v0.13.2

This patch release adds validation for feature label names and values, updates dependencies and contains fixes to the Helm chart.

List of PRs

• helm: fix mount for nfd-master config (#1205)
• deployment/kustomize: drop pod-resources mount for topology-updater (#1210)
• deployment/helm: fix default for kubeletStateDir parameter (#1209)
• deployment/helm: improve handling of topologyUpdater.kubeletStateFiles (#1217)
• deployment/helm: avoid overlapping mount paths on topology-updater (#1214)
• deployment/helm: user dedicated serviceaccount for topology-updater (#1215)
• go.mod: bump kubernetes to v1.26.5 (#1224)
• nfd-master: add validation of label names and values (#1233)

v0.12.4

This patch release contains bug fixes to nfd-master, adds validation for feature labels, updates dependencies and fixes an issue with the Helm chart.

List of PRs

• nfd-master: support noPublish with -prune (#1164)
• nfd-master: fix a crash when processing NodeFeatureRules (#1176)
• deployment/helm: user dedicated serviceaccount for topology-updater (#1216)
• go.mod: bump kubernetes to v1.26.5 (#1225)
• nfd-master: add validation of label names and values (#1234)

v0.13.1

Changelog

This patch release contains bug fixes to nfd-master and infd-topology-updater.

List of PRs

• nfd-master: support noPublish with -prune by @k8s-infra-cherrypick-robot in #1163
• pkg/nfd-master/nfd-master.go: Fix typo by @k8s-infra-cherrypick-robot in #1177
• nfd-master: fix -prune by @k8s-infra-cherrypick-robot in #1165
• nfd-master: reject malformed extended resource dynamic capacity assignment by @k8s-infra-cherrypick-robot in #1179
• nfd-master: fix a crash when processing NodeFeatureRules by @k8s-infra-cherrypick-robot in #1174
• nfd-topology-updater: fix wrong kubelet_internal_checkpoint path and compare basename to full path by @k8s-infra-cherrypick-robot in #1183

Full Changelog: v0.13.0...v0.13.1

v0.13.0

Changelog

Default image based on distroless

The default container image is now based on distroless/base. This was formerly shipped as the "minimal" image, and "v0.13.0-minimal" image tag is thus provided for backwards compatibility. A new "full" image variant (v0.13.0-full) that corresponds the previous default image is made available.

The practical user impact of this change is that support for hooks is limited to statically linked ELF binaries. Bash or Perl scripts are not supported by the default image anymore, but the new "full" image variant can be used if support for these is needed.

Config file for nfd-master

NFD-Master now supports dynamic run-time configurability through a configuration file, deployed as a ConfigMap similar to the nfd-worker. Many of the command line flags are now available as dynamically changeable config file options. Visit the documentation for more details.

Allow custom label prefixes

The restrictions on allowed label prefixes (or label namespaces) for custom labels are mostly removed. All prefixes are allowed, except for kubernetes.io/ and its sub-namespaces (i.e. *.kubernetes.io/), with the NFD-specific feature.node.kubernetes.io/ and profile.node.kubernetes.io/ (and their sub-namespaces) still being allowed.

Those wanting to have stricter policy on allowed label prefixes can use the new denyLabelNs config file option (or the corresponding -deny-label-ns command line flag) of nfd-master. To preserve the old behavior of rejecting all custom prefixes, denyLabelNs="*" can be used, with extraLabelNs config option available for allowing specific custom prefixes.

Extended resources

NFD now supports creating node extended resources from the NodeFeatureRule custom resources. See the documentation for details. With this the -resource-labels command line flag is now marked as deprecated.

Topology Updater enhancements

A new Topology-Garbage-Collector daemon for deleting obsolete NodeResourceTopology objects was added. This daemon is enabled in default deployments.

Topology-Updater reacts faster to changes in the node, making NodeResourceTopology objects more accurately track the current state of node resource status.

Topology-Updater gained the ability to report "pods fingerprint" as a single value representing the node resources status. See the new -pods-fingerprint command line flag.

Topology-Updater now supports the latest v1alpha2 version of the NodeResourceTopology API.

