Difference between revisions of "Kind: EC2NodeClass"
Jump to navigation
Jump to search
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | * https://karpenter.sh/docs/concepts/nodeclasses/ | ||
<code>[[kubectl_manifest]]</code> | <code>[[kubectl_manifest]]</code> | ||
+ | apiVersion: karpenter.sh/v1 | ||
+ | [[kind: NodePool]] | ||
+ | metadata: | ||
+ | name: default | ||
+ | spec: | ||
+ | template: | ||
+ | spec: | ||
+ | nodeClassRef: | ||
+ | group: karpenter.k8s.aws | ||
+ | kind: EC2NodeClass | ||
+ | name: default | ||
+ | --- | ||
+ | <pre> | ||
+ | apiVersion: karpenter.k8s.aws/v1 | ||
+ | kind: EC2NodeClass | ||
+ | metadata: | ||
+ | name: default | ||
+ | spec: | ||
+ | kubelet: | ||
+ | podsPerCore: 2 | ||
+ | maxPods: 20 | ||
+ | systemReserved: | ||
+ | cpu: 100m | ||
+ | memory: 100Mi | ||
+ | ephemeral-storage: 1Gi | ||
+ | kubeReserved: | ||
+ | cpu: 200m | ||
+ | memory: 100Mi | ||
+ | ephemeral-storage: 3Gi | ||
+ | evictionHard: | ||
+ | memory.available: 5% | ||
+ | nodefs.available: 10% | ||
+ | nodefs.inodesFree: 10% | ||
+ | evictionSoft: | ||
+ | memory.available: 500Mi | ||
+ | nodefs.available: 15% | ||
+ | nodefs.inodesFree: 15% | ||
+ | evictionSoftGracePeriod: | ||
+ | memory.available: 1m | ||
+ | nodefs.available: 1m30s | ||
+ | nodefs.inodesFree: 2m | ||
+ | evictionMaxPodGracePeriod: 60 | ||
+ | imageGCHighThresholdPercent: 85 | ||
+ | imageGCLowThresholdPercent: 80 | ||
+ | cpuCFSQuota: true | ||
+ | clusterDNS: ["10.0.1.100"] | ||
+ | # Optional, dictates UserData generation and default block device mappings. | ||
+ | # May be ommited when using an `alias` amiSelectorTerm, otherwise required. | ||
+ | amiFamily: AL2 | ||
+ | |||
+ | # Required, discovers subnets to attach to instances | ||
+ | # Each term in the array of subnetSelectorTerms is ORed together | ||
+ | # Within a single term, all conditions are ANDed | ||
+ | subnetSelectorTerms: | ||
+ | # Select on any subnet that has the "karpenter.sh/discovery: ${CLUSTER_NAME}" | ||
+ | # AND the "environment: test" tag OR any subnet with ID "subnet-09fa4a0a8f233a921" | ||
+ | - tags: | ||
+ | karpenter.sh/discovery: "${CLUSTER_NAME}" | ||
+ | environment: test | ||
+ | - id: subnet-09fa4a0a8f233a921 | ||
+ | |||
+ | # Required, discovers security groups to attach to instances | ||
+ | # Each term in the array of securityGroupSelectorTerms is ORed together | ||
+ | # Within a single term, all conditions are ANDed | ||
+ | securityGroupSelectorTerms: | ||
+ | # Select on any security group that has both the "karpenter.sh/discovery: ${CLUSTER_NAME}" tag | ||
+ | # AND the "environment: test" tag OR any security group with the "my-security-group" name | ||
+ | # OR any security group with ID "sg-063d7acfb4b06c82c" | ||
+ | - tags: | ||
+ | karpenter.sh/discovery: "${CLUSTER_NAME}" | ||
+ | environment: test | ||
+ | - name: my-security-group | ||
+ | - id: sg-063d7acfb4b06c82c | ||
+ | |||
+ | # Optional, IAM role to use for the node identity. | ||
+ | # The "role" field is immutable after EC2NodeClass creation. This may change in the | ||
+ | # future, but this restriction is currently in place today to ensure that Karpenter | ||
+ | # avoids leaking managed instance profiles in your account. | ||
+ | # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes | ||
+ | role: "KarpenterNodeRole-${CLUSTER_NAME}" | ||
+ | |||
+ | # Optional, IAM instance profile to use for the node identity. | ||
+ | # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes | ||
+ | instanceProfile: "KarpenterNodeInstanceProfile-${CLUSTER_NAME}" | ||
+ | |||
+ | # Each term in the array of amiSelectorTerms is ORed together | ||
+ | # Within a single term, all conditions are ANDed | ||
+ | amiSelectorTerms: | ||
+ | # Select on any AMI that has both the `karpenter.sh/discovery: ${CLUSTER_NAME}` | ||
+ | # AND `environment: test` tags OR any AMI with the name `my-ami` OR an AMI with | ||
+ | # ID `ami-123` | ||
+ | - tags: | ||
+ | karpenter.sh/discovery: "${CLUSTER_NAME}" | ||
+ | environment: test | ||
+ | - name: my-ami | ||
+ | - id: ami-123 | ||
+ | # Select EKS optimized AL2023 AMIs with version `v20240703`. This term is mutually | ||
+ | # exclusive and can't be specified with other terms. | ||
+ | # - alias: al2023@v20240703 | ||
+ | |||
+ | # Optional, propagates tags to underlying EC2 resources | ||
+ | tags: | ||
+ | team: team-a | ||
+ | app: team-a-app | ||
+ | |||
+ | # Optional, configures IMDS for the instance | ||
+ | metadataOptions: | ||
+ | httpEndpoint: enabled | ||
+ | httpProtocolIPv6: disabled | ||
+ | httpPutResponseHopLimit: 1 # This is changed to disable IMDS access from containers not on the host network | ||
+ | httpTokens: required | ||
+ | |||
+ | # Optional, configures storage devices for the instance | ||
+ | blockDeviceMappings: | ||
+ | - deviceName: /dev/xvda | ||
+ | ebs: | ||
+ | volumeSize: 100Gi | ||
+ | volumeType: gp3 | ||
+ | iops: 10000 | ||
+ | encrypted: true | ||
+ | kmsKeyID: "1234abcd-12ab-34cd-56ef-1234567890ab" | ||
+ | deleteOnTermination: true | ||
+ | throughput: 125 | ||
+ | snapshotID: snap-0123456789 | ||
+ | |||
+ | # Optional, use instance-store volumes for node ephemeral-storage | ||
+ | instanceStorePolicy: RAID0 | ||
+ | |||
+ | # Optional, overrides autogenerated userdata with a merge semantic | ||
+ | userData: | | ||
+ | echo "Hello world" | ||
+ | |||
+ | # Optional, configures detailed monitoring for the instance | ||
+ | detailedMonitoring: true | ||
+ | |||
+ | # Optional, configures if the instance should be launched with an associated public IP address. | ||
+ | # If not specified, the default value depends on the subnet's public IP auto-assign setting. | ||
+ | associatePublicIPAddress: true | ||
+ | status: | ||
+ | # Resolved subnets | ||
+ | subnets: | ||
+ | - id: subnet-0a462d98193ff9fac | ||
+ | zone: us-east-2b | ||
+ | - id: subnet-0322dfafd76a609b6 | ||
+ | zone: us-east-2c | ||
+ | - id: subnet-0727ef01daf4ac9fe | ||
+ | zone: us-east-2b | ||
+ | - id: subnet-00c99aeafe2a70304 | ||
+ | zone: us-east-2a | ||
+ | - id: subnet-023b232fd5eb0028e | ||
+ | zone: us-east-2c | ||
+ | - id: subnet-03941e7ad6afeaa72 | ||
+ | zone: us-east-2a | ||
+ | |||
+ | # Resolved security groups | ||
+ | securityGroups: | ||
+ | - id: sg-041513b454818610b | ||
+ | name: ClusterSharedNodeSecurityGroup | ||
+ | - id: sg-0286715698b894bca | ||
+ | name: ControlPlaneSecurityGroup-1AQ073TSAAPW | ||
+ | |||
+ | # Resolved AMIs | ||
+ | amis: | ||
+ | - id: ami-01234567890123456 | ||
+ | name: custom-ami-amd64 | ||
+ | requirements: | ||
+ | - key: kubernetes.io/arch | ||
+ | operator: In | ||
+ | values: | ||
+ | - amd64 | ||
+ | - id: ami-01234567890123456 | ||
+ | name: custom-ami-arm64 | ||
+ | requirements: | ||
+ | - key: kubernetes.io/arch | ||
+ | operator: In | ||
+ | values: | ||
+ | - arm64 | ||
+ | |||
+ | # Generated instance profile name from "role" | ||
+ | instanceProfile: "${CLUSTER_NAME}-0123456778901234567789" | ||
