Difference between revisions of "Kind: EC2NodeClass"

From wikieduonline
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
 +
* https://karpenter.sh/docs/concepts/nodeclasses/
  
 
<code>[[kubectl_manifest]]</code>
 
<code>[[kubectl_manifest]]</code>
  
 +
 +
apiVersion: karpenter.sh/v1
 +
[[kind: NodePool]]
 +
metadata:
 +
  name: default
 +
spec:
 +
  template:
 +
    spec:
 +
      nodeClassRef:
 +
        group: karpenter.k8s.aws
 +
        kind: EC2NodeClass
 +
        name: default
 +
---
 +
<pre>
 +
apiVersion: karpenter.k8s.aws/v1
 +
kind: EC2NodeClass
 +
metadata:
 +
  name: default
 +
spec:
 +
  kubelet:
 +
    podsPerCore: 2
 +
    maxPods: 20
 +
    systemReserved:
 +
        cpu: 100m
 +
        memory: 100Mi
 +
        ephemeral-storage: 1Gi
 +
    kubeReserved:
 +
        cpu: 200m
 +
        memory: 100Mi
 +
        ephemeral-storage: 3Gi
 +
    evictionHard:
 +
        memory.available: 5%
 +
        nodefs.available: 10%
 +
        nodefs.inodesFree: 10%
 +
    evictionSoft:
 +
        memory.available: 500Mi
 +
        nodefs.available: 15%
 +
        nodefs.inodesFree: 15%
 +
    evictionSoftGracePeriod:
 +
        memory.available: 1m
 +
        nodefs.available: 1m30s
 +
        nodefs.inodesFree: 2m
 +
    evictionMaxPodGracePeriod: 60
 +
    imageGCHighThresholdPercent: 85
 +
    imageGCLowThresholdPercent: 80
 +
    cpuCFSQuota: true
 +
    clusterDNS: ["10.0.1.100"]
 +
  # Optional, dictates UserData generation and default block device mappings.
 +
  # May be ommited when using an `alias` amiSelectorTerm, otherwise required.
 +
  amiFamily: AL2
 +
 +
  # Required, discovers subnets to attach to instances
 +
  # Each term in the array of subnetSelectorTerms is ORed together
 +
  # Within a single term, all conditions are ANDed
 +
  subnetSelectorTerms:
 +
    # Select on any subnet that has the "karpenter.sh/discovery: ${CLUSTER_NAME}"
 +
    # AND the "environment: test" tag OR any subnet with ID "subnet-09fa4a0a8f233a921"
 +
    - tags:
 +
        karpenter.sh/discovery: "${CLUSTER_NAME}"
 +
        environment: test
 +
    - id: subnet-09fa4a0a8f233a921
 +
 +
  # Required, discovers security groups to attach to instances
 +
  # Each term in the array of securityGroupSelectorTerms is ORed together
 +
  # Within a single term, all conditions are ANDed
 +
  securityGroupSelectorTerms:
 +
    # Select on any security group that has both the "karpenter.sh/discovery: ${CLUSTER_NAME}" tag
 +
    # AND the "environment: test" tag OR any security group with the "my-security-group" name
 +
    # OR any security group with ID "sg-063d7acfb4b06c82c"
 +
    - tags:
 +
        karpenter.sh/discovery: "${CLUSTER_NAME}"
 +
        environment: test
 +
    - name: my-security-group
 +
    - id: sg-063d7acfb4b06c82c
 +
 +
  # Optional, IAM role to use for the node identity.
 +
  # The "role" field is immutable after EC2NodeClass creation. This may change in the
 +
  # future, but this restriction is currently in place today to ensure that Karpenter
 +
  # avoids leaking managed instance profiles in your account.
 +
  # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes
 +
  role: "KarpenterNodeRole-${CLUSTER_NAME}"
 +
 +
  # Optional, IAM instance profile to use for the node identity.
 +
  # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes
 +
  instanceProfile: "KarpenterNodeInstanceProfile-${CLUSTER_NAME}"
 +
 +
  # Each term in the array of amiSelectorTerms is ORed together
 +
  # Within a single term, all conditions are ANDed
 +
  amiSelectorTerms:
 +
    # Select on any AMI that has both the `karpenter.sh/discovery: ${CLUSTER_NAME}`
 +
