Cherry/0.4.2

build/assets/master/0400_master_deployment.yaml

@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: nfd-master
+  name: nfd-master
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nfd-master
+  template:
+    metadata:
+      labels:
+        app: nfd-master
+    spec:
+      serviceAccount: nfd-master
+      serviceAccountName: nfd-master
+      dnsPolicy: ClusterFirstWithHostNet
+      restartPolicy: Always
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Equal
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+        operator: Equal
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - preference:
+              matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: In
+                values:
+                - ""
+            weight: 1
+          - preference:
+              matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: In
+                values:
+                - ""
+            weight: 1  
+      containers:
+        - name: nfd-master
+          env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: spec.nodeName      
+          image: $(NODE_FEATURE_DISCOVERY_IMAGE)
+          imagePullPolicy: Always
+          command:
+            - "nfd-master"
+          args: []
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true  
+          volumeMounts: []
+          livenessProbe:
+            exec:
+              command:
+              - /usr/bin/grpc_health_probe
+              - -addr=:12000
+            failureThreshold: 3
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          readinessProbe:
+            exec:
+              command:
+              - /usr/bin/grpc_health_probe
+              - -addr=:12000
+            failureThreshold: 10
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+      volumes: []

build/assets/master/0500_service.yaml

@@ -3,12 +3,9 @@ kind: Service
 metadata:
   name: nfd-master
 spec:
-  type: ClusterIP
   selector:
     app: nfd-master
   ports:
   - protocol: TCP
     port: 12000
-    targetPort: 12000
-    name: nfd
-
+  type: ClusterIP

config/rbac/kustomization.yaml

@@ -13,45 +13,3 @@ resources:
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
-
-# needed for nfd-worker
-# this patch is needed given that
-# +kubebuilder does not allow resourceNames
-patchesJSON6902:
-- target:
-    kind: ClusterRole
-    name: manager-role
-  patch: |-
-    - op: add
-      path: /rules/0
-      value:
-        apiGroups:
-        - policy
-        resources:
-        - podsecuritypolicies
-        verbs:
-        - use
-        resourceNames:
-        - nfd-worker
-    - op: add
-      path: /rules/1
-      value:
-        apiGroups:
-        - nfd.k8s-sigs.io
-        resources:
-        - nodefeaturerules
-        verbs:
-        - get
-        - list
-        - watch
-    - op: add
-      path: /rules/2
-      value:
-        apiGroups:
-        - topology.node.k8s.io
-        resources:
-        - noderesourcetopologies
-        verbs:
-        - create
-        - get
-        - update