v0.15.2

Changelog

This release fixes a bug in hooks and updates dependencies.

• go.mod: bump github.com/opencontainers/runc to v1.1.12 by @marquiz in #1577
• fix hook issue by @k8s-infra-cherrypick-robot in #1607

Full Changelog: v0.15.1...v0.15.2

v0.15.1

What's Changed

This patch release adds detection of speed attribute of virtual network interfaces.

List of PRs

• makefile: fix build: target (#1529)
• source/network: discover speed of virtual network interfaces (#1538)

Full Changelog: v0.15.0...v0.15.1

v0.15.0

What's new

NodeFeatureRule API extended

Annotations

NFD now supports creating node annotations with the NodeFeatureRuless. See the documentation for details.

matchName

New matchName field was added to the NodeFeatureRule CRD. It can be used to match the names of features (instead of their values which is done with the matchExpressions field). See
documentation for details.

Feature files

Hidden feature files: feature files whose name start with a dot (.) are now ignored by nfd-worker. This makes it easier to update the feature files by creating a temporary file in the same directory. (#1353)

Skip labels or features: Feature files support # +no-label and # +no-feature directives to skip label and feature generation, respectively. See the documentation for details and examples.

Container image based on scratch

NFD switched to use scratch as the base container image and to build fully statically linked binaries. Switching to the virtually empty base image means that the default container image only supports running hooks that are also fully statically linked. For example, many go binaries that are "almost" statically linked don't work. The full image variant can be used for richer hook support. NOTE: hooks are deprecated and support for them will be removed in a future release.

Base image of the full image variant was updated to Debian Bookworm.

Discover virtual network interfaces

NFD now discovers virtual network interfaces as features that can be used in NodeFeatureRules. (#1448)

Kubectl plugin

Starting as a developer preview, we are introducing a kubectl-nfd plugin to perform 3 operations against NodeFeatureRule files. (#1446)

• test: Check a NodeFeatureRule file against a node to ensure it is valid before applying it to a cluster.
• dryrun: Check a NodeFeatureRule file against a local NodeFeature file, allowing an offline testing of the rule to be before applying it to a cluster.
• validate: Check if the NodeFeatureRule file will valid and can be used against NodeFeatures.

See the documentation for more information.

Deprecations

Automatic prefixing of names deprecated

Automatic prefixing of names (of labels, annotations or extended resources) is deprecated. Unprefixed names should not be used in NodeFeatureRules, feature files, hooks or custom rules. The default feature.node.kubernetes.io/ prefix should be added to unprefixed names.

The nfd-master has new autoDefaultNs configuration file option (defaults to true in v0.15) to stop automatically adding the feature.node.kubernetes.io/ prefix to node labels, annotations and extended resources. If set to false, unprefixed names will be denied. (#1461)

NOTE: The autoDefaultNs option default will be changed to false in a future NFD release. This will be a breaking change for users who rely on automatic prefixing of unprefixed names. Setting the autoDefaultNs option to false with NFD v0.15 can be used to test that all NodeFeatureRules, feature files, hooks and custom rules (configuration of the "custom" feature source of nfd-worker) work correctly when the default will be switched to false.

Deprecated security labels dropped

Deprecated feature.node.kubernetes.io/cpu-sgx.enabled and feature.node.kubernetes.io/cpu-se.enabled labels were dropped. They are replaced by feature.node.kubernetes.io/cpu-security.sgx.enabled and feature.node.kubernetes.io/cpu-security.se.enabled. (#1350)

Legacy "matchOn" custom rule format dropped

Support for the legacy "matchOn" rule format of the custom source of nfd-worker was removed (deprecated since v0.10.0). (#1397)

Miscellaneous

CPU features

Detection of Intel APX and AVX10 as new CPUID features.

New cpu.topology feature socket_count.

Liveness probe

gRPC health probe utility replaced with Kubernetes' built-in gRPC liveness probe. This means that the Kubernetes v1.23 or later is required by the default deployments. (#1046)

Annotations

The nfd-master doesn't create NFD version node annotations anymore. (#1394)

Metrics

Metrics for nfd-gc were added. (#1407)

Example grafana dashboard to display NFD metrics was added. (#1413)

Helm chart

Various fixes and improvments in the Helm chart, for example ability to disable/enable nfd-master and nfd-worker.

