Skip to content

Ruigao/update for 1.6#177

Merged
hippogr merged 48 commits into
devfrom
ruigao/update-for-1.6
Apr 30, 2026
Merged

Ruigao/update for 1.6#177
hippogr merged 48 commits into
devfrom
ruigao/update-for-1.6

Conversation

@hippogr
Copy link
Copy Markdown
Contributor

@hippogr hippogr commented Apr 8, 2026

Fix Security warning and update web portal to node.js 24

Rui Gao added 22 commits March 31, 2026 04:18
update golang toolchain to latest version
0200f39
fix the package updates suggested by dependbot
5565c0e
Update webportal to node.js 24 with necessary packages updating
ef48ca3
update webportal docker file to use node slim for output
81c81cb
fix go version for some of dockerfiles
f853710
reduce the size of clustrer-local-storage docker image
57c89b6
reduce the size of copilot-chat docker image
5c08b33
reduce the size of dashboard-data-backup docker image
0a4a8a1
reduce the docker image size of utilization-reporter
2412d22
rduce the size of abnormal-detector docker image
6719fc1
reduce the docker image size of cert-expiration-checker
1d2693f
reduce the docker image size of cluster-utilization
8b9167f
reduce the docker image size of reverse proxy
8df6885
reduce the docker image size of model-proxy
23dffb0
downgrade the kube-scheduler version to the same one as the service k…
eec9397 
…8s version
fix the display problem of job's YAML and output log
ca07b11
add cilium docker build to fix Azure security warnings
7e7656e
fix the security warnings found by ai fix tool
e25cb84
fix the build problem
96297b4
fix the dockerfile errors
637d570
update k8s-rdma-shared-dev-plugin version to adapt latest grpc package
d521b19
update cilium to version 1.18.8
a51c7dd
Copilot AI review requested due to automatic review settings April 8, 2026 08:44
Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@claude
upgrade Cilium v1.18.8 to v1.18.9 to fix S360 grpc vulnerability (goo…
9867258 
…gle.golang.org/grpc v1.74.2 -> v1.79.3)

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
fix job-detail page error handling for permission denied errors
b60bbe7 
When a user without permission opens another user's job page, fetchJobInfo
returns 403 but the error was silently ignored, causing the page to show
"Loading..." forever with a vague empty alert. Now fetchJobInfo checks HTTP
status, shows a clear permission error, and skips subsequent requests.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Add IPoIB subnet route in init.sh to fix IB TCP connectivity on NM-ma…
bbaad55 
…naged nodes

On VMSS nodes where NetworkManager manages IB interfaces, ifconfig sets
the IP with noprefixroute flag, preventing automatic subnet route creation.
This causes IPoIB TCP (rsync/bcast) to fail between nodes while RDMA works.
Add explicit route check and creation after ifconfig to ensure connectivity.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
Rui Gao and others added 3 commits April 22, 2026 03:59
@claude
Skip classification for cordoned nodes with empty NodeId to prevent O…
d3f4efa 
…FR pipeline from stalling

Nodes with empty NodeId would transition to triaged_hardware but OFR cannot
create IcM tickets without a valid NodeId, causing the pipeline to stall.
Now these nodes stay in cordoned status so the classifier retries on the next cycle.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Fix nodemailer S360 vulnerability by upgrading yarn resolution from 7…
69fb9c8 
….x to 8.0.5

The resolutions field pinned nodemailer to ^7.0.11 which overrode the
dependencies entry of ^8.0.5, causing yarn to install 7.0.13 in the image.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Fix S360 vulnerabilities across 13 container images
e903848 
npm upgrades:
- alert-handler: axios 1.13.5->1.15.2, follow-redirects 1.15.11->1.16.0
- database-controller: lodash 4.17.23->4.18.1 (added yarn resolution)
- rest-server, job-status-change-notification, webportal: follow-redirects 1.15.11->1.16.0

Dockerfile updates (add tdnf update for Azure Linux openssl 3.3.5-4->3.3.5-5):
- alert-parser, node-recycler, node-issue-classifier, job-data-recorder

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
Rui Gao and others added 2 commits April 23, 2026 00:54
@claude
Downgrade hardware issues without Azure FaultCode to triaged_unknown
58f5a8b 
Hardware issues like FrontendNetworkIssue and DiskError have no matching
Azure OFR fault code. Submitting OFR for these results in unresolvable
tickets and, combined with the lack of dedup in node-recycler, causes
repeated OFR submissions (as seen with openpai-00000s). By downgrading
to triaged_unknown the node stays visible for manual investigation
while avoiding the broken OFR pipeline.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Prevent node-recycler from submitting duplicate OFR tickets for the s…
1acc30c 
…ame node

Check the latest action before creating a new IcM OFR ticket — if
triaged_hardware-ua already exists, skip ticket creation and reuse the
existing ticket ID for polling.  This fixes the bug where every pipeline
loop could spawn a new OFR request for the same node because
get_latest_action_by_state (endswith query) never matches the
triaged_hardware-ua action.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Make Prometheus retention size configurable per service
45b0c3e 
Hardcoded 8TB retention caused disk full on the we cluster (16T disk).
Now each service can override retention_size in services-configuration.yaml.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Fix KeyError when alert-parser processes validating node with no alerts
26a898d 
When a validating/available_nodata node has zero alert records in Kusto
(e.g. due to Prometheus data gap), find_node_alerts returns an empty
DataFrame without columns. Accessing period_alerts['alertname'] then
raises KeyError, causing the node to be stuck in validating indefinitely.

Add an empty check before accessing DataFrame columns.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Remove webportal-dind replacement logic from CI build workflow
953121e 
Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@hippogr hippogr requested a review from a team as a code owner April 30, 2026 00:51
@claude
Filter out deleted webportal-dind from changed services detection
d70685b 
Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Filter out dev-box from changed services detection in CI
5baafa7 
Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@claude
Upgrade metrics-cleaner base image from Python 3.7 to 3.12-slim
ace23dc 
Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
@hippogr hippogr merged commit c25887f into dev Apr 30, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zhogu zhogu zhogu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hippogr @zhogu