feature: update metadata-collector to track the GPUs allocated to each pod

Signed-off-by: Nathan Herz <[email protected]>

Author: natherz97

data-models/pkg/model/pod_device_annotation.go

@@ -0,0 +1,32 @@
+// Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package model
+
+const (
+	PodDeviceAnnotationName = "dgxc.nvidia.com/devices"
+)
+
+var (
+	EntityTypeToResourceNames = map[string][]string{
+		"GPU_UUID": {
+			"nvidia.com/gpu",
+			"nvidia.com/pgpu",
+		},
+	}
+)
+
+type DeviceAnnotation struct {
+	Devices map[string][]string `json:"devices"`
+}

distros/kubernetes/nvsentinel/charts/metadata-collector/templates/clusterrole.yaml

@@ -0,0 +1,33 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "metadata-collector.fullname" . }}
+  labels:
+    {{- include "metadata-collector.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/proxy
+    verbs:
+      - get

distros/kubernetes/nvsentinel/charts/metadata-collector/templates/clusterrolebinding.yaml

@@ -0,0 +1,28 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "metadata-collector.fullname" . }}
+  labels:
+    {{- include "metadata-collector.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "metadata-collector.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "metadata-collector.fullname" . }}
+    namespace: {{ .Release.Namespace }}

distros/kubernetes/nvsentinel/charts/metadata-collector/templates/daemonset.yaml

@@ -35,13 +35,14 @@ spec:
       labels:
         {{- include "metadata-collector.selectorLabels" . | nindent 8 }}
     spec:
+      serviceAccountName: {{ include "metadata-collector.fullname" . }}
       {{- with .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       hostNetwork: true
       hostPID: true
-      initContainers:
+      containers:
         - name: metadata-collector
           securityContext:
             runAsUser: 0
@@ -65,10 +66,9 @@ spec:
             - name: sys
               mountPath: /sys
               readOnly: true
-      containers:
-        - name: pause
-          image: "{{ .Values.pauseImage.repository }}:{{ .Values.pauseImage.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+            - mountPath: /var/lib/kubelet/pod-resources
+              name: pod-gpu-resources
+              readOnly: true
       volumes:
         - name: output
           hostPath:
@@ -78,6 +78,10 @@ spec:
           hostPath:
             path: /sys
             type: Directory
+        - name: pod-gpu-resources
+          hostPath:
+            path: /var/lib/kubelet/pod-resources
+            type: Directory
       nodeSelector:
         nvidia.com/gpu.present: "true"
         nvsentinel.dgxc.nvidia.com/driver.installed: "true"
@@ -94,4 +98,4 @@ spec:
       {{- end }}
       {{- if .Values.runtimeClassName }}
       runtimeClassName: {{ .Values.runtimeClassName }}
-      {{- end }}
+      {{- end }}

distros/kubernetes/nvsentinel/charts/metadata-collector/templates/serviceaccount.yaml

@@ -0,0 +1,20 @@
+# Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "metadata-collector.fullname" . }}
+  labels:
+    {{- include "metadata-collector.labels" . | nindent 4 }}

distros/kubernetes/nvsentinel/charts/metadata-collector/values.yaml

@@ -17,10 +17,6 @@ image:
   pullPolicy: IfNotPresent
   tag: ""
 
-pauseImage:
-  repository: registry.k8s.io/pause
-  tag: "3.10"
-
 podAnnotations: {}
 
 resources: 

docs/configuration/metadata-collector.md

@@ -2,7 +2,7 @@
 
 ## Overview
 
-The Metadata Collector module collects GPU metadata using NVIDIA NVML (Management Library) and writes it to a shared file. Other modules read this file to enrich health events with GPU serial numbers, UUIDs, and topology information. This document covers all Helm configuration options for system administrators.
+The Metadata Collector module collects GPU metadata using NVIDIA NVML (Management Library) and writes it to a shared file. Other modules read this file to enrich health events with GPU serial numbers, UUIDs, and topology information. This component will also expose the pod to GPU mapping as an annotation on each pod requesting GPUs. This document covers all Helm configuration options for system administrators.
 
 ## Configuration Reference
 
@@ -50,22 +50,3 @@ Runtime class name that provides GPU device access. Required for NVML to query G
 - `nvidia` - NVIDIA container runtime (default)
 - `nvidia-legacy` - Legacy NVIDIA runtime
 - Empty string - Uses default cluster runtime. Used for CRIO environments
-
-## Pause Image
-
-The metadata collector uses an init container pattern. After metadata collection completes, a pause container keeps the pod running.
-
-```yaml
-metadata-collector:
-  pauseImage:
-    repository: registry.k8s.io/pause
-    tag: "3.10"
-```
-
-### Parameters
-
-#### pauseImage.repository
-Container image for the pause container.
-
-#### pauseImage.tag
-Image tag for the pause container.

docs/metadata-collector.md

@@ -6,6 +6,8 @@ The Metadata Collector gathers comprehensive GPU and NVSwitch topology informati
 
 Think of it as a hardware inventory scanner - it catalogs all GPUs, their connections, and NVSwitch fabric topology, making this information available for error analysis and troubleshooting.
 
+In addition to persisting the GPU and NVSwitch topology information from nodes in a local file, the Metadata Collector will also expose the pod to GPU mapping as an annotation on each pod requesting GPUs. This allows components running externally to the node to discover this device mapping through the Kubernetes API.
+
 ### Why Do You Need This?
 
 Health monitors need detailed hardware information to create accurate health events:
@@ -17,16 +19,20 @@ Health monitors need detailed hardware information to create accurate health eve
 
 Without metadata collection, health monitors can only report generic errors without knowing which specific GPU or NVLink is affected.
 
+Additionally, the node drainer module needs the pod to GPU mapping to map a set of pods to the impacted entities in health events:
+
+- **Partial drains**: For GPU faults requiring component resets, the node drainer module will reference this mapping added to only drain pods leveraging that GPU
+
 ## How It Works
 
-The Metadata Collector runs as an init container on each GPU node:
+The Metadata Collector runs as an regular container on each GPU node:
 
 1. Initializes NVML (NVIDIA Management Library)
 2. Queries GPU information (UUID, PCI address, serial number, device name)
 3. Parses NVLink topology from nvidia-smi
 4. Builds NVSwitch fabric map
 5. Writes comprehensive metadata to JSON file
-6. Exits after collection completes
+6. Continually monitors the GPUs allocated to each pod on the given node and exposes this information as a pod annotation named dgxc.nvidia.com/devices
 
 The JSON file persists on the node and is read by health monitors via a shared volume.
 
@@ -40,10 +46,6 @@ metadata-collector:
 
   # Runtime class for GPU access (omit for CRI-O environments)
   runtimeClassName: "nvidia"
-  
-  pauseImage:
-    repository: "registry.k8s.io/pause"
-    tag: "3.10"
 ```
 
 ### Configuration Options
@@ -62,6 +64,9 @@ The metadata collector gathers:
 - Device name/model
 - GPU index
 
+### Pod Information
+- GPU UUIDs allocated to each pod
+
 ### NVLink Topology
 - NVLink connections between GPUs
 - Remote GPU endpoints for each link
@@ -86,11 +91,11 @@ Uses NVIDIA Management Library for reliable, direct hardware queries without ext
 ### Topology Parsing
 Parses nvidia-smi output to build complete NVLink topology map showing GPU interconnections.
 
-### Init Container Pattern
-Runs as init container, collects metadata once per pod lifecycle, then exits - minimal resource consumption.
-
 ### Shared Volume
 Writes metadata to shared volume accessible by health monitor sidecars for error correlation.
 
 ### JSON Output
 Structured JSON format for easy parsing and consumption by health monitors.
+
+### Kubernetes API
+The pod to GPU mapping is exposed on pods objects as an annotation which can be consumed by external components.

metadata-collector/go.mod

@@ -9,21 +9,61 @@ require (
 	github.com/nvidia/nvsentinel/commons v0.0.0
 	github.com/nvidia/nvsentinel/data-models v0.0.0
 	github.com/stretchr/testify v1.11.1
+	google.golang.org/grpc v1.77.0
+	k8s.io/api v0.35.0
+	k8s.io/apimachinery v0.35.0
+	k8s.io/client-go v0.35.0
+	k8s.io/kubelet v0.35.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/kr/pretty v0.3.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.13.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-openapi/jsonpointer v0.22.3 // indirect
+	github.com/go-openapi/jsonreference v0.21.3 // indirect
+	github.com/go-openapi/swag v0.25.4 // indirect
+	github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
+	github.com/go-openapi/swag/conv v0.25.4 // indirect
+	github.com/go-openapi/swag/fileutils v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+	github.com/go-openapi/swag/loading v0.25.4 // indirect
+	github.com/go-openapi/swag/mangling v0.25.4 // indirect
+	github.com/go-openapi/swag/netutils v0.25.4 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
+	github.com/google/gnostic-models v0.7.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/rogpeppe/go-internal v1.14.1 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/oauth2 v0.33.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/term v0.37.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect
-	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect
+	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
+	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
 )
 
 replace (