Releases: kubernetes-sigs/node-feature-discovery
v0.12.1
Changelog
This is a patch release to fix problems with nfd-master readiness and liveness probes that caused it to be killed when NodeFeature API was enabled.
List of PRs
v0.12.0
Changelog
Node tainting
NFD now supports node tainting. NodeFeatureRule custom resource was extended to create taints. See documentation for more information.
NodeFeature CRD
(EXPERIMENTAL) NFD defines new NodeFeature custom resource for communicating node features and node labeling requests and they can be used for implementing 3rd party extensions. Support for NodeFeature API is disabled by default in this release but will be enabled and is intended to replace the gRPC API between nfd-worker and nfd-master in the future.
See documentation for more details.
Improvements in topology-updater
NFD-Topology-Updater is now a standalone component, not depending on nfd-master, anymore. Topology-updater got support for configuration file, with one config option excludeList
for filtering out resources from accounting. Topology-updater also now supports retrieving kubelet config from configz API endpoint (by default) and received a bunch of bug fixes.
Deprecations
- deprecated IOMMU feature source has been removed
- custom hooks are being deprecated and will be disabled and eventually dropped in future releases. Default behavior is not changed in this release but
sources.local.hooksEnabled
worker configuration option can be used to disable them. Suggested replacement for hooks in the future will be NodeFeature custom resources (still experimenta). - security-related labels were re-organized
feature.node.kubernetes.io/cpu-sgx.enabled
is now deprecated, superseded byfeature.node.kubernetes.io/cpu-security.sgx.enabled
feature.node.kubernetes.io/cpu-se.enabled
is now replaced, superseded byfeature.node.kubernetes.io/cpu-security.se.enabled
-featurerules-controller
flag of nfd-master is now deprecated, use-crd-controller
instead- some already deprecaterd worker command line flags were removed:
-sleep-interval
(usecore.sleepInterval
config file option instead)-label-whitelist
(usecore.labelWhiteList
config file option instead)-sources
(use-label-sources
flag instead)
Miscellaneous
- Improved documentation, major restructuring of deployment and usage docs
- ignore operational state of network interfaces when detecting
network labels – fixes issues with network SR-IOV labels in some scenarios (#814) - new CPU features
- Intel TDX
- CPUID
- TME, AMXFP16 and PREFETCHI
- AVXVNNI (non-AVX512)
- Better detection of features that have both AVX512 and non-AVX512 versions (GFNI, VAES, VPCLMULQDQ)
- Major update for ARM, POWER, and Z features
- Helm: improved management of CRDs, now supports
--skip-crds
- switched over to registry.k8s.io container image registry
List of PRs
- docs: remove fixed release tag in developer guide (#798)
- scripts/update-gh-pages: adjust commit message body (#800)
- scripts/test-infra: bump golangci-lint to v1.45.2 (#804)
- Bump Go to 1.18 (#785)
- Dockerfile: update builder image to Go v1.18.1 (#807)
- docs: fix operator deployment instructions (#811)
- cpu: add cpuid stub for non-linux platforms (#808)
- source/network: ignore interface operational state (#814)
- docs: update x86 cpuid feature list (#818)
- docs: small typo fix in cpuid feature list (#824)
- README: update to v0.11.1 (#825)
- github: small fix in new-release issue template (#822)
- scripts/test-e2e: update aws-iam-authenticator to v0.5.7 (#834)
- go.mod: update kubernetes to v1.24.2 (#835)
- go.mod: update github.com/klauspost/cpuid to v2.0.14 (#837)
- test/e2e: fix checking of nfd-master annotation (#839)
- test/e2e: update e2e-test example config (#840)
- test/e2e: change node-specific config to a list (#841)
- source/fake: fix name of fake flag feature (#843)
- Drop the iommu source (#827)
- helm: add namespace override for multi-namespace deployments (#831)
- dockerfile: update builder image to golang v1.18 (#836)
- go.mod: update github.com/google/go-cmp to v0.5.8 (#838)
- go.mod: update github.com/klauspost/cpuid to v2.1.0 (#851)
- Move e2e-test helpers to a separate package (#854)
- test/e2e: refactor setup and cleanup (#847)
- Improvements to scripts/prepare-release.sh (#846)
- Containerized auto-generation (#829)
- Revert type hack in api (#845)
- topology updater: add e2e tests (#528)
- nfd-master: fix incorrect log messages in crd controller (#860)
- nfd-master: more fixes to log messages (#861)
- logging: do not use %w with klog.Errorf (#868)
- helm: rename "manifests" subdir to "crds" (#862)
- helm: add priorityClassName to worker (#867)
- Fix templates for NodeFeatureRule with MatchAny (#865)
- README: update to v0.11.2 (#874)
- scripts/test-e2e: install kubectl (#877)
- README: reconfigure prow badges (#878)
- cpu: re-organize security features (#833)
- Run local markdown tests inside an isolated container (#882)
- Add Tilt option for developing NFD (#880)
- Bump golang to v1.19 (#887)
- Lint fixes (#889)
- Update registry to registry.k8s.io (#890)
- Update kubernetes to v1.25.0 (#888)
- docs: fix incorrect shell snippet for removing labels (#892)
- scripts: move hacky scripts to hack directory (#885)
- nfd-master: drop cleanup of ancient incubator labels (#897)
- Config option to disable hooks (#871)
- Add Netlify configuration file (#895)
- nfd-master: log if node was modified (or not) (#898)
- Set shortName for NodeFeatureRule CRD (#901)
- cpu: Discover Intel TDX (#830)
- nfd-worker: rename some symbols (#905)
- nfd-master: rename crd controller (#906)
- apis/nfd: move annotation and label consts from nfd-master (#904)
- pkg/api/feature: rename types (#908)
- pkg/utils: move hostpath helpers from source to utils (#909)
- test/e2e: fix segfault in case no e2e config file is specified (#891)
- nfd-worker: refactor gRPC connection logic (#907)
- nfd-master: refactor gRPC into a separate method (#911)
- test/e2e: add tests for NodeFeatureRules (#848)
- OWNERS: add fmuyassarov as a reviewer (#918)
- Tiltfile: update builder image to golang:1.19-bullseye (#915)
- Update base image to Debian bullseye (#916)
- Error strings should not be capitalized (#921)
- Standardize "k8s.io/api/core/v1" package short name (#920)
- Update CPU flags for ARM, POWER, and Z (#919)
- apis/nfd: migrate pkg/api/feature (#912)
- cpu: ignore unknown cpuid flags on non-x86 (#914)
- topology-updater: continue looping on scan error (#929)
- Bump Kubernetes to v1.25.3 (#930)
- apis/nfd: flatten the structure of features data type (#925)
- source/usb: scan host sysfs (#933)
- apis/nfd: fix NodeFeatureRule templating (#935)
- Stop using the beta.kubernetes.io/os and arch labels (#937)
- Increase allowed image build timeout for 500s (#936)
- Increase image waiting timeout (#938)
- README: update deployment instructions to use v0.11.3 (#946)
- docs: update the name of the base image (#948)
- add ephemeral environment for e2e test execution (#917)
- docs: restructure docs (#950)
- Add argument to updateNodeFeatures method to pass client from caller (#952)
- cpu: fix 32-bit ARMv8 CPU flags (#927)
- nfd-topology-updater: retrieve kubelet config from API
/configz
(#842) - docs: update github-pages gem to v227 (#959)
- test/e2e: fix topologu-updater cmdline args (#960)
- e2e: topologyupdater: fix and stabilize tests (#961)
- topology-updater: introduce exclude-list (#949)
- test/e2e: more flexible pod spec generation (#964)
- test/e2e: add helper for creating new configmaps (#965)
- e2e: add SecurityContext to master (#966)
- nfd-worker: drop deprecated command line flags (#968)
- docs: revise topology-updater helm chart rbac parameters (#969)
- docs: document helm chart params related to worker serviceaccount (#970)
- test/e2e: remove dropped -sleep-interval arg (#971)
- deployment: drop stale nfd-api-crds.yaml (#972)
- e2e: move pod utils to a seperate package (#967)
- docs: better document custom resources (#974)
- docs: simplify quick-start page (#973)
- scripts/mdlint: update mdlint to v0.12.0 (#977)
- docs: small update to customization guide (#976)
- test/e2e: no pod restart policy of nfd-worker by default (#975)
- helm: drop NodeFeatureRule CRD from templates (#978)
- Allow optionally setting node taints defined on the NodeFeatureRule CR (#910)
- nfd-master svc should select only nfd-master pods (#981)
- go.mod: update to klauspost/cpuid to v2.2.2 (#982)
