Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / node-feature-discovery / values.yaml
blob: f4b1d840819205a7911b0fb270300f270f9019df [file] [log] [blame]
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]1image:
2 repository: k8s.gcr.io/nfd/node-feature-discovery
3 # This should be set to 'IfNotPresent' for released version
4 pullPolicy: IfNotPresent
5 # tag, if defined will use the given image tag, else Chart.AppVersion will be used
6 # tag
7imagePullSecrets: []
8
9nameOverride: ""
10fullnameOverride: ""
11
12nodeFeatureRule:
13 createCRD: true
14
15master:
16 instance:
17 extraLabelNs: []
18 resourceLabels: []
19 featureRulesController: null
20 deploymentAnnotations: {}
21 replicaCount: 1
22
23 podSecurityContext: {}
24 # fsGroup: 2000
25
26 securityContext:
27 allowPrivilegeEscalation: false
28 capabilities:
29 drop: [ "ALL" ]
30 readOnlyRootFilesystem: true
31 runAsNonRoot: true
32 # runAsUser: 1000
33
34 serviceAccount:
35 # Specifies whether a service account should be created
36 create: true
37 # Annotations to add to the service account
38 annotations: {}
39 # The name of the service account to use.
40 # If not set and create is true, a name is generated using the fullname template
41 name:
42
43 rbac:
44 create: true
45
46 service:
47 type: ClusterIP
48 port: 8080
49
50 resources: {}
51 # We usually recommend not to specify default resources and to leave this as a conscious
52 # choice for the user. This also increases chances charts run on environments with little
53 # resources, such as Minikube. If you do want to specify resources, uncomment the following
54 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
55 # limits:
56 # cpu: 100m
57 # memory: 128Mi
58 # requests:
59 # cpu: 100m
60 # memory: 128Mi
61
62 nodeSelector: {}
63
64 tolerations:
65 - key: "node-role.kubernetes.io/master"
66 operator: "Equal"
67 value: ""
68 effect: "NoSchedule"
69 - key: "node-role.kubernetes.io/control-plane"
70 operator: "Equal"
71 value: ""
72 effect: "NoSchedule"
73
74 annotations: {}
75
76 affinity:
77 nodeAffinity:
78 preferredDuringSchedulingIgnoredDuringExecution:
79 - weight: 1
80 preference:
81 matchExpressions:
82 - key: "node-role.kubernetes.io/master"
83 operator: In
84 values: [""]
85 - weight: 1
86 preference:
87 matchExpressions:
88 - key: "node-role.kubernetes.io/control-plane"
89 operator: In
90 values: [""]
91
92worker:
93 config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
94 #core:
95 # labelWhiteList:
96 # noPublish: false
97 # sleepInterval: 60s
98 # featureSources: [all]
99 # labelSources: [all]
100 # klog:
101 # addDirHeader: false
102 # alsologtostderr: false
103 # logBacktraceAt:
104 # logtostderr: true
105 # skipHeaders: false
106 # stderrthreshold: 2
107 # v: 0
108 # vmodule:
109 ## NOTE: the following options are not dynamically run-time configurable
110 ## and require a nfd-worker restart to take effect after being changed
111 # logDir:
112 # logFile:
113 # logFileMaxSize: 1800
114 # skipLogHeaders: false
115 #sources:
116 # cpu:
117 # cpuid:
118 ## NOTE: whitelist has priority over blacklist
119 # attributeBlacklist:
120 # - "BMI1"
121 # - "BMI2"
122 # - "CLMUL"
123 # - "CMOV"
124 # - "CX16"
125 # - "ERMS"
126 # - "F16C"
127 # - "HTT"
128 # - "LZCNT"
129 # - "MMX"
130 # - "MMXEXT"
131 # - "NX"
132 # - "POPCNT"
133 # - "RDRAND"
134 # - "RDSEED"
135 # - "RDTSCP"
136 # - "SGX"
137 # - "SSE"
138 # - "SSE2"
139 # - "SSE3"
140 # - "SSE4"
141 # - "SSE42"
142 # - "SSSE3"
143 # attributeWhitelist:
144 # kernel:
145 # kconfigFile: "/path/to/kconfig"
146 # configOpts:
147 # - "NO_HZ"
148 # - "X86"
149 # - "DMI"
150 # pci:
151 # deviceClassWhitelist:
152 # - "0200"
153 # - "03"
154 # - "12"
155 # deviceLabelFields:
156 # - "class"
157 # - "vendor"
158 # - "device"
159 # - "subsystem_vendor"
160 # - "subsystem_device"
161 # usb:
162 # deviceClassWhitelist:
163 # - "0e"
164 # - "ef"
165 # - "fe"
166 # - "ff"
167 # deviceLabelFields:
168 # - "class"
169 # - "vendor"
170 # - "device"
171 # custom:
172 # # The following feature demonstrates the capabilities of the matchFeatures
173 # - name: "my custom rule"
174 # labels:
175 # my-ng-feature: "true"
176 # # matchFeatures implements a logical AND over all matcher terms in the
177 # # list (i.e. all of the terms, or per-feature matchers, must match)
178 # matchFeatures:
179 # - feature: cpu.cpuid
180 # matchExpressions:
181 # AVX512F: {op: Exists}
182 # - feature: cpu.cstate
183 # matchExpressions:
184 # enabled: {op: IsTrue}
185 # - feature: cpu.pstate
186 # matchExpressions:
187 # no_turbo: {op: IsFalse}
188 # scaling_governor: {op: In, value: ["performance"]}
189 # - feature: cpu.rdt
190 # matchExpressions:
191 # RDTL3CA: {op: Exists}
192 # - feature: cpu.sst
193 # matchExpressions:
194 # bf.enabled: {op: IsTrue}
195 # - feature: cpu.topology
196 # matchExpressions:
197 # hardware_multithreading: {op: IsFalse}
198 #
199 # - feature: kernel.config
200 # matchExpressions:
201 # X86: {op: Exists}
202 # LSM: {op: InRegexp, value: ["apparmor"]}
203 # - feature: kernel.loadedmodule
204 # matchExpressions:
205 # e1000e: {op: Exists}
206 # - feature: kernel.selinux
207 # matchExpressions:
208 # enabled: {op: IsFalse}
209 # - feature: kernel.version
210 # matchExpressions:
211 # major: {op: In, value: ["5"]}
212 # minor: {op: Gt, value: ["10"]}
213 #
214 # - feature: storage.block
215 # matchExpressions:
216 # rotational: {op: In, value: ["0"]}
217 # dax: {op: In, value: ["0"]}
218 #
219 # - feature: network.device
220 # matchExpressions:
221 # operstate: {op: In, value: ["up"]}
222 # speed: {op: Gt, value: ["100"]}
223 #
224 # - feature: memory.numa
225 # matchExpressions:
226 # node_count: {op: Gt, value: ["2"]}
227 # - feature: memory.nv
228 # matchExpressions:
229 # devtype: {op: In, value: ["nd_dax"]}
230 # mode: {op: In, value: ["memory"]}
231 #
232 # - feature: system.osrelease
233 # matchExpressions:
234 # ID: {op: In, value: ["fedora", "centos"]}
235 # - feature: system.name
236 # matchExpressions:
237 # nodename: {op: InRegexp, value: ["^worker-X"]}
238 #
239 # - feature: local.label
240 # matchExpressions:
241 # custom-feature-knob: {op: Gt, value: ["100"]}
242 #
243 # # The following feature demonstrates the capabilities of the matchAny
244 # - name: "my matchAny rule"
245 # labels:
246 # my-ng-feature-2: "my-value"
247 # # matchAny implements a logical IF over all elements (sub-matchers) in
248 # # the list (i.e. at least one feature matcher must match)
249 # matchAny:
250 # - matchFeatures:
251 # - feature: kernel.loadedmodule
252 # matchExpressions:
253 # driver-module-X: {op: Exists}
254 # - feature: pci.device
255 # matchExpressions:
256 # vendor: {op: In, value: ["8086"]}
257 # class: {op: In, value: ["0200"]}
258 # - matchFeatures:
259 # - feature: kernel.loadedmodule
260 # matchExpressions:
261 # driver-module-Y: {op: Exists}
262 # - feature: usb.device
263 # matchExpressions:
264 # vendor: {op: In, value: ["8086"]}
265 # class: {op: In, value: ["02"]}
266 #
267 # # The following features demonstreate label templating capabilities
268 # - name: "my template rule"
269 # labelsTemplate: |
270 # {{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }}
271 # {{ end }}
272 # matchFeatures:
273 # - feature: system.osrelease
274 # matchExpressions:
275 # ID: {op: InRegexp, value: ["^open.*"]}
276 # VERSION_ID.major: {op: In, value: ["13", "15"]}
277 #
278 # - name: "my template rule 2"
279 # labelsTemplate: |
280 # {{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
281 # {{ end }}
282 # matchFeatures:
283 # - feature: pci.device
284 # matchExpressions:
285 # class: {op: InRegexp, value: ["^06"]}
286 # vendor: ["8086"]
287 # - feature: cpu.cpuid
288 # matchExpressions:
289 # AVX: {op: Exists}
290 #
291 # # The following examples demonstrate vars field and back-referencing
292 # # previous labels and vars
293 # - name: "my dummy kernel rule"
294 # labels:
295 # "my.kernel.feature": "true"
296 # matchFeatures:
297 # - feature: kernel.version
298 # matchExpressions:
299 # major: {op: Gt, value: ["2"]}
300 #
301 # - name: "my dummy rule with no labels"
302 # vars:
303 # "my.dummy.var": "1"
304 # matchFeatures:
305 # - feature: cpu.cpuid
306 # matchExpressions: {}
307 #
308 # - name: "my rule using backrefs"
309 # labels:
310 # "my.backref.feature": "true"
311 # matchFeatures:
312 # - feature: rule.matched
313 # matchExpressions:
314 # my.kernel.feature: {op: IsTrue}
315 # my.dummy.var: {op: Gt, value: ["0"]}
316 #
317### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
318
319 daemonsetAnnotations: {}
320 podSecurityContext: {}
321 # fsGroup: 2000
322
323 securityContext:
324 allowPrivilegeEscalation: false
325 capabilities:
326 drop: [ "ALL" ]
327 readOnlyRootFilesystem: true
328 runAsNonRoot: true
329 # runAsUser: 1000
330
331 serviceAccount:
332 # Specifies whether a service account should be created.
333 # We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
334 create: true
335 # Annotations to add to the service account
336 annotations: {}
337 # The name of the service account to use.
338 # If not set and create is true, a name is generated using the fullname template
339 name:
340
341 # Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x
342 # Does not work on systems without /usr/src AND a read-only /usr, such as Talos
343 mountUsrSrc: false
344
345 resources: {}
346 # We usually recommend not to specify default resources and to leave this as a conscious
347 # choice for the user. This also increases chances charts run on environments with little
348 # resources, such as Minikube. If you do want to specify resources, uncomment the following
349 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
350 # limits:
351 # cpu: 100m
352 # memory: 128Mi
353 # requests:
354 # cpu: 100m
355 # memory: 128Mi
356
357 nodeSelector: {}
358
359 tolerations: []
360
361 annotations: {}
362
363 affinity: {}
364
365topologyUpdater:
366 enable: false
367 createCRDs: false
368
369 serviceAccount:
370 create: false
371 annotations: {}
372 name:
373 rbac:
374 create: false
375
376 kubeletConfigPath:
377 kubeletPodResourcesSockPath:
378 updateInterval: 60s
379 watchNamespace: "*"
380
381 podSecurityContext: {}
382 securityContext:
383 allowPrivilegeEscalation: false
384 capabilities:
385 drop: [ "ALL" ]
386 readOnlyRootFilesystem: true
387 runAsUser: 0
388
389 resources: {}
390 # We usually recommend not to specify default resources and to leave this as a conscious
391 # choice for the user. This also increases chances charts run on environments with little
392 # resources, such as Minikube. If you do want to specify resources, uncomment the following
393 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
394 # limits:
395 # cpu: 100m
396 # memory: 128Mi
397 # requests:
398 # cpu: 100m
399 # memory: 128Mi
400
401 nodeSelector: {}
402 tolerations: []
403 annotations: {}
404 affinity: {}
405
406# Optionally use encryption for worker <--> master comms
407# TODO: verify hostname is not yet supported
408#
409# If you do not enable certManager (and have it installed) you will
410# need to manually, or otherwise, provision the TLS certs as secrets
411tls:
412 enable: false
413 certManager: false