kubernetes/addon/nfd: make worker configurable

5 files changed, 20 insertions, 238 deletions

diff --git a/roles/kubernetes/addons/node-feature-discovery/defaults/main.yml b/roles/kubernetes/addons/node-feature-discovery/defaults/main.yml
index 36f8b848..f7dfb90a 100644
--- a/roles/kubernetes/addons/node-feature-discovery/defaults/main.yml
+++ b/roles/kubernetes/addons/node-feature-discovery/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
 # kubernetes_node_feature_discovery_version: 0.11.2
+
+kubernetes_node_feature_discovery_worker_config: {}
diff --git a/roles/kubernetes/addons/node-feature-discovery/tasks/main.yml b/roles/kubernetes/addons/node-feature-discovery/tasks/main.yml
index 80acb7b9..93b53bb1 100644
--- a/roles/kubernetes/addons/node-feature-discovery/tasks/main.yml
+++ b/roles/kubernetes/addons/node-feature-discovery/tasks/main.yml
@@ -23,15 +23,18 @@
   run_once: true
   delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
   block:
-  - name: copy config for node-feature-discovery
+  - name: copy base resources for node-feature-discovery
     template:
-      src: "config.{{ kubernetes_node_feature_discovery_version }}.yml.j2"
-      dest: /etc/kubernetes/addons/node-feature-discovery/config.yml
+      src: "base.{{ kubernetes_node_feature_discovery_version }}.yml.j2"
+      dest: /etc/kubernetes/addons/node-feature-discovery/base.yml
 
-  - name: generate kustomization file
+  - name: generate kustomization and nfd-worker config files
+    loop:
+    - kustomization.yml
+    - nfd-worker.conf
     template:
-      src: "kustomization.yml.j2"
-      dest: /etc/kubernetes/addons/node-feature-discovery/kustomization.yml
+      src: "{{ item }}.j2"
+      dest: /etc/kubernetes/addons/node-feature-discovery/{{ item }}
 
   - name: check if node-feature-discovery is already installed
     check_mode: no
diff --git a/roles/kubernetes/addons/node-feature-discovery/templates/config.0.11.2.yml.j2 b/roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2
index 7081c290..cccf75b2 100644
--- a/roles/kubernetes/addons/node-feature-discovery/templates/config.0.11.2.yml.j2
+++ b/roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2
@@ -276,237 +276,6 @@ subjects:
   namespace: node-feature-discovery
 ---
 apiVersion: v1
-data:
-  nfd-worker.conf: |
-    #core:
-    #  labelWhiteList:
-    #  noPublish: false
-    #  sleepInterval: 60s
-    #  featureSources: [all]
-    #  labelSources: [all]
-    #  klog:
-    #    addDirHeader: false
-    #    alsologtostderr: false
-    #    logBacktraceAt:
-    #    logtostderr: true
-    #    skipHeaders: false
-    #    stderrthreshold: 2
-    #    v: 0
-    #    vmodule:
-    ##   NOTE: the following options are not dynamically run-time configurable
-    ##         and require a nfd-worker restart to take effect after being changed
-    #    logDir:
-    #    logFile:
-    #    logFileMaxSize: 1800
-    #    skipLogHeaders: false
-    #sources:
-    #  cpu:
-    #    cpuid:
-    ##     NOTE: whitelist has priority over blacklist
-    #      attributeBlacklist:
-    #        - "BMI1"
-    #        - "BMI2"
-    #        - "CLMUL"
-    #        - "CMOV"
-    #        - "CX16"
-    #        - "ERMS"
-    #        - "F16C"
-    #        - "HTT"
-    #        - "LZCNT"
-    #        - "MMX"
-    #        - "MMXEXT"
-    #        - "NX"
-    #        - "POPCNT"
-    #        - "RDRAND"
-    #        - "RDSEED"
-    #        - "RDTSCP"
-    #        - "SGX"
-    #        - "SSE"
-    #        - "SSE2"
-    #        - "SSE3"
-    #        - "SSE4"
-    #        - "SSE42"
-    #        - "SSSE3"
-    #      attributeWhitelist:
-    #  kernel:
-    #    kconfigFile: "/path/to/kconfig"
-    #    configOpts:
-    #      - "NO_HZ"
-    #      - "X86"
-    #      - "DMI"
-    #  pci:
-    #    deviceClassWhitelist:
-    #      - "0200"
-    #      - "03"
-    #      - "12"
-    #    deviceLabelFields:
-    #      - "class"
-    #      - "vendor"
-    #      - "device"
-    #      - "subsystem_vendor"
-    #      - "subsystem_device"
-    #  usb:
-    #    deviceClassWhitelist:
-    #      - "0e"
-    #      - "ef"
-    #      - "fe"
-    #      - "ff"
-    #    deviceLabelFields:
-    #      - "class"
-    #      - "vendor"
-    #      - "device"
-    #  custom:
-    #    # The following feature demonstrates the capabilities of the matchFeatures
-    #    - name: "my custom rule"
-    #      labels:
-    #        my-ng-feature: "true"
-    #      # matchFeatures implements a logical AND over all matcher terms in the
-    #      # list (i.e. all of the terms, or per-feature matchers, must match)
-    #      matchFeatures:
-    #        - feature: cpu.cpuid
-    #          matchExpressions:
-    #            AVX512F: {op: Exists}
-    #        - feature: cpu.cstate
-    #          matchExpressions:
-    #            enabled: {op: IsTrue}
-    #        - feature: cpu.pstate
-    #          matchExpressions:
-    #            no_turbo: {op: IsFalse}
-    #            scaling_governor: {op: In, value: ["performance"]}
-    #        - feature: cpu.rdt
-    #          matchExpressions:
-    #            RDTL3CA: {op: Exists}
-    #        - feature: cpu.sst
-    #          matchExpressions:
-    #            bf.enabled: {op: IsTrue}
-    #        - feature: cpu.topology
-    #          matchExpressions:
-    #            hardware_multithreading: {op: IsFalse}
-    #
-    #        - feature: kernel.config
-    #          matchExpressions:
-    #            X86: {op: Exists}
-    #            LSM: {op: InRegexp, value: ["apparmor"]}
-    #        - feature: kernel.loadedmodule
-    #          matchExpressions:
-    #            e1000e: {op: Exists}
-    #        - feature: kernel.selinux
-    #          matchExpressions:
-    #            enabled: {op: IsFalse}
-    #        - feature: kernel.version
-    #          matchExpressions:
-    #            major: {op: In, value: ["5"]}
-    #            minor: {op: Gt, value: ["10"]}
-    #
-    #        - feature: storage.block
-    #          matchExpressions:
-    #            rotational: {op: In, value: ["0"]}
-    #            dax: {op: In, value: ["0"]}
-    #
-    #        - feature: network.device
-    #          matchExpressions:
-    #            operstate: {op: In, value: ["up"]}
-    #            speed: {op: Gt, value: ["100"]}
-    #
-    #        - feature: memory.numa
-    #          matchExpressions:
-    #            node_count: {op: Gt, value: ["2"]}
-    #        - feature: memory.nv
-    #          matchExpressions:
-    #            devtype: {op: In, value: ["nd_dax"]}
-    #            mode: {op: In, value: ["memory"]}
-    #
-    #        - feature: system.osrelease
-    #          matchExpressions:
-    #            ID: {op: In, value: ["fedora", "centos"]}
-    #        - feature: system.name
-    #          matchExpressions:
-    #            nodename: {op: InRegexp, value: ["^worker-X"]}
-    #
-    #        - feature: local.label
-    #          matchExpressions:
-    #            custom-feature-knob: {op: Gt, value: ["100"]}
-    #
-    #    # The following feature demonstrates the capabilities of the matchAny
-    #    - name: "my matchAny rule"
-    #      labels:
-    #        my-ng-feature-2: "my-value"
-    #      # matchAny implements a logical IF over all elements (sub-matchers) in
-    #      # the list (i.e. at least one feature matcher must match)
-    #      matchAny:
-    #        - matchFeatures:
-    #            - feature: kernel.loadedmodule
-    #              matchExpressions:
-    #                driver-module-X: {op: Exists}
-    #            - feature: pci.device
-    #              matchExpressions:
-    #                vendor: {op: In, value: ["8086"]}
-    #                class: {op: In, value: ["0200"]}
-    #        - matchFeatures:
-    #            - feature: kernel.loadedmodule
-    #              matchExpressions:
-    #                driver-module-Y: {op: Exists}
-    #            - feature: usb.device
-    #              matchExpressions:
-    #                vendor: {op: In, value: ["8086"]}
-    #                class: {op: In, value: ["02"]}
-    #
-    #    # The following features demonstreate label templating capabilities
-    #    - name: "my template rule"
-    #      labelsTemplate: |
-    #        {{ '{{' }} range .system.osrelease {{ '}}' }}my-system-feature.{{ '{{' }} .Name {{ '}}' }}={{ '{{' }} .Value {{ '}}' }}
-    #        {{ '{{' }} end {{ '}}' }}
-    #      matchFeatures:
-    #        - feature: system.osrelease
-    #          matchExpressions:
-    #            ID: {op: InRegexp, value: ["^open.*"]}
-    #            VERSION_ID.major: {op: In, value: ["13", "15"]}
-    #
-    #    - name: "my template rule 2"
-    #      labelsTemplate: |
-    #        {{ '{{' }} range .pci.device {{ '}}' }}my-pci-device.{{ '{{' }} .class {{ '}}' }}-{{ '{{' }} .device {{ '}}' }}=with-cpuid
-    #        {{ '{{' }} end {{ '}}' }}
-    #      matchFeatures:
-    #        - feature: pci.device
-    #          matchExpressions:
-    #            class: {op: InRegexp, value: ["^06"]}
-    #            vendor: ["8086"]
-    #        - feature: cpu.cpuid
-    #          matchExpressions:
-    #            AVX: {op: Exists}
-    #
-    #    # The following examples demonstrate vars field and back-referencing
-    #    # previous labels and vars
-    #    - name: "my dummy kernel rule"
-    #      labels:
-    #        "my.kernel.feature": "true"
-    #      matchFeatures:
-    #        - feature: kernel.version
-    #          matchExpressions:
-    #            major: {op: Gt, value: ["2"]}
-    #
-    #    - name: "my dummy rule with no labels"
-    #      vars:
-    #        "my.dummy.var": "1"
-    #      matchFeatures:
-    #        - feature: cpu.cpuid
-    #          matchExpressions: {}
-    #
-    #    - name: "my rule using backrefs"
-    #      labels:
-    #        "my.backref.feature": "true"
-    #      matchFeatures:
-    #        - feature: rule.matched
-    #          matchExpressions:
-    #            my.kernel.feature: {op: IsTrue}
-    #            my.dummy.var: {op: Gt, value: ["0"]}
-    #
-kind: ConfigMap
-metadata:
-  name: nfd-worker-conf
-  namespace: node-feature-discovery
----
-apiVersion: v1
 kind: Service
 metadata:
   name: nfd-master
diff --git a/roles/kubernetes/addons/node-feature-discovery/templates/kustomization.yml.j2 b/roles/kubernetes/addons/node-feature-discovery/templates/kustomization.yml.j2
index b8b81411..f9303ec4 100644
--- a/roles/kubernetes/addons/node-feature-discovery/templates/kustomization.yml.j2
+++ b/roles/kubernetes/addons/node-feature-discovery/templates/kustomization.yml.j2
@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - config.yml
+  - base.yml
 
 secretGenerator:
   - name: nfd-master-cert
@@ -12,3 +12,9 @@ secretGenerator:
     - ca.crt=ca/crt.pem
     - tls.crt=ca/master.crt
     - tls.key=ca/master.key
+
+configMapGenerator:
+  - name: nfd-worker-conf
+    namespace: node-feature-discovery
+    files:
+    - nfd-worker.conf
diff --git a/roles/kubernetes/addons/node-feature-discovery/templates/nfd-worker.conf.j2 b/roles/kubernetes/addons/node-feature-discovery/templates/nfd-worker.conf.j2
new file mode 100644
index 00000000..5a37beac
--- /dev/null
+++ b/roles/kubernetes/addons/node-feature-discovery/templates/nfd-worker.conf.j2
@@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+{{ kubernetes_node_feature_discovery_worker_config | to_nice_yaml(indent=2) }}