Skip to content

Commit

Permalink
docs: add feature gates to our readme
Browse files Browse the repository at this point in the history
Signed-off-by: Tobias Giese <tgiese@nvidia.com>
  • Loading branch information
tobiasgiese committed Aug 12, 2024
1 parent 2dec53f commit 3ecd11a
Showing 1 changed file with 36 additions and 9 deletions.
45 changes: 36 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -327,19 +327,35 @@ spec:
node-role.kubernetes.io/worker: ""
```

### Resource Injector Policy
## Feature Gates

By default, the Resource injector webhook has a failed policy of ignored, this was implemented to not block pod creation
in case the webhook is not available.
Feature gates are used to enable or disable specific features in the operator.

with a feature introduced in Kubernetes 1.28(Beta) called [MatchConditions](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchconditions)
we can move the webhook failed policy to be Fail. In this case the operator configured the Mutating webhook for the resource
injector only on pods with the secondary network annotation of `k8s.v1.cni.cncf.io/networks`.
It's possible to enable the feature with a FeatureGate via the SriovOperatorConfig object
### Available Feature Gates

> **NOTE**: the feature is disabled by default
1. **Parallel NIC Configuration** (`parallelNicConfig`)
- **Description:** Allows the configuration of NICs in parallel, which can potentially reduce the time required for network setup.
- **Default:** Disabled

**Example**:
2. **Resource Injector Match Condition** (`resourceInjectorMatchCondition`)
- **Description:** Switches the resource injector's webhook failure policy from "Ignore" to "Fail" by utilizing the `MatchConditions` feature introduced in Kubernetes 1.28. This ensures the webhook only targets pods with the `k8s.v1.cni.cncf.io/networks` annotation, improving reliability without affecting other pods.
- **Default:** Disabled

3. **Metrics Exporter** (`metricsExporter`)
- **Description:** Enables the metrics exporter on the same node where the config-daemon is running. This helps in collecting and exporting metrics related to SR-IOV network devices.
- **Default:** Disabled

4. **Manage Software Bridges** (`manageSoftwareBridges`)
- **Description:** Allows the operator to manage software bridges. This feature gate is useful for environments where SDN is used, and bridge management is required.
- **Default:** Disabled

5. **Mellanox Firmware Reset** (`mellanoxFirmwareReset`)
- **Description:** Enables the firmware reset via `mstfwreset` before a system reboot. This feature is specific to Mellanox network devices and is used to ensure that the firmware is properly reset during system maintenance.
- **Default:** Disabled

### Enabling Feature Gates

To enable a feature gate, add it to your configuration file or command line with the desired state. For example, to enable the `resourceInjectorMatchCondition` feature gate, you would specify:

```yaml
apiVersion: sriovnetwork.openshift.io/v1
Expand All @@ -354,6 +370,17 @@ spec:
...
```

or on the command line:

```bash
--feature-gates=parallelNicConfig=true
```

### Important Notes

- **Compatibility:** Ensure that enabling any feature gate is compatible with your current setup and version.
- **Testing:** It's recommended to thoroughly test any enabled feature in a staging environment before deploying it to production.

## Components and design

This operator is split into 2 components:
Expand Down

0 comments on commit 3ecd11a

Please sign in to comment.