Merge branch 'aws:main' into main

aws · Dec 27, 2023 · ef557f5 · ef557f5
2 parents e157a58 + c192bbc
commit ef557f5
Show file tree

Hide file tree

Showing 29 changed files with 149 additions and 109 deletions.
diff --git a/website/content/en/docs/concepts/nodeclasses.md b/website/content/en/docs/concepts/nodeclasses.md
@@ -488,7 +488,7 @@ spec:
 
 ## spec.instanceProfile
 
-`InstanceProfile` is an optional field and is neccesary to tell Karpenter which identity nodes from this `EC2NodeClass` should assume. You must specify one of `role` or `instanceProfile` when creating a Karpenter `EC2NodeClasss`. If you use the `instanceProfile` field instead of `role`, Karpenter will not manage the InstanceProfile on your behalf.
+`InstanceProfile` is an optional field and is necessary to tell Karpenter which identity nodes from this `EC2NodeClass` should assume. You must specify one of `role` or `instanceProfile` when creating a Karpenter `EC2NodeClasss`. If you use the `instanceProfile` field instead of `role`, Karpenter will not manage the InstanceProfile on your behalf.
 
 {{% alert title="Note" color="primary" %}}
 

diff --git a/website/content/en/docs/faq.md b/website/content/en/docs/faq.md
@@ -14,10 +14,10 @@ See [Configuring NodePools]({{< ref "./concepts/#configuring-nodepools" >}}) for
 AWS is the first cloud provider supported by Karpenter, although it is designed to be used with other cloud providers as well.
 
 ### Can I write my own cloud provider for Karpenter?
-Yes, but there is no documentation yet for it. Start with Karpenter's GitHub [cloudprovider](https://github.com/aws/karpenter-core/tree/v0.33.0/pkg/cloudprovider) documentation to see how the AWS provider is built, but there are other sections of the code that will require changes too.
+Yes, but there is no documentation yet for it. Start with Karpenter's GitHub [cloudprovider](https://github.com/aws/karpenter-core/tree/v0.33.1/pkg/cloudprovider) documentation to see how the AWS provider is built, but there are other sections of the code that will require changes too.
 
 ### What operating system nodes does Karpenter deploy?
-Karpenter uses the OS defined by the [AMI Family in your EC2NodeClass]({{< ref "./concepts/nodeclasses#specamifamily" >}}). 
+Karpenter uses the OS defined by the [AMI Family in your EC2NodeClass]({{< ref "./concepts/nodeclasses#specamifamily" >}}).
 
 ### Can I provide my own custom operating system images?
 Karpenter has multiple mechanisms for configuring the [operating system]({{< ref "./concepts/nodeclasses/#specamiselectorterms" >}}) for your nodes.
@@ -26,7 +26,7 @@ Karpenter has multiple mechanisms for configuring the [operating system]({{< ref
 Karpenter is flexible to multi-architecture configurations using [well known labels]({{< ref "./concepts/scheduling/#supported-labels">}}).
 
 ### What RBAC access is required?
-All the required RBAC rules can be found in the helm chart template. See [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/clusterrole-core.yaml), [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/clusterrole.yaml), [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/rolebinding.yaml), and [role.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/role.yaml) files for details.
+All the required RBAC rules can be found in the helm chart template. See [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/clusterrole-core.yaml), [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/clusterrole.yaml), [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/rolebinding.yaml), and [role.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/role.yaml) files for details.
 
 ### Can I run Karpenter outside of a Kubernetes cluster?
 Yes, as long as the controller has network and IAM/RBAC access to the Kubernetes API and your provider API.

diff --git a/website/content/en/docs/getting-started/getting-started-with-karpenter/_index.md b/website/content/en/docs/getting-started/getting-started-with-karpenter/_index.md
@@ -45,7 +45,7 @@ After setting up the tools, set the Karpenter and Kubernetes version:
 
 ```bash
 export KARPENTER_NAMESPACE=kube-system
-export KARPENTER_VERSION=v0.33.0
+export KARPENTER_VERSION=v0.33.1
 export K8S_VERSION={{< param "latest_k8s_version" >}}
 ```
 

diff --git a/website/content/en/docs/getting-started/migrating-from-cas/_index.md b/website/content/en/docs/getting-started/migrating-from-cas/_index.md
@@ -92,7 +92,7 @@ One for your Karpenter node role and one for your existing node group.
 First set the Karpenter release you want to deploy.
 
 ```bash
-export KARPENTER_VERSION=v0.33.0
+export KARPENTER_VERSION=v0.33.1
 ```
 
