docs: add CR restrictions to the master configuration reference

Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>

docs/reference/master-configuration-reference.md

@@ -344,3 +344,115 @@ Comma-separated list of `pattern=N` settings for file-filtered logging.
 Default: *empty*
 
 Run-time configurable: yes
+
+
+## restrictions
+
+The following options specify the restrictions that can be applied by nfd-master
+on the deployed Custom Resources in the cluster.
+
+### restrictions.allowedNamespaces
+
+The `allowedNamespaces` option specifies the NodeFeatures namespaces to watch.
+To select the appropriate namespaces to watch, you can use the `metav1.LabelSelector`
+as a type for this option.
+
+Default: all namespaces are allowed to be watched.
+
+Example:
+
+```yaml
+restrictions:
+  allowedNamespaces:
+    matchLabels:
+      kubernetes.io/metadata.name: "node-feature-discovery"
+    matchExpressions:
+      - key: "kubernetes.io/metadata.name"
+        operator: "In"
+        values:
+          - "node-feature-discovery"
+```
+
+### restrictions.maxLabelsPerCR
+
+The `maxLabelsPerCR` option specifies the maximum number of labels that can
+be generated by a single CustomResource.
+
+Default: no limit
+
+Example:
+
+```yaml
+restrictions:
+  maxLabelsPerCR: 20
+```
+
+### restrictions.maxTaintsPerCR
+
+The `maxTaintsPerCR` option specifies the maximum number of taints that can
+be generated by a single CustomResource.
+
+Default: no limit
+
+Example:
+
+```yaml
+restrictions:
+  maxTaintsPerCR: 10
+```
+
+### restrictions.maxExtendedResourcesPerCR
+
+The `maxExtendedResourcesPerCR` option specifies the maximum number of extended
+resources that can be generated by a single CustomResource.
+
+Default: no limit
+
+Example:
+
+```yaml
+restrictions:
+  maxExtendedResourcesPerCR: 15
+```
+
+### restrictions.maxExtendedResourcesPerCR
+
+The `maxExtendedResourcesPerCR` option specifies the maximum number of extended
+resources that can be generated by a single CustomResource.
+
+Default: no limit
+
+Example:
+
+```yaml
+restrictions:
+  maxExtendedResourcesPerCR: 15
+```
+
+### restrictions.overwriteLabels
+
+The `overwriteLabels` option specifies whether to overwrite existing
+labels, if there's an overlap, or not.
+
+Default: true
+
+Example:
+
+```yaml
+restrictions:
+  overwriteLabels: false
+```
+
+### restrictions.denyNodeFeatureLabels
+
+The `denyNodeFeatureLabels` option specifies whether to deny labels from NodeFeature
+objects or not.
+
+Default: false
+
+Example:
+
+```yaml
+restrictions:
+  denyNodeFeatureLabels: true
+```

examples/nodefeature.yaml

@@ -4,7 +4,7 @@ apiVersion: nfd.k8s-sigs.io/v1alpha1
 kind: NodeFeature
 metadata:
   labels:
-    nfd.node.kubernetes.io/node-name: example-node
+    nfd.node.kubernetes.io/node-name: nfd-control-plane
   name: example-node
   namespace: node-feature-discovery
 spec:

nfd-master.conf

@@ -0,0 +1,35 @@
+noPublish: false
+autoDefaultNs: true
+extraLabelNs: ["added.ns.io","added.kubernets.io"]
+denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
+resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
+enableTaints: false
+labelWhiteList: ""
+resyncPeriod: "2h"
+restrictions:
+  allowedNamespaces:
+    matchLabels:
+      kubernetes.io/metadata.name: "node-feature-discovery"
+    matchExpressions:
+      - key: "kubernetes.io/metadata.name"
+        operator: "In"
+        values:
+          - "node-feature-discovery"
+klog:
+    addDirHeader: false
+    alsologtostderr: false
+    logBacktraceAt:
+    logtostderr: true
+    skipHeaders: false
+    stderrthreshold: 2
+    v: 0
+    vmodule:
+    logDir:
+    logFile:
+    logFileMaxSize: 1800
+    skipLogHeaders: false
+leaderElection:
+    leaseDuration: 15s
+    renewDeadline: 10s
+    retryPeriod: 2s
+nfdApiParallelism: 10