Merge branch 'main' into feat/drainGPUPods

Author: lalitadithya

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/templates/configmap.yaml

@@ -53,6 +53,24 @@ data:
         {{- if .healthEvent.processingStrategy }}
         processingStrategy = {{ .healthEvent.processingStrategy | quote }}
         {{- end }}
+        {{- if .healthEvent.quarantineOverrides }}
+        [policies.healthEvent.quarantineOverrides]
+          {{- if hasKey .healthEvent.quarantineOverrides "force" }}
+          force = {{ .healthEvent.quarantineOverrides.force }}
+          {{- end }}
+          {{- if hasKey .healthEvent.quarantineOverrides "skip" }}
+          skip = {{ .healthEvent.quarantineOverrides.skip }}
+          {{- end }}
+        {{- end }}
+        {{- if .healthEvent.drainOverrides }}
+        [policies.healthEvent.drainOverrides]
+          {{- if hasKey .healthEvent.drainOverrides "force" }}
+          force = {{ .healthEvent.drainOverrides.force }}
+          {{- end }}
+          {{- if hasKey .healthEvent.drainOverrides "skip" }}
+          skip = {{ .healthEvent.drainOverrides.skip }}
+          {{- end }}
+        {{- end }}
     
     {{- end }}
 

distros/kubernetes/nvsentinel/charts/kubernetes-object-monitor/values.yaml

@@ -50,6 +50,14 @@ policies:
       recommendedAction: CONTACT_SUPPORT
       errorCode:
         - NODE_NOT_READY
+      # Optional behavior overrides for this policy's generated HealthEvents.
+      # Set either force or skip, never both in the same override block.
+      # quarantineOverrides:
+      #   force: true  # Force node cordon even if normal quarantine rules would not.
+      #   skip: true   # Skip node cordon for this health event.
+      # drainOverrides:
+      #   force: true  # Force immediate pod eviction regardless of namespace drain mode.
+      #   skip: true   # Skip pod eviction and mark the event as already drained.
 
   # Example: Monitor a custom resource (e.g., a GPU Job)
   # Uncomment and modify to monitor your own custom resources
@@ -89,6 +97,8 @@ policies:
   #     recommendedAction: CONTACT_SUPPORT
   #     errorCode:
   #       - GPU_JOB_FAILED
+  #     drainOverrides:
+  #       skip: true
 
 resources:
   requests:

docs/configuration/kubernetes-object-monitor.md

@@ -83,6 +83,10 @@ kubernetes-object-monitor:
         recommendedAction: CONTACT_SUPPORT
         errorCode:
           - ERROR_CODE
+        quarantineOverrides:
+          force: true  # Or use skip: true; do not set both
+        drainOverrides:
+          skip: true   # Or use force: true; do not set both
 ```
 
 ### Parameters
@@ -135,6 +139,12 @@ Action code from health event proto (see [health_event.proto](https://github.com
 ##### errorCode
 Array of error code strings for categorization and filtering.
 
+##### quarantineOverrides
+Optional behavior override for fault-quarantine. `force` forces node cordoning regardless of normal rules; `skip` skips node cordoning for the generated health event. Set at most one of `force` or `skip`.
+
+##### drainOverrides
+Optional behavior override for node-drainer. `force` forces immediate pod eviction regardless of configured namespace drain modes; `skip` skips pod eviction and marks the event as already drained. Set at most one of `force` or `skip`.
+
 ## CEL Expressions
 
 ### Predicate Expressions

docs/kubernetes-object-monitor.md

@@ -134,8 +134,16 @@ healthEvent:
   recommendedAction: CONTACT_SUPPORT  # Action hint
   errorCode:
     - NODE_NOT_READY            # Error codes for classification
+  quarantineOverrides:          # Optional: override node cordon behavior
+    force: true                 # Or use skip: true; do not set both
+  drainOverrides:               # Optional: override pod eviction behavior
+    skip: true                  # Or use force: true; do not set both
 ```
 
+For each override block, `force` and `skip` are mutually exclusive. Use `force`
+when this policy should perform the action regardless of normal rules, or `skip`
+when this policy should bypass the action.
+
 ## Key Features
 
 ### Policy-Based Monitoring

health-monitors/kubernetes-object-monitor/pkg/config/loader.go

@@ -50,25 +50,55 @@ func validate(cfg *Config) error {
 
 		policyNames[policy.Name] = true
 
-		if policy.Resource.Version == "" {
-			return fmt.Errorf("policy %q: resource.version is required", policy.Name)
+		if err := validatePolicy(policy); err != nil {
+			return err
 		}
+	}
 
