Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( KataDeploy = template.Must(template.New("kata-deploy.yaml").Parse( dedent.Dedent(`--- apiVersion: v1 kind: ServiceAccount metadata: name: kata-label-node namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-labeler rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kata-label-node-rb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: node-labeler subjects: - kind: ServiceAccount name: kata-label-node namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kata-deploy namespace: kube-system spec: selector: matchLabels: name: kata-deploy template: metadata: labels: name: kata-deploy spec: serviceAccountName: kata-label-node containers: - name: kube-kata image: {{ .KataDeployImage }} imagePullPolicy: Always lifecycle: preStop: exec: command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"] command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ] env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName securityContext: privileged: false volumeMounts: - name: crio-conf mountPath: /etc/crio/ - name: containerd-conf mountPath: /etc/containerd/ - name: kata-artifacts mountPath: /opt/kata/ - name: dbus mountPath: /var/run/dbus - name: systemd mountPath: /run/systemd - name: local-bin mountPath: /usr/local/bin/ volumes: - name: crio-conf hostPath: path: /etc/crio/ - name: containerd-conf hostPath: path: /etc/containerd/ - name: kata-artifacts hostPath: path: /opt/kata/ type: DirectoryOrCreate - name: dbus hostPath: path: /var/run/dbus - name: systemd hostPath: path: /run/systemd - name: local-bin hostPath: path: /usr/local/bin/ updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate --- kind: RuntimeClass apiVersion: node.k8s.io/v1beta1 metadata: name: kata-qemu handler: kata-qemu overhead: podFixed: memory: "160Mi" cpu: "250m" --- kind: RuntimeClass apiVersion: node.k8s.io/v1beta1 metadata: name: kata-clh handler: kata-clh overhead: podFixed: memory: "130Mi" cpu: "250m" --- kind: RuntimeClass apiVersion: node.k8s.io/v1beta1 metadata: name: kata-fc handler: kata-fc overhead: podFixed: memory: "130Mi" cpu: "250m" `))) )
View Source
var ( NodeFeatureDiscovery = template.Must(template.New("node-feature-discovery.yaml").Parse( dedent.Dedent(`--- apiVersion: v1 kind: Namespace metadata: name: node-feature-discovery --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: nodefeaturerules.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io names: kind: NodeFeatureRule listKind: NodeFeatureRuleList plural: nodefeaturerules singular: nodefeaturerule scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: NodeFeatureRuleSpec describes a NodeFeatureRule. properties: rules: description: Rules is a list of node customization rules. items: description: Rule defines a rule for node customization such as labeling. properties: labels: additionalProperties: type: string description: Labels to create if the rule matches. type: object labelsTemplate: description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines. type: string matchAny: description: MatchAny specifies a list of matchers one of which must match. items: description: MatchAnyElem specifies one sub-matcher of MatchAny. properties: matchFeatures: description: MatchFeatures specifies a set of matcher terms all of which must match. items: description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: type: string matchExpressions: additionalProperties: description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new instance is created from scratch without using the helper functions." properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse type: string value: description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values. type: object required: - feature - matchExpressions type: object type: array required: - matchFeatures type: object type: array matchFeatures: description: MatchFeatures specifies a set of matcher terms all of which must match. items: description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set. properties: feature: type: string matchExpressions: additionalProperties: description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new instance is created from scratch without using the helper functions." properties: op: description: Op is the operator to be applied. enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt - Lt - GtLt - IsTrue - IsFalse type: string value: description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element. items: type: string type: array required: - op type: object description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values. type: object required: - feature - matchExpressions type: object type: array name: description: Name of the rule. type: string vars: additionalProperties: type: string description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels. type: object varsTemplate: description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines. type: string required: - name type: object type: array required: - rules type: object required: - spec type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: name: nfd-master namespace: node-feature-discovery --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nfd-master rules: - apiGroups: - "" resources: - nodes verbs: - get - patch - update - list - apiGroups: - topology.node.k8s.io resources: - noderesourcetopologies verbs: - create - get - update - apiGroups: - nfd.k8s-sigs.io resources: - nodefeaturerules verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nfd-master roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nfd-master subjects: - kind: ServiceAccount name: nfd-master namespace: node-feature-discovery --- apiVersion: v1 data: nfd-worker.conf: | #core: # labelWhiteList: # noPublish: false # sleepInterval: 60s # featureSources: [all] # labelSources: [all] # klog: # addDirHeader: false # alsologtostderr: false # logBacktraceAt: # logtostderr: true # skipHeaders: false # stderrthreshold: 2 # v: 0 # vmodule: ## NOTE: the following options are not dynamically run-time configurable ## and require a nfd-worker restart to take effect after being changed # logDir: # logFile: # logFileMaxSize: 1800 # skipLogHeaders: false #sources: # cpu: # cpuid: ## NOTE: whitelist has priority over blacklist # attributeBlacklist: # - "BMI1" # - "BMI2" # - "CLMUL" # - "CMOV" # - "CX16" # - "ERMS" # - "F16C" # - "HTT" # - "LZCNT" # - "MMX" # - "MMXEXT" # - "NX" # - "POPCNT" # - "RDRAND" # - "RDSEED" # - "RDTSCP" # - "SGX" # - "SSE" # - "SSE2" # - "SSE3" # - "SSE4" # - "SSE42" # - "SSSE3" # attributeWhitelist: # kernel: # kconfigFile: "/path/to/kconfig" # configOpts: # - "NO_HZ" # - "X86" # - "DMI" # pci: # deviceClassWhitelist: # - "0200" # - "03" # - "12" # deviceLabelFields: # - "class" # - "vendor" # - "device" # - "subsystem_vendor" # - "subsystem_device" # usb: # deviceClassWhitelist: # - "0e" # - "ef" # - "fe" # - "ff" # deviceLabelFields: # - "class" # - "vendor" # - "device" # custom: # # The following feature demonstrates the capabilities of the matchFeatures # - name: "my custom rule" # labels: # my-ng-feature: "true" # # matchFeatures implements a logical AND over all matcher terms in the # # list (i.e. all of the terms, or per-feature matchers, must match) # matchFeatures: # - feature: cpu.cpuid # matchExpressions: # AVX512F: {op: Exists} # - feature: cpu.cstate # matchExpressions: # enabled: {op: IsTrue} # - feature: cpu.pstate # matchExpressions: # no_turbo: {op: IsFalse} # scaling_governor: {op: In, value: ["performance"]} # - feature: cpu.rdt # matchExpressions: # RDTL3CA: {op: Exists} # - feature: cpu.sst # matchExpressions: # bf.enabled: {op: IsTrue} # - feature: cpu.topology # matchExpressions: # hardware_multithreading: {op: IsFalse} # # - feature: kernel.config # matchExpressions: # X86: {op: Exists} # LSM: {op: InRegexp, value: ["apparmor"]} # - feature: kernel.loadedmodule # matchExpressions: # e1000e: {op: Exists} # - feature: kernel.selinux # matchExpressions: # enabled: {op: IsFalse} # - feature: kernel.version # matchExpressions: # major: {op: In, value: ["5"]} # minor: {op: Gt, value: ["10"]} # # - feature: storage.block # matchExpressions: # rotational: {op: In, value: ["0"]} # dax: {op: In, value: ["0"]} # # - feature: network.device # matchExpressions: # operstate: {op: In, value: ["up"]} # speed: {op: Gt, value: ["100"]} # # - feature: memory.numa # matchExpressions: # node_count: {op: Gt, value: ["2"]} # - feature: memory.nv # matchExpressions: # devtype: {op: In, value: ["nd_dax"]} # mode: {op: In, value: ["memory"]} # # - feature: system.osrelease # matchExpressions: # ID: {op: In, value: ["fedora", "centos"]} # - feature: system.name # matchExpressions: # nodename: {op: InRegexp, value: ["^worker-X"]} # # - feature: local.label # matchExpressions: # custom-feature-knob: {op: Gt, value: ["100"]} # # # The following feature demonstrates the capabilities of the matchAny # - name: "my matchAny rule" # labels: # my-ng-feature-2: "my-value" # # matchAny implements a logical IF over all elements (sub-matchers) in # # the list (i.e. at least one feature matcher must match) # matchAny: # - matchFeatures: # - feature: kernel.loadedmodule # matchExpressions: # driver-module-X: {op: Exists} # - feature: pci.device # matchExpressions: # vendor: {op: In, value: ["8086"]} # class: {op: In, value: ["0200"]} # - matchFeatures: # - feature: kernel.loadedmodule # matchExpressions: # driver-module-Y: {op: Exists} # - feature: usb.device # matchExpressions: # vendor: {op: In, value: ["8086"]} # class: {op: In, value: ["02"]} # # # The following features demonstreate label templating capabilities # - name: "my template rule" # labelsTemplate: | # matchFeatures: # - feature: system.osrelease # matchExpressions: # ID: {op: InRegexp, value: ["^open.*"]} # VERSION_ID.major: {op: In, value: ["13", "15"]} # # - name: "my template rule 2" # matchFeatures: # - feature: pci.device # matchExpressions: # class: {op: InRegexp, value: ["^06"]} # vendor: ["8086"] # - feature: cpu.cpuid # matchExpressions: # AVX: {op: Exists} # # # The following examples demonstrate vars field and back-referencing # # previous labels and vars # - name: "my dummy kernel rule" # labels: # "my.kernel.feature": "true" # matchFeatures: # - feature: kernel.version # matchExpressions: # major: {op: Gt, value: ["2"]} # # - name: "my dummy rule with no labels" # vars: # "my.dummy.var": "1" # matchFeatures: # - feature: cpu.cpuid # matchExpressions: {} # # - name: "my rule using backrefs" # labels: # "my.backref.feature": "true" # matchFeatures: # - feature: rule.matched # matchExpressions: # my.kernel.feature: {op: IsTrue} # my.dummy.var: {op: Gt, value: ["0"]} # kind: ConfigMap metadata: name: nfd-worker-conf namespace: node-feature-discovery --- apiVersion: v1 kind: Service metadata: name: nfd-master namespace: node-feature-discovery spec: ports: - port: 8080 protocol: TCP selector: app: nfd-master type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nfd name: nfd-master namespace: node-feature-discovery spec: replicas: 1 selector: matchLabels: app: nfd-master template: metadata: labels: app: nfd-master spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/master operator: In values: - "" weight: 1 - preference: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: In values: - "" weight: 1 containers: - args: [] command: - nfd-master env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: {{ .NFDImage }} imagePullPolicy: IfNotPresent livenessProbe: exec: command: - /usr/bin/grpc_health_probe - -addr=:8080 initialDelaySeconds: 10 periodSeconds: 10 name: nfd-master readinessProbe: exec: command: - /usr/bin/grpc_health_probe - -addr=:8080 failureThreshold: 10 initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: [] serviceAccount: nfd-master tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Equal value: "" - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Equal value: "" volumes: [] --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app: nfd name: nfd-worker namespace: node-feature-discovery spec: selector: matchLabels: app: nfd-worker template: metadata: labels: app: nfd-worker spec: containers: - args: - -server=nfd-master:8080 command: - nfd-worker env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: {{ .NFDImage }} imagePullPolicy: IfNotPresent name: nfd-worker securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true volumeMounts: - mountPath: /host-boot name: host-boot readOnly: true - mountPath: /host-etc/os-release name: host-os-release readOnly: true - mountPath: /host-sys name: host-sys readOnly: true - mountPath: /host-usr/lib name: host-usr-lib readOnly: true - mountPath: /etc/kubernetes/node-feature-discovery/source.d/ name: source-d readOnly: true - mountPath: /etc/kubernetes/node-feature-discovery/features.d/ name: features-d readOnly: true - mountPath: /etc/kubernetes/node-feature-discovery name: nfd-worker-conf readOnly: true dnsPolicy: ClusterFirstWithHostNet volumes: - hostPath: path: /boot name: host-boot - hostPath: path: /etc/os-release name: host-os-release - hostPath: path: /sys name: host-sys - hostPath: path: /usr/lib name: host-usr-lib - hostPath: path: /etc/kubernetes/node-feature-discovery/source.d/ name: source-d - hostPath: path: /etc/kubernetes/node-feature-discovery/features.d/ name: features-d - configMap: name: nfd-worker-conf name: nfd-worker-conf `))) )
Functions ¶
func DeployKataTasks ¶
func DeployKataTasks(d *DeployPluginsModule) []task.Interface
func DeployNodeFeatureDiscoveryTasks ¶
func DeployNodeFeatureDiscoveryTasks(d *DeployPluginsModule) []task.Interface
Types ¶
type ApplyKataDeployManifests ¶
type ApplyKataDeployManifests struct {
common.KubeAction
}
type ApplyNodeFeatureDiscoveryManifests ¶
type ApplyNodeFeatureDiscoveryManifests struct {
common.KubeAction
}
type DeployPluginsModule ¶
type DeployPluginsModule struct {
common.KubeModule
}
func (*DeployPluginsModule) Init ¶
func (d *DeployPluginsModule) Init()
Click to show internal directories.
Click to hide internal directories.