- helm: fix mount name of topology-updater config (#979)
- docs: remove non-existent nodeFeatureRule.createCRD parameter (#983)
- nfd-topology-updater: update NodeResourceTopology objects directly (#980)
- nfd-worker: detect the namespace it is running in (#984)
- Bump go.mod k8s.io to 1.26 (#987)
- nfd-master: add error checking for CRD controller creation (#988)
- Introduce NodeFeature CRD (#986)
- nfd-master: rename -featurerules-controller flag to -crd-controller (#991)
- nfd-master: fix creation of the -enable-nodefeature-api flag (#992)
- test/e2e: fix creation of NFD CRDs (#993)
- nfd-master: implement ratelimiter for nfd api updates (#990)
- E2E: default kubeconfig location to ${HOME}/.kube/config (#994)
- nfd-master: handle multiple NodeFeature objects (#989)
- test/e2e: create CRDs once in the beginning of the tests (#997)
- test/e2e: fix mistake in ginkgo focus (#1000)
- E2E: default seccompProfile to runtimeDefault for nfd worker (#995)
- docs: document NodeFeature API (#903)
- E2E: parameterize ...
v0.11.3
Changelog
This point release fixes a bug in nfd-topology-updater that caused it to silently stop in some scenarios. It also updates dependencies and refreshes the base container image to Debian bullseye-slim.
List of PRs
v0.11.2
Changelog
This point release fixes an issue with NodeFeatureRule templating. It also provides a fresh build with updated golang and updated base image addressing an issue with cve security scan (#853).
List of PRs
v0.11.1
Changelog
Fixes an issue where the network-sriov.*
labels were not correctly set in all scenarios (#812).
List of PRs
v0.11.0
Changelog
- Detection of CPU model
- Detect Intel Control-flow Enforcement Technology (CET)
- Detect intel-iommu/version attribute of PCI devices
- Detect IBM Secure Execution (S390x)
- Helm chart:
- Support configuring
-resource-labels
for nfd-master - Configurable annotations to DaemonSet (nfd-master) and Deployment (nfd-worker)
- Create ServiceAccount for nfd-worker
- Support configuring
List of PRs
- README: bump to v0.10.0 (#720)
- scripts/update-gh-pages: fix symlink to stable version (#724)
- go.mod: bump kubernetes to v1.23.1 (#725)
- github: re-organize the release process slightly (#721)
- Fix GoLinter Issues in the files (#711)
- Multi ARCH build amd64, arm64 (#698)
- Adding missing target dep (#728)
- cloudbuild.yaml: set HOME to /root (#730)
- cloudbuild.yaml: double the timeout (#731)
- cloudbuild.yaml: increase timeout to 2400s (#733)
- cloudbuild.yaml: increase timeout to 1 hour (#734)
- cloudbuild.yaml: increase timeout to 1h 20min (#735)
- Increase timeout in test setups (#738)
- scripts: configure docker auth in push-image.sh (#739)
- cloudbuild.yaml: upgrade machine type to n1-highcpu-8 (#740)
- scripts/test-infra: separate task for multiarch image build (#742)
- nfd-master: print gRPC server error correctly (#732)
- nfd-master: do graceful stop of gRPC server (#736)
- cloudbuild.yaml: decrease timeout to 25 minutes (#741)
- docs: clarify deployment requirements (#745)
- docs: drop topology-updater cmdline help from developer guide (#748)
- README: point to v0.10.1 (#753)
- docs: update helm document to match values.yaml (#727)
- docs: fix operator deployment instructions (#726)
- scripts/prepare-release: fix upating of readme (#755)
- docs: re-fix operator deployment instructions (#762)
- docs: use new custom rule format in worker config reference (#754)
- go.mod: update to klauspost/cpuid/[email protected] (#771)
- docs: Update default K8S_NAMESPACE (#773)
- tls: require min TLS version 1.3 (#781)
- Add ServiceAccount for nfd-worker (#782)
- Additional Lint Fixes in Codebase (#779)
- Fixed the incorrect references (#769)
- source/pci: detect intel-iommu/version (#716)
- topologyupdater: Prevent crash with incorrect node id (#783)
- deployment/helm: add resourceLabels to master args (#793)
- Fix a couple typos (#796)
- apis/nfd: empty match expression set returns no features for templates (#787)
- helm: add annotations to daemonset and deployment (#794)
- Add cpu-model feature detection (#792)
- cpu: Discover IBM Secure Execution (#790)
v0.10.1
Changelog
This release enables multi-arch, providing container image for ARM64 architecture.
List of PRs
v0.10.0
Changelog
Expression-based custom label rules
We implemented new expression-based format for writing labeling rules, greatly expanding the capabilities for vendor and application specific labeling. It covers much more features than the built-in labels reveal, supports tempating and more. See new customization guide for more details.
NodeFeatureRule custom resource
We introduce new NodeFeatureRule custom resource, enabling the deployment vendor and application specific labeling rules as Kubernetes API objects. See customization guide for details.
Detection of network, storage and nvdimm devices
NFD now discovers network, block storage and nvdimm devices. No new built-in labels are introduced but the device information is available for custom label rules to use. See available features for details.
Topology-updater daemon
NFD-Topology-Updater is a new daemon that advertises topology of available and allocatable system resources via NodeResourceTopology custom resources. See the documentation for more details.
New profile label namespace
NFD now by default allows a new profile.node.kubernetes.io
label namespace (and it's sub-namespaces). This can be used in custom labels and is intended for vendor or application specific higher level "meta features".
Label names from the local source changed
NFD stopped injecting the filename of the hook/featurefile into the name of the label.
NOTE: This breaks backwards compatibility with usage scenarios that rely on implicitly prefixing the label with the filename. However, we felt that the somewhat confusing and counter-intuitive behavior needs to be changed. The suggested way to fix existing use cases is to user fully namespaced <namespace>/<name>=<value>
format (this will retain compatibility with older versions of NFD).
TLS and cert-manager integration in Helm chart
NFD Helm chart now supports enabling TLS and cert-manager via the tls.enable
and tls.certManager
options. See the documentation for details.
IOMMU source deprecated
The IOMMU source has been deprecated and is now disabled by default. Thus, it's only feature label feature.node.kubernetes.io/iommu-enabled
is not available in the default configuration. To enable it, set the core.labelSources
option to the value [all, iommu]
in the nfd-worker configuration. See worker configuration for more details on configuring nfd-worker.
NOTE: the iommu_group/type
is now available as per PCI device attribute to be used for custom label rules. See the customization guide for details on using custom label rules.
Miscellaneous
- /usr/src is not mounted by default, anymore (#585)
- simplify nfd-worker configuration in Helm (#627)
- detect Intel SGX (#647)
- add additional IBM Z CPUID flags (#675)
- nfd-worker config
- fix kustomize sample overlay enabling cert-manager (#710)
List of PRs
- README: update deployment instructions to use v0.9.0 (#580)
- nfd-worker: split out gRPC connection handling (#552)
- gitignore: add kustomization.yaml (#583)
- source/custom: refactor kconfig rule internal representation (#543)
- Fix the typo in deployment-and-usage.md (#575)
- Only add kustomization.yaml in the root to .gitignore (#587)
- scripts/test-infra: verify buildability of kustomize overlays (#586)
- deployment: make /usr/src hostpath mount optional (#585)
- nfd-master: allow profile.node.kubernetes.io label ns (#548)
- Fix a link in deployment-and-usage.md (#589)
- Fix broken link for worker-conf example (#590)
- source/network: silence annoying/useless log message (#592)
- source: rename FeatureSource to LabelSource (#596)
- deployment: fix formatting of the worker conf sample (#599)
- source: make sources register themselves (#597)
- Introducing NFD Topology Updater exposing Resource hardware Topology info through CRs (#525)
- source: introduce FeatureSource interface (#601)
- Fix broken link on docs/get-started (#603)
- Utilize go generate (#602)
- Trim single quotes in parseOSRelease (#606)
- docs: remote wip note from worker configuration reference (#611)
- deployment: fix typo in overlay name (#609)
- Update developer-guide.md (#613)
- scripts/test-infra: bump golangci-lint to v1.42.1 (#615)
- docs: fix TOCs (#610)
- deployment: align topologyupdater overlays (#607)
- drop the topology updater job (#622)
- topology-updater:fix klog initialization (#625)
- docs: update dependencies (#624)
- deployment/helm: don't force sleep-interval in worker cmdline flags (#628)
- Bump to golang v1.17 (#629)
- source: fix gofmt errors (#631)
- Makefile: let gofmt-verify write changes back to files (#632)
- deployment: Simplify NFD worker configuration in Helm (#627)
- deployment: add topology updater helm chart (#623)
- docs: mention minimum required kubectl version (#635)
- Documentation capturing enablement of NFD-Topology-Updater in NFD (#526)
- resourcemonitor: aggregate and provide the memory and hugepages information (#593)
- pkg/resourcemonitor: fix typo in comment (#641)
- pkg/api/feature: small improvements (#642)
- test/e2e: make e2e tests run on single-node cluster (#643)
- test/e2e: drop /boot mount (#644)
- source: implement FeatureSource interface (#604)
- Topology-updater introduction typo fix (#645)
- deployment: Implicitly generate the worker ConfigMap name (#640)
- More topology updater documentation typo fixes (#648)
- source/custom: expression based label rules (#639)
- More extensive and expressive custom rules (#464)
- NFD-Topology-Updater: Bump NRT API to version v0.0.12 (#652)
- grpc: extend the API to send raw features (#646)
- specify CRD for custom labeling rules (#653)
- source/custom: move rule matching to pkg/apis/nfd (#654)
- pkg/apis/nfd: drop excess field from the CRD (#657)
- Update the link of slack channel (#659)
- Add code for interacting with CRD API (#655)
- deployment: clean up base/topologyupdater-daemonset (#608)
- topologyupdater: logs relevant message when feature-gate is disabled. (#633)
- nfd-master: implement controller for NodeFeatureRule CRs (#656)
- source/storage: implement FeatureSource (#649)
- Revert "test/e2e: drop /boot mount" (#664)
- CRD-based custom node labeling (#553)
- source/network: implement FeatureSource (#660)
- source/memory: implement FeatureSource (#661)
- Templating of custom label names (#550)
- source/cpu: detect Intel SGX (#647)
- source/kernel: don't advertise selinux.enabled=false (#665)
- source/memory: fix memory.numa label (#666)
- pkg/apis/nfd: stricter format checking for template labels (#668)
- Add variables to feature rule spec and support backrefs (#663)
- source/cpu: add additional IBM Z CPU Flags (#675)
- images: use k8s-staging-test-infra/gcb-docker-gcloud (#685)
- images: fix invalid k8s-staging-test-infra/gcb-docker-gcloud tag (#686)
- Makefile: Add make deploy rule (#679)
- docs: drop cmdline help from developer guide (#672)
- Lint fixes to pkg/apis (#687)
- Add deploy-prune makefile rule to ease devel processes (#667)
- Use single-dash format of cmdline flags (#671)
- source/kernel: ditch regexp in kconfig parsing (#683)
- nfd-worker: rename 'sources' config option (#673)
- source/kernel: drop length check of kconfig values (#682)
- source/kernel: unmangled kconfig values for custom rules (#684)
- scripts: increase e2e-test image poll timeout to 12mins (#688)
- scripts/test-infra: bump helm to v3.7.1 (#689)
- nfd-worker: disable sources more easily (#670)
- nfd-worker: add core.featureSources config option (#605)
- source: make per-source unit tests stricter (#691)
- source/fake: implement FeatureSource (#692)
- docs: fix mistake in md format (#693)
- test/e2e: revise usage of nfd command line flags (#690)
- source/usb: fix fallback to default label format (#694)
- source/local: log features per each hook and feature file (#696)
- source/local: don't prefix label names with the filename (#695)
- nfd-worker: drop 'custom-' prefix from matchFeatures custom rules (#697)
- Dockerfile: build grpc_health-probe from source (#707)
- Fix readiness and liveness checks (#709)
- Fix kustomization template to work with cert-manager (#710)
- Enable TLS and cert-manager created certs for helm chart (#712)
- deployment/helm: refactor nfd-master rbac parameters (#706)
- deployment/helm: disable nfr controller for parallel instances (#699)
- deployment: use new custom rule format in sample configs (#701)
- source/iommu: deprecate and disable by default (#677)
- Initial bash at new TLS docs (#713)
- docs: add customization guide (#704)
- docs: small tinkering on the TLS documentation (#714)
- source/pci: add iommu_group/type attribute (#705)
- docs: small fix in block and net features in customization guide (#715)
v0.9.0
Changelog
Switch over to kustomize
NFD now leverages kustomize for kubectl based deployments, making it easier to manage user-specific customized deployment scenarios. See deployment with kustomize in the documentation for more details.
Feature label sub-namespaces
NFD now allow the usage of sub-namespaces of the default label namespace for easier separation of vendor or application specific labels. That is, e.g. <vendor>.feature.node.kubernetes.io
is available without any extra configuration.
TLS: accept client certs based on SAN
NFD now does client certificate verification based on SAN (Subject Alternative Name) in addition to Common Name (CN). This makes the virtually broken --verify-node-name
option usable again.
Readiness and liveliness probes to nfd-master
The default kustomize and Helm deployments now enable gRPC-based readiness and liveness probes for the nfd-master containers.
Miscellaneous
- Support matching against USB device serial number in the custom feature source (#521)
- Various fixes and improvements to Helm chart deployment
- Configurable base image for manual builds (#513)
- Make nost /usr/lib and /usr/src available for nfd-worker (#519)
- Correct the names of SSE4* cpuid flags (#547)
- Detect AVX512 FP16 (#555)
List of PRs
- scripts/update-gh-pages: fix helm repo update (#486)
- github: two more steps to release process (#488)
- README: update references to version 0.8.0 (#490)
- github: update gh-pages on published releases (#489)
- docs: describe Helm repo as the primary option for Helm (#491)
- Docs: Add Table header to master/worker chart parameters (#492)
- scripts/update-gh-pages: slightly cleaner log output (#494)
- [helm] fix nfd worker tolerations value (#495)
- bump Go to 1.16 (#497)
- Helm chart: Fix configMap indenting (#496)
- scripts/prepare-release: option to only create assets (#502)
- README: update references to version 0.8.1 (#507)
- Update deps (#499)
- github: add a reminder about both image variants in the release process (#506)
- github: update release process to create a 'devel' tag (#498)
- docs: fixes in Helm documentation (#509)
- Add support for configurable runtime full and minimal images. (#513)
- Accept client certs based on SAN, not just CN (#514)
- helm: add extraLabelNs master flag (#515)
- Mount /usr inside the Pod (#519)
- Add support for using USB device serial number (#521)
- README: update references to v0.8.2 (#531)
- docs: show full version number in sidebar (#532)
- utils/dump: do not print empty header line (#542)
- source: define source names as consts (#544)
- cpuid: correct the name of SSE4* cpuid flags (#547)
- go.mod: update dependencies (#546)
- make go report happy (#538)
- chore: update tolerations and affinities to control-plane (#537)
- Straighten wrinkles in lint fixes (#551)
- go.mod: update to klauspost/cpuid/[email protected] (#555)
- Makefile: add apigen target (#541)
- Makefile: add lint target (#549)
- Remove wrong comands on documentation (#559)
- nfd-master: allow sub-namespaces of the default label ns (#536)
- helm: add readme (#564)
- Dockerfile: update go to 1.16.7 (#568)
- go.mod: update kubernetes to v1.22.0 (#569)
- Move to kustomize (#573)
- Better error reporting of kernel and cpu feature sources (#570)
- Add Readiness and liveliness probes to nfd-master (#563)
- cstate/pstate: Skip check on non intel arches (#571)
- docs: clarify the cpu.cstate feature (#572)
v0.8.2
Changelog
This is a maintenance release fixing handling of TLS client certificates and adding Helm support for --extra-label-ns
command line flag.