v1

package
v0.34.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2024 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Overview

+k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:defaulter-gen=TypeMeta +groupName=karpenter.k8s.aws

Index

Constants

View Source
const (
	ConditionTypeSubnetsReady         = "SubnetsReady"
	ConditionTypeSecurityGroupsReady  = "SecurityGroupsReady"
	ConditionTypeAMIsReady            = "AMIsReady"
	ConditionTypeInstanceProfileReady = "InstanceProfileReady"
)
View Source
const (
	Group              = "karpenter.k8s.aws"
	CompatibilityGroup = "compatibility." + Group
)
View Source
const (
	AliasVersionLatest = "latest"
)
View Source
const EC2NodeClassHashVersion = "v3"

We need to bump the EC2NodeClassHashVersion when we make an update to the EC2NodeClass CRD under these conditions: 1. A field changes its default value for an existing field that is already hashed 2. A field is added to the hash calculation with an already-set value 3. A field is removed from the hash calculations

Variables

View Source
var (
	TerminationFinalizer   = Group + "/termination"
	AWSToKubeArchitectures = map[string]string{
		"x86_64":                 karpv1.ArchitectureAmd64,
		karpv1.ArchitectureArm64: karpv1.ArchitectureArm64,
	}
	WellKnownArchitectures = sets.NewString(
		karpv1.ArchitectureAmd64,
		karpv1.ArchitectureArm64,
	)
	RestrictedLabelDomains = []string{
		Group,
	}
	RestrictedTagPatterns = []*regexp.Regexp{

		regexp.MustCompile(`^kubernetes\.io/cluster/[0-9A-Za-z][A-Za-z0-9\-_]*$`),
		regexp.MustCompile(fmt.Sprintf("^%s$", regexp.QuoteMeta(karpv1.NodePoolLabelKey))),
		regexp.MustCompile(fmt.Sprintf("^%s$", regexp.QuoteMeta(EKSClusterNameTagKey))),
		regexp.MustCompile(fmt.Sprintf("^%s$", regexp.QuoteMeta(LabelNodeClass))),
		regexp.MustCompile(fmt.Sprintf("^%s$", regexp.QuoteMeta(TagNodeClaim))),
	}
	AMIFamilyBottlerocket                          = "Bottlerocket"
	AMIFamilyAL2                                   = "AL2"
	AMIFamilyAL2023                                = "AL2023"
	AMIFamilyUbuntu                                = "Ubuntu"
	AMIFamilyWindows2019                           = "Windows2019"
	AMIFamilyWindows2022                           = "Windows2022"
	AMIFamilyCustom                                = "Custom"
	Windows2019                                    = "2019"
	Windows2022                                    = "2022"
	WindowsCore                                    = "Core"
	Windows2019Build                               = "10.0.17763"
	Windows2022Build                               = "10.0.20348"
	ResourceNVIDIAGPU          corev1.ResourceName = "nvidia.com/gpu"
	ResourceAMDGPU             corev1.ResourceName = "amd.com/gpu"
	ResourceAWSNeuron          corev1.ResourceName = "aws.amazon.com/neuron"
	ResourceHabanaGaudi        corev1.ResourceName = "habana.ai/gaudi"
	ResourceAWSPodENI          corev1.ResourceName = "vpc.amazonaws.com/pod-eni"
	ResourcePrivateIPv4Address corev1.ResourceName = "vpc.amazonaws.com/PrivateIPv4Address"
	ResourceEFA                corev1.ResourceName = "vpc.amazonaws.com/efa"

	EKSClusterNameTagKey = "eks:eks-cluster-name"

	LabelNodeClass = Group + "/ec2nodeclass"

	LabelTopologyZoneID = "topology.k8s.aws/zone-id"

	LabelInstanceHypervisor                   = Group + "/instance-hypervisor"
	LabelInstanceEncryptionInTransitSupported = Group + "/instance-encryption-in-transit-supported"
	LabelInstanceCategory                     = Group + "/instance-category"
	LabelInstanceFamily                       = Group + "/instance-family"
	LabelInstanceGeneration                   = Group + "/instance-generation"
	LabelInstanceLocalNVME                    = Group + "/instance-local-nvme"
	LabelInstanceSize                         = Group + "/instance-size"
	LabelInstanceCPU                          = Group + "/instance-cpu"
	LabelInstanceCPUManufacturer              = Group + "/instance-cpu-manufacturer"
	LabelInstanceMemory                       = Group + "/instance-memory"
	LabelInstanceEBSBandwidth                 = Group + "/instance-ebs-bandwidth"
	LabelInstanceNetworkBandwidth             = Group + "/instance-network-bandwidth"
	LabelInstanceGPUName                      = Group + "/instance-gpu-name"
	LabelInstanceGPUManufacturer              = Group + "/instance-gpu-manufacturer"
	LabelInstanceGPUCount                     = Group + "/instance-gpu-count"
	LabelInstanceGPUMemory                    = Group + "/instance-gpu-memory"
	LabelInstanceAcceleratorName              = Group + "/instance-accelerator-name"
	LabelInstanceAcceleratorManufacturer      = Group + "/instance-accelerator-manufacturer"
	LabelInstanceAcceleratorCount             = Group + "/instance-accelerator-count"
	AnnotationEC2NodeClassHash                = Group + "/ec2nodeclass-hash"
	AnnotationKubeletCompatibilityHash        = CompatibilityGroup + "/kubelet-drift-hash"
	AnnotationEC2NodeClassHashVersion         = Group + "/ec2nodeclass-hash-version"
	AnnotationInstanceTagged                  = Group + "/tagged"

	AnnotationUbuntuCompatibilityKey                 = CompatibilityGroup + "/v1beta1-ubuntu"
	AnnotationUbuntuCompatibilityIncompatible        = "incompatible"
	AnnotationUbuntuCompatibilityAMIFamily           = "amiFamily"
	AnnotationUbuntuCompatibilityBlockDeviceMappings = "blockDeviceMappings"

	TagNodeClaim                           = karpv1.Group + "/nodeclaim"
	TagManagedLaunchTemplate               = Group + "/cluster"
	AnnotationAliasVersionCompatibilityKey = CompatibilityGroup + "/v1-alias-version"

	TagName = "Name"
)
View Source
var (
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: "v1"}
	SchemeBuilder      = runtime.NewSchemeBuilder(func(scheme *runtime.Scheme) error {
		scheme.AddKnownTypes(SchemeGroupVersion,
			&EC2NodeClass{},
			&EC2NodeClassList{},
		)
		metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
		return nil
	})
)

Functions

This section is empty.

Types

type AMI

type AMI struct {
	// ID of the AMI
	// +required
	ID string `json:"id"`
	// Name of the AMI
	// +optional
	Name string `json:"name,omitempty"`
	// Requirements of the AMI to be utilized on an instance type
	// +required
	Requirements []corev1.NodeSelectorRequirement `json:"requirements"`
}

AMI contains resolved AMI selector values utilized for node launch

func (*AMI) DeepCopy

func (in *AMI) DeepCopy() *AMI

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AMI.

func (*AMI) DeepCopyInto

func (in *AMI) DeepCopyInto(out *AMI)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AMISelectorTerm

type AMISelectorTerm struct {
	// Alias specifies which EKS optimized AMI to select.
	// Each alias consists of a family and an AMI version, specified as "family@version".
	// Valid families include: al2, al2023, bottlerocket, windows2019, and windows2022.
	// The version can either be pinned to a specific AMI release, with that AMIs version format (ex: "al2023@v20240625" or "bottlerocket@v1.10.0").
	// The version can also be set to "latest" for any family. Setting the version to latest will result in drift when a new AMI is released. This is **not** recommended for production environments.
	// Note: The Windows families do **not** support version pinning, and only latest may be used.
	// +kubebuilder:validation:XValidation:message="'alias' is improperly formatted, must match the format 'family@version'",rule="self.matches('^[a-zA-Z0-9]*@.*$')"
	// +kubebuilder:validation:XValidation:message="family is not supported, must be one of the following: 'al2', 'al2023', 'bottlerocket', 'windows2019', 'windows2022'",rule="self.find('^[^@]+') in ['al2','al2023','bottlerocket','windows2019','windows2022']"
	// +kubebuilder:validation:MaxLength=30
	// +optional
	Alias string `json:"alias,omitempty"`
	// Tags is a map of key/value tags used to select subnets
	// Specifying '*' for a value selects all values for a given tag key.
	// +kubebuilder:validation:XValidation:message="empty tag keys or values aren't supported",rule="self.all(k, k != ” && self[k] != ”)"
	// +kubebuilder:validation:MaxProperties:=20
	// +optional
	Tags map[string]string `json:"tags,omitempty"`
	// ID is the ami id in EC2
	// +kubebuilder:validation:Pattern:="ami-[0-9a-z]+"
	// +optional
	ID string `json:"id,omitempty"`
	// Name is the ami name in EC2.
	// This value is the name field, which is different from the name tag.
	// +optional
	Name string `json:"name,omitempty"`
	// Owner is the owner for the ami.
	// You can specify a combination of AWS account IDs, "self", "amazon", and "aws-marketplace"
	// +optional
	Owner string `json:"owner,omitempty"`
}

AMISelectorTerm defines selection logic for an ami used by Karpenter to launch nodes. If multiple fields are used for selection, the requirements are ANDed.

func (*AMISelectorTerm) DeepCopy

func (in *AMISelectorTerm) DeepCopy() *AMISelectorTerm

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AMISelectorTerm.

func (*AMISelectorTerm) DeepCopyInto

func (in *AMISelectorTerm) DeepCopyInto(out *AMISelectorTerm)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Alias added in v0.34.12

type Alias struct {
	Family  string
	Version string
}

func (*Alias) DeepCopy added in v0.34.12

func (in *Alias) DeepCopy() *Alias

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Alias.

func (*Alias) DeepCopyInto added in v0.34.12

func (in *Alias) DeepCopyInto(out *Alias)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Alias) String added in v0.34.12

func (a *Alias) String() string

type BlockDevice

type BlockDevice struct {
	// DeleteOnTermination indicates whether the EBS volume is deleted on instance termination.
	// +optional
	DeleteOnTermination *bool `json:"deleteOnTermination,omitempty"`
	// Encrypted indicates whether the EBS volume is encrypted. Encrypted volumes can only
	// be attached to instances that support Amazon EBS encryption. If you are creating
	// a volume from a snapshot, you can't specify an encryption value.
	// +optional
	Encrypted *bool `json:"encrypted,omitempty"`
	// IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes,
	// this represents the number of IOPS that are provisioned for the volume. For
	// gp2 volumes, this represents the baseline performance of the volume and the
	// rate at which the volume accumulates I/O credits for bursting.
	//
	// The following are the supported values for each volume type:
	//
	//    * gp3: 3,000-16,000 IOPS
	//
	//    * io1: 100-64,000 IOPS
	//
	//    * io2: 100-64,000 IOPS
	//
	// For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built
	// on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).
	// Other instance families guarantee performance up to 32,000 IOPS.
	//
	// This parameter is supported for io1, io2, and gp3 volumes only. This parameter
	// is not supported for gp2, st1, sc1, or standard volumes.
	// +optional
	IOPS *int64 `json:"iops,omitempty"`
	// KMSKeyID (ARN) of the symmetric Key Management Service (KMS) CMK used for encryption.
	// +optional
	KMSKeyID *string `json:"kmsKeyID,omitempty"`
	// SnapshotID is the ID of an EBS snapshot
	// +optional
	SnapshotID *string `json:"snapshotID,omitempty"`
	// Throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s.
	// Valid Range: Minimum value of 125. Maximum value of 1000.
	// +optional
	Throughput *int64 `json:"throughput,omitempty"`
	// VolumeSize in `Gi`, `G`, `Ti`, or `T`. You must specify either a snapshot ID or
	// a volume size. The following are the supported volumes sizes for each volume
	// type:
	//
	//    * gp2 and gp3: 1-16,384
	//
	//    * io1 and io2: 4-16,384
	//
	//    * st1 and sc1: 125-16,384
	//
	//    * standard: 1-1,024
	// + TODO: Add the CEL resources.quantity type after k8s 1.29
	// + https://github.com/kubernetes/apiserver/commit/b137c256373aec1c5d5810afbabb8932a19ecd2a#diff-838176caa5882465c9d6061febd456397a3e2b40fb423ed36f0cabb1847ecb4dR190
	// +kubebuilder:validation:Pattern:="^((?:[1-9][0-9]{0,3}|[1-4][0-9]{4}|[5][0-8][0-9]{3}|59000)Gi|(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-3][0-9]{3}|64000)G|([1-9]||[1-5][0-7]|58)Ti|([1-9]||[1-5][0-9]|6[0-3]|64)T)$"
	// +kubebuilder:validation:Schemaless
	// +kubebuilder:validation:Type:=string
	// +optional
	VolumeSize *resource.Quantity `json:"volumeSize,omitempty" hash:"string"`
	// VolumeType of the block device.
	// For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	// +kubebuilder:validation:Enum:={standard,io1,io2,gp2,sc1,st1,gp3}
	// +optional
	VolumeType *string `json:"volumeType,omitempty"`
}

func (*BlockDevice) DeepCopy

func (in *BlockDevice) DeepCopy() *BlockDevice

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockDevice.

func (*BlockDevice) DeepCopyInto

func (in *BlockDevice) DeepCopyInto(out *BlockDevice)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BlockDeviceMapping

type BlockDeviceMapping struct {
	// The device name (for example, /dev/sdh or xvdh).
	// +optional
	DeviceName *string `json:"deviceName,omitempty"`
	// EBS contains parameters used to automatically set up EBS volumes when an instance is launched.
	// +kubebuilder:validation:XValidation:message="snapshotID or volumeSize must be defined",rule="has(self.snapshotID) || has(self.volumeSize)"
	// +optional
	EBS *BlockDevice `json:"ebs,omitempty"`
	// RootVolume is a flag indicating if this device is mounted as kubelet root dir. You can
	// configure at most one root volume in BlockDeviceMappings.
	RootVolume bool `json:"rootVolume,omitempty"`
}

func (*BlockDeviceMapping) DeepCopy

func (in *BlockDeviceMapping) DeepCopy() *BlockDeviceMapping

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockDeviceMapping.

func (*BlockDeviceMapping) DeepCopyInto

func (in *BlockDeviceMapping) DeepCopyInto(out *BlockDeviceMapping)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EC2NodeClass

type EC2NodeClass struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// +kubebuilder:validation:XValidation:message="must specify exactly one of ['role', 'instanceProfile']",rule="(has(self.role) && !has(self.instanceProfile)) || (!has(self.role) && has(self.instanceProfile))"
	// +kubebuilder:validation:XValidation:message="changing from 'instanceProfile' to 'role' is not supported. You must delete and recreate this node class if you want to change this.",rule="(has(oldSelf.role) && has(self.role)) || (has(oldSelf.instanceProfile) && has(self.instanceProfile))"
	// +kubebuilder:validation:XValidation:message="if set, amiFamily must be 'AL2' or 'Custom' when using an AL2 alias",rule="!has(self.amiFamily) || (self.amiSelectorTerms.exists(x, has(x.alias) && x.alias.find('^[^@]+') == 'al2') ? (self.amiFamily == 'Custom' || self.amiFamily == 'AL2') : true)"
	// +kubebuilder:validation:XValidation:message="if set, amiFamily must be 'AL2023' or 'Custom' when using an AL2023 alias",rule="!has(self.amiFamily) || (self.amiSelectorTerms.exists(x, has(x.alias) && x.alias.find('^[^@]+') == 'al2023') ? (self.amiFamily == 'Custom' || self.amiFamily == 'AL2023') : true)"
	// +kubebuilder:validation:XValidation:message="if set, amiFamily must be 'Bottlerocket' or 'Custom' when using a Bottlerocket alias",rule="!has(self.amiFamily) || (self.amiSelectorTerms.exists(x, has(x.alias) && x.alias.find('^[^@]+') == 'bottlerocket') ? (self.amiFamily == 'Custom' || self.amiFamily == 'Bottlerocket') : true)"
	// +kubebuilder:validation:XValidation:message="if set, amiFamily must be 'Windows2019' or 'Custom' when using a Windows2019 alias",rule="!has(self.amiFamily) || (self.amiSelectorTerms.exists(x, has(x.alias) && x.alias.find('^[^@]+') == 'windows2019') ? (self.amiFamily == 'Custom' || self.amiFamily == 'Windows2019') : true)"
	// +kubebuilder:validation:XValidation:message="if set, amiFamily must be 'Windows2022' or 'Custom' when using a Windows2022 alias",rule="!has(self.amiFamily) || (self.amiSelectorTerms.exists(x, has(x.alias) && x.alias.find('^[^@]+') == 'windows2022') ? (self.amiFamily == 'Custom' || self.amiFamily == 'Windows2022') : true)"
	// +kubebuilder:validation:XValidation:message="must specify amiFamily if amiSelectorTerms does not contain an alias",rule="self.amiSelectorTerms.exists(x, has(x.alias)) ? true : has(self.amiFamily)"
	Spec   EC2NodeClassSpec   `json:"spec,omitempty"`
	Status EC2NodeClassStatus `json:"status,omitempty"`
}

EC2NodeClass is the Schema for the EC2NodeClass API +kubebuilder:object:root=true +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" +kubebuilder:printcolumn:name="Role",type="string",JSONPath=".spec.role",priority=1,description="" +kubebuilder:resource:path=ec2nodeclasses,scope=Cluster,categories=karpenter,shortName={ec2nc,ec2ncs} +kubebuilder:subresource:status

func (*EC2NodeClass) AMIFamily

func (in *EC2NodeClass) AMIFamily() string

AMIFamily returns the family for a NodePool based on the following items, in order of precdence:

  • ec2nodeclass.spec.amiFamily
  • ec2nodeclass.spec.amiSelectorTerms[].alias

If an alias is specified, ec2nodeclass.spec.amiFamily must match that alias, or be 'Custom' (enforced via validation).

func (*EC2NodeClass) Alias added in v0.34.12

func (in *EC2NodeClass) Alias() *Alias

func (*EC2NodeClass) ConvertFrom

func (in *EC2NodeClass) ConvertFrom(ctx context.Context, from apis.Convertible) error

func (*EC2NodeClass) ConvertTo

func (in *EC2NodeClass) ConvertTo(ctx context.Context, to apis.Convertible) error

func (*EC2NodeClass) DeepCopy

func (in *EC2NodeClass) DeepCopy() *EC2NodeClass

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2NodeClass.

func (*EC2NodeClass) DeepCopyInto

func (in *EC2NodeClass) DeepCopyInto(out *EC2NodeClass)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EC2NodeClass) DeepCopyObject

func (in *EC2NodeClass) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*EC2NodeClass) GetConditions

func (in *EC2NodeClass) GetConditions() []status.Condition

func (*EC2NodeClass) Hash

func (in *EC2NodeClass) Hash() string

func (*EC2NodeClass) InstanceProfileName

func (in *EC2NodeClass) InstanceProfileName(clusterName, region string) string

func (*EC2NodeClass) InstanceProfileRole

func (in *EC2NodeClass) InstanceProfileRole() string

func (*EC2NodeClass) InstanceProfileTags

func (in *EC2NodeClass) InstanceProfileTags(clusterName string) map[string]string

func (*EC2NodeClass) SetConditions

func (in *EC2NodeClass) SetConditions(conditions []status.Condition)

func (*EC2NodeClass) SetDefaults

func (in *EC2NodeClass) SetDefaults(_ context.Context)

SetDefaults for the EC2NodeClass

func (*EC2NodeClass) StatusConditions

func (in *EC2NodeClass) StatusConditions() status.ConditionSet

func (*EC2NodeClass) UbuntuIncompatible

func (in *EC2NodeClass) UbuntuIncompatible() bool

UbuntuIncompatible returns true if the NodeClass has the ubuntu compatibility annotation. This will cause the NodeClass to show as NotReady in its status conditions, opting its referencing NodePools out of provisioning and drift.

type EC2NodeClassList

type EC2NodeClassList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []EC2NodeClass `json:"items"`
}

EC2NodeClassList contains a list of EC2NodeClass +kubebuilder:object:root=true

func (*EC2NodeClassList) DeepCopy

func (in *EC2NodeClassList) DeepCopy() *EC2NodeClassList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2NodeClassList.

func (*EC2NodeClassList) DeepCopyInto

func (in *EC2NodeClassList) DeepCopyInto(out *EC2NodeClassList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EC2NodeClassList) DeepCopyObject

func (in *EC2NodeClassList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type EC2NodeClassSpec

type EC2NodeClassSpec struct {
	// SubnetSelectorTerms is a list of or subnet selector terms. The terms are ORed.
	// +kubebuilder:validation:XValidation:message="subnetSelectorTerms cannot be empty",rule="self.size() != 0"
	// +kubebuilder:validation:XValidation:message="expected at least one, got none, ['tags', 'id']",rule="self.all(x, has(x.tags) || has(x.id))"
	// +kubebuilder:validation:XValidation:message="'id' is mutually exclusive, cannot be set with a combination of other fields in subnetSelectorTerms",rule="!self.all(x, has(x.id) && has(x.tags))"
	// +kubebuilder:validation:MaxItems:=30
	// +required
	SubnetSelectorTerms []SubnetSelectorTerm `json:"subnetSelectorTerms" hash:"ignore"`
	// SecurityGroupSelectorTerms is a list of or security group selector terms. The terms are ORed.
	// +kubebuilder:validation:XValidation:message="securityGroupSelectorTerms cannot be empty",rule="self.size() != 0"
	// +kubebuilder:validation:XValidation:message="expected at least one, got none, ['tags', 'id', 'name']",rule="self.all(x, has(x.tags) || has(x.id) || has(x.name))"
	// +kubebuilder:validation:XValidation:message="'id' is mutually exclusive, cannot be set with a combination of other fields in securityGroupSelectorTerms",rule="!self.all(x, has(x.id) && (has(x.tags) || has(x.name)))"
	// +kubebuilder:validation:XValidation:message="'name' is mutually exclusive, cannot be set with a combination of other fields in securityGroupSelectorTerms",rule="!self.all(x, has(x.name) && (has(x.tags) || has(x.id)))"
	// +kubebuilder:validation:MaxItems:=30
	// +required
	SecurityGroupSelectorTerms []SecurityGroupSelectorTerm `json:"securityGroupSelectorTerms" hash:"ignore"`
	// AssociatePublicIPAddress controls if public IP addresses are assigned to instances that are launched with the nodeclass.
	// +optional
	AssociatePublicIPAddress *bool `json:"associatePublicIPAddress,omitempty"`
	// AMISelectorTerms is a list of or ami selector terms. The terms are ORed.
	// +kubebuilder:validation:XValidation:message="expected at least one, got none, ['tags', 'id', 'name', 'alias']",rule="self.all(x, has(x.tags) || has(x.id) || has(x.name) || has(x.alias))"
	// +kubebuilder:validation:XValidation:message="'id' is mutually exclusive, cannot be set with a combination of other fields in amiSelectorTerms",rule="!self.exists(x, has(x.id) && (has(x.alias) || has(x.tags) || has(x.name) || has(x.owner)))"
	// +kubebuilder:validation:XValidation:message="'alias' is mutually exclusive, cannot be set with a combination of other fields in amiSelectorTerms",rule="!self.exists(x, has(x.alias) && (has(x.id) || has(x.tags) || has(x.name) || has(x.owner)))"
	// +kubebuilder:validation:XValidation:message="'alias' is mutually exclusive, cannot be set with a combination of other amiSelectorTerms",rule="!(self.exists(x, has(x.alias)) && self.size() != 1)"
	// +kubebuilder:validation:MinItems:=1
	// +kubebuilder:validation:MaxItems:=30
	// +required
	AMISelectorTerms []AMISelectorTerm `json:"amiSelectorTerms" hash:"ignore"`
	// AMIFamily dictates the UserData format and default BlockDeviceMappings used when generating launch templates.
	// This field is optional when using an alias amiSelectorTerm, and the value will be inferred from the alias'
	// family. When an alias is specified, this field may only be set to its corresponding family or 'Custom'. If no
	// alias is specified, this field is required.
	// NOTE: We ignore the AMIFamily for hashing here because we hash the AMIFamily dynamically by using the alias using
	// the AMIFamily() helper function
	// +kubebuilder:validation:Enum:={AL2,AL2023,Bottlerocket,Custom,Windows2019,Windows2022}
	// +optional
	AMIFamily *string `json:"amiFamily,omitempty" hash:"ignore"`
	// UserData to be applied to the provisioned nodes.
	// It must be in the appropriate format based on the AMIFamily in use. Karpenter will merge certain fields into
	// this UserData to ensure nodes are being provisioned with the correct configuration.
	// +optional
	UserData *string `json:"userData,omitempty"`
	// Role is the AWS identity that nodes use. This field is immutable.
	// This field is mutually exclusive from instanceProfile.
	// Marking this field as immutable avoids concerns around terminating managed instance profiles from running instances.
	// This field may be made mutable in the future, assuming the correct garbage collection and drift handling is implemented
	// for the old instance profiles on an update.
	// +kubebuilder:validation:XValidation:rule="self != ”",message="role cannot be empty"
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="immutable field changed"
	// +optional
	Role string `json:"role,omitempty"`
	// InstanceProfile is the AWS entity that instances use.
	// This field is mutually exclusive from role.
	// The instance profile should already have a role assigned to it that Karpenter
	//  has PassRole permission on for instance launch using this instanceProfile to succeed.
	// +kubebuilder:validation:XValidation:rule="self != ”",message="instanceProfile cannot be empty"
	// +optional
	InstanceProfile *string `json:"instanceProfile,omitempty"`
	// Tags to be applied on ec2 resources like instances and launch templates.
	// +kubebuilder:validation:XValidation:message="empty tag keys aren't supported",rule="self.all(k, k != ”)"
	// +kubebuilder:validation:XValidation:message="tag contains a restricted tag matching eks:eks-cluster-name",rule="self.all(k, k !='eks:eks-cluster-name')"
	// +kubebuilder:validation:XValidation:message="tag contains a restricted tag matching kubernetes.io/cluster/",rule="self.all(k, !k.startsWith('kubernetes.io/cluster') )"
	// +kubebuilder:validation:XValidation:message="tag contains a restricted tag matching karpenter.sh/nodepool",rule="self.all(k, k != 'karpenter.sh/nodepool')"
	// +kubebuilder:validation:XValidation:message="tag contains a restricted tag matching karpenter.sh/nodeclaim",rule="self.all(k, k !='karpenter.sh/nodeclaim')"
	// +kubebuilder:validation:XValidation:message="tag contains a restricted tag matching karpenter.k8s.aws/ec2nodeclass",rule="self.all(k, k !='karpenter.k8s.aws/ec2nodeclass')"
	// +optional
	Tags map[string]string `json:"tags,omitempty"`
	// Kubelet defines args to be used when configuring kubelet on provisioned nodes.
	// They are a subset of the upstream types, recognizing not all options may be supported.
	// Wherever possible, the types and names should reflect the upstream kubelet types.
	// +kubebuilder:validation:XValidation:message="imageGCHighThresholdPercent must be greater than imageGCLowThresholdPercent",rule="has(self.imageGCHighThresholdPercent) && has(self.imageGCLowThresholdPercent) ?  self.imageGCHighThresholdPercent > self.imageGCLowThresholdPercent  : true"
	// +kubebuilder:validation:XValidation:message="evictionSoft OwnerKey does not have a matching evictionSoftGracePeriod",rule="has(self.evictionSoft) ? self.evictionSoft.all(e, (e in self.evictionSoftGracePeriod)):true"
	// +kubebuilder:validation:XValidation:message="evictionSoftGracePeriod OwnerKey does not have a matching evictionSoft",rule="has(self.evictionSoftGracePeriod) ? self.evictionSoftGracePeriod.all(e, (e in self.evictionSoft)):true"
	// +optional
	Kubelet *KubeletConfiguration `json:"kubelet,omitempty" hash:"ignore"`
	// BlockDeviceMappings to be applied to provisioned nodes.
	// +kubebuilder:validation:XValidation:message="must have only one blockDeviceMappings with rootVolume",rule="self.filter(x, has(x.rootVolume)?x.rootVolume==true:false).size() <= 1"
	// +kubebuilder:validation:MaxItems:=50
	// +optional
	BlockDeviceMappings []*BlockDeviceMapping `json:"blockDeviceMappings,omitempty"`
	// InstanceStorePolicy specifies how to handle instance-store disks.
	// +optional
	InstanceStorePolicy *InstanceStorePolicy `json:"instanceStorePolicy,omitempty"`
	// DetailedMonitoring controls if detailed monitoring is enabled for instances that are launched
	// +optional
	DetailedMonitoring *bool `json:"detailedMonitoring,omitempty"`
	// MetadataOptions for the generated launch template of provisioned nodes.
	//
	// This specifies the exposure of the Instance Metadata Service to
	// provisioned EC2 nodes. For more information,
	// see Instance Metadata and User Data
	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
	// in the Amazon Elastic Compute Cloud User Guide.
	//
	// Refer to recommended, security best practices
	// (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)
	// for limiting exposure of Instance Metadata and User Data to pods.
	// If omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6
	// disabled, with httpPutResponseLimit of 1, and with httpTokens
	// required.
	// +kubebuilder:default={"httpEndpoint":"enabled","httpProtocolIPv6":"disabled","httpPutResponseHopLimit":1,"httpTokens":"required"}
	// +optional
	MetadataOptions *MetadataOptions `json:"metadataOptions,omitempty"`
	// Context is a Reserved field in EC2 APIs
	// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html
	// +optional
	Context *string `json:"context,omitempty"`
}

EC2NodeClassSpec is the top level specification for the AWS Karpenter Provider. This will contain configuration necessary to launch instances in AWS.

func (*EC2NodeClassSpec) DeepCopy

func (in *EC2NodeClassSpec) DeepCopy() *EC2NodeClassSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2NodeClassSpec.

func (*EC2NodeClassSpec) DeepCopyInto

func (in *EC2NodeClassSpec) DeepCopyInto(out *EC2NodeClassSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EC2NodeClassStatus

type EC2NodeClassStatus struct {
	// Subnets contains the current Subnet values that are available to the
	// cluster under the subnet selectors.
	// +optional
	Subnets []Subnet `json:"subnets,omitempty"`
	// SecurityGroups contains the current Security Groups values that are available to the
	// cluster under the SecurityGroups selectors.
	// +optional
	SecurityGroups []SecurityGroup `json:"securityGroups,omitempty"`
	// AMI contains the current AMI values that are available to the
	// cluster under the AMI selectors.
	// +optional
	AMIs []AMI `json:"amis,omitempty"`
	// InstanceProfile contains the resolved instance profile for the role
	// +optional
	InstanceProfile string `json:"instanceProfile,omitempty"`
	// Conditions contains signals for health and readiness
	// +optional
	Conditions []status.Condition `json:"conditions,omitempty"`
}

EC2NodeClassStatus contains the resolved state of the EC2NodeClass

func (*EC2NodeClassStatus) DeepCopy

func (in *EC2NodeClassStatus) DeepCopy() *EC2NodeClassStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2NodeClassStatus.

