diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 87fe878f8049..e6f06b545401 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -4,28 +4,44 @@ on: branches: - 'main' - 'release-v*' + pull_request: schedule: - cron: '0 12 * * *' jobs: - analyze: - if: github.repository == 'aws/karpenter-provider-aws' - name: Analyze + analyze-go: + name: Analyze Go runs-on: ubuntu-latest permissions: actions: read # github/codeql-action/init@v2 security-events: write # github/codeql-action/init@v2 - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps - run: make vulncheck - uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 with: - languages: ${{ matrix.language }} + languages: go - uses: github/codeql-action/autobuild@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 - uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 + # Javascript is added here for evaluating Github Action vulnerabilities + # https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/#2-enable-code-scanning-for-workflows + analyze-github-actions: + name: Analyze Github Actions + runs-on: ubuntu-latest + permissions: + actions: read # github/codeql-action/init@v2 + security-events: write # github/codeql-action/init@v2 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 + with: + languages: javascript + config: | + packs: + # Use the latest version of 'codeql-javascript' published by 'advanced-security' + # This will catch things like actions that aren't pinned to a hash + - advanced-security/codeql-javascript + paths: + - '.github/workflows' + - '.github/actions' + - uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 \ No newline at end of file diff --git a/.github/workflows/e2e-soak-trigger.yaml b/.github/workflows/e2e-soak-trigger.yaml index 88944a275d8b..4f2c9b574b4c 100644 --- a/.github/workflows/e2e-soak-trigger.yaml +++ b/.github/workflows/e2e-soak-trigger.yaml @@ -11,7 +11,7 @@ jobs: outputs: PREEXISTING_CLUSTERS: ${{ steps.list_clusters.outputs.PREEXISTING_CLUSTERS }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: configure aws credentials uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a with: diff --git a/.github/workflows/pr-snapshot.yaml b/.github/workflows/pr-snapshot.yaml index 2f0a6e919ed8..c56ea7151b24 100644 --- a/.github/workflows/pr-snapshot.yaml +++ b/.github/workflows/pr-snapshot.yaml @@ -35,11 +35,10 @@ jobs: role-to-assume: 'arn:aws:iam::${{ vars.ECR_ACCOUNT_ID }}:role/${{ vars.ECR_SNAPSHOT_ROLE_NAME }}' aws-region: ${{ vars.ECR_REGION }} - run: make snapshot + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: - GH_PR_NUMBER: ${{ env.PR_NUMBER }} ECR_ACCOUNT_ID: ${{ vars.ECR_ACCOUNT_ID }} ECR_REGION: ${{ vars.ECR_REGION }} - - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | github.rest.issues.createComment({ diff --git a/.github/workflows/publish-test-tools.yaml b/.github/workflows/publish-test-tools.yaml deleted file mode 100644 index 41429d121df7..000000000000 --- a/.github/workflows/publish-test-tools.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: PublishTestTools -on: - push: - branches: - - 'main' - - 'release-v*' - paths: - - test/Dockerfile - - test/push-docker.sh - schedule: - - cron: '0 13 * * MON' -jobs: - publish-tools: - permissions: - id-token: write # aws-actions/configure-aws-credentials@v4.0.1 - if: github.repository == 'aws/karpenter-provider-aws' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - - uses: ./.github/actions/install-deps - - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 - with: - role-to-assume: 'arn:aws:iam::${{ vars.ECR_ACCOUNT_ID }}:role/${{ vars.ECR_SNAPSHOT_ROLE_NAME }}' - aws-region: ${{ vars.ECR_REGION }} - - run: ./push-docker.sh - working-directory: ./test diff --git a/.github/workflows/resource-count.yaml b/.github/workflows/resource-count.yaml index 6720f62f2039..2baafad1c529 100644 --- a/.github/workflows/resource-count.yaml +++ b/.github/workflows/resource-count.yaml @@ -16,7 +16,7 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4.0.1 + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: role-to-assume: arn:aws:iam::${{ vars.ACCOUNT_ID }}:role/${{ vars.ROLE_NAME }} aws-region: ${{ matrix.region }} diff --git a/examples/provisioner/100-cpu-limit.yaml b/examples/provisioner/100-cpu-limit.yaml deleted file mode 100644 index dcbad6b57598..000000000000 --- a/examples/provisioner/100-cpu-limit.