Merge pull request #9289 from zalando-incubator/dev-to-kube-1.32

dev to kube-1.32

Author: mikkeloscar

cluster/config-defaults.yaml

@@ -47,6 +47,10 @@ karpenter_instance_storage_raid0: "true"
 # Can be set cluster wide or per node pool
 karpenter_in_transit_support_required: "false"
 
+# configure whether we allow t instance families for Karpenter nodes
+# t type instances have burstable CPU, which can be undesirable in production
+karpenter_instance_family_t_enabled: "false"
+
 # ALB config created by kube-aws-ingress-controller
 kube_aws_ingress_controller_ssl_policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
 kube_aws_ingress_controller_idle_timeout: "1m"

cluster/manifests/zalando-iam-aws-proxy/deployment.yaml

@@ -27,7 +27,7 @@ spec:
       serviceAccountName: zalando-iam-aws-proxy
       containers:
       - name: proxy
-        image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/zalando-iam-aws-proxy:main-1
+        image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/zalando-iam-aws-proxy:main-2
         args:
         - "--apiserver-url=https://kubernetes.default.svc.cluster.local"
         - "--ca-file-path=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"

cluster/node-pools/worker-karpenter/provisioners.yaml

@@ -157,6 +157,13 @@ spec:
           values:
               # the ARM architecture is too old and flannel breaks
             - "a1"
+#{{ if eq .Cluster.ConfigItems.karpenter_instance_family_t_enabled "false"}}
+              # t type instances have burstable CPU, undesired in production
+            - "t4g"
+            - "t3a"
+            - "t3"
+            - "t2"
+#{{ end }}
 #{{ if eq .NodePool.ConfigItems.karpenter_in_transit_support_required "true" }}
         - key: karpenter.k8s.aws/instance-encryption-in-transit-supported
           operator: In