[WIP] feat: configure CR restrictions

[AhmedGrati]

POC of #1380
Things TBD:

• unit and e2e tests
• Docs

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[netlify]

✅ Deploy Preview for kubernetes-sigs-nfd ready!

Name	Link
🔨 Latest commit	5f7569f
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-nfd/deploys/65b8280b96084400082a4e22
😎 Deploy Preview	https://deploy-preview-1540--kubernetes-sigs-nfd.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[marquiz]

Thanks @AhmedGrati for working on this. Will look at it later
/assign

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: AhmedGrati
Once this PR has been reviewed and has the lgtm label, please ask for approval from marquiz. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Attention: 26 lines in your changes are missing coverage. Please review.

Comparison is base (5c99ae8) 31.15% compared to head (5f7569f) 31.21%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1540      +/-   ##
==========================================
+ Coverage   31.15%   31.21%   +0.05%     
==========================================
  Files          62       62              
  Lines        7774     7798      +24     
==========================================
+ Hits         2422     2434      +12     
- Misses       5108     5114       +6     
- Partials      244      250       +6     

Files	Coverage Δ
pkg/nfd-master/nfd-api-controller.go	12.50% <18.75%> (+2.03%)	⬆️
pkg/nfd-master/nfd-master.go	45.89% <45.83%> (+0.26%)	⬆️

[marquiz]

Thanks you @AhmedGrati for working on this feature. Some comments below

[marquiz]

I think we could have these as config file options only, if you want to keep things simple. E.g. the leader election parameters are config-file-only so this is asymmetric, already. WDYT?

[marquiz]

Hmm, looking at this now I think we could do better (more k8s-like). Could we use metav1.LabelSelector directly. It would make it very flexible to pick up the namespaces to watch. The name of the config option would be something like nodeFeatureNamespaceSelector. WDYT?

[AhmedThresh]

If I got this correctly, users would need to pass a map (instead of an array) to specify selectors, right?

[marquiz]

Or even use the metav1.LabelSelector type directly?

[AhmedThresh]

@marquiz I think we can close this.

[TessaIO]

ping @marquiz, can we close this?

[marquiz]

Superseded by #1592
/close

[k8s-ci-robot]

@marquiz: Closed this PR.

In response to this:

Superseded by #1592
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.