Skip to content

Commit

Permalink
chore: Backport neuron support for bottlerocket 1.2.x (#7805)
Browse files Browse the repository at this point in the history 
Co-authored-by: Vighnesh Maheshwari <[email protected]>
  • Loading branch information
@rschalo @vigh-m
rschalo and vigh-m authored Feb 27, 2025
1 parent b7cf115 commit 6faf547
Show file tree
Hide file tree
Showing 8 changed files with 39 additions and 8 deletions.
2 changes: 1 addition & 1 deletion charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
{{- with .Values.additionalAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
controller-gen.kubebuilder.io/version: v0.17.1
controller-gen.kubebuilder.io/version: v0.17.2
name: ec2nodeclasses.karpenter.k8s.aws
spec:
group: karpenter.k8s.aws
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/aws/karpenter-provider-aws

go 1.23.5
go 1.23.6

require (
github.com/Pallinder/go-randomdata v1.2.0
Expand Down
2 changes: 1 addition & 1 deletion pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
controller-gen.kubebuilder.io/version: v0.17.2
name: ec2nodeclasses.karpenter.k8s.aws
spec:
group: karpenter.k8s.aws
Expand Down
20 changes: 18 additions & 2 deletions pkg/controllers/nodeclass/ami_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,7 @@ var _ = Describe("NodeClass AMI Status Controller", func() {
ExpectObjectReconciled(ctx, env.Client, controller, nodeClass)
nodeClass = ExpectExists(ctx, env.Client, nodeClass)

Expect(len(nodeClass.Status.AMIs)).To(Equal(4))
Expect(len(nodeClass.Status.AMIs)).To(Equal(5))
Expect(nodeClass.Status.AMIs).To(ContainElements([]v1.AMI{
{
Name: "amd64-standard",
Expand Down Expand Up @@ -351,6 +351,22 @@ var _ = Describe("NodeClass AMI Status Controller", func() {
},
},
},
// Note: Bottlerocket uses the same AMI for standard and neuron
{
Name: "amd64-standard",
ID: "ami-amd64-standard",
Requirements: []corev1.NodeSelectorRequirement{
{
Key: corev1.LabelArchStable,
Operator: corev1.NodeSelectorOpIn,
Values: []string{karpv1.ArchitectureAmd64},
},
{
Key: v1.LabelInstanceAcceleratorCount,
Operator: corev1.NodeSelectorOpExists,
},
},
},
{
Name: "amd64-nvidia",
ID: "ami-amd64-nvidia",
Expand Down Expand Up @@ -468,7 +484,7 @@ var _ = Describe("NodeClass AMI Status Controller", func() {
ExpectObjectReconciled(ctx, env.Client, controller, nodeClass)
nodeClass = ExpectExists(ctx, env.Client, nodeClass)

Expect(len(nodeClass.Status.AMIs)).To(Equal(2))
Expect(len(nodeClass.Status.AMIs)).To(Equal(3))
Expect(nodeClass.Status.AMIs).To(ContainElements([]v1.AMI{
{
Name: "arm64-standard",
Expand Down
1 change: 1 addition & 0 deletions pkg/providers/amifamily/bootstrap/bottlerocketsettings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ type BottlerocketKubernetes struct {
ClusterDomain *string `toml:"cluster-domain,omitempty"`
SeccompDefault *bool `toml:"seccomp-default,omitempty"`
PodPidsLimit *int `toml:"pod-pids-limit,omitempty"`
DeviceOwnershipFromSecurityContext *bool `toml:"device-ownership-from-security-context,omitempty"`
}

type BottlerocketStaticPod struct {
Expand Down
2 changes: 1 addition & 1 deletion pkg/providers/amifamily/bottlerocket.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func (b Bottlerocket) DescribeImageQuery(ctx context.Context, ssmProvider ssm.Pr
trimmedAMIVersion := strings.TrimLeft(amiVersion, "v")
ids := map[string][]Variant{}
for path, variants := range map[string][]Variant{
fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantStandard},
fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantStandard, VariantNeuron},
fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantStandard},
fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantNvidia},
fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantNvidia},
Expand Down
4 changes: 2 additions & 2 deletions pkg/providers/amifamily/suite_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ var _ = Describe("AMIProvider", func() {
}
amis, err := awsEnv.AMIProvider.List(ctx, nodeClass)
Expect(err).ToNot(HaveOccurred())
Expect(amis).To(HaveLen(4))
Expect(amis).To(HaveLen(5))
})
It("should succeed to resolve AMIs (Windows2019)", func() {
nodeClass.Spec.AMISelectorTerms = []v1.AMISelectorTerm{{Alias: "windows2019@latest"}}
Expand Down Expand Up @@ -304,7 +304,7 @@ var _ = Describe("AMIProvider", func() {
// Only 4 of the requirements sets for the SSM aliases will resolve
amis, err := awsEnv.AMIProvider.List(ctx, nodeClass)
Expect(err).ToNot(HaveOccurred())
Expect(amis).To(HaveLen(3))
Expect(amis).To(HaveLen(4))
})
})
Context("AMI Tag Requirements", func() {
Expand Down
14 changes: 14 additions & 0 deletions website/content/en/preview/concepts/nodeclasses.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1353,6 +1353,20 @@ cluster-name = 'cluster'
'memory.available' = '12%%'
```

#### Device ownership in Bottlerocket

Bottlerocket `v1.30.0+` supports device ownership using the [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) provided in the Kubernetes specfile. To enable this, you will need the following user-data configurations:

```toml
[settings]
[settings.kubernetes]
device-ownership-from-security-context = true
```

This allows the container to take ownership of devices allocated to the pod via device-plugins based on the `runAsUser` and `runAsGroup` values provided in the spec. For more details on this, see the [Kubernetes documentation](https://kubernetes.io/blog/2021/11/09/non-root-containers-and-devices/)

This setting helps you enable Neuron workloads on Bottlerocket instances. See [Accelerators/GPU Resources]({{< ref "./scheduling#acceleratorsgpu-resources" >}}) for more details.

### Windows2019/Windows2022

* Your UserData must be specified as PowerShell commands.
Expand Down

0 comments on commit 6faf547

Please sign in to comment.