diff --git a/.github/workflows/operator-ci.yaml b/.github/workflows/operator-ci.yaml index bd62be86..25ad8a56 100644 --- a/.github/workflows/operator-ci.yaml +++ b/.github/workflows/operator-ci.yaml @@ -124,21 +124,11 @@ jobs: # Upload coverage to Coveralls using goveralls (Go-specific tool) - name: Upload coverage to Coveralls if: matrix.test-suite == 'e2e' && matrix.k8s-version == '1.34.0' - env: - COVERALLS_TOKEN: ${{ secrets.COVERALLS_TOKEN }} - run: | - # Install goveralls - go install github.com/mattn/goveralls@latest - # Run goveralls from operator directory (where go.mod is located) - cd operator - # Verify coverage file exists - if [ ! -f reporting/cover.out ]; then - echo "ERROR: Coverage file not found at reporting/cover.out" - ls -la reporting/ || echo "reporting directory does not exist" - exit 1 - fi - # Upload coverage (run from operator/ directory, path is relative to operator/) - goveralls -coverprofile=reporting/cover.out -service=github -repotoken=$COVERALLS_TOKEN + uses: coverallsapp/github-action@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + file: operator/reporting/cover.out + format: golang # Build multi-platform container image and push to registry build-and-push-operator: diff --git a/README.md b/README.md index a366af76..1f1a061d 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ helm search repo skyhook ## should show the latest version # basic install helm install skyhook skyhook/skyhook-operator \ - --version v0.9.2 \ + --version v0.10.1 \ --namespace skyhook \ --create-namespace ``` diff --git a/chart/Chart.yaml b/chart/Chart.yaml index e645466b..235573ee 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -5,7 +5,7 @@ type: application # This is the chart version. This version number must be incremented each time you make changes to the helm chart. OR # it the agent version is updated, or operator version is updated. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v0.10.0 +version: v0.10.1 # This is the version number operator container being deployed. # Versions are expected to follow Semantic Versioning (https://semver.org/) appVersion: v0.10.0 diff --git a/chart/templates/manager-rbac.yaml b/chart/templates/manager-rbac.yaml index aee633f5..efff9a31 100644 --- a/chart/templates/manager-rbac.yaml +++ b/chart/templates/manager-rbac.yaml @@ -99,6 +99,14 @@ rules: - patch - update - watch +- apiGroups: + - skyhook.nvidia.com + resources: + - deploymentpolicies + verbs: + - get + - list + - watch - apiGroups: - skyhook.nvidia.com resources: diff --git a/chart/templates/skyhook-crd.yaml b/chart/templates/skyhook-crd.yaml index 4eb332ea..3f4fe002 100644 --- a/chart/templates/skyhook-crd.yaml +++ b/chart/templates/skyhook-crd.yaml @@ -108,18 +108,7 @@ spec: deploymentPolicy: description: DeploymentPolicy is the name of a DeploymentPolicy for rollout settings - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic + type: string interruptionBudget: description: InterruptionBudget configures how many nodes that match node selectors that allowed to be interrupted at once. diff --git a/docs/kubernetes-support.md b/docs/kubernetes-support.md index 2d9f6f93..6aa3f40b 100644 --- a/docs/kubernetes-support.md +++ b/docs/kubernetes-support.md @@ -57,7 +57,7 @@ We understand many installations run slightly older Kubernetes versions. Our str **Choose your Skyhook version based on your Kubernetes version:** -- **Kubernetes 1.34, 1.33, 1.32, or 1.31:** Use latest Skyhook (v0.9.0+) +- **Kubernetes 1.34, 1.33, 1.32, or 1.31:** Use latest Skyhook (v0.9.x or v0.10.0) - **Kubernetes 1.30:** Use Skyhook v0.8.x (K8s 1.30 is EOL but v0.8.x still works) - **Kubernetes 1.29 or older:** Use Skyhook v0.8.x or older (check release notes for compatibility) diff --git a/docs/versioning.md b/docs/versioning.md index e558b918..034289d6 100644 --- a/docs/versioning.md +++ b/docs/versioning.md @@ -58,6 +58,7 @@ Skyhook uses **release branches** to manage patches and maintenance releases: ```bash release/v0.8.x # Contains operator v0.8.0 + agent v6.3.0 + chart v0.8.x release/v0.9.x # Contains operator v0.9.0 + (agent v6.3.0*) + chart v0.9.x +release/v0.10.x # Contains operator v0.10.0 + (agent v6.3.0*) + chart v0.10.x ``` *Agent versions may not change every release - operator drives the release cycle diff --git a/k8s-tests/chainsaw/helm/helm-chart-test/assert-skyhook-complete.yaml b/k8s-tests/chainsaw/helm/helm-chart-test/assert-skyhook-complete.yaml new file mode 100644 index 00000000..263008f5 --- /dev/null +++ b/k8s-tests/chainsaw/helm/helm-chart-test/assert-skyhook-complete.yaml @@ -0,0 +1,25 @@ +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: skyhook.nvidia.com/v1alpha1 +kind: Skyhook +metadata: + name: helm-test-skyhook +status: + status: complete diff --git a/k8s-tests/chainsaw/helm/helm-chart-test/chainsaw-test.yaml b/k8s-tests/chainsaw/helm/helm-chart-test/chainsaw-test.yaml index 3fb20f8e..bd58f73c 100644 --- a/k8s-tests/chainsaw/helm/helm-chart-test/chainsaw-test.yaml +++ b/k8s-tests/chainsaw/helm/helm-chart-test/chainsaw-test.yaml @@ -50,7 +50,18 @@ spec: ../install-helm-chart.sh foobar - assert: file: assert-scheduled.yaml + - apply: + file: deployment-policy.yaml + - apply: + file: skyhook.yaml + - assert: + file: assert-skyhook-complete.yaml finally: + - script: + content: | + ## Cleanup deployment policy test resources + kubectl delete skyhook helm-test-skyhook --ignore-not-found || true + kubectl delete deploymentpolicy helm-test-policy -n skyhook --ignore-not-found || true - script: content: | ## Remove taint from nodes diff --git a/k8s-tests/chainsaw/helm/helm-chart-test/deployment-policy.yaml b/k8s-tests/chainsaw/helm/helm-chart-test/deployment-policy.yaml new file mode 100644 index 00000000..07765806 --- /dev/null +++ b/k8s-tests/chainsaw/helm/helm-chart-test/deployment-policy.yaml @@ -0,0 +1,33 @@ +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: skyhook.nvidia.com/v1alpha1 +kind: DeploymentPolicy +metadata: + name: helm-test-policy + namespace: skyhook +spec: + default: + budget: + percent: 100 + strategy: + fixed: + initialBatch: 1 + batchThreshold: 100 + safetyLimit: 50 diff --git a/k8s-tests/chainsaw/helm/helm-chart-test/skyhook.yaml b/k8s-tests/chainsaw/helm/helm-chart-test/skyhook.yaml new file mode 100644 index 00000000..63a03402 --- /dev/null +++ b/k8s-tests/chainsaw/helm/helm-chart-test/skyhook.yaml @@ -0,0 +1,40 @@ +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: skyhook.nvidia.com/v1alpha1 +kind: Skyhook +metadata: + name: helm-test-skyhook +spec: + nodeSelectors: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist + deploymentPolicy: helm-test-policy + additionalTolerations: + - key: dedicated + value: system-cpu + effect: NoSchedule + packages: + helm-test: + version: "6.2.0" + image: ghcr.io/nvidia/skyhook/agentless + env: + - name: SLEEP_LEN + value: "1" diff --git a/k8s-tests/chainsaw/helm/helm-chart-test/values.yaml b/k8s-tests/chainsaw/helm/helm-chart-test/values.yaml index 6ea40ddb..d2c1fddd 100644 --- a/k8s-tests/chainsaw/helm/helm-chart-test/values.yaml +++ b/k8s-tests/chainsaw/helm/helm-chart-test/values.yaml @@ -28,5 +28,10 @@ controllerManager: repository: ghcr.io/nvidia/skyhook/operator tag: latest ## THIS should change to be like a tag so it can point at a specific commit digest: "" + # Use agentless mock image for testing - it just sleeps and exits successfully + agent: + repository: ghcr.io/nvidia/skyhook/agentless + tag: "6.2.0" + digest: "" webhook: enable: false diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index c8767b5c..a3055551 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -84,6 +84,14 @@ rules: - patch - update - watch +- apiGroups: + - skyhook.nvidia.com + resources: + - deploymentpolicies + verbs: + - get + - list + - watch - apiGroups: - skyhook.nvidia.com resources: diff --git a/operator/go.mod b/operator/go.mod index 172f42de..bb096bd6 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -16,7 +16,7 @@ require ( k8s.io/apimachinery v0.34.1 k8s.io/cli-runtime v0.34.1 k8s.io/client-go v0.34.1 - k8s.io/kubernetes v1.34.1 + k8s.io/kubernetes v1.34.2 sigs.k8s.io/controller-runtime v0.21.0 ) diff --git a/operator/go.sum b/operator/go.sum index cdb309b1..6e8c4330 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -222,8 +222,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/kubernetes v1.34.1 h1:F3p8dtpv+i8zQoebZeK5zBqM1g9x1aIdnA5vthvcuUk= -k8s.io/kubernetes v1.34.1/go.mod h1:iu+FhII+Oc/1gGWLJcer6wpyih441aNFHl7Pvm8yPto= +k8s.io/kubernetes v1.34.2 h1:WQdDvYJazkmkwSncgNwGvVtaCt4TYXIU3wSMRgvp3MI= +k8s.io/kubernetes v1.34.2/go.mod h1:m6pZk6a179pRo2wsTiCPORJ86iOEQmfIzUvtyEF8BwA= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= diff --git a/operator/internal/controller/skyhook_controller.go b/operator/internal/controller/skyhook_controller.go index 4c6716d5..85976c76 100644 --- a/operator/internal/controller/skyhook_controller.go +++ b/operator/internal/controller/skyhook_controller.go @@ -224,6 +224,7 @@ func (r *SkyhookReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=skyhook.nvidia.com,resources=skyhooks,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=skyhook.nvidia.com,resources=skyhooks/status,verbs=get;update;patch //+kubebuilder:rbac:groups=skyhook.nvidia.com,resources=skyhooks/finalizers,verbs=update +//+kubebuilder:rbac:groups=skyhook.nvidia.com,resources=deploymentpolicies,verbs=get;list;watch // core permissions //+kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;update;patch;watch diff --git a/operator/vendor/modules.txt b/operator/vendor/modules.txt index 6bd4c21e..d9eddeed 100644 --- a/operator/vendor/modules.txt +++ b/operator/vendor/modules.txt @@ -835,7 +835,7 @@ k8s.io/kube-openapi/pkg/schemaconv k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubernetes v1.34.1 +# k8s.io/kubernetes v1.34.2 ## explicit; go 1.24.0 k8s.io/kubernetes/pkg/apis/core k8s.io/kubernetes/pkg/apis/core/helper