feat: Update Karpenter examples to v1 (#2017)

aws-ia · Sep 20, 2024 · c082d0e · c082d0e
1 parent 5255ef6
commit c082d0e
Show file tree

Hide file tree

Showing 13 changed files with 313 additions and 279 deletions.
diff --git a/patterns/karpenter-mng/README.md b/patterns/karpenter-mng/README.md
@@ -11,24 +11,30 @@ This pattern demonstrates how to provision Karpenter on an EKS managed node grou
 
 ## Code
 
-The areas of significance related to this pattern are highlighted in the code provided below:
+The areas of significance related to this pattern are highlighted in the code provided below.
 
-```terraform hl_lines="20-28 31 49-62 67-70 89-92 102-126"
+### Cluster
+
+```terraform hl_lines="20-28 47-50 52-60 64-69"
 {% include  "../../patterns/karpenter-mng/eks.tf" %}
 ```
 
-### VPC
+### Karpenter Resources
 
-```terraform hl_lines="21-22"
-{% include  "../../patterns/karpenter-mng/vpc.tf" %}
+```terraform hl_lines="2 14-15 17-20 42-55"
+{% include  "../../patterns/karpenter-mng/karpenter.tf" %}
 ```
 
-### EC2NodeClass and NodePool
-
-```yaml hl_lines="8-16"
+```yaml hl_lines="9-17 28-29"
 {% include  "../../patterns/karpenter-mng/karpenter.yaml" %}
 ```
 
+### VPC
+
+```terraform hl_lines="21-22"
+{% include  "../../patterns/karpenter-mng/vpc.tf" %}
+```
+
 ## Deploy
 
 See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started/#prerequisites) for the prerequisites and steps to deploy this pattern.
@@ -40,9 +46,9 @@ See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started
     ```sh
     kubectl get nodes
 
-    NAME                                      STATUS   ROLES    AGE     VERSION
-    ip-10-0-38-5.us-west-2.compute.internal   Ready    <none>   2m40s   v1.29.3-eks-ae9a62a
-    ip-10-0-9-38.us-west-2.compute.internal   Ready    <none>   2m35s   v1.29.3-eks-ae9a62a
+    NAME                                        STATUS   ROLES    AGE     VERSION
+    ip-10-0-23-32.us-west-2.compute.internal    Ready    <none>   10m     v1.30.4-eks-a737599
+    ip-10-0-6-222.us-west-2.compute.internal    Ready    <none>   10m     v1.30.4-eks-a737599
     ```
 
 2. Provision the Karpenter `EC2NodeClass` and `NodePool` resources which provide Karpenter the necessary configurations to provision EC2 resources:
@@ -69,9 +75,9 @@ See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started
     kubectl get nodes
 
     NAME                                        STATUS   ROLES    AGE     VERSION
-    ip-10-0-38-109.us-west-2.compute.internal   Ready    <none>   11s     v1.29.3-eks-ae9a62a # <== EC2 created by Karpenter
-    ip-10-0-38-5.us-west-2.compute.internal     Ready    <none>   3m54s   v1.29.3-eks-ae9a62a
-    ip-10-0-9-38.us-west-2.compute.internal     Ready    <none>   3m49s   v1.29.3-eks-ae9a62a
+    ip-10-0-23-32.us-west-2.compute.internal    Ready    <none>   10m     v1.30.4-eks-a737599
+    ip-10-0-46-239.us-west-2.compute.internal   Ready    <none>   20s     v1.30.1-eks-e564799 # <== EC2 created by Karpenter
+    ip-10-0-6-222.us-west-2.compute.internal    Ready    <none>   10m     v1.30.4-eks-a737599
     ```
 
 ## Destroy
@@ -82,6 +88,12 @@ Scale down the deployment to de-provision Karpenter created resources first:
 kubectl delete -f example.yaml
 ```
 
+Remove the Karpenter Helm chart:
+
+```sh
+terraform destroy -target=helm_release.karpenter --auto-approve
+```
+
 {%
    include-markdown "../../docs/_partials/destroy.md"
 %}
diff --git a/patterns/karpenter-mng/eks.tf b/patterns/karpenter-mng/eks.tf
@@ -4,7 +4,7 @@
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.11"
+  version = "~> 20.24"
 
   cluster_name    = local.name
   cluster_version = "1.30"
@@ -38,6 +38,7 @@ module "eks" {
 
   eks_managed_node_groups = {
     karpenter = {
+      ami_type       = "BOTTLEROCKET_x86_64"
       instance_types = ["m5.large"]
 
       min_size     = 2
@@ -61,12 +62,6 @@ module "eks" {
     }
   }
 
-  # cluster_tags = merge(local.tags, {
-  #   NOTE - only use this option if you are using "attach_cluster_primary_security_group"
-  #   and you know what you're doing. In this case, you can remove the "node_security_group_tags" below.
-  #  "karpenter.sh/discovery" = local.name
-  # })
-
   node_security_group_tags = merge(local.tags, {
     # NOTE - if creating multiple security groups with this module, only tag the
     # security group that Karpenter should utilize with the following tag
@@ -81,59 +76,3 @@ output "configure_kubectl" {
   description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
   value       = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
 }
-
-################################################################################
-# Controller & Node IAM roles, SQS Queue, Eventbridge Rules
-################################################################################
-
-module "karpenter" {
-  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  version = "~> 20.11"
-
-  cluster_name = module.eks.cluster_name
-
-  # Name needs to match role name passed to the EC2NodeClass
-  node_iam_role_use_name_prefix   = false
-  node_iam_role_name              = local.name
-  create_pod_identity_association = true
-
-  tags = local.tags
-}
-
-################################################################################
-# Helm charts
-################################################################################
-
-resource "helm_release" "karpenter" {
-  namespace           = "kube-system"
-  name                = "karpenter"
-  repository          = "oci://public.ecr.aws/karpenter"
-  repository_username = data.aws_ecrpublic_authorization_token.token.user_name
-  repository_password = data.aws_ecrpublic_authorization_token.token.password
-  chart               = "karpenter"
-  version             = "0.36.2"
-  wait                = false
-
-  values = [
-    <<-EOT
-    nodeSelector:
-      karpenter.sh/controller: 'true'
-    tolerations:
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - key: karpenter.sh/controller
-        operator: Exists
-        effect: NoSchedule
-    settings:
-      clusterName: ${module.eks.cluster_name}
-      clusterEndpoint: ${module.eks.cluster_endpoint}
-      interruptionQueue: ${module.karpenter.queue_name}
-    EOT
-  ]
-
-  lifecycle {
-    ignore_changes = [
-      repository_password
-    ]
-  }
-}
diff --git a/patterns/karpenter-mng/karpenter.tf b/patterns/karpenter-mng/karpenter.tf
@@ -0,0 +1,64 @@
+locals {
+  namespace = "karpenter"
+}
+
+################################################################################
+# Controller & Node IAM roles, SQS Queue, Eventbridge Rules
+################################################################################
+
+module "karpenter" {
+  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
+  version = "~> 20.24"
+
+  cluster_name          = module.eks.cluster_name
+  enable_v1_permissions = true
+  namespace             = local.namespace
+
+  # Name needs to match role name passed to the EC2NodeClass
+  node_iam_role_use_name_prefix   = false
+  node_iam_role_name              = local.name
+  create_pod_identity_association = true
+
+  tags = local.tags
+}
+
+################################################################################
+# Helm charts
+################################################################################
+
+resource "helm_release" "karpenter" {
+  name                = "karpenter"
+  namespace           = local.namespace
+  create_namespace    = true
+  repository          = "oci://public.ecr.aws/karpenter"
+  repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+  repository_password = data.aws_ecrpublic_authorization_token.token.password
+  chart               = "karpenter"
+  version             = "1.0.2"
+  wait                = false
+
+  values = [
+    <<-EOT
+    nodeSelector:
+      karpenter.sh/controller: 'true'
+    settings:
+      clusterName: ${module.eks.cluster_name}
+      clusterEndpoint: ${module.eks.cluster_endpoint}
+      interruptionQueue: ${module.karpenter.queue_name}
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: karpenter.sh/controller
+        operator: Exists
+        effect: NoSchedule
+    webhook:
+      enabled: false
+    EOT
+  ]
+
+  lifecycle {
+    ignore_changes = [
+      repository_password
+    ]
+  }
+}
diff --git a/patterns/karpenter-mng/karpenter.yaml b/patterns/karpenter-mng/karpenter.yaml
@@ -1,10 +1,11 @@
 ---
-apiVersion: karpenter.k8s.aws/v1beta1
+apiVersion: karpenter.k8s.aws/v1
 kind: EC2NodeClass
 metadata:
   name: default
 spec:
-  amiFamily: AL2
+  amiSelectorTerms:
+    - alias: bottlerocket@latest
   role: ex-karpenter-mng
   subnetSelectorTerms:
     - tags:
@@ -15,14 +16,16 @@ spec:
   tags:
     karpenter.sh/discovery: ex-karpenter-mng
 ---
-apiVersion: karpenter.sh/v1beta1
+apiVersion: karpenter.sh/v1
 kind: NodePool
 metadata:
   name: default
 spec:
   template:
     spec:
       nodeClassRef:
+        group: karpenter.k8s.aws
+        kind: EC2NodeClass
         name: default
       requirements:
         - key: "karpenter.k8s.aws/instance-category"

diff --git a/patterns/karpenter/README.md b/patterns/karpenter/README.md
@@ -2,22 +2,46 @@
 
 This pattern demonstrates how to provision Karpenter on a serverless cluster (serverless data plane) using Fargate Profiles.
 
