-
Notifications
You must be signed in to change notification settings - Fork 856
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add tenancy option dedicated on LaunchTemplate #6360
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for karpenter-docs-prod ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
ed248cc
to
6866d60
Compare
// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-placement.html | ||
// +kubebuilder:validation:Enum:={default,dedicated} | ||
// +optional | ||
Tenancy *string `json:"tenancy,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we even need default or can we just assume that not specifying this option assumes that you are using "shared"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If not specified, tenancy is "default (shared)".
If wish, We can also specify tenancy: "default" in yaml.
@@ -113,6 +113,16 @@ type EC2NodeClassSpec struct { | |||
// +kubebuilder:default={"httpEndpoint":"enabled","httpProtocolIPv6":"disabled","httpPutResponseHopLimit":2,"httpTokens":"required"} | |||
// +optional | |||
MetadataOptions *MetadataOptions `json:"metadataOptions,omitempty"` | |||
// Tenancy of the instance. An instance with a tenancy of dedicated runs on single-tenant hardware. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you able to workaround this limitation by having the VPC tenancy be dedicated? Or do you need a mix of dedicated and non-dedicated instances in the VPC?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typically, dedicated tenancy has less available instance capacity in a region than default tenancy. This is a case where default and tenancy was mixed and used within a VPC.
@@ -433,6 +433,20 @@ spec: | |||
rule: self.all(k, k !='karpenter.sh/nodeclaim') | |||
- message: tag contains a restricted tag matching karpenter.k8s.aws/ec2nodeclass | |||
rule: self.all(k, k !='karpenter.k8s.aws/ec2nodeclass') | |||
tenancy: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are your thoughts about doing something smarter here? Can Karpenter be aware of your dedicated instances and just use them? What happens if you run out of dedicated instances for the EC2NodeClass to launch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is placement.tenancy information in the response of ec2 launch instance.
https://docs.aws.amazon.com/ko_kr/AWSEC2/latest/APIReference/API_Placement.html
Using this, We can enter tenancy information in nodeclass status, but I don't know if any other method can be implemented other than logging that the dedicated instance of the currently requested Instance requirement is Insufficient.
What we need to consider is whether to set the tenancy setting as a requirement (for example, karpenter.k8s.aws/instance-category) from the crd of karpenter NodeClass. |
This PR has been inactive for 14 days. StaleBot will close this stale PR after 14 more days of inactivity. |
It would be good to consider before releasing the CRD of karpenter v1.0. @jonathan-innis |
Fixes #4633
Description
Support
tenancy: dedicated
options for mitigate compliance issues for some reason.How was this change tested?
I confirmed that the dedicated instance was launched fine in my own eks cluster.
Does this change impact docs?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.