Miscellaneous

New CPU features:

• X86_64
  • Intel Sierra Forest: AVXIFMA, AVXNECONVERT, AVXVNNIINT8, CMPCCXADD, WRMSRNS and MSRLIST
  • number of Intel TDX keys
  • amount Intel SGX EPC (Encrypted Page Cache) memory
  • AMD SEV, including number of ASIDs (Address Space Identifiers), and number of ES (Encrypted State) IDs
• PPC64
  • IBM Nest Accelerator for GZIP
• RDT: number of L3 CLOSID

Kernel: new kernel.enabledmodule feature that lists both loaded dynamic modules and modules built into the kernel.

Deprecations

The feature.node.kubernetes.io/cpu-rdt.* labels are now marked as deprecated and will be removed in a future release. The RDT features will stay to be available for NodeFeatureRule objects to consume to create custom labels.

The -resource-labels command line flag is now deprecated and will be removed in a future release. NodeFeatureRule objects should be used for managing node extended resources, instead.

List of PRs

• docs: mention NodeFeature as an extension point (#1009)
• docs: fix typo in CRD name (#1011)
• Use single-dash format for nfd cmdline flags (#1013)
• README: update to latest release v0.12.0 (#1014)
• dockerfile: update grpc-health-probe to v0.4.14 (#1015)
• Add common utility function for getting node name (#1018)
• topology-updater: move code (#1019)
• apis/nfd: make all fields in NodeFeatureSpec optional (#1017)
• worker: move code (#1020)
• Bump cpuid to v2.2.3 (#1023)
• Docs: mention tainting in the intro section (#1021)
• test/e2e: more comprehensive test for NodeFeature objects (#1016)
• Add missing TopologyManagerPolicy (#1026)
• Add NRT garbage collector (#1024)
• e2e: append _test suffix to test files (#1029)
• e2e: init docker image (#1028)
• nfd-master: always start gRPC server (#1034)
• docs: fix internal cross-page references by injecting .md (#1030)
• docs: Fix link for Helm docs (#1040)
• cpu: support for detecting nx-gzip coprocessor feature (#956)
• README: update to release v0.12.1 (#1042)
• helm: make master port configurable (#1044)
• test: move out unit testing from Dockerfile (#1047)
• deployment: disable service links in NFD master pod (#1045)
• topology-updater: nrt-api Update to v1alpha2 (#1053)
• Change nfd-worker to use Ticker instead of After. (#1050)
• images: base the default image on distroless/base (#1027)
• Add discovery duration logging (#1055)
• OWNERS: Update Ethyling username to jjacobelli (#1056)
• Advertise TopologyManger policy and scope as Attributes in NRT api v1alpha2 (#1054)
• feat: add deny-label-ns flag which supports wildcard (#1051)
• Fix some typos (#1058)
• scripts/test-infra: bump golangci-lint to v1.51.1 (#1061)
• GO Update version to 1.20 (#1059)
• source/cpu: fix build flags of cpuid detection (#1063)
• go.mod: bump cpuid to v2.2.4 (#1064)
• docs: describe nfd-topology-gc in introduction.md (#1062)
• test/e2e: rename ginkgo focus for tests (#1065)
• topology-updater:compute pod set fingerprint (#1049)
• test/e2e: cleanup NodeFeature objects before/after tests (#1074)
• test/e2e: reduce worker wait-for-ready period to 2s (#1073)
• docs: fix usage customization guide typos (#1066)
• test: add code coverage reporting (#1069)
• helm: fix topology-updater rbac (#1078)
• deployment: fixes for mounting kubelet config (#1080)
• Update worker-configuration-reference.md (#1076)
• scripts/test-infra: bump golangci-lint to v1.51.2 (#1082)
• test: implement e2e test of the deny-label-ns flag (#1070)
• go.mod: update kubernetes to v1.26.2 (#1077)
• pkg/utils: add UnmarshalJSON method to StringSetVal (#1087)
• codegen: fix code-generation (#1083)
• kustomize: trim prune overlay (#1090)
• gitignore: ignore codecov coverage report (#1085)
• topology-updater: reactive updates (#1031)
• chore: add debug dump of nfd worker configuration (#1092)
• feat: add enableTaints to helm chart (#1091)
• cpu: expose AMD SEV support (#1097)
• cpu: Expose the total number of keys for TDX (#1079)
• go.mod: update kubernetes to v1.26.3 (#1106)
• README: update to release v0.12.2 (#1112)
• feat: add master config file (#1084)
• test/e2e: fix node cleanup function (#1115)
• source/cpu: deprecate cpu-rdt.* labels (#1114)
• test/e2e: wait for CRD deletion to complete (#1116)
• test/e2e: refactor nfd pod configuration (#1117)
• nfd-master: disallow unprefixed and kubernetes taints (#1118)
• nfd-master: fix node update (#1119)
• Advertise RDT L3 num_closid (#1100)
• Create extended resources with NodeFeatureRule (#1099)
• Dockerfile: bump grpc-health-probe to v0.4.17 (#1121)
• docs: add missing mentions of extended resources and taints (#1122)
• nfd-master: increase controller resync period to 1 hour (#1123)
• nfd-master: re-try on node update failures (#1127)
• Makefile: set e2e test timeout to 1 hour (#1128)
• feat: support builtin kernel mods (#1086)
• nfd-master: deprecate the -resource-labels flag (#1126)
• source/cpu: don't create cpu-security.tdx.total_keys label (#1130)
• cpu: Expose SGX EPC resource (#1129)
• e2e: add codecov uploader configuration (#1095)
• OWNERS: add PiotrProkop as a reviewer (#1140)
• Dockerfile: bump grpc-health-probe to v0.4.18 (#1145)
• cpu: expose the total number of AMD SEV ASID and ES (#1149)
• hack/prepare-release.sh: fix name of one e2e test file (#1151)

v0.12.3

Changelog

This patch release contains bug fixes to nfd-master and improvements to the Helm chart.

List of PRs

• helm: make master port configurable (#1135)
• feat: add enableTaints to helm chart (#1136)
• nfd-master: fix node update (#1137)
• nfd-master: re-try on node update failures (#1138)
• Dockerfile: bump grpc-health-probe to v0.4.18 (#1147)

v0.12.2

What's Changed

This patch release updates dependencies and fixes some issues with the Helm chart.

List of PRs

• docs: Fix link for Helm docs (#1041)
• helm: fix topology-updater rbac (#1103)
• go.mod: update kubernetes to v1.26.2 (#1107)
• go.mod: update kubernetes to v1.26.3 (#1108)
• source/cpu: fix build flags of cpuid detection (#1104)
• deployment: fixes for mounting kubelet config (#1105)

Full Changelog: v0.12.1...v0.12.2

v0.12.1

Changelog

This is a patch release to fix problems with nfd-master readiness and liveness probes that caused it to be killed when NodeFeature API was enabled.

List of PRs

• Update docker builder image to golang v19.5 (#1036)
• nfd-master: always start gRPC server (#1037)
• e2e: init docker image (#1039)
• Update references to release v0.12.1 (#1038)

v0.12.0

Changelog

Node tainting

NFD now supports node tainting. NodeFeatureRule custom resource was extended to create taints. See documentation for more information.

NodeFeature CRD

(EXPERIMENTAL) NFD defines new NodeFeature custom resource for communicating node features and node labeling requests and they can be used for implementing 3rd party extensions. Support for NodeFeature API is disabled by default in this release but will be enabled and is intended to replace the gRPC API between nfd-worker and nfd-master in the future.

See documentation for more details.

Improvements in topology-updater

NFD-Topology-Updater is now a standalone component, not depending on nfd-master, anymore. Topology-updater got support for configuration file, with one config option excludeList for filtering out resources from accounting. Topology-updater also now supports retrieving kubelet config from configz API endpoint (by default) and received a bunch of bug fixes.

Deprecations

• deprecated IOMMU feature source has been removed
• custom hooks are being deprecated and will be disabled and eventually dropped in future releases. Default behavior is not changed in this release but sources.local.hooksEnabled worker configuration option can be used to disable them. Suggested replacement for hooks in the future will be NodeFeature custom resources (still experimenta).
• security-related labels were re-organized
  • feature.node.kubernetes.io/cpu-sgx.enabled is now deprecated, superseded by feature.node.kubernetes.io/cpu-security.sgx.enabled
  • feature.node.kubernetes.io/cpu-se.enabled is now replaced, superseded by feature.node.kubernetes.io/cpu-security.se.enabled
• -featurerules-controller flag of nfd-master is now deprecated, use -crd-controller instead
• some already deprecaterd worker command line flags were removed:
  • -sleep-interval (use core.sleepInterval config file option instead)
  • -label-whitelist (use core.labelWhiteList config file option instead)
  • -sources (use -label-sources flag instead)

Miscellaneous

• Improved documentation, major restructuring of deployment and usage docs
• ignore operational state of network interfaces when detecting
  network labels – fixes issues with network SR-IOV labels in some scenarios (#814)
• new CPU features
  • Intel TDX
  • CPUID
    • TME, AMXFP16 and PREFETCHI
    • AVXVNNI (non-AVX512)
    • Better detection of features that have both AVX512 and non-AVX512 versions (GFNI, VAES, VPCLMULQDQ)
    • Major update for ARM, POWER, and Z features
• Helm: improved management of CRDs, now supports --skip-crds
• switched over to registry.k8s.io container image registry

List of PRs

• docs: remove fixed release tag in developer guide (#798)
• scripts/update-gh-pages: adjust commit message body (#800)
• scripts/test-infra: bump golangci-lint to v1.45.2 (#804)
• Bump Go to 1.18 (#785)
• Dockerfile: update builder image to Go v1.18.1 (#807)
• docs: fix operator deployment instructions (#811)
• cpu: add cpuid stub for non-linux platforms (#808)
• source/network: ignore interface operational state (#814)
• docs: update x86 cpuid feature list (#818)
• docs: small typo fix in cpuid feature list (#824)
• README: update to v0.11.1 (#825)
• github: small fix in new-release issue template (#822)
• scripts/test-e2e: update aws-iam-authenticator to v0.5.7 (#834)
• go.mod: update kubernetes to v1.24.2 (#835)
• go.mod: update github.com/klauspost/cpuid to v2.0.14 (#837)
• test/e2e: fix checking of nfd-master annotation (#839)
• test/e2e: update e2e-test example config (#840)
• test/e2e: change node-specific config to a list (#841)
• source/fake: fix name of fake flag feature (#843)
• Drop the iommu source (#827)
• helm: add namespace override for multi-namespace deployments (#831)
• dockerfile: update builder image to golang v1.18 (#836)
• go.mod: update github.com/google/go-cmp to v0.5.8 (#838)
• go.mod: update github.com/klauspost/cpuid to v2.1.0 (#851)
• Move e2e-test helpers to a separate package (#854)
• test/e2e: refactor setup and cleanup (#847)
• Improvements to scripts/prepare-release.sh (#846)
• Containerized auto-generation (#829)
• Revert type hack in api (#845)
• topology updater: add e2e tests (#528)
• nfd-master: fix incorrect log messages in crd controller (#860)
• nfd-master: more fixes to log messages (#861)
• logging: do not use %w with klog.Errorf (#868)
• helm: rename "manifests" subdir to "crds" (#862)
• helm: add priorityClassName to worker (#867)
• Fix templates for NodeFeatureRule with MatchAny (#865)
• README: update to v0.11.2 (#874)
• scripts/test-e2e: install kubectl (#877)
• README: reconfigure prow badges (#878)
• cpu: re-organize security features (#833)
• Run local markdown tests inside an isolated container (#882)
• Add Tilt option for developing NFD (#880)
• Bump golang to v1.19 (#887)
• Lint fixes (#889)
• Update registry to registry.k8s.io (#890)
• Update kubernetes to v1.25.0 (#888)
• docs: fix incorrect shell snippet for removing labels (#892)
• scripts: move hacky scripts to hack directory (#885)
• nfd-master: drop cleanup of ancient incubator labels (#897)
• Config option to disable hooks (#871)
• Add Netlify configuration file (#895)
• nfd-master: log if node was modified (or not) (#898)
• Set shortName for NodeFeatureRule CRD (#901)
• cpu: Discover Intel TDX (#830)
• nfd-worker: rename some symbols (#905)
• nfd-master: rename crd controller (#906)
• apis/nfd: move annotation and label consts from nfd-master (#904)
• pkg/api/feature: rename types (#908)
• pkg/utils: move hostpath helpers from source to utils (#909)
• test/e2e: fix segfault in case no e2e config file is specified (#891)
• nfd-worker: refactor gRPC connection logic (#907)
• nfd-master: refactor gRPC into a separate method (#911)
• test/e2e: add tests for NodeFeatureRules (#848)
• OWNERS: add fmuyassarov as a reviewer (#918)
• Tiltfile: update builder image to golang:1.19-bullseye (#915)
• Update base image to Debian bullseye (#916)
• Error strings should not be capitalized (#921)
• Standardize "k8s.io/api/core/v1" package short name (#920)
• Update CPU flags for ARM, POWER, and Z (#919)
