Skip to content

Commit

Permalink
Deprecate gRPC API
Browse files Browse the repository at this point in the history
Signed-off-by: Carlos Eduardo Arango Gutierrez <[email protected]>
Co-authored-by: Markus Lehtonen <[email protected]>
  • Loading branch information
ArangoGutierrez and marquiz committed Sep 6, 2023
1 parent db2719a commit db12d52
Show file tree
Hide file tree
Showing 8 changed files with 87 additions and 29 deletions.
30 changes: 24 additions & 6 deletions cmd/nfd-master/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,18 @@ func main() {
args.Overrides.ResyncPeriod = overrides.ResyncPeriod
case "nfd-api-parallelism":
args.Overrides.NfdApiParallelism = overrides.NfdApiParallelism
case "enable-nodefeature-api":
klog.InfoS("-enable-nodefeature-api is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "ca-file":
klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "cert-file":
klog.InfoS("-cert-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "key-file":
klog.InfoS("-key-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "port":
klog.InfoS("-port is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "verify-node-name":
klog.InfoS("-verify-node-name is deprecated, will be removed in a future release along with the deprecated gRPC API")
}
})

Expand Down Expand Up @@ -105,32 +117,38 @@ func initFlags(flagset *flag.FlagSet) (*master.Args, *master.ConfigOverrideArgs)
args := &master.Args{}

flagset.StringVar(&args.CaFile, "ca-file", "",
"Root certificate for verifying connections")
"Root certificate for verifying connections"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.CertFile, "cert-file", "",
"Certificate used for authenticating connections")
"Certificate used for authenticating connections"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.Instance, "instance", "",
"Instance name. Used to separate annotation namespaces for multiple parallel deployments.")
flagset.StringVar(&args.KeyFile, "key-file", "",
"Private key matching -cert-file")
"Private key matching -cert-file"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.ConfigFile, "config", "/etc/kubernetes/node-feature-discovery/nfd-master.conf",
"Config file to use.")
flagset.StringVar(&args.Kubeconfig, "kubeconfig", "",
"Kubeconfig to use")
flagset.BoolVar(&args.EnableNodeFeatureApi, "enable-nodefeature-api", true,
"Enable the NodeFeature CRD API for receiving node features. This will automatically disable the gRPC communication.")
"Enable the NodeFeature CRD API for receiving node features. This will automatically disable the gRPC communication."+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.BoolVar(&args.CrdController, "featurerules-controller", true,
"Enable NFD CRD API controller. DEPRECATED: use -crd-controller instead")
flagset.BoolVar(&args.CrdController, "crd-controller", true,
"Enable NFD CRD API controller for processing NodeFeature and NodeFeatureRule objects.")
flagset.IntVar(&args.Port, "port", 8080,
"Port on which to listen for connections.")
"Port on which to listen for gRPC connections."+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.IntVar(&args.MetricsPort, "metrics", 8081,
"Port on which to expose metrics.")
flagset.BoolVar(&args.Prune, "prune", false,
"Prune all NFD related attributes from all nodes of the cluster and exit.")
flagset.BoolVar(&args.VerifyNodeName, "verify-node-name", false,
"Verify worker node name against the worker's TLS certificate. "+
"Only takes effect when TLS authentication has been enabled.")
"Only takes effect when TLS authentication has been enabled."+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.Options, "options", "",
"Specify config options from command line. Config options are specified "+
"in the same format as in the config file (i.e. json or yaml). These options")
Expand Down
36 changes: 30 additions & 6 deletions cmd/nfd-worker/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,24 @@ func main() {
klog.InfoS("version not set! Set -ldflags \"-X sigs.k8s.io/node-feature-discovery/pkg/version.version=`git describe --tags --dirty --always`\" during build or run.")
}

// Check deprecated flags
flags.Visit(func(f *flag.Flag) {
switch f.Name {
case "enable-nodefeature-api":
klog.InfoS("-enable-nodefeature-api is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "ca-file":
klog.InfoS("-ca-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "cert-file":
klog.InfoS("-cert-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "key-file":
klog.InfoS("-key-file is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "server":
klog.InfoS("-server is deprecated, will be removed in a future release along with the deprecated gRPC API")
case "server-name-override":
klog.InfoS("-server-name-override is deprecated, will be removed in a future release along with the deprecated gRPC API")
}
})

