feat: add helm chart

Signed-off-by: Ajay Mishra <[email protected]>

Author: XRFXLP

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/Chart.yaml

@@ -0,0 +1,27 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: kubernetes-object-monitor
+description: Monitors Kubernetes objects and publishes health events based on CEL policy predicates
+
+# Application chart for deployment
+type: application
+
+# Chart version - increment for chart changes
+version: 0.1.0
+
+# Application version
+appVersion: "1.16.0"
+

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/_helpers.tpl

@@ -0,0 +1,41 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubernetes-object-monitor.name" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "kubernetes-object-monitor.fullname" -}}
+{{- "kubernetes-object-monitor" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubernetes-object-monitor.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubernetes-object-monitor.labels" -}}
+helm.sh/chart: {{ include "kubernetes-object-monitor.chart" . }}
+{{ include "kubernetes-object-monitor.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubernetes-object-monitor.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubernetes-object-monitor.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/clusterrole.yaml

@@ -0,0 +1,31 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kubernetes-object-monitor.fullname" . }}
+  labels:
+    {{- include "kubernetes-object-monitor.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - update

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/clusterrolebinding.yaml

@@ -0,0 +1,29 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kubernetes-object-monitor.fullname" . }}
+  labels:
+    {{- include "kubernetes-object-monitor.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubernetes-object-monitor.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "kubernetes-object-monitor.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/configmap.yaml

@@ -0,0 +1,53 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kubernetes-object-monitor.fullname" . }}
+  labels:
+    {{- include "kubernetes-object-monitor.labels" . | nindent 4 }}
+data:
+  config.toml: |
+    {{- range .Values.policies }}
+    [[policies]]
+      name = {{ .name | quote }}
+      enabled = {{ .enabled }}
+      
+      [policies.resource]
+        group = {{ .resource.group | quote }}
+        version = {{ .resource.version | quote }}
+        kind = {{ .resource.kind | quote }}
+      
+      [policies.predicate]
+        expression = {{ if contains "\n" .predicate.expression }}'''
+{{ .predicate.expression | trim | nindent 10 }}
+        '''{{ else }}{{ .predicate.expression | quote }}{{ end }}
+      
+      {{- if .nodeAssociation }}
+      [policies.nodeAssociation]
+        expression = {{ .nodeAssociation.expression | quote }}
+      {{- end }}
+      
+      [policies.healthEvent]
+        componentClass = {{ .healthEvent.componentClass | quote }}
+        isFatal = {{ .healthEvent.isFatal }}
+        message = {{ .healthEvent.message | quote }}
+        recommendedAction = {{ .healthEvent.recommendedAction | quote }}
+        {{- if .healthEvent.errorCode }}
+        errorCode = [{{- range $index, $code := .healthEvent.errorCode }}{{- if $index }}, {{ end }}{{ $code | quote }}{{- end }}]
+        {{- end }}
+    
+    {{- end }}
+

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/deployment.yaml

@@ -0,0 +1,108 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubernetes-object-monitor.fullname" . }}
+  labels:
+    {{- include "kubernetes-object-monitor.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "kubernetes-object-monitor.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "kubernetes-object-monitor.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.global }}
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
+      serviceAccountName: {{ include "kubernetes-object-monitor.fullname" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default ((.Values.global).image).tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - "--config"
+            - "/config/config.toml"
+            - "--platform-connector-socket"
+            - "{{ .Values.platformConnector.socket }}"
+            - "--metrics-port"
+            - "{{ (.Values.global).metricsPort | default 8080 }}"
+            - "--max-concurrent-reconciles"
+            - "{{ .Values.maxConcurrentReconciles }}"
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          ports:
+            - name: metrics
+              containerPort: {{ (.Values.global).metricsPort | default 8080 }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: metrics
+            initialDelaySeconds: 15
+            periodSeconds: 20
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: metrics
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+          env:
+            - name: LOG_LEVEL
+              value: "{{ .Values.logLevel }}"
+          volumeMounts:
+            - name: config
+              mountPath: /config
+              readOnly: true
+            - name: platform-connector-socket
+              mountPath: /var/run/platform-connector
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "kubernetes-object-monitor.fullname" . }}
+        {{- range .Values.volumes }}
+        - {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with ((.Values.global).systemNodeSelector | default .Values.nodeSelector) }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with ((.Values.global).affinity | default .Values.affinity) }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with ((.Values.global).systemNodeTolerations | default .Values.tolerations) }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/serviceaccount.yaml

@@ -0,0 +1,21 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubernetes-object-monitor.fullname" . }}
+  labels:
+    {{- include "kubernetes-object-monitor.labels" . | nindent 4 }}
+

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/values.yaml

@@ -0,0 +1,66 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for kubernetes-object-monitor.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+logLevel: info
+
+image:
+  repository: ghcr.io/nvidia/nvsentinel/kubernetes-object-monitor
+  pullPolicy: IfNotPresent
+  tag: ""
+
+podAnnotations: {}
+
+maxConcurrentReconciles: 1
+
+platformConnector:
+  socket: "unix:///var/run/platform-connector/platform-connector.sock"
+
+policies:
+  - name: node-not-ready
+    enabled: true
+    resource:
+      group: ""
+      version: v1
+      kind: Node
+    predicate:
+      expression: |
+        resource.status.conditions.filter(c, c.type == "Ready" && c.status == "False").size() > 0
+    healthEvent:
+      componentClass: Node
+      isFatal: true
+      message: "Node is not ready"
+      recommendedAction: CONTACT_SUPPORT
+      errorCode:
+        - NODE_NOT_READY
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 500m
+    memory: 256Mi
+
+volumes:
+  - name: platform-connector-socket
+    hostPath:
+      path: /var/run/platform-connector
+      type: DirectoryOrCreate
+