Commandline flags of nfd-worker

Table of contents

  1. -h, -help
  2. -version
  3. -config
  4. -options
  5. -server
  6. -ca-file
  7. -cert-file
  8. -key-file
  9. -kubeconfig
  10. -server-name-override
  11. -feature-sources
  12. -label-sources
  13. -enable-nodefeature-api
  14. -metrics
  15. -no-publish
  16. -oneshot
  17. Logging

To quickly view available command line flags execute nfd-worker -help. In a docker container:

docker run registry.k8s.io/nfd/node-feature-discovery:v0.14.6 nfd-worker -help

-h, -help

Print usage and exit.

-version

Print version and exit.

-config

The -config flag specifies the path of the nfd-worker configuration file to use.

Default: /etc/kubernetes/node-feature-discovery/nfd-worker.conf

Example:

nfd-worker -config=/opt/nfd/worker.conf

-options

The -options flag may be used to specify and override configuration file options directly from the command line. The required format is the same as in the config file i.e. JSON or YAML. Configuration options specified via this flag will override those from the configuration file:

Default: empty

Example:

nfd-worker -options='{"sources":{"cpu":{"cpuid":{"attributeWhitelist":["AVX","AVX2"]}}}}'

-server

NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.

The -server flag specifies the address of the nfd-master endpoint where to connect to.

Default: localhost:8080

Example:

nfd-worker -server=nfd-master.nfd.svc.cluster.local:443

-ca-file

NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.

The -ca-file is one of the three flags (together with -cert-file and -key-file) controlling the mutual TLS authentication on the worker side. This flag specifies the TLS root certificate that is used for verifying the authenticity of nfd-master.

Default: empty

NOTE: Must be specified together with -cert-file and -key-file

Example:

nfd-worker -ca-file=/opt/nfd/ca.crt -cert-file=/opt/nfd/worker.crt -key-file=/opt/nfd/worker.key

-cert-file

NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.

The -cert-file is one of the three flags (together with -ca-file and -key-file) controlling mutual TLS authentication on the worker side. This flag specifies the TLS certificate presented for authenticating outgoing requests.

Default: empty

NOTE: Must be specified together with -ca-file and -key-file

Example:

nfd-workerr -cert-file=/opt/nfd/worker.crt -key-file=/opt/nfd/worker.key -ca-file=/opt/nfd/ca.crt

-key-file

NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.

The -key-file is one of the three flags (together with -ca-file and -cert-file) controlling the mutual TLS authentication on the worker side. This flag specifies the private key corresponding the given certificate file (-cert-file) that is used for authenticating outgoing requests.

Default: empty

NOTE: Must be specified together with -cert-file and -ca-file

Example:

nfd-worker -key-file=/opt/nfd/worker.key -cert-file=/opt/nfd/worker.crt -ca-file=/opt/nfd/ca.crt

-kubeconfig

The -kubeconfig flag specifies the kubeconfig to use for connecting to the Kubernetes API server. It is only needed for manipulating NodeFeature objects, and thus the flag only takes effect when -enable-nodefeature-api) is specified. An empty value (which is also the default) implies in-cluster kubeconfig.

Default: empty

Example:

nfd-worker -kubeconfig ${HOME}/.kube/config

-server-name-override

NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.

The -server-name-override flag specifies the common name (CN) which to expect from the nfd-master TLS certificate. This flag is mostly intended for development and debugging purposes.

Default: empty

Example:

nfd-worker -server-name-override=localhost

-feature-sources

The -feature-sources flag specifies a comma-separated list of enabled feature sources. A special value all enables all sources. Prefixing a source name with - indicates that the source will be disabled instead - this is only meaningful when used in conjunction with all. This command line flag allows completely disabling the feature detection so that neither standard feature labels are generated nor the raw feature data is available for custom rule processing. Consider using the core.featureSources config file option, instead, allowing dynamic configurability.

NOTE: This flag takes precedence over the core.featureSources configuration file option.

Default: all

Example:

nfd-worker -feature-sources=all,-pci

-label-sources

The -label-sources flag specifies a comma-separated list of enabled label sources. A special value all enables all sources. Prefixing a source name with - indicates that the source will be disabled instead - this is only meaningful when used in conjunction with all. Consider using the core.labelSources config file option, instead, allowing dynamic configurability.

NOTE: This flag takes precedence over the core.labelSources configuration file option.

Default: all

Example:

nfd-worker -label-sources=kernel,system,local

-enable-nodefeature-api

NOTE the gRPC API is deprecated and will be removed in a future release. and this flag will be removed as well.

The -enable-nodefeature-api flag enables/disables the NodeFeature CRD API for communicating with nfd-master. When enabled nfd-worker creates per-node NodeFeature objects the contain all discovered node features and the set of feature labels to be created. Setting the flag to false will enable gRPC communication to nfd-master.

Default: true

Example:

nfd-worker -enable-nodefeature-api=false

-metrics

The -metrics flag specifies the port on which to expose Prometheus metrics. Setting this to 0 disables the metrics server on nfd-worker.

Default: 8081

Example:

nfd-worker -metrics=12345

-no-publish

The -no-publish flag disables all communication with the nfd-master and the Kubernetes API server. It is effectively a "dry-run" flag for nfd-worker. NFD-Worker runs feature detection normally, but no labeling requests are sent to nfd-master and no NodeFeature objects are created or updated in the API server.

NOTE: This flag takes precedence over the core.noPublish configuration file option.

Default: false

Example:

nfd-worker -no-publish

-oneshot

The -oneshot flag causes nfd-worker to exit after one pass of feature detection.

Default: false

Example:

nfd-worker -oneshot -no-publish

Logging

The following logging-related flags are inherited from the klog package.

NOTE: The logger setup can also be specified via the core.klog configuration file options. However, the command line flags take precedence over any corresponding config file options specified.

-add_dir_header

If true, adds the file directory to the header of the log messages.

Default: false

-alsologtostderr

Log to standard error as well as files.

Default: false

-log_backtrace_at

When logging hits line file:N, emit a stack trace.

Default: empty

-log_dir

If non-empty, write log files in this directory.

Default: empty

-log_file

If non-empty, use this log file.

Default: empty

-log_file_max_size

Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited.

Default: 1800

-logtostderr

Log to standard error instead of files

Default: true

-skip_headers

If true, avoid header prefixes in the log messages.

Default: false

-skip_log_headers

If true, avoid headers when opening log files.

Default: false

-stderrthreshold

Logs at or above this threshold go to stderr.

Default: 2

-v

Number for the log level verbosity.

Default: 0

-vmodule

Comma-separated list of pattern=N settings for file-filtered logging.

Default: empty