jumpstarter-dev · mangelajo · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -19,10 +19,12 @@ jobs:
           controller-ref: ${{ github.ref }}
           # use the matching branch on the jumpstarter repo
           jumpstarter-ref: ${{ github.event.pull_request.base.ref }}
-  e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e:
+  # test the current controller with the previous version of python and E2E tests
+  # to ensure backwards compatibility
+  e2e-tests-release-0-7:
     runs-on: ubuntu-latest
     steps:
-      - uses: jumpstarter-dev/jumpstarter-e2e@11a5ce6734be9f089ec3ea6ebf55284616f67fe8
+      - uses: jumpstarter-dev/jumpstarter-e2e@release-0.7
         with:
           controller-ref: ${{ github.ref }}
-          jumpstarter-ref: 28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
+          jumpstarter-ref: release-0.7
diff --git a/Makefile b/Makefile
@@ -185,7 +185,7 @@ GRPCURL = $(LOCALBIN)/grpcurl
 KUSTOMIZE_VERSION ?= v5.4.1
 CONTROLLER_TOOLS_VERSION ?= v0.16.3
 ENVTEST_VERSION ?= release-0.18
-GOLANGCI_LINT_VERSION ?= v2.1.2
+GOLANGCI_LINT_VERSION ?= v2.5.0
 KIND_VERSION ?= v0.27.0
 GRPCURL_VERSION ?= v1.9.2
 

diff --git a/cmd/main.go b/cmd/main.go
@@ -154,7 +154,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	authenticator, prefix, router, option, provisioning, err := config.LoadConfiguration(
+	configResult, err := config.LoadConfiguration(
 		context.Background(),
 		mgr.GetAPIReader(),
 		mgr.GetScheme(),
@@ -174,9 +174,10 @@ func main() {
 	}
 
 	if err = (&controller.ExporterReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
-		Signer: oidcSigner,
+		Client:          mgr.GetClient(),
+		Scheme:          mgr.GetScheme(),
+		Signer:          oidcSigner,
+		ExporterOptions: *configResult.ExporterOptions,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Exporter")
 		os.Exit(1)
@@ -207,15 +208,18 @@ func main() {
 	if err = (&service.ControllerService{
 		Client: watchClient,
 		Scheme: mgr.GetScheme(),
-		Authn:  authentication.NewBearerTokenAuthenticator(authenticator),
-		Authz:  authorization.NewBasicAuthorizer(watchClient, prefix, provisioning.Enabled),
+		Authn:  authentication.NewBearerTokenAuthenticator(configResult.Authenticator),
+		Authz: authorization.NewBasicAuthorizer(
+			watchClient,
+			configResult.InternalAuthenticatorPrefix,
+			configResult.Provisioning.Enabled),
 		Attr: authorization.NewMetadataAttributesGetter(authorization.MetadataAttributesGetterConfig{
 			NamespaceKey: "jumpstarter-namespace",
 			ResourceKey:  "jumpstarter-kind",
 			NameKey:      "jumpstarter-name",
 		}),
-		Router:       router,
-		ServerOption: option,
+		Router:        configResult.Router,
+		ServerOptions: configResult.ServerOptions,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create service", "service", "Controller")
 		os.Exit(1)

diff --git a/cmd/router/main.go b/cmd/router/main.go
@@ -61,7 +61,7 @@ func main() {
 	}
 
 	svc := service.RouterService{
-		ServerOption: serverOption,
+		ServerOptions: serverOption,
 	}
 
 	err = svc.Start(ctx)

diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/model.py b/deploy/helm/jumpstarter/charts/jumpstarter-controller/model.py
@@ -29,6 +29,7 @@ class Internal(BaseModel):
 class Keepalive(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
+    # EnforcementPolicy parameters
     minTime: Optional[str] = Field(
         None,
         description="The minimum amount of time a client should wait before sending a keepalive ping",
@@ -38,6 +39,28 @@ class Keepalive(BaseModel):
         description="Whether to allow keepalive pings even when there are no active streams(RPCs)",
     )
 
+    # ServerParameters for connection timeout control
+    timeout: Optional[str] = Field(
+        None,
+        description="How long the server waits for a ping response before closing the connection",
+    )
+    maxConnectionIdle: Optional[str] = Field(
+        None,
+        description="Maximum time a connection can be idle before being closed",
+    )
+    maxConnectionAge: Optional[str] = Field(
+        None,
+        description="Maximum lifetime of a connection before it's closed",
+    )
+    maxConnectionAgeGrace: Optional[str] = Field(
+        None,
+        description="Grace period after max connection age before forcible closure",
+    )
+    time: Optional[str] = Field(
+        None,
+        description="How often the server sends keepalive pings to clients",
+    )
+
 
 class Grpc(BaseModel):
     model_config = ConfigDict(extra="forbid")
@@ -180,6 +203,15 @@ class JWTAuthenticator(BaseModel):
     userValidationRules: Optional[List[UserValidationRule]] = None
 
 
+class ExporterOptions(BaseModel):
+    model_config = ConfigDict(extra="forbid")
+
+    offlineTimeout: Optional[str] = Field(
+        None,
+        description="How long to wait before marking the exporter as offline",
+    )
+
+
 class Authentication(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
@@ -196,6 +228,7 @@ class JumpstarterConfig(BaseModel):
     provisioning: Optional[Provisioning] = None
     authentication: Optional[Authentication] = None
     grpc: Optional[Grpc] = None
+    exporterOptions: Optional[ExporterOptions] = None
 
 
 class Nodeport(BaseModel):

diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json b/deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
@@ -214,6 +214,26 @@
       "title": "ClaimValidationRule",
       "type": "object"
     },
+    "ExporterOptions": {
+      "additionalProperties": false,
+      "properties": {
+        "offlineTimeout": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "How long to wait before marking the exporter as offline",
+          "title": "Offlinetimeout"
+        }
+      },
+      "title": "ExporterOptions",
+      "type": "object"
+    },
     "ExtraItem": {
       "additionalProperties": false,
       "properties": {
@@ -638,6 +658,17 @@
             }
           ],
           "default": null
+        },
+        "exporterOptions": {
+          "anyOf": [
+            {
+              "$ref": "#/$defs/ExporterOptions"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null
         }
       },
       "title": "JumpstarterConfig",
@@ -671,6 +702,71 @@
           "default": null,
           "description": "Whether to allow keepalive pings even when there are no active streams(RPCs)",
           "title": "Permitwithoutstream"
+        },
+        "timeout": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "How long the server waits for a ping response before closing the connection",
+          "title": "Timeout"
+        },
+        "maxConnectionIdle": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "Maximum time a connection can be idle before being closed",
+          "title": "Maxconnectionidle"
+        },
+        "maxConnectionAge": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "Maximum lifetime of a connection before it's closed",
+          "title": "Maxconnectionage"
+        },
+        "maxConnectionAgeGrace": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "Grace period after max connection age before forcible closure",
+          "title": "Maxconnectionagegrace"
+        },
+        "time": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "How often the server sends keepalive pings to clients",
+          "title": "Time"
         }
       },
       "title": "Keepalive",

diff --git a/deploy/helm/jumpstarter/values.yaml b/deploy/helm/jumpstarter/values.yaml
@@ -33,10 +33,17 @@ global:
 
 ## @param jumpstarter-controller.config.grpc.keepalive.minTime. The minimum amount of time a client should wait before sending a keepalive ping.
 ## @param jumpstarter-controller.config.grpc.keepalive.permitWithoutStream. Whether to allow keepalive pings even when there are no active streams(RPCs).
+## @param jumpstarter-controller.config.grpc.keepalive.timeout. How long the server waits for a ping response before closing the connection.
+## @param jumpstarter-controller.config.grpc.keepalive.maxConnectionIdle. Maximum time a connection can be idle before being closed.
+## @param jumpstarter-controller.config.grpc.keepalive.maxConnectionAge. Maximum lifetime of a connection before it's closed.
+## @param jumpstarter-controller.config.grpc.keepalive.maxConnectionAgeGrace. Grace period after max connection age before forcible closure.
+## @param jumpstarter-controller.config.grpc.keepalive.time. How often the server sends keepalive pings to clients.
 
 ## @param jumpstarter-controller.config.authentication.internal.prefix. Prefix to add to the subject claim of the tokens issued by the builtin authenticator.
 ## @param jumpstarter-controller.config.authentication.jwt. External OIDC authentication, see https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration for documentation
 
+## @param jumpstarter-controller.config.exporterOptions.offlineTimeout. How long to wait before marking the exporter as offline.
+
 ## @section Ingress And Route parameters
 ## @descriptionStart This section contains parameters for the Ingress and Route configurations.
 ## You can enable either the gRPC ingress or the OpenShift route but not both.
@@ -72,12 +79,23 @@ jumpstarter-controller:
     namespace: ""
 
     config:
+      exporterOptions:
+        offlineTimeout: 180s # how long to wait before marking the exporter as offline
+
       grpc:
         keepalive:
+          # EnforcementPolicy parameters
           # Safety: potentially makes server vulnerable to DDoS
           # https://grpc.io/docs/guides/keepalive/#how-configuring-keepalive-affects-a-call
           minTime: 3s
           permitWithoutStream: true
+
+          # ServerParameters for connection timeout control
+          # timeout: 180s                   # How long to wait for ping response before closing (default: 180s)
+          # maxConnectionIdle: 30m          # Max idle time before closing (default: infinity)
+          # maxConnectionAge: 2h            # Max connection lifetime (default: infinity)
+          # maxConnectionAgeGrace: 30s      # Grace period after max age (default: infinity)
+          # time: 2h                        # How often server sends pings (default: 2h)
       authentication:
         internal:
           prefix: "internal:"