Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(deps): update helm release node-feature-discovery to 0.17.0 #2238

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(deps): update helm release node-feature-discovery to 0.17.0 #2238

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 21, 2022
edited
Loading

This PR contains the following updates:

Package Update Change
node-feature-discovery minor 0.11.2 -> 0.17.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

kubernetes-sigs/node-feature-discovery (node-feature-discovery)

v0.17.0

Compare Source

Changelog

Configurable restrictions (EXPERIMENTAL)

The nfd-master now has configuration options to restrict its capabilities, that is what modifications on node objects are allowed. See the nfd-master configuration file reference for documentation.

Image compatibity (EXPERIMENTAL)

There is an initiative to utilize NFD to implement system compatibility requirements for container images. As part of this work NFD v0.17 includes nfd command line client for validating systems against image compatibility manifests. See the documentation for more details, including examples how to create container images with compatibility manifests and validating nodes.

See the enhancement proposal for background information and design details.

Miscellaneous
Scalability

This release contains numerous fixes to fix issues and improve the scalability of NFD in larger clusters.

DMI features

Discovery of system.dmiid.product_name was added.

CPUID features

Support for new CPUID flags were added, including AMX-FP8 and AVX-VNNI-INT16.

Helm chart

Numerous small improvements in the NFD Helm chart, mainly new configuration values (see chart parameters for documentation).

Deprecations
gRPC API

The NodeFeature API is now GA and the legacy gRPC API has been completely removed.

Hooks

Support for hooks (deprecated in v0.12 has been removed. See the customization guide for replacements.

ResourceLabels config option

The resourceLabels configuration file option (and the corresponding -resource-labels flag), deprecated in v0.13 were removed. Use NodeFeatureRule object's extendedResources field instead.

Dynamic configuration

Dynamic runt-time reconfiguration was removed. This improves robustness and consistency as some of the configuration options did not support dynamic configuration.

Upcoming changes

The separate metric and health ports will be united behind a single port and the corresponding Helm chart values will be removed in NFD v0.18. This should be invisible to most users.

List of PRs

  • Update readme to v0.16.0 release (#​1722)
  • topology-updater: properly handle IPv6 from NODE_ADDRESS (#​1729)
  • helm: remove defaults CPU limits (#​1728)
  • build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 (#​1738)
  • Fix the problem with starting the master with empty cache (#​1739)
  • build(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (#​1742)
  • ensure post-delete-job's service account matches ref in job spec (#​1746)
  • Dockerfile: fix FromAs Casing (#​1753)
  • build(deps): bump github.com/klauspost/cpuid/v2 from 2.2.7 to 2.2.8 (#​1744)
  • build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#​1745)
  • build(deps): bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#​1743)
  • Update README to v0.16.1 (#​1756)
  • Document AVXVNNIINT16 cpuid feature (#​1749)
  • scripts: refresh e2e-presubmit test script (#​1758)
  • build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#​1760)
  • docs: describe Kubernetes version compatibility in versions page (#​1764)
  • scripts/test-infra: drop the unused build-image script (#​1762)
  • scripts/test-infra: run postsubmit e2e test in kind (#​1763)
  • nfd-master: fix typos (#​1765)
  • Simplify code (#​1766)
  • scripts/test-infra: setup kind in e2e-test (#​1767)
  • README: update module name in go report card badge (#​1768)
  • deployment/helm: enable specifying additional cmdline args (#​1726)
  • cloudbuild: increase the image build timeout (#​1770)
  • Use worker DS OwnerReference for NF's (#​1755)
  • README: update to v0.16.2 (#​1783)
  • Drop the -enable-nodefeature-api flag (#​1780)
  • fix: take into consideration possibility of having empty line in swap file (#​1781)
  • nfd-worker: change TestRun to use NodeFeature API (#​1788)
  • go.mod: update kubernetes to v1.30.2 and klog to v2.130.1 (#​1786)
  • Helm: Add revision history limit for master replica (#​1782)
  • test/e2e: set topology-updater sleep-interval in podfingerprint test (#​1792)
  • helm: drop trailing whitespace from values.yaml (#​1790)
  • docs: reformat tables of helm parameters (#​1791)
  • test/e2e: specify -sleep-interval in topology-updater exclude-memory test (#​1793)
  • README: update to v0.16.3 (#​1794)
  • feature-gates: mark NodeFeatureAPI as GA (#​1778)
  • scripts/test-infra: bump golangci-lint to v1.59.1 (#​1795)
  • scripts/test-infra: bump helm to v3.15.3 (#​1796)
  • Helm: Add revision history limit for worker daemonset (#​1797)
  • Dockerfile: cache go modules on build (#​1798)
  • build(deps): bump k8s.io/kubernetes from 1.30.2 to 1.30.3 in the k8sio group (#​1804)
  • helm: add configurable liveness&readiness probes for master topology-updater and worker (#​1801)
  • nfd-master: check nfd api informer cache sync result (#​1809)
  • nfd-gc: check that node informer cache sync succeeded (#​1812)
  • build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 (#​1819)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#​1818)
  • Docs: Fixed feature-gates reference (#​1822)
  • nfd-master: tweak list options for NodeFeature informer (#​1811)
  • Docs: Fix the link to feature gates documentation (#​1821)
  • nfd-gc: only fetch object metadata (#​1813)
  • nfd-gc: use paging when listing CRs (#​1815)
  • build(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 (#​1824)
  • Add helm migration guide (#​1807)
  • docs: use jekyll-rtd-theme from a ruby gem (#​1829)
  • tilt: sync up builder go version with project go.mod (#​1827)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#​1831)
  • build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 (#​1832)
  • README: update to v0.16.4 (#​1834)
  • test/e2e: simplify TestMain (#​1835)
  • nfd-master: explicit state variable for the node updater pool (#​1844)
  • nfd-master: use only unbuffered chans in the nfd api-controller (#​1843)
  • nfd-master: proper shutdown of nfd api informers (#​1848)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.0 to 2.20.1 (#​1853)
  • test/e2e: drop the pod security admission hack (#​1854)
  • scripts/test-infra: bump golangci-lint to v1.60.3 (#​1859)
  • Drop dynamic run-time reconfiguration (#​1847)
  • build(deps): bump github.com/onsi/gomega from 1.34.1 to 1.34.2 (#​1862)
  • build(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#​1864)
  • Bump Go to v1.23 (#​1858)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 (#​1870)
  • build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 (#​1867)
  • source/system: Add reading product name information (#​1871)
  • nfd-master: cleanup updater-pool method args (#​1876)
  • helm: rename args chart value to extraArgs (#​1880)
  • helm: rename args to extraArgs in values.yaml (#​1881)
  • source/network: Ignore bonding_masters interface during scanning (#​1856)
  • build(deps): bump github.com/jaypipes/ghw from 0.12.0 to 0.13.0 (#​1869)
  • Add helm values to configure hostNetwork and additional env vars (#​1878)
  • Add parameter to configure health endpoint port (#​1885)
  • Add .idea/ to gitignore (#​1886)
  • nfd-gc: drop one duplicate import from tests (#​1888)
  • test/e2e: use ptr.To to get pointer to bool (#​1836)
  • docs: quote shell snippets containing urls with query parameters (#​1895)
  • build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#​1900)
  • build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#​1899)
  • Template exposed health port in helm chart (#​1904)
  • github: specify workflow permissions (#​1906)
  • README: update to v0.16.5 (#​1909)
  • build(deps): bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 (#​1916)
  • Move testdata to root (#​1921)
  • Convert testdata to an empty go module (#​1924)
  • Add separate helm values for the liveness and readiness probes (#​1913)
  • feat/nfd-master: configure CR restrictions (#​1592)
  • build(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#​1923)
  • Drop NFD gRPC API (#​1910)
  • build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#​1917)
  • go.mod: bump kubernetes to v1.31 (#​1837)
  • tests: better assertion message in nfd-gc unit tests (#​1816)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#​1937)
  • build(deps): bump github.com/onsi/gomega from 1.34.2 to 1.35.1 (#​1938)
  • build(deps): bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 (#​1940)
  • nfd-master: drop stale unreachable deprecation notices (#​1942)
  • Docs: remove gRPC (#​1943)
  • Taints: mark stable (#​1944)
  • Drop support for hooks (#​1941)
  • build(deps): bump google.golang.org/grpc from 1.63.2 to 1.67.1 (#​1898)
  • build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#​1939)
  • Doc: Fix tilt up issue in feature discovering in developer guide (#​1889)
  • Deprecate separate metrics and health port args (#​1948)
  • Release template: Document tagging for API submodule (#​1945)
  • go.mod: bump cpuid to v2.2.9 (#​1949)
  • nfd-master: drop resourceLabels (#​1950)
  • docs: minor update in the feature gates table (#​1951)
  • build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 (#​1952)
  • build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#​1953)
  • build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#​1954)
  • build(deps): bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 (#​1957)
  • build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#​1960)
  • Document AMXFP8 cpuid feature (#​1935)
  • go.mod: bump kubernetes patch version (#​1962)
  • pkg/utils: drop fswatcher (#​1961)
  • chore: add metrics system prefix (#​1956)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#​1959)
  • build(deps): bump github.com/onsi/gomega from 1.35.1 to 1.36.0 (#​1966)
  • build(deps): bump google.golang.org/grpc from 1.68.0 to 1.68.1 (#​1969)
  • build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 (#​1968)
  • NFD image compatibility proposal (#​1845)
  • deployment: add startupProbe for nfd-master (#​1810)
  • scripts/update-gh-pages: fix release version parsing (#​1974)
  • nfd-master: check that namespace informer cache sync succeeded (#​1965)
  • Fix version parsing (#​1977)
  • Makefile: fix version parsing (#​1981)
  • nfd-worker: Add an option to disable setting the owner references (#​1860)
  • Cleanup for NodeFeature API being GA (#​1976)
  • build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 (#​1983)
  • build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#​1986)
  • build(deps): bump github.com/onsi/gomega from 1.36.0 to 1.36.1 (#​1984)
  • build(deps): bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 (#​1985)
  • go.mod: bump kubernetes to v1.32 (#​1987)
  • Drop protobuf definitions and protobuf code generation (#​1989)
  • Introduce nfd client for image compatibilty (#​1932)
  • Remove errors for nodes without NodeFeatures (#​1988)
  • go.mod: bump golang.org/x/net to v0.33.0 (#​1991)

