From 93223b1fc5f36917ffcdf0699ee67bfa615e08d2 Mon Sep 17 00:00:00 2001
From: Markus Lehtonen <markus.lehtonen@intel.com>
Date: Wed, 9 Jun 2021 07:41:39 +0300
Subject: [PATCH] nfd-master: add -disable-featurerules flag

Implements a flag for disabling the processing of NodeFeatureRule CRs.
In practice, this currently completely disables the CR controller.
---
 cmd/nfd-master/main.go                        |  2 ++
 .../templates/master.yaml                     |  3 ++
 .../helm/node-feature-discovery/values.yaml   |  1 +
 docs/advanced/master-commandline-reference.md | 14 ++++++++
 docs/get-started/deployment-and-usage.md      |  1 +
 .../nfd-topology-updater_test.go              |  1 +
 pkg/nfd-client/worker/nfd-worker_test.go      |  1 +
 pkg/nfd-master/nfd-master.go                  | 35 ++++++++++---------
 8 files changed, 42 insertions(+), 16 deletions(-)

diff --git a/cmd/nfd-master/main.go b/cmd/nfd-master/main.go
index ca2a576dcf..bfa5c85b92 100644
--- a/cmd/nfd-master/main.go
+++ b/cmd/nfd-master/main.go
@@ -96,6 +96,8 @@ func initFlags(flagset *flag.FlagSet) *master.Args {
 			"NB: the label namespace is omitted i.e. the filter is only applied to the name part after '/'.")
 	flagset.BoolVar(&args.NoPublish, "no-publish", false,
 		"Do not publish feature labels")
+	flagset.BoolVar(&args.DisableFeatureRules, "disable-featurerules", false,
+		"Disable processing of NodeFeatureRule CRs")
 	flagset.IntVar(&args.Port, "port", 8080,
 		"Port on which to listen for connections.")
 	flagset.BoolVar(&args.Prune, "prune", false,
diff --git a/deployment/helm/node-feature-discovery/templates/master.yaml b/deployment/helm/node-feature-discovery/templates/master.yaml
index 63dea55d08..2c8ad0b162 100644
--- a/deployment/helm/node-feature-discovery/templates/master.yaml
+++ b/deployment/helm/node-feature-discovery/templates/master.yaml
@@ -62,6 +62,9 @@ spec:
             {{- if .Values.master.extraLabelNs | empty | not }}
             - "--extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
             {{- end }}
+            {{- if .Values.master.disableFeatureRules }}
+            - "-disable-featurerules"
+            {{- end }}
 ## Enable TLS authentication
 ## The example below assumes having the root certificate named ca.crt stored in
 ## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
diff --git a/deployment/helm/node-feature-discovery/values.yaml b/deployment/helm/node-feature-discovery/values.yaml
index 1765d65e37..b3d605a6b1 100644
--- a/deployment/helm/node-feature-discovery/values.yaml
+++ b/deployment/helm/node-feature-discovery/values.yaml
@@ -24,6 +24,7 @@ nodeFeatureRule:
 master:
   instance:
   extraLabelNs: []
+  disableFeatureRules: false
 
   replicaCount: 1
 
diff --git a/docs/advanced/master-commandline-reference.md b/docs/advanced/master-commandline-reference.md
index b4af90d12c..708b9e547d 100644
--- a/docs/advanced/master-commandline-reference.md
+++ b/docs/advanced/master-commandline-reference.md
@@ -151,6 +151,20 @@ Example:
 nfd-master -no-publish
 ```
 
+### -disable-featurerules
+
+The `-disable-featurerules` flag disables processing of NodeFeatureRule
+objects, effectively disabling/removing labels from these custom labeling
+rules.
+
+Default: *false*
+
+Example:
+
+```bash
+nfd-master -disable-featurerules
+```
+
 ### -label-whitelist
 
 The `-label-whitelist` specifies a regular expression for filtering feature
diff --git a/docs/get-started/deployment-and-usage.md b/docs/get-started/deployment-and-usage.md
index b9035e0407..e38734a7ab 100644
--- a/docs/get-started/deployment-and-usage.md
+++ b/docs/get-started/deployment-and-usage.md
@@ -299,6 +299,7 @@ We have introduced the following Chart parameters.
 | `master.*`                  | dict    |                                         | NFD master deployment configuration                                                                                                      |
 | `master.instance`           | string  |                                         | Instance name. Used to separate annotation namespaces for multiple parallel deployments                                                  |
 | `master.extraLabelNs`       | array   | []                                      | List of allowed extra label namespaces                                                                                                   |
+| `master.disableFeatureRules`| bool    | False                                   | Disable processing of NodeFeatureRule CRs                                                                                                |
 | `master.replicaCount`       | integer | 1                                       | Number of desired pods. This is a pointer to distinguish between explicit zero and not specified                                         |
 | `master.podSecurityContext` | dict    | {}                                      | SecurityContext holds pod-level security attributes and common container settings                                                        |
 | `master.service.type`       | string  | ClusterIP                               | NFD master service type                                                                                                                  |
diff --git a/pkg/nfd-client/topology-updater/nfd-topology-updater_test.go b/pkg/nfd-client/topology-updater/nfd-topology-updater_test.go
index b6f1173f31..1186eca333 100644
--- a/pkg/nfd-client/topology-updater/nfd-topology-updater_test.go
+++ b/pkg/nfd-client/topology-updater/nfd-topology-updater_test.go
@@ -41,6 +41,7 @@ func setupTest(args *nfdmaster.Args) testContext {
 	// Fixed port and no-publish, for convenience
 	args.NoPublish = true
 	args.Port = 8192
+	args.DisableFeatureRules = true
 	m, err := nfdmaster.NewNfdMaster(args)
 	if err != nil {
 		fmt.Printf("Test setup failed: %v\n", err)
diff --git a/pkg/nfd-client/worker/nfd-worker_test.go b/pkg/nfd-client/worker/nfd-worker_test.go
index 41733cf4ff..3dc33ec1d8 100644
--- a/pkg/nfd-client/worker/nfd-worker_test.go
+++ b/pkg/nfd-client/worker/nfd-worker_test.go
@@ -40,6 +40,7 @@ type testContext struct {
 func setupTest(args *master.Args) testContext {
 	// Fixed port and no-publish, for convenience
 	args.NoPublish = true
+	args.DisableFeatureRules = true
 	args.Port = 8192
 	args.LabelWhiteList.Regexp = *regexp.MustCompile("")
 	m, err := master.NewNfdMaster(args)
diff --git a/pkg/nfd-master/nfd-master.go b/pkg/nfd-master/nfd-master.go
index c6f8fb3548..c5ae68ebb0 100644
--- a/pkg/nfd-master/nfd-master.go
+++ b/pkg/nfd-master/nfd-master.go
@@ -84,18 +84,19 @@ type Annotations map[string]string
 
 // Args holds command line arguments
 type Args struct {
-	CaFile         string
-	CertFile       string
-	ExtraLabelNs   utils.StringSetVal
-	Instance       string
-	KeyFile        string
-	Kubeconfig     string
-	LabelWhiteList utils.RegexpVal
-	NoPublish      bool
-	Port           int
-	Prune          bool
-	VerifyNodeName bool
-	ResourceLabels utils.StringSetVal
+	CaFile              string
+	CertFile            string
+	ExtraLabelNs        utils.StringSetVal
+	Instance            string
+	KeyFile             string
+	Kubeconfig          string
+	LabelWhiteList      utils.RegexpVal
+	DisableFeatureRules bool
+	NoPublish           bool
+	Port                int
+	Prune               bool
+	VerifyNodeName      bool
+	ResourceLabels      utils.StringSetVal
 }
 
 type NfdMaster interface {
@@ -174,11 +175,13 @@ func (m *nfdMaster) Run() error {
 		return m.prune()
 	}
 
-	kubeconfig, err := m.getKubeconfig()
-	if err != nil {
-		return err
+	if !m.args.DisableFeatureRules {
+		kubeconfig, err := m.getKubeconfig()
+		if err != nil {
+			return err
+		}
+		m.nfdController = newNfdController(kubeconfig)
 	}
-	m.nfdController = newNfdController(kubeconfig)
 
 	if !m.args.NoPublish {
 		err := m.updateMasterNode()