NodeFeature API

The nfd-worker now sets owner reference in NodeFeature objects it creates, so orphaned NodeFeatures are automatically garbage-collected when the nfd-worker pod goes away. (#1491)

List of PRs

• chore: introduce a commong klog handling for cmd/nfd-* (#1341)
• cpu: drop the deprecated sgx and se labels (#1350)
• source/local: simplify feature file size checking (#1351)
• scripts/update-gh-pages: sync OWNERS from master to gh-pages (#1355)
• github: prevent parallel runs of gh-pages update (#1358)
• github: separate workflow for helm repo index update (#1359)
• feat: ignore hidden feature files (#1353)
• deployment/helm: fix namespace of nfd-worker role and rolebinding (#1364)
• github: add a separate issue template for patch releases (#1368)
• deployment/helm: fix handling of enableNodeFeatureApi parameter (#1365)
• Build statically linked binaries (#1373)
• Replace gRPC health probe utility with k8s built-in health probe (#1046)
• README: update to v0.14.1 (#1377)
• nfd-master: fix filtering of extended resources (#1378)
• apis/nfd: drop one stale comment line (#1382)
• Helm - Move remaining gPRC related flags to conditional (#1387)
• Helm - service to be only deployed when needed (#1389)
• feat: support raw features (#1386)
• Fix serviceaccount handling for nfd-gc to be consistent with others (#1392)
• nfd-master: correctly clean up annotations (#1393)
• Bump to Go 1.21 (#1390)
• nfd-master: stop creating NFD version annotations (#1394)
• Refactor metrics (#1398)
• nfd-gc: simplify initialization (#1399)
• go.mod: bump kubernetes to v1.28.2 (#1402)
• docs: clarify nfd_node_update_requests_total metric (#1406)
• docs: document nfd_topology_updater_build_info metric (#1400)
• nfd-gc: add metrics (#1407)
• Update Readme to V0.14.2 (#1411)
• feat: add parameters in helm to disable/enable nfd-master and nfd-worker (#1415)
• build(deps): bump golang.org/x/net from 0.13.0 to 0.17.0 (#1416)
• examples: add example grafana dashboard (#1413)
• source/custom: drop support for the legacy rule format (#1397)
• test/e2e: fix source/custom nodename test (#1421)
• Fix pkg name for test/utils/deployment (#1418)
• nfd-master: fix retry of node updates (#1425)
• go.mod: update deps (#1422)
• test/e2e: stricter validation of node annotations (#1426)
• Update readme to v0.14.3 (#1435)
• scripts/test-infra: bump mdlint to v0.13.0 (#1437)
• scripts/test-infra: bump golangci-lint to v1.55.1 (#1438)
• Make mdlint v0.13 happy (#1439)
• Discover node features as annotations (#1417)
• docs: edits to customization guide (#1436)
• test/e2e: fix log messages (#1441)
• test/e2e: improved test logging (#1442)
• test/e2e: fix broken feature-annotations test (#1440)
• test/e2e: cleanup feature annotations (#1443)
• go.mod: update deps (#1445)
• docs: fix documentation on SEV security features (#1447)
• docs: use correct storage.block name for block device feature (#1449)
• source/network: refactor readIfaceInfo (#1452)
• go.mod: Update cpuid to its v2.2.6 release (#1453)
• docs: stop advertising --resource-labels flag (#1454)
• go.mod: update deps (#1457)
• go.mod: update deps (#1463)
• go.mod: bump kubernetes to v1.28.4 (#1465)
• apis/nfd: fix incorrect comments of matching functions (#1467)
• apis/nfd: fix logging of rule expression processing (#1458)
• test/e2e: increase timeout for waiting node status (#1460)
• docs: fix small typo in customization guide (#1469)
• nfd-master: drop stale variables (#1470)
• nfd-master: predictable handling of unprefixed names (#1471)
• apis/nfd: fix multiple matcher terms targeting the same feature (#1468)
• Option to stop implicitly adding default prefix to names (#1461)
• Reproducible output from expression matching (#1473)
• Use T.Run in expression unit tests (#1474)
• nfd-worker: fix typo in log message (#1472)
• docs: correct description of no-publish for topology-updater (#1475)
• docs/tls: update cert-manager deployment instructions (#1476)
• generate: update kube code-gen to v1.28.4 (#1478)
• apis/nfd: validate input when matching expression (#1480)
• docs: styling (#1484)
• Change the base image of full image variant to Debian Bookworm (#1486)
• docs: remove outdated instructions for minimal image (#1485)
• feat: discover virtual network interface (#1448)
• deployment/kustomize: drop default-combined overlay (#1492)
• dockerignore: cleanup (#1493)
• deployment/kustomize: drop nfd-master service (#1494)
• nfd-worker: set owner reference in NodeFeature obj...

v0.14.4

This patch release updates dependencies.

v0.14.3

This patch release fixes a bug in node update retries and updates dependencies.

List of PRs

• nfd-master: fix retry of node updates (#1427)
• Update deps (#1428)

v0.13.6

This patch release updates dependencies.