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# This example provisioner limits the amount of compute -# provisioned by Karpenter to 100 CPU cores - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - limits: - resources: - cpu: 100 - providerRef: - name: my-provider ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: my-provider -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name diff --git a/examples/provisioner/bottlerocket.yaml b/examples/provisioner/bottlerocket.yaml deleted file mode 100644 index ae9ba801d120..000000000000 --- a/examples/provisioner/bottlerocket.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# This example provisioner will provision instances -# running Bottlerocket OS - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - providerRef: - name: my-provider ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: my-provider -spec: - amiFamily: Bottlerocket - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - blockDeviceMappings: - - deviceName: /dev/xvda - ebs: - volumeType: gp3 - volumeSize: 4Gi - deleteOnTermination: true - - deviceName: /dev/xvdb - ebs: - volumeType: gp3 - volumeSize: 20Gi # replace with your required disk size - deleteOnTermination: true diff --git a/examples/provisioner/general-purpose.yaml b/examples/provisioner/general-purpose.yaml deleted file mode 100644 index 54de996e295f..000000000000 --- a/examples/provisioner/general-purpose.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This example provisioner will provision general purpose instances -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - requirements: - # Include general purpose instance families - - key: karpenter.k8s.aws/instance-family - operator: In - values: [c5, m5, r5] - # Exclude small instance sizes - - key: karpenter.k8s.aws/instance-size - operator: NotIn - values: [nano, micro, small, large] - providerRef: - name: default ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: default -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name diff --git a/examples/provisioner/large-instances.yaml b/examples/provisioner/large-instances.yaml deleted file mode 100644 index 0e0ba662013b..000000000000 --- a/examples/provisioner/large-instances.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This example provisioner will avoid small instance types in the cluster - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - requirements: - # exclude instances with < 4 cores and < 8GiB memory (8192 mebibytes) - - key: "karpenter.k8s.aws/instance-cpu" - operator: Gt - values: ["3"] - - key: "karpenter.k8s.aws/instance-memory" - operator: Gt - values: ["8191"] - providerRef: - name: my-provider ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: my-provider -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name diff --git a/examples/provisioner/launchtemplates/al2-custom-ami.yaml b/examples/provisioner/launchtemplates/al2-custom-ami.yaml deleted file mode 100644 index 9fb9e2cdc161..000000000000 --- a/examples/provisioner/launchtemplates/al2-custom-ami.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# This example provisioner will provision instances using a custom EKS-Optimized AMI that belongs to the -# AL2 AMIFamily. If your AMIs are built off https://github.com/awslabs/amazon-eks-ami and can be bootstrapped -# by Karpenter, this may be a good fit for you. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - limits: - resources: - cpu: 20 - providerRef: - name: al2 - consolidation: - enabled: true ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: al2 -spec: - amiFamily: AL2 - instanceProfile: myInstanceProfile - subnetSelector: - karpenter.sh/discovery: my-cluster - securityGroupSelector: - karpenter.sh/discovery: my-cluster - amiSelector: - aws-ids: ami-123,ami456 - userData: | - MIME-Version: 1.0 - Content-Type: multipart/mixed; boundary="BOUNDARY" - - --BOUNDARY - Content-Type: text/x-shellscript; charset="us-ascii" - - #!/bin/bash - echo "Running a custom user data script" - - --BOUNDARY-- diff --git a/examples/provisioner/launchtemplates/al2-custom-userdata.yaml b/examples/provisioner/launchtemplates/al2-custom-userdata.yaml deleted file mode 100644 index 8d5f42d7c2c9..000000000000 --- a/examples/provisioner/launchtemplates/al2-custom-userdata.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# This example provisioner will provision instances using the AL2 EKS-Optimized AMI. -# The UserData defined in spec.UserData needs to be in the MIME-multipart format, -# and will be prepended to a Karpenter managed section that will bootstrap the kubelet. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - limits: - resources: - cpu: 20 - providerRef: - name: al2 - consolidation: - enabled: true ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: al2 -spec: - amiFamily: AL2 - instanceProfile: myInstanceProfile - subnetSelector: - karpenter.sh/discovery: my-cluster - securityGroupSelector: - karpenter.sh/discovery: my-cluster - userData: | - MIME-Version: 1.0 - Content-Type: multipart/mixed; boundary="BOUNDARY" - - --BOUNDARY - Content-Type: text/x-shellscript; charset="us-ascii" - - #!/bin/bash - echo "Running a custom user data script" - - --BOUNDARY-- diff --git a/examples/provisioner/launchtemplates/al2-kubelet-log-query.yaml b/examples/provisioner/launchtemplates/al2-kubelet-log-query.yaml deleted file mode 100644 index 3383000caaf2..000000000000 --- a/examples/provisioner/launchtemplates/al2-kubelet-log-query.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# This example provisioner will provision instances using the AL2 EKS-Optimized AMI -# and will be prepended to a Karpenter managed section that will bootstrap the kubelet. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - providerRef: - name: al2 ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: al2 -spec: - amiFamily: AL2 - subnetSelector: - karpenter.sh/discovery: my-cluster - securityGroupSelector: - karpenter.sh/discovery: my-cluster - userData: | - MIME-Version: 1.0 - Content-Type: multipart/mixed; boundary="BOUNDARY" - - --BOUNDARY - Content-Type: text/x-shellscript; charset="us-ascii" - - #!/bin/bash - - set -e - - # Add additional KUBELET_EXTRA_ARGS to the service - # Requires Kubernetes 1.27 (alpha feature) - cat << EOF > /etc/systemd/system/kubelet.service.d/90-kubelet-extra-args.conf - [Service] - Environment="KUBELET_EXTRA_ARGS=--feature-gates=NodeLogQuery=true $KUBELET_EXTRA_ARGS" - EOF - systemctl daemon-reload - - # Enable log handler and log query to the kubelet configuration - echo "$(jq '.enableSystemLogHandler=true' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json - echo "$(jq '.enableSystemLogQuery=true' /etc/kubernetes/kubelet/kubelet-config.json)" > /etc/kubernetes/kubelet/kubelet-config.json - - --BOUNDARY-- \ No newline at end of file diff --git a/examples/provisioner/launchtemplates/br-custom-userdata.yaml b/examples/provisioner/launchtemplates/br-custom-userdata.yaml deleted file mode 100644 index fa5a0863dffc..000000000000 --- a/examples/provisioner/launchtemplates/br-custom-userdata.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# This example provisioner will provision instances -# running Bottlerocket OS and the userData settings specified in ths AWSNodeTemplate -# CRD will be merged into Karpenter defaults. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - limits: - resources: - cpu: 20 - providerRef: - name: default - consolidation: - enabled: true ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: default -spec: - amiFamily: Bottlerocket - instanceProfile: myInstanceProfile - subnetSelector: - karpenter.sh/discovery: my-cluster - securityGroupSelector: - karpenter.sh/discovery: my-cluster - userData: | - [settings.kubernetes] - kube-api-qps = 30 diff --git a/examples/provisioner/launchtemplates/custom-family.yaml b/examples/provisioner/launchtemplates/custom-family.yaml deleted file mode 100644 index 0275a81fdd4b..000000000000 --- a/examples/provisioner/launchtemplates/custom-family.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# This example provisioner will provision instances using an AMI that belongs to a custom AMIFamily -# Keep in mind, that you're in charge of bootstrapping your worker nodes. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - limits: - resources: - cpu: 20 - providerRef: - name: custom-family - consolidation: - enabled: true ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: custom-family -spec: - amiFamily: Custom - instanceProfile: myInstanceProfile - subnetSelector: - karpenter.sh/discovery: my-cluster - securityGroupSelector: - karpenter.sh/discovery: my-cluster - amiSelector: - aws-ids: ami-123,ami456 - userData: | - MIME-Version: 1.0 - Content-Type: multipart/mixed; boundary="BOUNDARY" - - --BOUNDARY - Content-Type: text/x-shellscript; charset="us-ascii" - - #!/bin/bash - echo "Running my custom set-up" - - /etc/eks/bootstrap.sh my-cluster --kubelet-extra-args='--node-labels=foo=bar' - - --BOUNDARY diff --git a/examples/provisioner/launchtemplates/ubuntu-kubelet-log-query.yaml b/examples/provisioner/launchtemplates/ubuntu-kubelet-log-query.yaml deleted file mode 100644 index 36d218fd9fb3..000000000000 --- a/examples/provisioner/launchtemplates/ubuntu-kubelet-log-query.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# This example provisioner will provision instances using the Ubuntu EKS AMI -# and will be prepended to a Karpenter managed section that will bootstrap the kubelet. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - providerRef: - name: ubuntu ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: ubuntu -spec: - amiFamily: Ubuntu - subnetSelector: - karpenter.sh/discovery: my-cluster - securityGroupSelector: - karpenter.sh/discovery: my-cluster - userData: | - MIME-Version: 1.0 - Content-Type: multipart/mixed; boundary="BOUNDARY" - - --BOUNDARY - Content-Type: text/x-shellscript; charset="us-ascii" - - #!/bin/bash - # There is currently a bug with log query and kubelet running inside a snap environment - # https://github.com/kubernetes/kubernetes/issues/120618 - # This example is provided for reference on how to change Ubuntu settings in user data - - set -e - - # This requires Kubernetes 1.27 or above (alpha feature) - # This modifies the configuration of the /etc/eks/bootstrap.sh script because /etc/kubernetes/kubelet/kubelet-config.json - # doesn't exist before bootstrap.sh is run - - sed -i 's/args="$KUBELET_EXTRA_ARGS"/args="--feature-gates=NodeLogQuery=true $KUBELET_EXTRA_ARGS"/g' /etc/eks/bootstrap.sh - sed -i '/# writes kubeReserved and evictionHard/a echo "$(jq .enableSystemLogHandler=true $KUBELET_CONFIG)" > $KUBELET_CONFIG' /etc/eks/bootstrap.sh - sed -i '/# writes kubeReserved and evictionHard/a echo "$(jq .enableSystemLogQuery=true $KUBELET_CONFIG)" > $KUBELET_CONFIG' /etc/eks/bootstrap.sh - - --BOUNDARY-- \ No newline at end of file diff --git a/examples/provisioner/launchtemplates/windows-custom-userdata.yaml b/examples/provisioner/launchtemplates/windows-custom-userdata.yaml deleted file mode 100644 index c4ddf8cf9a8e..000000000000 --- a/examples/provisioner/launchtemplates/windows-custom-userdata.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This example provisioner will provision instances using the Windows 2022 EKS-Optimized AMI. -# The UserData defined in spec.UserData should be PowerShell commands -# and they will be prepended to a Karpenter managed section that will bootstrap the kubelet. -# This example also applies to the Windows 2019 EKS-Optimized AMI. - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: windows2022 -spec: - requirements: - - key: kubernetes.io/os - operator: In - values: ["windows"] - providerRef: - name: windows2022 ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: windows2022 - annotations: - kubernetes.io/description: "Nodes running Windows Server 2022" -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - amiFamily: Windows2022 - metadataOptions: - httpProtocolIPv6: disabled - httpTokens: required - userData: | - New-Item -Path 'C:\temp\' -ItemType Directory - New-Item -Path 'C:\temp\sample.txt' -ItemType File \ No newline at end of file diff --git a/examples/provisioner/multiple-ebs.yaml b/examples/provisioner/multiple-ebs.yaml deleted file mode 100644 index 6946617ee918..000000000000 --- a/examples/provisioner/multiple-ebs.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# This example provisioner will provision instances -# with multiple EBS attached - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - requirements: - # Include general purpose instance families - - key: karpenter.k8s.aws/instance-family - operator: In - values: [c6g, c7g, c6a, c6i, m6a, m6g, m6i, r6a, r6g, r6i] - # Exclude small instance sizes - - key: karpenter.k8s.aws/instance-size - operator: In - values: [medium, large, xlarge, xlarge, 2xlarge, 4xlarge] - providerRef: - name: my-provider ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: my-provider -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - amiFamily: AL2 - blockDeviceMappings: - - deviceName: /dev/xvda - ebs: - volumeType: gp3 - volumeSize: 20Gi - deleteOnTermination: true - - deviceName: /dev/xvdb - ebs: - volumeType: gp3 - volumeSize: 100Gi - deleteOnTermination: true - - deviceName: /dev/xvdc - ebs: - volumeType: gp3 - volumeSize: 2000Gi - deleteOnTermination: true diff --git a/examples/provisioner/node-ttls.yaml b/examples/provisioner/node-ttls.yaml deleted file mode 100644 index 34854d97660d..000000000000 --- a/examples/provisioner/node-ttls.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# This example provisioner will provision instances -# that are replaced every 7 days and drain after 1 minute -# with no workloads - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - ttlSecondsUntilExpired: 604800 # expire nodes after 7 days (in seconds) = 7 * 60 * 60 * 24 - ttlSecondsAfterEmpty: 60 # scale down nodes after 60 seconds without workloads (excluding daemons) - providerRef: - name: my-provider ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: my-provider -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name diff --git a/examples/provisioner/spot.yaml b/examples/provisioner/spot.yaml deleted file mode 100644 index 510cf779e3c8..000000000000 --- a/examples/provisioner/spot.