v0.16

Changelog

NodeFeatureGroup API

The NodeFeatureGroup custom resource was added to the NFD API. The NodeFeatureGroup API enables the creation of node groups based on features discovered by NFD. The API is an alpha feature and is disabled by default and can be enabled with the NodeFeatureGroupAPI feature gate.

See documentation for more details.

Feature gates

NFD adapted the concept of feature gates from Kubernetes to introduce and stabilize new features in a controlled way. See the documentation for more details. Two existing features (NodeFeature API and disabling label auto-prefixing) were converted into feature gates.

Deprecations

Upcoming changes

Support for hooks is deprecated since v0.12.0 and will be completely dropped in the NFD v0.17.

RDT feature labels removed

The feature.node.kubernetes.io/cpu-rdt.* feature labels that were deprecated in NFD v0.13 were removed. RDT features are still available for use in NodeFeatureRules for custom labels.

Deprecated flags and options

The autoDefaultNs config file option of nfd-master is deprecated and will be removed in NFD v0.17. Superseded by the DisableAutoPrefix feature gate (featureGates.DisableAutoPrefix Helm parameter).

The -enable-nodefeature-api command line flag of nfd-master and nfd-worker and the corresponding enableNodeFeatureApi Helm chart parameter have been deprecated and will be removed in NFD v0.17. Superseded by the NodeFeature API feature gate (featureGates.NodeFeatureAPI Helm parameter).

The -crd-controller command line flag of nfd-master is deprecated and will be removed with the gRPC API in a future release.

Miscellaneous

Network devices

Discover speed of virtual network interfaces.

DMI

Added support for detecting DMI attributes from /sys/devices/virtual/dmi/id/. In v0.16 only sys_vendor discovered, available as system.dmiid.sys_vendor feature for use in NodeFeatureRules.

Swap

Discover the availability of swap on the node. Available as memory.swap.enabled feature for use in NodeFeatureRules.

Helm chart

Now all nodes are cleaned up (feature labels, annotations, extended resources and taints are removed) after uninstalling NFD using a post-delete hook.

The Helm chart now sets resource requests (cpu and memory) for NFD pods. Users may want to adjust these for their cluster. An option to set the pod priority class was added. See Helm chart parameters in the documentation).

Container health

A gRPC health server was added to the nfd-master, nfd-worker and nfd-topology-updater daemons. Deployments (Helm and kustomize) configure container liveness and readiness probes to use that for health checking.

