diff --git a/Makefile b/Makefile index d2282fdb04..841163ba70 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all test yamls +.PHONY: all test templates yamls .FORCE: GO_CMD ?= go @@ -80,8 +80,17 @@ yamls: $(yaml_instances) -e s',^(\s*)image:.+$$,\1image: ${IMAGE_TAG},' \ -e s',^(\s*)namespace:.+$$,\1namespace: ${K8S_NAMESPACE},' \ -e s',^(\s*)mountPath: "/host-,\1mountPath: "${CONTAINER_HOSTMOUNT_PREFIX},' \ + -e '/nfd-worker.conf:/r nfd-worker.conf.tmp' \ $< > $@ +templates: $(yaml_templates) + @# Need to prepend each line in the sample config with spaces in order to + @# fit correctly in the configmap spec. + @sed s'/^/ /' nfd-worker.conf.example > nfd-worker.conf.tmp + @# The quick-n-dirty sed below expects the configmap data to be at the very end of the file + @for f in $+; do sed -e '/nfd-worker\.conf/r nfd-worker.conf.tmp' -e '/nfd-worker\.conf/q' -i $$f; done + @rm nfd-worker.conf.tmp + mock: mockery --name=FeatureSource --dir=source --inpkg --note="Re-generate by running 'make mock'" mockery --name=APIHelpers --dir=pkg/apihelper --inpkg --note="Re-generate by running 'make mock'" diff --git a/docs/get-started/deployment-and-usage.md b/docs/get-started/deployment-and-usage.md index 12019fd521..6c777810f6 100644 --- a/docs/get-started/deployment-and-usage.md +++ b/docs/get-started/deployment-and-usage.md @@ -174,39 +174,19 @@ possible. Worker configuration file is read inside the container, and thus, Volumes and VolumeMounts are needed to make your configuration available for NFD. The preferred method is to use a ConfigMap which provides easy deployment and -re-configurability. For example, create a config map using the example config -as a template: +re-configurability. -```bash -cp nfd-worker.conf.example nfd-worker.conf -vim nfd-worker.conf # edit the configuration -kubectl create configmap nfd-worker-config --from-file=nfd-worker.conf -``` +The provided nfd-worker deployment templates create an empty configmap and +mount it inside the nfd-worker containers. Configuration can be edited with: -Then, configure Volumes and VolumeMounts in the Pod spec (just the relevant -snippets shown below): - -```yaml -... - containers: - volumeMounts: - - name: nfd-worker-config - mountPath: "/etc/kubernetes/node-feature-discovery/" -... - volumes: - - name: nfd-worker-config - configMap: - name: nfd-worker-config -... ``` - -You could also use other types of volumes, of course. That is, hostPath if -different config for different nodes would be required, for example. +kubectl -n ${NFD_NS} edit configmap nfd-worker-conf +``` The (empty-by-default) [example config](https://github.com/kubernetes-sigs/node-feature-discovery/blob/{{ site.release }}/nfd-worker.conf.example) -is used as a config in the NFD Docker image. Thus, this can be used as a default -configuration in custom-built images. +contains all available configuration options and can be used as a reference +for creating creating a configuration. Configuration options can also be specified via the `--options` command line flag, in which case no mounts need to be used. The same format as in the config diff --git a/nfd-daemonset-combined.yaml.template b/nfd-daemonset-combined.yaml.template index 11e3705310..31f469ec9e 100644 --- a/nfd-daemonset-combined.yaml.template +++ b/nfd-daemonset-combined.yaml.template @@ -110,6 +110,9 @@ spec: - name: features-d mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" readOnly: true + - name: nfd-worker-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true volumes: - name: host-boot hostPath: @@ -126,3 +129,99 @@ spec: - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-conf + configMap: + name: nfd-worker-conf +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nfd-worker-conf + namespace: node-feature-discovery +data: + nfd-worker.conf: | + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4.1" + # - "SSE4.2" + # - "SSSE3" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # - name: "my.kernel.feature" + # matchOn: + # - loadedKMod: ["example_kmod1", "example_kmod2"] + # - name: "my.pci.feature" + # matchOn: + # - pciId: + # class: ["0200"] + # vendor: ["15b3"] + # device: ["1014", "1017"] + # - pciId : + # vendor: ["8086"] + # device: ["1000", "1100"] + # - name: "my.usb.feature" + # matchOn: + # - usbId: + # class: ["ff"] + # vendor: ["03e7"] + # device: ["2485"] + # - usbId: + # class: ["fe"] + # vendor: ["1a6e"] + # device: ["089a"] + # - name: "my.combined.feature" + # matchOn: + # - pciId: + # vendor: ["15b3"] + # device: ["1014", "1017"] + # loadedKMod : ["vendor_kmod1", "vendor_kmod2"] diff --git a/nfd-worker-daemonset.yaml.template b/nfd-worker-daemonset.yaml.template index 38dc2fb166..3427d7f037 100644 --- a/nfd-worker-daemonset.yaml.template +++ b/nfd-worker-daemonset.yaml.template @@ -57,6 +57,9 @@ spec: - name: features-d mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" readOnly: true + - name: nfd-worker-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true ## Enable TLS authentication (2/3) # - name: nfd-ca-cert # mountPath: "/etc/kubernetes/node-feature-discovery/trust" @@ -80,6 +83,9 @@ spec: - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-conf + configMap: + name: nfd-worker-conf ## Enable TLS authentication (3/3) # - name: nfd-ca-cert # configMap: @@ -87,3 +93,96 @@ spec: # - name: nfd-worker-cert # secret: # secretName: nfd-worker-cert +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nfd-worker-conf + namespace: node-feature-discovery +data: + nfd-worker.conf: | + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4.1" + # - "SSE4.2" + # - "SSSE3" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # - name: "my.kernel.feature" + # matchOn: + # - loadedKMod: ["example_kmod1", "example_kmod2"] + # - name: "my.pci.feature" + # matchOn: + # - pciId: + # class: ["0200"] + # vendor: ["15b3"] + # device: ["1014", "1017"] + # - pciId : + # vendor: ["8086"] + # device: ["1000", "1100"] + # - name: "my.usb.feature" + # matchOn: + # - usbId: + # class: ["ff"] + # vendor: ["03e7"] + # device: ["2485"] + # - usbId: + # class: ["fe"] + # vendor: ["1a6e"] + # device: ["089a"] + # - name: "my.combined.feature" + # matchOn: + # - pciId: + # vendor: ["15b3"] + # device: ["1014", "1017"] + # loadedKMod : ["vendor_kmod1", "vendor_kmod2"] diff --git a/nfd-worker-job.yaml.template b/nfd-worker-job.yaml.template index 3f4ace13b8..1002397abb 100644 --- a/nfd-worker-job.yaml.template +++ b/nfd-worker-job.yaml.template @@ -66,6 +66,9 @@ spec: - name: features-d mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" readOnly: true + - name: nfd-worker-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true ## Enable TLS authentication (2/3) # - name: nfd-ca-cert # mountPath: "/etc/kubernetes/node-feature-discovery/trust" @@ -90,6 +93,9 @@ spec: - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-conf + configMap: + name: nfd-worker-conf ## Enable TLS authentication (3/3) # - name: nfd-ca-cert # configMap: @@ -97,3 +103,96 @@ spec: # - name: nfd-worker-cert # secret: # secretName: nfd-worker-cert +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nfd-worker-conf + namespace: node-feature-discovery +data: + nfd-worker.conf: | + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4.1" + # - "SSE4.2" + # - "SSSE3" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # - name: "my.kernel.feature" + # matchOn: + # - loadedKMod: ["example_kmod1", "example_kmod2"] + # - name: "my.pci.feature" + # matchOn: + # - pciId: + # class: ["0200"] + # vendor: ["15b3"] + # device: ["1014", "1017"] + # - pciId : + # vendor: ["8086"] + # device: ["1000", "1100"] + # - name: "my.usb.feature" + # matchOn: + # - usbId: + # class: ["ff"] + # vendor: ["03e7"] + # device: ["2485"] + # - usbId: + # class: ["fe"] + # vendor: ["1a6e"] + # device: ["089a"] + # - name: "my.combined.feature" + # matchOn: + # - pciId: + # vendor: ["15b3"] + # device: ["1014", "1017"] + # loadedKMod : ["vendor_kmod1", "vendor_kmod2"] diff --git a/scripts/test-infra/verify.sh b/scripts/test-infra/verify.sh index efd721e48e..17cc17b333 100755 --- a/scripts/test-infra/verify.sh +++ b/scripts/test-infra/verify.sh @@ -7,3 +7,16 @@ export PATH=$PATH:$(go env GOPATH)/bin # Run verify steps make gofmt-verify make ci-lint + +# Check that repo is clean +if ! git diff --quiet; then + echo "Repository is dirty!" + exit 1 +fi + +# Check that templates are up-to-date +make templates +if ! git diff --quiet; then + echo "Deployment templates are not up-to-date. Run 'make templates' to update" + exit 1 +fi