(Full Changelog: kubernetes-sigs/node-feature-discovery@v0.17.0-devel...v0.17.0)

v0.16.6

Compare Source

What's Changed

Contributors @​marquiz @​elezar @​ArangoGutierrez

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.5...v0.16.6

v0.16.5

Compare Source

What's Changed

Fixes an nfd-master memory leak on re-configure events when leader election is enabled. Adds parameters to configure health endpoint port.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.4...v0.16.5

v0.16.4

Compare Source

What's Changed

This patch release contains improvements to the Helm chart, adding configurable liveness and readiness probes for all daemons and configurable revision history limit for the nfd-worker and nfd-topology-updater.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.3...v0.16.4

v0.16.3

Compare Source

Fix detection of swap in some scenarios (#​1751) and add Helm parameter to set the revisionHistoryLimit of nfd-master and nfd-gc (#​1759).

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.2...v0.16.3

v0.16.2

Compare Source

What's Changed

Fixes an issue where node labels were temporarily removed on nfd-worker pod restarts.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.1...v0.16.2

v0.16.1

Compare Source

What's Changed

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.16.0...v0.16.1

v0.16.0: v0.16

Compare Source

Changelog

NodeFeatureGroup API

The NodeFeatureGroup custom resource was added to the NFD API. The NodeFeatureGroup API enables the creation of node groups based on features discovered by NFD. The API is an alpha feature and is disabled by default and can be enabled with the NodeFeatureGroupAPI feature gate.

See documentation for more details.

Feature gates

NFD adapted the concept of feature gates from Kubernetes to introduce and stabilize new features in a controlled way. See the documentation for more details. Two existing features (NodeFeature API and disabling label auto-prefixing) were converted into feature gates.

Deprecations
Upcoming changes

Support for hooks is deprecated since v0.12.0 and will be completely dropped in the NFD v0.17.

RDT feature labels removed

The feature.node.kubernetes.io/cpu-rdt.* feature labels that were deprecated in NFD v0.13 were removed. RDT features are still available for use in NodeFeatureRules for custom labels.

Deprecated flags and options

The autoDefaultNs config file option of nfd-master is deprecated and will be removed in NFD v0.17. Superseded by the DisableAutoPrefix feature gate (featureGates.DisableAutoPrefix Helm parameter).

The -enable-nodefeature-api command line flag of nfd-master and nfd-worker and the corresponding enableNodeFeatureApi Helm chart parameter have been deprecated and will be removed in NFD v0.17. Superseded by the NodeFeature API feature gate (featureGates.NodeFeatureAPI Helm parameter).

