File charts.obscpio of Package sriov-network-operator-chart

07070100000000000081a400000000000000000000000168cdbe560000015c000000000000000000000000000000000000001d00000000charts/sriov-nfd/.helmignore# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/07070100000001000081a400000000000000000000000168cdbe56000001aa000000000000000000000000000000000000001c00000000charts/sriov-nfd/Chart.yamlapiVersion: v2
appVersion: v0.15.7
description: Detects hardware features available on each node in a Kubernetes cluster,
  and advertises those features using node labels
home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords:
  - feature-discovery
  - feature-detection
  - node-labels
name: sriov-nfd
sources:
  - https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.15.707070100000002000081a400000000000000000000000168cdbe56000001c5000000000000000000000000000000000000001b00000000charts/sriov-nfd/README.md# Node Feature Discovery

Node Feature Discovery (NFD) is a Kubernetes add-on for detecting hardware
features and system configuration. Detected features are advertised as node
labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs.

See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
for deployment instructions.07070100000003000081a400000000000000000000000168cdbe56000055c8000000000000000000000000000000000000002800000000charts/sriov-nfd/crds/nfd-api-crds.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.12.1
  name: nodefeatures.nfd.k8s-sigs.io
spec:
  group: nfd.k8s-sigs.io
  names:
    kind: NodeFeature
    listKind: NodeFeatureList
    plural: nodefeatures
    singular: nodefeature
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          description: NodeFeature resource holds the features discovered for one node
            in the cluster.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: NodeFeatureSpec describes a NodeFeature object.
              properties:
                features:
                  description: Features is the full "raw" features data that has been
                    discovered.
                  properties:
                    attributes:
                      additionalProperties:
                        description: AttributeFeatureSet is a set of features having
                          string value.
                        properties:
                          elements:
                            additionalProperties:
                              type: string
                            type: object
                        required:
                          - elements
                        type: object
                      description: Attributes contains all the attribute-type features
                        of the node.
                      type: object
                    flags:
                      additionalProperties:
                        description: FlagFeatureSet is a set of simple features only
                          containing names without values.
                        properties:
                          elements:
                            additionalProperties:
                              description: Nil is a dummy empty struct for protobuf
                                compatibility
                              type: object
                            type: object
                        required:
                          - elements
                        type: object
                      description: Flags contains all the flag-type features of the
                        node.
                      type: object
                    instances:
                      additionalProperties:
                        description: InstanceFeatureSet is a set of features each of
                          which is an instance having multiple attributes.
                        properties:
                          elements:
                            items:
                              description: InstanceFeature represents one instance of
                                a complex features, e.g. a device.
                              properties:
                                attributes:
                                  additionalProperties:
                                    type: string
                                  type: object
                              required:
                                - attributes
                              type: object
                            type: array
                        required:
                          - elements
                        type: object
                      description: Instances contains all the instance-type features
                        of the node.
                      type: object
                  type: object
                labels:
                  additionalProperties:
                    type: string
                  description: Labels is the set of node labels that are requested to
                    be created.
                  type: object
              type: object
          required:
            - spec
          type: object
      served: true
      storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.12.1
  name: nodefeaturerules.nfd.k8s-sigs.io
spec:
  group: nfd.k8s-sigs.io
  names:
    kind: NodeFeatureRule
    listKind: NodeFeatureRuleList
    plural: nodefeaturerules
    shortNames:
      - nfr
    singular: nodefeaturerule
  scope: Cluster
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          description: NodeFeatureRule resource specifies a configuration for feature-based
            customization of node objects, such as node labeling.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: NodeFeatureRuleSpec describes a NodeFeatureRule.
              properties:
                rules:
                  description: Rules is a list of node customization rules.
                  items:
                    description: Rule defines a rule for node customization such as
                      labeling.
                    properties:
                      annotations:
                        additionalProperties:
                          type: string
                        description: Annotations to create if the rule matches.
                        type: object
                      extendedResources:
                        additionalProperties:
                          type: string
                        description: ExtendedResources to create if the rule matches.
                        type: object
                      labels:
                        additionalProperties:
                          type: string
                        description: Labels to create if the rule matches.
                        type: object
                      labelsTemplate:
                        description: LabelsTemplate specifies a template to expand for
                          dynamically generating multiple labels. Data (after template
                          expansion) must be keys with an optional value (<key>[=<value>])
                          separated by newlines.
                        type: string
                      matchAny:
                        description: MatchAny specifies a list of matchers one of which
                          must match.
                        items:
                          description: MatchAnyElem specifies one sub-matcher of MatchAny.
                          properties:
                            matchFeatures:
                              description: MatchFeatures specifies a set of matcher
                                terms all of which must match.
                              items:
                                description: FeatureMatcherTerm defines requirements
                                  against one feature set. All requirements (specified
                                  as MatchExpressions) are evaluated against each element
                                  in the feature set.
                                properties:
                                  feature:
                                    description: Feature is the name of the feature
                                      set to match against.
                                    type: string
                                  matchExpressions:
                                    additionalProperties:
                                      description: MatchExpression specifies an expression
                                        to evaluate against a set of input values. It
                                        contains an operator that is applied when matching
                                        the input and an array of values that the operator
                                        evaluates the input against.
                                      properties:
                                        op:
                                          description: Op is the operator to be applied.
                                          enum:
                                            - In
                                            - NotIn
                                            - InRegexp
                                            - Exists
                                            - DoesNotExist
                                            - Gt
                                            - Lt
                                            - GtLt
                                            - IsTrue
                                            - IsFalse
                                          type: string
                                        value:
                                          description: Value is the list of values that
                                            the operand evaluates the input against.
                                            Value should be empty if the operator is
                                            Exists, DoesNotExist, IsTrue or IsFalse.
                                            Value should contain exactly one element
                                            if the operator is Gt or Lt and exactly
                                            two elements if the operator is GtLt. In
                                            other cases Value should contain at least
                                            one element.
                                          items:
                                            type: string
                                          type: array
                                      required:
                                        - op
                                      type: object
                                    description: MatchExpressions is the set of per-element
                                      expressions evaluated. These match against the
                                      value of the specified elements.
                                    type: object
                                  matchName:
                                    description: MatchName in an expression that is
                                      matched against the name of each element in the
                                      feature set.
                                    properties:
                                      op:
                                        description: Op is the operator to be applied.
                                        enum:
                                          - In
                                          - NotIn
                                          - InRegexp
                                          - Exists
                                          - DoesNotExist
                                          - Gt
                                          - Lt
                                          - GtLt
                                          - IsTrue
                                          - IsFalse
                                        type: string
                                      value:
                                        description: Value is the list of values that
                                          the operand evaluates the input against. Value
                                          should be empty if the operator is Exists,
                                          DoesNotExist, IsTrue or IsFalse. Value should
                                          contain exactly one element if the operator
                                          is Gt or Lt and exactly two elements if the
                                          operator is GtLt. In other cases Value should
                                          contain at least one element.
                                        items:
                                          type: string
                                        type: array
                                    required:
                                      - op
                                    type: object
                                required:
                                  - feature
                                type: object
                              type: array
                          required:
                            - matchFeatures
                          type: object
                        type: array
                      matchFeatures:
                        description: MatchFeatures specifies a set of matcher terms
                          all of which must match.
                        items:
                          description: FeatureMatcherTerm defines requirements against
                            one feature set. All requirements (specified as MatchExpressions)
                            are evaluated against each element in the feature set.
                          properties:
                            feature:
                              description: Feature is the name of the feature set to
                                match against.
                              type: string
                            matchExpressions:
                              additionalProperties:
                                description: MatchExpression specifies an expression
                                  to evaluate against a set of input values. It contains
                                  an operator that is applied when matching the input
                                  and an array of values that the operator evaluates
                                  the input against.
                                properties:
                                  op:
                                    description: Op is the operator to be applied.
                                    enum:
                                      - In
                                      - NotIn
                                      - InRegexp
                                      - Exists
                                      - DoesNotExist
                                      - Gt
                                      - Lt
                                      - GtLt
                                      - IsTrue
                                      - IsFalse
                                    type: string
                                  value:
                                    description: Value is the list of values that the
                                      operand evaluates the input against. Value should
                                      be empty if the operator is Exists, DoesNotExist,
                                      IsTrue or IsFalse. Value should contain exactly
                                      one element if the operator is Gt or Lt and exactly
                                      two elements if the operator is GtLt. In other
                                      cases Value should contain at least one element.
                                    items:
                                      type: string
                                    type: array
                                required:
                                  - op
                                type: object
                              description: MatchExpressions is the set of per-element
                                expressions evaluated. These match against the value
                                of the specified elements.
                              type: object
                            matchName:
                              description: MatchName in an expression that is matched
                                against the name of each element in the feature set.
                              properties:
                                op:
                                  description: Op is the operator to be applied.
                                  enum:
                                    - In
                                    - NotIn
                                    - InRegexp
                                    - Exists
                                    - DoesNotExist
                                    - Gt
                                    - Lt
                                    - GtLt
                                    - IsTrue
                                    - IsFalse
                                  type: string
                                value:
                                  description: Value is the list of values that the
                                    operand evaluates the input against. Value should
                                    be empty if the operator is Exists, DoesNotExist,
                                    IsTrue or IsFalse. Value should contain exactly
                                    one element if the operator is Gt or Lt and exactly
                                    two elements if the operator is GtLt. In other cases
                                    Value should contain at least one element.
                                  items:
                                    type: string
                                  type: array
                              required:
                                - op
                              type: object
                          required:
                            - feature
                          type: object
                        type: array
                      name:
                        description: Name of the rule.
                        type: string
                      taints:
                        description: Taints to create if the rule matches.
                        items:
                          description: The node this Taint is attached to has the "effect"
                            on any pod that does not tolerate the Taint.
                          properties:
                            effect:
                              description: Required. The effect of the taint on pods
                                that do not tolerate the taint. Valid effects are NoSchedule,
                                PreferNoSchedule and NoExecute.
                              type: string
                            key:
                              description: Required. The taint key to be applied to
                                a node.
                              type: string
                            timeAdded:
                              description: TimeAdded represents the time at which the
                                taint was added. It is only written for NoExecute taints.
                              format: date-time
                              type: string
                            value:
                              description: The taint value corresponding to the taint
                                key.
                              type: string
                          required:
                            - effect
                            - key
                          type: object
                        type: array
                      vars:
                        additionalProperties:
                          type: string
                        description: Vars is the variables to store if the rule matches.
                          Variables do not directly inflict any changes in the node
                          object. However, they can be referenced from other rules enabling
                          more complex rule hierarchies, without exposing intermediary
                          output values as labels.
                        type: object
                      varsTemplate:
                        description: VarsTemplate specifies a template to expand for
                          dynamically generating multiple variables. Data (after template
                          expansion) must be keys with an optional value (<key>[=<value>])
                          separated by newlines.
                        type: string
                    required:
                      - name
                    type: object
                  type: array
              required:
                - rules
              type: object
          required:
            - spec
          type: object
      served: true
      storage: true07070100000004000041ed00000000000000000000000168cdbe5600000000000000000000000000000000000000000000001600000000charts/sriov-nfd/crds07070100000005000081a400000000000000000000000168cdbe5600000e1e000000000000000000000000000000000000002800000000charts/sriov-nfd/templates/_helpers.tpl{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "node-feature-discovery.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "node-feature-discovery.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "node-feature-discovery.namespace" -}}
  {{- if .Values.namespaceOverride -}}
    {{- .Values.namespaceOverride -}}
  {{- else -}}
    {{- .Release.Namespace -}}
  {{- end -}}
{{- end -}}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "node-feature-discovery.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Common labels
*/}}
{{- define "node-feature-discovery.labels" -}}
helm.sh/chart: {{ include "node-feature-discovery.chart" . }}
{{ include "node-feature-discovery.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}

{{/*
Selector labels
*/}}
{{- define "node-feature-discovery.selectorLabels" -}}
app.kubernetes.io/name: {{ include "node-feature-discovery.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

