Skip to content

Commit 46c1305

Browse files
committed
upgrade karpenter
Signed-off-by: Mahmoud Gaballah <[email protected]>
1 parent 9f0b5c7 commit 46c1305

20 files changed

+1528
-1468
lines changed

cluster/cluster.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -570,12 +570,12 @@ Resources:
570570
- 'sts:AssumeRoleWithWebIdentity'
571571
Condition:
572572
StringEquals:
573-
"{{ .Cluster.LocalID }}.{{ .Values.hosted_zone }}:aud": "sts.amazonaws.com",
574-
"{{ .Cluster.LocalID }}.{{ .Values.hosted_zone }}:sub": "system:serviceaccount:kube-system:karpenter",
573+
"{{ .Cluster.LocalID }}.{{ .Values.hosted_zone }}:aud": "sts.amazonaws.com"
574+
"{{ .Cluster.LocalID }}.{{ .Values.hosted_zone }}:sub": "system:serviceaccount:kube-system:karpenter"
575575
Version: 2012-10-17
576576
Path: /
577577
Policies:
578-
- ManagedPolicyName: !Sub "KarpenterControllerPolicy-{{.Cluster.ID}}"
578+
- PolicyName: "KarpenterControllerPolicy-{{ .Cluster.ID | awsValidID }}"
579579
# The PolicyDocument must be in JSON string format because we use a StringEquals condition that uses an interpolated
580580
# value in one of its key parameters which isn't natively supported by CloudFormation
581581
PolicyDocument: !Sub |
@@ -734,7 +734,7 @@ Resources:
734734
{
735735
"Sid": "AllowPassingInstanceRole",
736736
"Effect": "Allow",
737-
"Resource": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/KarpenterNodeRole-{{.Cluster.ID}}",
737+
"Resource": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/{{.Cluster.LocalID}}-worker",
738738
"Action": "iam:PassRole",
739739
"Condition": {
740740
"StringEquals": {
@@ -803,7 +803,7 @@ Resources:
803803
"Effect": "Allow",
804804
"Resource": "*",
805805
"Action": "iam:GetInstanceProfile"
806-
},
806+
}
807807
]
808808
}
809809
RoleName: "{{.Cluster.LocalID}}-app-karpenter"

cluster/manifests/deletions.yaml

Lines changed: 45 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -164,14 +164,50 @@ post_apply:
164164
namespace: kubenurse
165165
kind: Service
166166
{{- end }}
167-
168167
- name: karpenter-logging-config
169168
kind: ConfigMap
170169
namespace: kube-system
170+
- name: karpenter-webhook
171+
kind: ClusterRole
172+
- name: karpenter-webhook
173+
kind: ClusterRoleBinding
174+
- name: karpenter-webhook
175+
kind: ClusterRole
176+
- name: karpenter-webhook
177+
kind: ClusterRoleBinding
178+
- name: provisioners.karpenter.sh
179+
kind: CustomResourceDefinition
180+
- name: awsnodetemplates.karpenter.k8s.aws
181+
kind: CustomResourceDefinition
182+
- name: machines.karpenter.sh
183+
kind: CustomResourceDefinition
184+
- name: karpenter-global-settings
185+
kind: ConfigMap
186+
namespace: kube-system
187+
- name: config-logging
188+
kind: ConfigMap
189+
namespace: kube-system
190+
- name: karpenter-cert
191+
kind: Secret
192+
namespace: kube-system
193+
- name: defaulting.webhook.karpenter.k8s.aws
194+
kind: MutatingWebhookConfiguration
195+
- name: validation.webhook.karpenter.k8s.aws
196+
kind: ValidatingWebhookConfiguration
197+
- name: validation.webhook.config.karpenter.sh
198+
kind: ValidatingWebhookConfiguration
199+
- name: validation.webhook.karpenter.sh
200+
kind: ValidatingWebhookConfiguration
171201
{{ if eq .Cluster.ConfigItems.karpenter_pools_enabled "false" }}
172202
- name: karpenter
173203
namespace: kube-system
174204
kind: Deployment
205+
- name: nodepools.karpenter.sh
206+
kind: CustomResourceDefinition
207+
- name: ec2nodeclasses.karpenter.k8s.aws
208+
kind: CustomResourceDefinition
209+
- name: nodeclaims.karpenter.sh
210+
kind: CustomResourceDefinition
175211
- name: karpenter
176212
namespace: kube-system
177213
kind: PodDisruptionBudget
@@ -184,48 +220,31 @@ post_apply:
184220
kind: ClusterRole
185221
- name: karpenter-core
186222
kind: ClusterRoleBinding
187-
- name: karpenter-webhook
223+
- name: karpenter
188224
kind: ClusterRole
189-
- name: karpenter-webhook
225+
- name : karpenter
190226
kind: ClusterRoleBinding
191227
- name: karpenter
192228
namespace: kube-system
193229
kind: Role
194230
- name: karpenter-dns
195231
namespace: kube-system
196232
kind: Role
233+
- name: karpenter-lease
234+
namespace: kube-system
235+
kind: Role
197236
- name: karpenter
198237
namespace: kube-system
199238
kind: RoleBinding
200239
- name: karpenter-dns
201240
namespace: kube-system
202241
kind: RoleBinding
242+
- name: karpenter-lease
243+
namespace: kube-system
244+
kind: RoleBinding
203245
- name: karpenter
204246
namespace: kube-system
205247
kind: Service
206-
- name: provisioners.karpenter.sh
207-
kind: CustomResourceDefinition
208-
- name: awsnodetemplates.karpenter.k8s.aws
209-
kind: CustomResourceDefinition
210-
- name: machines.karpenter.sh
211-
kind: CustomResourceDefinition
212-
- name: karpenter-global-settings
213-
kind: ConfigMap
214-
namespace: kube-system
215-
- name: config-logging
216-
kind: ConfigMap
217-
namespace: kube-system
218-
- name: karpenter-cert
219-
kind: Secret
220-
namespace: kube-system
221-
- name: defaulting.webhook.karpenter.k8s.aws
222-
kind: MutatingWebhookConfiguration
223-
- name: validation.webhook.karpenter.k8s.aws
224-
kind: ValidatingWebhookConfiguration
225-
- name: validation.webhook.config.karpenter.sh
226-
kind: ValidatingWebhookConfiguration
227-
- name: validation.webhook.karpenter.sh
228-
kind: ValidatingWebhookConfiguration
229248
- name: karpenter-vpa
230249
namespace: kube-system
231250
kind: VerticalPodAutoscaler

0 commit comments

Comments
 (0)