The -crd-controller command line flag of nfd-master is deprecated and will be removed with the gRPC API in a future release.

Miscellaneous
Network devices

Discover speed of virtual network interfaces.

DMI

Added support for detecting DMI attributes from /sys/devices/virtual/dmi/id/. In v0.16 only sys_vendor discovered, available as system.dmiid.sys_vendor feature for use in NodeFeatureRules.

Swap

Discover the availability of swap on the node. Available as memory.swap.enabled feature for use in NodeFeatureRules.

Helm chart

Now all nodes are cleaned up (feature labels, annotations, extended resources and taints are removed) after uninstalling NFD using a post-delete hook.

The Helm chart now sets resource requests (cpu and memory) for NFD pods. Users may want to adjust these for their cluster. An option to set the pod priority class was added. See Helm chart parameters in the documentation).

Container health

A gRPC health server was added to the nfd-master, nfd-worker and nfd-topology-updater daemons. Deployments (Helm and kustomize) configure container liveness and readiness probes to use that for health checking.

List of PRs

  • github: update tagging instructions in release checklists (#​1527)
  • Update readme to v0.15.0 release (#​1524)
  • makefile: fix build: target (#​1528)
  • Makefile: add -timeout argument to e2e-tests (#​1526)
  • helm: add post-delete hook that cleans up the node (#​1532)
  • deployment/kustomize: drop the sample cert-manager overlay (#​1534)
  • nfd-master: run a separate gRPC health server (#​1535)
  • source/network: discover speed of virtual network interfaces (#​1536)
  • go.mod: update dependencies (#​1539)
  • chore: combine cpu count and thread_siblings functions into discover topology function (#​1505)
  • source/cpu: drop deprecated cpu-rdt labels (#​1530)
  • Update readme to v0.15.1 release (#​1552)
  • hack/generate: patch auto-generated deepcopy functions (#​1553)
  • apis/nfd: Trivial typo fix in tests (#​1537)
  • docs: update docs build dependencies (#​1543)
  • topology-updater: initialize properly with -no-publish (#​1554)
  • topology-updater: document the -no-publish flag correctly (#​1555)
  • Wrap nested errors (#​1558)
  • Prevent nfd-worker erroring when reading attributes from paravirtual devices (#​1557)
  • pkg/utils: move GetKubeconfig from pkg/apihelper here (#​1562)
  • OWNERS: add AhmedGrati as a reviewer (#​1564)
  • deployment/helm: don't deploy topology-updater conf unnecessarily (#​1565)
  • topology-updater: get topology api client directly (#​1566)
  • pkg/utils: move JsonPatch from pkg/apihelper (#​1568)
  • nfd-master: ditch apihelper (#​1570)
  • topology-updater: ditch apihelper (#​1567)
  • Drop pkg/apihelper (#​1561)
  • nfd-master: fix node status patching (#​1571)
  • nfd-topology-updater add pods fingerprint by default (#​1560)
  • docs: add KEP of Spiffe integration (#​1444)
  • docs: document removal of hooks in v0.17 (#​1573)
  • build(deps): bump github.com/opencontainers/runc from 1.1.10 to 1.1.12 (#​1575)
  • build(deps-dev): bump nokogiri from 1.16.0 to 1.16.2 in /docs (#​1576)
  • scripts/test-infra: bump golangci-lint to v1.56.1 (#​1580)
  • scripts/test-infra: bump k8s logcheck to v0.8.1 (#​1583)
  • Bump Go to v1.22 (#​1579)
  • scripts/test-infra: bump helm to v3.14.0 (#​1582)
  • source/kernel: add unit tests for kernel version parsing (#​1588)
  • helm: add priorityClassName option (#​1587)
  • source/pci: add unit test for the pci source (#​1589)
  • nfd-master: log errors on node update retries (#​1591)
  • source/system: Add reading vendor information (#​1574)
  • source/cpu: fix build tags on rdt discovery (#​1594)
  • helm: add ability to use a custom issuer (#​1598)
  • fix hook issue (#​1604)
  • generate: update autogenerate tools (#​1606)
  • apis/nfd/validate: use testify/assert for checking test results (#​1590)
  • Update readme to v0.15.2 release (#​1611)
  • Update generate scripts to use latest code_gen functions (#​1605)
  • nfd-master: mark the -crd-controller flag as deprecated (#​1612)
  • build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​1613)
  • Use close to signal stop channedl in worker and topology-updater (#​1620)
  • nfd-master: fix memory leak in nfd api-controller (#​1615)
  • Update readme to v0.15.3 release (#​1628)
  • Add FeatureGate framework to handle new features (#​1623)
  • replace AhmedGrati account with TessaIO as reviewer (#​1630)
  • add swap support in nfd (#​1585)
  • nfd-master: check if node exists before trying update (#​1595)
  • Remove references to -enable-nodefeature-api flag (#​1632)
  • Add owner reference to NRT object (#​1602)
  • nfd-master: retry node updates indefinitely (#​1596)
  • nfd-worker: Add liveness probe (#​1609)
  • topology-updater: Set APIVersion, Kind in the OwnerReference explicitly (#​1634)
  • helm: fix invalid name of host-swaps volume (#​1635)
  • nfd-master: do nfd API scheme registration in an init function (#​1641)
  • chore/deployment: add resources requests and limits for helm and Kustomize (#​1631)
  • nfd-topology-updater: Add liveness probe (#​1643)
  • nfd-master: get node object only once when updating node (#​1652)
  • chore/deploy: make interval property in PodMonitor configurable (#​1639)
  • nfd-master: protect node updater pool queueing with a lock (#​1642)
  • nfd-master: prevent crash on empty config struct (#​1657)
  • Update readme to v0.15.4 release (#​1650)
  • Tidy up usage of channels for signaling (#​1656)
  • nfd-master: implement opts for modifying NfdMaster instance (#​1658)
  • nfd-master: parse kubeconfig even with NoPublish set (#​1655)
  • Move NFD api to a separate go mod (#​1600)
  • api/nfd: run go mod tidy (#​1661)
  • Fix Make generate (#​1662)
  • apis/nfd/validate: loosen validation of feature annotations (#​1633)
  • nfd-master: use separate k8s api clients for each updater (#​1653)
  • nfd-master: stop node-updater pool before reconfiguring api-controller (#​1660)
  • build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 (#​1665)
  • chore/nfd-master: remove warnings in nfd-master unit tests file (#​1668)
  • build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 in api/nfd (#​1666)
  • apis/nfd: add unit tests for match name functions (#​1667)
  • apis/nfd: no error on ops that never match (#​1670)
  • api/nfd: use varargs in the NewInstanceFeatures helper (#​1669)
  • scripts/test-infra: bump golangci-lint to v1.57.2 (#​1674)
  • add ARMv7 support (#​1659)
  • docs: document trade-offs in memory configuration (#​1651)
  • go.mod: bump kubernetes to v1.30 (#​1675)
  • cloudbuild.yaml: change machine type to e1-highcpu-32 (#​1678)
  • test/e2e: stop importing kubernetes test/e2e (#​1680)
  • hack/init-buildx.sh: fix broken patter matching (#​1683)
  • Disable armv7 builds (#​1677)
  • cloudbuild.yaml: downgrade machine type to e2-highcpu-8 (#​1685)
  • Update update_codegen.sh for v0.30 version of codegen tools (#​1681)
  • Dependabot: Add proper dependabot config file (#​1679)
  • build(deps): bump azure/setup-helm from 3 to 4 (#​1686)
  • build(deps): bump actions/checkout from 1 to 4 (#​1687)
  • build(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 (#​1689)
  • build(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 (#​1691)
  • build(deps): bump github.com/onsi/gomega from 1.31.0 to 1.33.0 (#​1692)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.2 (#​1690)
  • build(deps): bump github.com/jaypipes/ghw from 0.8.1-0.20210827132705-c7224150a17e to 0.12.0 (#​1688)
  • apis/nfd: increase unit test coverage (#​1693)
  • build: specify buildx builder name everywhere (#​1684)
  • source/kernel: silence misleading error on selinux detection (#​1694)
  • build(deps): bump github.com/klauspost/cpuid/v2 from 2.2.6 to 2.2.7 (#​1695)
  • build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#​1696)
  • build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#​1698)
  • build(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#​1699)
  • build(deps): bump github.com/k8stopologyawareschedwg/noderesourcetopology-api from 0.1.0 to 0.1.2 (#​1697)
  • build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 (#​1701)
  • build(deps): bump google.golang.org/grpc from 1.60.1 to 1.63.2 (#​1702)
  • build(deps-dev): bump nokogiri from 1.16.2 to 1.16.5 in /docs (#​1706)
  • build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#​1703)
  • build(deps): bump github.com/k8stopologyawareschedwg/podfingerprint from 0.1.2 to 0.2.2 (#​1705)
  • nfd-master: add DisableAutoPrefix feature gate (#​1707)
  • Re-add -enable-nodefeature-api cmdline flag (#​1708)
  • build(deps): bump rexml from 3.2.6 to 3.2.8 in /docs (#​1709)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#​1711)
  • Add NodeFeatureGroup API (#​1487)
  • api/nfd: document all undocumented fields in the types (#​1714)
  • nfd-worker: improved log when creating NodeFeature object (#​1713)
  • apis/nfd: allow different types of features of the same name (#​1671)
  • cpu: advertise AVX10 version (#​1673)
  • source/cpu: disable AVX10 label (#​1715)
  • docs/helm: document all feature gates (#​1716)
  • build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (#​1717)
  • docs: add more cross-references to NodeFeatureGroup API (#​1718)

v0.15.7

Compare Source

What's Changed

This patch release updates dependencies.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.6...v0.15.7

v0.15.6

Compare Source

What's Changed

Fixes an issue where node labels were temporarily removed on nfd-worker pod restarts.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.5...v0.15.6

v0.15.5

Compare Source

Changelog

This patch release fixes nfd-topology-updater on IPv6 clusters.

List of PRs
  • go.mod: update dependencies (#​1676)
  • topology-updater: properly handle IPv6 from NODE_ADDRESS (#​1732)

v0.15.4

Compare Source

This patch release fixes a potential crash in nfd-master (#​1644).

v0.15.3

Compare Source

Changelog

This patch release fixes a critical memory leak in nfd-master, along with updating dependencies.

Full Changelog: kubernetes-sigs/node-feature-discovery@v0.15.2...v0.15.3

v0.15.2

Compare Source

Changel

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from dfroberg as a code owner December 21, 2022 17:44
@github-actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.12.0

@@ -3,6 +3,7 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -16,16 +17,32 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +96,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -264,8 +116,15 @@
       - update
       - list
   - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +149,49 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +207,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +248,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.0"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -425,6 +324,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -457,7 +357,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.0"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,7 +386,7 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
       affinity:
         nodeAffinity:

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.12.0 feat(deps): update helm release node-feature-discovery to 0.12.1 Jan 18, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from e9a636b to e7740a1 Compare January 18, 2023 15:52
@github-actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.12.1

@@ -3,6 +3,7 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -16,16 +17,32 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +96,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -264,8 +116,15 @@
       - update
       - list
   - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +149,49 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +207,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +248,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -425,6 +324,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -457,7 +357,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.1"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,7 +386,7 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
       affinity:
         nodeAffinity:

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.12.1 feat(deps): update helm release node-feature-discovery to 0.12.2 Apr 3, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from e7740a1 to 9562045 Compare April 3, 2023 13:04
@github-actions
Copy link

github-actions bot commented Apr 3, 2023

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.12.2

@@ -3,6 +3,7 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -16,16 +17,32 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +96,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -266,6 +118,7 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +143,67 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-topology-updater
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-topology-updater
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +219,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +260,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -425,6 +336,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -457,7 +369,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.12.2"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,7 +398,7 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
       affinity:
         nodeAffinity:

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.12.2 feat(deps): update helm release node-feature-discovery to 0.13.1 May 29, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 9562045 to b59e925 Compare May 29, 2023 12:07
@github-actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.13.1

@@ -3,29 +3,57 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +107,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +121,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,6 +130,7 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +155,67 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-topology-updater
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-topology-updater
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +231,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +272,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -366,7 +289,7 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-server=node-feature-discovery-master:8080"
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +303,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +328,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,6 +354,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -447,6 +377,7 @@
       annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,7 +388,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.1"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,7 +417,8 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            - "-port=8080"
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
       affinity:
         nodeAffinity:
@@ -511,3 +443,15 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrole.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/serviceaccount.yaml
+---
+{}

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.13.1 feat(deps): update helm release node-feature-discovery to 0.13.2 Jun 2, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from b59e925 to 8c7a87b Compare June 2, 2023 02:45
@github-actions
Copy link

github-actions bot commented Jun 2, 2023

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.13.2

@@ -3,29 +3,57 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +107,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +121,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,6 +130,7 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +155,49 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +213,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +254,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -366,7 +271,7 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-server=node-feature-discovery-master:8080"
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +285,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +310,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,6 +336,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -447,6 +359,7 @@
       annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,7 +370,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.2"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,8 +399,20 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            - "-port=8080"
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +436,21 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrole.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/serviceaccount.yaml
+---
+{}

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.13.2 feat(deps): update helm release node-feature-discovery to 0.13.3 Jul 21, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 8c7a87b to 4e06daa Compare July 21, 2023 13:54
@github-actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.13.3

@@ -3,29 +3,57 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +107,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +121,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,6 +130,7 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +155,49 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +213,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +254,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.3"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -366,7 +271,7 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-server=node-feature-discovery-master:8080"
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +285,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +310,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,6 +336,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -447,6 +359,7 @@
       annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,7 +370,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.3"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,8 +399,20 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            - "-port=8080"
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +436,21 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrole.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/serviceaccount.yaml
+---
+{}

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.13.3 feat(deps): update helm release node-feature-discovery to 0.13.4 Sep 1, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 4e06daa to 22aef4a Compare September 1, 2023 10:58
@github-actions
Copy link

github-actions bot commented Sep 1, 2023

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.13.4

@@ -3,29 +3,57 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +107,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +121,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,6 +130,7 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
@@ -290,11 +155,49 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,12 +213,14 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -349,7 +254,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.4"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -366,7 +271,7 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-server=node-feature-discovery-master:8080"
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +285,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +310,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,6 +336,7 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -447,6 +359,7 @@
       annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,7 +370,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.13.4"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -486,8 +399,20 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
+            - "-port=8080"
+            ## By default, disable crd controller for other than the default instances
             - "-featurerules-controller=true"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +436,21 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrole.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+---
+{}
+---
+{}
+
+# Source: node-feature-discovery/templates/serviceaccount.yaml
+---
+{}

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.13.4 feat(deps): update helm release node-feature-discovery to 0.14.0 Sep 7, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 22aef4a to 77adf30 Compare September 7, 2023 18:17
@github-actions
Copy link

github-actions bot commented Sep 7, 2023

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.14.0

@@ -3,29 +3,68 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nfd-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +118,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +132,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +141,65 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,11 +219,67 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: nfd-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,18 +295,19 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,7 +335,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.14.0"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -366,7 +352,12 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-server=node-feature-discovery-master:8080"
+            - "-enable-nodefeature-api"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +371,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +396,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +422,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +441,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,7 +454,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.14.0"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -477,6 +474,8 @@
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -486,8 +485,22 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-port=8080"
+            - "-enable-nodefeature-api"
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +524,52 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: nfd-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.14.0"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true

@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.14.0 feat(deps): update helm release node-feature-discovery to 0.14.1 Sep 20, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 77adf30 to d4d6e23 Compare September 20, 2023 12:37
@github-actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.14.1

@@ -3,29 +3,68 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nfd-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +118,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +132,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +141,65 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,11 +219,69 @@
     name: node-feature-discovery
     namespace: default
 ---
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: nfd-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
+---
 # Source: node-feature-discovery/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -310,18 +297,19 @@
   selector:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    role: master
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,7 +337,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.14.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
@@ -366,7 +354,11 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-server=node-feature-discovery-master:8080"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +372,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +397,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +423,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +442,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,7 +455,7 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.14.1"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:
@@ -477,6 +475,8 @@
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -486,8 +486,21 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-port=8080"
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +524,52 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: nfd-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.14.1"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from d4d6e23 to dacad36 Compare October 10, 2023 07:41
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.14.1 feat(deps): update helm release node-feature-discovery to 0.14.2 Oct 10, 2023
@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from dacad36 to a396116 Compare October 23, 2023 17:54
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.15.2 feat(deps): update helm release node-feature-discovery to 0.15.3 Mar 15, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.15.3

@@ -3,29 +3,68 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +118,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +132,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +141,65 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,38 +219,74 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,13 +314,21 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.15.3"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +339,10 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +356,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +381,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +407,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +426,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,26 +439,24 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.15.3"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8080
             initialDelaySeconds: 10
             periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8080
             initialDelaySeconds: 5
             periodSeconds: 10
             failureThreshold: 10
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -486,8 +466,20 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +503,55 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.15.3"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 59f2804 to 4e812c2 Compare April 7, 2024 05:42
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.15.3 feat(deps): update helm release node-feature-discovery to 0.15.4 Apr 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 7, 2024

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.15.4

@@ -3,29 +3,68 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
+# Source: node-feature-discovery/templates/nfd-topologyupdater-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-topology-updater-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-topology-updater.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +118,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +132,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +141,65 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,38 +219,74 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,13 +314,21 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.15.4"
           imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +339,10 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +356,9 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +381,9 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +407,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +426,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,26 +439,24 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.15.4"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8080
             initialDelaySeconds: 10
             periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8080
             initialDelaySeconds: 5
             periodSeconds: 10
             failureThreshold: 10
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -486,8 +466,20 @@
             - "nfd-master"
           resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -511,3 +503,55 @@
           key: node.kubernetes.io/unreachable
           operator: Exists
           tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.15.4"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 4e812c2 to f719846 Compare May 27, 2024 19:31
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.15.4 feat(deps): update helm release node-feature-discovery to 0.16.0 May 27, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.0

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,38 +213,74 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,13 +308,32 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.0"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            failureThreshold: 10
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +344,13 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +364,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +392,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +421,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +440,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,37 +453,236 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.0"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
             periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 5
             periodSeconds: 10
             failureThreshold: 10
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-master"
+          resources:
+            limits:
+              cpu: 300m
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.0"
+          imagePullPolicy: "IfNotPresent"
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
           command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              cpu: 20m
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.0"
+          imagePullPolicy: IfNotPresent
+          command:
             - "nfd-master"
-          resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from f719846 to 7ea31e7 Compare July 3, 2024 17:27
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.0 feat(deps): update helm release node-feature-discovery to 0.16.1 Jul 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 3, 2024

