From 0af6b0126e964eb6d042a259a107af6577abb30b Mon Sep 17 00:00:00 2001 From: Santosh K Date: Mon, 8 Apr 2024 11:51:31 +0530 Subject: [PATCH] docs changes in getting-started-with-karpenter doc to fix #5677 (#5989) --- .../getting-started-with-karpenter/_index.md | 20 ++++++++- .../scripts/step02-create-cluster-fargate.sh | 42 ++++++++++++++++--- .../scripts/step02-create-cluster.sh | 22 +--------- .../step08-apply-helm-chart-fargate.sh | 12 ++++++ .../getting-started-with-karpenter/_index.md | 20 ++++++++- .../scripts/step02-create-cluster-fargate.sh | 42 ++++++++++++++++--- .../scripts/step02-create-cluster.sh | 20 --------- .../step08-apply-helm-chart-fargate.sh | 12 ++++++ .../getting-started-with-karpenter/_index.md | 20 ++++++++- .../scripts/step02-create-cluster-fargate.sh | 42 ++++++++++++++++--- .../scripts/step02-create-cluster.sh | 20 --------- .../step08-apply-helm-chart-fargate.sh | 12 ++++++ .../getting-started-with-karpenter/_index.md | 20 ++++++++- .../scripts/step02-create-cluster-fargate.sh | 42 ++++++++++++++++--- .../scripts/step02-create-cluster.sh | 22 +--------- .../step08-apply-helm-chart-fargate.sh | 12 ++++++ 16 files changed, 270 insertions(+), 110 deletions(-) create mode 100755 website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh create mode 100755 website/content/en/preview/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh create mode 100755 website/content/en/v0.34/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh create mode 100755 website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh diff --git a/website/content/en/docs/getting-started/getting-started-with-karpenter/_index.md b/website/content/en/docs/getting-started/getting-started-with-karpenter/_index.md index fa34d319bd24..6cb0c1692cee 100644 --- a/website/content/en/docs/getting-started/getting-started-with-karpenter/_index.md +++ b/website/content/en/docs/getting-started/getting-started-with-karpenter/_index.md @@ -77,7 +77,15 @@ The following cluster configuration will: * Create a role to allow spot instances. * Run Helm to install Karpenter -{{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster.sh" language="bash"%}} +{{< tabpane text=true right=false >}} + {{% tab header="**Create cluster command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step06-add-spot-role.sh" language="bash"%}} @@ -88,7 +96,15 @@ See [Enabling Windows support](https://docs.aws.amazon.com/eks/latest/userguide/ ### 4. Install Karpenter -{{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} +{{< tabpane text=true right=false >}} + {{% tab header="**Karpenter installation command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% alert title="DNS Policy Notice" color="warning" %}} Karpenter uses the `ClusterFirst` pod DNS policy by default. This is the Kubernetes cluster default and this ensures that Karpetner can reach-out to internal Kubernetes services during its lifetime. There may be cases where you do not have the DNS service that you are using on your cluster up-and-running before Karpenter starts up. The most common case of this is you want Karpenter to manage the node capacity where your DNS service pods are running. diff --git a/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh b/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh index e957e364acd7..1575c382470c 100755 --- a/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh +++ b/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh @@ -1,4 +1,11 @@ -eksctl create cluster -f - << EOF +curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > $TEMPOUT \ +&& aws cloudformation deploy \ + --stack-name "Karpenter-${CLUSTER_NAME}" \ + --template-file "${TEMPOUT}" \ + --capabilities CAPABILITY_NAMED_IAM \ + --parameter-overrides "ClusterName=${CLUSTER_NAME}" + +eksctl create cluster -f - < "${TEMPOUT}" \ +curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > $TEMPOUT \ && aws cloudformation deploy \ --stack-name "Karpenter-${CLUSTER_NAME}" \ --template-file "${TEMPOUT}" \ @@ -25,20 +25,6 @@ iam: permissionPolicyARNs: - arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:policy/KarpenterControllerPolicy-${CLUSTER_NAME} -## Optionally run on fargate or on k8s 1.23 -# Pod Identity is not available on fargate -# https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html -# iam: -# withOIDC: true -# serviceAccounts: -# - metadata: -# name: karpenter -# namespace: "${KARPENTER_NAMESPACE}" -# roleName: ${CLUSTER_NAME}-karpenter -# attachPolicyARNs: -# - arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:policy/KarpenterControllerPolicy-${CLUSTER_NAME} -# roleOnly: true - iamIdentityMappings: - arn: "arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:role/KarpenterNodeRole-${CLUSTER_NAME}" username: system:node:{{EC2PrivateDNSName}} @@ -59,12 +45,6 @@ managedNodeGroups: addons: - name: eks-pod-identity-agent - -## Optionally run on fargate -# fargateProfiles: -# - name: karpenter -# selectors: -# - namespace: "${KARPENTER_NAMESPACE}" EOF export CLUSTER_ENDPOINT="$(aws eks describe-cluster --name "${CLUSTER_NAME}" --query "cluster.endpoint" --output text)" diff --git a/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh b/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh new file mode 100755 index 000000000000..3b86880e9add --- /dev/null +++ b/website/content/en/docs/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh @@ -0,0 +1,12 @@ +# Logout of helm registry to perform an unauthenticated pull against the public ECR +helm registry logout public.ecr.aws + +helm upgrade --install karpenter oci://public.ecr.aws/karpenter/karpenter --version "${KARPENTER_VERSION}" --namespace "${KARPENTER_NAMESPACE}" --create-namespace \ + --set "settings.clusterName=${CLUSTER_NAME}" \ + --set "settings.interruptionQueue=${CLUSTER_NAME}" \ + --set controller.resources.requests.cpu=1 \ + --set controller.resources.requests.memory=1Gi \ + --set controller.resources.limits.cpu=1 \ + --set controller.resources.limits.memory=1Gi \ + --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:role/${CLUSTER_NAME}-karpenter" \ + --wait diff --git a/website/content/en/preview/getting-started/getting-started-with-karpenter/_index.md b/website/content/en/preview/getting-started/getting-started-with-karpenter/_index.md index bf8689367cde..7688f0a8155e 100644 --- a/website/content/en/preview/getting-started/getting-started-with-karpenter/_index.md +++ b/website/content/en/preview/getting-started/getting-started-with-karpenter/_index.md @@ -77,7 +77,15 @@ The following cluster configuration will: * Create a role to allow spot instances. * Run Helm to install Karpenter -{{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster.sh" language="bash"%}} +{{< tabpane text=true right=false >}} + {{% tab header="**Create cluster command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step06-add-spot-role.sh" language="bash"%}} @@ -88,7 +96,15 @@ See [Enabling Windows support](https://docs.aws.amazon.com/eks/latest/userguide/ ### 4. Install Karpenter -{{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} +{{< tabpane text=true right=false >}} + {{% tab header="**Karpenter installation command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} As the OCI Helm chart is signed by [Cosign](https://github.com/sigstore/cosign) as part of the release process you can verify the chart before installing it by running the following command. diff --git a/website/content/en/preview/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh b/website/content/en/preview/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh index e957e364acd7..1575c382470c 100755 --- a/website/content/en/preview/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh +++ b/website/content/en/preview/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh @@ -1,4 +1,11 @@ -eksctl create cluster -f - << EOF +curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > $TEMPOUT \ +&& aws cloudformation deploy \ + --stack-name "Karpenter-${CLUSTER_NAME}" \ + --template-file "${TEMPOUT}" \ + --capabilities CAPABILITY_NAMED_IAM \ + --parameter-overrides "ClusterName=${CLUSTER_NAME}" + +eksctl create cluster -f - <}} + {{% tab header="**Create cluster command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step06-add-spot-role.sh" language="bash"%}} @@ -88,7 +96,15 @@ See [Enabling Windows support](https://docs.aws.amazon.com/eks/latest/userguide/ ### 4. Install Karpenter -{{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} +{{< tabpane text=true right=false >}} + {{% tab header="**Karpenter installation command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% alert title="DNS Policy Notice" color="warning" %}} Karpenter uses the `ClusterFirst` pod DNS policy by default. This is the Kubernetes cluster default and this ensures that Karpetner can reach-out to internal Kubernetes services during its lifetime. There may be cases where you do not have the DNS service that you are using on your cluster up-and-running before Karpenter starts up. The most common case of this is you want Karpenter to manage the node capacity where your DNS service pods are running. diff --git a/website/content/en/v0.34/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh b/website/content/en/v0.34/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh index e957e364acd7..d2ae401fd8be 100755 --- a/website/content/en/v0.34/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh +++ b/website/content/en/v0.34/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh @@ -1,4 +1,11 @@ -eksctl create cluster -f - << EOF +curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > $TEMPOUT \ +&& aws cloudformation deploy \ + --stack-name "Karpenter-${CLUSTER_NAME}" \ + --template-file "${TEMPOUT}" \ + --capabilities CAPABILITY_NAMED_IAM \ + --parameter-overrides "ClusterName=${CLUSTER_NAME}" + +eksctl create cluster -f - <}} + {{% tab header="**Create cluster command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step06-add-spot-role.sh" language="bash"%}} @@ -88,7 +96,15 @@ See [Enabling Windows support](https://docs.aws.amazon.com/eks/latest/userguide/ ### 4. Install Karpenter -{{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} +{{< tabpane text=true right=false >}} + {{% tab header="**Karpenter installation command**:" disabled=true /%}} + {{% tab header="Managed NodeGroups" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart.sh" language="bash"%}} + {{% /tab %}} + {{% tab header="Fargate" %}} + {{% script file="./content/en/{VERSION}/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh" language="bash"%}} + {{% /tab %}} +{{< /tabpane >}} {{% alert title="DNS Policy Notice" color="warning" %}} Karpenter uses the `ClusterFirst` pod DNS policy by default. This is the Kubernetes cluster default and this ensures that Karpetner can reach-out to internal Kubernetes services during its lifetime. There may be cases where you do not have the DNS service that you are using on your cluster up-and-running before Karpenter starts up. The most common case of this is you want Karpenter to manage the node capacity where your DNS service pods are running. diff --git a/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh b/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh index e957e364acd7..1575c382470c 100755 --- a/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh +++ b/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step02-create-cluster-fargate.sh @@ -1,4 +1,11 @@ -eksctl create cluster -f - << EOF +curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > $TEMPOUT \ +&& aws cloudformation deploy \ + --stack-name "Karpenter-${CLUSTER_NAME}" \ + --template-file "${TEMPOUT}" \ + --capabilities CAPABILITY_NAMED_IAM \ + --parameter-overrides "ClusterName=${CLUSTER_NAME}" + +eksctl create cluster -f - < "${TEMPOUT}" \ +curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > $TEMPOUT \ && aws cloudformation deploy \ --stack-name "Karpenter-${CLUSTER_NAME}" \ --template-file "${TEMPOUT}" \ @@ -25,20 +25,6 @@ iam: permissionPolicyARNs: - arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:policy/KarpenterControllerPolicy-${CLUSTER_NAME} -## Optionally run on fargate or on k8s 1.23 -# Pod Identity is not available on fargate -# https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html -# iam: -# withOIDC: true -# serviceAccounts: -# - metadata: -# name: karpenter -# namespace: "${KARPENTER_NAMESPACE}" -# roleName: ${CLUSTER_NAME}-karpenter -# attachPolicyARNs: -# - arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:policy/KarpenterControllerPolicy-${CLUSTER_NAME} -# roleOnly: true - iamIdentityMappings: - arn: "arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:role/KarpenterNodeRole-${CLUSTER_NAME}" username: system:node:{{EC2PrivateDNSName}} @@ -59,12 +45,6 @@ managedNodeGroups: addons: - name: eks-pod-identity-agent - -## Optionally run on fargate -# fargateProfiles: -# - name: karpenter -# selectors: -# - namespace: "${KARPENTER_NAMESPACE}" EOF export CLUSTER_ENDPOINT="$(aws eks describe-cluster --name "${CLUSTER_NAME}" --query "cluster.endpoint" --output text)" diff --git a/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh b/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh new file mode 100755 index 000000000000..3b86880e9add --- /dev/null +++ b/website/content/en/v0.35/getting-started/getting-started-with-karpenter/scripts/step08-apply-helm-chart-fargate.sh @@ -0,0 +1,12 @@ +# Logout of helm registry to perform an unauthenticated pull against the public ECR +helm registry logout public.ecr.aws + +helm upgrade --install karpenter oci://public.ecr.aws/karpenter/karpenter --version "${KARPENTER_VERSION}" --namespace "${KARPENTER_NAMESPACE}" --create-namespace \ + --set "settings.clusterName=${CLUSTER_NAME}" \ + --set "settings.interruptionQueue=${CLUSTER_NAME}" \ + --set controller.resources.requests.cpu=1 \ + --set controller.resources.requests.memory=1Gi \ + --set controller.resources.limits.cpu=1 \ + --set controller.resources.limits.memory=1Gi \ + --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:${AWS_PARTITION}:iam::${AWS_ACCOUNT_ID}:role/${CLUSTER_NAME}-karpenter" \ + --wait