feat: update helm chart node-feature-discovery to 0.12.0

[bloopy-boi]

This PR contains the following updates:

Package	Update	Change
node-feature-discovery	minor	0.11.3 -> 0.12.0

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

kubernetes-sigs/node-feature-discovery

v0.12.0

Compare Source

Changelog

Node tainting

NFD now supports node tainting. NodeFeatureRule custom resource was extended to create taints. See documentation for more information.

NodeFeature CRD

(EXPERIMENTAL) NFD defines new NodeFeature custom resource for communicating node features and node labeling requests and they can be used for implementing 3rd party extensions. Support for NodeFeature API is disabled by default in this release but will be enabled and is intended to replace the gRPC API between nfd-worker and nfd-master in the future.

See documentation for more details.

Improvements in topology-updater

NFD-Topology-Updater is now a standalone component, not depending on nfd-master, anymore. Topology-updater got support for configuration file, with one config option excludeList for filtering out resources from accounting. Topology-updater also now supports retrieving kubelet config from configz API endpoint (by default) and received a bunch of bug fixes.

Deprecations

• deprecated IOMMU feature source has been removed
• custom hooks are being deprecated and will be disabled and eventually dropped in future releases. Default behavior is not changed in this release but sources.local.hooksEnabled worker configuration option can be used to disable them. Suggested replacement for hooks in the future will be NodeFeature custom resources (still experimenta).
• security-related labels were re-organized
  • feature.node.kubernetes.io/cpu-sgx.enabled is now deprecated, superseded by feature.node.kubernetes.io/cpu-security.sgx.enabled
  • feature.node.kubernetes.io/cpu-se.enabled is now replaced, superseded by feature.node.kubernetes.io/cpu-security.se.enabled
• -featurerules-controller flag of nfd-master is now deprecated, use -crd-controller instead
• some already deprecaterd worker command line flags were removed:
  • -sleep-interval (use core.sleepInterval config file option instead)
  • -label-whitelist (use core.labelWhiteList config file option instead)
  • -sources (use -label-sources flag instead)

Miscellaneous

• Improved documentation, major restructuring of deployment and usage docs
• ignore operational state of network interfaces when detecting
  network labels – fixes issues with network SR-IOV labels in some scenarios (#​814)
• new CPU features
  • Intel TDX
  • CPUID
    • TME, AMXFP16 and PREFETCHI
    • AVXVNNI (non-AVX512)
    • Better detection of features that have both AVX512 and non-AVX512 versions (GFNI, VAES, VPCLMULQDQ)
    • Major update for ARM, POWER, and Z features
• Helm: improved management of CRDs, now supports --skip-crds
• switched over to registry.k8s.io container image registry

