feat(helm): update chart node-feature-discovery to 0.17.0

[chii-bot]

This PR contains the following updates:

Package	Update	Change
node-feature-discovery	minor	0.11.1 -> 0.17.0

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

kubernetes-sigs/node-feature-discovery

v0.17.0

Compare Source

Changelog

Configurable restrictions (EXPERIMENTAL)

The nfd-master now has configuration options to restrict its capabilities, that is what modifications on node objects are allowed. See the nfd-master configuration file reference for documentation.

Image compatibity (EXPERIMENTAL)

There is an initiative to utilize NFD to implement system compatibility requirements for container images. As part of this work NFD v0.17 includes nfd command line client for validating systems against image compatibility manifests. See the documentation for more details, including examples how to create container images with compatibility manifests and validating nodes.

See the enhancement proposal for background information and design details.

Miscellaneous

Scalability

This release contains numerous fixes to fix issues and improve the scalability of NFD in larger clusters.

DMI features

Discovery of system.dmiid.product_name was added.

CPUID features

Support for new CPUID flags were added, including AMX-FP8 and AVX-VNNI-INT16.

Helm chart

Numerous small improvements in the NFD Helm chart, mainly new configuration values (see chart parameters for documentation).

Deprecations

gRPC API

The NodeFeature API is now GA and the legacy gRPC API has been completely removed.

Hooks

Support for hooks (deprecated in v0.12 has been removed. See the customization guide for replacements.

ResourceLabels config option

The resourceLabels configuration file option (and the corresponding -resource-labels flag), deprecated in v0.13 were removed. Use NodeFeatureRule object's extendedResources field instead.

Dynamic configuration

Dynamic runt-time reconfiguration was removed. This improves robustness and consistency as some of the configuration options did not support dynamic configuration.

Upcoming changes

The separate metric and health ports will be united behind a single port and the corresponding Helm chart values will be removed in NFD v0.18. This should be invisible to most users.

List of PRs

• Update readme to v0.16.0 release (#​1722)
• topology-updater: properly handle IPv6 from NODE_ADDRESS (#​1729)
• helm: remove defaults CPU limits (#​1728)
• build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 (#​1738)
• Fix the problem with starting the master with empty cache (#​1739)
• build(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (#​1742)
• ensure post-delete-job's service account matches ref in job spec (#​1746)
• Dockerfile: fix FromAs Casing (#​1753)
• build(deps): bump github.com/klauspost/cpuid/v2 from 2.2.7 to 2.2.8 (#​1744)
• build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#​1745)
• build(deps): bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#​1743)
• Update README to v0.16.1 (#​1756)
• Document AVXVNNIINT16 cpuid feature (#​1749)
• scripts: refresh e2e-presubmit test script (#​1758)
• build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#​1760)
• docs: describe Kubernetes version compatibility in versions page (#​1764)
• scripts/test-infra: drop the unused build-image script (#​1762)
• scripts/test-infra: run postsubmit e2e test in kind (#​1763)
• nfd-master: fix typos (#​1765)
• Simplify code (#​1766)
• scripts/test-infra: setup kind in e2e-test (#​1767)
• README: update module name in go report card badge (#​1768)
• deployment/helm: enable specifying additional cmdline args (#​1726)
• cloudbuild: increase the image build timeout (#​1770)
• Use worker DS OwnerReference for NF's (#​1755)
• README: update to v0.16.2 (#​1783)
• Drop the -enable-nodefeature-api flag (#​1780)
• fix: take into consideration possibility of having empty line in swap file (#​1781)
• nfd-worker: change TestRun to use NodeFeature API (#​1788)
• go.mod: update kubernetes to v1.30.2 and klog to v2.130.1 (#​1786)
• Helm: Add revision history limit for master replica (#​1782)
• test/e2e: set topology-updater sleep-interval in podfingerprint test (#​1792)
• helm: drop trailing whitespace from values.yaml (#​1790)
• docs: reformat tables of helm parameters (#​1791)
• test/e2e: specify -sleep-interval in topology-updater exclude-memory test (#​1793)
• README: update to v0.16.3 (#​1794)
• feature-gates: mark NodeFeatureAPI as GA (#​1778)
• scripts/test-infra: bump golangci-lint to v1.59.1 (#​1795)
• scripts/test-infra: bump helm to v3.15.3 (#​1796)
• Helm: Add revision history limit for worker daemonset (#​1797)
• Dockerfile: cache go modules on build (#​1798)
• build(deps): bump k8s.io/kubernetes from 1.30.2 to 1.30.3 in the k8sio group (#​1804)
• helm: add configurable liveness&readiness probes for master topology-updater and worker (#​1801)
• nfd-master: check nfd api informer cache sync result (#​1809)
• nfd-gc: check that node informer cache sync succeeded (#​1812)
• build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 (#​1819)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#​1818)
• Docs: Fixed feature-gates reference (#​1822)
• nfd-master: tweak list options for NodeFeature informer (#​1811)
• Docs: Fix the link to feature gates documentation (#​1821)
• nfd-gc: only fetch object metadata (#​1813)
• nfd-gc: use paging when listing CRs (#​1815)
• build(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 (#​1824)
• Add helm migration guide (#​1807)
• docs: use jekyll-rtd-theme from a ruby gem (#​1829)
• tilt: sync up builder go version with project go.mod (#​1827)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#​1831)
• build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 (#​1832)
• README: update to v0.16.4 (#​1834)
• test/e2e: simplify TestMain (#​1835)
• nfd-master: explicit state variable for the node updater pool (#​1844)
• nfd-master: use only unbuffered chans in the nfd api-controller (#​1843)
• nfd-master: proper shutdown of nfd api informers (#​1848)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.0 to 2.20.1 (#​1853)
• test/e2e: drop the pod security admission hack (#​1854)
• scripts/test-infra: bump golangci-lint to v1.60.3 (#​1859)
• Drop dynamic run-time reconfiguration (#​1847)
• build(deps): bump github.com/onsi/gomega from 1.34.1 to 1.34.2 (#​1862)
• build(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#​1864)
• Bump Go to v1.23 (#​1858)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 (#​1870)
• build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 (#​1867)
• source/system: Add reading product name information (#​1871)
• nfd-master: cleanup updater-pool method args (#​1876)
• helm: rename args chart value to extraArgs (#​1880)
• helm: rename args to extraArgs in values.yaml (#​1881)
• source/network: Ignore bonding_masters interface during scanning (#​1856)
• build(deps): bump github.com/jaypipes/ghw from 0.12.0 to 0.13.0 (#​1869)
• Add helm values to configure hostNetwork and additional env vars (#​1878)
• Add parameter to configure health endpoint port (#​1885)
• Add .idea/ to gitignore (#​1886)
• nfd-gc: drop one duplicate import from tests (#​1888)
• test/e2e: use ptr.To to get pointer to bool (#​1836)
• docs: quote shell snippets containing urls with query parameters (#​1895)
• build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#​1900)
• build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#​1899)
• Template exposed health port in helm chart (#​1904)
• github: specify workflow permissions (#​1906)
• README: update to v0.16.5 (#​1909)
• build(deps): bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 (#​1916)
• Move testdata to root (#​1921)
• Convert testdata to an empty go module (#​1924)
• Add separate helm values for the liveness and readiness probes (#​1913)
• feat/nfd-master: configure CR restrictions (#​1592)
• build(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#​1923)
• Drop NFD gRPC API (#​1910)
• build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#​1917)
• go.mod: bump kubernetes to v1.31 (#​1837)
• tests: better assertion message in nfd-gc unit tests (#​1816)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#​1937)
• build(deps): bump github.com/onsi/gomega from 1.34.2 to 1.35.1 (#​1938)
• build(deps): bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 (#​1940)
• nfd-master: drop stale unreachable deprecation notices (#​1942)
• Docs: remove gRPC (#​1943)
• Taints: mark stable (#​1944)
• Drop support for hooks (#​1941)
• build(deps): bump google.golang.org/grpc from 1.63.2 to 1.67.1 (#​1898)
• build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#​1939)
• Doc: Fix tilt up issue in feature discovering in developer guide (#​1889)
• Deprecate separate metrics and health port args (#​1948)
• Release template: Document tagging for API submodule (#​1945)
• go.mod: bump cpuid to v2.2.9 (#​1949)
• nfd-master: drop resourceLabels (#​1950)
• docs: minor update in the feature gates table (#​1951)
• build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 (#​1952)
• build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#​1953)
• build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#​1954)
• build(deps): bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 (#​1957)
• build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#​1960)
• Document AMXFP8 cpuid feature (#​1935)
• go.mod: bump kubernetes patch version (#​1962)
• pkg/utils: drop fswatcher (#​1961)
• chore: add metrics system prefix (#​1956)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#​1959)
• build(deps): bump github.com/onsi/gomega from 1.35.1 to 1.36.0 (#​1966)
• build(deps): bump google.golang.org/grpc from 1.68.0 to 1.68.1 (#​1969)
• build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 (#​1968)
• NFD image compatibility proposal (#​1845)
• deployment: add startupProbe for nfd-master (#​1810)
• scripts/update-gh-pages: fix release version parsing (#​1974)
• nfd-master: check that namespace informer cache sync succeeded (#​1965)
• Fix version parsing (#​1977)
• Makefile: fix version parsing (#​1981)
• nfd-worker: Add an option to disable setting the owner references (#​1860)
• Cleanup for NodeFeature API being GA (#​1976)
• build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 (#​1983)
• build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#​1986)
• build(deps): bump github.com/onsi/gomega from 1.36.0 to 1.36.1 (#​1984)
• build(deps): bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 (#​1985)
• go.mod: bump kubernetes to v1.32 (#​1987)
• Drop protobuf definitions and protobuf code generation (#​1989)
• Introduce nfd client for image compatibilty (#​1932)
• Remove errors for nodes without NodeFeatures (#​1988)
• go.mod: bump golang.org/x/net to v0.33.0 (#​1991)

