summaryrefslogtreecommitdiff
path: root/roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2')
-rw-r--r--roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2479
1 files changed, 479 insertions, 0 deletions
diff --git a/roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2 b/roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2
new file mode 100644
index 00000000..cccf75b2
--- /dev/null
+++ b/roles/kubernetes/addons/node-feature-discovery/templates/base.0.11.2.yml.j2
@@ -0,0 +1,479 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: node-feature-discovery
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ name: nodefeaturerules.nfd.k8s-sigs.io
+spec:
+ group: nfd.k8s-sigs.io
+ names:
+ kind: NodeFeatureRule
+ listKind: NodeFeatureRuleList
+ plural: nodefeaturerules
+ singular: nodefeaturerule
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: NodeFeatureRule resource specifies a configuration for feature-based
+ customization of node objects, such as node labeling.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NodeFeatureRuleSpec describes a NodeFeatureRule.
+ properties:
+ rules:
+ description: Rules is a list of node customization rules.
+ items:
+ description: Rule defines a rule for node customization such as
+ labeling.
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to create if the rule matches.
+ type: object
+ labelsTemplate:
+ description: LabelsTemplate specifies a template to expand for
+ dynamically generating multiple labels. Data (after template
+ expansion) must be keys with an optional value (<key>[=<value>])
+ separated by newlines.
+ type: string
+ matchAny:
+ description: MatchAny specifies a list of matchers one of which
+ must match.
+ items:
+ description: MatchAnyElem specifies one sub-matcher of MatchAny.
+ properties:
+ matchFeatures:
+ description: MatchFeatures specifies a set of matcher
+ terms all of which must match.
+ items:
+ description: FeatureMatcherTerm defines requirements
+ against one feature set. All requirements (specified
+ as MatchExpressions) are evaluated against each element
+ in the feature set.
+ properties:
+ feature:
+ type: string
+ matchExpressions:
+ additionalProperties:
+ description: "MatchExpression specifies an expression
+ to evaluate against a set of input values. It
+ contains an operator that is applied when matching
+ the input and an array of values that the operator
+ evaluates the input against. \n NB: CreateMatchExpression
+ or MustCreateMatchExpression() should be used
+ for creating new instances. NB: Validate()
+ must be called if Op or Value fields are modified
+ or if a new instance is created from scratch
+ without using the helper functions."
+ properties:
+ op:
+ description: Op is the operator to be applied.
+ enum:
+ - In
+ - NotIn
+ - InRegexp
+ - Exists
+ - DoesNotExist
+ - Gt
+ - Lt
+ - GtLt
+ - IsTrue
+ - IsFalse
+ type: string
+ value:
+ description: Value is the list of values that
+ the operand evaluates the input against.
+ Value should be empty if the operator is
+ Exists, DoesNotExist, IsTrue or IsFalse.
+ Value should contain exactly one element
+ if the operator is Gt or Lt and exactly
+ two elements if the operator is GtLt. In
+ other cases Value should contain at least
+ one element.
+ items:
+ type: string
+ type: array
+ required:
+ - op
+ type: object
+ description: MatchExpressionSet contains a set of
+ MatchExpressions, each of which is evaluated against
+ a set of input values.
+ type: object
+ required:
+ - feature
+ - matchExpressions
+ type: object
+ type: array
+ required:
+ - matchFeatures
+ type: object
+ type: array
+ matchFeatures:
+ description: MatchFeatures specifies a set of matcher terms
+ all of which must match.
+ items:
+ description: FeatureMatcherTerm defines requirements against
+ one feature set. All requirements (specified as MatchExpressions)
+ are evaluated against each element in the feature set.
+ properties:
+ feature:
+ type: string
+ matchExpressions:
+ additionalProperties:
+ description: "MatchExpression specifies an expression
+ to evaluate against a set of input values. It contains
+ an operator that is applied when matching the input
+ and an array of values that the operator evaluates
+ the input against. \n NB: CreateMatchExpression or
+ MustCreateMatchExpression() should be used for creating
+ new instances. NB: Validate() must be called if Op
+ or Value fields are modified or if a new instance
+ is created from scratch without using the helper functions."
+ properties:
+ op:
+ description: Op is the operator to be applied.
+ enum:
+ - In
+ - NotIn
+ - InRegexp
+ - Exists
+ - DoesNotExist
+ - Gt
+ - Lt
+ - GtLt
+ - IsTrue
+ - IsFalse
+ type: string
+ value:
+ description: Value is the list of values that the
+ operand evaluates the input against. Value should
+ be empty if the operator is Exists, DoesNotExist,
+ IsTrue or IsFalse. Value should contain exactly
+ one element if the operator is Gt or Lt and exactly
+ two elements if the operator is GtLt. In other
+ cases Value should contain at least one element.
+ items:
+ type: string
+ type: array
+ required:
+ - op
+ type: object
+ description: MatchExpressionSet contains a set of MatchExpressions,
+ each of which is evaluated against a set of input values.
+ type: object
+ required:
+ - feature
+ - matchExpressions
+ type: object
+ type: array
+ name:
+ description: Name of the rule.
+ type: string
+ vars:
+ additionalProperties:
+ type: string
+ description: Vars is the variables to store if the rule matches.
+ Variables do not directly inflict any changes in the node
+ object. However, they can be referenced from other rules enabling
+ more complex rule hierarchies, without exposing intermediary
+ output values as labels.
+ type: object
+ varsTemplate:
+ description: VarsTemplate specifies a template to expand for
+ dynamically generating multiple variables. Data (after template
+ expansion) must be keys with an optional value (<key>[=<value>])
+ separated by newlines.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - rules
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: nfd-master
+ namespace: node-feature-discovery
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: nfd-master
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - patch
+ - update
+ - list
+- apiGroups:
+ - topology.node.k8s.io
+ resources:
+ - noderesourcetopologies
+ verbs:
+ - create
+ - get
+ - update
+- apiGroups:
+ - nfd.k8s-sigs.io
+ resources:
+ - nodefeaturerules
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: nfd-master
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: nfd-master
+subjects:
+- kind: ServiceAccount
+ name: nfd-master
+ namespace: node-feature-discovery
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nfd-master
+ namespace: node-feature-discovery
+spec:
+ ports:
+ - port: 8080
+ protocol: TCP
+ selector:
+ app: nfd-master
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: nfd
+ name: nfd-master
+ namespace: node-feature-discovery
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nfd-master
+ template:
+ metadata:
+ labels:
+ app: nfd-master
+ spec:
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/master
+ operator: In
+ values:
+ - ""
+ weight: 1
+ - preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/control-plane
+ operator: In
+ values:
+ - ""
+ weight: 1
+ containers:
+ - args:
+ - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ - -verify-node-name
+ command:
+ - nfd-master
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: k8s.gcr.io/nfd/node-feature-discovery:v0.11.2
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ exec:
+ command:
+ - /usr/bin/grpc_health_probe
+ - -addr=:8080
+ - -tls
+ - "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ name: nfd-master
+ readinessProbe:
+ exec:
+ command:
+ - /usr/bin/grpc_health_probe
+ - -addr=:8080
+ - -tls
+ - "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ failureThreshold: 10
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ volumeMounts:
+ - mountPath: /etc/kubernetes/node-feature-discovery/certs/
+ name: tls-certs
+ readOnly: true
+ serviceAccount: nfd-master
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Equal
+ value: ""
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Equal
+ value: ""
+ volumes:
+ - name: tls-certs
+ secret:
+ secretName: nfd-master-cert
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ app: nfd
+ name: nfd-worker
+ namespace: node-feature-discovery
+spec:
+ selector:
+ matchLabels:
+ app: nfd-worker
+ template:
+ metadata:
+ labels:
+ app: nfd-worker
+ spec:
+ containers:
+ - args:
+ - -server=nfd-master:8080
+ - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ command:
+ - nfd-worker
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: k8s.gcr.io/nfd/node-feature-discovery:v0.11.2
+ imagePullPolicy: IfNotPresent
+ name: nfd-worker
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ volumeMounts:
+ - mountPath: /host-boot
+ name: host-boot
+ readOnly: true
+ - mountPath: /host-etc/os-release
+ name: host-os-release
+ readOnly: true
+ - mountPath: /host-sys
+ name: host-sys
+ readOnly: true
+ - mountPath: /host-usr/lib
+ name: host-usr-lib
+ readOnly: true
+ - mountPath: /etc/kubernetes/node-feature-discovery/source.d/
+ name: source-d
+ readOnly: true
+ - mountPath: /etc/kubernetes/node-feature-discovery/features.d/
+ name: features-d
+ readOnly: true
+ - mountPath: /etc/kubernetes/node-feature-discovery
+ name: nfd-worker-conf
+ readOnly: true
+ - mountPath: /etc/kubernetes/node-feature-discovery/certs/
+ name: tls-certs
+ readOnly: true
+ dnsPolicy: ClusterFirstWithHostNet
+ volumes:
+ - hostPath:
+ path: /boot
+ name: host-boot
+ - hostPath:
+ path: /etc/os-release
+ name: host-os-release
+ - hostPath:
+ path: /sys
+ name: host-sys
+ - hostPath:
+ path: /usr/lib
+ name: host-usr-lib
+ - hostPath:
+ path: /etc/kubernetes/node-feature-discovery/source.d/
+ name: source-d
+ - hostPath:
+ path: /etc/kubernetes/node-feature-discovery/features.d/
+ name: features-d
+ - configMap:
+ name: nfd-worker-conf
+ name: nfd-worker-conf
+ - name: tls-certs
+ hostPath:
+ path: /etc/kubernetes/node-feature-discovery/certs
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 06:10:14 +0000