Merge branch 'main' into feat-select-the-most-availalbe-ip-count-subnet

.github/actions/e2e/cleanup/action.yaml

@@ -37,7 +37,7 @@ runs:
         CLUSTER_NAME: ${{ inputs.cluster_name }}
       run: |
         eksctl delete cluster --name "$CLUSTER_NAME" --timeout 60m --wait || true
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version-file: test/hack/resource/go.mod
         cache-dependency-path: test/hack/resource/go.sum

.github/actions/e2e/run-tests-private-cluster/action.yaml

@@ -93,7 +93,7 @@ runs:
       CLUSTER_VPC_ID: ${{ env.CLUSTER_VPC_ID }}
       EKS_CLUSTER_SG: ${{ env.EKS_CLUSTER_SG }}
       CLEANUP: ${{ inputs.cleanup }}
-    uses: aws-actions/aws-codebuild-run-build@540238d832197229bfaab9785feb4fb8450f6396 # v1.0.17
+    uses: aws-actions/aws-codebuild-run-build@4d15a47425739ac2296ba5e7eee3bdd4bfbdd767 # v1.0.18
     with:
       project-name: E2EPrivateClusterCodeBuildProject-us-east-1
       buildspec-override: |

.github/actions/install-deps/action.yaml

@@ -7,7 +7,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       id: setup-go
       with:
         go-version-file: go.mod
@@ -16,7 +16,7 @@ runs:
     # Root path permission workaround for caching https://github.com/actions/cache/issues/845#issuecomment-1252594999
     - run: sudo chown "$USER" /usr/local
       shell: bash
-    - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+    - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       id: cache-toolchain
       with:
         path: |

.github/workflows/e2e-matrix.yaml

@@ -103,7 +103,7 @@ jobs:
       statuses: write # ./.github/actions/commit-status/start
     uses: ./.github/workflows/e2e-upgrade.yaml
     with:
-      from_git_ref: 2f4cebea345e6a399ea00149ec7a41269739bb3b
+      from_git_ref: 2fb10b6d330ac9662bd35dc81124c7666f66e453
       to_git_ref: ${{ inputs.git_ref }}
       region: ${{ inputs.region }}
       k8s_version: ${{ inputs.k8s_version }}

.github/workflows/e2e-soak-trigger.yaml

@@ -17,7 +17,7 @@ jobs:
       with:
        role-to-assume: arn:aws:iam::${{ vars.CI_ACCOUNT_ID }}:role/${{ vars.CI_ROLE_NAME }}
        aws-region: eu-north-1
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version-file: test/hack/soak/go.mod
         cache-dependency-path: test/hack/soak/go.sum

.github/workflows/resource-count.yaml

@@ -20,7 +20,7 @@ jobs:
         with:
           role-to-assume: arn:aws:iam::${{ vars.CI_ACCOUNT_ID }}:role/${{ vars.CI_ROLE_NAME }}
           aws-region: ${{ matrix.region }}
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version-file: test/hack/resource/go.mod
           check-latest: true

.github/workflows/stale.yaml

@@ -12,17 +12,39 @@ jobs:
     if: github.repository == 'aws/karpenter-provider-aws'
     name: Stale issue bot
     steps:
+      # PR stale-out
       - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: 'This issue has been inactive for 14 days. StaleBot will close this stale issue after 14 more days of inactivity.'
-          exempt-issue-labels: 'bug,chore,feature,documentation,testing,operational-excellence,automation,roadmap'
-          stale-issue-label: 'lifecycle/stale'
-          close-issue-label: 'lifecycle/closed'
+          only-issue-labels: 'ignore' # Ignore this step for Issues
           stale-pr-message: 'This PR has been inactive for 14 days. StaleBot will close this stale PR after 14 more days of inactivity.'
           exempt-pr-labels: 'blocked,needs-review,needs-design'
           stale-pr-label: 'lifecycle/stale'
           close-pr-label: 'lifecycle/closed'
           days-before-stale: 14
           days-before-close: 14
           operations-per-run: 300
+      # Issue stale-out for "triage/needs-information"
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: 'This issue has been inactive for 14 days. StaleBot will close this stale issue after 14 more days of inactivity.'
+          only-issue-labels: 'triage/needs-information'
+          stale-issue-label: 'lifecycle/stale'
+          close-issue-label: 'lifecycle/closed'
+          only-pr-labels: 'ignore' # Ignore this step for PRs
+          days-before-stale: 14
+          days-before-close: 14
+          operations-per-run: 300
+      # Issue stale-out for "triage/solved"
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: 'This issue has been inactive for 7 days and is marked as "triage/solved". StaleBot will close this stale issue after 7 more days of inactivity.'
+          only-issue-labels: 'triage/solved'
+          stale-issue-label: 'lifecycle/stale'
+          close-issue-label: 'lifecycle/closed'
+          only-pr-labels: 'ignore' # Ignore this step for PRs
+          days-before-stale: 7
+          days-before-close: 7
+          operations-per-run: 300

.github/workflows/sweeper.yaml

@@ -21,7 +21,7 @@ jobs:
         with:
           role-to-assume: arn:aws:iam::${{ vars.CI_ACCOUNT_ID }}:role/${{ vars.CI_ROLE_NAME }}
           aws-region: ${{ matrix.region }}
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version-file: test/hack/resource/go.mod
           check-latest: true

ADOPTERS.md

@@ -31,8 +31,10 @@ If you are open to others contacting you about your use of Karpenter on Slack, a
 | GlobalDots | Using Karpenter to scale Kubernetes clusters for a lot of our clients & for internal needs | `@vainkop` | [GlobalDots](https://globaldots.com) |
 | Grafana Labs | Using Karpenter as our Autoscaling tool on EKS | `@paulajulve`, `@logyball` | [Homepage](https://grafana.com/) & [Blog](https://grafana.com/blog/2023/11/09/how-grafana-labs-switched-to-karpenter-to-reduce-costs-and-complexities-in-amazon-eks/) |
 | H2O.ai | Dynamically scaling CPU and GPU nodes for AI workloads  | `@Ophir Zahavi`, `@Asaf Oren` | [H2O.ai](https://h2o.ai/) |
+| HENNGE K.K. | Dynamically scaling production workloads in Tokyo region | `@furqan.habibi`, `@Hans Gunawan` | [HENNGE](https://hennge.com/global/) |
 | Homa | Using Karpenter to manage dynamically big instances and save cost effectively with disruptions | `@afreyermuth98`, `@alexbescond` | [Homa](https://www.homagames.com/) |
 | idealo | Scaling multi-arch IPv6 clusters hosting web and event-driven applications | `@Heiko Rothe` | [Homepage](https://www.idealo.de) |
+| Kaltura | Using karpenter to deliver video to millions of end users | `@Ido Ziv` | [Homepage](https://corp.kaltura.com/) |
 | Livspace | Replacement for cluster autoscaler on production and staging EKS clusters | `@praveen-livspace` | [Homepage](https://www.livspace.com) |
 | Nexxiot | Easier, Safer, Cleaner Global Transportation - Using Karpenter to manage EKS nodes | `@Alex Berger` | [Homepage](https://nexxiot.com/) |
 | Nirvana Money | Building healthy, happy financial lives - Using Karpenter to manage all-Spot clusters | `@DWSR` | [Homepage](https://www.nirvana.money/) |
@@ -45,6 +47,7 @@ If you are open to others contacting you about your use of Karpenter on Slack, a
 | Rapid7 | Using Karpenter across all of our Kubernetes infrastructure for efficient autoscaling, both in terms of speed and cost | `@arobinson`, `@Ross Kirk`, `@Ryan Williams` | [Homepage](https://www.rapid7.com/) |
 | Sendcloud | Using Karpenter to scale our k8s clusters for Europe’s #1 shipping automation platform  | N/A | [Homepage](https://www.sendcloud.com/) |
 | Sentra | Using Karpenter to scale our EKS clusters, running our platform and workflows while maximizing cost-efficiency with minimal operational overhead | `@Roei Jacobovich` | [Homepage](https://sentra.io/) |
+| SternumIOT | Using Karpenter to efficiently autoscale & manage our EKS clusters with GitOps, optimizing node lifecycle management for both performance and cost-effectiveness across our Kubernetes workloads | `@itayvolo` `@amitde69` | [SternumIOT](https://sternumiot.com/) |
 | Stone Pagamentos | Using Karpenter to do smart sizing of our clusters  | `@fabiano-amaral` | [Stone Pagamentos](https://www.stone.com.br/) |
 | Stytch | Powering the scaling needs of Stytch's authentication and user-management APIs  | `@Elijah Chanakira`, `@Ovadia Harary` | [Homepage](https://www.stytch.com/) |
 | Superbexperience | Using Karpenter to scale the k8s clusters running our Guest Experience Management platform  | `@Wernich Bekker` | [Homepage](https://www.superbexperience.com/) |
@@ -56,5 +59,6 @@ If you are open to others contacting you about your use of Karpenter on Slack, a
 | Whoosh | Using Karpenter to scale the EKS clusters for many purposes | `@vainkop` | [Whoosh](https://whoosh.bike) |
 | Next Insurance | Using Karpenter to manage the nodes in all our EKS clusters, including dev and prod, on demand and spots | `@moshebs` | [Homepage](https://www.nextinsurance.com)|
 | Grover Group GmbH | We use Karpenter for efficient and cost effective scaling of our nodes in all of our EKS clusters | `@suraj2410` | [Homepage](https://www.grover.com/de-en) & [Engineering Techblog](https://engineering.grover.com)|
+| Legit Security | We run Karpenter across all our EKS clusters to ensure efficient and cost-effective scaling across our infrastructure | `@Tal Balash`, `@Matan Ryngler` | [Homepage](https://www.legitsecurity.com)|
 | Logz.io | Using Karpenter in all of our EKS clusters for efficient and cost effective scaling of all our K8s workloads | `@pincher95`, `@Samplify` | [Homepage](https://logz.io/)|
 | X3M ads | We have been using Karpenter for (almost) all our workloads since 2023 | `@mreparaz`, `@fmansilla`, `@mrmartinez95` | [Homepage](https://x3mads.com) |

