Merge branch 'main' into main

.github/actions/e2e/install-karpenter/action.yaml

@@ -63,10 +63,12 @@ runs:
         WEBHOOK_ENABLED=true
       fi
 
+      # Remove service account annotation when dropping support for 1.23
       helm upgrade --install karpenter "oci://$ECR_ACCOUNT_ID.dkr.ecr.$ECR_REGION.amazonaws.com/karpenter/snapshot/karpenter" \
         -n kube-system \
         --version "v0-$(git rev-parse HEAD)" \
         --set webhook.enabled=${WEBHOOK_ENABLED} \
+        --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::$ACCOUNT_ID:role/karpenter-irsa-$CLUSTER_NAME" \
         --set settings.clusterName="$CLUSTER_NAME" \
         --set settings.interruptionQueue="$CLUSTER_NAME" \
         --set settings.featureGates.spotToSpotConsolidation=true \

.github/actions/e2e/install-prometheus/action.yaml

@@ -44,6 +44,7 @@ runs:
         ACCOUNT_ID: ${{ inputs.account_id }}
         CLUSTER_NAME: ${{ inputs.cluster_name }}
       run: |
+        # Remove service account annotation when dropping support for 1.23
         helm upgrade --install prometheus prometheus-community/kube-prometheus-stack \
           -n prometheus \
           -f ./.github/actions/e2e/install-prometheus/values.yaml \

go.mod

@@ -29,7 +29,7 @@ require (
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	knative.dev/pkg v0.0.0-20231010144348-ca8c009405dd
 	sigs.k8s.io/controller-runtime v0.16.3
-	sigs.k8s.io/karpenter v0.33.1-0.20231229170439-99f33e0a3e0c
+	sigs.k8s.io/karpenter v0.33.1-0.20240110172322-1fc448d0415d
 )
 
 require (

hack/code/bandwidth_gen/main.go

@@ -32,11 +32,12 @@ import (
 )
 
 var uriSelectors = map[string]string{
-	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/general-purpose-instances.html":       "#general-purpose-network-performance",
-	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/compute-optimized-instances.html":     "#compute-network-performance",
-	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/memory-optimized-instances.html":      "#memory-network-perf",
-	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/storage-optimized-instances.html":     "#storage-network-performance",
-	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/accelerated-computing-instances.html": "#gpu-network-performance",
+	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/general-purpose-instances.html":            "#general-purpose-network-performance",
+	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/compute-optimized-instances.html":          "#compute-network-performance",
+	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/memory-optimized-instances.html":           "#memory-network-perf",
+	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/storage-optimized-instances.html":          "#storage-network-performance",
+	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/accelerated-computing-instances.html":      "#gpu-network-performance",
+	"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/high-performance-computing-instances.html": "#hpc-network-performance",
 }
 
 const fileFormat = `
@@ -92,11 +93,15 @@ func main() {
 				}
 			}
 
-			// collect any remaining instancetypes
-			for _, row := range doc.Find(selector).NextAllFiltered(".table-container").Eq(1).Find("tbody").Find("tr").Nodes {
-				instanceTypeData := row.FirstChild.NextSibling.FirstChild.FirstChild.Data
-				bandwidthData := row.FirstChild.NextSibling.NextSibling.NextSibling.FirstChild.Data
-				bandwidth[instanceTypeData] = int64(lo.Must(strconv.ParseFloat(bandwidthData, 64)) * 1000)
+			// Collect instance types bandwidth data from the baseline/bandwidth table underneath the standard table
+			// The HPC network performance doc is laid out differently than the other docs. There is no table underneath
+			// the standard table that contains information for network performance with baseline and burst bandwidth.
+			if selector != "#hpc-network-performance" {
+				for _, row := range doc.Find(selector).NextAllFiltered(".table-container").Eq(1).Find("tbody").Find("tr").Nodes {
+					instanceTypeData := row.FirstChild.NextSibling.FirstChild.FirstChild.Data
+					bandwidthData := row.FirstChild.NextSibling.NextSibling.NextSibling.FirstChild.Data
+					bandwidth[instanceTypeData] = int64(lo.Must(strconv.ParseFloat(bandwidthData, 64)) * 1000)
+				}
 			}
 		}()
 	}

test/suites/drift/suite_test.go

@@ -765,9 +765,9 @@ var _ = Describe("Drift", Label("AWS"), func() {
 			startingNodeClaimState := env.EventuallyExpectCreatedNodeClaimCount("==", int(numPods))
 			env.EventuallyExpectCreatedNodeCount("==", int(numPods))
 