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.1

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
 ---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,38 +213,74 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,13 +308,32 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.1"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            failureThreshold: 10
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +344,13 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +364,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +392,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +421,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +440,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,37 +453,234 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.1"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
             periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 5
             periodSeconds: 10
             failureThreshold: 10
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-master"
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.1"
+          imagePullPolicy: "IfNotPresent"
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
           command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.1"
+          imagePullPolicy: IfNotPresent
+          command:
             - "nfd-master"
-          resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 7ea31e7 to d27e791 Compare July 11, 2024 11:33
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.1 feat(deps): update helm release node-feature-discovery to 0.16.2 Jul 11, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.2

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,38 +213,80 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,13 +314,32 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.2"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            failureThreshold: 10
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +350,13 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +370,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +398,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +427,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +446,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,26 +459,24 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.2"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
             periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 5
             periodSeconds: 10
             failureThreshold: 10
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -484,10 +484,209 @@
                   fieldPath: spec.nodeName
           command:
             - "nfd-master"
-          resources: {}
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.2"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.2"
+          imagePullPolicy: IfNotPresent
+          command:
+            - "nfd-master"
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from d27e791 to adc35a5 Compare July 16, 2024 14:26
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.2 feat(deps): update helm release node-feature-discovery to 0.16.3 Jul 16, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.3

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,38 +213,80 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
   selector:
     matchLabels:
@@ -349,13 +314,32 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.3"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            failureThreshold: 10
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +350,13 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +370,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +398,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,12 +427,12 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
   selector:
@@ -444,9 +446,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,26 +459,24 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.3"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
             periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 5
             periodSeconds: 10
             failureThreshold: 10
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -484,10 +484,209 @@
                   fieldPath: spec.nodeName
           command:
             - "nfd-master"
-          resources: {}
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.3"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.3"
+          imagePullPolicy: IfNotPresent
+          command:
+            - "nfd-master"
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from adc35a5 to 55ca541 Compare August 12, 2024 13:15
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.3 feat(deps): update helm release node-feature-discovery to 0.16.4 Aug 12, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.4

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,39 +213,82 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -349,13 +315,30 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.4"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+          readinessProbe:
+            failureThreshold: 10
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +349,13 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          ports:
+            - name: metrics
+              containerPort: 8081
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +369,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +397,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,14 +426,15 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -444,9 +446,9 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
       containers:
         - name: master
@@ -457,26 +459,22 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.4"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
-            periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
-            initialDelaySeconds: 5
-            periodSeconds: 10
             failureThreshold: 10
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
           env:
             - name: NODE_NAME
               valueFrom:
@@ -484,10 +482,210 @@
                   fieldPath: spec.nodeName
           command:
             - "nfd-master"
-          resources: {}
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  revisionHistoryLimit:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.4"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.4"
+          imagePullPolicy: IfNotPresent
+          command:
+            - "nfd-master"
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 55ca541 to 9b5fff1 Compare October 15, 2024 08:16
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.4 feat(deps): update helm release node-feature-discovery to 0.16.5 Oct 15, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.5

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,39 +213,82 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -340,6 +306,7 @@
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: node-feature-discovery-worker
       securityContext: {}
+      hostNetwork: false
       containers:
         - name: worker
           securityContext:
@@ -349,13 +316,30 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.5"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+          readinessProbe:
+            failureThreshold: 10
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +350,16 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+            - "-grpc-health=8082"
+          ports:
+            - containerPort: 8081
+              name: metrics
+            - containerPort: 8082
+              name: health
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +373,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +401,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,14 +430,15 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -444,10 +450,11 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
+      hostNetwork: false
       containers:
         - name: master
           securityContext:
@@ -457,26 +464,24 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.5"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
-            periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
-            initialDelaySeconds: 5
-            periodSeconds: 10
             failureThreshold: 10
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
+            - containerPort: 8082
+              name: health
           env:
             - name: NODE_NAME
               valueFrom:
@@ -484,10 +489,212 @@
                   fieldPath: spec.nodeName
           command:
             - "nfd-master"
-          resources: {}
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+            - "-grpc-health=8082"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  revisionHistoryLimit:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      hostNetwork: false
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.5"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.5"
+          imagePullPolicy: IfNotPresent
+          command:
+            - "nfd-master"
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from 9b5fff1 to b2b95bd Compare October 30, 2024 14:20
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.5 feat(deps): update helm release node-feature-discovery to 0.16.6 Oct 30, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.16.6

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -258,6 +118,7 @@
       - ""
     resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +127,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,39 +213,82 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -340,6 +306,7 @@
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: node-feature-discovery-worker
       securityContext: {}
+      hostNetwork: false
       containers:
         - name: worker
           securityContext:
@@ -349,13 +316,30 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.6"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+          readinessProbe:
+            failureThreshold: 10
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +350,16 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+            - "-grpc-health=8082"
+          ports:
+            - containerPort: 8081
+              name: metrics
+            - containerPort: 8082
+              name: health
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,6 +373,12 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
+              readOnly: true
             - name: source-d
               mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
               readOnly: true
@@ -402,6 +401,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
+        - name: host-lib
+          hostPath:
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: source-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/source.d/"
@@ -425,14 +430,15 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -444,10 +450,11 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
+      hostNetwork: false
       containers:
         - name: master
           securityContext:
@@ -457,26 +464,24 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.6"
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
+            grpc:
+              port: 8082
             initialDelaySeconds: 10
-            periodSeconds: 10
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
-            initialDelaySeconds: 5
-            periodSeconds: 10
             failureThreshold: 10
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
           ports:
             - containerPort: 8080
               name: grpc
+            - containerPort: 8081
+              name: metrics
+            - containerPort: 8082
+              name: health
           env:
             - name: NODE_NAME
               valueFrom:
@@ -484,10 +489,212 @@
                   fieldPath: spec.nodeName
           command:
             - "nfd-master"
-          resources: {}
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller=true"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureAPI=true"
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+            - "-grpc-health=8082"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  revisionHistoryLimit:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      hostNetwork: false
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.6"
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.16.6"
+          imagePullPolicy: IfNotPresent
+          command:
+            - "nfd-master"
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

@renovate renovate bot force-pushed the renovate/node-feature-discovery-0.x branch from b2b95bd to e0ee111 Compare December 24, 2024 07:57
@renovate renovate bot changed the title feat(deps): update helm release node-feature-discovery to 0.16.6 feat(deps): update helm release node-feature-discovery to 0.17.0 Dec 24, 2024
@github-actions GitHub Actions
Copy link

Path: cluster/core/kube-system/node-feature-discovery/helm-release.yaml
Version: 0.11.2 -> 0.17.0

@@ -3,29 +3,54 @@
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
-{}
-
 # Source: node-feature-discovery/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
 ---
+# Source: node-feature-discovery/templates/nfd-master-conf.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-feature-discovery-master-conf
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+data:
+  nfd-master.conf: |-
+    null
+---
 # Source: node-feature-discovery/templates/nfd-worker-conf.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: node-feature-discovery-worker-conf
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
@@ -79,171 +104,6 @@
         - vendor
         - device
 ---
-# Source: node-feature-discovery/templates/nodefeaturerule-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: nodefeaturerules.nfd.k8s-sigs.io
-spec:
-  group: nfd.k8s-sigs.io
-  names:
-    kind: NodeFeatureRule
-    listKind: NodeFeatureRuleList
-    plural: nodefeaturerules
-    singular: nodefeaturerule
-  scope: Cluster
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          description: NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling.
-          properties:
-            apiVersion:
-              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-              type: string
-            kind:
-              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
-              properties:
-                rules:
-                  description: Rules is a list of node customization rules.
-                  items:
-                    description: Rule defines a rule for node customization such as labeling.
-                    properties:
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: Labels to create if the rule matches.
-                        type: object
-                      labelsTemplate:
-                        description: LabelsTemplate specifies a template to expand for dynamically generating multiple labels. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                      matchAny:
-                        description: MatchAny specifies a list of matchers one of which must match.
-                        items:
-                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
-                          properties:
-                            matchFeatures:
-                              description: MatchFeatures specifies a set of matcher terms all of which must match.
-                              items:
-                                description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                                properties:
-                                  feature:
-                                    type: string
-                                  matchExpressions:
-                                    additionalProperties:
-                                      description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                      properties:
-                                        op:
-                                          description: Op is the operator to be applied.
-                                          enum:
-                                            - In
-                                            - NotIn
-                                            - InRegexp
-                                            - Exists
-                                            - DoesNotExist
-                                            - Gt
-                                            - Lt
-                                            - GtLt
-                                            - IsTrue
-                                            - IsFalse
-                                          type: string
-                                        value:
-                                          description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                          items:
-                                            type: string
-                                          type: array
-                                      required:
-                                        - op
-                                      type: object
-                                    description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                                    type: object
-                                required:
-                                  - feature
-                                  - matchExpressions
-                                type: object
-                              type: array
-                          required:
-                            - matchFeatures
-                          type: object
-                        type: array
-                      matchFeatures:
-                        description: MatchFeatures specifies a set of matcher terms all of which must match.
-                        items:
-                          description: FeatureMatcherTerm defines requirements against one feature set. All requirements (specified as MatchExpressions) are evaluated against each element in the feature set.
-                          properties:
-                            feature:
-                              type: string
-                            matchExpressions:
-                              additionalProperties:
-                                description: "MatchExpression specifies an expression to evaluate against a set of input values. It contains an operator that is applied when matching the input and an array of values that the operator evaluates the input against. \n NB: CreateMatchExpression or MustCreateMatchExpression() should be used for     creating new instances. NB: Validate() must be called if Op or Value fields are modified or if a new     instance is created from scratch without using the helper functions."
-                                properties:
-                                  op:
-                                    description: Op is the operator to be applied.
-                                    enum:
-                                      - In
-                                      - NotIn
-                                      - InRegexp
-                                      - Exists
-                                      - DoesNotExist
-                                      - Gt
-                                      - Lt
-                                      - GtLt
-                                      - IsTrue
-                                      - IsFalse
-                                    type: string
-                                  value:
-                                    description: Value is the list of values that the operand evaluates the input against. Value should be empty if the operator is Exists, DoesNotExist, IsTrue or IsFalse. Value should contain exactly one element if the operator is Gt or Lt and exactly two elements if the operator is GtLt. In other cases Value should contain at least one element.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                  - op
-                                type: object
-                              description: MatchExpressionSet contains a set of MatchExpressions, each of which is evaluated against a set of input values.
-                              type: object
-                          required:
-                            - feature
-                            - matchExpressions
-                          type: object
-                        type: array
-                      name:
-                        description: Name of the rule.
-                        type: string
-                      vars:
-                        additionalProperties:
-                          type: string
-                        description: Vars is the variables to store if the rule matches. Variables do not directly inflict any changes in the node object. However, they can be referenced from other rules enabling more complex rule hierarchies, without exposing intermediary output values as labels.
-                        type: object
-                      varsTemplate:
-                        description: VarsTemplate specifies a template to expand for dynamically generating multiple variables. Data (after template expansion) must be keys with an optional value (<key>[=<value>]) separated by newlines.
-                        type: string
-                    required:
-                      - name
-                    type: object
-                  type: array
-              required:
-                - rules
-              type: object
-          required:
-            - spec
-          type: object
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
 # Source: node-feature-discovery/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -257,7 +117,15 @@
   - apiGroups:
       - ""
     resources:
+      - namespaces
+    verbs:
+      - watch
+      - list
+  - apiGroups:
+      - ""
+    resources:
       - nodes
+      - nodes/status
     verbs:
       - get
       - patch
@@ -266,11 +134,73 @@
   - apiGroups:
       - nfd.k8s-sigs.io
     resources:
+      - nodefeatures
       - nodefeaturerules
+      - nodefeaturegroups
     verbs:
       - get
       - list
       - watch
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeaturegroups/status
+    verbs:
+      - patch
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - "nfd-master.nfd.kubernetes.io"
+    verbs:
+      - get
+      - update
+---
+# Source: node-feature-discovery/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-gc
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get
+  - apiGroups:
+      - topology.node.k8s.io
+    resources:
+      - noderesourcetopologies
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - delete
+      - list
 ---
 # Source: node-feature-discovery/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -290,39 +220,82 @@
     name: node-feature-discovery
     namespace: default
 ---
-# Source: node-feature-discovery/templates/service.yaml
-apiVersion: v1
-kind: Service
+# Source: node-feature-discovery/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node-feature-discovery-master
+  name: node-feature-discovery-gc
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
-    role: master
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
-  selector:
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-gc
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-gc
+    namespace: default
+---
+# Source: node-feature-discovery/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups:
+      - nfd.k8s-sigs.io
+    resources:
+      - nodefeatures
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+# Source: node-feature-discovery/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: node-feature-discovery-worker
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: node-feature-discovery-worker
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-worker
+    namespace: default
 ---
 # Source: node-feature-discovery/templates/worker.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: node-feature-discovery-worker
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: worker
-  annotations: {}
 spec:
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -335,11 +308,13 @@
         app.kubernetes.io/instance: node-feature-discovery
         role: worker
       annotations:
+        checksum/config: 32abca98ab3e78fbad3b7180c1d1f84c88c821e366307c758d44bfbe2585cbcd
         configmap.reloader.stakater.com/reload: node-feature-discovery-worker-conf
     spec:
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: node-feature-discovery-worker
       securityContext: {}
+      hostNetwork: false
       containers:
         - name: worker
           securityContext:
@@ -349,13 +324,30 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
           imagePullPolicy: IfNotPresent
+          livenessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 10
+          readinessProbe:
+            grpc:
+              port: 8082
+            initialDelaySeconds: 5
+            failureThreshold: 10
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           resources:
             limits:
               cpu: 1024m
@@ -366,7 +358,15 @@
           command:
             - "nfd-worker"
           args:
-            - "--server=node-feature-discovery-master:8080"
+            # Go over featureGate and add the feature-gate flag
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+            - "-grpc-health=8082"
+          ports:
+            - containerPort: 8081
+              name: metrics
+            - containerPort: 8082
+              name: health
           volumeMounts:
             - name: host-boot
               mountPath: "/host-boot"
@@ -380,8 +380,11 @@
             - name: host-usr-lib
               mountPath: "/host-usr/lib"
               readOnly: true
-            - name: source-d
-              mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
+            - name: host-lib
+              mountPath: "/host-lib"
+              readOnly: true
+            - name: host-proc-swaps
+              mountPath: "/host-proc/swaps"
               readOnly: true
             - name: features-d
               mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -402,9 +405,12 @@
         - name: host-usr-lib
           hostPath:
             path: "/usr/lib"
-        - name: source-d
+        - name: host-lib
           hostPath:
-            path: "/etc/kubernetes/node-feature-discovery/source.d/"
+            path: "/lib"
+        - name: host-proc-swaps
+          hostPath:
+            path: "/proc/swaps"
         - name: features-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -425,14 +431,15 @@
 kind: Deployment
 metadata:
   name: node-feature-discovery-master
+  namespace: default
   labels:
     app.kubernetes.io/name: node-feature-discovery
     app.kubernetes.io/instance: node-feature-discovery
     app.kubernetes.io/managed-by: Helm
     role: master
-  annotations: {}
 spec:
   replicas: 1
+  revisionHistoryLimit:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-feature-discovery
@@ -444,10 +451,13 @@
         app.kubernetes.io/name: node-feature-discovery
         app.kubernetes.io/instance: node-feature-discovery
         role: master
-      annotations: {}
+      annotations:
+        checksum/config: 0e39572ff18dbc2e9f804d7adebf2a489376f319d8007872286385bf74c1eb3d
     spec:
       serviceAccountName: node-feature-discovery
+      enableServiceLinks: false
       securityContext: {}
+      hostNetwork: false
       containers:
         - name: master
           securityContext:
@@ -457,37 +467,235 @@
                 - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: "k8s.gcr.io/nfd/node-feature-discovery:v0.11.2"
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
           imagePullPolicy: IfNotPresent
+          startupProbe:
+            grpc:
+              port: 8082
+            failureThreshold: 30
           livenessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
-            initialDelaySeconds: 10
-            periodSeconds: 10
+            grpc:
+              port: 8082
           readinessProbe:
-            exec:
-              command:
-                - "/usr/bin/grpc_health_probe"
-                - "-addr=:8080"
-            initialDelaySeconds: 5
-            periodSeconds: 10
+            grpc:
+              port: 8082
             failureThreshold: 10
           ports:
-            - containerPort: 8080
-              name: grpc
+            - containerPort: 8081
+              name: metrics
+            - containerPort: 8082
+              name: health
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command:
+            - "nfd-master"
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          args:
+            - "-enable-leader-election"
+            # Go over featureGates and add the feature-gate flag
+            - "-feature-gates=NodeFeatureGroupAPI=false"
+            - "-metrics=8081"
+            - "-grpc-health=8082"
+          volumeMounts:
+            - name: nfd-master-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+      volumes:
+        - name: nfd-master-conf
+          configMap:
+            name: node-feature-discovery-master-conf
+            items:
+              - key: nfd-master.conf
+                path: nfd-master.conf
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: In
+                    values:
+                      - ""
+              weight: 1
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+          tolerationSeconds: 300
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+          tolerationSeconds: 300
+---
+# Source: node-feature-discovery/templates/nfd-gc.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-feature-discovery-gc
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+    role: gc
+spec:
+  replicas: 1
+  revisionHistoryLimit:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-feature-discovery
+      app.kubernetes.io/instance: node-feature-discovery
+      role: gc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        role: gc
+    spec:
+      serviceAccountName: node-feature-discovery-gc
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext: {}
+      hostNetwork: false
+      containers:
+        - name: gc
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
+          imagePullPolicy: "IfNotPresent"
           env:
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
           command:
+            - "nfd-gc"
+          args:
+            - "-gc-interval=1h"
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          ports:
+            - name: metrics
+              containerPort: 8081
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/status
+    verbs:
+      - get
+      - patch
+      - update
+      - list
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: node-feature-discovery-prune
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: node-feature-discovery-prune
+subjects:
+  - kind: ServiceAccount
+    name: node-feature-discovery-prune
+    namespace: default
+---
+# Source: node-feature-discovery/templates/post-delete-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: node-feature-discovery-prune
+  namespace: default
+  labels:
+    app.kubernetes.io/name: node-feature-discovery
+    app.kubernetes.io/instance: node-feature-discovery
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-feature-discovery
+        app.kubernetes.io/instance: node-feature-discovery
+        app.kubernetes.io/managed-by: Helm
+        role: prune
+    spec:
+      serviceAccountName: node-feature-discovery-prune
+      containers:
+        - name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+          image: "registry.k8s.io/nfd/node-feature-discovery:v0.17.0"
+          imagePullPolicy: IfNotPresent
+          command:
             - "nfd-master"
-          resources: {}
           args:
-            ## By default, disable NodeFeatureRules controller for other than the default instances
-            - "-featurerules-controller=true"
+            - "-prune"
+      restartPolicy: Never
       affinity:
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dfroberg dfroberg Awaiting requested review from dfroberg dfroberg is a code owner

Assignees
No one assigned
Labels
renovate/helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants