deploy/kud-plugin-addons/nfd/nfd-master.yaml.template

   1 apiVersion: v1
   2 kind: Namespace
   3 metadata:
   4   name: node-feature-discovery # NFD namespace
   5 ---
   6 apiVersion: v1
   7 kind: ServiceAccount
   8 metadata:
   9   name: nfd-master
  10   namespace: node-feature-discovery
  11 ---
  12 apiVersion: rbac.authorization.k8s.io/v1
  13 kind: ClusterRole
  14 metadata:
  15   name: nfd-master
  16 rules:
  17 - apiGroups:
  18   - ""
  19   resources:
  20   - nodes
  21   verbs:
  22   - get
  23   - patch
  24   - update
  25 ---
  26 apiVersion: rbac.authorization.k8s.io/v1
  27 kind: ClusterRoleBinding
  28 metadata:
  29   name: nfd-master
  30 roleRef:
  31   apiGroup: rbac.authorization.k8s.io
  32   kind: ClusterRole
  33   name: nfd-master
  34 subjects:
  35 - kind: ServiceAccount
  36   name: nfd-master
  37   namespace: node-feature-discovery
  38 ---
  39 apiVersion: apps/v1
  40 kind: DaemonSet
  41 metadata:
  42   labels:
  43     app: nfd-master
  44   name: nfd-master
  45   namespace: node-feature-discovery
  46 spec:
  47   selector:
  48     matchLabels:
  49       app: nfd-master
  50   template:
  51     metadata:
  52       labels:
  53         app: nfd-master
  54     spec:
  55       serviceAccount: nfd-master
  56       nodeSelector:
  57         node-role.kubernetes.io/master: ""
  58       tolerations:
  59         - key: "node-role.kubernetes.io/master"
  60           operator: "Equal"
  61           value: ""
  62           effect: "NoSchedule"
  63       containers:
  64         - env:
  65           - name: NODE_NAME
  66             valueFrom:
  67               fieldRef:
  68                 fieldPath: spec.nodeName
  69           image: quay.io/kubernetes_incubator/node-feature-discovery:v0.4.0
  70           name: nfd-master
  71           command:
  72             - "nfd-master"
  73 ## Enable TLS authentication
  74 ## The example below assumes having the root certificate named ca.crt stored in
  75 ## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
  76 ## in a TLS Secret named nfd-master-cert.
  77 ## Additional hardening can be enabled by specifying --verify-node-name in
  78 ## args, in which case every nfd-worker requires a individual node-specific
  79 ## TLS certificate.
  80 #          args:
  81 #            - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
  82 #            - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
  83 #            - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
  84 #          volumeMounts:
  85 #            - name: nfd-ca-cert
  86 #              mountPath: "/etc/kubernetes/node-feature-discovery/trust"
  87 #              readOnly: true
  88 #            - name: nfd-master-cert
  89 #              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
  90 #              readOnly: true
  91 #      volumes:
  92 #        - name: nfd-ca-cert
  93 #          configMap:
  94 #            name: nfd-ca-cert
  95 #        - name: nfd-master-cert
  96 #          secret:
  97 #            secretName: nfd-master-cert
  98 ---
  99 apiVersion: v1
 100 kind: Service
 101 metadata:
 102   name: nfd-master
 103   namespace: node-feature-discovery
 104 spec:
 105   selector:
 106     app: nfd-master
 107   ports:
 108   - protocol: TCP
 109     port: 8080
 110   type: ClusterIP