-			// Drift the nodeClaim with bad configuration
+			// Drift the nodeClaim with bad configuration that will not register a NodeClaim
 			parameter, err := env.SSMAPI.GetParameter(&ssm.GetParameterInput{
-				Name: awssdk.String("/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs"),
+				Name: awssdk.String("/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs"),
 			})
 			Expect(err).ToNot(HaveOccurred())
 			nodeClass.Spec.AMISelectorTerms = []v1beta1.AMISelectorTerm{{ID: *parameter.Parameter.Value}}

test/suites/expiration/suite_test.go

@@ -518,7 +518,7 @@ var _ = Describe("Expiration", func() {
 
 			// Set a configuration that will not register a NodeClaim
 			parameter, err := env.SSMAPI.GetParameter(&ssm.GetParameterInput{
-				Name: lo.ToPtr("/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs"),
+				Name: lo.ToPtr("/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs"),
 			})
 			Expect(err).ToNot(HaveOccurred())
 			nodeClass.Spec.AMISelectorTerms = []v1beta1.AMISelectorTerm{

website/content/en/v0.32/faq.md

@@ -14,7 +14,7 @@ See [Configuring NodePools]({{< ref "./concepts/#configuring-nodepools" >}}) for
 AWS is the first cloud provider supported by Karpenter, although it is designed to be used with other cloud providers as well.
 
 ### Can I write my own cloud provider for Karpenter?
-Yes, but there is no documentation yet for it. Start with Karpenter's GitHub [cloudprovider](https://github.com/aws/karpenter-core/tree/v0.32.4/pkg/cloudprovider) documentation to see how the AWS provider is built, but there are other sections of the code that will require changes too.
+Yes, but there is no documentation yet for it. Start with Karpenter's GitHub [cloudprovider](https://github.com/aws/karpenter-core/tree/v0.32.5/pkg/cloudprovider) documentation to see how the AWS provider is built, but there are other sections of the code that will require changes too.
 
 ### What operating system nodes does Karpenter deploy?
 When using v1beta1 APIs, Karpenter uses the OS defined by the [AMI Family in your EC2NodeClass]({{< ref "./concepts/nodeclasses#specamifamily" >}}).
@@ -27,7 +27,7 @@ Karpenter has multiple mechanisms for configuring the [operating system]({{< ref
 Karpenter is flexible to multi-architecture configurations using [well known labels]({{< ref "./concepts/scheduling/#supported-labels">}}).
 
 ### What RBAC access is required?
-All the required RBAC rules can be found in the helm chart template. See [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/clusterrole-core.yaml), [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/clusterrole.yaml), [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/rolebinding.yaml), and [role.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/role.yaml) files for details.
+All the required RBAC rules can be found in the helm chart template. See [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/clusterrole-core.yaml), [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/clusterrole.yaml), [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/rolebinding.yaml), and [role.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/role.yaml) files for details.
 
 ### Can I run Karpenter outside of a Kubernetes cluster?
 Yes, as long as the controller has network and IAM/RBAC access to the Kubernetes API and your provider API.

website/content/en/v0.32/getting-started/getting-started-with-karpenter/_index.md

@@ -45,7 +45,7 @@ After setting up the tools, set the Karpenter and Kubernetes version:
 
 ```bash
 export KARPENTER_NAMESPACE=karpenter
-export KARPENTER_VERSION=v0.32.4
+export KARPENTER_VERSION=v0.32.5
 export K8S_VERSION={{< param "latest_k8s_version" >}}
 ```
 

website/content/en/v0.32/getting-started/migrating-from-cas/_index.md

@@ -92,7 +92,7 @@ One for your Karpenter node role and one for your existing node group.
 First set the Karpenter release you want to deploy.
 
 ```bash
-export KARPENTER_VERSION=v0.32.4
+export KARPENTER_VERSION=v0.32.5
 ```
 
 We can now generate a full Karpenter deployment yaml from the helm chart.
@@ -133,7 +133,7 @@ Now that our deployment is ready we can create the karpenter namespace, create t
 
 ## Create default NodePool
 
-We need to create a default NodePool so Karpenter knows what types of nodes we want for unscheduled workloads. You can refer to some of the [example NodePool](https://github.com/aws/karpenter/tree/v0.32.4/examples/v1beta1) for specific needs.
+We need to create a default NodePool so Karpenter knows what types of nodes we want for unscheduled workloads. You can refer to some of the [example NodePool](https://github.com/aws/karpenter/tree/v0.32.5/examples/v1beta1) for specific needs.
 
 {{% script file="./content/en/{VERSION}/getting-started/migrating-from-cas/scripts/step10-create-nodepool.sh" language="bash" %}}
 

website/content/en/v0.32/reference/cloudformation.md

@@ -17,7 +17,7 @@ These descriptions should allow you to understand:
 To download a particular version of `cloudformation.yaml`, set the version and use `curl` to pull the file to your local system:
 
 ```bash
-export KARPENTER_VERSION=v0.32.4
+export KARPENTER_VERSION=v0.32.5
 curl https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > cloudformation.yaml
 ```
 

website/content/en/v0.32/reference/threat-model.md

@@ -31,11 +31,11 @@ A Cluster Developer has the ability to create pods via `Deployments`, `ReplicaSe
 
 Karpenter has permissions to create and manage cloud instances. Karpenter has Kubernetes API permissions to create, update, and remove nodes, as well as evict pods. For a full list of the permissions, see the RBAC rules in the helm chart template. Karpenter also has AWS IAM permissions to create instances with IAM roles.
 
-* [aggregate-clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/aggregate-clusterrole.yaml)
-* [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/clusterrole-core.yaml)
-* [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/clusterrole.yaml)
-* [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/rolebinding.yaml)
-* [role.yaml](https://github.com/aws/karpenter/blob/v0.32.4/charts/karpenter/templates/role.yaml)
+* [aggregate-clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/aggregate-clusterrole.yaml)
+* [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/clusterrole-core.yaml)
+* [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/clusterrole.yaml)
+* [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/rolebinding.yaml)
+* [role.yaml](https://github.com/aws/karpenter/blob/v0.32.5/charts/karpenter/templates/role.yaml)
 
 ## Assumptions
 

website/content/en/v0.32/upgrading/upgrade-guide.md

@@ -28,12 +28,12 @@ If you get the error `invalid ownership metadata; label validation error:` while
 In general, you can reapply the CRDs in the `crds` directory of the Karpenter helm chart:
 
 ```shell
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_provisioners.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_machines.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodepools.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_provisioners.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_machines.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_nodepools.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
 ```
 
 ### Upgrading to v0.32.0+

website/content/en/v0.32/upgrading/v1beta1-migration.md

@@ -47,7 +47,7 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
     ```bash
     export KARPENTER_NAMESPACE=karpenter
-    export KARPENTER_VERSION=v0.32.4
+    export KARPENTER_VERSION=v0.32.5
     export AWS_PARTITION="aws" # if you are not using standard partitions, you may need to configure to aws-cn / aws-us-gov
     export CLUSTER_NAME="${USER}-karpenter-demo"
     export AWS_REGION="us-west-2"
@@ -60,7 +60,7 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
     ```bash
     TEMPOUT=$(mktemp)
-    curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
+    curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
 
     AWS_REGION=${AWS_REGION:=$AWS_DEFAULT_REGION} # use the default region if AWS_REGION isn't defined
     POLICY_DOCUMENT=$(envsubst < ${TEMPOUT})
@@ -71,15 +71,15 @@ This procedure assumes you are running the Karpenter controller on cluster and w
     aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${POLICY_ARN}"
     ```
 
-5. Apply the v0.32.4 Custom Resource Definitions (CRDs):
+5. Apply the v0.32.5 Custom Resource Definitions (CRDs):
 
    ```bash
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_provisioners.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_machines.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodepools.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_provisioners.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_machines.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_nodepools.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
     ```
 
 6. Upgrade Karpenter to the new version:
@@ -756,7 +756,7 @@ Karpenter v1beta1 introduces changes to some common labels, annotations, and sta
 
 v1beta1 introduces changes to the IAM permissions assigned to the Karpenter controller policy used when deploying Karpenter to your cluster with [IRSA](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html) or [EKS Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html).
 
-You can see a full example of the v1beta1 required controller permissions by viewing the [v1beta1 Controller Policy](https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/website/content/en/preview/upgrading/v1beta1-controller-policy.json).
+You can see a full example of the v1beta1 required controller permissions by viewing the [v1beta1 Controller Policy](https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.5/website/content/en/preview/upgrading/v1beta1-controller-policy.json).
 
 Additionally, read more detail about the full set of permissions assigned to the Karpenter controller policy in the [CloudFormation Reference Guide]({{< ref "../reference/cloudformation" >}}).