node-feature-discovery:
  enableNodeFeatureApi: true
  master:
    enable: true
    config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
      # noPublish: false
      # autoDefaultNs: true
      # extraLabelNs: ["added.ns.io","added.kubernets.io","intel.com","devicetree.org"]
      # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
      # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
      # enableTaints: false
      # labelWhiteList: "foo"
      # resyncPeriod: "2h"
      # klog:
      #    addDirHeader: false
      #    alsologtostderr: false
      #    logBacktraceAt:
      #    logtostderr: true
      #    skipHeaders: false
      #    stderrthreshold: 2
      #    v: 0
      #    vmodule:
      ##   NOTE: the following options are not dynamically run-time configurable
      ##         and require a nfd-master restart to take effect after being changed
      #    logDir:
      #    logFile:
      #    logFileMaxSize: 1800
      #    skipLogHeaders: false
      # leaderElection:
      #   leaseDuration: 15s
      #   # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
      #   renewDeadline: 10s
      #   # this value has to be greater than 0
      #   retryPeriod: 2s
      # nfdApiParallelism: 10
    ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
    port: 8080
    metricsPort: 8081
    instance:
    featureApi:
    resyncPeriod:
    denyLabelNs: []
    extraLabelNs: []
    resourceLabels: []
    enableTaints: false
    crdController: null
    featureRulesController: null
    nfdApiParallelism: null
    deploymentAnnotations: {}
    replicaCount: 1
    podSecurityContext: {}
      # fsGroup: 2000
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      # runAsUser: 1000
    serviceAccount:
      create: true
      name:
    rbac:
      create: true
    service:
      type: ClusterIP
      port: 8080
    resources:
      requests:
        cpu: 20m
        memory: 60Mi
    tolerations:
      - key: "node-role.kubernetes.io/control-plane"
        operator: "Equal"
        value: ""
        effect: "NoSchedule"
    affinity:
      nodeAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 1
            preference:
              matchExpressions:
                - key: "node-role.kubernetes.io/control-plane"
                  operator: In
                  values: [""]
  worker:
    enable: true
    config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
      #core:
      #  labelWhiteList:
      #  noPublish: false
      #  sleepInterval: 60s
      #  featureSources: [all]
      #  labelSources: [all]
      #  klog:
      #    addDirHeader: false
      #    alsologtostderr: false
      #    logBacktraceAt:
      #    logtostderr: true
      #    skipHeaders: false
      #    stderrthreshold: 2
      #    v: 0
      #    vmodule:
      ##   NOTE: the following options are not dynamically run-time configurable
      ##         and require a nfd-worker restart to take effect after being changed
      #    logDir:
      #    logFile:
      #    logFileMaxSize: 1800
      #    skipLogHeaders: false
      sources:
        cpu:
          cpuid:
            attributeWhitelist:
              - "AVX512BW"
              - "AVX512CD"
              - "AVX512DQ"
              - "AVX512F"
              - "AVX512VL"
        kernel:
          configOpts:
            - "NO_HZ"
            - "X86"
            - "DMI"
        usb:
          deviceClassWhitelist:
            - "02"
            - "03"
            - "0e"
            - "ef"
            - "fe"
            - "ff"
          deviceLabelFields:
            - "vendor"
            - "device"
            - "class"
        pci:
          deviceClassWhitelist:
            - "0200"
            - "01"
            - "08"
            - "0300"
            - "0302"
          deviceLabelFields:
            - "vendor"
            - "device"
            - "class"
        custom:
          - # Intel integrated GPU
            name: "intel-gpu"
            labels:
              intel.feature.node.kubernetes.io/gpu: 'true'
            matchOn:
              - pciId:
                  class: ["0300"]
                  vendor: ["8086"]
          - # Google Coral USB Accelerator
            name: google.coral
            labels:
              google.feature.node.kubernetes.io/coral: "true"
            matchFeatures:
              - feature: usb.device
                matchExpressions:
                  vendor: { op: In, value: ["1a6e", "18d1"] }
          - # Aeotec Z-Stick Gen5+
            name: aeotec.zwave
            labels:
              aeotec.feature.node.kubernetes.io/zwave: "true"
            matchFeatures:
              - feature: usb.device
                matchExpressions:
                  class: { op: In, value: ["02"] }
                  vendor: { op: In, value: ["0658"] }
                  device: { op: In, value: ["0200"] }
    ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
    metricsPort: 8081
    podSecurityContext: {}
      # fsGroup: 2000
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      # runAsUser: 1000
    serviceAccount:
      create: true
      name:
    rbac:
      create: true
    mountUsrSrc: false
    resources:
      requests:
        cpu: 20m
        memory: 60Mi
  topologyUpdater:
    config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
      ## key = node name, value = list of resources to be excluded.
      ## use * to exclude from all nodes.
      ## an example for how the exclude list should looks like
      #excludeList:
      #  node1: [cpu]
      #  node2: [memory, example/deviceA]
      #  *: [hugepages-2Mi]
  ### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
    enable: true
    createCRDs: true
    serviceAccount:
      create: true
      name:
    rbac:
      create: true
    metricsPort: 8081
    updateInterval: 60s
    watchNamespace: "*"
    kubeletStateDir: /var/lib/kubelet
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      readOnlyRootFilesystem: true
      runAsUser: 0
    resources:
      requests:
        cpu: 20m
        memory: 60Mi
  gc:
    enable: true
    replicaCount: 1
    serviceAccount:
      create: true
      name:
    rbac:
      create: true
    interval: 1h
    resources:
      requests:
        cpu: 20m
        memory: 60Mi
    metricsPort: 8081
  tls:
    enable: false
    certManager: false
  prometheus:
    enable: false