From dc1323d3d973f79e15f20c3cfbeee541ce48fa01 Mon Sep 17 00:00:00 2001 From: Jason Deal Date: Fri, 30 Aug 2024 09:38:59 -0700 Subject: [PATCH] docs: detail how to discover alias versions (#6810) --- .../content/en/docs/concepts/nodeclasses.md | 35 +++++++++++++++++-- .../en/preview/concepts/nodeclasses.md | 33 ++++++++++++++++- .../content/en/v1.0/concepts/nodeclasses.md | 35 +++++++++++++++++-- 3 files changed, 98 insertions(+), 5 deletions(-) diff --git a/website/content/en/docs/concepts/nodeclasses.md b/website/content/en/docs/concepts/nodeclasses.md index a9a4c580d951..be0aa5769ecd 100644 --- a/website/content/en/docs/concepts/nodeclasses.md +++ b/website/content/en/docs/concepts/nodeclasses.md @@ -56,7 +56,8 @@ spec: imageGCLowThresholdPercent: 80 cpuCFSQuota: true clusterDNS: ["10.0.1.100"] - # Required, resolves a default ami and userdata + # Optional, dictates UserData generation and default block device mappings. + # May be ommited when using an `alias` amiSelectorTerm, otherwise required. amiFamily: AL2 # Required, discovers subnets to attach to instances @@ -731,6 +732,36 @@ alias: bottlerocket@v1.20.4 ``` The Windows family does not support pinning, so only `latest` is supported. +The following commands can be used to determine the versions availble for an alias in your region: + +{{< tabpane text=true right=false >}} + {{% tab "AL2023" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2023/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $10}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq + ``` + {{% /tab %}} + {{% tab "AL2" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $8}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq + ``` + {{% /tab %}} + {{% tab "Bottlerocket" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/bottlerocket/aws-k8s-$K8S_VERSION" --recursive | jq -cr '.Parameters[].Name' | grep -v "latest" | awk -F '/' '{print $7}' | sort | uniq + ``` + {{% /tab %}} +{{< /tabpane >}} + +{{% alert title="Warning" color="warning" %}} +Karpenter supports automatic AMI selection and upgrades using the `latest` version pin, but this is **not** recommended for production environments. +When using `latest`, a new AMI release will cause Karpenter to drift all out-of-date nodes in the cluster, replacing them with nodes running the new AMI. +We strongly recommend evaluating new AMIs in a lower environment before rolling them out into a production environment. +More details on Karpenter's recommendations for managing AMIs can be found [here]({{< ref "../tasks/managing-amis" >}}). +{{% /alert %}} + To select an AMI by name, use the `name` field in the selector term. To select an AMI by id, use the `id` field in the selector term. To select AMIs that are not owned by `amazon` or the account that Karpenter is running in, use the `owner` field - you can use a combination of account aliases (e.g. `self` `amazon`, `your-aws-account-name`) and account IDs. If owner is not set for `name`, it defaults to `self,amazon`, preventing Karpenter from inadvertently selecting an AMI that is owned by a different account. Tags don't require an owner as tags can only be discovered by the user who created them. @@ -1534,4 +1565,4 @@ NodeClasses have the following status conditions: | AMIsReady | AMIs are discovered | | Ready | Top level condition that indicates if the nodeClass is ready. If any of the underlying conditions is `False` then this condition is set to `False` and `Message` on the condition indicates the dependency that was not resolved. | -If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. \ No newline at end of file +If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. diff --git a/website/content/en/preview/concepts/nodeclasses.md b/website/content/en/preview/concepts/nodeclasses.md index 2bc895fb096a..2ab22e94bd50 100644 --- a/website/content/en/preview/concepts/nodeclasses.md +++ b/website/content/en/preview/concepts/nodeclasses.md @@ -56,7 +56,8 @@ spec: imageGCLowThresholdPercent: 80 cpuCFSQuota: true clusterDNS: ["10.0.1.100"] - # Required, resolves a default ami and userdata + # Optional, dictates UserData generation and default block device mappings. + # May be ommited when using an `alias` amiSelectorTerm, otherwise required. amiFamily: AL2 # Required, discovers subnets to attach to instances @@ -731,6 +732,36 @@ alias: bottlerocket@v1.20.4 ``` The Windows family does not support pinning, so only `latest` is supported. +The following commands can be used to determine the versions availble for an alias in your region: + +{{< tabpane text=true right=false >}} + {{% tab "AL2023" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2023/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $10}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq + ``` + {{% /tab %}} + {{% tab "AL2" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $8}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq + ``` + {{% /tab %}} + {{% tab "Bottlerocket" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/bottlerocket/aws-k8s-$K8S_VERSION" --recursive | jq -cr '.Parameters[].Name' | grep -v "latest" | awk -F '/' '{print $7}' | sort | uniq + ``` + {{% /tab %}} +{{< /tabpane >}} + +{{% alert title="Warning" color="warning" %}} +Karpenter supports automatic AMI selection and upgrades using the `latest` version pin, but this is **not** recommended for production environments. +When using `latest`, a new AMI release will cause Karpenter to drift all out-of-date nodes in the cluster, replacing them with nodes running the new AMI. +We strongly recommend evaluating new AMIs in a lower environment before rolling them out into a production environment. +More details on Karpenter's recommendations for managing AMIs can be found [here]({{< ref "../tasks/managing-amis" >}}). +{{% /alert %}} + To select an AMI by name, use the `name` field in the selector term. To select an AMI by id, use the `id` field in the selector term. To select AMIs that are not owned by `amazon` or the account that Karpenter is running in, use the `owner` field - you can use a combination of account aliases (e.g. `self` `amazon`, `your-aws-account-name`) and account IDs. If owner is not set for `name`, it defaults to `self,amazon`, preventing Karpenter from inadvertently selecting an AMI that is owned by a different account. Tags don't require an owner as tags can only be discovered by the user who created them. diff --git a/website/content/en/v1.0/concepts/nodeclasses.md b/website/content/en/v1.0/concepts/nodeclasses.md index a9a4c580d951..be0aa5769ecd 100644 --- a/website/content/en/v1.0/concepts/nodeclasses.md +++ b/website/content/en/v1.0/concepts/nodeclasses.md @@ -56,7 +56,8 @@ spec: imageGCLowThresholdPercent: 80 cpuCFSQuota: true clusterDNS: ["10.0.1.100"] - # Required, resolves a default ami and userdata + # Optional, dictates UserData generation and default block device mappings. + # May be ommited when using an `alias` amiSelectorTerm, otherwise required. amiFamily: AL2 # Required, discovers subnets to attach to instances @@ -731,6 +732,36 @@ alias: bottlerocket@v1.20.4 ``` The Windows family does not support pinning, so only `latest` is supported. +The following commands can be used to determine the versions availble for an alias in your region: + +{{< tabpane text=true right=false >}} + {{% tab "AL2023" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2023/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $10}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq + ``` + {{% /tab %}} + {{% tab "AL2" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/eks/optimized-ami/$K8S_VERSION/amazon-linux-2/" --recursive | jq -cr '.Parameters[].Name' | grep -v "recommended" | awk -F '/' '{print $8}' | sed -r 's/.*(v[[:digit:]]+)$/\1/' | sort | uniq + ``` + {{% /tab %}} + {{% tab "Bottlerocket" %}} + ```bash + export K8S_VERSION="{{< param "latest_k8s_version" >}}" + aws ssm get-parameters-by-path --path "/aws/service/bottlerocket/aws-k8s-$K8S_VERSION" --recursive | jq -cr '.Parameters[].Name' | grep -v "latest" | awk -F '/' '{print $7}' | sort | uniq + ``` + {{% /tab %}} +{{< /tabpane >}} + +{{% alert title="Warning" color="warning" %}} +Karpenter supports automatic AMI selection and upgrades using the `latest` version pin, but this is **not** recommended for production environments. +When using `latest`, a new AMI release will cause Karpenter to drift all out-of-date nodes in the cluster, replacing them with nodes running the new AMI. +We strongly recommend evaluating new AMIs in a lower environment before rolling them out into a production environment. +More details on Karpenter's recommendations for managing AMIs can be found [here]({{< ref "../tasks/managing-amis" >}}). +{{% /alert %}} + To select an AMI by name, use the `name` field in the selector term. To select an AMI by id, use the `id` field in the selector term. To select AMIs that are not owned by `amazon` or the account that Karpenter is running in, use the `owner` field - you can use a combination of account aliases (e.g. `self` `amazon`, `your-aws-account-name`) and account IDs. If owner is not set for `name`, it defaults to `self,amazon`, preventing Karpenter from inadvertently selecting an AMI that is owned by a different account. Tags don't require an owner as tags can only be discovered by the user who created them. @@ -1534,4 +1565,4 @@ NodeClasses have the following status conditions: | AMIsReady | AMIs are discovered | | Ready | Top level condition that indicates if the nodeClass is ready. If any of the underlying conditions is `False` then this condition is set to `False` and `Message` on the condition indicates the dependency that was not resolved. | -If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling. \ No newline at end of file +If a NodeClass is not ready, NodePools that reference it through their `nodeClassRef` will not be considered for scheduling.