chore: bump karpenter to 0.26.1

Author: robertd

.projen/deps.json

@@ -1,4 +1,4 @@
-const { awscdk, TaskRuntime } = require('projen');
+const { awscdk } = require('projen');
 const project = new awscdk.AwsCdkConstructLibrary({
   name: 'cdk-karpenter',
   description: 'Karpenter simplifies Kubernetes infrastructure with the right nodes at the right time.\
@@ -16,7 +16,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
   },
   compat: true,
   stability: 'experimental',
-  cdkVersion: '2.60.0',
+  cdkVersion: '2.67.0',
   workflowNodeVersion: '^18.13.0',
   autoApproveOptions: {
     allowedUsernames: ['cdk-karpenter-automation'],

.projenrc.js

@@ -8,7 +8,7 @@ More info about Karpenter at: https://karpenter.sh
 
 Karpenter Best Practices: https://aws.github.io/aws-eks-best-practices/karpenter/
 
-Karpenter version: v0.23.0
+Karpenter version: v0.26.1
 
 Notes: 
 - Karpenter no longer supports Kubernetes v1.20, but now supports Kubernetes v1.25. This change is due to the v1 PDB API, which was introduced in K8s v1.20 and subsequent removal of the v1beta1 API in K8s v1.25.
@@ -43,7 +43,7 @@ const karpenter = new Karpenter(stack, 'karpenter', {
 // default provisioner
 karpenter.addProvisioner('default');
 //Note: Default provisioner has no cpu/mem limits, nor will cleanup provisioned resources. Use with caution.
-// see: https://karpenter.sh/v0.23.0/concepts/deprovisioning/
+// see: https://karpenter.sh/v0.26.1/concepts/deprovisioning/
 
 // custom provisoner - kitchen sink
 karpenter.addProvisioner('custom', {

API.md

@@ -114,7 +114,8 @@ export interface ProviderProps {
   readonly amiFamily?: AMIFamily;
 
   /**
-   * Tags will be added to every EC2 instance launched by the provisioner.
+   * Provisioner level tags. Tags will be added to every EC2 instance launched by the provisioner.
+   * Provisioner level tags override global Karpenter tags.
    */
   readonly tags?: {[key: string]: string};
 
@@ -424,6 +425,14 @@ export class Karpenter extends Construct {
             this.karpenterNodeRole.roleArn,
           ],
         }),
+        new PolicyStatement({
+          actions: [
+            'eks:DescribeCluster',
+          ],
+          resources: [
+            this.cluster.clusterArn,
+          ],
+        }),
       ],
     });
 
@@ -472,7 +481,7 @@ export class Karpenter extends Construct {
     this.karpenterHelmChart = new HelmChart(this, 'KarpenterHelmChart', {
       chart: 'karpenter',
       createNamespace: true,
-      version: 'v0.23.0',
+      version: 'v0.26.1',
       cluster: this.cluster,
       namespace: 'karpenter',
       release: 'karpenter',
@@ -485,10 +494,10 @@ export class Karpenter extends Construct {
             'eks.amazonaws.com/role-arn': this.karpenterControllerRole.roleArn,
           },
         },
+        // see: https://karpenter.sh/v0.26.1/concepts/settings/
         settings: {
           aws: {
             clusterName: this.cluster.clusterName,
-            clusterEndpoint: this.cluster.clusterEndpoint,
             interruptionQueueName: this.karpenterInterruptionQueue.queueName,
             // instanceProfile is created using L1 construct (CfnInstanceProfile), thus we're referencing ref directly
             // TODO: revisit this when L2 InstanceProfile construct is released
@@ -512,8 +521,8 @@ export class Karpenter extends Construct {
       throw new Error('Parameters consolidation and ttlSecondsAfterEmpty are mutually exclusive.');
     }
 