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# This example will use spot instance type for all -# provisioned instances - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: default -spec: - requirements: - - key: karpenter.sh/capacity-type - operator: In - values: ["spot"] - providerRef: - name: my-provider ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: my-provider -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name diff --git a/examples/provisioner/windows2019.yaml b/examples/provisioner/windows2019.yaml deleted file mode 100644 index 8031364dd283..000000000000 --- a/examples/provisioner/windows2019.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# This example provisioner will provision instances running Windows Server 2019 - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: windows2019 -spec: - requirements: - - key: kubernetes.io/os - operator: In - values: ["windows"] - providerRef: - name: windows2019 ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: windows2019 - annotations: - kubernetes.io/description: "Nodes running Windows Server 2019" -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - amiFamily: Windows2019 - metadataOptions: - httpProtocolIPv6: disabled - httpTokens: required \ No newline at end of file diff --git a/examples/provisioner/windows2022.yaml b/examples/provisioner/windows2022.yaml deleted file mode 100644 index bef9df2894cb..000000000000 --- a/examples/provisioner/windows2022.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# This example provisioner will provision instances running Windows Server 2022 - -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: windows2022 -spec: - requirements: - - key: kubernetes.io/os - operator: In - values: ["windows"] - providerRef: - name: windows2022 ---- -apiVersion: karpenter.k8s.aws/v1alpha1 -kind: AWSNodeTemplate -metadata: - name: windows2022 - annotations: - kubernetes.io/description: "Nodes running Windows Server 2022" -spec: - subnetSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - securityGroupSelector: - karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name - amiFamily: Windows2022 - metadataOptions: - httpProtocolIPv6: disabled - httpTokens: required \ No newline at end of file diff --git a/test/Dockerfile b/test/Dockerfile deleted file mode 100644 index d0cac8926683..000000000000 --- a/test/Dockerfile +++ /dev/null @@ -1,62 +0,0 @@ -# Tools is an image that contains binaries useful for testing karpenter. -# Please forgive me for this -- build AWS SDK v2 from source, see https://github.com/aws/aws-cli/issues/4685#issuecomment-1094307056 -FROM python:3.9-alpine as installer - -RUN set -ex; \ - apk add --no-cache \ - git unzip groff \ - build-base libffi-dev cmake - -ENV AWS_CLI_VERSION=2.7.1 -RUN set -eux; \ - mkdir /aws; \ - git clone --single-branch --depth 1 -b ${AWS_CLI_VERSION} https://github.com/aws/aws-cli.git /aws; \ - cd /aws; \ - sed -i'' 's/PyInstaller.*/PyInstaller==4.10/g' requirements-build.txt; \ - python -m venv venv; \ - . venv/bin/activate; \ - ./scripts/installers/make-exe - -RUN set -ex; \ - unzip /aws/dist/awscli-exe.zip; \ - ./aws/install --bin-dir /aws-cli-bin; \ - /aws-cli-bin/aws --version - -FROM golang:1.21-alpine - -# Install APK packages -RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" >>/etc/apk/repositories -RUN apk update -RUN apk add --no-cache \ - coreutils \ - curl \ - tar \ - bash \ - gcc \ - alpine-sdk \ - git \ - jq \ - make \ - gcompat \ - helm@community \ - kubectl@community - -# Install AWS CLI -COPY --from=installer /usr/local/aws-cli/ /usr/local/aws-cli/ -COPY --from=installer /aws-cli-bin/ /usr/local/bin/ -RUN aws --version - -# Install eksctl -RUN curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/v0.116.0/eksctl_$(uname -s)_$(go env GOARCH).tar.gz" | tar xz -C /tmp -RUN mv /tmp/eksctl /usr/local/bin - -# Install helm diff -RUN helm plugin install https://github.com/databus23/helm-diff - -# Show go version -RUN go version - -# Cache modules to speed up test execution -RUN git clone https://github.com/aws/karpenter.git /karpenter -WORKDIR /karpenter -RUN GOPROXY=direct go mod tidy diff --git a/test/hack/sync-cluster/launch-and-sync b/test/hack/sync-cluster/launch-and-sync deleted file mode 100755 index