List of PRs

• go.mod: bump kubernetes to v1.28.2 (#1405)
• Update deps (#1429)

v0.14.2

Changelog

This patch release contains fixes to the Helm chart in addition to dependency updates.

List of PRs

#1379
#1403
#1404
#1409
#1410

v0.14.1

Changelog

This patch release contains fixes to the Helm chart in addition to dependency updates.

List of PRs

• go.mod: bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#1346)
• github: separate workflow for helm repo index update (#1361)
• deployment/helm: fix namespace of nfd-worker role and rolebinding (#1370)
• deployment/helm: fix handling of enableNodeFeatureApi parameter (#1371)

v0.13.5

Changelog

This patch release contains fixes to the Helm chart in addition to dependency updates.

List of PRs

• Makefile: increase golangci-lint timeout to 10min (#1348)
• go.mod: bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#1347)
• github: separate workflow for helm repo index update (#1362)
• deployment/helm: fix namespace of nfd-worker role and rolebinding (#1369)

v0.14.0

What's new

NodeFeature API

The NodeFeature API is now enabled by default. The new CRD-based API replaces the previous gRPC-based communication between nfd-master and nfd-worker and, reducing network traffic and allows changes in NodeFeatureRules to take effect immediately (independent of the sleep-interval of nfd-worker). NodeFeature API can also be used to implement 3rd party extensions, see customization guide for more details.

Garbage collection of stale NodeFeature objects was added in the form of nfd-gc daemon.

The gRPC API is now deprecated and will be removed in a future release. The related command-line flags are also deprecated (and don't have any effect when NodeFeature API is in use):

• nfd-master: -ca-file, -cert-file, -key-file, -port, -verify-node-name
• nfd-worker: -ca-file, -cert-file, -key-file, -server, -server-name-override

Metrics

NFD now provides Prometheus metrics for better observability. Also, the Helm and kustomize deployments support enabling metrics collection with the Prometheus operator. See the documentation for more information about the available metrics and deployment instructions.

Hooks disabled by default

The deprecation of nfd-worker hooks continues, disabling them by default in v0.14. Potential users of hooks are encouraged to switch to use the NFD CRDs (NodeFeature and
NodeFeatureRule) or feature files. Hooks can still be enabled with the sources.local.hooksEnabled
configuration option.

Feature files

Expiry time: NFD now supports specifying an expiry time for the features specified in a feature file, providing better lifecycle management for the feature labels. See the documentation for more details.

Size limit: There is now a 64kB size limit for feature files.

Miscellaneous

NodeFeatureRule API

Dynamic values for labels is now supported by using the @ notation, see documentation for more details.

NFD-Master

• support for leader election was added, enabling high-availability deployments with multiple-replicas of nfd-master (with the NodeFeature API enabled)
• dynamically configurable logging parameters via the config file
• configurable resync period for the CRD controller
• parallelized node updates, speeding up simultaneous updates of large number of nodes (e.g. update in NodeFeatureRules in a big cluster), can be controlled with the -nfd-api-parallelism flag

CPU features

Detection of Intel TDX guests is now supported.

Logging

The project was migrated structured logging, making log messages more consistent, better machine parseable and enables future improvements in logging.

Support policy

The project now officially documented it's supported versions and deprecation policy, see the documentation for details.

List of PRs

• test/e2e: use proper context (#1154)
• deps: Update kubernetes to v1.27.1 (#1155)
• generate: update k8s code-generator to v0.27.1 (#1156)
• generate: update protoc to v22.3 (#1157)
• generate: update controller-gen to v0.11.3 (#1158)
• generate: update mockery to v2.25.1 (#1159)
• nfd-master: support noPublish with -prune (#1161)
• nfd-master: fix -prune (#1160)
• nfd-master: don't create emtpy annotations (#1166)
• nfd-master: fix a crash when processing NodeFeatureRules (#1173)
• pkg/nfd-master/nfd-master.go: Fix typo (#1171)
• nfd-master: reject malformed extended resource dynamic capacity assignment (#1169)
• go.mod: update deps (#1178)
• OWNERS: add ArangoGutierrez as an approver (#1180)
• feat: add master resync period configurability (#1139)
• nfd-topology-updater: fix wrong kubelet_internal_checkpoint path and compare basename to full path (#1167)
• docs: add missing .md suffix to internal references (#1189)
• nfd-master: log node name when processing NodeFeatureRules (#1191)
• scripts/test-infra: provide PR info to codecov (#1194)
• Match usage and example for prepare-release.sh (#1196)
• apis/nfd: add unit tests for Feature type (#1190)
• Update README to v0.13.1 (#1197)
• scripts/test-infra: provide PR base SHA to codecov (#1199)
• codecov: drop required minimum coverage ratio of a commit to 0% (#1200)
• codecov: drop required minimum coverage ratio at patch level (#1201)
• nfd-master: refactor api-controller object handling (#1198)
• nfd-master: refactor filtering of labels, taints and ERs (#1202)
• helm: fix mount for nfd-master config (#1204)
• nfd-master: fix resync period config option (#1185)
• deployment/helm: fix default for kubeletStateDir parameter (#1207)
• deployment/kustomize: drop pod-resources mount for topology-updater (#1208)
• test/e2e: refactor matching of node properties (#1184)
• deployment/helm: avoid overlapping mount paths on topology-updater (#1212)
• deployment/helm: user dedicated serviceaccount for topology-updater (#1213)
• deployment/helm: improve handling of topologyUpdater.kubeletStateFiles (#1211)
• topology-updater: use node IP in the default configz URI (#1218)
• e2e: delete CRs only if found (#1221)
• Add leader election for nfd-master (#1219)
• Fixed typo in Header under deployment/kustomize.md (#1222)
• nfd-master: use close for stop channel (#1227)
• scripts/test-infra: bump golangci-lint to v1.52.2 (#1230)
• nfd-master: add validation of label names and values (#1228)
• Migrate to structured logging (#1223)
• scripts/test-infra: add logcheck to verify script (#1235)
• Update README to v0.13.2 (#1238)
• github: update new-release issue template (#1239)
• feat: support dynamic values for labels in the NodeFeatureRule (#1226)
• feat: parallelize nodes update (#1133)
• cpu: Discover TDX guests based on cpuid information (#1240)
• deployment/kustomize: use a named port for nfd gRPC service (#1243)
• Fix missing apostrophe for jq (#1245)
• Fix a typo on nfd-master cmd (#1244)
• Removal of the bases field as it is deprecated by kustomize (#1246)
• Docs: Fix typo on customization-guide (#1247)
• hooks: disable hooks by default from v0.14 (#1182)
• Remove pkg's imported twice (#1248)
• fix typo in helm chart (#1253)
• Stop ticker in time to avoid memory leak (#1255)
• nfd-master: check for nil references in nfdAPIUpdateAllNodes (#1258)
• cpu: Take cgroupsv1 into account when reading misc.capacity (#1265)
• go.mod: update kubernetes to v1.27.4 (#1268)
• github: update assignees in new-release issue template (#1274)
• Enable metrics via prometheus operator (#1242)
• README: update to v0.13.3 (#1276)
• docs: document version and deprecation policy (#1279)
• docs: fix toc of topology-updater and topology-gc reference (#1278)
• docs: remove useless TOCs (#1280)
• Add optional labels to the podmonitor (#1282)
• docs: describe supported Kubernetes versions (#1277)
• docs: deprecation policy for Helm chart params (#1283)
• Fix Topology Manager policy and scope not being updated after NRT creation (#1256)
• generate: bump tools to their latest versions (#1284)
• Improve metrics (#1288)
• docs: align metrics documentation with latest changes on naming (#1289)
• docs: unify formatting of NOTEs (#1292)
• source/local: trim whitespace from input (#1293)
• source/local: support comments in input (#1294)
• nfd-master: use term node update instead of labeling (#1291)
• docs: document -metrics flag in command line reference (#1296)
• fix empty hugepages in some numa nodes caused no such file or directory errors (#1287)
• scripts/test-infra: update logcheck tool to v0.6.0 (#1299)
• scripts/test-infra: bump golangci-lint to v1.54.0 (#1300)
• Update kubernetes to v1.28.0 (#1302)
• docs: update github-pages gem to v228 (#1303)
• topology-gc: fix Stop (#1306)
• topology-gc: rename run() (#1309)
• topology-gc: rename runGC to garbageCollect() (#1310)
• nfd-topology-updater: add metrics support (#1295)
• topology-gc: refactor unit tests (#1307)
• topology-gc: move initial GC out of startNodeInformer() (#1308)
• topology-gc: simplify listing of node objects (#1311)
• metrics: additional metrics for nfd-master (#1290)
• Garbage collection of NodeFeature objects (#1305)
• topology-updater: make -version always runnable (#1297)
• go.mod: update kubernetes to v1.28.1 (#1315)
• Makefile: increase golangci-lint timeout to 10min (#1320)
• docs: use ruby docker image for building docs (#1319)
• README: update to v0.13.4 (#1324)
• test: add node updater pool unit tests (#1252)
• docs: nfd-updater: clarify accounting (#1321)
• nfd-updater: events: enable timer-only flow (#1325)
• docs...