// Plug klog into grpc logging infrastructure
utils.ConfigureGrpcKlog()

Expand Down Expand Up @@ -96,15 +114,19 @@ func initFlags(flagset *flag.FlagSet) (*worker.Args, *worker.ConfigOverrideArgs)
args := &worker.Args{}

flagset.StringVar(&args.CaFile, "ca-file", "",
"Root certificate for verifying connections")
"Root certificate for verifying connections"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.CertFile, "cert-file", "",
"Certificate used for authenticating connections")
"Certificate used for authenticating connections"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.ConfigFile, "config", "/etc/kubernetes/node-feature-discovery/nfd-worker.conf",
"Config file to use.")
flagset.StringVar(&args.KeyFile, "key-file", "",
"Private key matching -cert-file")
"Private key matching -cert-file"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.BoolVar(&args.EnableNodeFeatureApi, "enable-nodefeature-api", true,
"Enable the NodeFeature CRD API for communicating with nfd-master. This will automatically disable the gRPC communication.")
"Enable the NodeFeature CRD API for communicating with nfd-master. This will automatically disable the gRPC communication."+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.Kubeconfig, "kubeconfig", "",
"Kubeconfig to use")
flagset.BoolVar(&args.Oneshot, "oneshot", false,
Expand All @@ -115,9 +137,11 @@ func initFlags(flagset *flag.FlagSet) (*worker.Args, *worker.ConfigOverrideArgs)
"Specify config options from command line. Config options are specified "+
"in the same format as in the config file (i.e. json or yaml). These options")
flagset.StringVar(&args.Server, "server", "localhost:8080",
"NFD server address to connecto to.")
"NFD server address to connecto to."+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")
flagset.StringVar(&args.ServerNameOverride, "server-name-override", "",
"Hostname expected from server certificate, useful in testing")
"Hostname expected from server certificate, useful in testing"+
"DEPRECATED: will be removed in a future release along with the deprecated gRPC API.")

initKlogFlags(flagset, args)

Expand Down
7 changes: 4 additions & 3 deletions docs/deployment/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ sort: 5

---

> ***NOTE*** this section only applies when the gRPC API is used, i.e. when the
> NodeFeature API is disabled via the `-enable-nodefeature-api=false` flag on
> both nfd-master and nfd-worker.
> **DEPRECATED**: this section only applies when the gRPC API is used, i.e.
> when the NodeFeature API is disabled via the `-enable-nodefeature-api=false`
> flag on both nfd-master and nfd-worker. The gRPC API is deprecated and will
> be removed in a future release.
NFD supports mutual TLS authentication between the nfd-master and nfd-worker
instances. That is, nfd-worker and nfd-master both verify that the other end
Expand Down
23 changes: 15 additions & 8 deletions docs/developer-guide/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,11 @@ make e2e-test KUBECONFIG=$HOME/.kube/config

## Running locally

> ****DEPRECATED**: Running NFD locally is deprecated and will be removed in a
> future release. It depends on the gRPC API which is deprecated and will be
> removed in a future release. To run NFD locally, use the
> `-enable-nodefeature-api=false` flag.

You can run NFD locally, either directly on your host OS or in containers for
testing and development purposes. This may be useful e.g. for checking
features-detection.
Expand All @@ -174,22 +179,23 @@ features-detection.

When running as a standalone container labeling is expected to fail because
Kubernetes API is not available. Thus, it is recommended to use `-no-publish`
command line flag. E.g.
Also specify `-crd-controller=false` and `-enable-nodefeature-api=false`
command line flags to disable CRD controller and enable gRPC. E.g.

```bash
$ export NFD_CONTAINER_IMAGE={{ site.container_image }}
$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master -no-publish
$ docker run --rm --name=nfd-test ${NFD_CONTAINER_IMAGE} nfd-master -no-publish -crd-controller=false -enable-nodefeature-api=false
2019/02/01 14:48:21 Node Feature Discovery Master <NFD_VERSION>
2019/02/01 14:48:21 gRPC server serving on port: 8080
```

### NFD-Worker

In order to run nfd-worker as a "stand-alone" container against your
standalone nfd-master you need to run them in the same network namespace:
In order to run nfd-worker as a "stand-alone" container
you need to run it in the same network namespace as the nfd-master container:

```bash
$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker
$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-worker -enable-nodefeature-api=false
2019/02/01 14:48:56 Node Feature Discovery Worker <NFD_VERSION>
...
```
Expand All @@ -206,11 +212,12 @@ pass the `-no-publish` flag to nfd-worker.

### NFD-Topology-Updater

In order to run nfd-topology-updater as a "stand-alone" container against your
standalone nfd-master you need to run them in the same network namespace:
In order to run nfd-topology-updater as a "stand-alone" container
you need to run it in with the `-no-publish` flag to disable communication to
the Kubernetes apiserver.

```bash
$ docker run --rm --network=container:nfd-test ${NFD_CONTAINER_IMAGE} nfd-topology-updater
$ docker run --rm ${NFD_CONTAINER_IMAGE} nfd-topology-updater -no-publish
2019/02/01 14:48:56 Node Feature Discovery Topology Updater <NFD_VERSION>
...
```
Expand Down
3 changes: 3 additions & 0 deletions docs/reference/master-commandline-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,9 @@ nfd-master -verify-node-name -ca-file=/opt/nfd/ca.crt \

### -enable-nodefeature-api

> **NOTE** the gRPC API is deprecated and will be removed in a future release.
> and this flag will be removed as well.
The `-enable-nodefeature-api` flag enables/disables the
[NodeFeature](../usage/custom-resources.md#nodefeature) CRD API for receiving
feature requests. This will also automatically disable/enable the gRPC
Expand Down
3 changes: 3 additions & 0 deletions docs/reference/worker-commandline-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,9 @@ nfd-worker -label-sources=kernel,system,local

### -enable-nodefeature-api

> **NOTE** the gRPC API is deprecated and will be removed in a future release.
> and this flag will be removed as well.
The `-enable-nodefeature-api` flag enables/disables the
[NodeFeature](../usage/custom-resources.md#nodefeature) CRD API
for communicating with nfd-master. When enabled nfd-worker creates per-node
Expand Down
3 changes: 2 additions & 1 deletion docs/usage/customization-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,8 @@ create and manipulate NodeFeature objects in their namespace.
The NodeFeature CRD API can be disabled with the
`-enable-nodefeature-api=false` command line flag. This flag must be specified
for both nfd-master and nfd-worker as it will enable the gRPC communication
between them.
between them. Note that the gRPC API is **DEPRECATED** and will be removed in a
future release, at which point the NodeFeature API cannot be disabled.

### A NodeFeature example

Expand Down
11 changes: 6 additions & 5 deletions docs/usage/nfd-master.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,12 @@ and creates node labels accordingly. The feature data used as the input is
received from nfd-worker instances through
[NodeFeature](custom-resources.md#nodefeature-custom-resource) objects.

> **NOTE:** when gRPC is used for communicating the features (by setting the
> flag `-enable-nodefeature-api=false` on both nfd-master and nfd-worker, or
> via Helm values.enableNodeFeatureApi=false),(re-)labelling only happens
> when a request is received from nfd-worker. That is, in practice rules are
> evaluated and labels for each node are created on intervals specified by the
> **NOTE**: when gRPC (**DEPRECATED**) is used for communicating
> the features (by setting the flag `-enable-nodefeature-api=false` on both
> nfd-master and nfd-worker, or via Helm values.enableNodeFeatureApi=false),
> (re-)labelling only happens when a request is received from nfd-worker.
> That is, in practice rules are evaluated and labels for each node are created
> on intervals specified by the
> [`core.sleepInterval`](../reference/worker-configuration-reference.md#coresleepinterval)
> configuration option of nfd-worker instances. This means that modification or
> creation of NodeFeatureRule objects does not instantly cause the node
Expand Down

0 comments on commit db12d52

Please sign in to comment.