-		if policy.Resource.Kind == "" {
-			return fmt.Errorf("policy %q: resource.kind is required", policy.Name)
-		}
+	return nil
+}
 
-		if policy.Predicate.Expression == "" {
-			return fmt.Errorf("policy %q: predicate.expression is required", policy.Name)
-		}
+func validatePolicy(policy Policy) error {
+	if policy.Resource.Version == "" {
+		return fmt.Errorf("policy %q: resource.version is required", policy.Name)
+	}
 
-		if policy.HealthEvent.ComponentClass == "" {
-			return fmt.Errorf("policy %q: healthEvent.componentClass is required", policy.Name)
-		}
+	if policy.Resource.Kind == "" {
+		return fmt.Errorf("policy %q: resource.kind is required", policy.Name)
+	}
 
-		if policy.HealthEvent.Message == "" {
-			return fmt.Errorf("policy %q: healthEvent.message is required", policy.Name)
-		}
+	if policy.Predicate.Expression == "" {
+		return fmt.Errorf("policy %q: predicate.expression is required", policy.Name)
+	}
+
+	if policy.HealthEvent.ComponentClass == "" {
+		return fmt.Errorf("policy %q: healthEvent.componentClass is required", policy.Name)
+	}
+
+	if policy.HealthEvent.Message == "" {
+		return fmt.Errorf("policy %q: healthEvent.message is required", policy.Name)
+	}
+
+	if err := validateBehaviourOverrides(policy.Name, "quarantineOverrides",
+		policy.HealthEvent.QuarantineOverrides); err != nil {
+		return err
+	}
+
+	if err := validateBehaviourOverrides(policy.Name, "drainOverrides",
+		policy.HealthEvent.DrainOverrides); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func validateBehaviourOverrides(policyName, fieldName string, overrides *BehaviourOverridesSpec) error {
+	if overrides == nil {
+		return nil
+	}
+
+	if overrides.Force && overrides.Skip {
+		return fmt.Errorf("policy %q: healthEvent.%s cannot set both force and skip", policyName, fieldName)
 	}
 
 	return nil

health-monitors/kubernetes-object-monitor/pkg/config/loader_test.go

@@ -0,0 +1,123 @@
+// Copyright (c) 2026, NVIDIA CORPORATION.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package config
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestLoadHealthEventBehaviourOverrides(t *testing.T) {
+	configPath := filepath.Join(t.TempDir(), "config.toml")
+	tomlConfig := `
+[[policies]]
+name = "operator-pod-unhealthy"
+enabled = true
+
+[policies.resource]
+group = ""
+version = "v1"
+kind = "Pod"
+
+[policies.predicate]
+expression = "true"
+
+[policies.healthEvent]
+componentClass = "Software"
+isFatal = true
+message = "operator pod is unhealthy"
+recommendedAction = "CONTACT_SUPPORT"
+errorCode = ["OPERATOR_POD_UNHEALTHY"]
+
+[policies.healthEvent.quarantineOverrides]
+force = true
+
+[policies.healthEvent.drainOverrides]
+skip = true
+`
+	require.NoError(t, os.WriteFile(configPath, []byte(tomlConfig), 0o600))
+
+	cfg, err := Load(configPath)
+	require.NoError(t, err)
+	require.Len(t, cfg.Policies, 1)
+
+	healthEvent := cfg.Policies[0].HealthEvent
+	require.NotNil(t, healthEvent.QuarantineOverrides)
+	require.True(t, healthEvent.QuarantineOverrides.Force)
+	require.False(t, healthEvent.QuarantineOverrides.Skip)
+	require.NotNil(t, healthEvent.DrainOverrides)
+	require.False(t, healthEvent.DrainOverrides.Force)
+	require.True(t, healthEvent.DrainOverrides.Skip)
+}
+
+func TestLoadRejectsConflictingBehaviourOverrides(t *testing.T) {
+	tests := []struct {
+		name         string
+		overrideTOML string
+		wantError    string
+	}{
+		{
+			name: "quarantine overrides force and skip",
+			overrideTOML: `
+[policies.healthEvent.quarantineOverrides]
+force = true
+skip = true
+`,
+			wantError: `healthEvent.quarantineOverrides cannot set both force and skip`,
+		},
+		{
+			name: "drain overrides force and skip",
+			overrideTOML: `
+[policies.healthEvent.drainOverrides]
+force = true
+skip = true
+`,
+			wantError: `healthEvent.drainOverrides cannot set both force and skip`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			configPath := filepath.Join(t.TempDir(), "config.toml")
+			tomlConfig := `
+[[policies]]
+name = "operator-pod-unhealthy"
+enabled = true
+
+[policies.resource]
+group = ""
+version = "v1"
+kind = "Pod"
+
+[policies.predicate]
+expression = "true"
+
+[policies.healthEvent]
+componentClass = "Software"
+isFatal = true
+message = "operator pod is unhealthy"
+recommendedAction = "CONTACT_SUPPORT"
+errorCode = ["OPERATOR_POD_UNHEALTHY"]
+` + tt.overrideTOML
+			require.NoError(t, os.WriteFile(configPath, []byte(tomlConfig), 0o600))
+
+			_, err := Load(configPath)
+			require.Error(t, err)
+			require.Contains(t, err.Error(), tt.wantError)
+		})
+	}
+}

health-monitors/kubernetes-object-monitor/pkg/config/types.go

@@ -41,15 +41,22 @@ type AssociationSpec struct {
 }
 
 type HealthEventSpec struct {
-	ComponentClass    string   `toml:"componentClass"`
-	IsFatal           bool     `toml:"isFatal"`
-	Message           string   `toml:"message"`
-	RecommendedAction string   `toml:"recommendedAction"`
-	ErrorCode         []string `toml:"errorCode"`
+	ComponentClass      string                  `toml:"componentClass"`
+	IsFatal             bool                    `toml:"isFatal"`
+	Message             string                  `toml:"message"`
+	RecommendedAction   string                  `toml:"recommendedAction"`
+	ErrorCode           []string                `toml:"errorCode"`
+	QuarantineOverrides *BehaviourOverridesSpec `toml:"quarantineOverrides,omitempty"`
+	DrainOverrides      *BehaviourOverridesSpec `toml:"drainOverrides,omitempty"`
 	// override the processing strategy for the policy
 	ProcessingStrategy string `toml:"processingStrategy"`
 }
 
+type BehaviourOverridesSpec struct {
+	Force bool `toml:"force"`
+	Skip  bool `toml:"skip"`
+}
+
 func (r *ResourceSpec) GVK() string {
 	if r.Group == "" {
 		return r.Version + "/" + r.Kind

health-monitors/kubernetes-object-monitor/pkg/publisher/publisher.go

@@ -80,20 +80,25 @@ func (p *Publisher) PublishHealthEvent(ctx context.Context,
 		}
 	}
 
+	quarantineOverrides := behaviourOverridesFromSpec(policy.HealthEvent.QuarantineOverrides)
+	drainOverrides := behaviourOverridesFromSpec(policy.HealthEvent.DrainOverrides)
+
 	event := &pb.HealthEvent{
-		Version:            1,
-		Agent:              agentName,
-		CheckName:          policy.Name,
-		ComponentClass:     policy.HealthEvent.ComponentClass,
-		GeneratedTimestamp: timestamppb.New(time.Now()),
-		Message:            policy.HealthEvent.Message,
-		IsFatal:            policy.HealthEvent.IsFatal,
-		IsHealthy:          isHealthy,
-		NodeName:           nodeName,
-		RecommendedAction:  mapRecommendedAction(policy.HealthEvent.RecommendedAction),
-		ErrorCode:          policy.HealthEvent.ErrorCode,
-		ProcessingStrategy: strategy,
-		EntitiesImpacted:   entitiesImpacted,
+		Version:             1,
+		Agent:               agentName,
+		CheckName:           policy.Name,
+		ComponentClass:      policy.HealthEvent.ComponentClass,
+		GeneratedTimestamp:  timestamppb.New(time.Now()),
+		Message:             policy.HealthEvent.Message,
+		IsFatal:             policy.HealthEvent.IsFatal,
+		IsHealthy:           isHealthy,
+		NodeName:            nodeName,
+		RecommendedAction:   mapRecommendedAction(policy.HealthEvent.RecommendedAction),
+		ErrorCode:           policy.HealthEvent.ErrorCode,
+		ProcessingStrategy:  strategy,
+		EntitiesImpacted:    entitiesImpacted,
+		QuarantineOverrides: quarantineOverrides,
+		DrainOverrides:      drainOverrides,
 	}
 
 	healthEvents := &pb.HealthEvents{
@@ -113,3 +118,14 @@ func mapRecommendedAction(action string) pb.RecommendedAction {
 
 	return pb.RecommendedAction_CONTACT_SUPPORT
 }
+
+func behaviourOverridesFromSpec(spec *config.BehaviourOverridesSpec) *pb.BehaviourOverrides {
+	if spec == nil {
+		return nil
+	}
+
+	return &pb.BehaviourOverrides{
+		Force: spec.Force,
+		Skip:  spec.Skip,
+	}
+}