Skip to content

Commit

Permalink
Add templated crds to karpenter-crds
Browse files Browse the repository at this point in the history
  • Loading branch information
engedaam committed Aug 6, 2024
1 parent 35306f4 commit ac5c4d8
Show file tree
Hide file tree
Showing 20 changed files with 3,194 additions and 48 deletions.
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ verify: tidy download ## Verify code. Includes dependencies, linting, formatting
hack/validation/requirements.sh
hack/validation/labels.sh
hack/validation/kubelet.sh
cp pkg/apis/crds/* charts/karpenter-crd/templates
hack/mutation/conversion_webhook_injection.sh
$(foreach dir,$(MOD_DIRS),cd $(dir) && golangci-lint run $(newline))
@git diff --quiet ||\
Expand Down

This file was deleted.

1,277 changes: 1,277 additions & 0 deletions charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml

Large diffs are not rendered by default.

This file was deleted.

820 changes: 820 additions & 0 deletions charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml

This file was deleted.

978 changes: 978 additions & 0 deletions charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml

Large diffs are not rendered by default.

7 changes: 7 additions & 0 deletions charts/karpenter-crd/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
webhook:
# -- Whether to enable the webhooks and webhook permissions.
enabled: true
serviceName: karpenter
serviceNamespace: kube-system
# -- The container port to use for the webhook.
port: 8443
1 change: 1 addition & 0 deletions charts/karpenter/templates/clusterrole-core.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ rules:
resources: ["customresourcedefinitions"]
verbs: ["get", "watch", "list"]
{{- else }}
# Used for the post install hook
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get"]
Expand Down
13 changes: 6 additions & 7 deletions charts/karpenter/templates/post-install-hook.yaml
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
apiVersion: batch/v1
kind: Job
metadata:
name: helm-{{ .Release.Name }}-post-install-hook
name: {{ .Release.Name }}-post-install-hook
namespace: {{ .Release.Namespace }}
labels:
{{- include "karpenter.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install,post-upgrade,post-rollback
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-delete-policy": hook-failed
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
{{- with .Values.additionalAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
Expand All @@ -24,18 +23,18 @@ spec:
{{- end }}
containers:
- name: post-install-job
image: bitnami/kubectl:latest
image: public.ecr.aws/bitnami/kubectl:1.30
command:
- /bin/sh
- -c
- |
if "{{ .Values.webhook.enabled }}" == "true"; then
{{- if .Values.webhook.enabled }}
kubectl patch customresourcedefinitions nodepools.karpenter.sh --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}'
kubectl patch customresourcedefinitions nodeclaims.karpenter.sh --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}'
kubectl patch customresourcedefinitions ec2nodeclasses.karpenter.k8s.aws --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}'
else
{{- else }}
echo "disabled webhooks"
kubectl patch customresourcedefinitions nodepools.karpenter.sh --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]'
kubectl patch customresourcedefinitions nodeclaims.karpenter.sh --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]'
kubectl patch customresourcedefinitions ec2nodeclasses.karpenter.k8s.aws --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]'
fi
{{ - end }}
8 changes: 2 additions & 6 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
module github.com/aws/karpenter

go 1.22.2

toolchain go1.22.5

replace sigs.k8s.io/karpenter => github.com/engedaam/karpenter-core v0.0.0-20240731091026-ffde9e0412d6
go 1.22.5

require (
github.com/Pallinder/go-randomdata v1.2.0
Expand Down Expand Up @@ -33,7 +29,7 @@ require (
k8s.io/utils v0.0.0-20240102154912-e7106e64919e
knative.dev/pkg v0.0.0-20231010144348-ca8c009405dd
sigs.k8s.io/controller-runtime v0.18.4
sigs.k8s.io/karpenter v0.33.6-0.20240731031339-a8979ac87d97
sigs.k8s.io/karpenter v0.33.6-0.20240806010051-e8a18ee753ac
)

require (
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/engedaam/karpenter-core v0.0.0-20240731091026-ffde9e0412d6 h1:LQEN8WWfCFt9KftWSLkCy0yfgjU0XSqD4qcKi8HSj4I=
github.com/engedaam/karpenter-core v0.0.0-20240731091026-ffde9e0412d6/go.mod h1:CpSddDzJyNGROic0uqiYM/+p7c/8iO7zshDf+rd1gJY=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
Expand Down Expand Up @@ -762,6 +760,8 @@ sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHv
sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/karpenter v0.33.6-0.20240806010051-e8a18ee753ac h1:GOGHPpq5vZN4zHBVFru+m/8t6v2fwPxBOgX5GAUEtas=
sigs.k8s.io/karpenter v0.33.6-0.20240806010051-e8a18ee753ac/go.mod h1:CpSddDzJyNGROic0uqiYM/+p7c/8iO7zshDf+rd1gJY=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
Expand Down
50 changes: 49 additions & 1 deletion hack/mutation/conversion_webhook_injection.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,52 @@
# Add the conversion stanza to the CRD spec to enable conversion via webhook
yq eval '.spec.conversion = {"strategy": "Webhook", "webhook": {"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig": {"service": {"name": "karpenter", "namespace": "kube-system", "port": 8443}}}}' -i pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
yq eval '.spec.conversion = {"strategy": "Webhook", "webhook": {"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig": {"service": {"name": "karpenter", "namespace": "kube-system", "port": 8443}}}}' -i pkg/apis/crds/karpenter.sh_nodeclaims.yaml
yq eval '.spec.conversion = {"strategy": "Webhook", "webhook": {"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig": {"service": {"name": "karpenter", "namespace": "kube-system", "port": 8443}}}}' -i pkg/apis/crds/karpenter.sh_nodepools.yaml
yq eval '.spec.conversion = {"strategy": "Webhook", "webhook": {"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig": {"service": {"name": "karpenter", "namespace": "kube-system", "port": 8443}}}}' -i pkg/apis/crds/karpenter.sh_nodepools.yaml

# Update to the karpenter-crd charts

# Add the conversion stanza to the CRD spec to enable conversion via webhook
echo "{{- if .Values.webhook.enabled }}
conversion:
strategy: Webhook
webhook:
conversionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: {{ .Values.webhook.serviceName }}
namespace: {{ .Values.webhook.serviceNamespace }}
port: {{ .Values.webhook.port }}
{{- end }}
" >> charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml

echo "{{- if .Values.webhook.enabled }}
conversion:
strategy: Webhook
webhook:
conversionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: {{ .Values.webhook.serviceName }}
namespace: {{ .Values.webhook.serviceNamespace }}
port: {{ .Values.webhook.port }}
{{- end }}
" >> charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml

echo "{{- if .Values.webhook.enabled }}
conversion:
strategy: Webhook
webhook:
conversionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: {{ .Values.webhook.serviceName }}
namespace: {{ .Values.webhook.serviceNamespace }}
port: {{ .Values.webhook.port }}
{{- end }}
" >> charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml
12 changes: 7 additions & 5 deletions hack/validation/labels.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@

# # Adding validation for nodepool

# ## checking for restricted labels while filtering out well known labels
for Version in $(seq 0 1); do
yqVersion="$Version" yq eval '.spec.versions[env(yqVersion)].schema.openAPIV3Schema.properties.spec.properties.template.properties.metadata.properties.labels.x-kubernetes-validations += [
{"message": "label domain \"karpenter.k8s.aws\" is restricted", "rule": "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))"}]' -i pkg/apis/crds/karpenter.sh_nodepools.yaml
done
# ## checking for restricted labels while filtering out well known labels for v1beta1
yq eval '.spec.versions[1].schema.openAPIV3Schema.properties.spec.properties.template.properties.metadata.properties.labels.x-kubernetes-validations += [
{"message": "label domain \"karpenter.k8s.aws\" is restricted", "rule": "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))"}]' -i pkg/apis/crds/karpenter.sh_nodepools.yaml

# ## checking for restricted labels while filtering out well known labels for v1
yq eval '.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.template.properties.metadata.properties.labels.x-kubernetes-validations += [
{"message": "label domain \"karpenter.k8s.aws\" is restricted", "rule": "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))"}]' -i pkg/apis/crds/karpenter.sh_nodepools.yaml
Loading

0 comments on commit ac5c4d8

Please sign in to comment.