 We can now generate a full Karpenter deployment yaml from the helm chart.
@@ -133,7 +133,7 @@ Now that our deployment is ready we can create the karpenter namespace, create t
 
 ## Create default NodePool
 
-We need to create a default NodePool so Karpenter knows what types of nodes we want for unscheduled workloads. You can refer to some of the [example NodePool](https://github.com/aws/karpenter/tree/v0.33.0/examples/v1beta1) for specific needs.
+We need to create a default NodePool so Karpenter knows what types of nodes we want for unscheduled workloads. You can refer to some of the [example NodePool](https://github.com/aws/karpenter/tree/v0.33.1/examples/v1beta1) for specific needs.
 
 {{% script file="./content/en/{VERSION}/getting-started/migrating-from-cas/scripts/step10-create-nodepool.sh" language="bash" %}}
 

diff --git a/website/content/en/docs/reference/cloudformation.md b/website/content/en/docs/reference/cloudformation.md
@@ -17,7 +17,7 @@ These descriptions should allow you to understand:
 To download a particular version of `cloudformation.yaml`, set the version and use `curl` to pull the file to your local system:
 
 ```bash
-export KARPENTER_VERSION=v0.33.0
+export KARPENTER_VERSION=v0.33.1
 curl https://raw.githubusercontent.com/aws/karpenter-provider-aws/"${KARPENTER_VERSION}"/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml > cloudformation.yaml
 ```
 
@@ -36,7 +36,7 @@ That name would then be appended to any name below where `${ClusterName}` is inc
 
 * Partition: Any time an ARN is used, it includes the [partition name](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/partitions.html) to identify where the object is found. In most cases, that partition name is `aws`. However, it could also be `aws-cn` (for China Regions) or `aws-us-gov` (for AWS GovCloud US Regions).
 
-## Node Authorization 
+## Node Authorization
 
 The following sections of the `cloudformation.yaml` file set up IAM permissions for Kubernetes nodes created by Karpenter.
 In particular, this involves setting up a node role that can be attached and passed to instance profiles that Karpenter generates at runtime:
@@ -79,7 +79,7 @@ The role created here includes several AWS managed policies, which are designed
 
 If you were to use a node role from an existing cluster, you could skip this provisioning step and pass this node role to any EC2NodeClasses that you create. Additionally, you would ensure that the [Controller Policy]({{< relref "#controllerpolicy" >}}) has `iam:PassRole` permission to the role attached to the generated instance profiles.
 
-## Controller Authorization 
+## Controller Authorization
 
 This section sets the AWS permissions for the Karpenter Controller. When used in the Getting Started guide, `eksctl` uses these permissions to create a service account (karpenter) that is combined with the KarpenterControllerPolicy.
 
@@ -136,7 +136,7 @@ For `RunInstances` and `CreateFleet` actions, the Karpenter controller can read
 
 #### AllowScopedEC2InstanceActionsWithTags
 
-The AllowScopedEC2InstanceActionsWithTags Sid allows the 
+The AllowScopedEC2InstanceActionsWithTags Sid allows the
 [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html), [CreateFleet](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html), and [CreateLaunchTemplate](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html)
 actions requested by the Karpenter controller to create all `fleet`, `instance`, `volume`, `network-interface`, or `launch-template` EC2 resources (for the partition and region), and requires that the `kubernetes.io/cluster/${ClusterName}` tag be set to `owned` and a `karpenter.sh/nodepool` tag be set to any value. This ensures that Karpenter is only allowed to create instances for a single EKS cluster.
 
