README.md

@@ -12,7 +12,7 @@ features and system configuration!
 #### Quick-start – the short-short version
 
 ```bash
-$ kubectl apply -k "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.17.0
+$ kubectl apply -k "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.17.1
   namespace/node-feature-discovery created
   customresourcedefinition.apiextensions.k8s.io/nodefeaturerules.nfd.k8s-sigs.io created
   customresourcedefinition.apiextensions.k8s.io/nodefeatures.nfd.k8s-sigs.io created

deployment/base/gc/gc.yaml

@@ -17,7 +17,7 @@ spec:
       serviceAccount: nfd-gc
       containers:
         - name: nfd-gc
-          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1
           imagePullPolicy: IfNotPresent
           resources:
             limits:

deployment/base/master/master-deployment.yaml

@@ -19,7 +19,7 @@ spec:
       tolerations: []
       containers:
         - name: nfd-master
-          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1
           imagePullPolicy: IfNotPresent
           resources:
             limits:

deployment/base/rbac/worker-role.yaml

@@ -11,6 +11,7 @@ rules:
   - create
   - get
   - update
+  - delete
 - apiGroups:
   - ""
   resources:

deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml

@@ -17,7 +17,7 @@ spec:
       serviceAccount: nfd-topology-updater
       containers:
         - name: nfd-topology-updater
-          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1
           imagePullPolicy: IfNotPresent
           livenessProbe:
             grpc:

deployment/base/worker-daemonset/worker-daemonset.yaml

@@ -17,7 +17,7 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       containers:
         - name: nfd-worker
-          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1
           imagePullPolicy: IfNotPresent
           livenessProbe:
             grpc:

deployment/base/worker-job/worker-job.yaml

@@ -27,7 +27,7 @@ spec:
                       - nfd-worker
       containers:
         - name: nfd-worker
-          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1
           imagePullPolicy: IfNotPresent
           command:
             - "nfd-worker"

deployment/helm/node-feature-discovery/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.17.0
+appVersion: v0.17.1
 description: |
   Detects hardware features available on each node in a Kubernetes cluster, and advertises
   those features using node labels.

deployment/helm/node-feature-discovery/templates/role.yaml

@@ -15,6 +15,7 @@ rules:
   - create
   - get
   - update
+  - delete
 - apiGroups:
   - ""
   resources:

deployment/overlays/prune/master-job.yaml

@@ -15,7 +15,7 @@ spec:
       tolerations: []
       containers:
         - name: nfd-master
-          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+          image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1
           imagePullPolicy: IfNotPresent
           command:
             - "nfd-master"

docs/_config.yml

@@ -55,7 +55,7 @@ scss: |
 # Release is the full released version number. Used to make external links to
 # point to the correct blobs in the Github repo. This is also the version shown
 # in the sidebar (top left corner of the page)
-release: v0.17.0
+release: v0.17.1
 
 # Container image which to point to in the documentation
-container_image: registry.k8s.io/nfd/node-feature-discovery:v0.17.0
+container_image: registry.k8s.io/nfd/node-feature-discovery:v0.17.1

pkg/apis/nfd/nodefeaturerule/rule.go

@@ -269,7 +269,11 @@ func evaluateFeatureMatcher(m *nfdv1alpha1.FeatureMatcher, features *nfdv1alpha1
 		fI, okI := features.Instances[featureName]
 		if !okF && !okA && !okI {
 			klog.V(2).InfoS("feature not available", "featureName", featureName)
-			return false, nil, nil
+			if failFast {
+				return false, nil, nil
+			}
+			isMatch = false
+			continue
 		}
 
 		if term.MatchExpressions != nil {

pkg/client-nfd/compat/artifact-client/client.go

@@ -22,6 +22,8 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"slices"
+	"time"
 
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	oras "oras.land/oras-go/v2"
@@ -34,6 +36,10 @@ import (
 	compatv1alpha1 "sigs.k8s.io/node-feature-discovery/api/image-compatibility/v1alpha1"
 )
 
+const (
+	ArtifactCreationTimestampKey = "org.opencontainers.image.created"
+)
+
 // ArtifactClient interface contain set of functions to manipulate compatibility artfact.
 type ArtifactClient interface {
 	// FetchCompatibilitySpec downloads the compatibility specifcation associated with the image.
@@ -90,6 +96,14 @@ func (c *Client) FetchCompatibilitySpec(ctx context.Context) (*compatv1alpha1.Sp
 	} else if len(descs) < 1 {
 		return nil, fmt.Errorf("compatibility artifact not found")
 	}
+
+	// Sort the artifacts in desc order.
+	// If the artifact does not have creation timestamp it will be moved to the top of the slice.