-    // see: https://karpenter.sh/v0.23.0/concepts/provisioners/
-    // see: https://karpenter.sh/v0.23.0/concepts/node-templates/
+    // see: https://karpenter.sh/v0.26.1/concepts/provisioners/
+    // see: https://karpenter.sh/v0.26.1/concepts/node-templates/
     const awsNodeTemplateId = `${id}-awsNodeTemplate`.toLowerCase();
     const awsNodeTemplate = this.cluster.addManifest(awsNodeTemplateId, {
       apiVersion: 'karpenter.k8s.aws/v1alpha1',
@@ -522,43 +531,43 @@ export class Karpenter extends Construct {
         name: awsNodeTemplateId,
       },
       spec: {
-        // see: https://karpenter.sh/v0.23.0/concepts/node-templates/#specsubnetselector
+        // see: https://karpenter.sh/v0.26.1/concepts/node-templates/#specsubnetselector
         subnetSelector: {
           [`karpenter.sh/discovery/${this.cluster.clusterName}`]: '*',
         },
-        // see: https://karpenter.sh/v0.23.0/concepts/node-templates/#specsecuritygroupselector
+        // see: https://karpenter.sh/v0.26.1/concepts/node-templates/#specsecuritygroupselector
         securityGroupSelector: {
           [`kubernetes.io/cluster/${this.cluster.clusterName}`]: 'owned',
         },
-        // see: https://karpenter.sh/v0.23.0/concepts/node-templates/#specsecuritygroupselector
+        // see: https://karpenter.sh/v0.26.1/concepts/node-templates/#specsecuritygroupselector
         // instanceProfile is created using L1 construct (CfnInstanceProfile), thus we're referencing ref directly
         // TODO: revisit this when L2 InstanceProfile construct is released
         instanceProfile: this.instanceProfile.ref,
-        // see: https://karpenter.sh/v0.23.0/concepts/node-templates/#specamifamily
+        // see: https://karpenter.sh/v0.26.1/concepts/node-templates/#specamifamily
         ...(provisionerSpecs?.provider?.amiFamily && { amiFamily: provisionerSpecs!.provider!.amiFamily! }),
-        // see https://karpenter.sh/v0.23.0/concepts/node-templates/#specamiselector
+        // see https://karpenter.sh/v0.26.1/concepts/node-templates/#specamiselector
         ...(provisionerSpecs?.provider?.amiSelector && { amiSelector: { ...provisionerSpecs!.provider!.amiSelector! } }),
-        // see: https://karpenter.sh/v0.23.0/aws/provisioning/#tags
+        // see: https://karpenter.sh/v0.26.1/concepts/node-templates/#spectags
         ...(provisionerSpecs?.provider?.tags && { tags: { ...provisionerSpecs!.provider!.tags! } }),
-        // see: https://karpenter.sh/v0.23.0/aws/provisioning/#block-device-mappings
+        // see: https://karpenter.sh/v0.26.1/concepts/node-templates/#specblockdevicemappings
         ...(provisionerSpecs?.provider?.blockDeviceMappings && { blockDeviceMappings: provisionerSpecs!.provider!.blockDeviceMappings! }),
-        // TODO: add userData https://karpenter.sh/v0.23.0/aws/provisioning/#userdata
-        // TODO: add metadataOptions https://karpenter.sh/v0.23.0/aws/provisioning/#metadata-options
+        // TODO: add userData https://karpenter.sh/v0.26.1/concepts/node-templates/#specuserdata
+        // TODO: add metadataOptions https://karpenter.sh/v0.26.1/concepts/node-templates/#specmetadataoptions
       },
     });
 
-    // see: https://karpenter.sh/v0.23.0/concepts/provisioners/#specrequirements
+    // see: https://karpenter.sh/v0.26.1/concepts/provisioners/#specrequirements
     const requirements = this.setRequirements(provisionerSpecs?.requirements);
 
-    // see: https://karpenter.sh/v0.23.0/concepts/provisioners/
+    // see: https://karpenter.sh/v0.26.1/concepts/provisioners/
     const provisioner = this.cluster.addManifest(id, {
       apiVersion: 'karpenter.sh/v1alpha5',
       kind: 'Provisioner',
       metadata: {
         name: id.toLowerCase(),
       },
       spec: {
-        // see: https://karpenter.sh/v0.23.0/concepts/provisioners/#speclimitsresources
+        // see: https://karpenter.sh/v0.26.1/concepts/provisioners/#speclimitsresources
         ...(provisionerSpecs?.limits && {
           limits: {
             resources: {
@@ -567,15 +576,15 @@ export class Karpenter extends Construct {
             },
           },
         }),
-        // see: https://karpenter.sh/v0.23.0/concepts/provisioners/#specconsolidation
+        // see: https://karpenter.sh/v0.26.1/concepts/provisioners/#specconsolidation
         ...provisionerSpecs?.consolidation && {
           consolidation: {
             enabled: provisionerSpecs!.consolidation,
           },
         },
         ...(provisionerSpecs?.ttlSecondsAfterEmpty && { ttlSecondsAfterEmpty: provisionerSpecs!.ttlSecondsAfterEmpty!.toSeconds() }),
         ...(provisionerSpecs?.ttlSecondsUntilExpired && { ttlSecondsUntilExpired: provisionerSpecs!.ttlSecondsUntilExpired!.toSeconds() }),
-        // see: https://karpenter.sh/v0.23.0/provisioner/#specrequirements
+        // see: https://karpenter.sh/v0.26.1/concepts/provisioners/#specrequirements
         requirements: [
           ...requirements,
         ],
@@ -585,12 +594,10 @@ export class Karpenter extends Construct {
         },
         ...(provisionerSpecs?.taints && { taints: provisionerSpecs!.taints! }),
         ...(provisionerSpecs?.startupTaints && { startupTaints: provisionerSpecs!.startupTaints! }),
-        // see: https://karpenter.sh/v0.23.0/concepts/provisioners/#specproviderref
+        // see: https://karpenter.sh/v0.26.1/concepts/provisioners/#specproviderref
         providerRef: {
           name: awsNodeTemplateId,
         },
-        // see: https://karpenter.sh/v0.23.0/concepts/provisioners/#specproviderref
-
       },
     });
 

README.md

@@ -120,6 +120,16 @@ test('has karpenter controller policy', () => {
             ],
           },
         },
+        {
+          Action: 'eks:DescribeCluster',
+          Effect: 'Allow',
+          Resource: {
+            'Fn::GetAtt': [
+              'Cluster9EE0221C',
+              'Arn',
+            ],
+          },
+        },
       ],
       Version: '2012-10-17',
     },