@@ -404,7 +404,7 @@ Also, `karpenter.k8s.aws/ec2nodeclass` must be set to some value. This ensures t
 
 #### AllowScopedInstanceProfileActions
 
-The AllowScopedInstanceProfileActions Sid gives the Karpenter controller permission to perform [`iam:AddRoleToInstanceProfile`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html), [`iam:RemoveRoleFromInstanceProfile`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html), and [`iam:DeleteInstanceProfile`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html) actions, 
+The AllowScopedInstanceProfileActions Sid gives the Karpenter controller permission to perform [`iam:AddRoleToInstanceProfile`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html), [`iam:RemoveRoleFromInstanceProfile`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html), and [`iam:DeleteInstanceProfile`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html) actions,
 provided that the request is made to a cluster with `kubernetes.io/cluster/${ClusterName` set to owned and is made in the current region.
 Also, `karpenter.k8s.aws/ec2nodeclass` must be set to some value. This permission is further enforced by the `iam:PassRole` permission. If Karpenter attempts to add a role to an instance profile that it doesn't have `iam:PassRole` permission on, that call will fail. Therefore, if you configure Karpenter to use a new role through the `EC2NodeClass`, ensure that you also specify that role within your `iam:PassRole` permission.
 
@@ -459,7 +459,7 @@ The AllowAPIServerEndpointDiscovery Sid allows the Karpenter controller to get t
 }
 ```
 
-## Interruption Handling 
+## Interruption Handling
 
 Settings in this section allow the Karpenter controller to stand-up an interruption queue to receive notification messages from other AWS services about the health and status of instances. For example, this interruption queue allows Karpenter to be aware of spot instance interruptions that are sent 2 minutes before spot instances are reclaimed by EC2. Adding this queue allows Karpenter to be proactive in migrating workloads to new nodes.
 See the [Interruption]({{< relref "../concepts/disruption#interruption" >}}) section of the Disruption page for details.

diff --git a/website/content/en/docs/reference/threat-model.md b/website/content/en/docs/reference/threat-model.md
@@ -31,11 +31,11 @@ A Cluster Developer has the ability to create pods via `Deployments`, `ReplicaSe
 
 Karpenter has permissions to create and manage cloud instances. Karpenter has Kubernetes API permissions to create, update, and remove nodes, as well as evict pods. For a full list of the permissions, see the RBAC rules in the helm chart template. Karpenter also has AWS IAM permissions to create instances with IAM roles.
 
-* [aggregate-clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/aggregate-clusterrole.yaml)
-* [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/clusterrole-core.yaml)
-* [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/clusterrole.yaml)
-* [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/rolebinding.yaml)
-* [role.yaml](https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/templates/role.yaml)
+* [aggregate-clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/aggregate-clusterrole.yaml)
+* [clusterrole-core.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/clusterrole-core.yaml)
+* [clusterrole.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/clusterrole.yaml)
+* [rolebinding.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/rolebinding.yaml)
+* [role.yaml](https://github.com/aws/karpenter/blob/v0.33.1/charts/karpenter/templates/role.yaml)
 
 ## Assumptions
 

diff --git a/website/content/en/docs/upgrading/upgrade-guide.md b/website/content/en/docs/upgrading/upgrade-guide.md
@@ -28,9 +28,9 @@ If you get the error `invalid ownership metadata; label validation error:` while
 In general, you can reapply the CRDs in the `crds` directory of the Karpenter helm chart:
 
