nfd-master: add -disable-featurerules flag

Implements a flag for disabling the processing of NodeFeatureRule CRs.
In practice, this currently completely disables the CR controller.

cmd/nfd-master/main.go

@@ -96,6 +96,8 @@ func initFlags(flagset *flag.FlagSet) *master.Args {
 			"NB: the label namespace is omitted i.e. the filter is only applied to the name part after '/'.")
 	flagset.BoolVar(&args.NoPublish, "no-publish", false,
 		"Do not publish feature labels")
+	flagset.BoolVar(&args.DisableFeatureRules, "disable-featurerules", false,
+		"Disable processing of NodeFeatureRule CRs")
 	flagset.IntVar(&args.Port, "port", 8080,
 		"Port on which to listen for connections.")
 	flagset.BoolVar(&args.Prune, "prune", false,

deployment/helm/node-feature-discovery/templates/master.yaml

@@ -62,6 +62,9 @@ spec:
             {{- if .Values.master.extraLabelNs | empty | not }}
             - "--extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
             {{- end }}
+            {{- if .Values.master.disableFeatureRules }}
+            - "-disable-featurerules"
+            {{- end }}
 ## Enable TLS authentication
 ## The example below assumes having the root certificate named ca.crt stored in
 ## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored

deployment/helm/node-feature-discovery/values.yaml

@@ -24,6 +24,7 @@ nodeFeatureRule:
 master:
   instance:
   extraLabelNs: []
+  disableFeatureRules: false
 
   replicaCount: 1
 

docs/advanced/master-commandline-reference.md

@@ -151,6 +151,20 @@ Example:
 nfd-master -no-publish
 ```
 
+### -disable-featurerules
+
+The `-disable-featurerules` flag disables processing of NodeFeatureRule
+objects, effectively disabling/removing labels from these custom labeling
+rules.
+
+Default: *false*
+
+Example:
+
+```bash
+nfd-master -disable-featurerules
+```
+
 ### -label-whitelist
 
 The `-label-whitelist` specifies a regular expression for filtering feature

docs/get-started/deployment-and-usage.md

@@ -299,6 +299,7 @@ We have introduced the following Chart parameters.
 | `master.*`                  | dict    |                                         | NFD master deployment configuration                                                                                                      |
 | `master.instance`           | string  |                                         | Instance name. Used to separate annotation namespaces for multiple parallel deployments                                                  |
 | `master.extraLabelNs`       | array   | []                                      | List of allowed extra label namespaces                                                                                                   |
+| `master.disableFeatureRules`| bool    | False                                   | Disable processing of NodeFeatureRule CRs                                                                                                |
 | `master.replicaCount`       | integer | 1                                       | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified                                         |
 | `master.podSecurityContext` | dict    | {}                                      | SecurityContext holds pod-level security attributes and common container settings                                                        |
 | `master.service.type`       | string  | ClusterIP                               | NFD master service type                                                                                                                  |

pkg/nfd-client/topology-updater/nfd-topology-updater_test.go

@@ -41,6 +41,7 @@ func setupTest(args *nfdmaster.Args) testContext {
 	// Fixed port and no-publish, for convenience
 	args.NoPublish = true
 	args.Port = 8192
+	args.DisableFeatureRules = true
 	m, err := nfdmaster.NewNfdMaster(args)
 	if err != nil {
 		fmt.Printf("Test setup failed: %v\n", err)

pkg/nfd-client/worker/nfd-worker_test.go

@@ -40,6 +40,7 @@ type testContext struct {
 func setupTest(args *master.Args) testContext {
 	// Fixed port and no-publish, for convenience
 	args.NoPublish = true
+	args.DisableFeatureRules = true
 	args.Port = 8192
 	args.LabelWhiteList.Regexp = *regexp.MustCompile("")
 	m, err := master.NewNfdMaster(args)

pkg/nfd-master/nfd-master.go

@@ -84,18 +84,19 @@ type Annotations map[string]string
 
 // Args holds command line arguments
 type Args struct {
-	CaFile         string
-	CertFile       string
-	ExtraLabelNs   utils.StringSetVal
-	Instance       string
-	KeyFile        string
-	Kubeconfig     string
-	LabelWhiteList utils.RegexpVal
-	NoPublish      bool
-	Port           int
-	Prune          bool
-	VerifyNodeName bool
-	ResourceLabels utils.StringSetVal
+	CaFile              string
+	CertFile            string
+	ExtraLabelNs        utils.StringSetVal
+	Instance            string
+	KeyFile             string
+	Kubeconfig          string
+	LabelWhiteList      utils.RegexpVal
+	DisableFeatureRules bool
+	NoPublish           bool
+	Port                int
+	Prune               bool
+	VerifyNodeName      bool
+	ResourceLabels      utils.StringSetVal
 }
 
 type NfdMaster interface {
@@ -174,11 +175,13 @@ func (m *nfdMaster) Run() error {
 		return m.prune()
 	}
 
-	kubeconfig, err := m.getKubeconfig()
-	if err != nil {
-		return err
+	if !m.args.DisableFeatureRules {
+		kubeconfig, err := m.getKubeconfig()
+		if err != nil {
+			return err
+		}
+		m.nfdController = newNfdController(kubeconfig)
 	}
-	m.nfdController = newNfdController(kubeconfig)
 
 	if !m.args.NoPublish {
 		err := m.updateMasterNode()