To quickly view available command line flags execute nfd-worker -help
. In a docker container:
docker run registry.k8s.io/nfd/node-feature-discovery:v0.14.6 nfd-worker -help
Print usage and exit.
Print version and exit.
The -config
flag specifies the path of the nfd-worker configuration file to use.
Default: /etc/kubernetes/node-feature-discovery/nfd-worker.conf
Example:
nfd-worker -config=/opt/nfd/worker.conf
The -options
flag may be used to specify and override configuration file options directly from the command line. The required format is the same as in the config file i.e. JSON or YAML. Configuration options specified via this flag will override those from the configuration file:
Default: empty
Example:
nfd-worker -options='{"sources":{"cpu":{"cpuid":{"attributeWhitelist":["AVX","AVX2"]}}}}'
NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.
The -server
flag specifies the address of the nfd-master endpoint where to connect to.
Default: localhost:8080
Example:
nfd-worker -server=nfd-master.nfd.svc.cluster.local:443
NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.
The -ca-file
is one of the three flags (together with -cert-file
and -key-file
) controlling the mutual TLS authentication on the worker side. This flag specifies the TLS root certificate that is used for verifying the authenticity of nfd-master.
Default: empty
NOTE: Must be specified together with
-cert-file
and-key-file
Example:
nfd-worker -ca-file=/opt/nfd/ca.crt -cert-file=/opt/nfd/worker.crt -key-file=/opt/nfd/worker.key
NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.
The -cert-file
is one of the three flags (together with -ca-file
and -key-file
) controlling mutual TLS authentication on the worker side. This flag specifies the TLS certificate presented for authenticating outgoing requests.
Default: empty
NOTE: Must be specified together with
-ca-file
and-key-file
Example:
nfd-workerr -cert-file=/opt/nfd/worker.crt -key-file=/opt/nfd/worker.key -ca-file=/opt/nfd/ca.crt
NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.
The -key-file
is one of the three flags (together with -ca-file
and -cert-file
) controlling the mutual TLS authentication on the worker side. This flag specifies the private key corresponding the given certificate file (-cert-file
) that is used for authenticating outgoing requests.
Default: empty
NOTE: Must be specified together with
-cert-file
and-ca-file
Example:
nfd-worker -key-file=/opt/nfd/worker.key -cert-file=/opt/nfd/worker.crt -ca-file=/opt/nfd/ca.crt
The -kubeconfig
flag specifies the kubeconfig to use for connecting to the Kubernetes API server. It is only needed for manipulating NodeFeature objects, and thus the flag only takes effect when -enable-nodefeature-api
) is specified. An empty value (which is also the default) implies in-cluster kubeconfig.
Default: empty
Example:
nfd-worker -kubeconfig ${HOME}/.kube/config
NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.
The -server-name-override
flag specifies the common name (CN) which to expect from the nfd-master TLS certificate. This flag is mostly intended for development and debugging purposes.
Default: empty
Example:
nfd-worker -server-name-override=localhost
The -feature-sources
flag specifies a comma-separated list of enabled feature sources. A special value all
enables all sources. Prefixing a source name with -
indicates that the source will be disabled instead - this is only meaningful when used in conjunction with all
. This command line flag allows completely disabling the feature detection so that neither standard feature labels are generated nor the raw feature data is available for custom rule processing. Consider using the core.featureSources
config file option, instead, allowing dynamic configurability.
NOTE: This flag takes precedence over the
core.featureSources
configuration file option.
Default: all
Example:
nfd-worker -feature-sources=all,-pci
The -label-sources
flag specifies a comma-separated list of enabled label sources. A special value all
enables all sources. Prefixing a source name with -
indicates that the source will be disabled instead - this is only meaningful when used in conjunction with all
. Consider using the core.labelSources
config file option, instead, allowing dynamic configurability.
NOTE: This flag takes precedence over the
core.labelSources
configuration file option.
Default: all
Example:
nfd-worker -label-sources=kernel,system,local
NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.
The -enable-nodefeature-api
flag enables/disables the NodeFeature CRD API for communicating with nfd-master. When enabled nfd-worker creates per-node NodeFeature objects the contain all discovered node features and the set of feature labels to be created. Setting the flag to false will enable gRPC communication to nfd-master.
Default: true
Example:
nfd-worker -enable-nodefeature-api=false
The -metrics
flag specifies the port on which to expose Prometheus metrics. Setting this to 0 disables the metrics server on nfd-worker.
Default: 8081
Example:
nfd-worker -metrics=12345
The -no-publish
flag disables all communication with the nfd-master and the Kubernetes API server. It is effectively a "dry-run" flag for nfd-worker. NFD-Worker runs feature detection normally, but no labeling requests are sent to nfd-master and no NodeFeature objects are created or updated in the API server.
NOTE: This flag takes precedence over the
core.noPublish
configuration file option.
Default: false
Example:
nfd-worker -no-publish
The -oneshot
flag causes nfd-worker to exit after one pass of feature detection.
Default: false
Example:
nfd-worker -oneshot -no-publish
The following logging-related flags are inherited from the klog package.
NOTE: The logger setup can also be specified via the
core.klog
configuration file options. However, the command line flags take precedence over any corresponding config file options specified.
If true, adds the file directory to the header of the log messages.
Default: false
Log to standard error as well as files.
Default: false
When logging hits line file:N, emit a stack trace.
Default: empty
If non-empty, write log files in this directory.
Default: empty
If non-empty, use this log file.
Default: empty
Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited.
Default: 1800
Log to standard error instead of files
Default: true
If true, avoid header prefixes in the log messages.
Default: false
If true, avoid headers when opening log files.
Default: false
Logs at or above this threshold go to stderr.
Default: 2
Number for the log level verbosity.
Default: 0
Comma-separated list of pattern=N
settings for file-filtered logging.
Default: empty