terms all of which must match. items: type: object description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: type: string description: Feature is the name of the feature set to match against. matchExpressions: type: object additionalProperties: type: object description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. matchName: type: object description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: value: type: array description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string op: type: string description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse required: - op required: - feature taints: type: array description: Taints to create if the rule matches. items: type: object description: |- The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. properties: value: type: string description: The taint value corresponding to the taint key. effect: type: string description: |- Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. key: type: string description: Required. The taint key to be applied to a node. timeAdded: type: string description: |- TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. format: date-time required: - effect - key vars: type: object additionalProperties: type: string description: |- Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels. varsTemplate: type: string description: |- VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value ([=]) separated by newlines. required: - name required: - rules required: - spec served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: nodefeatures.nfd.k8s-sigs.io annotations: controller-gen.kubebuilder.io/version: v0.14.0 spec: group: nfd.k8s-sigs.io names: kind: NodeFeature listKind: NodeFeatureList plural: nodefeatures singular: nodefeature scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: |- NodeFeature resource holds the features discovered for one node in the cluster. properties: apiVersion: type: string description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind: type: string description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata: type: object spec: type: object description: Specification of the NodeFeature, containing features discovered for a node. properties: labels: type: object additionalProperties: type: string description: Labels is the set of node labels that are requested to be created. features: type: object description: Features is the full "raw" features data that has been discovered. properties: attributes: type: object additionalProperties: type: object description: AttributeFeatureSet is a set of features having string value. properties: elements: type: object additionalProperties: type: string description: Individual features of the feature set. required: - elements description: Attributes contains all the attribute-type features of the node. flags: type: object additionalProperties: type: object description: FlagFeatureSet is a set of simple features only containing names without values. properties: elements: type: object additionalProperties: type: object description: Nil is a dummy empty struct for protobuf compatibility description: Individual features of the feature set. required: - elements description: Flags contains all the flag-type features of the node. instances: type: object additionalProperties: type: object description: InstanceFeatureSet is a set of features each of which is an instance having multiple attributes. properties: elements: type: array description: Individual features of the feature set. items: type: object description: InstanceFeature represents one instance of a complex features, e.g. a device. properties: attributes: type: object additionalProperties: type: string description: Attributes of the instance feature. required: - attributes required: - elements description: Instances contains all the instance-type features of the node. required: - spec served: true storage: true --- apiVersion: v1 kind: ServiceAccount metadata: name: nfd-gc namespace: node-feature-discovery --- apiVersion: v1 kind: ServiceAccount metadata: name: nfd-master namespace: node-feature-discovery --- apiVersion: v1 kind: ServiceAccount metadata: name: nfd-worker namespace: node-feature-discovery --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: nfd-worker namespace: node-feature-discovery rules: - resources: - nodefeatures apiGroups: - nfd.k8s-sigs.io verbs: - create - get - update - resources: - pods apiGroups: - "" verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nfd-gc rules: - resources: - nodes apiGroups: - "" verbs: - list - watch - resources: - nodes/proxy apiGroups: - "" verbs: - get - resources: - noderesourcetopologies apiGroups: - topology.node.k8s.io verbs: - delete - list - resources: - nodefeatures apiGroups: - nfd.k8s-sigs.io verbs: - delete - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nfd-master rules: - resources: - nodes - nodes/status apiGroups: - "" verbs: - get - patch - update - list - resources: - nodefeatures - nodefeaturerules - nodefeaturegroups apiGroups: - nfd.k8s-sigs.io verbs: - get - list - watch - resources: - nodefeaturegroup/status apiGroups: - nfd.k8s-sigs.io verbs: - patch - update - resources: - leases apiGroups: - coordination.k8s.io verbs: - create - resources: - leases apiGroups: - coordination.k8s.io resourceNames: - nfd-master.nfd.kubernetes.io verbs: - get - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: nfd-worker namespace: node-feature-discovery roleRef: name: nfd-worker kind: Role apiGroup: rbac.authorization.k8s.io subjects: - name: nfd-worker namespace: node-feature-discovery kind: ServiceAccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nfd-gc roleRef: name: nfd-gc kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: nfd-gc namespace: node-feature-discovery kind: ServiceAccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nfd-master roleRef: name: nfd-master kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: nfd-master namespace: node-feature-discovery kind: ServiceAccount --- apiVersion: v1 kind: ConfigMap metadata: name: nfd-master-conf namespace: node-feature-discovery data: nfd-master.conf: | # noPublish: false # autoDefaultNs: true # extraLabelNs: ["added.ns.io","added.kubernets.io"] # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] # enableTaints: false # labelWhiteList: "foo" # resyncPeriod: "2h" # klog: # addDirHeader: false # alsologtostderr: false # logBacktraceAt: # logtostderr: true # skipHeaders: false # stderrthreshold: 2 # v: 0 # vmodule: ## NOTE: the following options are not dynamically run-time configurable ## and require a nfd-master restart to take effect after being changed # logDir: # logFile: # logFileMaxSize: 1800 # skipLogHeaders: false # leaderElection: # leaseDuration: 15s # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2 # renewDeadline: 10s # # this value has to be greater than 0 # retryPeriod: 2s # nfdApiParallelism: 10 --- apiVersion: v1 kind: ConfigMap metadata: name: nfd-worker-conf namespace: node-feature-discovery data: nfd-worker.conf: | #core: # labelWhiteList: # noPublish: false # sleepInterval: 60s # featureSources: [all] # labelSources: [all] # klog: # addDirHeader: false # alsologtostderr: false # logBacktraceAt: # logtostderr: true # skipHeaders: false # stderrthreshold: 2 # v: 0 # vmodule: ## NOTE: the following options are not dynamically run-time configurable ## and require a nfd-worker restart to take effect after being changed # logDir: # logFile: # logFileMaxSize: 1800 # skipLogHeaders: false #sources: # cpu: # cpuid: ## NOTE: whitelist has priority over blacklist # attributeBlacklist: # - "AVX10" # - "BMI1" # - "BMI2" # - "CLMUL" # - "CMOV" # - "CX16" # - "ERMS" # - "F16C" # - "HTT" # - "LZCNT" # - "MMX" # - "MMXEXT" # - "NX" # - "POPCNT" # - "RDRAND" # - "RDSEED" # - "RDTSCP" # - "SGX" # - "SSE" # - "SSE2" # - "SSE3" # - "SSE4" # - "SSE42" # - "SSSE3" # - "TDX_GUEST" # attributeWhitelist: # kernel: # kconfigFile: "/path/to/kconfig" # configOpts: # - "NO_HZ" # - "X86" # - "DMI" # pci: # deviceClassWhitelist: # - "0200" # - "03" # - "12" # deviceLabelFields: # - "class" # - "vendor" # - "device" # - "subsystem_vendor" # - "subsystem_device" # usb: # deviceClassWhitelist: # - "0e" # - "ef" # - "fe" # - "ff" # deviceLabelFields: # - "class" # - "vendor" # - "device" # local: # hooksEnabled: false # custom: # # The following feature demonstrates the capabilities of the matchFeatures # - name: "my custom rule" # labels: # "vendor.io/my-ng-feature": "true" # # matchFeatures implements a logical AND over all matcher terms in the # # list (i.e. all of the terms, or per-feature matchers, must match) # matchFeatures: # - feature: cpu.cpuid # matchExpressions: # AVX512F: {op: Exists} # - feature: cpu.cstate # matchExpressions: # enabled: {op: IsTrue} # - feature: cpu.pstate # matchExpressions: # no_turbo: {op: IsFalse} # scaling_governor: {op: In, value: ["performance"]} # - feature: cpu.rdt # matchExpressions: # RDTL3CA: {op: Exists} # - feature: cpu.sst # matchExpressions: # bf.enabled: {op: IsTrue} # - feature: cpu.topology # matchExpressions: # hardware_multithreading: {op: IsFalse} # # - feature: kernel.config # matchExpressions: # X86: {op: Exists} # LSM: {op: InRegexp, value: ["apparmor"]} # - feature: kernel.loadedmodule # matchExpressions: # e1000e: {op: Exists} # - feature: kernel.selinux # matchExpressions: # enabled: {op: IsFalse} # - feature: kernel.version # matchExpressions: # major: {op: In, value: ["5"]} # minor: {op: Gt, value: ["10"]} # # - feature: storage.block # matchExpressions: # rotational: {op: In, value: ["0"]} # dax: {op: In, value: ["0"]} # # - feature: network.device # matchExpressions: # operstate: {op: In, value: ["up"]} # speed: {op: Gt, value: ["100"]} # # - feature: memory.numa # matchExpressions: # node_count: {op: Gt, value: ["2"]} # - feature: memory.nv # matchExpressions: # devtype: {op: In, value: ["nd_dax"]} # mode: {op: In, value: ["memory"]} # # - feature: system.osrelease # matchExpressions: # ID: {op: In, value: ["fedora", "centos"]} # - feature: system.name # matchExpressions: # nodename: {op: InRegexp, value: ["^worker-X"]} # # - feature: local.label # matchExpressions: # custom-feature-knob: {op: Gt, value: ["100"]} # # # The following feature demonstrates the capabilities of the matchAny # - name: "my matchAny rule" # labels: # "vendor.io/my-ng-feature-2": "my-value" # # matchAny implements a logical IF over all elements (sub-matchers) in # # the list (i.e. at least one feature matcher must match) # matchAny: # - matchFeatures: # - feature: kernel.loadedmodule # matchExpressions: # driver-module-X: {op: Exists} # - feature: pci.device # matchExpressions: # vendor: {op: In, value: ["8086"]} # class: {op: In, value: ["0200"]} # - matchFeatures: # - feature: kernel.loadedmodule # matchExpressions: # driver-module-Y: {op: Exists} # - feature: usb.device # matchExpressions: # vendor: {op: In, value: ["8086"]} # class: {op: In, value: ["02"]} # # - name: "avx wildcard rule" # labels: # "my-avx-feature": "true" # matchFeatures: # - feature: cpu.cpuid # matchName: {op: InRegexp, value: ["^AVX512"]} # # # The following features demonstreate label templating capabilities # - name: "my template rule" # labelsTemplate: | # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }} # {{ end }} # matchFeatures: # - feature: system.osrelease # matchExpressions: # ID: {op: InRegexp, value: ["^open.*"]} # VERSION_ID.major: {op: In, value: ["13", "15"]} # # - name: "my template rule 2" # labelsTemplate: | # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid # {{ end }} # matchFeatures: # - feature: pci.device # matchExpressions: # class: {op: InRegexp, value: ["^06"]} # vendor: ["8086"] # - feature: cpu.cpuid # matchExpressions: # AVX: {op: Exists} # # # The following examples demonstrate vars field and back-referencing # # previous labels and vars # - name: "my dummy kernel rule" # labels: # "vendor.io/my.kernel.feature": "true" # matchFeatures: # - feature: kernel.version # matchExpressions: # major: {op: Gt, value: ["2"]} # # - name: "my dummy rule with no labels" # vars: # "my.dummy.var": "1" # matchFeatures: # - feature: cpu.cpuid # matchExpressions: {} # # - name: "my rule using backrefs" # labels: # "vendor.io/my.backref.feature": "true" # matchFeatures: # - feature: rule.matched # matchExpressions: # vendor.io/my.kernel.feature: {op: IsTrue} # my.dummy.var: {op: Gt, value: ["0"]} # # - name: "kconfig template rule" # labelsTemplate: | # {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} # {{ end }} # matchFeatures: # - feature: kernel.config # matchName: {op: In, value: ["SWAP", "X86", "ARM"]} --- apiVersion: apps/v1 kind: Deployment metadata: name: nfd-gc namespace: node-feature-discovery labels: app: nfd spec: selector: matchLabels: app: nfd-gc template: metadata: labels: app: nfd-gc spec: dnsPolicy: ClusterFirstWithHostNet serviceAccount: nfd-gc containers: - name: nfd-gc image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5 command: - nfd-gc ports: - name: metrics containerPort: 8081 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid resources: limits: cpu: "20m" memory: 1Gi requests: cpu: 10m memory: 128Mi imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true --- apiVersion: apps/v1 kind: Deployment metadata: name: nfd-master namespace: node-feature-discovery labels: app: nfd spec: replicas: 1 selector: matchLabels: app: nfd-master template: metadata: labels: app: nfd-master spec: serviceAccount: nfd-master enableServiceLinks: false containers: - name: nfd-master image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5 command: - nfd-master ports: - name: metrics containerPort: 8081 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid resources: limits: cpu: "300m" memory: 4Gi requests: cpu: 100m memory: 128Mi volumeMounts: - name: nfd-master-conf readOnly: true mountPath: /etc/kubernetes/node-feature-discovery livenessProbe: grpc: port: 8082 initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: failureThreshold: 10 grpc: port: 8082 initialDelaySeconds: 5 periodSeconds: 10 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true volumes: - name: nfd-master-conf configMap: name: nfd-master-conf affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/master operator: In values: - "" weight: 1 - preference: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: In values: - "" weight: 1 tolerations: - value: "" effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal - value: "" effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Equal --- apiVersion: apps/v1 kind: DaemonSet metadata: name: nfd-worker namespace: node-feature-discovery labels: app: nfd spec: selector: matchLabels: app: nfd-worker template: metadata: labels: app: nfd-worker spec: dnsPolicy: ClusterFirstWithHostNet serviceAccount: nfd-worker containers: - name: nfd-worker image: registry.k8s.io/nfd/node-feature-discovery:v0.16.5 command: - nfd-worker args: - -server=nfd-master:8080 ports: - name: metrics containerPort: 8081 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid resources: limits: cpu: "200m" memory: 512Mi requests: cpu: 5m memory: 64Mi volumeMounts: - name: host-boot readOnly: true mountPath: /host-boot - name: host-os-release readOnly: true mountPath: /host-etc/os-release - name: host-sys readOnly: true mountPath: /host-sys - name: host-proc-swaps readOnly: true mountPath: /host-proc/swaps - name: host-usr-lib readOnly: true mountPath: /host-usr/lib - name: host-lib readOnly: true mountPath: /host-lib - name: source-d readOnly: true mountPath: /etc/kubernetes/node-feature-discovery/source.d/ - name: features-d readOnly: true mountPath: /etc/kubernetes/node-feature-discovery/features.d/ - name: nfd-worker-conf readOnly: true mountPath: /etc/kubernetes/node-feature-discovery livenessProbe: grpc: port: 8082 initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: failureThreshold: 10 grpc: port: 8082 initialDelaySeconds: 5 periodSeconds: 10 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true volumes: - name: features-d hostPath: path: /etc/kubernetes/node-feature-discovery/features.d/ - name: host-boot hostPath: path: /boot - name: host-lib hostPath: path: /lib - name: host-os-release hostPath: path: /etc/os-release - name: host-proc-swaps hostPath: path: /proc/swaps - name: host-sys hostPath: path: /sys - name: host-usr-lib hostPath: path: /usr/lib - name: nfd-worker-conf configMap: name: nfd-worker-conf - name: source-d hostPath: path: /etc/kubernetes/node-feature-discovery/source.d/