From cfaa44de1025fae6610ac865829d5022c4819af2 Mon Sep 17 00:00:00 2001 From: Swati Sehgal Date: Mon, 29 Jun 2020 15:48:00 +0100 Subject: [PATCH] NodeTopologyResource ClusterRole and ClusterRoleBinding - Required to access NodeResourceTopology CRD instances - Update minor formatting issues Signed-off-by: Swati Sehgal Signed-off-by: Alexey Perevalov --- ...ovisioning-resources-with-numa-topology.md | 42 +++++++++++++++++-- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/keps/sig-node/20200619-provisioning-resources-with-numa-topology.md b/keps/sig-node/20200619-provisioning-resources-with-numa-topology.md index 44eaa6bc6094..35cd5bd77266 100644 --- a/keps/sig-node/20200619-provisioning-resources-with-numa-topology.md +++ b/keps/sig-node/20200619-provisioning-resources-with-numa-topology.md @@ -10,11 +10,12 @@ participating-sigs: reviewers: - "@dchen1107" - "@derekwaynecarr" + - "@klueska" approvers: - "@dchen1107" - "@derekwaynecarr" creation-date: 2020-06-19 -last-updated: 2020-06-19 +last-updated: 2020-08-12 status: implementable see-also: - "/keps/sig-scheduling/20200612-deducted-topology-manager.md" @@ -38,8 +39,8 @@ see-also: - [Graduation Criteria](#graduation-criteria) - [Implementation History](#implementation-history) - [Alternatives](#alternatives) - - [Annotation approach] (#annotation-approach) - - [NUMA specification in ResourceName] (#numa-in-resourcename) + - [Annotation approach](#annotation-approach) + - [NUMA specification in ResourceName](#numa-in-resourcename) ## Summary @@ -168,6 +169,41 @@ One CRD instance contains information of available resources of the appropriate ### Integration into Node Feature Discovery +In order to allow the NFD-master Daemon to create, get, update, delete NodeResourceTopology CRD instances, ClusterRole and ClusterRoleBinding would have to be configured as below: + +``` yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: noderesourcetopology-handler +rules: +- apiGroups: ["topology.node.k8s.io"] + resources: ["noderesourcetopologies"] + verbs: ["*"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: handle-noderesourcetopology +subjects: +- kind: ServiceAccount + name: noderesourcetopology-account + namespace: default +roleRef: + kind: ClusterRole + name: noderesourcetopology-handler + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: noderesourcetopology-account +``` + +`serviceAccountName: noderesourcetopology-account` would have to be added to the manifest file of the Daemon. ### Graduation Criteria