Makefile

@@ -107,6 +107,7 @@ verify: tidy download ## Verify code. Includes dependencies, linting, formatting
 	bash -c 'source ./hack/validation/requirements.sh && injectDomainRequirementRestrictions "karpenter.k8s.aws"'
 	bash -c 'source ./hack/validation/labels.sh && injectDomainLabelRestrictions "karpenter.k8s.aws"'
 	cp pkg/apis/crds/* charts/karpenter-crd/templates
+	hack/mutation/crd_annotations.sh
 	hack/github/dependabot.sh
 	$(foreach dir,$(MOD_DIRS),cd $(dir) && golangci-lint run $(newline))
 	@git diff --quiet ||\

charts/karpenter-crd/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: karpenter-crd
 description: A Helm chart for Karpenter Custom Resource Definitions (CRDs).
 type: application
-version: 1.0.0
-appVersion: 1.0.0
+version: 1.1.1
+appVersion: 1.1.1
 keywords:
   - cluster
   - node

charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml

@@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    {{- with .Values.additionalAnnotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
     controller-gen.kubebuilder.io/version: v0.16.5
   name: ec2nodeclasses.karpenter.k8s.aws
 spec:
@@ -115,7 +118,7 @@ spec:
                         additionalProperties:
                           type: string
                         description: |-
-                          Tags is a map of key/value tags used to select subnets
+                          Tags is a map of key/value tags used to select amis.
                           Specifying '*' for a value selects all values for a given tag key.
                         maxProperties: 20
                         type: object
@@ -485,7 +488,7 @@ spec:
                         additionalProperties:
                           type: string
                         description: |-
-                          Tags is a map of key/value tags used to select subnets
+                          Tags is a map of key/value tags used to select security groups.
                           Specifying '*' for a value selects all values for a given tag key.
                         maxProperties: 20
                         type: object
@@ -592,6 +595,9 @@ spec:
                   items:
                     description: AMI contains resolved AMI selector values utilized for node launch
                     properties:
+                      deprecated:
+                        description: Deprecation status of the AMI
+                        type: boolean
                       id:
                         description: ID of the AMI
                         type: string
@@ -695,7 +701,7 @@ spec:
                   type: string
                 securityGroups:
                   description: |-
-                    SecurityGroups contains the current Security Groups values that are available to the
+                    SecurityGroups contains the current security group values that are available to the
                     cluster under the SecurityGroups selectors.
                   items:
                     description: SecurityGroup contains resolved SecurityGroup selector values utilized for node launch
@@ -712,7 +718,7 @@ spec:
                   type: array
                 subnets:
                   description: |-
-                    Subnets contains the current Subnet values that are available to the
+                    Subnets contains the current subnet values that are available to the
                     cluster under the subnet selectors.
                   items:
                     description: Subnet contains resolved Subnet selector values utilized for node launch

charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml

@@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    {{- with .Values.additionalAnnotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
     controller-gen.kubebuilder.io/version: v0.16.5
   name: nodeclaims.karpenter.sh
 spec:
@@ -35,6 +38,10 @@ spec:
         - jsonPath: .metadata.creationTimestamp
           name: Age
           type: date
+        - jsonPath: .status.imageID
+          name: ImageID
+          priority: 1
+          type: string
         - jsonPath: .status.providerID
           name: ID
           priority: 1

charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml

@@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    {{- with .Values.additionalAnnotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
     controller-gen.kubebuilder.io/version: v0.16.5
   name: nodepools.karpenter.sh
 spec:

charts/karpenter-crd/values.yaml

@@ -0,0 +1,2 @@
+# -- Additional annotations for the custom resource definitions.
+additionalAnnotations: {}

charts/karpenter/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: karpenter
 description: A Helm chart for Karpenter, an open-source node provisioning project built for Kubernetes.
 type: application
-version: 1.0.0
-appVersion: 1.0.0
+version: 1.1.1
+appVersion: 1.1.1
 keywords:
   - cluster
   - node