Merge branch 'main' into vijayr/109585-k8sagent-addon-2

Author: vijayaraghavanr31

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.35.1"
+  ".": "0.36.0"
 }

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Changelog
 
+## 0.36.0 (2025-10-28)
+
+<!-- Release notes generated using configuration in .github/release.yaml at main -->
+
+## What's Changed
+### Exciting New Features 🎉
+* feat: update Nutanix CSI to 3.3.8 by @prajnutanix in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1320
+* feat: update all addon versions by @dkoshkin in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1352
+* feat: deploy AWS Load Balancer controller in EKS clusters by @dkoshkin in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1341
+* feat: NFD local feature discovery for aws placement groups by @supershal in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1363
+### Fixes 🔧
+* fix: update CAPA to v2.10.0-ncn.1 by @supershal in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1360
+* fix: skip syncing controlplane's infrastructure templates for EKS Clusterclass by @supershal in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1366
+### Other Changes
+* build: handle missing creds Secrets listing CSI images by @dkoshkin in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1359
+* build: fix list-images for AWS LB controller by @dkoshkin in https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pull/1364
+
+
+**Full Changelog**: https://github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/compare/v0.35.1...v0.36.0
+
 ## 0.35.1 (2025-10-07)
 
 <!-- Release notes generated using configuration in .github/release.yaml at main -->

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -78,6 +78,8 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | hooks.cni.cilium.crsStrategy.defaultCiliumConfigMap.name | string | `"cilium"` |  |
 | hooks.cni.cilium.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.cni.cilium.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cilium-cni-helm-values-template"` |  |
+| hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
+| hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-multus-values-template"` |  |
 | hooks.cosi.controller.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.cosi.controller.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cosi-controller-helm-values-template"` |  |
 | hooks.csi.aws-ebs.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |

charts/cluster-api-runtime-extensions-nutanix/addons/cni/multus/values-template.yaml

@@ -0,0 +1,18 @@
+# Multus daemon configuration overrides
+daemonConfig:
+  readinessIndicatorFile: "{{ .ReadinessSocketPath }}"
+
+{{- if .ReadinessSocketPath }}
+# Volumes for CNI readiness socket
+volumes:
+  - name: cni-readiness-sock
+    hostPath:
+      path: "{{ .ReadinessSocketPath }}"
+      type: Socket
+
+# Volume mounts for CNI readiness socket
+volumeMounts:
+  - name: cni-readiness-sock
+    mountPath: "{{ .ReadinessSocketPath }}"
+    readOnly: true
+{{- end }}

charts/cluster-api-runtime-extensions-nutanix/templates/cni/multus/manifests/helm-addon-installation.yaml

@@ -0,0 +1,12 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
+data:
+  values.yaml: |-
+    {{- .Files.Get "addons/cni/multus/values-template.yaml" | nindent 4 }}
+{{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -47,6 +47,10 @@ data:
     ChartName: metallb
     ChartVersion: 0.15.2
     RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://metallb.github.io/metallb{{ end }}'
+  multus: |
+    ChartName: multus
+    ChartVersion: 0.1.0
+    RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://mesosphere.github.io/charts/stable/{{ end }}'
   nfd: |
     ChartName: node-feature-discovery
     ChartVersion: 0.18.1

charts/cluster-api-runtime-extensions-nutanix/values.schema.json

@@ -381,6 +381,27 @@
                                     }
                                 }
                             }
+                        },
+                        "multus": {
+                            "type": "object",
+                            "properties": {
+                                "helmAddonStrategy": {
+                                    "type": "object",
+                                    "properties": {
+                                        "defaultValueTemplateConfigMap": {
+                                            "type": "object",
+                                            "properties": {
+                                                "create": {
+                                                    "type": "boolean"
+                                                },
+                                                "name": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        }
+                                    }
+                                }
+                            }
                         }
                     }
                 },

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -43,6 +43,11 @@ hooks:
         defaultValueTemplateConfigMap:
           create: true
           name: default-cilium-cni-helm-values-template
+    multus:
+      helmAddonStrategy:
+        defaultValueTemplateConfigMap:
+          create: true
+          name: default-multus-values-template
   csi:
     nutanix:
       helmAddonStrategy:

docs/content/customization/aws/placement-group-nfd.md

@@ -0,0 +1,201 @@
++++
+title = "AWS Placement Group Node Feature Discovery"
++++
+
+The AWS placement group NFD (Node Feature Discovery) customization automatically discovers and labels nodes with their placement group information, enabling workload scheduling based on placement group characteristics.
+
+This customization will be available when the
+[provider-specific cluster configuration patch]({{< ref "..">}}) is included in the `ClusterClass`.
+
+## What is Placement Group NFD?
+
+Placement Group NFD automatically discovers the placement group information for each node and creates node labels that can be used for workload scheduling. This enables:
+
+- **Workload Affinity**: Schedule pods on nodes within the same placement group for low latency
+- **Fault Isolation**: Schedule critical workloads on nodes in different placement groups
+- **Resource Optimization**: Use placement group labels for advanced scheduling strategies
+
+## How it Works
+
+The NFD customization:
+
+1. **Deploys a Discovery Script**: Automatically installs a script on each node that queries AWS metadata
+2. **Queries AWS Metadata**: Uses EC2 instance metadata to discover placement group information
+3. **Creates Node Labels**: Generates Kubernetes node labels with placement group details
+4. **Updates Continuously**: Refreshes labels as nodes are added or moved
+
+## Generated Node Labels
+
+The NFD customization creates the following node labels:
+
+| Label | Description | Example |
+|-------|-------------|---------|
+| `feature.node.kubernetes.io/aws-placement-group` | The name of the placement group | `my-cluster-pg` |
+| `feature.node.kubernetes.io/partition` | The partition number (for partition placement groups) | `0`, `1`, `2` |
+
+## Configuration
+
+The placement group NFD customization is automatically enabled when a placement group is configured. No additional configuration is required.
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: clusterConfig
+        value:
+          controlPlane:
+            aws:
+              placementGroup:
+                name: "control-plane-pg"
+      - name: workerConfig
+        value:
+          aws:
+            placementGroup:
+              name: "worker-pg"
+```
+
+## Usage Examples
+
+### Workload Affinity
+
+Schedule pods on nodes within the same placement group for low latency:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: high-performance-app
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: high-performance-app
+  template:
+    metadata:
+      labels:
+        app: high-performance-app
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: feature.node.kubernetes.io/aws-placement-group
+                operator: In
+                values: ["worker-pg"]
+      containers:
+      - name: app
+        image: my-app:latest
+```
+
+### Fault Isolation
+
+Distribute critical workloads across different placement groups:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: critical-app
+spec:
+  replicas: 6
+  selector:
+    matchLabels:
+      app: critical-app
+  template:
+    metadata:
+      labels:
+        app: critical-app
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values: ["critical-app"]
+            topologyKey: feature.node.kubernetes.io/aws-placement-group
+      containers:
+      - name: app
+        image: critical-app:latest
+```
+
+### Partition-Aware Scheduling
+
+For partition placement groups, schedule workloads on specific partitions:
+
+```yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: distributed-database
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: distributed-database
+  template:
+    metadata:
+      labels:
+        app: distributed-database
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: feature.node.kubernetes.io/partition
+                operator: In
+                values: ["0", "1", "2"]
+      containers:
+      - name: database
+        image: my-database:latest
+```
+
+## Verification
+
+You can verify that the NFD labels are working by checking the node labels:
+
+```bash
+# Check all nodes and their placement group labels
+kubectl get nodes --show-labels | grep placement-group
+
+# Check specific node labels
+kubectl describe node <node-name> | grep placement-group
+
+# Check partition labels
+kubectl get nodes --show-labels | grep partition
+```
+
+## Troubleshooting
+
+### Check NFD Script Status
+
+Verify that the discovery script is running:
+
+```bash
+# Check if the script exists on nodes
+kubectl debug node/<node-name> -it --image=busybox -- chroot /host ls -la /etc/kubernetes/node-feature-discovery/source.d/
+
+# Check script execution
+kubectl debug node/<node-name> -it --image=busybox -- chroot /host cat /etc/kubernetes/node-feature-discovery/features.d/placementgroup
+```
+
+## Integration with Other Features
+
+Placement Group NFD works seamlessly with:
+
+- **Pod Affinity/Anti-Affinity**: Use placement group labels for advanced scheduling
+- **Topology Spread Constraints**: Distribute workloads across placement groups
+
+## Security Considerations
+
+- The discovery script queries AWS instance metadata (IMDSv2)
+- No additional IAM permissions are required beyond standard node permissions
+- Labels are automatically managed and do not require manual intervention
+- The script runs with appropriate permissions and security context