+## Code
+
+The areas of significance related to this pattern are highlighted in the code provided below.
+
+### Cluster
+
+```terraform hl_lines="18-19 28-31 34-38 42-45"
+{% include  "../../patterns/karpenter/eks.tf" %}
+```
+
+### Karpenter Resources
+
+```terraform hl_lines="2 14-15 17-19 21-24 46-55"
+{% include  "../../patterns/karpenter/karpenter.tf" %}
+```
+
+```yaml hl_lines="9-17 28-29"
+{% include  "../../patterns/karpenter/karpenter.yaml" %}
+```
+
+### VPC
+
+```terraform hl_lines="21-22"
+{% include  "../../patterns/karpenter/vpc.tf" %}
+```
+
 ## Deploy
 
 See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started/#prerequisites) for the prerequisites and steps to deploy this pattern.
 
 ## Validate
 
-1. Test by listing the nodes in the cluster. You should see four Fargate nodes in the cluster:
+1. Test by listing the nodes in the cluster. You should see two Fargate nodes in the cluster:
 
     ```sh
     kubectl get nodes
 
-    NAME                                                STATUS   ROLES    AGE     VERSION
-    fargate-ip-10-0-11-195.us-west-2.compute.internal   Ready    <none>   5m20s   v1.28.2-eks-f8587cb
-    fargate-ip-10-0-27-183.us-west-2.compute.internal   Ready    <none>   5m2s    v1.28.2-eks-f8587cb
-    fargate-ip-10-0-4-169.us-west-2.compute.internal    Ready    <none>   5m3s    v1.28.2-eks-f8587cb
-    fargate-ip-10-0-44-106.us-west-2.compute.internal   Ready    <none>   5m12s   v1.28.2-eks-f8587cb
+    NAME                                               STATUS   ROLES    AGE    VERSION
+    fargate-ip-10-0-16-92.us-west-2.compute.internal   Ready    <none>   2m3s   v1.30.0-eks-404b9c6
+    fargate-ip-10-0-8-95.us-west-2.compute.internal    Ready    <none>   2m3s   v1.30.0-eks-404b9c6
     ```
 
 2. Provision the Karpenter `EC2NodeClass` and `NodePool` resources which provide Karpenter the necessary configurations to provision EC2 resources:
@@ -43,12 +67,10 @@ See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started
     ```sh
     kubectl get nodes
 
-    NAME                                                STATUS   ROLES    AGE   VERSION
-    fargate-ip-10-0-11-195.us-west-2.compute.internal   Ready    <none>   13m   v1.28.2-eks-f8587cb
-    fargate-ip-10-0-27-183.us-west-2.compute.internal   Ready    <none>   12m   v1.28.2-eks-f8587cb
-    fargate-ip-10-0-4-169.us-west-2.compute.internal    Ready    <none>   12m   v1.28.2-eks-f8587cb
-    fargate-ip-10-0-44-106.us-west-2.compute.internal   Ready    <none>   13m   v1.28.2-eks-f8587cb
-    ip-10-0-32-199.us-west-2.compute.internal           Ready    <none>   29s   v1.28.2-eks-a5df82a # <== EC2 created by Karpenter
+    NAME                                               STATUS   ROLES    AGE    VERSION
+    fargate-ip-10-0-16-92.us-west-2.compute.internal   Ready    <none>   2m3s   v1.30.0-eks-404b9c6
+    fargate-ip-10-0-8-95.us-west-2.compute.internal    Ready    <none>   2m3s   v1.30.0-eks-404b9c6
+    ip-10-0-21-175.us-west-2.compute.internal          Ready    <none>   88s    v1.30.1-eks-e564799 # <== EC2 created by Karpenter
     ```
 
 ## Destroy
@@ -59,6 +81,12 @@ Scale down the deployment to de-provision Karpenter created resources first:
 kubectl delete -f example.yaml
 ```
 
+Remove the Karpenter Helm chart:
+
+```sh
+terraform destroy -target=helm_release.karpenter --auto-approve
+```
+
 {%
    include-markdown "../../docs/_partials/destroy.md"
 %}