apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ include "node-feature-discovery.fullname" . }}-worker labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} role: worker spec: selector: matchLabels: {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} role: worker template: metadata: labels: {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} role: worker annotations: {{- toYaml .Values.worker.annotations | nindent 8 }} spec: dnsPolicy: ClusterFirstWithHostNet {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} securityContext: {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} containers: - name: worker securityContext: {{- toYaml .Values.worker.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName resources: {{- toYaml .Values.worker.resources | nindent 12 }} command: - "nfd-worker" args: - "--sleep-interval={{ .Values.worker.sleepTime }}s" - "--server=nfd-master:{{ .Values.master.service.port }}" ## Enable TLS authentication (1/3) ## The example below assumes having the root certificate named ca.crt stored in ## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored ## in a TLS Secret named nfd-worker-cert # - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt" # - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" # - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" volumeMounts: - name: host-boot mountPath: "/host-boot" readOnly: true - name: host-os-release mountPath: "/host-etc/os-release" readOnly: true - name: host-sys mountPath: "/host-sys" readOnly: true - name: source-d mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" readOnly: true - name: features-d mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" readOnly: true - name: nfd-worker-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true ## Enable TLS authentication (2/3) # - name: nfd-ca-cert # mountPath: "/etc/kubernetes/node-feature-discovery/trust" # readOnly: true # - name: nfd-worker-cert # mountPath: "/etc/kubernetes/node-feature-discovery/certs" # readOnly: true volumes: - name: host-boot hostPath: path: "/boot" - name: host-os-release hostPath: path: "/etc/os-release" - name: host-sys hostPath: path: "/sys" - name: source-d hostPath: path: "/etc/kubernetes/node-feature-discovery/source.d/" - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" - name: nfd-worker-conf configMap: name: {{ .Values.worker.configmapName }} items: - key: nfd-worker.conf path: nfd-worker.conf ## Enable TLS authentication (3/3) # - name: nfd-ca-cert # configMap: # name: nfd-ca-cert # - name: nfd-worker-cert # secret: # secretName: nfd-worker-cert {{- with .Values.worker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.worker.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.worker.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}