b15d8ad152e0..000000000000 --- a/test/hack/sync-cluster/launch-and-sync +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -set -x -SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" - -ACCOUNT_ID=$(aws sts get-caller-identity | jq -r '.Account') -DEFAULT_VPC_ID="$(aws ec2 describe-vpcs --filters "Name=is-default,Values=true" | jq -r '.Vpcs[0] .VpcId')" -SUBNET_ID="$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=${DEFAULT_VPC_ID}" | jq -r '.Subnets[0] .SubnetId')" - -ROLE_NAME="CDKSyncer" -POLICY_ARN="arn:aws:iam::${ACCOUNT_ID}:policy/CDKSyncer" -SSM_MANAGED_POLICY_ARN="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - -for instance_id in $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Name,Values=${ROLE_NAME}" | jq -r '.Reservations[] .Instances[] .InstanceId'); do - aws ec2 terminate-instances --instance-ids ${instance_id} -done - -TRUST_POLICY_FILE="/tmp/trustpolicy.json" -POLICY_FILE="/tmp/policy.json" - -cat << EOF > "${TRUST_POLICY_FILE}" -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] -} -EOF - -cat << EOF > "${POLICY_FILE}" -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "cloudformation:*" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ssm:GetParameter", - "ssm:PutParameter" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "iam:GetRole" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "sts:AssumeRole" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ec2:TerminateInstances" - ], - "Resource": [ - "*" - ] - } - ] -} -EOF - -if aws iam get-role --role-name "${ROLE_NAME}"; then - aws iam remove-role-from-instance-profile --instance-profile-name "${ROLE_NAME}" --role-name "${ROLE_NAME}" || : - aws iam delete-instance-profile --instance-profile-name "${ROLE_NAME}" || : - aws iam detach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${POLICY_ARN}" || : - aws iam detach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${SSM_MANAGED_POLICY_ARN}" || : - aws iam delete-policy --policy-arn "${POLICY_ARN}" || : - aws iam delete-role --role-name "${ROLE_NAME}" || : -fi - -aws iam create-role --role-name "${ROLE_NAME}" --assume-role-policy-document "file://${TRUST_POLICY_FILE}" -aws iam create-policy --policy-name "${ROLE_NAME}" --policy-document "file://${POLICY_FILE}" -aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${POLICY_ARN}" -aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${SSM_MANAGED_POLICY_ARN}" -aws iam create-instance-profile --instance-profile-name "${ROLE_NAME}" -aws iam add-role-to-instance-profile --instance-profile-name "${ROLE_NAME}" --role-name "${ROLE_NAME}" - -sleep 10 -aws ec2 run-instances \ - --image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 \ - --instance-type t3.medium \ - --count 1 \ - --subnet-id "${SUBNET_ID}" \ - --user-data "file://${SCRIPTPATH}/sync-cluster" \ - --iam-instance-profile "{\"Name\": \"${ROLE_NAME}\"}" \ - --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${ROLE_NAME}}]" \ - --metadata-options "HttpTokens=required,HttpEndpoint=enabled" diff --git a/test/hack/sync-cluster/sync-cluster b/test/hack/sync-cluster/sync-cluster deleted file mode 100755 index ecef9c195158..000000000000 --- a/test/hack/sync-cluster/sync-cluster +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -set -x -exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 - -yum install -y git gcc binutils -curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash -export HOME="/" -export NVM_DIR="/.nvm" -[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" -nvm install 16 -npm install -g npm@9.4.2 -npm install -g aws-cdk - -git clone https://github.com/awslabs/kubernetes-iteration-toolkit.git -cd kubernetes-iteration-toolkit/infrastructure - -npm install - -cdk bootstrap -cdk deploy KITInfrastructure \ - --require-approval never \ - -c TestFluxRepoName="karpenter" \ - -c TestFluxRepoURL="https://github.com/aws/karpenter" \ - -c TestFluxRepoBranch="main" \ - -c TestFluxRepoPath="./test/infrastructure/clusters/test-infra" \ - -c TestNamespace="karpenter-tests" \ - -c TestServiceAccount="karpenter-tests" - -aws ec2 terminate-instances --instance-ids "$(cat /var/run/cloud-init/.instance-id)" \ - --region "$(cat /var/run/cloud-init/instance-data.json | grep -m1 region | grep -o '[a-z]\+\-[a-z]\+\-[0-9]\+')" diff --git a/test/push-docker.sh b/test/push-docker.sh deleted file mode 100755 index d7973da3ac8f..000000000000 --- a/test/push-docker.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws -docker build . --progress plain -t public.ecr.aws/karpenter/tools:latest -docker push public.ecr.aws/karpenter/tools:latest