-
Notifications
You must be signed in to change notification settings - Fork 960
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: detail how to discover alias versions (#6810)
- Loading branch information
Showing
3 changed files
with
98 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -56,7 +56,8 @@ spec: | |
| imageGCLowThresholdPercent: 80 | ||
| cpuCFSQuota: true | ||
| clusterDNS: ["10.0.1.100"] | ||
| # Required, resolves a default ami and userdata | ||
| # Optional, dictates UserData generation and default block device mappings. | ||
| # May be ommited when using an `alias` amiSelectorTerm, otherwise required. | ||
| amiFamily: AL2 | ||
|
|
||
| # Required, discovers subnets to attach to instances | ||
|
|
@@ -731,6 +732,36 @@ alias: [email protected] | |
| ``` | ||
| The Windows family does not support pinning, so only `latest` is supported. | ||
|
|
||
| The following commands can be used to determine the versions availble for an alias in your region: | ||
|
|
||
| {{< tabpane text=true right=false >}} | ||
| {{% tab "AL2023" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2023/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $10}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{% tab "AL2" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $8}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{% tab "Bottlerocket" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/bottlerocket/aws-k8s-$K8S_VERSION" --recursive | jq -cr '.Parameters[].Name' | grep -v "latest" | awk -F '/' '{print $7}' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{< /tabpane >}} | ||
|
|
||
| {{% alert title="Warning" color="warning" %}} | ||
| Karpenter supports automatic AMI selection and upgrades using the `latest` version pin, but this is **not** recommended for production environments. | ||
| When using `latest`, a new AMI release will cause Karpenter to drift all out-of-date nodes in the cluster, replacing them with nodes running the new AMI. | ||
| We strongly recommend evaluating new AMIs in a lower environment before rolling them out into a production environment. | ||
| More details on Karpenter's recommendations for managing AMIs can be found [here]({{< ref "../tasks/managing-amis" >}}). | ||
| {{% /alert %}} | ||
|
|
||
| To select an AMI by name, use the `name` field in the selector term. To select an AMI by id, use the `id` field in the selector term. To select AMIs that are not owned by `amazon` or the account that Karpenter is running in, use the `owner` field - you can use a combination of account aliases (e.g. `self` `amazon`, `your-aws-account-name`) and account IDs. | ||
|
|
||
| If owner is not set for `name`, it defaults to `self,amazon`, preventing Karpenter from inadvertently selecting an AMI that is owned by a different account. Tags don't require an owner as tags can only be discovered by the user who created them. | ||
|
|
@@ -1534,4 +1565,4 @@ NodeClasses have the following status conditions: | |
| | AMIsReady | AMIs are discovered | | ||
| | Ready | Top level condition that indicates if the nodeClass is ready. If any of the underlying conditions is `False` then this condition is set to `False` and `Message` on the condition indicates the dependency that was not resolved. | | ||
|
|
||
| If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. | ||
| If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -56,7 +56,8 @@ spec: | |
| imageGCLowThresholdPercent: 80 | ||
| cpuCFSQuota: true | ||
| clusterDNS: ["10.0.1.100"] | ||
| # Required, resolves a default ami and userdata | ||
| # Optional, dictates UserData generation and default block device mappings. | ||
| # May be ommited when using an `alias` amiSelectorTerm, otherwise required. | ||
| amiFamily: AL2 | ||
|
|
||
| # Required, discovers subnets to attach to instances | ||
|
|
@@ -731,6 +732,36 @@ alias: [email protected] | |
| ``` | ||
| The Windows family does not support pinning, so only `latest` is supported. | ||
|
|
||
| The following commands can be used to determine the versions availble for an alias in your region: | ||
|
|
||
| {{< tabpane text=true right=false >}} | ||
| {{% tab "AL2023" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2023/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $10}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{% tab "AL2" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $8}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{% tab "Bottlerocket" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/bottlerocket/aws-k8s-$K8S_VERSION" --recursive | jq -cr '.Parameters[].Name' | grep -v "latest" | awk -F '/' '{print $7}' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{< /tabpane >}} | ||
|
|
||
| {{% alert title="Warning" color="warning" %}} | ||
| Karpenter supports automatic AMI selection and upgrades using the `latest` version pin, but this is **not** recommended for production environments. | ||
| When using `latest`, a new AMI release will cause Karpenter to drift all out-of-date nodes in the cluster, replacing them with nodes running the new AMI. | ||
| We strongly recommend evaluating new AMIs in a lower environment before rolling them out into a production environment. | ||
| More details on Karpenter's recommendations for managing AMIs can be found [here]({{< ref "../tasks/managing-amis" >}}). | ||
| {{% /alert %}} | ||
|
|
||
| To select an AMI by name, use the `name` field in the selector term. To select an AMI by id, use the `id` field in the selector term. To select AMIs that are not owned by `amazon` or the account that Karpenter is running in, use the `owner` field - you can use a combination of account aliases (e.g. `self` `amazon`, `your-aws-account-name`) and account IDs. | ||
|
|
||
| If owner is not set for `name`, it defaults to `self,amazon`, preventing Karpenter from inadvertently selecting an AMI that is owned by a different account. Tags don't require an owner as tags can only be discovered by the user who created them. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -56,7 +56,8 @@ spec: | |
| imageGCLowThresholdPercent: 80 | ||
| cpuCFSQuota: true | ||
| clusterDNS: ["10.0.1.100"] | ||
| # Required, resolves a default ami and userdata | ||
| # Optional, dictates UserData generation and default block device mappings. | ||
| # May be ommited when using an `alias` amiSelectorTerm, otherwise required. | ||
| amiFamily: AL2 | ||
|
|
||
| # Required, discovers subnets to attach to instances | ||
|
|
@@ -731,6 +732,36 @@ alias: [email protected] | |
| ``` | ||
| The Windows family does not support pinning, so only `latest` is supported. | ||
|
|
||
| The following commands can be used to determine the versions availble for an alias in your region: | ||
|
|
||
| {{< tabpane text=true right=false >}} | ||
| {{% tab "AL2023" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2023/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $10}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{% tab "AL2" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $8}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{% tab "Bottlerocket" %}} | ||
| ```bash | ||
| export K8S_VERSION="{{< param "latest_k8s_version" >}}" | ||
| aws ssm get-parameters-by-path --path "/aws/service/bottlerocket/aws-k8s-$K8S_VERSION" --recursive | jq -cr '.Parameters[].Name' | grep -v "latest" | awk -F '/' '{print $7}' | sort | uniq | ||
| ``` | ||
| {{% /tab %}} | ||
| {{< /tabpane >}} | ||
|
|
||
| {{% alert title="Warning" color="warning" %}} | ||
| Karpenter supports automatic AMI selection and upgrades using the `latest` version pin, but this is **not** recommended for production environments. | ||
| When using `latest`, a new AMI release will cause Karpenter to drift all out-of-date nodes in the cluster, replacing them with nodes running the new AMI. | ||
| We strongly recommend evaluating new AMIs in a lower environment before rolling them out into a production environment. | ||
| More details on Karpenter's recommendations for managing AMIs can be found [here]({{< ref "../tasks/managing-amis" >}}). | ||
| {{% /alert %}} | ||
|
|
||
| To select an AMI by name, use the `name` field in the selector term. To select an AMI by id, use the `id` field in the selector term. To select AMIs that are not owned by `amazon` or the account that Karpenter is running in, use the `owner` field - you can use a combination of account aliases (e.g. `self` `amazon`, `your-aws-account-name`) and account IDs. | ||
|
|
||
| If owner is not set for `name`, it defaults to `self,amazon`, preventing Karpenter from inadvertently selecting an AMI that is owned by a different account. Tags don't require an owner as tags can only be discovered by the user who created them. | ||
|
|
@@ -1534,4 +1565,4 @@ NodeClasses have the following status conditions: | |
| | AMIsReady | AMIs are discovered | | ||
| | Ready | Top level condition that indicates if the nodeClass is ready. If any of the underlying conditions is `False` then this condition is set to `False` and `Message` on the condition indicates the dependency that was not resolved. | | ||
|
|
||
| If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. | ||
| If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. | ||