{{/*
Create the name of the service account which the nfd master will use
*/}}
{{- define "node-feature-discovery.master.serviceAccountName" -}}
{{- if .Values.master.serviceAccount.create -}}
    {{ default (include "node-feature-discovery.fullname" .) .Values.master.serviceAccount.name }}
{{- else -}}
    {{ default "default" .Values.master.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account which the nfd worker will use
*/}}
{{- define "node-feature-discovery.worker.serviceAccountName" -}}
{{- if .Values.worker.serviceAccount.create -}}
    {{ default (printf "%s-worker" (include "node-feature-discovery.fullname" .)) .Values.worker.serviceAccount.name }}
{{- else -}}
    {{ default "default" .Values.worker.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account which topologyUpdater will use
*/}}
{{- define "node-feature-discovery.topologyUpdater.serviceAccountName" -}}
{{- if .Values.topologyUpdater.serviceAccount.create -}}
    {{ default (printf "%s-topology-updater" (include "node-feature-discovery.fullname" .)) .Values.topologyUpdater.serviceAccount.name }}
{{- else -}}
    {{ default "default" .Values.topologyUpdater.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account which nfd-gc will use
*/}}
{{- define "node-feature-discovery.gc.serviceAccountName" -}}
{{- if .Values.gc.serviceAccount.create -}}
    {{ default (printf "%s-gc" (include "node-feature-discovery.fullname" .)) .Values.gc.serviceAccount.name }}
{{- else -}}
    {{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}}
{{- end -}}07070100000006000081a400000000000000000000000168cdbe56000007e1000000000000000000000000000000000000003300000000charts/sriov-nfd/templates/cert-manager-certs.yaml{{- if .Values.tls.certManager }}
{{- if .Values.master.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-master-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  secretName: nfd-master-cert
  subject:
    organizations:
      - node-feature-discovery
  commonName: nfd-master
  dnsNames:
    # must match the service name
    - {{ include "node-feature-discovery.fullname" . }}-master
    # first one is configured for use by the worker; below are for completeness
    - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc
    - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
  issuerRef:
    name: nfd-ca-issuer
    kind: Issuer
    group: cert-manager.io
{{- end }}
---
{{- if .Values.worker.enable }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-worker-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  secretName: nfd-worker-cert
  subject:
    organizations:
      - node-feature-discovery
  commonName: nfd-worker
  dnsNames:
    - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
  issuerRef:
    name: nfd-ca-issuer
    kind: Issuer
    group: cert-manager.io
{{- end }}

{{- if .Values.topologyUpdater.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-topology-updater-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  secretName: nfd-topology-updater-cert
  subject:
    organizations:
      - node-feature-discovery
  commonName: nfd-topology-updater
  dnsNames:
    - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
  issuerRef:
    name: nfd-ca-issuer
    kind: Issuer
    group: cert-manager.io
{{- end }}

{{- end }}07070100000007000081a400000000000000000000000168cdbe56000003c1000000000000000000000000000000000000003400000000charts/sriov-nfd/templates/cert-manager-issuer.yaml{{- if .Values.tls.certManager }}
  # See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
  # - Create a self signed issuer
  # - Use this to create a CA cert
  # - Use this to now create a CA issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: nfd-ca-bootstrap
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  selfSigned: {}

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-ca-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  isCA: true
  secretName: nfd-ca-cert
  subject:
    organizations:
      - node-feature-discovery
  commonName: nfd-ca-cert
  issuerRef:
    name: nfd-ca-bootstrap
    kind: Issuer
    group: cert-manager.io

---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: nfd-ca-issuer
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  ca:
    secretName: nfd-ca-cert
{{- end }}07070100000008000081a400000000000000000000000168cdbe5600000917000000000000000000000000000000000000002c00000000charts/sriov-nfd/templates/clusterrole.yaml{{- if and .Values.master.enable .Values.master.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - ""
    resources:
      - nodes
      - nodes/status
    verbs:
      - get
      - patch
      - update
      - list
  - apiGroups:
      - nfd.k8s-sigs.io
    resources:
      - nodefeatures
      - nodefeaturerules
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - create
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    resourceNames:
      - "nfd-master.nfd.kubernetes.io"
    verbs:
      - get
      - update
{{- end }}

{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
      - list
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
  - apiGroups:
      - topology.node.k8s.io
    resources:
      - noderesourcetopologies
    verbs:
      - create
      - get
      - update
{{- end }}

{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-gc
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
    verbs:
      - get
  - apiGroups:
      - topology.node.k8s.io
    resources:
      - noderesourcetopologies
    verbs:
      - delete
      - list
  - apiGroups:
      - nfd.k8s-sigs.io
    resources:
      - nodefeatures
    verbs:
      - delete
      - list
{{- end }}07070100000009000081a400000000000000000000000168cdbe5600000762000000000000000000000000000000000000003300000000charts/sriov-nfd/templates/clusterrolebinding.yaml{{- if and .Values.master.enable .Values.master.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "node-feature-discovery.fullname" . }}
subjects:
  - kind: ServiceAccount
    name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
    namespace: {{ include "node-feature-discovery.namespace" .  }}
{{- end }}

{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
subjects:
  - kind: ServiceAccount
    name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
    namespace: {{ include "node-feature-discovery.namespace" .  }}
{{- end }}