func (*EC2NodeClassStatus) DeepCopyInto

func (in *EC2NodeClassStatus) DeepCopyInto(out *EC2NodeClassStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InstanceStorePolicy

type InstanceStorePolicy string

InstanceStorePolicy enumerates options for configuring instance store disks. +kubebuilder:validation:Enum={RAID0}

const (
	// InstanceStorePolicyRAID0 configures a RAID-0 array that includes all ephemeral NVMe instance storage disks.
	// The containerd and kubelet state directories (`/var/lib/containerd` and `/var/lib/kubelet`) will then use the
	// ephemeral storage for more and faster node ephemeral-storage. The node's ephemeral storage can be shared among
	// pods that request ephemeral storage and container images that are downloaded to the node.
	InstanceStorePolicyRAID0 InstanceStorePolicy = "RAID0"
)

type KubeletConfiguration

type KubeletConfiguration struct {
	// clusterDNS is a list of IP addresses for the cluster DNS server.
	// Note that not all providers may use all addresses.
	//+optional
	ClusterDNS []string `json:"clusterDNS,omitempty"`
	// MaxPods is an override for the maximum number of pods that can run on
	// a worker node instance.
	// +kubebuilder:validation:Minimum:=0
	// +optional
	MaxPods *int32 `json:"maxPods,omitempty"`
	// PodsPerCore is an override for the number of pods that can run on a worker node
	// instance based on the number of cpu cores. This value cannot exceed MaxPods, so, if
	// MaxPods is a lower value, that value will be used.
	// +kubebuilder:validation:Minimum:=0
	// +optional
	PodsPerCore *int32 `json:"podsPerCore,omitempty"`
	// SystemReserved contains resources reserved for OS system daemons and kernel memory.
	// +kubebuilder:validation:XValidation:message="valid keys for systemReserved are ['cpu','memory','ephemeral-storage','pid']",rule="self.all(x, x=='cpu' || x=='memory' || x=='ephemeral-storage' || x=='pid')"
	// +kubebuilder:validation:XValidation:message="systemReserved value cannot be a negative resource quantity",rule="self.all(x, !self[x].startsWith('-'))"
	// +optional
	SystemReserved map[string]string `json:"systemReserved,omitempty"`
	// KubeReserved contains resources reserved for Kubernetes system components.
	// +kubebuilder:validation:XValidation:message="valid keys for kubeReserved are ['cpu','memory','ephemeral-storage','pid']",rule="self.all(x, x=='cpu' || x=='memory' || x=='ephemeral-storage' || x=='pid')"
	// +kubebuilder:validation:XValidation:message="kubeReserved value cannot be a negative resource quantity",rule="self.all(x, !self[x].startsWith('-'))"
	// +optional
	KubeReserved map[string]string `json:"kubeReserved,omitempty"`
	// EvictionHard is the map of signal names to quantities that define hard eviction thresholds
	// +kubebuilder:validation:XValidation:message="valid keys for evictionHard are ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available']",rule="self.all(x, x in ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available'])"
	// +optional
	EvictionHard map[string]string `json:"evictionHard,omitempty"`
	// EvictionSoft is the map of signal names to quantities that define soft eviction thresholds
	// +kubebuilder:validation:XValidation:message="valid keys for evictionSoft are ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available']",rule="self.all(x, x in ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available'])"
	// +optional
	EvictionSoft map[string]string `json:"evictionSoft,omitempty"`
	// EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal
	// +kubebuilder:validation:XValidation:message="valid keys for evictionSoftGracePeriod are ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available']",rule="self.all(x, x in ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available'])"
	// +optional
	EvictionSoftGracePeriod map[string]metav1.Duration `json:"evictionSoftGracePeriod,omitempty"`
	// EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in
	// response to soft eviction thresholds being met.
	// +optional
	EvictionMaxPodGracePeriod *int32 `json:"evictionMaxPodGracePeriod,omitempty"`
	// ImageGCHighThresholdPercent is the percent of disk usage after which image
	// garbage collection is always run. The percent is calculated by dividing this
	// field value by 100, so this field must be between 0 and 100, inclusive.
	// When specified, the value must be greater than ImageGCLowThresholdPercent.
	// +kubebuilder:validation:Minimum:=0
	// +kubebuilder:validation:Maximum:=100
	// +optional
	ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent,omitempty"`
	// ImageGCLowThresholdPercent is the percent of disk usage before which image
	// garbage collection is never run. Lowest disk usage to garbage collect to.
	// The percent is calculated by dividing this field value by 100,
	// so the field value must be between 0 and 100, inclusive.
	// When specified, the value must be less than imageGCHighThresholdPercent
	// +kubebuilder:validation:Minimum:=0
	// +kubebuilder:validation:Maximum:=100
	// +optional
	ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent,omitempty"`
	// CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits.
	// +optional
	CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty"`
}

KubeletConfiguration defines args to be used when configuring kubelet on provisioned nodes. They are a subset of the upstream types, recognizing not all options may be supported. Wherever possible, the types and names should reflect the upstream kubelet types. https://pkg.go.dev/k8s.io/kubelet/config/v1beta1#KubeletConfiguration https://github.com/kubernetes/kubernetes/blob/9f82d81e55cafdedab619ea25cabf5d42736dacf/cmd/kubelet/app/options/options.go#L53

func (*KubeletConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration.

func (*KubeletConfiguration) DeepCopyInto

func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MetadataOptions

type MetadataOptions struct {
	// HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned
	// nodes. If metadata options is non-nil, but this parameter is not specified,
	// the default state is "enabled".
	//
	// If you specify a value of "disabled", instance metadata will not be accessible
	// on the node.
	// +kubebuilder:default=enabled
	// +kubebuilder:validation:Enum:={enabled,disabled}
	// +optional
	HTTPEndpoint *string `json:"httpEndpoint,omitempty"`
	// HTTPProtocolIPv6 enables or disables the IPv6 endpoint for the instance metadata
	// service on provisioned nodes. If metadata options is non-nil, but this parameter
	// is not specified, the default state is "disabled".
	// +kubebuilder:default=disabled
	// +kubebuilder:validation:Enum:={enabled,disabled}
	// +optional
	HTTPProtocolIPv6 *string `json:"httpProtocolIPv6,omitempty"`
	// HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for
	// instance metadata requests. The larger the number, the further instance
	// metadata requests can travel. Possible values are integers from 1 to 64.
	// If metadata options is non-nil, but this parameter is not specified, the
	// default value is 1.
	// +kubebuilder:default=1
	// +kubebuilder:validation:Minimum:=1
	// +kubebuilder:validation:Maximum:=64
	// +optional
	HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"`
	// HTTPTokens determines the state of token usage for instance metadata
	// requests. If metadata options is non-nil, but this parameter is not
	// specified, the default state is "required".
	//
	// If the state is optional, one can choose to retrieve instance metadata with
	// or without a signed token header on the request. If one retrieves the IAM
	// role credentials without a token, the version 1.0 role credentials are
	// returned. If one retrieves the IAM role credentials using a valid signed
	// token, the version 2.0 role credentials are returned.
	//
	// If the state is "required", one must send a signed token header with any
	// instance metadata retrieval requests. In this state, retrieving the IAM
	// role credentials always returns the version 2.0 credentials; the version
	// 1.0 credentials are not available.
	// +kubebuilder:default=required
	// +kubebuilder:validation:Enum:={required,optional}
	// +optional
	HTTPTokens *string `json:"httpTokens,omitempty"`
}

MetadataOptions contains parameters for specifying the exposure of the Instance Metadata Service to provisioned EC2 nodes.

func (*MetadataOptions) DeepCopy

func (in *MetadataOptions) DeepCopy() *MetadataOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataOptions.

func (*MetadataOptions) DeepCopyInto

func (in *MetadataOptions) DeepCopyInto(out *MetadataOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecurityGroup

type SecurityGroup struct {
	// ID of the security group
	// +required
	ID string `json:"id"`
	// Name of the security group
	// +optional
	Name string `json:"name,omitempty"`
}

SecurityGroup contains resolved SecurityGroup selector values utilized for node launch

func (*SecurityGroup) DeepCopy

func (in *SecurityGroup) DeepCopy() *SecurityGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroup.

func (*SecurityGroup) DeepCopyInto

func (in *SecurityGroup) DeepCopyInto(out *SecurityGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecurityGroupSelectorTerm

type SecurityGroupSelectorTerm struct {
	// Tags is a map of key/value tags used to select subnets
	// Specifying '*' for a value selects all values for a given tag key.
	// +kubebuilder:validation:XValidation:message="empty tag keys or values aren't supported",rule="self.all(k, k != ” && self[k] != ”)"
	// +kubebuilder:validation:MaxProperties:=20
	// +optional
	Tags map[string]string `json:"tags,omitempty"`
	// ID is the security group id in EC2
	// +kubebuilder:validation:Pattern:="sg-[0-9a-z]+"
	// +optional
	ID string `json:"id,omitempty"`
	// Name is the security group name in EC2.
	// This value is the name field, which is different from the name tag.
	Name string `json:"name,omitempty"`
}

SecurityGroupSelectorTerm defines selection logic for a security group used by Karpenter to launch nodes. If multiple fields are used for selection, the requirements are ANDed.

func (*SecurityGroupSelectorTerm) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroupSelectorTerm.

func (*SecurityGroupSelectorTerm) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Subnet

type Subnet struct {
	// ID of the subnet
	// +required
	ID string `json:"id"`
	// The associated availability zone
	// +required
	Zone string `json:"zone"`
	// The associated availability zone ID
	// +optional
	ZoneID string `json:"zoneID,omitempty"`
}

Subnet contains resolved Subnet selector values utilized for node launch

func (*Subnet) DeepCopy

func (in *Subnet) DeepCopy() *Subnet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subnet.

func (*Subnet) DeepCopyInto

func (in *Subnet) DeepCopyInto(out *Subnet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SubnetSelectorTerm

type SubnetSelectorTerm struct {
	// Tags is a map of key/value tags used to select subnets
	// Specifying '*' for a value selects all values for a given tag key.
	// +kubebuilder:validation:XValidation:message="empty tag keys or values aren't supported",rule="self.all(k, k != ” && self[k] != ”)"
	// +kubebuilder:validation:MaxProperties:=20
	// +optional
	Tags map[string]string `json:"tags,omitempty"`
	// ID is the subnet id in EC2
	// +kubebuilder:validation:Pattern="subnet-[0-9a-z]+"
	// +optional
	ID string `json:"id,omitempty"`
}

SubnetSelectorTerm defines selection logic for a subnet used by Karpenter to launch nodes. If multiple fields are used for selection, the requirements are ANDed.

func (*SubnetSelectorTerm) DeepCopy

func (in *SubnetSelectorTerm) DeepCopy() *SubnetSelectorTerm

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetSelectorTerm.

func (*SubnetSelectorTerm) DeepCopyInto

func (in *SubnetSelectorTerm) DeepCopyInto(out *SubnetSelectorTerm)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL