Skip to content

patch(v2.0): Backport extension service observability and status aggregation fixes#3385

Open
hanyux-nv wants to merge 2 commits into
NVIDIA:release/v2.0from
hanyux-nv:backport/v2.0-3108-3236
Open

patch(v2.0): Backport extension service observability and status aggregation fixes#3385
hanyux-nv wants to merge 2 commits into
NVIDIA:release/v2.0from
hanyux-nv:backport/v2.0-3108-3236

Conversation

@hanyux-nv

Copy link
Copy Markdown
Contributor

Important

This PR cherry-picks commit b83a1de and 6890629 into release/v2.0.

Related issues

Type of Change

  • Add - New feature or capability
  • Change - Changes in existing functionality
  • Fix - Bug fixes
  • Remove - Removed features or deprecated functionality
  • Internal - Internal changes (refactoring, tests, docs, etc.)

Breaking Changes

  • This PR contains breaking changes

Testing

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing performed
  • No testing required (docs, internal refactor, etc.)

Additional Notes

…rvability (NVIDIA#3108)

There is a [bug](https://nvbugspro.nvidia.com/bug/6408469) found.
`prometheus.scrapeIntervalSeconds: 0` is accepted with response code
201, meaning that the `Min(1)` validation was silently skipped for the
zero value.

The root cause is because the Go-ozzo validation skips all rules on a
field whose value equals the type's zero value unless Required or NotNil
is also present. Therefore, when 0 is supplied, ozzo treats the field as
empty and skips the `validation.Min(uint32(1))` check.

Adding `validation.Required` to force validation to evaluate the field
even when its value is 0, so `validation.Min(uint32(1))` now runs
correctly.

## Related issues
nvbug https://nvbugspro.nvidia.com/bug/6408469

## Type of Change
<!-- Check one that best describes this PR -->
- [ ] **Add** - New feature or capability
- [ ] **Change** - Changes in existing functionality
- [x] **Fix** - Bug fixes
- [ ] **Remove** - Removed features or deprecated functionality
- [ ] **Internal** - Internal changes (refactoring, tests, docs, etc.)

## Breaking Changes
<!-- If checked, describe the breaking changes and migration steps -->
<!-- Breaking changes are not generally permitted, please discuss on a
GitHub discussion or with the development team if you believe you need
to break a backward compatibility guarantee -->
- [ ] **This PR contains breaking changes**

## Testing
<!-- How was this tested? Check all that apply -->
- [x] Unit tests added/updated
- [ ] Integration tests added/updated
- [ ] Manual testing performed
- [ ] No testing required (docs, internal refactor, etc.)

## Additional Notes
<!-- Any additional context, deployment notes, or reviewer guidance -->

Signed-off-by: Felicity Xu <hanyux@nvidia.com>
(cherry picked from commit b83a1de)
…A#3236)

Previously, when an image pull failed, the extension service remained in
`Pending` with an empty container list. Because image pull failures are
not readily exposed through the available CRI commands, the agent could
not distinguish a permanent failure from a container that was still
starting. To prevent deployments from remaining in `Pending`
indefinitely, this PR adds a 10-minute container startup timeout and
reports an extension service to be in `Error` when timeout expires.

## Related issues
nvbug https://nvbugspro.nvidia.com/bug/5953587

## Type of Change
<!-- Check one that best describes this PR -->
- [ ] **Add** - New feature or capability
- [ ] **Change** - Changes in existing functionality
- [x] **Fix** - Bug fixes
- [ ] **Remove** - Removed features or deprecated functionality
- [ ] **Internal** - Internal changes (refactoring, tests, docs, etc.)

## Breaking Changes
<!-- If checked, describe the breaking changes and migration steps -->
<!-- Breaking changes are not generally permitted, please discuss on a
GitHub discussion or with the development team if you believe you need
to break a backward compatibility guarantee -->
- [ ] **This PR contains breaking changes**

## Testing
<!-- How was this tested? Check all that apply -->
- [x] Unit tests added/updated
- [ ] Integration tests added/updated
- [ ] Manual testing performed
- [ ] No testing required (docs, internal refactor, etc.)

## Additional Notes
<!-- Any additional context, deployment notes, or reviewer guidance -->

Signed-off-by: Felicity Xu <hanyux@nvidia.com>
(cherry picked from commit 6890629)
@hanyux-nv hanyux-nv requested a review from a team July 10, 2026 20:48
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8c436492-5473-453a-876e-74551ba52a4d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@hanyux-nv hanyux-nv requested review from a team, jrcichra and nv-dmendoza and removed request for a team and jrcichra July 10, 2026 20:49
@github-actions

Copy link
Copy Markdown

🔐 TruffleHog Secret Scan

No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

🕐 Last updated: 2026-07-10 20:51:20 UTC | Commit: e3e53ab

@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown

🔍 Container Scan Summary

Service Total Critical High Medium Low Other
boot-artifacts-aarch64 3 0 0 3 0 0
boot-artifacts-x86_64 3 0 0 3 0 0
forge-admin-cli-x86_64 271 13 34 91 7 126
machine-validation-runner 804 40 237 296 36 195
machine_validation 804 40 237 296 36 195
machine_validation-aarch64 804 40 237 296 36 195
nvmetal-carbide 804 40 237 296 36 195
TOTAL 3493 173 982 1281 151 906

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants