diff --git a/charts/node-feature-discovery/.helmignore b/charts/node-feature-discovery/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/node-feature-discovery/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/node-feature-discovery/Chart.yaml b/charts/node-feature-discovery/Chart.yaml new file mode 100644 index 00000000..d5225a2e --- /dev/null +++ b/charts/node-feature-discovery/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +name: node-feature-discovery +version: 1.0.0 +appVersion: 0.6.0 +description: Detect hardware features available on each node in a Kubernetes cluster, and advertises those features using node labels +keywords: + - kubernetes + - cluster + - hardware +home: https://github.com/billimek/billimek-charts/tree/master/charts/node-feature-discovery +icon: https://avatars1.githubusercontent.com/u/36015203?s=400&v=4 +sources: + - https://github.com/kubernetes-sigs/node-feature-discovery + - https://github.com/billimek/billimek-charts +maintainers: + - name: billimek + email: jeff@billimek.com diff --git a/charts/node-feature-discovery/README.md b/charts/node-feature-discovery/README.md new file mode 100644 index 00000000..10a60ae3 --- /dev/null +++ b/charts/node-feature-discovery/README.md @@ -0,0 +1,72 @@ +# node-feature-discovery helm chart + +This is a helm chart for [node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery) using the master/worker pattern. + +## TL;DR + +```shell +helm repo add billimek https://billimek.com/billimek-charts/ +helm install billimek/node-feature-discovery +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```shell +helm install my-release billimek/node-feature-discovery +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```shell +helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Sentry chart and their default values. +Read through the [values.yaml](https://github.com/billimek/billimek-charts/blob/master/charts/node-feature-discovery/values.yaml) file. It has several commented out suggested values. + +| Parameter | Description | Default | +| ------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------- | +| `image.repository` | Image repository | `quay.io/kubernetes_incubator/node-feature-discovery` | +| `image.tag` | Image tag. Possible values listed [here](https://github.com/kubernetes-sigs/node-feature-discovery/releases). | `v0.6.0` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | +| `sources` | List of sources to consider when labeling - see [documentation](https://github.com/kubernetes-sigs/node-feature-discovery#feature-sources) for info | `[]` | +| `config` | node-feature-discovery configuration - see [nfd-worker.conf.example](https://github.com/kubernetes-sigs/node-feature-discovery/blob/master/nfd-worker.conf.example) for example | `{}` | +| `service.type` | Kubernetes service type for the GUI | `ClusterIP` | +| `service.port` | Kubernetes port where the GUI is exposed | `8080` | +| `service.annotations` | Service annotations for the GUI | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.loadBalancerIP` | Loadbalancer IP for the GUI | `{}` | +| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `nil` | +| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | +| `master.replicaCount` | Number of replicas to scale the master component to | `1` | +| `master.resources` | CPU/Memory resource requests/limits for master component | `{}` | +| `master.nodeSelector` | Node labels for master component pod assignment | `{}` | +| `master.tolerations` | Toleration labels for master component pod assignment | See [values.yaml](https://github.com/billimek/billimek-charts/blob/master/charts/node-feature-discovery/values.yaml) | +| `master.affinity` | Affinity settings for master component pod assignment | See [values.yaml](https://github.com/billimek/billimek-charts/blob/master/charts/node-feature-discovery/values.yaml) | +| `worker.resources` | CPU/Memory resource requests/limits for worker component | `{}` | +| `worker.nodeSelector` | Node labels for worker component pod assignment | `{}` | +| `worker.tolerations` | Toleration labels for worker component pod assignment | `[]` | +| `worker.affinity` | Affinity settings for worker component pod assignment | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set image.pullPolicy="Always" \ + billimek/node-feature-discovery +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml billimek/node-feature-discovery +``` diff --git a/charts/node-feature-discovery/templates/_helpers.tpl b/charts/node-feature-discovery/templates/_helpers.tpl new file mode 100644 index 00000000..e21fd0f4 --- /dev/null +++ b/charts/node-feature-discovery/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "node-feature-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "node-feature-discovery.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "node-feature-discovery.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "node-feature-discovery.labels" -}} +helm.sh/chart: {{ include "node-feature-discovery.chart" . }} +{{ include "node-feature-discovery.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "node-feature-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "node-feature-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "node-feature-discovery.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "node-feature-discovery.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/node-feature-discovery/templates/configmap.yaml b/charts/node-feature-discovery/templates/configmap.yaml new file mode 100644 index 00000000..a6c1483c --- /dev/null +++ b/charts/node-feature-discovery/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "node-feature-discovery.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +data: + nfd-worker.conf: | +{{ .Values.config | indent 4 }} diff --git a/charts/node-feature-discovery/templates/daemonset-worker.yaml b/charts/node-feature-discovery/templates/daemonset-worker.yaml new file mode 100644 index 00000000..aecaa37e --- /dev/null +++ b/charts/node-feature-discovery/templates/daemonset-worker.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +spec: + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: worker + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "node-feature-discovery.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: {{ .Chart.Name }}-master + securityContext: + {{- toYaml .Values.worker.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - "nfd-worker" + args: + - "--sleep-interval=60s" + - "--server={{ include "node-feature-discovery.fullname" . }}:{{ int .Values.service.port }}" + {{- if .Values.sources }} + - "--sources={{ join "," .Values.sources }}" + {{- end }} + volumeMounts: + - name: host-boot + mountPath: "/host-boot" + readOnly: true + - name: host-os-release + mountPath: "/host-etc/os-release" + readOnly: true + - name: host-sys + mountPath: "/host-sys" + - name: source-d + mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" + - name: features-d + mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-config + mountPath: "/etc/kubernetes/node-feature-discovery/" + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + + volumes: + - name: host-boot + hostPath: + path: "/boot" + - name: host-os-release + hostPath: + path: "/etc/os-release" + - name: host-sys + hostPath: + path: "/sys" + - name: source-d + hostPath: + path: "/etc/kubernetes/node-feature-discovery/source.d/" + - name: features-d + hostPath: + path: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-config + configMap: + name: {{ template "node-feature-discovery.fullname" . }} + + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/node-feature-discovery/templates/deployment-master.yaml b/charts/node-feature-discovery/templates/deployment-master.yaml new file mode 100644 index 00000000..224b369c --- /dev/null +++ b/charts/node-feature-discovery/templates/deployment-master.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + app.kubernetes.io/component: master +spec: + replicas: {{ .Values.master.replicaCount }} + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: master + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: master + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "node-feature-discovery.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-master + securityContext: + {{- toYaml .Values.master.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: api + containerPort: {{ int .Values.service.port }} + protocol: TCP + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - "nfd-master" + resources: + {{- toYaml .Values.master.resources | nindent 12 }} + {{- with .Values.master.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/node-feature-discovery/templates/rbac.yaml b/charts/node-feature-discovery/templates/rbac.yaml new file mode 100644 index 00000000..20ca3f60 --- /dev/null +++ b/charts/node-feature-discovery/templates/rbac.yaml @@ -0,0 +1,31 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master +rules: + - apiGroups: + - "" + resources: + - nodes + # when using command line flag --resource-labels to create extended resources + # you will need to uncomment "- nodes/status" + # - nodes/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }}-master +subjects: + - kind: ServiceAccount + name: {{ include "node-feature-discovery.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/node-feature-discovery/templates/service.yaml b/charts/node-feature-discovery/templates/service.yaml new file mode 100644 index 00000000..d2852a6a --- /dev/null +++ b/charts/node-feature-discovery/templates/service.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "node-feature-discovery.fullname" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- if .Values.service.labels }} + {{ toYaml .Values.service.labels | indent 4 }} + {{- end }} + {{- with .Values.service.annotations }} + annotations: + {{ toYaml . | indent 4 }} + {{- end }} +spec: + {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} + {{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} + {{- else }} + type: {{ .Values.service.type }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: + {{ toYaml .Values.service.externalIPs | indent 4 }} + {{- end }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + ports: + - name: api + port: {{ .Values.service.port }} + protocol: TCP + targetPort: api + {{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} + {{ end }} + selector: + app.kubernetes.io/component: master + {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }} diff --git a/charts/node-feature-discovery/templates/serviceaccount.yaml b/charts/node-feature-discovery/templates/serviceaccount.yaml new file mode 100644 index 00000000..6a8f3bcf --- /dev/null +++ b/charts/node-feature-discovery/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.serviceAccountName" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/node-feature-discovery/values.yaml b/charts/node-feature-discovery/values.yaml new file mode 100644 index 00000000..e5a89493 --- /dev/null +++ b/charts/node-feature-discovery/values.yaml @@ -0,0 +1,218 @@ +# Default values for node-feature-discovery. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: quay.io/kubernetes_incubator/node-feature-discovery + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.6.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +rbac: + # Specifies whether RBAC roles should be created + create: true + +# Comma separated list of feature sources. +sources: [] + # - cpu + # - custom + # - iommu + # - kernel + # - local + # - memory + # - network + # - pci + # - storage + # - system + # - usb + +# node-feature-discovery configuration - see https://github.com/kubernetes-sigs/node-feature-discovery/blob/master/nfd-worker.conf.example for example +config: | + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4.1" + # - "SSE4.2" + # - "SSSE3" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # - name: "my.kernel.feature" + # matchOn: + # - loadedKMod: ["example_kmod1", "example_kmod2"] + # - name: "my.pci.feature" + # matchOn: + # - pciId: + # class: ["0200"] + # vendor: ["15b3"] + # device: ["1014", "1017"] + # - pciId : + # vendor: ["8086"] + # device: ["1000", "1100"] + # - name: "my.usb.feature" + # matchOn: + # - usbId: + # class: ["ff"] + # vendor: ["03e7"] + # device: ["2485"] + # - usbId: + # class: ["fe"] + # vendor: ["1a6e"] + # device: ["089a"] + # - name: "my.combined.feature" + # matchOn: + # - pciId: + # vendor: ["15b3"] + # device: ["1014", "1017"] + # loadedKMod : ["vendor_kmod1", "vendor_kmod2"] + +service: + type: ClusterIP + clusterIP: "" + port: 8080 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + # nodePort: + ## List of IP addresses at which the hass-configurator service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + externalIPs: [] + ## Use loadBalancerIP to request a specific static IP, otherwise leave blank + loadBalancerIP: "" + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + externalTrafficPolicy: # Local + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +master: + replicaCount: 1 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "" + effect: "NoSchedule" + + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/master" + operator: In + values: [""] + +worker: + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {}