summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml')
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml86
1 files changed, 86 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml
new file mode 100644
index 00000000..7ea68ff9
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-master
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: master
+spec:
+ replicas: {{ .Values.master.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
+ role: master
+ template:
+ metadata:
+ labels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
+ role: master
+ annotations:
+ {{- toYaml .Values.master.annotations | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "node-feature-discovery.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.master.podSecurityContext | nindent 8 }}
+ containers:
+ - name: master
+ securityContext:
+ {{- toYaml .Values.master.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - containerPort: 8080
+ name: grpc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ - "nfd-master"
+ resources:
+ {{- toYaml .Values.master.resources | nindent 12 }}
+ args:
+ {{- if .Values.master.instance | empty | not }}
+ - "--instance={{ .Values.master.instance }}"
+ {{- end }}
+## Enable TLS authentication
+## The example below assumes having the root certificate named ca.crt stored in
+## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
+## in a TLS Secret named nfd-master-cert.
+## Additional hardening can be enabled by specifying --verify-node-name in
+## args, in which case every nfd-worker requires a individual node-specific
+## TLS certificate.
+# - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
+# - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+# - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+# volumeMounts:
+# - name: nfd-ca-cert
+# mountPath: "/etc/kubernetes/node-feature-discovery/trust"
+# readOnly: true
+# - name: nfd-master-cert
+# mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+# readOnly: true
+# volumes:
+# - name: nfd-ca-cert
+# configMap:
+# name: nfd-ca-cert
+# - name: nfd-master-cert
+# secret:
+# secretName: nfd-master-cert
+ {{- with .Values.master.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.master.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.master.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}