{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-gc
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects:
  - kind: ServiceAccount
    name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
    namespace: {{ include "node-feature-discovery.namespace" .  }}
{{- end }}0707010000000a000081a400000000000000000000000168cdbe5600001600000000000000000000000000000000000000002700000000charts/sriov-nfd/templates/master.yaml{{- if .Values.master.enable }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name:  {{ include "node-feature-discovery.fullname" . }}-master
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
    role: master
  {{- with .Values.master.deploymentAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.master.replicaCount }}
  selector:
    matchLabels:
      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
      role: master
  template:
    metadata:
      labels:
        {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
        role: master
      {{- with .Values.master.annotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }}
      enableServiceLinks: false
      securityContext:
        {{- toYaml .Values.master.podSecurityContext | nindent 8 }}
      containers:
        - name: master
          securityContext:
            {{- toYaml .Values.master.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          livenessProbe:
            grpc:
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 10
          readinessProbe:
            grpc:
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
            failureThreshold: 10
          ports:
            - containerPort: {{ .Values.master.port | default "8080" }}
              name: grpc
            - containerPort: {{ .Values.master.metricsPort | default "8081" }}
              name: metrics
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          command:
            - "nfd-master"
          resources:
            {{- toYaml .Values.master.resources | nindent 12 }}
          args:
            {{- if .Values.master.instance | empty | not }}
            - "-instance={{ .Values.master.instance }}"
            {{- end }}
            {{- if not .Values.enableNodeFeatureApi }}
            - "-port={{ .Values.master.port | default "8080" }}"
            - "-enable-nodefeature-api=false"
            {{- else if gt (int .Values.master.replicaCount) 1 }}
            - "-enable-leader-election"
            {{- end }}
            {{- if .Values.master.extraLabelNs | empty | not }}
            - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
            {{- end }}
            {{- if .Values.master.denyLabelNs | empty | not }}
            - "-deny-label-ns={{- join "," .Values.master.denyLabelNs }}"
            {{- end }}
            {{- if .Values.master.resourceLabels | empty | not }}
            - "-resource-labels={{- join "," .Values.master.resourceLabels }}"
            {{- end }}
            {{- if .Values.master.enableTaints }}
            - "-enable-taints"
            {{- end }}
            {{- if .Values.master.crdController | kindIs "invalid" | not }}
            - "-crd-controller={{ .Values.master.crdController }}"
            {{- else }}
            ## By default, disable crd controller for other than the default instances
            - "-crd-controller={{ .Values.master.instance | empty }}"
            {{- end }}
            {{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
            - "-featurerules-controller={{ .Values.master.featureRulesController }}"
            {{- end }}
            {{- if .Values.master.resyncPeriod }}
            - "-resync-period={{ .Values.master.resyncPeriod }}"
            {{- end }}
            {{- if .Values.master.nfdApiParallelism | empty | not }}
            - "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
            {{- end }}
            {{- if .Values.tls.enable }}
            - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
            - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
            - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
            {{- end }}
            - "-metrics={{ .Values.master.metricsPort  | default "8081" }}"
          volumeMounts:
            {{- if .Values.tls.enable }}
            - name: nfd-master-cert
              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
              readOnly: true
            {{- end }}
            - name: nfd-master-conf
              mountPath: "/etc/kubernetes/node-feature-discovery"
              readOnly: true
      volumes:
        {{- if .Values.tls.enable }}
        - name: nfd-master-cert
          secret:
            secretName: nfd-master-cert
        {{- end }}
        - name: nfd-master-conf
          configMap:
            name: {{ include "node-feature-discovery.fullname" . }}-master-conf
            items:
              - key: nfd-master.conf
                path: nfd-master.conf
    {{- with .Values.master.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.master.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.master.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
{{- end }}0707010000000b000081a400000000000000000000000168cdbe56000009b9000000000000000000000000000000000000002700000000charts/sriov-nfd/templates/nfd-gc.yaml{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-gc
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
    role: gc
  {{- with .Values.gc.deploymentAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.gc.replicaCount | default 1 }}
  selector:
    matchLabels:
      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
      role: gc
  template:
    metadata:
      labels:
        {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
        role: gc
      {{- with .Values.gc.annotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
      dnsPolicy: ClusterFirstWithHostNet
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      securityContext:
        {{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
      containers:
        - name: gc
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          command:
            - "nfd-gc"
          args:
          {{- if .Values.gc.interval | empty | not }}
            - "-gc-interval={{ .Values.gc.interval }}"
          {{- end }}
          resources:
      {{- toYaml .Values.gc.resources | nindent 12 }}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: [ "ALL" ]
            readOnlyRootFilesystem: true
            runAsNonRoot: true
          ports:
            - name: metrics
              containerPort: {{ .Values.gc.metricsPort | default "8081"}}

    {{- with .Values.gc.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.gc.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.gc.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
{{- end }}0707010000000c000081a400000000000000000000000168cdbe5600000174000000000000000000000000000000000000003000000000charts/sriov-nfd/templates/nfd-master-conf.yaml{{- if .Values.master.enable }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-master-conf
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
  {{- include "node-feature-discovery.labels" . | nindent 4 }}
data:
  nfd-master.conf: |-
    {{- .Values.master.config | toYaml | nindent 4 }}
{{- end }}0707010000000d000081a400000000000000000000000168cdbe5600000166000000000000000000000000000000000000003900000000charts/sriov-nfd/templates/nfd-topologyupdater-conf.yamlapiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
  {{- include "node-feature-discovery.labels" . | nindent 4 }}
data:
  nfd-topology-updater.conf: |-
    {{- .Values.topologyUpdater.config | toYaml | nindent 4 }}0707010000000e000081a400000000000000000000000168cdbe5600000174000000000000000000000000000000000000003000000000charts/sriov-nfd/templates/nfd-worker-conf.yaml{{- if .Values.worker.enable }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-worker-conf
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
  {{- include "node-feature-discovery.labels" . | nindent 4 }}
data:
  nfd-worker.conf: |-
    {{- .Values.worker.config | toYaml | nindent 4 }}
{{- end }}0707010000000f000081a400000000000000000000000168cdbe5600000349000000000000000000000000000000000000002b00000000charts/sriov-nfd/templates/prometheus.yaml{{- if .Values.prometheus.enable }}
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}
  labels:
    {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
    {{- with .Values.prometheus.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
spec:
  podMetricsEndpoints:
    - honorLabels: true
      interval: 10s
      path: /metrics
      port: metrics
      scheme: http
  namespaceSelector:
    matchNames:
      - {{ include "node-feature-discovery.namespace" . }}
  selector:
    matchExpressions:
      - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
      - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }}07070100000010000081a400000000000000000000000168cdbe5600000227000000000000000000000000000000000000002500000000charts/sriov-nfd/templates/role.yaml{{- if and .Values.worker.enable .Values.worker.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-worker
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - nfd.k8s-sigs.io
    resources:
      - nodefeatures
    verbs:
      - create
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
{{- end }}07070100000011000081a400000000000000000000000168cdbe560000028b000000000000000000000000000000000000002c00000000charts/sriov-nfd/templates/rolebinding.yaml{{- if and .Values.worker.enable .Values.worker.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-worker
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "node-feature-discovery.fullname" . }}-worker
subjects:
  - kind: ServiceAccount
    name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
    namespace: {{ include "node-feature-discovery.namespace" .  }}
{{- end }}
07070100000012000081a400000000000000000000000168cdbe560000026e000000000000000000000000000000000000002800000000charts/sriov-nfd/templates/service.yaml{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }}
apiVersion: v1
kind: Service
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-master
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
    role: master
spec:
  type: {{ .Values.master.service.type }}
  ports:
    - port: {{ .Values.master.service.port | default "8080" }}
      targetPort: grpc
      protocol: TCP
      name: grpc
  selector:
    {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
    role: master
{{- end}}07070100000013000081a400000000000000000000000168cdbe5600000793000000000000000000000000000000000000002f00000000charts/sriov-nfd/templates/serviceaccount.yaml{{- if and .Values.master.enable .Values.master.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
  {{- with .Values.master.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
{{- end }}

{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
  {{- with .Values.topologyUpdater.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
{{- end }}

{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
  {{- with .Values.gc.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
{{- end }}

