feat: Add tenancy option dedicated on LaunchTemplate #6360
Conversation
✅ Deploy Preview for karpenter-docs-prod ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
DingGGu
force-pushed
the
feature/tenancy-dedicated
branch
from
ed248cc
to
6866d60
Compare
| // https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-placement.html | ||
| // +kubebuilder:validation:Enum:={default,dedicated} | ||
| // +optional | ||
| Tenancy *string `json:"tenancy,omitempty"` |
There was a problem hiding this comment.
Do we even need default or can we just assume that not specifying this option assumes that you are using "shared"?
There was a problem hiding this comment.
If not specified, tenancy is "default (shared)".
If wish, We can also specify tenancy: "default" in yaml.
| @@ -113,6 +113,16 @@ type EC2NodeClassSpec struct { | |||
| // +kubebuilder:default={"httpEndpoint":"enabled","httpProtocolIPv6":"disabled","httpPutResponseHopLimit":2,"httpTokens":"required"} | |||
| // +optional | |||
| MetadataOptions *MetadataOptions `json:"metadataOptions,omitempty"` | |||
| // Tenancy of the instance. An instance with a tenancy of dedicated runs on single-tenant hardware. | |||
There was a problem hiding this comment.
Are you able to workaround this limitation by having the VPC tenancy be dedicated? Or do you need a mix of dedicated and non-dedicated instances in the VPC?
There was a problem hiding this comment.
Typically, dedicated tenancy has less available instance capacity in a region than default tenancy. This is a case where default and tenancy was mixed and used within a VPC.
| @@ -433,6 +433,20 @@ spec: | |||
| rule: self.all(k, k !='karpenter.sh/nodeclaim') | |||
| - message: tag contains a restricted tag matching karpenter.k8s.aws/ec2nodeclass | |||
| rule: self.all(k, k !='karpenter.k8s.aws/ec2nodeclass') | |||
| tenancy: | |||
There was a problem hiding this comment.
What are your thoughts about doing something smarter here? Can Karpenter be aware of your dedicated instances and just use them? What happens if you run out of dedicated instances for the EC2NodeClass to launch?
There was a problem hiding this comment.
There is placement.tenancy information in the response of ec2 launch instance.
https://docs.aws.amazon.com/ko_kr/AWSEC2/latest/APIReference/API_Placement.html
Using this, We can enter tenancy information in nodeclass status, but I don't know if any other method can be implemented other than logging that the dedicated instance of the currently requested Instance requirement is Insufficient.
|
What we need to consider is whether to set the tenancy setting as a requirement (for example, karpenter.k8s.aws/instance-category) from the crd of karpenter NodeClass. |
|
This PR has been inactive for 14 days. StaleBot will close this stale PR after 14 more days of inactivity. |
|
It would be good to consider before releasing the CRD of karpenter v1.0. @jonathan-innis |
Fixes #4633
Description
Support
tenancy: dedicatedoptions for mitigate compliance issues for some reason.How was this change tested?
I confirmed that the dedicated instance was launched fine in my own eks cluster.
Does this change impact docs?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.