Deprecate gRPC API

cmd/nfd-master/main.go

@@ -72,6 +72,18 @@
 			args.Overrides.ResyncPeriod = overrides.ResyncPeriod
 		case "nfd-api-parallelism":
 			args.Overrides.NfdApiParallelism = overrides.NfdApiParallelism
+		case "enable-nodefeature-api":
+			klog.InfoS("-enable-nodefeature-api is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "ca-file":
+			klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "cert-file":
+			klog.InfoS("-cert-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "key-file":
+			klog.InfoS("-key-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "port":
+			klog.InfoS("-port is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "verify-node-name":
+			klog.InfoS("-verify-node-name is deprecated, will be removed in a future release along with the deprecated gRPC API")
 		}
 	})
 
@@ -105,32 +117,38 @@
 	args := &master.Args{}
 
 	flagset.StringVar(&args.CaFile, "ca-file", "",
-		"Root certificate for verifying connections")
+		"Root certificate for verifying connections."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.CertFile, "cert-file", "",
-		"Certificate used for authenticating connections")
+		"Certificate used for authenticating connections."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.Instance, "instance", "",
 		"Instance name. Used to separate annotation namespaces for multiple parallel deployments.")
 	flagset.StringVar(&args.KeyFile, "key-file", "",
-		"Private key matching -cert-file")
+		"Private key matching -cert-file."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.ConfigFile, "config", "/etc/kubernetes/node-feature-discovery/nfd-master.conf",
 		"Config file to use.")
 	flagset.StringVar(&args.Kubeconfig, "kubeconfig", "",
 		"Kubeconfig to use")
 	flagset.BoolVar(&args.EnableNodeFeatureApi, "enable-nodefeature-api", true,
-		"Enable the NodeFeature CRD API for receiving node features. This will automatically disable the gRPC communication.")
+		"Enable the NodeFeature CRD API for receiving node features. This will automatically disable the gRPC communication."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.BoolVar(&args.CrdController, "featurerules-controller", true,
 		"Enable NFD CRD API controller. DEPRECATED: use -crd-controller instead")
 	flagset.BoolVar(&args.CrdController, "crd-controller", true,
 		"Enable NFD CRD API controller for processing NodeFeature and NodeFeatureRule objects.")
 	flagset.IntVar(&args.Port, "port", 8080,
-		"Port on which to listen for connections.")
+		"Port on which to listen for gRPC connections."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.IntVar(&args.MetricsPort, "metrics", 8081,
 		"Port on which to expose metrics.")
 	flagset.BoolVar(&args.Prune, "prune", false,
 		"Prune all NFD related attributes from all nodes of the cluster and exit.")
 	flagset.BoolVar(&args.VerifyNodeName, "verify-node-name", false,
 		"Verify worker node name against the worker's TLS certificate. "+
-			"Only takes effect when TLS authentication has been enabled.")
+			"Only takes effect when TLS authentication has been enabled."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.Options, "options", "",
 		"Specify config options from command line. Config options are specified "+
 			"in the same format as in the config file (i.e. json or yaml). These options")

cmd/nfd-worker/main.go

@@ -51,6 +51,24 @@
 		klog.InfoS("version not set! Set -ldflags \"-X sigs.k8s.io/node-feature-discovery/pkg/version.version=`git describe --tags --dirty --always`\" during build or run.")
 	}
 
+	// Check deprecated flags
+	flags.Visit(func(f *flag.Flag) {
+		switch f.Name {
+		case "enable-nodefeature-api":
+			klog.InfoS("-enable-nodefeature-api is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "ca-file":
+			klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "cert-file":
+			klog.InfoS("-cert-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "key-file":
+			klog.InfoS("-key-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "server":
+			klog.InfoS("-server is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		case "server-name-override":
+			klog.InfoS("-server-name-override is deprecated, will be removed in a future release along with the deprecated gRPC API")
+		}
+	})
+
 	// Plug klog into grpc logging infrastructure
 	utils.ConfigureGrpcKlog()
 
@@ -96,15 +114,19 @@
 	args := &worker.Args{}
 
 	flagset.StringVar(&args.CaFile, "ca-file", "",
-		"Root certificate for verifying connections")
+		"Root certificate for verifying connections."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.CertFile, "cert-file", "",
-		"Certificate used for authenticating connections")
+		"Certificate used for authenticating connections."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.ConfigFile, "config", "/etc/kubernetes/node-feature-discovery/nfd-worker.conf",
 		"Config file to use.")
 	flagset.StringVar(&args.KeyFile, "key-file", "",
-		"Private key matching -cert-file")
+		"Private key matching -cert-file."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.BoolVar(&args.EnableNodeFeatureApi, "enable-nodefeature-api", true,
-		"Enable the NodeFeature CRD API for communicating with nfd-master. This will automatically disable the gRPC communication.")
+		"Enable the NodeFeature CRD API for communicating with nfd-master. This will automatically disable the gRPC communication."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.Kubeconfig, "kubeconfig", "",
 		"Kubeconfig to use")
 	flagset.BoolVar(&args.Oneshot, "oneshot", false,
@@ -115,9 +137,11 @@
 		"Specify config options from command line. Config options are specified "+
 			"in the same format as in the config file (i.e. json or yaml). These options")
 	flagset.StringVar(&args.Server, "server", "localhost:8080",
-		"NFD server address to connecto to.")
+		"NFD server address to connecto to."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 	flagset.StringVar(&args.ServerNameOverride, "server-name-override", "",
-		"Hostname expected from server certificate, useful in testing")
+		"Hostname expected from server certificate, useful in testing."+
+			" DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
 
 	initKlogFlags(flagset, args)
 

docs/deployment/helm.md

@@ -99,9 +99,9 @@ We have introduced the following Chart parameters.
 | `imagePullSecrets` | list | [] | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. [More info](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod) |
 | `nameOverride` | string |  | Override the name of the chart |
 | `fullnameOverride` | string |  | Override a default fully qualified app name |
-| `tls.enable` | bool | false | Specifies whether to use TLS for communications between components |
-| `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates |
-| `enableNodeFeatureApi` | bool  | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication.
+| `tls.enable` | bool | false | Specifies whether to use TLS for communications between components. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release  |
+| `tls.certManager` | bool | false | If enabled, requires [cert-manager](https://cert-manager.io/docs/) to be installed and will automatically create the required TLS certificates. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
+| `enableNodeFeatureApi` | bool  | true | Enable the [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for communicating node features. This will automatically disable the gRPC communication. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release    |
 | `prometheus.enable` | bool | false | Specifies whether to expose metrics using prometheus operator |
 | `prometheus.labels` | dict | {} | Specifies labels for use with the prometheus operator to control how it is selected |
 
@@ -114,7 +114,7 @@ API's you need to install the prometheus operator in your cluster.
 | Name                        | Type    | Default                                 | description                                                                                                                              |
 |-----------------------------|---------|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
 | `master.*`                  | dict    |                                         | NFD master deployment configuration                                                                                                      |
-| `master.port`               | integer |                                         | Specifies the TCP port that nfd-master listens for incoming requests.                                                      |
+| `master.port`               | integer |                                         | Specifies the TCP port that nfd-master listens for incoming requests. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release    |
 | `master.metricsPort`        | integer |   8081                                  | Port on which to expose metrics from components to prometheus operator |
 | `master.instance`           | string  |                                         | Instance name. Used to separate annotation namespaces for multiple parallel deployments                                                  |
 | `master.resyncPeriod`       | string  |                                         | NFD API controller resync period.                                                  |
@@ -130,8 +130,8 @@ API's you need to install the prometheus operator in your cluster.
 | `master.serviceAccount.annotations` | dict | {}                                 | Annotations to add to the service account
 | `master.serviceAccount.name` | string |                                         | The name of the service account to use. If not set and create is true, a name is generated using the fullname template
 | `master.rbac.create`        | bool    | true                                    | Specifies whether to create [RBAC][rbac] configuration for nfd-master
-| `master.service.type`       | string  | ClusterIP                               | NFD master service type                                                                                                                  |
-| `master.service.port`       | integer | 8080                                    | NFD master service port                                                                                                                  |
+| `master.service.type`       | string  | ClusterIP                               | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release    |
+| `master.service.port`       | integer | 8080                                    | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release |
 | `master.resources`          | dict    | {}                                      | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)                    |
 | `master.nodeSelector`       | dict    | {}                                      | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)                    |
 | `master.tolerations`        | dict    | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)                              |

docs/deployment/tls.md

@@ -15,9 +15,10 @@ sort: 5
 
 ---
 
-> ***NOTE*** this section only applies when the gRPC API is used, i.e. when the
-> NodeFeature API is disabled via the `-enable-nodefeature-api=false` flag on
-> both nfd-master and nfd-worker.
+> **DEPRECATED**: this section only applies when the gRPC API is used, i.e.
+> when the NodeFeature API is disabled via the `-enable-nodefeature-api=false`
+> flag on both nfd-master and nfd-worker. The gRPC API is deprecated and will
+> be removed in a future release.
 
 NFD supports mutual TLS authentication between the nfd-master and nfd-worker
 instances.  That is, nfd-worker and nfd-master both verify that the other end

docs/developer-guide/index.md

@@ -166,6 +166,11 @@ make e2e-test KUBECONFIG=$HOME/.kube/config
 
 ## Running locally
 
+> ****DEPRECATED**: Running NFD locally is deprecated and will be removed in a
+> future release. It depends on the gRPC API which is deprecated and will be
+> removed in a future release. To run NFD locally, use the
+> `-enable-nodefeature-api=false` flag.
+
 You can run NFD locally, either directly on your host OS or in containers for
 testing and development purposes. This may be useful e.g. for checking
 features-detection.
@@ -174,22 +179,23 @@ features-detection.
 
 When running as a standalone container labeling is expected to fail because
 Kubernetes API is not available. Thus, it is recommended to use `-no-publish`
-command line flag. E.g.
+Also specify `-crd-controller=false` and `-enable-nodefeature-api=false`
+command line flags to disable CRD controller and enable gRPC. E.g.
 
 ```bash
 $ export NFD_CONTAINER_IMAGE={{ site.container_image }}
-$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master -no-publish
+$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master -no-publish -crd-controller=false -enable-nodefeature-api=false
 2019/02/01 14:48:21 Node Feature Discovery Master <NFD_VERSION>
 2019/02/01 14:48:21 gRPC server serving on port: 8080
 ```
 
 ### NFD-Worker
 
-In order to run nfd-worker as a "stand-alone" container against your
-standalone nfd-master you need to run them in the same network namespace:
+In order to run nfd-worker as a "stand-alone" container
+you need to run it in the same network namespace as the nfd-master container:
 
 ```bash
-$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker
+$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker -enable-nodefeature-api=false
 2019/02/01 14:48:56 Node Feature Discovery Worker <NFD_VERSION>
 ...
 ```
@@ -206,11 +212,12 @@ pass the `-no-publish` flag to nfd-worker.
 
 ### NFD-Topology-Updater
 
-In order to run nfd-topology-updater as a "stand-alone" container against your
-standalone nfd-master you need to run them in the same network namespace:
+In order to run nfd-topology-updater as a "stand-alone" container
+you need to run it in with the `-no-publish` flag to disable communication to
+the Kubernetes apiserver.
 
 ```bash
-$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-topology-updater
+$ docker run --rm ${NFD_CONTAINER_IMAGE} nfd-topology-updater -no-publish
 2019/02/01 14:48:56 Node Feature Discovery Topology Updater <NFD_VERSION>
 ...
 ```

docs/reference/master-commandline-reference.md

@@ -80,6 +80,9 @@ nfd-master -instance=network
 
 ### -ca-file
 
+> **NOTE** the gRPC API is deprecated and will be removed in a future release.
+> and this flag will be removed as well.
+
 The `-ca-file` is one of the three flags (together with `-cert-file` and
 `-key-file`) controlling master-worker mutual TLS authentication on the
 nfd-master side. This flag specifies the TLS root certificate that is used for
@@ -98,6 +101,9 @@ nfd-master -ca-file=/opt/nfd/ca.crt -cert-file=/opt/nfd/master.crt -key-file=/op
 
 ### -cert-file
 
+> **NOTE** the gRPC API is deprecated and will be removed in a future release.
+> and this flag will be removed as well.
+
 The `-cert-file` is one of the three flags (together with `-ca-file` and
 `-key-file`) controlling master-worker mutual TLS authentication on the
 nfd-master side. This flag specifies the TLS certificate presented for
@@ -115,6 +121,9 @@ nfd-master -cert-file=/opt/nfd/master.crt -key-file=/opt/nfd/master.key -ca-file
 
 ### -key-file
 
+> **NOTE** the gRPC API is deprecated and will be removed in a future release.
+> and this flag will be removed as well.
+
 The `-key-file` is one of the three flags (together with `-ca-file` and
 `-cert-file`) controlling master-worker mutual TLS authentication on the
 nfd-master side. This flag specifies the private key corresponding the given
@@ -133,6 +142,9 @@ nfd-master -key-file=/opt/nfd/master.key -cert-file=/opt/nfd/master.crt -ca-file
 
 ### -verify-node-name
 
+> **NOTE** the gRPC API is deprecated and will be removed in a future release.
+> and this flag will be removed as well.
+
 The `-verify-node-name` flag controls the NodeName based authorization of
 incoming requests and only has effect when mTLS authentication has been enabled
 (with `-ca-file`, `-cert-file` and `-key-file`). If enabled, the worker node
@@ -153,6 +165,9 @@ nfd-master -verify-node-name -ca-file=/opt/nfd/ca.crt \
 
 ### -enable-nodefeature-api
 
+> **NOTE** the gRPC API is deprecated and will be removed in a future release.
+> and this flag will be removed as well.
+
 The `-enable-nodefeature-api` flag enables/disables the
 [NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for receiving
 feature requests. This will also automatically disable/enable the gRPC