+ | conditions: | ||
+ | - lastTransitionTime: "2024-02-02T19:54:34Z" | ||
+ | status: "True" | ||
+ | type: InstanceProfileReady | ||
+ | - lastTransitionTime: "2024-02-02T19:54:34Z" | ||
+ | status: "True" | ||
+ | type: SubnetsReady | ||
+ | - lastTransitionTime: "2024-02-02T19:54:34Z" | ||
+ | status: "True" | ||
+ | type: SecurityGroupsReady | ||
+ | - lastTransitionTime: "2024-02-02T19:54:34Z" | ||
+ | status: "True" | ||
+ | type: AMIsReady | ||
+ | - lastTransitionTime: "2024-02-02T19:54:34Z" | ||
+ | status: "True" | ||
+ | type: Ready | ||
+ | |||
+ | </pre> | ||
+ | |||
+ | |||
+ | == Related == | ||
* [[kind: Provisioner]] | * [[kind: Provisioner]] | ||
+ | * [[kind: NodePool]] | ||
== See also == | == See also == | ||
+ | * {{kind: EC2NodeClass}} | ||
* {{kubectl_manifest}} | * {{kubectl_manifest}} | ||
* {{Karpenter}} | * {{Karpenter}} | ||
[[Category:Karpenter]] | [[Category:Karpenter]] |
Latest revision as of 07:33, 2 October 2024
apiVersion: karpenter.sh/v1 kind: NodePool metadata: name: default spec: template: spec: nodeClassRef: group: karpenter.k8s.aws kind: EC2NodeClass name: default ---
apiVersion: karpenter.k8s.aws/v1 kind: EC2NodeClass metadata: name: default spec: kubelet: podsPerCore: 2 maxPods: 20 systemReserved: cpu: 100m memory: 100Mi ephemeral-storage: 1Gi kubeReserved: cpu: 200m memory: 100Mi ephemeral-storage: 3Gi evictionHard: memory.available: 5% nodefs.available: 10% nodefs.inodesFree: 10% evictionSoft: memory.available: 500Mi nodefs.available: 15% nodefs.inodesFree: 15% evictionSoftGracePeriod: memory.available: 1m nodefs.available: 1m30s nodefs.inodesFree: 2m evictionMaxPodGracePeriod: 60 imageGCHighThresholdPercent: 85 imageGCLowThresholdPercent: 80 cpuCFSQuota: true clusterDNS: ["10.0.1.100"] # Optional, dictates UserData generation and default block device mappings. # May be ommited when using an `alias` amiSelectorTerm, otherwise required. amiFamily: AL2 # Required, discovers subnets to attach to instances # Each term in the array of subnetSelectorTerms is ORed together # Within a single term, all conditions are ANDed subnetSelectorTerms: # Select on any subnet that has the "karpenter.sh/discovery: ${CLUSTER_NAME}" # AND the "environment: test" tag OR any subnet with ID "subnet-09fa4a0a8f233a921" - tags: karpenter.sh/discovery: "${CLUSTER_NAME}" environment: test - id: subnet-09fa4a0a8f233a921 # Required, discovers security groups to attach to instances # Each term in the array of securityGroupSelectorTerms is ORed together # Within a single term, all conditions are ANDed securityGroupSelectorTerms: # Select on any security group that has both the "karpenter.sh/discovery: ${CLUSTER_NAME}" tag # AND the "environment: test" tag OR any security group with the "my-security-group" name # OR any security group with ID "sg-063d7acfb4b06c82c" - tags: karpenter.sh/discovery: "${CLUSTER_NAME}" environment: test - name: my-security-group - id: sg-063d7acfb4b06c82c # Optional, IAM role to use for the node identity. # The "role" field is immutable after EC2NodeClass creation. This may change in the # future, but this restriction is currently in place today to ensure that Karpenter # avoids leaking managed instance profiles in your account. # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes role: "KarpenterNodeRole-${CLUSTER_NAME}" # Optional, IAM instance profile to use for the node identity. # Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes instanceProfile: "KarpenterNodeInstanceProfile-${CLUSTER_NAME}" # Each term in the array of amiSelectorTerms is ORed together # Within a single term, all conditions are ANDed amiSelectorTerms: # Select on any AMI that has both the `karpenter.sh/discovery: ${CLUSTER_NAME}` # AND `environment: test` tags OR any AMI with the name `my-ami` OR an AMI with # ID `ami-123` - tags: karpenter.sh/discovery: "${CLUSTER_NAME}" environment: test - name: my-ami - id: ami-123 # Select EKS optimized AL2023 AMIs with version `v20240703`. This term is mutually # exclusive and can't be specified with other terms. # - alias: al2023@v20240703 # Optional, propagates tags to underlying EC2 resources tags: team: team-a app: team-a-app # Optional, configures IMDS for the instance metadataOptions: httpEndpoint: enabled httpProtocolIPv6: disabled httpPutResponseHopLimit: 1 # This is changed to disable IMDS access from containers not on the host network httpTokens: required # Optional, configures storage devices for the instance blockDeviceMappings: - deviceName: /dev/xvda ebs: volumeSize: 100Gi volumeType: gp3 iops: 10000 encrypted: true kmsKeyID: "1234abcd-12ab-34cd-56ef-1234567890ab" deleteOnTermination: true throughput: 125 snapshotID: snap-0123456789 # Optional, use instance-store volumes for node ephemeral-storage instanceStorePolicy: RAID0 # Optional, overrides autogenerated userdata with a merge semantic userData: | echo "Hello world" # Optional, configures detailed monitoring for the instance detailedMonitoring: true # Optional, configures if the instance should be launched with an associated public IP address. # If not specified, the default value depends on the subnet's public IP auto-assign setting. associatePublicIPAddress: true status: # Resolved subnets subnets: - id: subnet-0a462d98193ff9fac zone: us-east-2b - id: subnet-0322dfafd76a609b6 zone: us-east-2c - id: subnet-0727ef01daf4ac9fe zone: us-east-2b - id: subnet-00c99aeafe2a70304 zone: us-east-2a - id: subnet-023b232fd5eb0028e zone: us-east-2c - id: subnet-03941e7ad6afeaa72 zone: us-east-2a # Resolved security groups securityGroups: - id: sg-041513b454818610b name: ClusterSharedNodeSecurityGroup - id: sg-0286715698b894bca name: ControlPlaneSecurityGroup-1AQ073TSAAPW # Resolved AMIs amis: - id: ami-01234567890123456 name: custom-ami-amd64 requirements: - key: kubernetes.io/arch operator: In values: - amd64 - id: ami-01234567890123456 name: custom-ami-arm64 requirements: - key: kubernetes.io/arch operator: In values: - arm64 # Generated instance profile name from "role" instanceProfile: "${CLUSTER_NAME}-0123456778901234567789" conditions: - lastTransitionTime: "2024-02-02T19:54:34Z" status: "True" type: InstanceProfileReady - lastTransitionTime: "2024-02-02T19:54:34Z" status: "True" type: SubnetsReady - lastTransitionTime: "2024-02-02T19:54:34Z" status: "True" type: SecurityGroupsReady - lastTransitionTime: "2024-02-02T19:54:34Z" status: "True" type: AMIsReady - lastTransitionTime: "2024-02-02T19:54:34Z" status: "True" type: Ready
Related[edit]
See also[edit]
- kind: EC2NodeClass, amiFamily
kubectl_manifest
, 32 seconds- Karpenter,
karpenter.sh, provisioners.karpenter.sh
, Karpenter releases, best practices,karpenter.sh/capacity-type, karpenter.sh/discovery
,kind: Provisioner, kind: AWSNodeTemplate
,kubectl provisioner
,TopologyKey, FailedDraining, Evict, DisruptionBlocked
, Karpenter logs,controller., ttlSecondsUntilExpired
, KEDA, NodePools, Kind: NodePool, Workload Consolidation, Disruption controls
Advertising: