--- # Source: node-feature-discovery/charts/node-feature-discovery/crds/nfd-api-crds.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 name: nodefeatures.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io names: kind: NodeFeature listKind: NodeFeatureList plural: nodefeatures singular: nodefeature scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: |- NodeFeature resource holds the features discovered for one node in the cluster. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: Specification of the NodeFeature, containing features discovered for a node. properties: features: description: Features is the full "raw" features data that has been discovered. properties: attributes: additionalProperties: description: AttributeFeatureSet is a set of features having string value. properties: elements: additionalProperties: type: string description: Individual features of the feature set. type: object required: - elements type: object description: Attributes contains all the attribute-type features of the node. type: object flags: additionalProperties: description: FlagFeatureSet is a set of simple features only containing names without values. properties: elements: additionalProperties: description: |- Nil is a dummy empty struct for protobuf compatibility. NOTE: protobuf definitions have been removed but this is kept for API compatibility. type: object description: Individual features of the feature set. type: object required: - elements type: object description: Flags contains all the flag-type features of the node. type: object instances: additionalProperties: description: InstanceFeatureSet is a set of features each of which is an instance having multiple attributes. properties: elements: description: Individual features of the feature set. items: description: InstanceFeature represents one instance of a complex features, e.g. a device. properties: attributes: additionalProperties: type: string description: Attributes of the instance feature. type: object required: - attributes type: object type: array required: - elements type: object description: Instances contains all the instance-type features of the node. type: object type: object labels: additionalProperties: type: string description: Labels is the set of node labels that are requested to be created. type: object type: object required: - spec type: object served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 name: nodefeaturegroups.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io names: kind: NodeFeatureGroup listKind: NodeFeatureGroupList plural: nodefeaturegroups shortNames: - nfg singular: nodefeaturegroup scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: NodeFeatureGroup resource holds Node pools by featureGroup properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: Spec defines the rules to be evaluated. properties: featureGroupRules: description: List of rules to evaluate to determine nodes that belong in this group. items: description: GroupRule defines a rule for nodegroup filtering. properties: matchAny: description: MatchAny specifies a list of matchers one of which must match. items: description: MatchAnyElem specifies one sub-matcher of MatchAny. properties: matchFeatures: description: MatchFeatures specifies a set of matcher terms all of which must match. items: description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: description: Feature is the name of the feature set to match against. type: string matchExpressions: additionalProperties: description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. type: object matchName: description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object required: - feature type: object type: array required: - matchFeatures type: object type: array matchFeatures: description: MatchFeatures specifies a set of matcher terms all of which must match. items: description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: description: Feature is the name of the feature set to match against. type: string matchExpressions: additionalProperties: description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. type: object matchName: description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object required: - feature type: object type: array name: description: Name of the rule. type: string vars: additionalProperties: type: string description: |- Vars is the variables to store if the rule matches. Variables can be referenced from other rules enabling more complex rule hierarchies. type: object varsTemplate: description: |- VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value ([=]) separated by newlines. type: string required: - name type: object type: array required: - featureGroupRules type: object status: description: |- Status of the NodeFeatureGroup after the most recent evaluation of the specification. properties: nodes: description: Nodes is a list of FeatureGroupNode in the cluster that match the featureGroupRules items: properties: name: description: Name of the node. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object required: - spec type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 name: nodefeaturerules.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io names: kind: NodeFeatureRule listKind: NodeFeatureRuleList plural: nodefeaturerules shortNames: - nfr singular: nodefeaturerule scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: description: |- NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: Spec defines the rules to be evaluated. properties: rules: description: Rules is a list of node customization rules. items: description: Rule defines a rule for node customization such as labeling. properties: annotations: additionalProperties: type: string description: Annotations to create if the rule matches. type: object extendedResources: additionalProperties: type: string description: ExtendedResources to create if the rule matches. type: object labels: additionalProperties: type: string description: Labels to create if the rule matches. type: object labelsTemplate: description: |- LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value ([=]) separated by newlines. type: string matchAny: description: MatchAny specifies a list of matchers one of which must match. items: description: MatchAnyElem specifies one sub-matcher of MatchAny. properties: matchFeatures: description: MatchFeatures specifies a set of matcher terms all of which must match. items: description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: description: Feature is the name of the feature set to match against. type: string matchExpressions: additionalProperties: description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. type: object matchName: description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object required: - feature type: object type: array required: - matchFeatures type: object type: array matchFeatures: description: MatchFeatures specifies a set of matcher terms all of which must match. items: description: |- FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: description: Feature is the name of the feature set to match against. type: string matchExpressions: additionalProperties: description: |- MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object description: |- MatchExpressions is the set of per-element expressions evaluated. These match against the value of the specified elements. type: object matchName: description: |- MatchName in an expression that is matched against the name of each element in the feature set. properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Ge - Lt - Le - GtLt - GeLe - IsTrue - IsFalse type: string type: description: |- Type defines the value type for specific operators. The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: description: |- Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object required: - feature type: object type: array name: description: Name of the rule. type: string taints: description: Taints to create if the rule matches. items: description: |- The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. properties: effect: description: |- Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: description: |- TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. format: date-time type: string value: description: The taint value corresponding to the taint key. type: string required: - effect - key type: object type: array vars: additionalProperties: type: string description: |- Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels. type: object varsTemplate: description: |- VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value ([=]) separated by newlines. type: string required: - name type: object type: array required: - rules type: object required: - spec type: object served: true storage: true --- # Source: node-feature-discovery/templates/namespace.yaml apiVersion: v1 kind: Namespace metadata: name: node-feature-discovery labels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/part-of: node-feature-discovery pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: node-feature-discovery namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: node-feature-discovery-gc namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: node-feature-discovery-worker namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/nfd-master-conf.yaml apiVersion: v1 kind: ConfigMap metadata: name: node-feature-discovery-master-conf namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm data: nfd-master.conf: |- null --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/nfd-worker-conf.yaml apiVersion: v1 kind: ConfigMap metadata: name: node-feature-discovery-worker-conf namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm data: nfd-worker.conf: |- sources: cpu: cpuid: attributeWhitelist: - AVX512BW - AVX512CD - AVX512DQ - AVX512F - AVX512VL custom: - labels: intel.feature.node.kubernetes.io/gpu: "true" matchOn: - pciId: class: - "0300" vendor: - "8086" name: intel-gpu kernel: configOpts: - NO_HZ - X86 - DMI pci: deviceClassWhitelist: - "0200" - "01" - "08" - "0300" - "0302" deviceLabelFields: - vendor - device - class usb: deviceClassWhitelist: - "02" - "03" - 0e - ef - fe - ff deviceLabelFields: - vendor - device - class --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: - "" resources: - namespaces verbs: - watch - list - apiGroups: - "" resources: - nodes - nodes/status verbs: - get - patch - update - list - apiGroups: - nfd.k8s-sigs.io resources: - nodefeatures - nodefeaturerules - nodefeaturegroups verbs: - get - list - watch - apiGroups: - nfd.k8s-sigs.io resources: - nodefeaturegroups/status verbs: - patch - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - apiGroups: - coordination.k8s.io resources: - leases resourceNames: - "nfd-master.nfd.kubernetes.io" verbs: - get - update --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: node-feature-discovery-gc labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/proxy verbs: - get - apiGroups: - topology.node.k8s.io resources: - noderesourcetopologies verbs: - delete - list - apiGroups: - nfd.k8s-sigs.io resources: - nodefeatures verbs: - delete - list --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: node-feature-discovery subjects: - kind: ServiceAccount name: node-feature-discovery namespace: node-feature-discovery --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: node-feature-discovery-gc labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: node-feature-discovery-gc subjects: - kind: ServiceAccount name: node-feature-discovery-gc namespace: node-feature-discovery --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: node-feature-discovery-worker namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: - nfd.k8s-sigs.io resources: - nodefeatures verbs: - create - get - update - delete - apiGroups: - "" resources: - pods verbs: - get --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: node-feature-discovery-worker namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: node-feature-discovery-worker subjects: - kind: ServiceAccount name: node-feature-discovery-worker namespace: node-feature-discovery --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/worker.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: node-feature-discovery-worker namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm role: worker spec: revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery role: worker template: metadata: labels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery role: worker annotations: checksum/config: 0ff3ad6ed18d5d7f9cd6e7d703e20338b50f37fe59fddf7cf6a5a57525292ed8 spec: dnsPolicy: ClusterFirstWithHostNet imagePullSecrets: serviceAccountName: node-feature-discovery-worker securityContext: {} hostNetwork: false containers: - name: worker securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 10 readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 5 failureThreshold: 10 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid resources: limits: memory: 512Mi requests: cpu: 20m memory: 60Mi command: - "nfd-worker" args: # Go over featureGate and add the feature-gate flag - "-feature-gates=NodeFeatureGroupAPI=true" - "-port=8080" ports: - containerPort: 8080 name: http volumeMounts: - name: host-boot mountPath: "/host-boot" readOnly: true - name: host-os-release mountPath: "/host-etc/os-release" readOnly: true - name: host-sys mountPath: "/host-sys" readOnly: true - name: host-usr-lib mountPath: "/host-usr/lib" readOnly: true - name: host-lib mountPath: "/host-lib" readOnly: true - name: host-proc-swaps mountPath: "/host-proc/swaps" readOnly: true - name: features-d mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" readOnly: true - name: nfd-worker-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true volumes: - name: host-boot hostPath: path: "/boot" - name: host-os-release hostPath: path: "/etc/os-release" - name: host-sys hostPath: path: "/sys" - name: host-usr-lib hostPath: path: "/usr/lib" - name: host-lib hostPath: path: "/lib" - name: host-proc-swaps hostPath: path: "/proc/swaps" - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" - name: nfd-worker-conf configMap: name: node-feature-discovery-worker-conf items: - key: nfd-worker.conf path: nfd-worker.conf tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/master.yaml apiVersion: apps/v1 kind: Deployment metadata: name: node-feature-discovery-master namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm role: master spec: replicas: 2 revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery role: master template: metadata: labels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery role: master annotations: checksum/config: b0be1066d37d3a4f8bb03f39cdd2b6a637625f710dfec507062ad559ec43a4dc spec: dnsPolicy: ClusterFirstWithHostNet imagePullSecrets: serviceAccountName: node-feature-discovery enableServiceLinks: false securityContext: {} hostNetwork: false containers: - name: master securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" imagePullPolicy: IfNotPresent startupProbe: httpGet: path: /healthz port: http failureThreshold: 30 livenessProbe: httpGet: path: /healthz port: http readinessProbe: httpGet: path: /healthz port: http failureThreshold: 10 ports: - containerPort: 8080 name: http env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName command: - "nfd-master" resources: limits: memory: 4Gi requests: cpu: 20m memory: 60Mi args: - "-enable-leader-election" # Go over featureGates and add the feature-gate flag - "-feature-gates=NodeFeatureGroupAPI=true" - "-port=8080" volumeMounts: - name: nfd-master-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true volumes: - name: nfd-master-conf configMap: name: node-feature-discovery-master-conf items: - key: nfd-master.conf path: nfd-master.conf affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: In values: - "" weight: 1 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/nfd-gc.yaml apiVersion: apps/v1 kind: Deployment metadata: name: node-feature-discovery-gc namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm role: gc spec: replicas: 1 revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery role: gc template: metadata: labels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery role: gc spec: serviceAccountName: node-feature-discovery-gc dnsPolicy: ClusterFirstWithHostNet imagePullSecrets: securityContext: {} hostNetwork: false containers: - name: gc image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" imagePullPolicy: "IfNotPresent" livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 10 readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 5 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName command: - "nfd-gc" args: - "-gc-interval=1h" resources: limits: memory: 1Gi requests: cpu: 20m memory: 60Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: [ "ALL" ] readOnlyRootFilesystem: true runAsNonRoot: true ports: - name: http containerPort: 8080 --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/prometheus.yaml # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: node-feature-discovery labels: app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery spec: podMetricsEndpoints: - honorLabels: true interval: 10s path: /metrics port: http scheme: http namespaceSelector: matchNames: - node-feature-discovery selector: matchExpressions: - {key: app.kubernetes.io/instance, operator: In, values: ["node-feature-discovery"]} - {key: app.kubernetes.io/name, operator: In, values: ["node-feature-discovery"]} --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/post-delete-job.yaml apiVersion: v1 kind: ServiceAccount metadata: name: node-feature-discovery-prune namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": post-delete "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/post-delete-job.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: node-feature-discovery-prune labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": post-delete "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded rules: - apiGroups: - "" resources: - nodes - nodes/status verbs: - get - patch - update - list --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/post-delete-job.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: node-feature-discovery-prune labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": post-delete "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: node-feature-discovery-prune subjects: - kind: ServiceAccount name: node-feature-discovery-prune namespace: node-feature-discovery --- # Source: node-feature-discovery/charts/node-feature-discovery/templates/post-delete-job.yaml apiVersion: batch/v1 kind: Job metadata: name: node-feature-discovery-prune namespace: node-feature-discovery labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": post-delete "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: template: metadata: labels: helm.sh/chart: node-feature-discovery-0.18.3 app.kubernetes.io/name: node-feature-discovery app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/version: "v0.18.3" app.kubernetes.io/managed-by: Helm role: prune spec: serviceAccountName: node-feature-discovery-prune imagePullSecrets: containers: - name: nfd-master securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" imagePullPolicy: IfNotPresent command: - "nfd-master" args: - "-prune" restartPolicy: Never affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: In values: - "" weight: 1 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists resources: limits: memory: 4Gi requests: cpu: 20m memory: 60Mi