{{- if and .Values.worker.enable .Values.worker.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
  {{- with .Values.worker.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
{{- end }}07070100000014000081a400000000000000000000000168cdbe560000302d000000000000000000000000000000000000003500000000charts/sriov-nfd/templates/topologyupdater-crds.yaml{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.createCRDs -}}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/1870
    controller-gen.kubebuilder.io/version: v0.11.2
  creationTimestamp: null
  name: noderesourcetopologies.topology.node.k8s.io
spec:
  group: topology.node.k8s.io
  names:
    kind: NodeResourceTopology
    listKind: NodeResourceTopologyList
    plural: noderesourcetopologies
    shortNames:
      - node-res-topo
    singular: noderesourcetopology
  scope: Cluster
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          description: NodeResourceTopology describes node resources and their topology.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            topologyPolicies:
              items:
                type: string
              type: array
            zones:
              description: ZoneList contains an array of Zone objects.
              items:
                description: Zone represents a resource topology zone, e.g. socket,
                  node, die or core.
                properties:
                  attributes:
                    description: AttributeList contains an array of AttributeInfo objects.
                    items:
                      description: AttributeInfo contains one attribute of a Zone.
                      properties:
                        name:
                          type: string
                        value:
                          type: string
                      required:
                        - name
                        - value
                      type: object
                    type: array
                  costs:
                    description: CostList contains an array of CostInfo objects.
                    items:
                      description: CostInfo describes the cost (or distance) between
                        two Zones.
                      properties:
                        name:
                          type: string
                        value:
                          format: int64
                          type: integer
                      required:
                        - name
                        - value
                      type: object
                    type: array
                  name:
                    type: string
                  parent:
                    type: string
                  resources:
                    description: ResourceInfoList contains an array of ResourceInfo
                      objects.
                    items:
                      description: ResourceInfo contains information about one resource
                        type.
                      properties:
                        allocatable:
                          anyOf:
                            - type: integer
                            - type: string
                          description: Allocatable quantity of the resource, corresponding
                            to allocatable in node status, i.e. total amount of this
                            resource available to be used by pods.
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        available:
                          anyOf:
                            - type: integer
                            - type: string
                          description: Available is the amount of this resource currently
                            available for new (to be scheduled) pods, i.e. Allocatable
                            minus the resources reserved by currently running pods.
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        capacity:
                          anyOf:
                            - type: integer
                            - type: string
                          description: Capacity of the resource, corresponding to capacity
                            in node status, i.e. total amount of this resource that
                            the node has.
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        name:
                          description: Name of the resource.
                          type: string
                      required:
                        - allocatable
                        - available
                        - capacity
                        - name
                      type: object
                    type: array
                  type:
                    type: string
                required:
                  - name
                  - type
                type: object
              type: array
          required:
            - topologyPolicies
            - zones
          type: object
      served: true
      storage: false
    - name: v1alpha2
      schema:
        openAPIV3Schema:
          description: NodeResourceTopology describes node resources and their topology.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            attributes:
              description: AttributeList contains an array of AttributeInfo objects.
              items:
                description: AttributeInfo contains one attribute of a Zone.
                properties:
                  name:
                    type: string
                  value:
                    type: string
                required:
                  - name
                  - value
                type: object
              type: array
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            topologyPolicies:
              description: 'DEPRECATED (to be removed in v1beta1): use top level attributes
              if needed'
              items:
                type: string
              type: array
            zones:
              description: ZoneList contains an array of Zone objects.
              items:
                description: Zone represents a resource topology zone, e.g. socket,
                  node, die or core.
                properties:
                  attributes:
                    description: AttributeList contains an array of AttributeInfo objects.
                    items:
                      description: AttributeInfo contains one attribute of a Zone.
                      properties:
                        name:
                          type: string
                        value:
                          type: string
                      required:
                        - name
                        - value
                      type: object
                    type: array
                  costs:
                    description: CostList contains an array of CostInfo objects.
                    items:
                      description: CostInfo describes the cost (or distance) between
                        two Zones.
                      properties:
                        name:
                          type: string
                        value:
                          format: int64
                          type: integer
                      required:
                        - name
                        - value
                      type: object
                    type: array
                  name:
                    type: string
                  parent:
                    type: string
                  resources:
                    description: ResourceInfoList contains an array of ResourceInfo
                      objects.
                    items:
                      description: ResourceInfo contains information about one resource
                        type.
                      properties:
                        allocatable:
                          anyOf:
                            - type: integer
                            - type: string
                          description: Allocatable quantity of the resource, corresponding
                            to allocatable in node status, i.e. total amount of this
                            resource available to be used by pods.
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        available:
                          anyOf:
                            - type: integer
                            - type: string
                          description: Available is the amount of this resource currently
                            available for new (to be scheduled) pods, i.e. Allocatable
                            minus the resources reserved by currently running pods.
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        capacity:
                          anyOf:
                            - type: integer
                            - type: string
                          description: Capacity of the resource, corresponding to capacity
                            in node status, i.e. total amount of this resource that
                            the node has.
                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                          x-kubernetes-int-or-string: true
                        name:
                          description: Name of the resource.
                          type: string
                      required:
                        - allocatable
                        - available
                        - capacity
                        - name
                      type: object
                    type: array
                  type:
                    type: string
                required:
                  - name
                  - type
                type: object
              type: array
          required:
            - zones
          type: object
      served: true
      storage: true
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
{{- end }}07070100000015000081a400000000000000000000000168cdbe56000017b1000000000000000000000000000000000000003000000000charts/sriov-nfd/templates/topologyupdater.yaml{{- if .Values.topologyUpdater.enable -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
    role: topology-updater
  {{- with .Values.topologyUpdater.daemonsetAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  selector:
    matchLabels:
      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
      role: topology-updater
  template:
    metadata:
      labels:
        {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
        role: topology-updater
      {{- with .Values.topologyUpdater.annotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
      dnsPolicy: ClusterFirstWithHostNet
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      securityContext:
        {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
      containers:
        - name: topology-updater
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: NODE_ADDRESS
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP
          command:
            - "nfd-topology-updater"
          args:
            - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
          {{- if .Values.topologyUpdater.updateInterval | empty | not }}
            - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
          {{- else }}
            - "-sleep-interval=3s"
          {{- end }}
          {{- if .Values.topologyUpdater.watchNamespace | empty | not }}
            - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
          {{- else }}
            - "-watch-namespace=*"
          {{- end }}
          {{- if .Values.tls.enable }}
            - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
            - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
            - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
          {{- end }}
          {{- if .Values.topologyUpdater.podSetFingerprint }}
            - "-pods-fingerprint"
          {{- end }}
          {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
            - "-kubelet-config-uri=file:///host-var/kubelet-config"
          {{- end }}
          {{- if .Values.topologyUpdater.kubeletStateDir | empty }}
            # Disable kubelet state tracking by giving an empty path
            - "-kubelet-state-dir="
          {{- end }}
            - -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
          ports:
            - name: metrics
              containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
          volumeMounts:
        {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
            - name: kubelet-config
              mountPath: /host-var/kubelet-config
        {{- end }}
            - name: kubelet-podresources-sock
              mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
            - name: host-sys
              mountPath: /host-sys
        {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
            - name: kubelet-state-files
              mountPath: /host-var/lib/kubelet
              readOnly: true
        {{- end }}
        {{- if .Values.tls.enable }}
            - name: nfd-topology-updater-cert
              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
              readOnly: true
        {{- end }}
            - name: nfd-topology-updater-conf
              mountPath: "/etc/kubernetes/node-feature-discovery"
              readOnly: true

          resources:
      {{- toYaml .Values.topologyUpdater.resources | nindent 12 }}
          securityContext:
      {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }}
      volumes:
        - name: host-sys
          hostPath:
            path: "/sys"
      {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
        - name: kubelet-config
          hostPath:
            path: {{ .Values.topologyUpdater.kubeletConfigPath }}
      {{- end }}
        - name: kubelet-podresources-sock
          hostPath:
          {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }}
            path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
          {{- else }}
            path: /var/lib/kubelet/pod-resources/kubelet.sock
          {{- end }}
      {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
        - name: kubelet-state-files
          hostPath:
            path: {{ .Values.topologyUpdater.kubeletStateDir }}
      {{- end }}
        - name: nfd-topology-updater-conf
          configMap:
            name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
            items:
              - key: nfd-topology-updater.conf
                path: nfd-topology-updater.conf
      {{- if .Values.tls.enable }}
        - name: nfd-topology-updater-cert
          secret:
            secretName: nfd-topology-updater-cert
      {{- end }}


    {{- with .Values.topologyUpdater.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.topologyUpdater.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.topologyUpdater.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
{{- end }}07070100000016000081a400000000000000000000000168cdbe5600001591000000000000000000000000000000000000002700000000charts/sriov-nfd/templates/worker.yaml{{- if .Values.worker.enable }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name:  {{ include "node-feature-discovery.fullname" . }}-worker
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
    role: worker
  {{- with .Values.worker.daemonsetAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  selector:
    matchLabels:
      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
      role: worker
  template:
    metadata:
      labels:
        {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
        role: worker
      {{- with .Values.worker.annotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      dnsPolicy: ClusterFirstWithHostNet
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
      containers:
        - name: worker
          securityContext:
          {{- toYaml .Values.worker.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_UID
              valueFrom:
                fieldRef:
                  fieldPath: metadata.uid
          resources:
        {{- toYaml .Values.worker.resources | nindent 12 }}
          command:
            - "nfd-worker"
          args:
        {{- if not .Values.enableNodeFeatureApi }}
            - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
            - "-enable-nodefeature-api=false"
        {{- end }}
{{- if .Values.tls.enable }}
            - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
            - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
            - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
            - "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
          ports:
            - name: metrics
              containerPort: {{ .Values.worker.metricsPort | default "8081"}}
          volumeMounts:
            - name: host-boot
              mountPath: "/host-boot"
              readOnly: true
            - name: host-os-release
              mountPath: "/host-etc/os-release"
              readOnly: true
            - name: host-sys
              mountPath: "/host-sys"
              readOnly: true
            - name: host-usr-lib
              mountPath: "/host-usr/lib"
              readOnly: true
            - name: host-lib
              mountPath: "/host-lib"
              readOnly: true
        {{- if .Values.worker.mountUsrSrc }}
            - name: host-usr-src
              mountPath: "/host-usr/src"
              readOnly: true
        {{- end }}
            - name: source-d
              mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
              readOnly: true
            - name: features-d
              mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
              readOnly: true
            - name: nfd-worker-conf
              mountPath: "/etc/kubernetes/node-feature-discovery"
              readOnly: true
{{- if .Values.tls.enable }}
            - name: nfd-worker-cert
              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
              readOnly: true
{{- end }}
      volumes:
        - name: host-boot
          hostPath:
            path: "/boot"
        - name: host-os-release
          hostPath:
            path: "/etc/os-release"
        - name: host-sys
          hostPath:
            path: "/sys"
        - name: host-usr-lib
          hostPath:
            path: "/usr/lib"
        - name: host-lib
          hostPath:
            path: "/lib"
        {{- if .Values.worker.mountUsrSrc }}
        - name: host-usr-src
          hostPath:
            path: "/usr/src"
        {{- end }}
        - name: source-d
          hostPath:
            path: "/etc/kubernetes/node-feature-discovery/source.d/"
        - name: features-d
          hostPath:
            path: "/etc/kubernetes/node-feature-discovery/features.d/"
        - name: nfd-worker-conf
          configMap:
            name: {{ include "node-feature-discovery.fullname" . }}-worker-conf
            items:
              - key: nfd-worker.conf
                path: nfd-worker.conf
{{- if .Values.tls.enable }}
        - name: nfd-worker-cert
          secret:
            secretName: nfd-worker-cert
{{- end }}
    {{- with .Values.worker.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.worker.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.worker.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.worker.priorityClassName }}
      priorityClassName: {{ . | quote }}
    {{- end }}
{{- end }}07070100000017000041ed00000000000000000000000168cdbe5600000000000000000000000000000000000000000000001b00000000charts/sriov-nfd/templates07070100000018000081a400000000000000000000000168cdbe5600003d1f000000000000000000000000000000000000001d00000000charts/sriov-nfd/values.yamlimage:
  repository: registry.rancher.com/rancher/hardened-node-feature-discovery
  # This should be set to 'IfNotPresent' for released version
  pullPolicy: IfNotPresent
  # tag, if defined will use the given image tag, else Chart.AppVersion will be used
  tag: v0.15.7-build20250425
imagePullSecrets: []

nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""

enableNodeFeatureApi: true

master:
  enable: true
  config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
  # noPublish: false
  # autoDefaultNs: true
  # extraLabelNs: ["added.ns.io","added.kubernets.io"]
  # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
  # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
  # enableTaints: false
  # labelWhiteList: "foo"
  # resyncPeriod: "2h"
  # klog:
  #    addDirHeader: false
  #    alsologtostderr: false
  #    logBacktraceAt:
  #    logtostderr: true
  #    skipHeaders: false
  #    stderrthreshold: 2
  #    v: 0
  #    vmodule:
  ##   NOTE: the following options are not dynamically run-time configurable
  ##         and require a nfd-master restart to take effect after being changed
  #    logDir:
  #    logFile:
  #    logFileMaxSize: 1800
  #    skipLogHeaders: false
  # leaderElection:
  #   leaseDuration: 15s
  #   # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
  #   renewDeadline: 10s
  #   # this value has to be greater than 0
  #   retryPeriod: 2s
  # nfdApiParallelism: 10
  ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
  # The TCP port that nfd-master listens for incoming requests. Default: 8080
  # Deprecated this parameter is related to the deprecated gRPC API and will
  # be removed with it in a future release
  port: 8080
  metricsPort: 8081
  instance:
  featureApi:
  resyncPeriod:
  denyLabelNs: []
  extraLabelNs: []
  resourceLabels: []
  enableTaints: false
  crdController: null
  featureRulesController: null
  nfdApiParallelism: null
  deploymentAnnotations: {}
  replicaCount: 1

  podSecurityContext: {}
  # fsGroup: 2000

  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop: [ "ALL" ]
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    # runAsUser: 1000

  serviceAccount:
    # Specifies whether a service account should be created
    create: true
    # Annotations to add to the service account
    annotations: {}
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name:

  rbac:
    create: true

  service:
    type: ClusterIP
    port: 8080

  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
  #   memory: 128Mi

  nodeSelector: {}

  tolerations:
    - key: "node-role.kubernetes.io/master"
      operator: "Equal"
      value: ""
      effect: "NoSchedule"
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Equal"
      value: ""
      effect: "NoSchedule"

  annotations: {}

  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 1
          preference:
            matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: In
                values: [""]
        - weight: 1
          preference:
            matchExpressions:
              - key: "node-role.kubernetes.io/control-plane"
                operator: In
                values: [""]

worker:
  enable: true
  config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
  #core:
  #  labelWhiteList:
  #  noPublish: false
  #  sleepInterval: 60s
  #  featureSources: [all]
  #  labelSources: [all]
  #  klog:
  #    addDirHeader: false
  #    alsologtostderr: false
  #    logBacktraceAt:
  #    logtostderr: true
  #    skipHeaders: false
  #    stderrthreshold: 2
  #    v: 0
  #    vmodule:
  ##   NOTE: the following options are not dynamically run-time configurable
  ##         and require a nfd-worker restart to take effect after being changed
  #    logDir:
  #    logFile:
  #    logFileMaxSize: 1800
  #    skipLogHeaders: false
  #sources:
  #  cpu:
  #    cpuid:
  ##     NOTE: whitelist has priority over blacklist
  #      attributeBlacklist:
  #        - "BMI1"
  #        - "BMI2"
  #        - "CLMUL"
  #        - "CMOV"
  #        - "CX16"
  #        - "ERMS"
  #        - "F16C"
  #        - "HTT"
  #        - "LZCNT"
  #        - "MMX"
  #        - "MMXEXT"
  #        - "NX"
  #        - "POPCNT"
  #        - "RDRAND"
  #        - "RDSEED"
  #        - "RDTSCP"
  #        - "SGX"
  #        - "SSE"
  #        - "SSE2"
  #        - "SSE3"
  #        - "SSE4"
  #        - "SSE42"
  #        - "SSSE3"
  #        - "TDX_GUEST"
  #      attributeWhitelist:
  #  kernel:
  #    kconfigFile: "/path/to/kconfig"
  #    configOpts:
  #      - "NO_HZ"
  #      - "X86"
  #      - "DMI"
  #  pci:
  #    deviceClassWhitelist:
  #      - "0200"
  #      - "03"
  #      - "12"
  #    deviceLabelFields:
  #      - "class"
  #      - "vendor"
  #      - "device"
  #      - "subsystem_vendor"
  #      - "subsystem_device"
  #  usb:
  #    deviceClassWhitelist:
  #      - "0e"
  #      - "ef"
  #      - "fe"
  #      - "ff"
  #    deviceLabelFields:
  #      - "class"
  #      - "vendor"
  #      - "device"
  #  local:
  #    hooksEnabled: false
  #  custom:
  #    # The following feature demonstrates the capabilities of the matchFeatures
  #    - name: "my custom rule"
  #      labels:
  #        "vendor.io/my-ng-feature": "true"
  #      # matchFeatures implements a logical AND over all matcher terms in the
  #      # list (i.e. all of the terms, or per-feature matchers, must match)
  #      matchFeatures:
  #        - feature: cpu.cpuid
  #          matchExpressions:
  #            AVX512F: {op: Exists}
  #        - feature: cpu.cstate
  #          matchExpressions:
  #            enabled: {op: IsTrue}
  #        - feature: cpu.pstate
  #          matchExpressions:
  #            no_turbo: {op: IsFalse}
  #            scaling_governor: {op: In, value: ["performance"]}
  #        - feature: cpu.rdt
  #          matchExpressions:
  #            RDTL3CA: {op: Exists}
  #        - feature: cpu.sst
  #          matchExpressions:
  #            bf.enabled: {op: IsTrue}
  #        - feature: cpu.topology
  #          matchExpressions:
  #            hardware_multithreading: {op: IsFalse}
  #
  #        - feature: kernel.config
  #          matchExpressions:
  #            X86: {op: Exists}
  #            LSM: {op: InRegexp, value: ["apparmor"]}
  #        - feature: kernel.loadedmodule
  #          matchExpressions:
  #            e1000e: {op: Exists}
  #        - feature: kernel.selinux
  #          matchExpressions:
  #            enabled: {op: IsFalse}
  #        - feature: kernel.version
  #          matchExpressions:
  #            major: {op: In, value: ["5"]}
  #            minor: {op: Gt, value: ["10"]}
  #
  #        - feature: storage.block
  #          matchExpressions:
  #            rotational: {op: In, value: ["0"]}
  #            dax: {op: In, value: ["0"]}
  #
  #        - feature: network.device
  #          matchExpressions:
  #            operstate: {op: In, value: ["up"]}
  #            speed: {op: Gt, value: ["100"]}
  #
  #        - feature: memory.numa
  #          matchExpressions:
  #            node_count: {op: Gt, value: ["2"]}
  #        - feature: memory.nv
  #          matchExpressions:
  #            devtype: {op: In, value: ["nd_dax"]}
  #            mode: {op: In, value: ["memory"]}
  #
  #        - feature: system.osrelease
  #          matchExpressions:
  #            ID: {op: In, value: ["fedora", "centos"]}
  #        - feature: system.name
  #          matchExpressions:
  #            nodename: {op: InRegexp, value: ["^worker-X"]}
  #
  #        - feature: local.label
  #          matchExpressions:
  #            custom-feature-knob: {op: Gt, value: ["100"]}
  #
  #    # The following feature demonstrates the capabilities of the matchAny
  #    - name: "my matchAny rule"
  #      labels:
  #        "vendor.io/my-ng-feature-2": "my-value"
  #      # matchAny implements a logical IF over all elements (sub-matchers) in
  #      # the list (i.e. at least one feature matcher must match)
  #      matchAny:
  #        - matchFeatures:
  #            - feature: kernel.loadedmodule
  #              matchExpressions:
  #                driver-module-X: {op: Exists}
  #            - feature: pci.device
  #              matchExpressions:
  #                vendor: {op: In, value: ["8086"]}
  #                class: {op: In, value: ["0200"]}
  #        - matchFeatures:
  #            - feature: kernel.loadedmodule
  #              matchExpressions:
  #                driver-module-Y: {op: Exists}
  #            - feature: usb.device
  #              matchExpressions:
  #                vendor: {op: In, value: ["8086"]}
  #                class: {op: In, value: ["02"]}
  #
  #    - name: "avx wildcard rule"
  #      labels:
  #        "my-avx-feature": "true"
  #      matchFeatures:
  #        - feature: cpu.cpuid
  #          matchName: {op: InRegexp, value: ["^AVX512"]}
  #
  #    # The following features demonstreate label templating capabilities
  #    - name: "my template rule"
  #      labelsTemplate: |
  #        {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
  #        {{ end }}
  #      matchFeatures:
  #        - feature: system.osrelease
  #          matchExpressions:
  #            ID: {op: InRegexp, value: ["^open.*"]}
  #            VERSION_ID.major: {op: In, value: ["13", "15"]}
  #
  #    - name: "my template rule 2"
  #      labelsTemplate: |
  #        {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
  #        {{ end }}
  #      matchFeatures:
  #        - feature: pci.device
  #          matchExpressions:
  #            class: {op: InRegexp, value: ["^06"]}
  #            vendor: ["8086"]
  #        - feature: cpu.cpuid
  #          matchExpressions:
  #            AVX: {op: Exists}
  #
  #    # The following examples demonstrate vars field and back-referencing
  #    # previous labels and vars
  #    - name: "my dummy kernel rule"
  #      labels:
  #        "vendor.io/my.kernel.feature": "true"
  #      matchFeatures:
  #        - feature: kernel.version
  #          matchExpressions:
  #            major: {op: Gt, value: ["2"]}
  #
  #    - name: "my dummy rule with no labels"
  #      vars:
  #        "my.dummy.var": "1"
  #      matchFeatures:
  #        - feature: cpu.cpuid
  #          matchExpressions: {}
  #
  #    - name: "my rule using backrefs"
  #      labels:
  #        "vendor.io/my.backref.feature": "true"
  #      matchFeatures:
  #        - feature: rule.matched
  #          matchExpressions:
  #            vendor.io/my.kernel.feature: {op: IsTrue}
  #            my.dummy.var: {op: Gt, value: ["0"]}
  #
  #    - name: "kconfig template rule"
  #      labelsTemplate: |
  #        {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
  #        {{ end }}
  #      matchFeatures:
  #        - feature: kernel.config
  #          matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
  ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>

  metricsPort: 8081
  daemonsetAnnotations: {}
  podSecurityContext: {}
  # fsGroup: 2000

  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop: [ "ALL" ]
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    # runAsUser: 1000

  serviceAccount:
    # Specifies whether a service account should be created.
    # We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
    create: true
    # Annotations to add to the service account
    annotations: {}
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name:

  rbac:
    create: true

  # Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x
  # Does not work on systems without /usr/src AND a read-only /usr, such as Talos
  mountUsrSrc: false

  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
  #   memory: 128Mi

  nodeSelector: {}

  tolerations: []

  annotations: {}

  affinity: {}

  priorityClassName: ""

topologyUpdater:
  config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
  ## key = node name, value = list of resources to be excluded.
  ## use * to exclude from all nodes.
  ## an example for how the exclude list should looks like
  #excludeList:
  #  node1: [cpu]
  #  node2: [memory, example/deviceA]
  #  *: [hugepages-2Mi]
  ### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>

  enable: false
  createCRDs: false

  serviceAccount:
    create: true
    annotations: {}
    name:
  rbac:
    create: true

  metricsPort: 8081
  kubeletConfigPath:
  kubeletPodResourcesSockPath:
  updateInterval: 60s
  watchNamespace: "*"
  kubeletStateDir: /var/lib/kubelet

  podSecurityContext: {}
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop: [ "ALL" ]
    readOnlyRootFilesystem: true
    runAsUser: 0

  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
  #   memory: 128Mi

  nodeSelector: {}
  tolerations: []
  annotations: {}
  daemonsetAnnotations: {}
  affinity: {}
  podSetFingerprint: true

gc:
  enable: true
  replicaCount: 1

  serviceAccount:
    create: true
    annotations: {}
    name:
  rbac:
    create: true

  interval: 1h

  podSecurityContext: {}

  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
  #   memory: 128Mi

  metricsPort: 8081

  nodeSelector: {}
  tolerations: []
  annotations: {}
  deploymentAnnotations: {}
  affinity: {}

# Optionally use encryption for worker <--> master comms
# TODO: verify hostname is not yet supported
#
# If you do not enable certManager (and have it installed) you will
# need to manually, or otherwise, provision the TLS certs as secrets
tls:
  enable: false
  certManager: false

prometheus:
  enable: false
  labels: {}07070100000019000041ed00000000000000000000000168cdbe5600000000000000000000000000000000000000000000001100000000charts/sriov-nfd0707010000001a000041ed00000000000000000000000168cdbe5600000000000000000000000000000000000000000000000700000000charts07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
openSUSE Build Service is sponsored by