Karpenter

    Karpenter is a fairly new project, and it is still not determined how Karpenter should work with kOps. Because of this, Karpenter is behind the feature flag.

    Enable the Karpenter feature flag:

    Karpenter requires that external permissions for ServiceAccounts be enabled for the cluster. See for how to enable this.

    You also need to enable the Karpenter addon in the cluster spec:

    On new clusters, you can simply add the --instance-manager=karpenter flag:

    A Karpenter-managed InstanceGroup controls a corresponding Karpenter Provisioner resource. kOps will ensure that the Provisioner is configured with the correct AWS security groups, subnets, and launch templates. Just like with ASG-managed InstanceGroups, you can add labels and taints to Nodes and kOps will ensure those are added accordingly.

    By default, kOps will tag subnets with for each InstanceGroup the subnet is assigned to. If you enable manual tagging of subnets, you have to ensure these tags are added, if not Karpenter will fail to provision any instances.

    If you do not specify a mixed instances policy, only the instance type specified by spec.machineType will be used. With Karpenter, one typically wants a wider range of instances to choose from. kOps supports both providing a list of instance types through and providing instance type requirements through spec.mixedInstancesPolicy.instanceRequirements. See (/instance_groups)[InstanceGroup documentation] for more details.

    On EKS, Karpener creates its own launch templates for Provisioners. These launch templates will not work with a kOps cluster for a number of reasons. Most importantly, they do not use supported AMIs and they do not install and configure nodeup, the instance-side kOps component. The Karpenter features that require Karpenter to directly manage launch templates will not be available on kOps.

    • Control plane nodes must be provisioned with an ASG, not Karpenter.
    • Provisioners will unconditionally use spot instances
    • Provisioners will unconditionally include burstable instance groups such as the T3 instance family.
    • kOps will not allow mixing arm64 and amd64 instances in the same Provider.