fix: nodeclass tag value and nodepool Disruption

SPHTech-Platform · Oct 8, 2024 · bf72433 · bf72433
1 parent da32221
commit bf72433
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 11 deletions.
diff --git a/karpenter.tf b/karpenter.tf
@@ -28,7 +28,7 @@ locals {
       karpenter_node_user_data = ""
       karpenter_node_tags_map = {
         "karpenter.sh/discovery" = module.eks.cluster_name,
-        "eks:eks-cluster-name"   = module.eks.cluster_name,
+        "eks:cluster-name"       = module.eks.cluster_name,
       }
       karpenter_block_device_mapping = [
         {

diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
@@ -66,12 +66,10 @@
 | <a name="input_karpenter_chart_version"></a> [karpenter\_chart\_version](#input\_karpenter\_chart\_version) | Chart version for Karpenter | `string` | `"1.0.6"` | no |
 | <a name="input_karpenter_namespace"></a> [karpenter\_namespace](#input\_karpenter\_namespace) | Namespace to deploy karpenter | `string` | `"kube-system"` | no |
 | <a name="input_karpenter_nodeclasses"></a> [karpenter\_nodeclasses](#input\_karpenter\_nodeclasses) | List of nodetemplate maps | <pre>list(object({<br>    nodeclass_name                         = string<br>    karpenter_subnet_selector_maps         = list(map(any))<br>    karpenter_security_group_selector_maps = list(map(any))<br>    karpenter_ami_selector_maps            = list(map(any))<br>    karpenter_node_role                    = string<br>    karpenter_node_tags_map                = map(string)<br>    karpenter_node_user_data               = string<br>    karpenter_node_metadata_options        = map(any)<br>    karpenter_block_device_mapping = list(object({<br>      deviceName = string<br>      ebs = object({<br>        encrypted           = bool<br>        volumeSize          = string<br>        volumeType          = string<br>        kmsKeyID            = optional(string)<br>        deleteOnTermination = bool<br>      })<br>    }))<br>  }))</pre> | <pre>[<br>  {<br>    "karpenter_ami_selector_maps": [],<br>    "karpenter_block_device_mapping": [],<br>    "karpenter_node_metadata_options": {<br>      "httpEndpoint": "enabled",<br>      "httpProtocolIPv6": "disabled",<br>      "httpPutResponseHopLimit": 1,<br>      "httpTokens": "required"<br>    },<br>    "karpenter_node_role": "module.eks.worker_iam_role_name",<br>    "karpenter_node_tags_map": {},<br>    "karpenter_node_user_data": "",<br>    "karpenter_security_group_selector_maps": [],<br>    "karpenter_subnet_selector_maps": [],<br>    "nodeclass_name": "default"<br>  }<br>]</pre> | no |
-| <a name="input_karpenter_nodepools"></a> [karpenter\_nodepools](#input\_karpenter\_nodepools) | List of Provisioner maps | <pre>list(object({<br>    nodepool_name                     = string<br>    nodeclass_name                    = string<br>    karpenter_nodepool_node_labels    = map(string)<br>    karpenter_nodepool_annotations    = map(string)<br>    karpenter_nodepool_node_taints    = list(map(string))<br>    karpenter_nodepool_startup_taints = list(map(string))<br>    karpenter_requirements = list(object({<br>      key      = string<br>      operator = string<br>      values   = list(string)<br>      })<br>    )<br>    karpenter_nodepool_disruption = object({<br>      consolidation_policy = string<br>      consolidate_after    = optional(string)<br>      expire_after         = string<br>    })<br>    karpenter_nodepool_disruption_budgets = list(map(any))<br>    karpenter_nodepool_weight             = number<br>  }))</pre> | <pre>[<br>  {<br>    "karpenter_nodepool_annotations": {},<br>    "karpenter_nodepool_disruption": {<br>      "consolidation_policy": "WhenUnderutilized",<br>      "expire_after": "168h"<br>    },<br>    "karpenter_nodepool_disruption_budgets": [<br>      {<br>        "nodes": "10%"<br>      }<br>    ],<br>    "karpenter_nodepool_node_labels": {},<br>    "karpenter_nodepool_node_taints": [],<br>    "karpenter_nodepool_startup_taints": [],<br>    "karpenter_nodepool_weight": 10,<br>    "karpenter_requirements": [<br>      {<br>        "key": "karpenter.k8s.aws/instance-category",<br>        "operator": "In",<br>        "values": [<br>          "m"<br>        ]<br>      },<br>      {<br>        "key": "karpenter.k8s.aws/instance-cpu",<br>        "operator": "In",<br>        "values": [<br>          "4,8,16"<br>        ]<br>      },<br>      {<br>        "key": "karpenter.k8s.aws/instance-generation",<br>        "operator": "Gt",<br>        "values": [<br>          "5"<br>        ]<br>      },<br>      {<br>        "key": "karpenter.sh/capacity-type",<br>        "operator": "In",<br>        "values": [<br>          "on-demand"<br>        ]<br>      },<br>      {<br>        "key": "kubernetes.io/arch",<br>        "operator": "In",<br>        "values": [<br>          "amd64"<br>        ]<br>      },<br>      {<br>        "key": "kubernetes.io/os",<br>        "operator": "In",<br>        "values": [<br>          "linux"<br>        ]<br>      }<br>    ],<br>    "nodeclass_name": "default",<br>    "nodepool_name": "default"<br>  }<br>]</pre> | no |
+| <a name="input_karpenter_nodepools"></a> [karpenter\_nodepools](#input\_karpenter\_nodepools) | List of Provisioner maps | <pre>list(object({<br>    nodepool_name                     = string<br>    nodeclass_name                    = string<br>    karpenter_nodepool_node_labels    = map(string)<br>    karpenter_nodepool_annotations    = map(string)<br>    karpenter_nodepool_node_taints    = list(map(string))<br>    karpenter_nodepool_startup_taints = list(map(string))<br>    karpenter_requirements = list(object({<br>      key      = string<br>      operator = string<br>      values   = list(string)<br>      })<br>    )<br>    karpenter_nodepool_disruption = object({<br>      consolidation_policy = string<br>      consolidate_after    = optional(string)<br>      expire_after         = string<br>    })<br>    karpenter_nodepool_disruption_budgets = list(map(any))<br>    karpenter_nodepool_weight             = number<br>  }))</pre> | <pre>[<br>  {<br>    "karpenter_nodepool_annotations": {},<br>    "karpenter_nodepool_disruption": {<br>      "consolidation_policy": "WhenEmptyOrUnderutilized",<br>      "expire_after": "168h"<br>    },<br>    "karpenter_nodepool_disruption_budgets": [<br>      {<br>        "nodes": "10%"<br>      }<br>    ],<br>    "karpenter_nodepool_node_labels": {},<br>    "karpenter_nodepool_node_taints": [],<br>    "karpenter_nodepool_startup_taints": [],<br>    "karpenter_nodepool_weight": 10,<br>    "karpenter_requirements": [<br>      {<br>        "key": "karpenter.k8s.aws/instance-category",<br>        "operator": "In",<br>        "values": [<br>          "m"<br>        ]<br>      },<br>      {<br>        "key": "karpenter.k8s.aws/instance-cpu",<br>        "operator": "In",<br>        "values": [<br>          "4,8,16"<br>        ]<br>      },<br>      {<br>        "key": "karpenter.k8s.aws/instance-generation",<br>        "operator": "Gt",<br>        "values": [<br>          "5"<br>        ]<br>      },<br>      {<br>        "key": "karpenter.sh/capacity-type",<br>        "operator": "In",<br>        "values": [<br>          "on-demand"<br>        ]<br>      },<br>      {<br>        "key": "kubernetes.io/arch",<br>        "operator": "In",<br>        "values": [<br>          "amd64"<br>        ]<br>      },<br>      {<br>        "key": "kubernetes.io/os",<br>        "operator": "In",<br>        "values": [<br>          "linux"<br>        ]<br>      }<br>    ],<br>    "nodeclass_name": "default",<br>    "nodepool_name": "default"<br>  }<br>]</pre> | no |
 | <a name="input_karpenter_pod_resources"></a> [karpenter\_pod\_resources](#input\_karpenter\_pod\_resources) | Karpenter Pod Resource | <pre>object({<br>    requests = object({<br>      cpu    = string<br>      memory = string<br>    })<br>    limits = object({<br>      cpu    = string<br>      memory = string<br>    })<br>  })</pre> | <pre>{<br>  "limits": {<br>    "cpu": "1",<br>    "memory": "2Gi"<br>  },<br>  "requests": {<br>    "cpu": "1",<br>    "memory": "2Gi"<br>  }<br>}</pre> | no |
 | <a name="input_karpenter_release_name"></a> [karpenter\_release\_name](#input\_karpenter\_release\_name) | Release name for Karpenter | `string` | `"karpenter"` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace to associate with the Karpenter Pod Identity | `string` | `"kube-system"` | no |
 | <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | ARN of the OIDC Provider for IRSA | `string` | n/a | yes |
-| <a name="input_service_account"></a> [service\_account](#input\_service\_account) | Service account to associate with the Karpenter Pod Identity | `string` | `"karpenter"` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | For Fargate subnet selection | `list(string)` | `[]` | no |
 | <a name="input_worker_iam_role_arn"></a> [worker\_iam\_role\_arn](#input\_worker\_iam\_role\_arn) | Worker Nodes IAM Role arn | `string` | n/a | yes |
 

diff --git a/modules/karpenter/templates/nodepool.tftpl b/modules/karpenter/templates/nodepool.tftpl
@@ -20,6 +20,11 @@ spec:
         ${indent(8, karpenter_nodepool_annotations_yaml)}
       %{ endif }
     spec:
+      # The amount of time a Node can live on the cluster before being removed
+      # Avoiding long-running Nodes helps to reduce security vulnerabilities as well as to reduce the chance of issues that can plague Nodes with long uptimes such as file fragmentation or memory leaks from system processes
+      # You can choose to disable expiration entirely by setting the string value 'Never' here. Defaults to 720h (30 days)
+      expireAfter: ${karpenter_nodepool_disruption.expire_after}
+
       # References the Cloud Provider's NodeClass resource, see your cloud provider specific documentation
       nodeClassRef:
         group: karpenter.k8s.aws
@@ -97,11 +102,6 @@ spec:
     consolidateAfter: ${karpenter_nodepool_disruption.consolidation_after}
      %{ endif }
 
-    # The amount of time a Node can live on the cluster before being removed
-    # Avoiding long-running Nodes helps to reduce security vulnerabilities as well as to reduce the chance of issues that can plague Nodes with long uptimes such as file fragmentation or memory leaks from system processes
-    # You can choose to disable expiration entirely by setting the string value 'Never' here. Defaults to 720h (30 days)
-    expireAfter: ${karpenter_nodepool_disruption.expire_after}
-
     # Budgets control the speed Karpenter can scale down nodes.
     # Karpenter will respect the minimum of the currently active budgets, and will round up
     # when considering percentages. Duration and Schedule must be set together.

diff --git a/modules/karpenter/variables.tf b/modules/karpenter/variables.tf
@@ -89,8 +89,8 @@ variable "karpenter_nodepools" {
       }
     ]
     karpenter_nodepool_disruption = {
-      consolidation_policy = "WhenUnderutilized" # WhenUnderutilized or WhenEmpty
-      # consolidate_after    = "10m"               # Only used if consolidation_policy is WhenEmpty
+      consolidation_policy = "WhenEmptyOrUnderutilized" # WhenEmpty or WhenEmptyOrUnderutilized
+      # consolidate_after    = "10m"                      # Only used if consolidation_policy is WhenEmpty
       expire_after = "168h" # 7d | 168h | 1w
     }
     karpenter_nodepool_disruption_budgets = [{