(Full Changelog: kubernetes-sigs/node-feature-discovery@v0.17.0-devel...v0.17.0)

v0.16.6

Compare Source

What's Changed

• Convert testdata to an empty go module
• Move testdata to root
• github: specify workflow permissions

Contributors @​marquiz @​elezar @​ArangoGutierrez

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.5...v0.16.6

v0.16.5

Compare Source

What's Changed

Fixes an nfd-master memory leak on re-configure events when leader election is enabled. Adds parameters to configure health endpoint port.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.4...v0.16.5

v0.16.4

Compare Source

What's Changed

This patch release contains improvements to the Helm chart, adding configurable liveness and readiness probes for all daemons and configurable revision history limit for the nfd-worker and nfd-topology-updater.

• Helm: Add revision history limit for worker daemonset (#​1797) by @​marquiz in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1799
• go.mod: bump kubernetes to v1.30.3 by @​marquiz in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1805
• helm: add configurable liveness&readiness probes by @​marquiz in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1808
• Add helm migration guide by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1825

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.3...v0.16.4

v0.16.3

Compare Source

Fix detection of swap in some scenarios (#​1751) and add Helm parameter to set the revisionHistoryLimit of nfd-master and nfd-gc (#​1759).

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.2...v0.16.3

v0.16.2

Compare Source

What's Changed

Fixes an issue where node labels were temporarily removed on nfd-worker pod restarts.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.1...v0.16.2

v0.16.1

Compare Source

What's Changed

• [release-0.16] Revert "build(deps): bump actions/checkout from 1 to 4" by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1721
• [release-0.16] topology-updater: properly handle IPv6 from NODE_ADDRESS by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1731
• [release-0.16] helm: remove defaults CPU limits by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1736
• [release-0.16] Fix the problem with starting the master with empty cache by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1740
• [release-0.16] ensure post-delete-job's service account matches ref in job spec by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1750

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.0...v0.16.1

v0.16.0

Compare Source

Changelog

NodeFeatureGroup API

The NodeFeatureGroup custom resource was added to the NFD API. The NodeFeatureGroup API enables the creation of node groups based on features discovered by NFD. The API is an alpha feature and is disabled by default and can be enabled with the NodeFeatureGroupAPI feature gate.

See documentation for more details.

Feature gates

NFD adapted the concept of feature gates from Kubernetes to introduce and stabilize new features in a controlled way. See the documentation for more details. Two existing features (NodeFeature API and disabling label auto-prefixing) were converted into feature gates.

Deprecations

Upcoming changes

Support for hooks is deprecated since v0.12.0 and will be completely dropped in the NFD v0.17.

RDT feature labels removed

The feature.node.kubernetes.io/cpu-rdt.* feature labels that were deprecated in NFD v0.13 were removed. RDT features are still available for use in NodeFeatureRules for custom labels.

Deprecated flags and options

The autoDefaultNs config file option of nfd-master is deprecated and will be removed in NFD v0.17. Superseded by the DisableAutoPrefix feature gate (featureGates.DisableAutoPrefix Helm parameter).

The -enable-nodefeature-api command line flag of nfd-master and nfd-worker and the corresponding enableNodeFeatureApi Helm chart parameter have been deprecated and will be removed in NFD v0.17. Superseded by the NodeFeature API feature gate (featureGates.NodeFeatureAPI Helm parameter).

The -crd-controller command line flag of nfd-master is deprecated and will be removed with the gRPC API in a future release.

Miscellaneous

Network devices

Discover speed of virtual network interfaces.

DMI

Added support for detecting DMI attributes from /sys/devices/virtual/dmi/id/. In v0.16 only sys_vendor discovered, available as system.dmiid.sys_vendor feature for use in NodeFeatureRules.

Swap

Discover the availability of swap on the node. Available as memory.swap.enabled feature for use in NodeFeatureRules.

Helm chart

Now all nodes are cleaned up (feature labels, annotations, extended resources and taints are removed) after uninstalling NFD using a post-delete hook.

The Helm chart now sets resource requests (cpu and memory) for NFD pods. Users may want to adjust these for their cluster. An option to set the pod priority class was added. See Helm chart parameters in the documentation).

Container health

A gRPC health server was added to the nfd-master, nfd-worker and nfd-topology-updater daemons. Deployments (Helm and kustomize) configure container liveness and readiness probes to use that for health checking.

List of PRs

• github: update tagging instructions in release checklists (#​1527)
• Update readme to v0.15.0 release (#​1524)
• makefile: fix build: target (#​1528)
• Makefile: add -timeout argument to e2e-tests (#​1526)
• helm: add post-delete hook that cleans up the node (#​1532)
• deployment/kustomize: drop the sample cert-manager overlay (#​1534)
• nfd-master: run a separate gRPC health server (#​1535)
• source/network: discover speed of virtual network interfaces (#​1536)
• go.mod: update dependencies (#​1539)
• chore: combine cpu count and thread_siblings functions into discover topology function (#​1505)
• source/cpu: drop deprecated cpu-rdt labels (#​1530)
• Update readme to v0.15.1 release (#​1552)
• hack/generate: patch auto-generated deepcopy functions (#​1553)
• apis/nfd: Trivial typo fix in tests (#​1537)
• docs: update docs build dependencies (#​1543)
• topology-updater: initialize properly with -no-publish (#​1554)
• topology-updater: document the -no-publish flag correctly (#​1555)
• Wrap nested errors (#​1558)
• Prevent nfd-worker erroring when reading attributes from paravirtual devices (#​1557)
• pkg/utils: move GetKubeconfig from pkg/apihelper here (#​1562)
• OWNERS: add AhmedGrati as a reviewer (#​1564)
• deployment/helm: don't deploy topology-updater conf unnecessarily (#​1565)
• topology-updater: get topology api client directly (#​1566)
• pkg/utils: move JsonPatch from pkg/apihelper (#​1568)
• nfd-master: ditch apihelper (#​1570)
• topology-updater: ditch apihelper (#​1567)
• Drop pkg/apihelper (#​1561)
• nfd-master: fix node status patching (#​1571)
• nfd-topology-updater add pods fingerprint by default (#​1560)
• docs: add KEP of Spiffe integration (#​1444)
• docs: document removal of hooks in v0.17 (#​1573)
• build(deps): bump github.com/opencontainers/runc from 1.1.10 to 1.1.12 (#​1575)
• build(deps-dev): bump nokogiri from 1.16.0 to 1.16.2 in /docs (#​1576)
• scripts/test-infra: bump golangci-lint to v1.56.1 (#​1580)
• scripts/test-infra: bump k8s logcheck to v0.8.1 (#​1583)
• Bump Go to v1.22 (#​1579)
• scripts/test-infra: bump helm to v3.14.0 (#​1582)
• source/kernel: add unit tests for kernel version parsing (#​1588)
• helm: add priorityClassName option (#​1587)
• source/pci: add unit test for the pci source (#​1589)
• nfd-master: log errors on node update retries (#​1591)
• source/system: Add reading vendor information (#​1574)
• source/cpu: fix build tags on rdt discovery (#​1594)
• helm: add ability to use a custom issuer (#​1598)
• fix hook issue (#​1604)
• generate: update autogenerate tools (#​1606)
• apis/nfd/validate: use testify/assert for checking test results (#​1590)
• Update readme to v0.15.2 release (#​1611)
• Update generate scripts to use latest code_gen functions (#​1605)
• nfd-master: mark the -crd-controller flag as deprecated (#​1612)
• build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​1613)
• Use close to signal stop channedl in worker and topology-updater (#​1620)
• nfd-master: fix memory leak in nfd api-controller (#​1615)
• Update readme to v0.15.3 release (#​1628)
• Add FeatureGate framework to handle new features (#​1623)
• replace AhmedGrati account with TessaIO as reviewer (#​1630)
• add swap support in nfd (#​1585)
• nfd-master: check if node exists before trying update (#​1595)
• Remove references to -enable-nodefeature-api flag (#​1632)
• Add owner reference to NRT object (#​1602)
• nfd-master: retry node updates indefinitely (#​1596)
• nfd-worker: Add liveness probe (#​1609)
• topology-updater: Set APIVersion, Kind in the OwnerReference explicitly (#​1634)
• helm: fix invalid name of host-swaps volume (#​1635)
• nfd-master: do nfd API scheme registration in an init function (#​1641)
• chore/deployment: add resources requests and limits for helm and Kustomize (#​1631)
• nfd-topology-updater: Add liveness probe (#​1643)
• nfd-master: get node object only once when updating node (#​1652)
• chore/deploy: make interval property in PodMonitor configurable (#​1639)
• nfd-master: protect node updater pool queueing with a lock (#​1642)
• nfd-master: prevent crash on empty config struct (#​1657)
• Update readme to v0.15.4 release (#​1650)
• Tidy up usage of channels for signaling (#​1656)
• nfd-master: implement opts for modifying NfdMaster instance (#​1658)
• nfd-master: parse kubeconfig even with NoPublish set (#​1655)
• Move NFD api to a separate go mod (#​1600)
• api/nfd: run go mod tidy (#​1661)
• Fix Make generate (#​1662)
• apis/nfd/validate: loosen validation of feature annotations (#​1633)
• nfd-master: use separate k8s api clients for each updater (#​1653)
• nfd-master: stop node-updater pool before reconfiguring api-controller (#​1660)
• build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 (#​1665)
• chore/nfd-master: remove warnings in nfd-master unit tests file (#​1668)
• build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 in api/nfd (#​1666)
• apis/nfd: add unit tests for match name functions (#​1667)
• apis/nfd: no error on ops that never match (#​1670)
• api/nfd: use varargs in the NewInstanceFeatures helper (#​1669)
• scripts/test-infra: bump golangci-lint to v1.57.2 (#​1674)
• add ARMv7 support (#​1659)
• docs: document trade-offs in memory configuration (#​1651)
• go.mod: bump kubernetes to v1.30 (#​1675)
• cloudbuild.yaml: change machine type to e1-highcpu-32 (#​1678)
• test/e2e: stop importing kubernetes test/e2e (#​1680)
• hack/init-buildx.sh: fix broken patter matching (#​1683)
• Disable armv7 builds (#​1677)
• cloudbuild.yaml: downgrade machine type to e2-highcpu-8 (#​1685)
• Update update_codegen.sh for v0.30 version of codegen tools (#​1681)
• Dependabot: Add proper dependabot config file (#​1679)
• build(deps): bump azure/setup-helm from 3 to 4 (#​1686)
• build(deps): bump actions/checkout from 1 to 4 (#​1687)
• build(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 (#​1689)
• build(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 (#​1691)
• build(deps): bump github.com/onsi/gomega from 1.31.0 to 1.33.0 (#​1692)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.2 (#​1690)
• build(deps): bump github.com/jaypipes/ghw from 0.8.1-0.20210827132705-c7224150a17e to 0.12.0 (#​1688)
• apis/nfd: increase unit test coverage (#​1693)
• build: specify buildx builder name everywhere (#​1684)
• source/kernel: silence misleading error on selinux detection (#​1694)
• build(deps): bump github.com/klauspost/cpuid/v2 from 2.2.6 to 2.2.7 (#​1695)
• build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#​1696)
• build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#​1698)
• build(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#​1699)
• build(deps): bump github.com/k8stopologyawareschedwg/noderesourcetopology-api from 0.1.0 to 0.1.2 (#​1697)
• build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 (#​1701)
• build(deps): bump google.golang.org/grpc from 1.60.1 to 1.63.2 (#​1702)
• build(deps-dev): bump nokogiri from 1.16.2 to 1.16.5 in /docs (#​1706)
• build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#​1703)
• build(deps): bump github.com/k8stopologyawareschedwg/podfingerprint from 0.1.2 to 0.2.2 (#​1705)
• nfd-master: add DisableAutoPrefix feature gate (#​1707)
• Re-add -enable-nodefeature-api cmdline flag (#​1708)
• build(deps): bump rexml from 3.2.6 to 3.2.8 in /docs (#​1709)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#​1711)
• Add NodeFeatureGroup API (#​1487)
• api/nfd: document all undocumented fields in the types (#​1714)
• nfd-worker: improved log when creating NodeFeature object (#​1713)
• apis/nfd: allow different types of features of the same name (#​1671)
• cpu: advertise AVX10 version (#​1673)
• source/cpu: disable AVX10 label (#​1715)
• docs/helm: document all feature gates (#​1716)
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (#​1717)
• docs: add more cross-references to NodeFeatureGroup API (#​1718)

v0.15.7

Compare Source

What's Changed

This patch release updates dependencies.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.6...v0.15.7

v0.15.6

Compare Source

What's Changed

Fixes an issue where node labels were temporarily removed on nfd-worker pod restarts.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.5...v0.15.6

v0.15.5

Compare Source

Changelog

This patch release fixes nfd-topology-updater on IPv6 clusters.

List of PRs

• go.mod: update dependencies (#​1676)
• topology-updater: properly handle IPv6 from NODE_ADDRESS (#​1732)

v0.15.4

Compare Source

This patch release fixes a potential crash in nfd-master (#​1644).

v0.15.3

Compare Source

Changelog

This patch release fixes a critical memory leak in nfd-master, along with updating dependencies.

• nfd-master: fix memory leak in nfd api-controller by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1621
• go.mod: bump protobuf deps by @​marquiz in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1624

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.2...v0.15.3

v0.15.2

Compare Source

Changelog

This release fixes a bug in hooks and updates dependencies.

• go.mod: bump github.com/opencontainers/runc to v1.1.12 by @​marquiz in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1577
• fix hook issue by @​k8s-infra-cherrypick-robot in https://github.com/kubernetes-sigs/node-feature-discovery/pull/1607

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.1...v0.15.2

v0.15.1

Compare Source

What's Changed

This patch release adds detection of speed attribute of virtual network interfaces.

List of PRs

• makefile: fix build: target (#​1529)
• source/network: discover speed of virtual network interfaces (#​1538)

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.0...v0.15.1

v0.15.0

Compare Source

What's new

NodeFeatureRule API extended

Annotations

NFD now supports creating node annotations with the NodeFeatureRuless. See the documentation for details.

matchName

New matchName field was added to the NodeFeatureRule CRD. It can be used to match the names of features (instead of their values which is done with the matchExpressions field). See
documentation for details.

Feature files

Hidden feature files: feature files whose name start with a dot (.) are now ignored by nfd-worker. This makes it easier to update t

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Renovate Bot.

[chii-bot]

Path: cluster/apps/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.1 -> 0.17.0

@@ -4,27 +4,54 @@
 kind: ServiceAccount
 metadata:
 name: node-feature-discovery
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 app.kubernetes.io/managed-by: Helm
 ---
-
+# Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: node-feature-discovery-gc
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: node-feature-discovery-worker
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: node-feature-discovery-master-conf
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 app.kubernetes.io/managed-by: Helm
+data:
+ nfd-master.conf: |-
+ null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
 name: node-feature-discovery-worker-conf
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
@@ -73,171 +100,6 @@
 - vendor
 - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
- group: nfd.k8s-sigs.io
- names:
- kind: NodeFeatureRule
- listKind: NodeFeatureRuleList
- plural: nodefeaturerules
- singular: nodefeaturerule
- scope: Cluster
- versions:
- - name: v1alpha1
- schema:
- openAPIV3Schema:
- description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: NodeFeatureRuleSpec describes a NodeFeatureRule.
- properties:
- rules:
- description: Rules is a list of node customization rules.
- items:
- description: Rule defines a rule for node customization such as labeling.
- properties:
- labels:
- additionalProperties:
- type: string
- description: Labels to create if the rule matches.
- type: object
- labelsTemplate:
- description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
- type: string
- matchAny:
- description: MatchAny specifies a list of matchers one of which must match.
- items:
- description: MatchAnyElem specifies one sub-matcher of MatchAny.
- properties:
- matchFeatures:
- description: MatchFeatures specifies a set of matcher terms all of which must match.
- items:
- description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
- properties:
- feature:
- type: string
- matchExpressions:
- additionalProperties:
- description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new instance is created from scratch without using the helper functions."
- properties:
- op:
- description: Op is the operator to be applied.
- enum:
- - In
- - NotIn
- - InRegexp
- - Exists
- - DoesNotExist
- - Gt
- - Lt
- - GtLt
- - IsTrue
- - IsFalse
- type: string
- value:
- description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
- items:
- type: string
- type: array
- required:
- - op
- type: object
- description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
- type: object
- required:
- - feature
- - matchExpressions
- type: object
- type: array
- required:
- - matchFeatures
- type: object
- type: array
- matchFeatures:
- description: MatchFeatures specifies a set of matcher terms all of which must match.
- items:
- description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
- properties:
- feature:
- type: string
- matchExpressions:
- additionalProperties:
- description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new instance is created from scratch without using the helper functions."
- properties:
- op:
- description: Op is the operator to be applied.
- enum:
- - In
- - NotIn
- - InRegexp
- - Exists
- - DoesNotExist
- - Gt
- - Lt
- - GtLt
- - IsTrue
- - IsFalse
- type: string
- value:
- description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
- items:
- type: string
- type: array
- required:
- - op
- type: object
- description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
- type: object
- required:
- - feature
- - matchExpressions
- type: object
- type: array
- name:
- description: Name of the rule.
- type: string
- vars:
- additionalProperties:
- type: string
- description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
- type: object
- varsTemplate:
- description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
- type: string
- required:
- - name
- type: object
- type: array
- required:
- - rules
- type: object
- required:
- - spec
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -251,7 +113,15 @@
 - apiGroups:
 - ""
 resources:
+ - namespaces
+ verbs:
+ - watch
+ - list
+ - apiGroups:
+ - ""
+ resources:
 - nodes
+ - nodes/status
 verbs:
 - get
 - patch
@@ -260,11 +130,73 @@
 - apiGroups:
 - nfd.k8s-sigs.io
 resources:
+ - nodefeatures
 - nodefeaturerules
+ - nodefeaturegroups
 verbs:
 - get
 - list
 - watch
+ - apiGroups:
+ - nfd.k8s-sigs.io
+ resources:
+ - nodefeaturegroups/status
+ verbs:
+ - patch
+ - update
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ resourceNames:
+ - "nfd-master.nfd.kubernetes.io"
+ verbs:
+ - get
+ - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: node-feature-discovery-gc
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/proxy
+ verbs:
+ - get
+ - apiGroups:
+ - topology.node.k8s.io
+ resources:
+ - noderesourcetopologies
+ verbs:
+ - delete
+ - list
+ - apiGroups:
+ - nfd.k8s-sigs.io
+ resources:
+ - nodefeatures
+ verbs:
+ - delete
+ - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -284,39 +216,82 @@
 name: node-feature-discovery
 namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
- name: node-feature-discovery-master
+ name: node-feature-discovery-gc
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 app.kubernetes.io/managed-by: Helm
- role: master
-spec:
- type: ClusterIP
- ports:
- - port: 8080
- targetPort: grpc
- protocol: TCP
- name: grpc
- selector:
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: node-feature-discovery-gc
+subjects:
+ - kind: ServiceAccount
+ name: node-feature-discovery-gc
+ namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: node-feature-discovery-worker
+ namespace: default
+ labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+rules:
+ - apiGroups:
+ - nfd.k8s-sigs.io
+ resources:
+ - nodefeatures
+ verbs:
+ - create
+ - get
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: node-feature-discovery-worker
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: node-feature-discovery-worker
+subjects:
+ - kind: ServiceAccount
+ name: node-feature-discovery-worker
+ namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
 name: node-feature-discovery-worker
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 app.kubernetes.io/managed-by: Helm
 role: worker
- annotations: {}
 spec:
+ revisionHistoryLimit:
 selector:
 matchLabels:
 app.kubernetes.io/name: node-feature-discovery
@@ -329,11 +304,13 @@
 app.kubernetes.io/instance: node-feature-discovery
 role: worker
 annotations:
+ checksum/config: 41a798e8bfc0ac6aa899c80ca166cfb48885bcb15a06a77b90d355a6d02ba51d
 configmap.reloader.stakater.com/reload: node-feature-discovery-worker-conf
 spec:
 dnsPolicy: ClusterFirstWithHostNet
 serviceAccountName: node-feature-discovery-worker
 securityContext: {}
+ hostNetwork: false
 containers:
 - name: worker
 securityContext:
@@ -343,18 +320,48 @@
 - ALL
 readOnlyRootFilesystem: true
 runAsNonRoot: true
- image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.1"
+ image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
 imagePullPolicy: IfNotPresent
+ livenessProbe:
+ grpc:
+ port: 8082
+ initialDelaySeconds: 10
+ readinessProbe:
+ grpc:
+ port: 8082
+ initialDelaySeconds: 5
+ failureThreshold: 10
 env:
 - name: NODE_NAME
 valueFrom:
 fieldRef:
 fieldPath: spec.nodeName
- resources: {}
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ resources:
+ limits:
+ memory: 512Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
 command:
 - "nfd-worker"
 args:
- - "--server=node-feature-discovery-master:8080"
+ # Go over featureGate and add the feature-gate flag
+ - "-feature-gates=NodeFeatureGroupAPI=false"
+ - "-metrics=8081"
+ - "-grpc-health=8082"
+ ports:
+ - containerPort: 8081
+ name: metrics
+ - containerPort: 8082
+ name: health
 volumeMounts:
 - name: host-boot
 mountPath: "/host-boot"
@@ -368,8 +375,11 @@
 - name: host-usr-lib
 mountPath: "/host-usr/lib"
 readOnly: true
- - name: source-d
- mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
+ - name: host-lib
+ mountPath: "/host-lib"
+ readOnly: true
+ - name: host-proc-swaps
+ mountPath: "/host-proc/swaps"
 readOnly: true
 - name: features-d
 mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -390,9 +400,12 @@
 - name: host-usr-lib
 hostPath:
 path: "/usr/lib"
- - name: source-d
+ - name: host-lib
+ hostPath:
+ path: "/lib"
+ - name: host-proc-swaps
 hostPath:
- path: "/etc/kubernetes/node-feature-discovery/source.d/"
+ path: "/proc/swaps"
 - name: features-d
 hostPath:
 path: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -408,14 +421,15 @@
 kind: Deployment
 metadata:
 name: node-feature-discovery-master
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 app.kubernetes.io/managed-by: Helm
 role: master
- annotations: {}
 spec:
 replicas: 1
+ revisionHistoryLimit:
 selector:
 matchLabels:
 app.kubernetes.io/name: node-feature-discovery
@@ -427,10 +441,13 @@
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 role: master
- annotations: {}
+ annotations:
+ checksum/config: 0e39572ff18dbc2e9f804d7adebf2a489376f319d8007872286385bf74c1eb3d
 spec:
 serviceAccountName: node-feature-discovery
+ enableServiceLinks: false
 securityContext: {}
+ hostNetwork: false
 containers:
 - name: master
 securityContext:
@@ -440,37 +457,238 @@
 - ALL
 readOnlyRootFilesystem: true
 runAsNonRoot: true
- image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.1"
+ image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
 imagePullPolicy: IfNotPresent
+ startupProbe:
+ grpc:
+ port: 8082
+ failureThreshold: 30
 livenessProbe:
- exec:
- command:
- - "/usr/bin/grpc_health_probe"
- - "-addr=:8080"
- initialDelaySeconds: 10
- periodSeconds: 10
+ grpc:
+ port: 8082
 readinessProbe:
- exec:
- command:
- - "/usr/bin/grpc_health_probe"
- - "-addr=:8080"
- initialDelaySeconds: 5
- periodSeconds: 10
+ grpc:
+ port: 8082
 failureThreshold: 10
 ports:
- - containerPort: 8080
- name: grpc
+ - containerPort: 8081
+ name: metrics
+ - containerPort: 8082
+ name: health
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ - "nfd-master"
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ args:
+ - "-enable-leader-election"
+ # Go over featureGates and add the feature-gate flag
+ - "-feature-gates=NodeFeatureGroupAPI=false"
+ - "-metrics=8081"
+ - "-grpc-health=8082"
+ volumeMounts:
+ - name: nfd-master-conf
+ mountPath: "/etc/kubernetes/node-feature-discovery"
+ readOnly: true
+ volumes:
+ - name: nfd-master-conf
+ configMap:
+ name: node-feature-discovery-master-conf
+ items:
+ - key: nfd-master.conf
+ path: nfd-master.conf
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/master
+ operator: In
+ values:
+ - ""
+ weight: 1
+ - preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/control-plane
+ operator: In
+ values:
+ - ""
+ weight: 1
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Equal
+ value: ""
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Equal
+ value: ""
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: node-feature-discovery-gc
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+ role: gc
+spec:
+ replicas: 1
+ revisionHistoryLimit:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ role: gc
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ role: gc
+ spec:
+ serviceAccountName: node-feature-discovery-gc
+ dnsPolicy: ClusterFirstWithHostNet
+ securityContext: {}
+ hostNetwork: false
+ containers:
+ - name: gc
+ image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
+ imagePullPolicy: "IfNotPresent"
 env:
 - name: NODE_NAME
 valueFrom:
 fieldRef:
 fieldPath: spec.nodeName
 command:
+ - "nfd-gc"
+ args:
+ - "-gc-interval=1h"
+ resources:
+ limits:
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 128Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ ports:
+ - name: metrics
+ containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: node-feature-discovery-prune
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: node-feature-discovery-prune
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - nodes/status
+ verbs:
+ - get
+ - patch
+ - update
+ - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: node-feature-discovery-prune
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: node-feature-discovery-prune
+subjects:
+ - kind: ServiceAccount
+ name: node-feature-discovery-prune
+ namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: node-feature-discovery-prune
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+ role: prune
+ spec:
+ serviceAccountName: node-feature-discovery-prune
+ containers:
+ - name: nfd-master
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
+ imagePullPolicy: IfNotPresent
+ command:
 - "nfd-master"
- resources: {}
 args:
- ## By default, disable NodeFeatureRules controller for other than the default instances
- - "-featurerules-controller=true"
+ - "-prune"
+ restartPolicy: Never
 affinity:
 nodeAffinity:
 preferredDuringSchedulingIgnoredDuringExecution:

[chii-bot]

MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
❌ COPYPASTE	jscpd	yes		2	0.97s
✅ REPOSITORY	git_diff	yes		no	0.02s
✅ REPOSITORY	secretlint	yes		no	1.17s
✅ YAML	prettier	1		0	0.52s
✅ YAML	yamllint	1		0	0.13s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

[github-advanced-security]

You have successfully added a new Trivy configuration .github/workflows/scan-containers.yaml:scan-containers/containers:registry.k8s.io/nfd/node-feature-discovery:v0.12.2. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.