List of PRs

• github: update tagging instructions in release checklists (#1527)
• Update readme to v0.15.0 release (#1524)
• makefile: fix build: target (#1528)
• Makefile: add -timeout argument to e2e-tests (#1526)
• helm: add post-delete hook that cleans up the node (#1532)
• deployment/kustomize: drop the sample cert-manager overlay (#1534)
• nfd-master: run a separate gRPC health server (#1535)
• source/network: discover speed of virtual network interfaces (#1536)
• go.mod: update dependencies (#1539)
• chore: combine cpu count and thread_siblings functions into discover topology function (#1505)
• source/cpu: drop deprecated cpu-rdt labels (#1530)
• Update readme to v0.15.1 release (#1552)
• hack/generate: patch auto-generated deepcopy functions (#1553)
• apis/nfd: Trivial typo fix in tests (#1537)
• docs: update docs build dependencies (#1543)
• topology-updater: initialize properly with -no-publish (#1554)
• topology-updater: document the -no-publish flag correctly (#1555)
• Wrap nested errors (#1558)
• Prevent nfd-worker erroring when reading attributes from paravirtual devices (#1557)
• pkg/utils: move GetKubeconfig from pkg/apihelper here (#1562)
• OWNERS: add AhmedGrati as a reviewer (#1564)
• deployment/helm: don't deploy topology-updater conf unnecessarily (#1565)
• topology-updater: get topology api client directly (#1566)
• pkg/utils: move JsonPatch from pkg/apihelper (#1568)
• nfd-master: ditch apihelper (#1570)
• topology-updater: ditch apihelper (#1567)
• Drop pkg/apihelper (#1561)
• nfd-master: fix node status patching (#1571)
• nfd-topology-updater add pods fingerprint by default (#1560)
• docs: add KEP of Spiffe integration (#1444)
• docs: document removal of hooks in v0.17 (#1573)
• build(deps): bump github.com/opencontainers/runc from 1.1.10 to 1.1.12 (#1575)
• build(deps-dev): bump nokogiri from 1.16.0 to 1.16.2 in /docs (#1576)
• scripts/test-infra: bump golangci-lint to v1.56.1 (#1580)
• scripts/test-infra: bump k8s logcheck to v0.8.1 (#1583)
• Bump Go to v1.22 (#1579)
• scripts/test-infra: bump helm to v3.14.0 (#1582)
• source/kernel: add unit tests for kernel version parsing (#1588)
• helm: add priorityClassName option (#1587)
• source/pci: add unit test for the pci source (#1589)
• nfd-master: log errors on node update retries (#1591)
• source/system: Add reading vendor information (#1574)
• source/cpu: fix build tags on rdt discovery (#1594)
• helm: add ability to use a custom issuer (#1598)
• fix hook issue (#1604)
• generate: update autogenerate tools (#1606)
• apis/nfd/validate: use testify/assert for checking test results (#1590)
• Update readme to v0.15.2 release (#1611)
• Update generate scripts to use latest code_gen functions (#1605)
• nfd-master: mark the -crd-controller flag as deprecated (#1612)
• build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#1613)
• Use close to signal stop channedl in worker and topology-updater (#1620)
• nfd-master: fix memory leak in nfd api-controller (#1615)
• Update readme to v0.15.3 release (#1628)
• Add FeatureGate framework to handle new features (#1623)
• replace AhmedGrati account with TessaIO as reviewer (#1630)
• add swap support in nfd (#1585)
• nfd-master: check if node exists before trying update (#1595)
• Remove references to -enable-nodefeature-api flag (#1632)
• Add owner reference to NRT object (#1602)
• nfd-master: retry node updates indefinitely (#1596)
• nfd-worker: Add liveness probe (#1609)
• topology-updater: Set APIVersion, Kind in the OwnerReference explicitly (#1634)
• helm: fix invalid name of host-swaps volume (#1635)
• nfd-master: do nfd API scheme registration in an init function (#1641)
• chore/deployment: add resources requests and limits for helm and Kustomize (#1631)
• nfd-topology-updater: Add liveness probe (#1643)
• nfd-master: get node object only once when updating node (#1652)
• chore/deploy: make interval property in PodMonitor configurable (#1639)
• nfd-master: protect node updater pool queueing with a lock (#1642)
• nfd-master: prevent crash on empty config struct (#1657)
• Update readme to v0.15.4 release (#1650)
• Tidy up usage of channels for signaling (#1656)
• nfd-master: implement opts for modifying NfdMaster instance (#1658)
• nfd-master: parse kubeconfig even with NoPublish set (#1655)
• Move NFD api to a separate go mod (#1600)
• api/nfd: run go mod tidy (#1661)
• Fix Make generate (#1662)
• apis/nfd/validate: loosen validation of feature annotations (#1633)
• nfd-master: use separate k8s api clients for each updater (#1653)
• nfd-master: stop node-updater pool before reconfiguring api-controller (#1660)
• build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 (#1665)
• chore/nfd-master: remove warnings in nfd-master unit tests file (#1668)
• build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 in api/nfd (#1666)
• apis/nfd: add unit tests for match name functions (#1667)
• apis/nfd: no error on ops that never match (#1670)
• api/nfd: use varargs in the NewInstanceFeatures helper (#1669)
• scripts/test-infra: bump golangci-lint to v1.57.2 (#1674)
• add ARMv7 support (#1659)
• docs: document trade-offs in memory configuration (#1651)
• go.mod: bump kubernetes to v1.30 (#1675)
• cloudbuild.yaml: change machine type to e1-highcpu-32 (#1678)
• test/e2e: stop importing kubernetes test/e2e (#1680)
• hack/init-buildx.sh: fix broken patter matching (#1683)
• Disable armv7 builds (#1677)
• cloudbu...

v0.15.4

This patch release fixes a potential crash in nfd-master (#1644).

v0.14.6

This patch release fixes a potential crash in nfd-master (#1645).

v0.15.3

Changelog

This patch release fixes a critical memory leak in nfd-master, along with updating dependencies.

• nfd-master: fix memory leak in nfd api-controller by @k8s-infra-cherrypick-robot in #1621
• go.mod: bump protobuf deps by @marquiz in #1624

Full Changelog: v0.15.2...v0.15.3

v0.14.5

Changelog

This patch release fixes a critical memory leak in nfd-master, along with updating dependencies.

• go.mod: bump github.com/opencontainers/runc to v1.1.12 by @marquiz in #1578
• Dockerfile: bump grpc-health-probe to v0.4.25 by @marquiz in #1619
• nfd-master: fix memory leak in nfd api-controller by @k8s-infra-cherrypick-robot in #1622
• go.mod: bump protobuf deps by @marquiz in #1625

Full Changelog: v0.14.4...v0.14.5

v0.15.2

Changelog

This release fixes a bug in hooks and updates dependencies.