 ```shell
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.33.0/pkg/apis/crds/karpenter.sh_nodepools.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.33.0/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
-kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.33.0/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.33.1/pkg/apis/crds/karpenter.sh_nodepools.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.33.1/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
+kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.33.1/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
 ```
 
 ### Upgrading to v0.33.0+

diff --git a/website/content/en/docs/upgrading/v1beta1-migration.md b/website/content/en/docs/upgrading/v1beta1-migration.md
@@ -47,7 +47,7 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
     ```bash
     export KARPENTER_NAMESPACE=karpenter
-    export KARPENTER_VERSION=v0.32.3
+    export KARPENTER_VERSION=v0.32.4
     export AWS_PARTITION="aws" # if you are not using standard partitions, you may need to configure to aws-cn / aws-us-gov
     export CLUSTER_NAME="${USER}-karpenter-demo"
     export AWS_REGION="us-west-2"
@@ -60,7 +60,7 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
     ```bash
     TEMPOUT=$(mktemp)
-    curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
+    curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
 
     AWS_REGION=${AWS_REGION:=$AWS_DEFAULT_REGION} # use the default region if AWS_REGION isn't defined
     POLICY_DOCUMENT=$(envsubst < ${TEMPOUT})
@@ -71,15 +71,15 @@ This procedure assumes you are running the Karpenter controller on cluster and w
     aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${POLICY_ARN}"
     ```
 
-5. Apply the v0.32.3 Custom Resource Definitions (CRDs):
+5. Apply the v0.32.4 Custom Resource Definitions (CRDs):
 
    ```bash
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_provisioners.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_machines.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_nodepools.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_provisioners.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_machines.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodepools.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
     ```
 
 6. Upgrade Karpenter to the new version:

diff --git a/website/content/en/preview/concepts/nodeclasses.md b/website/content/en/preview/concepts/nodeclasses.md
@@ -490,7 +490,7 @@ spec:
 
 ## spec.instanceProfile
 
-`InstanceProfile` is an optional field and is neccesary to tell Karpenter which identity nodes from this `EC2NodeClass` should assume. You must specify one of `role` or `instanceProfile` when creating a Karpenter `EC2NodeClasss`. If you use the `instanceProfile` field instead of `role`, Karpenter will not manage the InstanceProfile on your behalf.
+`InstanceProfile` is an optional field and is necessary to tell Karpenter which identity nodes from this `EC2NodeClass` should assume. You must specify one of `role` or `instanceProfile` when creating a Karpenter `EC2NodeClasss`. If you use the `instanceProfile` field instead of `role`, Karpenter will not manage the InstanceProfile on your behalf.
 
 {{% alert title="Note" color="primary" %}}
 

diff --git a/...ite/content/en/preview/getting-started/getting-started-with-karpenter/_index.md b/...ite/content/en/preview/getting-started/getting-started-with-karpenter/_index.md
@@ -45,7 +45,7 @@ After setting up the tools, set the Karpenter and Kubernetes version:
 
 ```bash
 export KARPENTER_NAMESPACE=kube-system
-export KARPENTER_VERSION=v0.33.0
+export KARPENTER_VERSION=v0.33.1
 export K8S_VERSION={{< param "latest_k8s_version" >}}
 ```
 

diff --git a/website/content/en/preview/upgrading/v1beta1-migration.md b/website/content/en/preview/upgrading/v1beta1-migration.md
@@ -47,7 +47,7 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
     ```bash
     export KARPENTER_NAMESPACE=karpenter
-    export KARPENTER_VERSION=v0.32.3
+    export KARPENTER_VERSION=v0.32.4
     export AWS_PARTITION="aws" # if you are not using standard partitions, you may need to configure to aws-cn / aws-us-gov
     export CLUSTER_NAME="${USER}-karpenter-demo"
     export AWS_REGION="us-west-2"
@@ -60,7 +60,7 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
     ```bash
     TEMPOUT=$(mktemp)
-    curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
+    curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
 
     AWS_REGION=${AWS_REGION:=$AWS_DEFAULT_REGION} # use the default region if AWS_REGION isn't defined
     POLICY_DOCUMENT=$(envsubst < ${TEMPOUT})
@@ -71,15 +71,15 @@ This procedure assumes you are running the Karpenter controller on cluster and w
     aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${POLICY_ARN}"
     ```
 
-5. Apply the v0.32.3 Custom Resource Definitions (CRDs):
+5. Apply the v0.32.4 Custom Resource Definitions (CRDs):
 
    ```bash
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_provisioners.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_machines.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_nodepools.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
-    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.3/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_provisioners.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_machines.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodepools.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
+    kubectl apply -f https://raw.githubusercontent.com/aws/karpenter-provider-aws/v0.32.4/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
     ```
 
 6. Upgrade Karpenter to the new version: