Karpenter Support - Eksctl 用户指南
自动安全组标记

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

Karpenter Support

eksctl支持将 Karpenter 添加到新创建的集群。它将创建 Karpenter 的 “入门” 部分中概述的所有必要先决条件,包括使用 Helm 安装 Karpenter 本身。我们目前支持安装版本0.28.0+。有关更多详细信息,请参阅 Karpenter 兼容性部分。

以下集群配置概述了典型的 Karpenter 安装:

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: cluster-with-karpenter
  region: us-west-2
  version: '1.32' # requires a version of Kubernetes compatible with Karpenter
  tags:
    karpenter.sh/discovery: cluster-with-karpenter # here, it is set to the cluster name
iam:
  withOIDC: true # required

karpenter:
  version: '1.2.1' # Exact version should be specified according to the Karpenter compatibility matrix

managedNodeGroups:
  - name: managed-ng-1
    minSize: 1
    maxSize: 2
    desiredCapacity: 1

该版本是 Karpenter 的版本,可以在他们的 Helm Repository 中找到。还可设置以下选项:

karpenter:
  version: '1.2.1'
  createServiceAccount: true # default is false
  defaultInstanceProfile: 'KarpenterNodeInstanceProfile' # default is to use the IAM instance profile created by eksctl
  withSpotInterruptionQueue: true # adds all required policies and rules for supporting Spot Interruption Queue, default is false

要安装 Karpenter,必须定义 OIDC。

成功安装 Karpenter 后,添加 NodePool(s) 和 NodeClass(es) 以允许 Karpenter 开始向集群添加节点。

NodePool的nodeClassRef部分必须与 a 的名称匹配EC2NodeClass。例如:

apiVersion: karpenter.sh/v1
kind: NodePool
metadata:
  name: example
  annotations:
    kubernetes.io/description: "Example NodePool"
spec:
  template:
    spec:
      requirements:
        - key: kubernetes.io/arch
          operator: In
          values: ["amd64"]
        - key: kubernetes.io/os
          operator: In
          values: ["linux"]
        - key: karpenter.sh/capacity-type
          operator: In
          values: ["on-demand"]
        - key: karpenter.k8s.aws/instance-category
          operator: In
          values: ["c", "m", "r"]
        - key: karpenter.k8s.aws/instance-generation
          operator: Gt
          values: ["2"]
      nodeClassRef:
        group: karpenter.k8s.aws
        kind: EC2NodeClass
        name: example # must match the name of an EC2NodeClass
apiVersion: karpenter.k8s.aws/v1
kind: EC2NodeClass
metadata:
  name: example
  annotations:
    kubernetes.io/description: "Example EC2NodeClass"
spec:
  role: "eksctl-KarpenterNodeRole-${CLUSTER_NAME}" # replace with your cluster name
  subnetSelectorTerms:
    - tags:
        karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name
  securityGroupSelectorTerms:
    - tags:
        karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name
  amiSelectorTerms:
    - alias: al2023@latest # Amazon Linux 2023

请注意,必须instanceProfile为启动节点指定role或之一。如果您选择使用instanceProfile由创建的配置文件的名称,请eksctl遵循以下模式:eksctl-KarpenterNodeInstanceProfile-<cluster-name>.

自动安全组标记

eksctlkarpenter.sh/discovery当同时启用(karpenter.version指定)Karpenter 且标签存在于中时,会自动为集群的共享节点安全组karpenter.sh/discovery添加标签。metadata.tags这样可以兼容 AWS Load Balancer 控制器。

请注意,在 karpenter 0.32.0+ 中,Provisioners 已被弃用并替换为。NodePool