    # AND `environment: test` tags OR any AMI with the name `my-ami` OR an AMI with
 +
    # ID `ami-123`
 +
    - tags:
 +
        karpenter.sh/discovery: "${CLUSTER_NAME}"
 +
        environment: test
 +
    - name: my-ami
 +
    - id: ami-123
 +
    # Select EKS optimized AL2023 AMIs with version `v20240703`. This term is mutually
 +
    # exclusive and can't be specified with other terms.
 +
    # - alias: al2023@v20240703
 +
 +
  # Optional, propagates tags to underlying EC2 resources
 +
  tags:
 +
    team: team-a
 +
    app: team-a-app
 +
 +
  # Optional, configures IMDS for the instance
 +
  metadataOptions:
 +
    httpEndpoint: enabled
 +
    httpProtocolIPv6: disabled
 +
    httpPutResponseHopLimit: 1 # This is changed to disable IMDS access from containers not on the host network
 +
    httpTokens: required
 +
 +
  # Optional, configures storage devices for the instance
 +
  blockDeviceMappings:
 +
    - deviceName: /dev/xvda
 +
      ebs:
 +
        volumeSize: 100Gi
 +
        volumeType: gp3
 +
        iops: 10000
 +
        encrypted: true
 +
        kmsKeyID: "1234abcd-12ab-34cd-56ef-1234567890ab"
 +
        deleteOnTermination: true
 +
        throughput: 125
 +
        snapshotID: snap-0123456789
 +
 +
  # Optional, use instance-store volumes for node ephemeral-storage
 +
  instanceStorePolicy: RAID0
 +
 +
  # Optional, overrides autogenerated userdata with a merge semantic
 +
  userData: |
 +
    echo "Hello world"   
 +
 +
  # Optional, configures detailed monitoring for the instance
 +
  detailedMonitoring: true
 +
 +
  # Optional, configures if the instance should be launched with an associated public IP address.
 +
  # If not specified, the default value depends on the subnet's public IP auto-assign setting.
 +
  associatePublicIPAddress: true
 +
status:
 +
  # Resolved subnets
 +
  subnets:
 +
    - id: subnet-0a462d98193ff9fac
 +
      zone: us-east-2b
 +
    - id: subnet-0322dfafd76a609b6
 +
      zone: us-east-2c
 +
    - id: subnet-0727ef01daf4ac9fe
 +
      zone: us-east-2b
 +
    - id: subnet-00c99aeafe2a70304
 +
      zone: us-east-2a
 +
    - id: subnet-023b232fd5eb0028e
 +
      zone: us-east-2c
 +
    - id: subnet-03941e7ad6afeaa72
 +
      zone: us-east-2a
 +
 +
  # Resolved security groups
 +
  securityGroups:
 +
    - id: sg-041513b454818610b
 +
      name: ClusterSharedNodeSecurityGroup
 +
    - id: sg-0286715698b894bca
 +
      name: ControlPlaneSecurityGroup-1AQ073TSAAPW
 +
 +
  # Resolved AMIs
 +
  amis:
 +
    - id: ami-01234567890123456
 +
      name: custom-ami-amd64
 +
      requirements:
 +
        - key: kubernetes.io/arch
 +
          operator: In
 +
          values:
 +
            - amd64
 +
    - id: ami-01234567890123456
 +
      name: custom-ami-arm64
 +
      requirements:
 +
        - key: kubernetes.io/arch
 +
          operator: In
 +
          values:
 +
            - arm64
 +
 +
  # Generated instance profile name from "role"
 +
  instanceProfile: "${CLUSTER_NAME}-0123456778901234567789"
 +
  conditions:
 +
    - lastTransitionTime: "2024-02-02T19:54:34Z"
 +
      status: "True"
 +
      type: InstanceProfileReady
 +
    - lastTransitionTime: "2024-02-02T19:54:34Z"
 +
      status: "True"
 +
      type: SubnetsReady
 +
    - lastTransitionTime: "2024-02-02T19:54:34Z"
 +
      status: "True"
 +
      type: SecurityGroupsReady
 +
    - lastTransitionTime: "2024-02-02T19:54:34Z"
 +
      status: "True"
 +
      type: AMIsReady
 +
    - lastTransitionTime: "2024-02-02T19:54:34Z"
 +
      status: "True"
 +
      type: Ready
 +
 +
</pre>
 +
 +
 +
== Related ==
 +
* [[kind: Provisioner]]
 +
* [[kind: NodePool]]
  
 
== See also ==
 
== See also ==
 +
* {{kind: EC2NodeClass}}
 
* {{kubectl_manifest}}
 
* {{kubectl_manifest}}
 
* {{Karpenter}}
 
* {{Karpenter}}
 +
 +
[[Category:Karpenter]]

Latest revision as of 07:33, 2 October 2024

kubectl_manifest 


apiVersion: karpenter.sh/v1
kind: NodePool
metadata:
 name: default
spec:
 template:
   spec:
     nodeClassRef:
       group: karpenter.k8s.aws
       kind: EC2NodeClass
        name: default
---

apiVersion: karpenter.k8s.aws/v1
kind: EC2NodeClass
metadata:
  name: default
spec:
  kubelet:
    podsPerCore: 2
    maxPods: 20
    systemReserved:
        cpu: 100m
        memory: 100Mi
        ephemeral-storage: 1Gi
    kubeReserved:
        cpu: 200m
        memory: 100Mi
        ephemeral-storage: 3Gi
    evictionHard:
        memory.available: 5%
        nodefs.available: 10%
        nodefs.inodesFree: 10%
    evictionSoft:
        memory.available: 500Mi
        nodefs.available: 15%
        nodefs.inodesFree: 15%
    evictionSoftGracePeriod:
        memory.available: 1m
        nodefs.available: 1m30s
        nodefs.inodesFree: 2m
    evictionMaxPodGracePeriod: 60
    imageGCHighThresholdPercent: 85
    imageGCLowThresholdPercent: 80
    cpuCFSQuota: true
    clusterDNS: ["10.0.1.100"]
  # Optional, dictates UserData generation and default block device mappings.
  # May be ommited when using an `alias` amiSelectorTerm, otherwise required.
  amiFamily: AL2

  # Required, discovers subnets to attach to instances
  # Each term in the array of subnetSelectorTerms is ORed together
  # Within a single term, all conditions are ANDed
  subnetSelectorTerms:
    # Select on any subnet that has the "karpenter.sh/discovery: ${CLUSTER_NAME}"
    # AND the "environment: test" tag OR any subnet with ID "subnet-09fa4a0a8f233a921"
    - tags:
        karpenter.sh/discovery: "${CLUSTER_NAME}"
        environment: test
    - id: subnet-09fa4a0a8f233a921

  # Required, discovers security groups to attach to instances
  # Each term in the array of securityGroupSelectorTerms is ORed together
  # Within a single term, all conditions are ANDed
  securityGroupSelectorTerms:
    # Select on any security group that has both the "karpenter.sh/discovery: ${CLUSTER_NAME}" tag
    # AND the "environment: test" tag OR any security group with the "my-security-group" name
    # OR any security group with ID "sg-063d7acfb4b06c82c"
    - tags:
        karpenter.sh/discovery: "${CLUSTER_NAME}"
        environment: test
    - name: my-security-group
    - id: sg-063d7acfb4b06c82c

  # Optional, IAM role to use for the node identity.
  # The "role" field is immutable after EC2NodeClass creation. This may change in the
  # future, but this restriction is currently in place today to ensure that Karpenter
  # avoids leaking managed instance profiles in your account.
  # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes
  role: "KarpenterNodeRole-${CLUSTER_NAME}"

  # Optional, IAM instance profile to use for the node identity.
  # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes
  instanceProfile: "KarpenterNodeInstanceProfile-${CLUSTER_NAME}"

  # Each term in the array of amiSelectorTerms is ORed together
  # Within a single term, all conditions are ANDed
  amiSelectorTerms:
    # Select on any AMI that has both the `karpenter.sh/discovery: ${CLUSTER_NAME}`
    # AND `environment: test` tags OR any AMI with the name `my-ami` OR an AMI with
    # ID `ami-123`
    - tags:
        karpenter.sh/discovery: "${CLUSTER_NAME}"
        environment: test
    - name: my-ami
    - id: ami-123
    # Select EKS optimized AL2023 AMIs with version `v20240703`. This term is mutually
    # exclusive and can't be specified with other terms.
    # - alias: al2023@v20240703

  # Optional, propagates tags to underlying EC2 resources
  tags:
    team: team-a
    app: team-a-app

  # Optional, configures IMDS for the instance
  metadataOptions:
    httpEndpoint: enabled
    httpProtocolIPv6: disabled
    httpPutResponseHopLimit: 1 # This is changed to disable IMDS access from containers not on the host network
    httpTokens: required

  # Optional, configures storage devices for the instance
  blockDeviceMappings:
    - deviceName: /dev/xvda
      ebs:
        volumeSize: 100Gi
        volumeType: gp3
        iops: 10000
        encrypted: true
        kmsKeyID: "1234abcd-12ab-34cd-56ef-1234567890ab"
        deleteOnTermination: true
        throughput: 125
        snapshotID: snap-0123456789

  # Optional, use instance-store volumes for node ephemeral-storage
  instanceStorePolicy: RAID0

  # Optional, overrides autogenerated userdata with a merge semantic
  userData: |
    echo "Hello world"    

  # Optional, configures detailed monitoring for the instance
  detailedMonitoring: true

  # Optional, configures if the instance should be launched with an associated public IP address.
  # If not specified, the default value depends on the subnet's public IP auto-assign setting.
  associatePublicIPAddress: true
status:
  # Resolved subnets
  subnets:
    - id: subnet-0a462d98193ff9fac
      zone: us-east-2b
    - id: subnet-0322dfafd76a609b6
      zone: us-east-2c
    - id: subnet-0727ef01daf4ac9fe
      zone: us-east-2b
    - id: subnet-00c99aeafe2a70304
      zone: us-east-2a
    - id: subnet-023b232fd5eb0028e
      zone: us-east-2c
    - id: subnet-03941e7ad6afeaa72
      zone: us-east-2a

  # Resolved security groups
  securityGroups:
    - id: sg-041513b454818610b
      name: ClusterSharedNodeSecurityGroup
    - id: sg-0286715698b894bca
      name: ControlPlaneSecurityGroup-1AQ073TSAAPW

  # Resolved AMIs
  amis:
    - id: ami-01234567890123456
      name: custom-ami-amd64
      requirements:
        - key: kubernetes.io/arch
          operator: In
          values:
            - amd64
    - id: ami-01234567890123456
      name: custom-ami-arm64
      requirements:
        - key: kubernetes.io/arch
          operator: In
          values:
            - arm64

  # Generated instance profile name from "role"
  instanceProfile: "${CLUSTER_NAME}-0123456778901234567789"
  conditions:
    - lastTransitionTime: "2024-02-02T19:54:34Z"
      status: "True"
      type: InstanceProfileReady
    - lastTransitionTime: "2024-02-02T19:54:34Z"
      status: "True"
      type: SubnetsReady
    - lastTransitionTime: "2024-02-02T19:54:34Z"
      status: "True"
      type: SecurityGroupsReady
    - lastTransitionTime: "2024-02-02T19:54:34Z"
      status: "True"
      type: AMIsReady
    - lastTransitionTime: "2024-02-02T19:54:34Z"
      status: "True"
      type: Ready


Related[edit]

See also[edit]

Retrieved from "https://www.wikieduonline.com/index.php?title=Kind:_EC2NodeClass&oldid=346809"

Advertising: