kud/deployment_infra/helm/node-feature-discovery/templates/worker.yaml

   1 apiVersion: apps/v1
   2 kind: DaemonSet
   3 metadata:
   4   name:  {{ include "node-feature-discovery.fullname" . }}-worker
   5   labels:
   6     {{- include "node-feature-discovery.labels" . | nindent 4 }}
   7     role: worker
   8 spec:
   9   selector:
  10     matchLabels:
  11       {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
  12       role: worker
  13   template:
  14     metadata:
  15       labels:
  16         {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
  17         role: worker
  18       annotations:
  19         {{- toYaml .Values.worker.annotations | nindent 8 }}
  20     spec:
  21       dnsPolicy: ClusterFirstWithHostNet
  22     {{- with .Values.imagePullSecrets }}
  23       imagePullSecrets:
  24         {{- toYaml . | nindent 8 }}
  25     {{- end }}
  26       securityContext:
  27         {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
  28       containers:
  29       - name: worker
  30         securityContext:
  31           {{- toYaml .Values.worker.securityContext | nindent 12 }}
  32         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
  33         imagePullPolicy: {{ .Values.image.pullPolicy }}
  34         env:
  35         - name: NODE_NAME
  36           valueFrom:
  37             fieldRef:
  38               fieldPath: spec.nodeName
  39         resources:
  40         {{- toYaml .Values.worker.resources | nindent 12 }}
  41         command:
  42         - "nfd-worker"
  43         args:
  44         - "--sleep-interval={{ .Values.worker.sleepTime }}s"
  45         - "--server=nfd-master:{{ .Values.master.service.port }}"
  46 ## Enable TLS authentication (1/3)
  47 ## The example below assumes having the root certificate named ca.crt stored in
  48 ## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
  49 ## in a TLS Secret named nfd-worker-cert
  50 #          - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
  51 #          - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
  52 #          - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
  53         volumeMounts:
  54         - name: host-boot
  55           mountPath: "/host-boot"
  56           readOnly: true
  57         - name: host-os-release
  58           mountPath: "/host-etc/os-release"
  59           readOnly: true
  60         - name: host-sys
  61           mountPath: "/host-sys"
  62           readOnly: true
  63         - name: source-d
  64           mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
  65           readOnly: true
  66         - name: features-d
  67           mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
  68           readOnly: true
  69         - name: nfd-worker-conf
  70           mountPath: "/etc/kubernetes/node-feature-discovery"
  71           readOnly: true
  72 ## Enable TLS authentication (2/3)
  73 #        - name: nfd-ca-cert
  74 #          mountPath: "/etc/kubernetes/node-feature-discovery/trust"
  75 #          readOnly: true
  76 #        - name: nfd-worker-cert
  77 #          mountPath: "/etc/kubernetes/node-feature-discovery/certs"
  78 #          readOnly: true
  79       volumes:
  80         - name: host-boot
  81           hostPath:
  82             path: "/boot"
  83         - name: host-os-release
  84           hostPath:
  85             path: "/etc/os-release"
  86         - name: host-sys
  87           hostPath:
  88             path: "/sys"
  89         - name: source-d
  90           hostPath:
  91             path: "/etc/kubernetes/node-feature-discovery/source.d/"
  92         - name: features-d
  93           hostPath:
  94             path: "/etc/kubernetes/node-feature-discovery/features.d/"
  95         - name: nfd-worker-conf
  96           configMap:
  97             name: {{ .Values.worker.configmapName }}
  98             items:
  99               - key: nfd-worker.conf
 100                 path: nfd-worker.conf
 101 ## Enable TLS authentication (3/3)
 102 #        - name: nfd-ca-cert
 103 #          configMap:
 104 #            name: nfd-ca-cert
 105 #        - name: nfd-worker-cert
 106 #          secret:
 107 #            secretName: nfd-worker-cert
 108     {{- with .Values.worker.nodeSelector }}
 109       nodeSelector:
 110         {{- toYaml . | nindent 8 }}
 111       {{- end }}
 112     {{- with .Values.worker.affinity }}
 113       affinity:
 114         {{- toYaml . | nindent 8 }}
 115     {{- end }}
 116     {{- with .Values.worker.tolerations }}
 117       tolerations:
 118         {{- toYaml . | nindent 8 }}
 119     {{- end }}