From af57df44f0d7db668ee5a6435daa96bf278471a8 Mon Sep 17 00:00:00 2001 From: Jonathan Innis Date: Fri, 20 Oct 2023 08:54:19 -0700 Subject: [PATCH] docs: Fix region being undefined while applying beta policy (#4865) --- designs/integration-testing.md | 2 +- .../en/preview/upgrading/upgrade-guide.md | 13 ++--- .../upgrading/v1beta1-controller-policy.json | 54 +++++++++---------- 3 files changed, 35 insertions(+), 34 deletions(-) diff --git a/designs/integration-testing.md b/designs/integration-testing.md index e151aae94fea..4621ec98f1e2 100644 --- a/designs/integration-testing.md +++ b/designs/integration-testing.md @@ -39,4 +39,4 @@ __(To be implemented)__ Contributing to the list of test suites in the testing f __(To be implemented)__ Periodic testing will be an important part of Karpenter’s testing history. Results and history will be visualized as a testgrid (https://testgrid.k8s.io/) where users can look at metrics and logs for each set of test runs. -__(To be implemented)__ Upgrade instructions between releases as detailed in the Upgrade Guide (https://karpenter.sh/preview/upgrade-guide/#how-do-we-break-incompatibility) will be tested as well. Additional tests will be included in the PR to create the release. As a result, releases will go through the same process as normal commits, and will ensure that upgrade instructions that introduce breaking changes are tested. +__(To be implemented)__ Upgrade instructions between releases as detailed in the Upgrade Guide (https://karpenter.sh/preview/upgrading/upgrade-guide/#how-do-we-break-incompatibility) will be tested as well. Additional tests will be included in the PR to create the release. As a result, releases will go through the same process as normal commits, and will ensure that upgrade instructions that introduce breaking changes are tested. diff --git a/website/content/en/preview/upgrading/upgrade-guide.md b/website/content/en/preview/upgrading/upgrade-guide.md index dcb24ee1f0e2..d6a39d2ae1d2 100644 --- a/website/content/en/preview/upgrading/upgrade-guide.md +++ b/website/content/en/preview/upgrading/upgrade-guide.md @@ -63,22 +63,22 @@ This procedure assumes you are running the Karpenter controller on cluster and w To upgrade your provisioner and AWSNodeTemplate YAML files to be compatible with v1beta1, you can either update them manually or use the [karpenter-convert](https://github.com/aws/karpenter/tree/main/tools/karpenter-convert) CLI tool. To install that tool: -``` +```bash go install github.com/aws/karpenter/tools/karpenter-convert/cmd/karpenter-convert@latest ``` Add `~/go/bin` to your $PATH, if you have not already done so. 1. Determine the current cluster version: Run the following to make sure that your Karpenter version is v0.31.x: - ``` + ```bash kubectl get pod -A | grep karpenter kubectl describe pod -n karpenter karpenter-xxxxxxxxxx-xxxxx | grep Image: | grep v0..... ``` Sample output: - ``` + ```bash Image: public.ecr.aws/karpenter/controller:v0.31.0@sha256:d29767fa9c5c0511a3812397c932f5735234f03a7a875575422b712d15e54a77 ``` - {{% alert title="Note" color="primary" %}} + {{% alert title="Warning" color="primary" %}} v0.31.2 introduces minor changes to Karpenter so that rollback from v0.32.0 is supported. If you are coming from some other patch version of minor version v0.31.x, note that v0.31.2 is the _only_ patch version that supports rollback. {{% /alert %}} @@ -100,8 +100,9 @@ Add `~/go/bin` to your $PATH, if you have not already done so. ```bash TEMPOUT=$(mktemp) - curl -fsSL https://raw.githubusercontent.com/aws/karpenter{{< githubRelRef >}}website/content/en/preview/upgrade/v1beta1-controller-policy.json > ${TEMPOUT} + curl -fsSL https://raw.githubusercontent.com/aws/karpenter{{< githubRelRef >}}website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT} + REGION=${AWS_REGION:=$AWS_DEFAULT_REGION} POLICY_DOCUMENT=$(envsubst < ${TEMPOUT}) POLICY_NAME="KarpenterControllerPolicy-${CLUSTER_NAME}-v1beta1" ROLE_NAME="${CLUSTER_NAME}-karpenter" @@ -113,7 +114,7 @@ Add `~/go/bin` to your $PATH, if you have not already done so. 5. Apply the v0.32.0 Custom Resource Definitions (CRDs) in the crds directory of the Karpenter helm chart. Here are the ways you can do this: * As an independent helm chart [karpenter-crd](https://gallery.ecr.aws/karpenter/karpenter-crd) - [source](https://github.com/aws/karpenter/blob/main/charts/karpenter-crd) that can be used by Helm to manage the lifecycle of these CRDs. To upgrade or install `karpenter-crd` run: - ``` + ```bash helm upgrade --install karpenter-crd oci://public.ecr.aws/karpenter/karpenter-crd --version vx.y.z --namespace karpenter --create-namespace ``` diff --git a/website/content/en/preview/upgrading/v1beta1-controller-policy.json b/website/content/en/preview/upgrading/v1beta1-controller-policy.json index e6923be897d2..efe818b0708e 100644 --- a/website/content/en/preview/upgrading/v1beta1-controller-policy.json +++ b/website/content/en/preview/upgrading/v1beta1-controller-policy.json @@ -5,12 +5,12 @@ "Sid": "AllowScopedEC2InstanceActions", "Effect": "Allow", "Resource": [ - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}::image/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}::snapshot/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:spot-instances-request/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:security-group/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:subnet/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*" + "arn:${AWS_PARTITION}:ec2:${REGION}::image/*", + "arn:${AWS_PARTITION}:ec2:${REGION}::snapshot/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:spot-instances-request/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:security-group/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:subnet/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*" ], "Action": [ "ec2:RunInstances", @@ -21,11 +21,11 @@ "Sid": "AllowScopedEC2InstanceActionsWithTags", "Effect": "Allow", "Resource": [ - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:fleet/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:volume/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:network-interface/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*" + "arn:${AWS_PARTITION}:ec2:${REGION}:*:fleet/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:volume/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:network-interface/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*" ], "Action": [ "ec2:RunInstances", @@ -45,11 +45,11 @@ "Sid": "AllowScopedResourceCreationTagging", "Effect": "Allow", "Resource": [ - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:fleet/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:volume/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:network-interface/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*" + "arn:${AWS_PARTITION}:ec2:${REGION}:*:fleet/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:volume/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:network-interface/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*" ], "Action": "ec2:CreateTags", "Condition": { @@ -69,7 +69,7 @@ { "Sid": "AllowScopedResourceTagging", "Effect": "Allow", - "Resource": "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*", + "Resource": "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*", "Action": "ec2:CreateTags", "Condition": { "StringEquals": { @@ -90,8 +90,8 @@ "Sid": "AllowScopedDeletion", "Effect": "Allow", "Resource": [ - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*", - "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*" + "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*", + "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*" ], "Action": [ "ec2:TerminateInstances", @@ -123,14 +123,14 @@ ], "Condition": { "StringEquals": { - "aws:RequestedRegion": "${AWS_REGION}" + "aws:RequestedRegion": "${REGION}" } } }, { "Sid": "AllowSSMReadActions", "Effect": "Allow", - "Resource": "arn:${AWS_PARTITION}:ssm:${AWS_REGION}::parameter/aws/service/*", + "Resource": "arn:${AWS_PARTITION}:ssm:${REGION}::parameter/aws/service/*", "Action": "ssm:GetParameter" }, { @@ -142,7 +142,7 @@ { "Sid": "AllowInterruptionQueueActions", "Effect": "Allow", - "Resource": "arn:aws:sqs:${AWS_REGION}:${AWS_ACCOUNT_ID}:${CLUSTER_NAME}", + "Resource": "arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTER_NAME}", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueAttributes", @@ -169,7 +169,7 @@ "Condition": { "StringEquals": { "aws:RequestTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned", - "aws:RequestTag/topology.kubernetes.io/region": "${AWS_REGION}" + "aws:RequestTag/topology.kubernetes.io/region": "${REGION}" } } }, @@ -181,9 +181,9 @@ "Condition": { "StringEquals": { "aws:ResourceTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned", - "aws:ResourceTag/topology.kubernetes.io/region": "${AWS_REGION}", + "aws:ResourceTag/topology.kubernetes.io/region": "${REGION}", "aws:RequestTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned", - "aws:RequestTag/topology.kubernetes.io/region": "${AWS_REGION}" + "aws:RequestTag/topology.kubernetes.io/region": "${REGION}" } } }, @@ -199,7 +199,7 @@ "Condition": { "StringEquals": { "aws:ResourceTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned", - "aws:ResourceTag/topology.kubernetes.io/region": "${AWS_REGION}" + "aws:ResourceTag/topology.kubernetes.io/region": "${REGION}" } } }, @@ -212,7 +212,7 @@ { "Sid": "AllowAPIServerEndpointDiscovery", "Effect": "Allow", - "Resource": "arn:${AWS_PARTITION}:eks:${AWS_REGION}:${AWS_ACCOUNT_ID}:cluster/${CLUSTER_NAME}", + "Resource": "arn:${AWS_PARTITION}:eks:${REGION}:${AWS_ACCOUNT_ID}:cluster/${CLUSTER_NAME}", "Action": "eks:DescribeCluster" } ]