+	slices.SortFunc(descs, func(i, j ocispec.Descriptor) int {
+		it, _ := time.Parse(time.RFC3339, i.Annotations[ArtifactCreationTimestampKey])
+		jt, _ := time.Parse(time.RFC3339, j.Annotations[ArtifactCreationTimestampKey])
+		return it.Compare(jt)
+	})
 	artifactDesc := descs[len(descs)-1]
 
 	_, content, err := oras.FetchBytes(ctx, repo.Manifests(), artifactDesc.Digest.String(), oras.DefaultFetchBytesOptions)

pkg/client-nfd/compat/node-validator/node-validator.go

@@ -97,6 +97,7 @@ func (nv *nodeValidator) Execute(ctx context.Context) ([]*CompatibilityStatus, e
 }
 
 func evaluateRuleStatus(rule *nfdv1alpha1.Rule, matchStatus *nodefeaturerule.MatchStatus) ProcessedRuleStatus {
+	var matchedFeatureTerms nfdv1alpha1.FeatureMatcher
 	out := ProcessedRuleStatus{Name: rule.Name, IsMatch: matchStatus.IsMatch}
 
 	evaluateFeatureMatcher := func(featureMatcher, matchedFeatureTerms nfdv1alpha1.FeatureMatcher) []MatchedExpression {
@@ -163,11 +164,17 @@ func evaluateRuleStatus(rule *nfdv1alpha1.Rule, matchStatus *nodefeaturerule.Mat
 	}
 
 	if matchFeatures := rule.MatchFeatures; matchFeatures != nil {
-		out.MatchedExpressions = evaluateFeatureMatcher(matchFeatures, matchStatus.MatchedFeaturesTerms)
+		if matchStatus.MatchFeatureStatus != nil {
+			matchedFeatureTerms = matchStatus.MatchFeatureStatus.MatchedFeaturesTerms
+		}
+		out.MatchedExpressions = evaluateFeatureMatcher(matchFeatures, matchedFeatureTerms)
 	}
 
 	for i, matchAnyElem := range rule.MatchAny {
-		matchedExpressions := evaluateFeatureMatcher(matchAnyElem.MatchFeatures, matchStatus.MatchAny[i].MatchedFeaturesTerms)
+		if matchStatus.MatchAny[i].MatchedFeaturesTerms != nil {
+			matchedFeatureTerms = matchStatus.MatchAny[i].MatchedFeaturesTerms
+		}
+		matchedExpressions := evaluateFeatureMatcher(matchAnyElem.MatchFeatures, matchedFeatureTerms)
 		out.MatchedAny = append(out.MatchedAny, MatchAnyElem{MatchedExpressions: matchedExpressions})
 	}
 

pkg/client-nfd/compat/node-validator/node-validator_test.go

@@ -114,6 +114,17 @@ func TestNodeValidator(t *testing.T) {
 								},
 							},
 						},
+						{
+							Name: "fake_5",
+							MatchFeatures: v1alpha1.FeatureMatcher{
+								{
+									Feature: "unknown.unknown",
+									MatchExpressions: &v1alpha1.MatchExpressionSet{
+										"name": &v1alpha1.MatchExpression{Op: v1alpha1.MatchIn, Value: v1alpha1.MatchValue{"instance_1"}},
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -219,6 +230,19 @@ func TestNodeValidator(t *testing.T) {
 							},
 						},
 					},
+					{
+						Name:    "fake_5",
+						IsMatch: false,
+						MatchedExpressions: []MatchedExpression{
+							{
+								Feature:     "unknown.unknown",
+								Name:        "name",
+								Expression:  &v1alpha1.MatchExpression{Op: v1alpha1.MatchIn, Value: v1alpha1.MatchValue{"instance_1"}},
+								MatcherType: MatchExpressionType,
+								IsMatch:     false,
+							},
+						},
+					},
 				},
 			},
 		}

pkg/nfd-worker/nfd-worker.go

@@ -37,6 +37,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation"
 	k8sclient "k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
+	"k8s.io/utils/ptr"
 	klogutils "sigs.k8s.io/node-feature-discovery/pkg/utils/klog"
 	"sigs.k8s.io/yaml"
 
@@ -280,7 +281,10 @@ func (w *nfdWorker) setOwnerReference() error {
 				klog.ErrorS(err, "failed to get self pod, cannot inherit ownerReference for NodeFeature")
 				return err
 			} else {
-				ownerReference = append(ownerReference, selfPod.OwnerReferences...)
+				for _, owner := range selfPod.OwnerReferences {
+					owner.BlockOwnerDeletion = ptr.To(false)
+					ownerReference = append(ownerReference, owner)
+				}
 			}
 
 			podUID := os.Getenv("POD_UID")

test/e2e/utils/rbac.go

@@ -227,7 +227,7 @@ func createRoleWorker(ctx context.Context, cs clientset.Interface, ns string) (*
 			{
 				APIGroups: []string{"nfd.k8s-sigs.io"},
 				Resources: []string{"nodefeatures"},
-				Verbs:     []string{"create", "get", "update"},
+				Verbs:     []string{"create", "get", "update", "delete"},
 			},
 			{
 				APIGroups: []string{""},