List of PRs

• docs: remove fixed release tag in developer guide (#​798)
• scripts/update-gh-pages: adjust commit message body (#​800)
• scripts/test-infra: bump golangci-lint to v1.45.2 (#​804)
• Bump Go to 1.18 (#​785)
• Dockerfile: update builder image to Go v1.18.1 (#​807)
• docs: fix operator deployment instructions (#​811)
• cpu: add cpuid stub for non-linux platforms (#​808)
• source/network: ignore interface operational state (#​814)
• docs: update x86 cpuid feature list (#​818)
• docs: small typo fix in cpuid feature list (#​824)
• README: update to v0.11.1 (#​825)
• github: small fix in new-release issue template (#​822)
• scripts/test-e2e: update aws-iam-authenticator to v0.5.7 (#​834)
• go.mod: update kubernetes to v1.24.2 (#​835)
• go.mod: update github.com/klauspost/cpuid to v2.0.14 (#​837)
• test/e2e: fix checking of nfd-master annotation (#​839)
• test/e2e: update e2e-test example config (#​840)
• test/e2e: change node-specific config to a list (#​841)
• source/fake: fix name of fake flag feature (#​843)
• Drop the iommu source (#​827)
• helm: add namespace override for multi-namespace deployments (#​831)
• dockerfile: update builder image to golang v1.18 (#​836)
• go.mod: update github.com/google/go-cmp to v0.5.8 (#​838)
• go.mod: update github.com/klauspost/cpuid to v2.1.0 (#​851)
• Move e2e-test helpers to a separate package (#​854)
• test/e2e: refactor setup and cleanup (#​847)
• Improvements to scripts/prepare-release.sh (#​846)
• Containerized auto-generation (#​829)
• Revert type hack in api (#​845)
• topology updater: add e2e tests (#​528)
• nfd-master: fix incorrect log messages in crd controller (#​860)
• nfd-master: more fixes to log messages (#​861)
• logging: do not use %w with klog.Errorf (#​868)
• helm: rename "manifests" subdir to "crds" (#​862)
• helm: add priorityClassName to worker (#​867)
• Fix templates for NodeFeatureRule with MatchAny (#​865)
• README: update to v0.11.2 (#​874)
• scripts/test-e2e: install kubectl (#​877)
• README: reconfigure prow badges (#​878)
• cpu: re-organize security features (#​833)
• Run local markdown tests inside an isolated container (#​882)
• Add Tilt option for developing NFD (#​880)
• Bump golang to v1.19 (#​887)
• Lint fixes (#​889)
• Update registry to registry.k8s.io (#​890)
• Update kubernetes to v1.25.0 (#​888)
• docs: fix incorrect shell snippet for removing labels (#​892)
• scripts: move hacky scripts to hack directory (#​885)
• nfd-master: drop cleanup of ancient incubator labels (#​897)
• Config option to disable hooks (#​871)
• Add Netlify configuration file (#​895)
• nfd-master: log if node was modified (or not) (#​898)
• Set shortName for NodeFeatureRule CRD (#​901)
• cpu: Discover Intel TDX (#​830)
• nfd-worker: rename some symbols (#​905)
• nfd-master: rename crd controller (#​906)
• apis/nfd: move annotation and label consts from nfd-master (#​904)
• pkg/api/feature: rename types (#​908)
• pkg/utils: move hostpath helpers from source to utils (#​909)
• test/e2e: fix segfault in case no e2e config file is specified (#​891)
• nfd-worker: refactor gRPC connection logic (#​907)
• nfd-master: refactor gRPC into a separate method (#​911)
• test/e2e: add tests for NodeFeatureRules (#​848)
• OWNERS: add fmuyassarov as a reviewer (#​918)
• Tiltfile: update builder image to golang:1.19-bullseye (#​915)
• Update base image to Debian bullseye (#​916)
• Error strings should not be capitalized (#​921)
• Standardize "k8s.io/api/core/v1" package short name (#​920)
• Update CPU flags for ARM, POWER, and Z (#​919)
• apis/nfd: migrate pkg/api/feature (#​912)
• cpu: ignore unknown cpuid flags on non-x86 (#​914)
• topology-updater: continue looping on scan error (#​929)
• Bump Kubernetes to v1.25.3 (#​930)
• apis/nfd: flatten the structure of features data type (#​925)
• source/usb: scan host sysfs (#​933)
• apis/nfd: fix NodeFeatureRule templating (#​935)
• Stop using the beta.kubernetes.io/os and arch labels (#​937)
• Increase allowed image build timeout for 500s (#​936)
• Increase image waiting timeout (#​938)
• README: update deployment instructions to use v0.11.3 (#​946)
• docs: update the name of the base image (#​948)
• add ephemeral environment for e2e test execution (#​917)
• docs: restructure docs (#​950)
• Add argument to updateNodeFeatures method to pass client from caller (#​952)
• cpu: fix 32-bit ARMv8 CPU flags (#​927)
• nfd-topology-updater: retrieve kubelet config from API /configz (#​842)
• docs: update github-pages gem to v227 (#​959)
• test/e2e: fix topologu-updater cmdline args (#​960)
• e2e: topologyupdater: fix and stabilize tests (#​961)
• topology-updater: introduce exclude-list (#​949)
• test/e2e: more flexible pod spec generation (#​964)
• test/e2e: add helper for creating new configmaps (#​965)
• e2e: add SecurityContext to master (#​966)
• nfd-worker: drop deprecated command line flags (#​968)
• docs: revise topology-updater helm chart rbac parameters (#​969)
• docs: document helm chart params related to worker serviceaccount (#​970)
• test/e2e: remove dropped -sleep-interval arg (#​971)
• deployment: drop stale nfd-api-crds.yaml (#​972)
• e2e: move pod utils to a seperate package (#​967)
• docs: better document custom resources (#​974)
• docs: simplify quick-start page (#​973)
• scripts/mdlint: update mdlint to v0.12.0 (#​977)
• docs: small update to customization guide (#​976)
• test/e2e: no pod restart policy of nfd-worker by default (#​975)
• helm: drop NodeFeatureRule CRD from templates (#​978)
• Allow optionally setting node taints defined on the NodeFeatureRule CR (#​910)
• nfd-master svc should select only nfd-master pods (#​981)
• go.mod: update to klauspost/cpuid to v2.2.2 (#​982)
• helm: fix mount name of topology-updater config (#​979)
• docs: remove non-existent nodeFeatureRule.createCRD parameter (#​983)
• nfd-topology-updater: update NodeResourceTopology objects directly (#​980)
• nfd-worker: detect the namespace it is running in (#​984)
• Bump go.mod k8s.io to 1.26 (#​987)
• nfd-master: add error checking for CRD controller creation (#​988)
• Introduce NodeFeature CRD (#​986)
• nfd-master: rename -featurerules-controller flag to -crd-controller (#​991)
• nfd-master: fix creation of the -enable-nodefeature-api flag (#​992)
• test/e2e: fix creation of NFD CRDs (#​993)
• nfd-master: implement ratelimiter for nfd api updates (#​990)
• E2E: default kubeconfig location to ${HOME}/.kube/config (#​994)
• nfd-master: handle multiple NodeFeature objects (#​989)
• test/e2e: create CRDs once in the beginning of the tests (#​997)
• test/e2e: fix mistake in ginkgo focus (#​1000)
• E2E: default seccompProfile to runtimeDefault for nfd worker (#​995)
• docs: document NodeFeature API (#​903)
• E2E: parameterize container image and tag (#​996)
• test/e2e: drop pod security enforcement label from the test namespace (#​1002)
• nfd-master: update all nodes at startup when NodeFeature API enabled (#​998)
• test/e2e: don't expect control-plane nodes to be labeled (#​1004)
• nfd-master: update node if no NodeFeature objects are present (#​999)
• test/e2e: drop host-usr-src mount (#​1003)
• Add E2E test for NFD tainting feature (#​932)
• test/e2e: add basic e2e-tests for NodeFeature API (#​1001)
• Simplify usage of ObjectMeta fields (#​1005)
• docs: better document differences between deployment methods (#​1006)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[bloopy-boi]

Path: cluster/apps/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.3 -> 0.12.0

@@ -4,6 +4,7 @@
 kind: ServiceAccount
 metadata:
 name: node-feature-discovery
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
@@ -16,16 +17,32 @@
 kind: ServiceAccount
 metadata:
 name: node-feature-discovery-worker
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
 app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: node-feature-discovery-topology-updater-conf
+ namespace: default
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+data:
+ nfd-topology-updater.conf: |-
+ null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
 name: node-feature-discovery-worker-conf
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
@@ -134,171 +151,6 @@
 - vendor
 - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
- group: nfd.k8s-sigs.io
- names:
- kind: NodeFeatureRule
- listKind: NodeFeatureRuleList
- plural: nodefeaturerules
- singular: nodefeaturerule
- scope: Cluster
- versions:
- - name: v1alpha1
- schema:
- openAPIV3Schema:
- description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: NodeFeatureRuleSpec describes a NodeFeatureRule.
- properties:
- rules:
- description: Rules is a list of node customization rules.
- items:
- description: Rule defines a rule for node customization such as labeling.
- properties:
- labels:
- additionalProperties:
- type: string
- description: Labels to create if the rule matches.
- type: object
- labelsTemplate:
- description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
- type: string
- matchAny:
- description: MatchAny specifies a list of matchers one of which must match.
- items:
- description: MatchAnyElem specifies one sub-matcher of MatchAny.
- properties:
- matchFeatures:
- description: MatchFeatures specifies a set of matcher terms all of which must match.
- items:
- description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
- properties:
- feature:
- type: string
- matchExpressions:
- additionalProperties:
- description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new instance is created from scratch without using the helper functions."
- properties:
- op:
- description: Op is the operator to be applied.
- enum:
- - In
- - NotIn
- - InRegexp
- - Exists
- - DoesNotExist
- - Gt
- - Lt
- - GtLt
- - IsTrue
- - IsFalse
- type: string
- value:
- description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
- items:
- type: string
- type: array
- required:
- - op
- type: object
- description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
- type: object
- required:
- - feature
- - matchExpressions
- type: object
- type: array
- required:
- - matchFeatures
- type: object
- type: array
- matchFeatures:
- description: MatchFeatures specifies a set of matcher terms all of which must match.
- items:
- description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
- properties:
- feature:
- type: string
- matchExpressions:
- additionalProperties:
- description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new instance is created from scratch without using the helper functions."
- properties:
- op:
- description: Op is the operator to be applied.
- enum:
- - In
- - NotIn
- - InRegexp
- - Exists
- - DoesNotExist
- - Gt
- - Lt
- - GtLt
- - IsTrue
- - IsFalse
- type: string
- value:
- description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
- items:
- type: string
- type: array
- required:
- - op
- type: object
- description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
- type: object
- required:
- - feature
- - matchExpressions
- type: object
- type: array
- name:
- description: Name of the rule.
- type: string
- vars:
- additionalProperties:
- type: string
- description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
- type: object
- varsTemplate:
- description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
- type: string
- required:
- - name
- type: object
- type: array
- required:
- - rules
- type: object
- required:
- - spec
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -319,8 +171,15 @@
 - update
 - list
 - apiGroups:
+ - ""
+ resources:
+ - nodes/proxy
+ verbs:
+ - get
+ - apiGroups:
 - nfd.k8s-sigs.io
 resources:
+ - nodefeatures
 - nodefeaturerules
 verbs:
 - get
@@ -345,11 +204,49 @@
 name: node-feature-discovery
 namespace: default
 ---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: node-feature-discovery-worker
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+rules:
+ - apiGroups:
+ - nfd.k8s-sigs.io
+ resources:
+ - nodefeatures
+ verbs:
+ - create
+ - get
+ - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: node-feature-discovery-worker
+ labels:
+ app.kubernetes.io/name: node-feature-discovery
+ app.kubernetes.io/instance: node-feature-discovery
+ app.kubernetes.io/managed-by: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: node-feature-discovery-worker
+subjects:
+ - kind: ServiceAccount
+ name: node-feature-discovery-worker
+ namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
 name: node-feature-discovery-master
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
@@ -365,12 +262,14 @@
 selector:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
+ role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
 name: node-feature-discovery-worker
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
@@ -404,7 +303,7 @@
 - ALL
 readOnlyRootFilesystem: true
 runAsNonRoot: true
- image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.3"
+ image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.0"
 imagePullPolicy: IfNotPresent
 env:
 - name: NODE_NAME
@@ -480,6 +379,7 @@
 kind: Deployment
 metadata:
 name: node-feature-discovery-master
+ namespace: default
 labels:
 app.kubernetes.io/name: node-feature-discovery
 app.kubernetes.io/instance: node-feature-discovery
@@ -512,7 +412,7 @@
 - ALL
 readOnlyRootFilesystem: true
 runAsNonRoot: true
- image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.3"
+ image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.0"
 imagePullPolicy: IfNotPresent
 livenessProbe:
 exec:
@@ -541,7 +441,7 @@
 - "nfd-master"
 resources: {}
 args:
- ## By default, disable NodeFeatureRules controller for other than the default instances
+ ## By default, disable crd controller for other than the default instances
 - "-featurerules-controller=true"
 nodeSelector:
 node-role.kubernetes.io/master: "true"

[bloopy-boi]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.09s
✅ YAML	prettier	1	1	0	0.5s
✅ YAML	yamllint	1		0	0.23s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by