• apis/nfd: migrate pkg/api/feature (#912)
• cpu: ignore unknown cpuid flags on non-x86 (#914)
• topology-updater: continue looping on scan error (#929)
• Bump Kubernetes to v1.25.3 (#930)
• apis/nfd: flatten the structure of features data type (#925)
• source/usb: scan host sysfs (#933)
• apis/nfd: fix NodeFeatureRule templating (#935)
• Stop using the beta.kubernetes.io/os and arch labels (#937)
• Increase allowed image build timeout for 500s (#936)
• Increase image waiting timeout (#938)
• README: update deployment instructions to use v0.11.3 (#946)
• docs: update the name of the base image (#948)
• add ephemeral environment for e2e test execution (#917)
• docs: restructure docs (#950)
• Add argument to updateNodeFeatures method to pass client from caller (#952)
• cpu: fix 32-bit ARMv8 CPU flags (#927)
• nfd-topology-updater: retrieve kubelet config from API /configz (#842)
• docs: update github-pages gem to v227 (#959)
• test/e2e: fix topologu-updater cmdline args (#960)
• e2e: topologyupdater: fix and stabilize tests (#961)
• topology-updater: introduce exclude-list (#949)
• test/e2e: more flexible pod spec generation (#964)
• test/e2e: add helper for creating new configmaps (#965)
• e2e: add SecurityContext to master (#966)
• nfd-worker: drop deprecated command line flags (#968)
• docs: revise topology-updater helm chart rbac parameters (#969)
• docs: document helm chart params related to worker serviceaccount (#970)
• test/e2e: remove dropped -sleep-interval arg (#971)
• deployment: drop stale nfd-api-crds.yaml (#972)
• e2e: move pod utils to a seperate package (#967)
• docs: better document custom resources (#974)
• docs: simplify quick-start page (#973)
• scripts/mdlint: update mdlint to v0.12.0 (#977)
• docs: small update to customization guide (#976)
• test/e2e: no pod restart policy of nfd-worker by default (#975)
• helm: drop NodeFeatureRule CRD from templates (#978)
• Allow optionally setting node taints defined on the NodeFeatureRule CR (#910)
• nfd-master svc should select only nfd-master pods (#981)
• go.mod: update to klauspost/cpuid to v2.2.2 (#982)
• helm: fix mount name of topology-updater config (#979)
• docs: remove non-existent nodeFeatureRule.createCRD parameter (#983)
• nfd-topology-updater: update NodeResourceTopology objects directly (#980)
• nfd-worker: detect the namespace it is running in (#984)
• Bump go.mod k8s.io to 1.26 (#987)
• nfd-master: add error checking for CRD controller creation (#988)
• Introduce NodeFeature CRD (#986)
• nfd-master: rename -featurerules-controller flag to -crd-controller (#991)
• nfd-master: fix creation of the -enable-nodefeature-api flag (#992)
• test/e2e: fix creation of NFD CRDs (#993)
• nfd-master: implement ratelimiter for nfd api updates (#990)
• E2E: default kubeconfig location to ${HOME}/.kube/config (#994)
• nfd-master: handle multiple NodeFeature objects (#989)
• test/e2e: create CRDs once in the beginning of the tests (#997)
• test/e2e: fix mistake in ginkgo focus (#1000)
• E2E: default seccompProfile to runtimeDefault for nfd worker (#995)
• docs: document NodeFeature API (#903)
• E2E: parameterize ...

v0.11.3

Changelog

This point release fixes a bug in nfd-topology-updater that caused it to silently stop in some scenarios. It also updates dependencies and refreshes the base container image to Debian bullseye-slim.

List of PRs

• docs: fix incorrect shell snippet for removing labels (#893)
• Update base image to Debian bullseye (#942)
• cpu: ignore unknown cpuid flags on non-x86 (#943)
• topology-updater: continue looping on scan error (#941)
• go.mod: bump kubernetes to v1.23.13 (#944)

v0.11.2

Changelog

This point release fixes an issue with NodeFeatureRule templating. It also provides a fresh build with updated golang and updated base image addressing an issue with cve security scan (#853).

List of PRs

• docs: update x86 cpuid feature list (#823)
• docs: fix operator deployment instructions (#813)
• docs: small typo fix in cpuid feature list (#826)
• dockerfile: bump builder image to golang v1.17.13 (#869)
• Fix templates for NodeFeatureRule with MatchAny (#872)