• go.mod: bump github.com/opencontainers/runc to v1.1.12 by @marquiz in #1577
• fix hook issue by @k8s-infra-cherrypick-robot in #1607

Full Changelog: v0.15.1...v0.15.2

v0.15.1

What's Changed

This patch release adds detection of speed attribute of virtual network interfaces.

List of PRs

• makefile: fix build: target (#1529)
• source/network: discover speed of virtual network interfaces (#1538)

Full Changelog: v0.15.0...v0.15.1

v0.15.0

What's new

NodeFeatureRule API extended

Annotations

NFD now supports creating node annotations with the NodeFeatureRuless. See the documentation for details.

matchName

New matchName field was added to the NodeFeatureRule CRD. It can be used to match the names of features (instead of their values which is done with the matchExpressions field). See
documentation for details.

Feature files

Hidden feature files: feature files whose name start with a dot (.) are now ignored by nfd-worker. This makes it easier to update the feature files by creating a temporary file in the same directory. (#1353)

Skip labels or features: Feature files support # +no-label and # +no-feature directives to skip label and feature generation, respectively. See the documentation for details and examples.

Container image based on scratch

NFD switched to use scratch as the base container image and to build fully statically linked binaries. Switching to the virtually empty base image means that the default container image only supports running hooks that are also fully statically linked. For example, many go binaries that are "almost" statically linked don't work. The full image variant can be used for richer hook support. NOTE: hooks are deprecated and support for them will be removed in a future release.

Base image of the full image variant was updated to Debian Bookworm.

Discover virtual network interfaces

NFD now discovers virtual network interfaces as features that can be used in NodeFeatureRules. (#1448)

Kubectl plugin

Starting as a developer preview, we are introducing a kubectl-nfd plugin to perform 3 operations against NodeFeatureRule files. (#1446)

• test: Check a NodeFeatureRule file against a node to ensure it is valid before applying it to a cluster.
• dryrun: Check a NodeFeatureRule file against a local NodeFeature file, allowing an offline testing of the rule to be before applying it to a cluster.
• validate: Check if the NodeFeatureRule file will valid and can be used against NodeFeatures.

See the documentation for more information.

Deprecations

Automatic prefixing of names deprecated

Automatic prefixing of names (of labels, annotations or extended resources) is deprecated. Unprefixed names should not be used in NodeFeatureRules, feature files, hooks or custom rules. The default feature.node.kubernetes.io/ prefix should be added to unprefixed names.

The nfd-master has new autoDefaultNs configuration file option (defaults to true in v0.15) to stop automatically adding the feature.node.kubernetes.io/ prefix to node labels, annotations and extended resources. If set to false, unprefixed names will be denied. (#1461)

NOTE: The autoDefaultNs option default will be changed to false in a future NFD release. This will be a breaking change for users who rely on automatic prefixing of unprefixed names. Setting the autoDefaultNs option to false with NFD v0.15 can be used to test that all NodeFeatureRules, feature files, hooks and custom rules (configuration of the "custom" feature source of nfd-worker) work correctly when the default will be switched to false.

Deprecated security labels dropped

Deprecated feature.node.kubernetes.io/cpu-sgx.enabled and feature.node.kubernetes.io/cpu-se.enabled labels were dropped. They are replaced by feature.node.kubernetes.io/cpu-security.sgx.enabled and feature.node.kubernetes.io/cpu-security.se.enabled. (#1350)

Legacy "matchOn" custom rule format dropped

Support for the legacy "matchOn" rule format of the custom source of nfd-worker was removed (deprecated since v0.10.0). (#1397)

Miscellaneous

CPU features

Detection of Intel APX and AVX10 as new CPUID features.

New cpu.topology feature socket_count.

Liveness probe

gRPC health probe utility replaced with Kubernetes' built-in gRPC liveness probe. This means that the Kubernetes v1.23 or later is required by the default deployments. (#1046)

Annotations

The nfd-master doesn't create NFD version node annotations anymore. (#1394)

Metrics

Metrics for nfd-gc were added. (#1407)

Example grafana dashboard to display NFD metrics was added. (#1413)

Helm chart

Various fixes and improvments in the Helm chart, for example ability to disable/enable nfd-master and nfd-worker.

NodeFeature API

The nfd-worker now sets owner reference in NodeFeature objects it creates, so orphaned NodeFeatures are automatically garbage-collected when the nfd-worker pod goes away. (#1491)

List of PRs

• chore: introduce a commong klog handling for cmd/nfd-* (#1341)
• cpu: drop the deprecated sgx and se labels (#1350)
• source/local: simplify feature file size checking (#1351)
• scripts/update-gh-pages: sync OWNERS from master to gh-pages (#1355)
• github: prevent parallel runs of gh-pages update (#1358)
• github: separate workflow for helm repo index update (#1359)
• feat: ignore hidden feature files (#1353)
• deployment/helm: fix namespace of nfd-worker role and rolebinding (#1364)
• github: add a separate issue template for patch releases (#1368)
• deployment/helm: fix handling of enableNodeFeatureApi parameter (#1365)
• Build statically linked binaries (#1373)
• Replace gRPC health probe utility with k8s built-in health probe (#1046)
• README: update to v0.14.1 (#1377)
• nfd-master: fix filtering of extended resources (#1378)
• apis/nfd: drop one stale comment line (#1382)
• Helm - Move remaining gPRC related flags to conditional (#1387)
• Helm - service to be only deployed when needed (#1389)
• feat: support raw features (#1386)
• Fix serviceaccount handling for nfd-gc to be consistent with others (#1392)
• nfd-master: correctly clean up annotations (#1393)
• Bump to Go 1.21 (#1390)
• nfd-master: stop creating NFD version annotations (#1394)
• Refactor metrics (#1398)
• nfd-gc: simplify initialization (#1399)
• go.mod: bump kubernetes to v1.28.2 (#1402)
• docs: clarify nfd_node_update_requests_total metric (#1406)
• docs: document nfd_topology_updater_build_info metric (#1400)
• nfd-gc: add metrics (#1407)
• Update Readme to V0.14.2 (#1411)
• feat: add parameters in helm to disable/enable nfd-master and nfd-worker (#1415)
• build(deps): bump golang.org/x/net from 0.13.0 to 0.17.0 (#1416)
• examples: add example grafana dashboard (#1413)
• source/custom: drop support for the legacy rule format (#1397)
• test/e2e: fix source/custom nodename test (#1421)
• Fix pkg name for test/utils/deployment (#1418)
• nfd-master: fix retry of node updates (#1425)
• go.mod: update deps (#1422)
• test/e2e: stricter validation of node annotations (#1426)
• Update readme to v0.14.3 (#1435)
• scripts/test-infra: bump mdlint to v0.13.0 (#1437)
• scripts/test-infra: bump golangci-lint to v1.55.1 (#1438)
• Make mdlint v0.13 happy (#1439)
• Discover node features as annotations (#1417)
• docs: edits to customization guide (#1436)
• test/e2e: fix log messages (#1441)
• test/e2e: improved test logging (#1442)
• test/e2e: fix broken feature-annotations test (#1440)
• test/e2e: cleanup feature annotations (#1443)
• go.mod: update deps (#1445)
• docs: fix documentation on SEV security features (#1447)
• docs: use correct storage.block name for block device feature (#1449)
• source/network: refactor readIfaceInfo (#1452)
• go.mod: Update cpuid to its v2.2.6 release (#1453)
• docs: stop advertising --resource-labels flag (#1454)
• go.mod: update deps (#1457)
• go.mod: update deps (#1463)
• go.mod: bump kubernetes to v1.28.4 (#1465)
• apis/nfd: fix incorrect comments of matching functions (#1467)
• apis/nfd: fix logging of rule expression processing (#1458)
• test/e2e: increase timeout for waiting node status (#1460)
• docs: fix small typo in customization guide (#1469)
• nfd-master: drop stale variables (#1470)
• nfd-master: predictable handling of unprefixed names (#1471)
• apis/nfd: fix multiple matcher terms targeting the same feature (#1468)
• Option to stop implicitly adding default prefix to names (#1461)
• Reproducible output from expression matching (#1473)
• Use T.Run in expression unit tests (#1474)
• nfd-worker: fix typo in log message (#1472)
• docs: correct description of no-publish for topology-updater (#1475)
• docs/tls: update cert-manager deployment instructions (#1476)
• generate: update kube code-gen to v1.28.4 (#1478)
• apis/nfd: validate input when matching expression (#1480)
• docs: styling (#1484)
• Change the base image of full image variant to Debian Bookworm (#1486)
• docs: remove outdated instructions for minimal image (#1485)
• feat: discover virtual network interface (#1448)
• deployment/kustomize: drop default-combined overlay (#1492)
• dockerignore: cleanup (#1493)
• deployment/kustomize: drop nfd-master service (#1494)
• nfd-worker: set owner reference in NodeFeature obj...

v0.14.4

This patch release updates dependencies.

v0.14.3

This patch release fixes a bug in node update retries and updates dependencies.

List of PRs

• nfd-master: fix retry of node updates (#1427)
• Update deps (#1428)