--- # Source: karpenter/templates/poddisruptionbudget.yaml apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: karpenter namespace: karpenter spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter --- # Source: karpenter/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: karpenter namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm annotations: eks.amazonaws.com/role-arn: arn:aws:iam::516928513568:role/KarpenterControllerRole-eks-karpenter --- # Source: karpenter/templates/secret-webhook-cert.yaml apiVersion: v1 kind: Secret metadata: name: karpenter-cert namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm data: {} # Injected by karpenter-webhook --- # Source: karpenter/templates/configmap-logging.yaml apiVersion: v1 kind: ConfigMap metadata: name: config-logging namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm data: # https://github.com/uber-go/zap/blob/aa3e73ec0896f8b066ddf668597a02f89628ee50/config.go zap-logger-config: | { "level": "debug", "development": false, "disableStacktrace": true, "disableCaller": true, "sampling": { "initial": 100, "thereafter": 100 }, "outputPaths": ["stdout"], "errorOutputPaths": ["stderr"], "encoding": "console", "encoderConfig": { "timeKey": "time", "levelKey": "level", "nameKey": "logger", "callerKey": "caller", "messageKey": "message", "stacktraceKey": "stacktrace", "levelEncoder": "capital", "timeEncoder": "iso8601" } } --- # Source: karpenter/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: karpenter-global-settings namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm data: "batchMaxDuration": "10s" "batchIdleDuration": "1s" --- # Source: karpenter/templates/aggregate-clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: karpenter-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: ["karpenter.sh"] resources: ["provisioners", "provisioners/status"] verbs: ["get", "list", "watch", "create", "delete", "patch"] - apiGroups: ["karpenter.k8s.aws"] resources: ["awsnodetemplates"] verbs: ["get", "list", "watch", "create", "delete", "patch"] --- # Source: karpenter/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm rules: # Read - apiGroups: ["karpenter.sh"] resources: ["provisioners", "provisioners/status"] verbs: ["get", "list", "watch"] - apiGroups: ["karpenter.k8s.aws"] resources: ["awsnodetemplates"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods", "nodes", "persistentvolumes", "persistentvolumeclaims", "replicationcontrollers"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes"] verbs: ["get", "watch", "list"] - apiGroups: ["apps"] resources: ["daemonsets", "deployments", "replicasets", "statefulsets"] verbs: ["list", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "watch", "list"] - apiGroups: [ "policy" ] resources: [ "poddisruptionbudgets" ] verbs: [ "get", "list", "watch" ] # Write - apiGroups: ["karpenter.sh"] resources: ["provisioners/status"] verbs: ["create", "delete", "patch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "patch"] - apiGroups: [""] resources: ["nodes"] verbs: ["create", "patch", "delete"] - apiGroups: [""] resources: ["pods/eviction"] verbs: ["create"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] verbs: ["update"] resourceNames: ["validation.webhook.provisioners.karpenter.sh", "validation.webhook.config.karpenter.sh"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations"] verbs: ["update"] resourceNames: ["defaulting.webhook.provisioners.karpenter.sh"] --- # Source: karpenter/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: karpenter subjects: - kind: ServiceAccount name: karpenter namespace: karpenter --- # Source: karpenter/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: karpenter namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm rules: # Read - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch"] - apiGroups: [""] resources: ["configmaps", "namespaces", "secrets"] verbs: ["get", "list", "watch"] # Write - apiGroups: [""] resources: ["secrets"] verbs: ["update"] resourceNames: ["karpenter-cert"] - apiGroups: [""] resources: ["configmaps"] verbs: ["update", "patch", "delete"] resourceNames: - karpenter-global-settings - config-logging - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["patch", "update"] resourceNames: - "karpenter-leader-election" - "webhook.configmapwebhook.00-of-01" - "webhook.defaultingwebhook.00-of-01" - "webhook.validationwebhook.00-of-01" - "webhook.webhookcertificates.00-of-01" # Cannot specify resourceNames on create # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] --- # Source: karpenter/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: karpenter namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: karpenter subjects: - kind: ServiceAccount name: karpenter namespace: karpenter --- # Source: karpenter/templates/service.yaml apiVersion: v1 kind: Service metadata: name: karpenter namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: - name: http-metrics port: 8080 targetPort: http-metrics protocol: TCP - name: https-webhook port: 443 targetPort: https-webhook protocol: TCP selector: app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter --- # Source: karpenter/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: karpenter namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm spec: replicas: 2 revisionHistoryLimit: 10 strategy: rollingUpdate: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter template: metadata: labels: app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter spec: serviceAccountName: karpenter securityContext: fsGroup: 1000 priorityClassName: "system-cluster-critical" dnsPolicy: Default containers: - name: controller image: public.ecr.aws/karpenter/controller:v0.16.3@sha256:68db4f092cf9cc83f5ef9e2fbc5407c2cb682e81f64dfaa700a7602ede38b1cf imagePullPolicy: IfNotPresent env: - name: CLUSTER_NAME value: eks-karpenter - name: CLUSTER_ENDPOINT value: https://DC8D4F08527E2681E2F54A7F3B5C3861.sk1.us-west-2.eks.amazonaws.com - name: KARPENTER_SERVICE value: karpenter - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: AWS_DEFAULT_INSTANCE_PROFILE value: KarpenterInstanceProfile - name: MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: controller divisor: "0" resource: limits.memory ports: - name: http-metrics containerPort: 8080 protocol: TCP - name: http containerPort: 8081 protocol: TCP livenessProbe: initialDelaySeconds: 30 timeoutSeconds: 30 httpGet: path: /healthz port: http readinessProbe: timeoutSeconds: 30 httpGet: path: /readyz port: http resources: limits: cpu: 1 memory: 1Gi requests: cpu: 1 memory: 1Gi - name: webhook image: public.ecr.aws/karpenter/webhook:v0.16.3@sha256:96a2d9b06d6bc5127801f358f74b1cf2d289b423a2e9ba40c573c0b14b17dafa imagePullPolicy: IfNotPresent env: - name: CLUSTER_NAME value: eks-karpenter - name: KUBERNETES_MIN_VERSION value: "1.19.0-0" - name: CLUSTER_ENDPOINT value: https://DC8D4F08527E2681E2F54A7F3B5C3861.sk1.us-west-2.eks.amazonaws.com - name: KARPENTER_SERVICE value: karpenter - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: webhook divisor: "0" resource: limits.memory - name: AWS_DEFAULT_INSTANCE_PROFILE value: KarpenterInstanceProfile args: - -port=8443 ports: - name: https-webhook containerPort: 8443 protocol: TCP livenessProbe: initialDelaySeconds: 30 httpGet: port: https-webhook scheme: HTTPS readinessProbe: httpGet: port: https-webhook scheme: HTTPS resources: limits: cpu: 200m memory: 100Mi requests: cpu: 200m memory: 100Mi nodeSelector: kubernetes.io/os: linux affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: karpenter.sh/provisioner-name operator: DoesNotExist tolerations: - key: CriticalAddonsOnly operator: Exists topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter --- # Source: karpenter/templates/webhooks.yaml apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.provisioners.karpenter.sh namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm webhooks: - name: defaulting.webhook.provisioners.karpenter.sh admissionReviewVersions: ["v1"] clientConfig: service: name: karpenter namespace: karpenter failurePolicy: Fail sideEffects: None rules: - apiGroups: - karpenter.k8s.aws apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - awsnodetemplates - awsnodetemplates/status scope: '*' - apiGroups: - karpenter.sh apiVersions: - v1alpha5 resources: - provisioners - provisioners/status operations: - CREATE - UPDATE --- # Source: karpenter/templates/webhooks.yaml apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.provisioners.karpenter.sh namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm webhooks: - name: validation.webhook.provisioners.karpenter.sh admissionReviewVersions: ["v1"] clientConfig: service: name: karpenter namespace: karpenter failurePolicy: Fail sideEffects: None rules: - apiGroups: - karpenter.k8s.aws apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - awsnodetemplates - awsnodetemplates/status scope: '*' - apiGroups: - karpenter.sh apiVersions: - v1alpha5 resources: - provisioners - provisioners/status operations: - CREATE - UPDATE - DELETE --- # Source: karpenter/templates/webhooks.yaml apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.config.karpenter.sh namespace: karpenter labels: helm.sh/chart: karpenter-0.16.3 app.kubernetes.io/name: karpenter app.kubernetes.io/instance: karpenter app.kubernetes.io/version: "0.16.3" app.kubernetes.io/managed-by: Helm webhooks: - name: validation.webhook.config.karpenter.sh admissionReviewVersions: ["v1"] clientConfig: service: name: karpenter namespace: karpenter failurePolicy: Fail sideEffects: None objectSelector: matchLabels: app.kubernetes.io/part-of: karpenter