{ "description": "AWSNodeTemplate is the Schema for the AWSNodeTemplate API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AWSNodeTemplateSpec is the top level specification for the AWS Karpenter Provider. This will contain configuration necessary to launch instances in AWS.", "properties": { "amiFamily": { "description": "AMIFamily is the AMI family that instances use.", "type": "string" }, "amiSelector": { "additionalProperties": { "type": "string" }, "description": "AMISelector discovers AMIs to be used by Amazon EC2 tags.", "type": "object" }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "blockDeviceMappings": { "description": "BlockDeviceMappings to be applied to provisioned nodes.", "items": { "properties": { "deviceName": { "description": "The device name (for example, /dev/sdh or xvdh).", "type": "string" }, "ebs": { "description": "EBS contains parameters used to automatically set up EBS volumes when an instance is launched.", "properties": { "deleteOnTermination": { "description": "DeleteOnTermination indicates whether the EBS volume is deleted on instance termination.", "type": "boolean" }, "encrypted": { "description": "Encrypted indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value.", "type": "boolean" }, "iops": { "description": "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. \n The following are the supported values for each volume type: \n * gp3: 3,000-16,000 IOPS \n * io1: 100-64,000 IOPS \n * io2: 100-64,000 IOPS \n For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS. \n This parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes.", "format": "int64", "type": "integer" }, "kmsKeyID": { "description": "KMSKeyID (ARN) of the symmetric Key Management Service (KMS) CMK used for encryption.", "type": "string" }, "snapshotID": { "description": "SnapshotID is the ID of an EBS snapshot", "type": "string" }, "throughput": { "description": "Throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s. Valid Range: Minimum value of 125. Maximum value of 1000.", "format": "int64", "type": "integer" }, "volumeSize": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "VolumeSize in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type: \n * gp2 and gp3: 1-16,384 \n * io1 and io2: 4-16,384 \n * st1 and sc1: 125-16,384 \n * standard: 1-1,024", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "volumeType": { "description": "VolumeType of the block device. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "context": { "description": "Context is a Reserved field in EC2 APIs https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html", "type": "string" }, "detailedMonitoring": { "description": "DetailedMonitoring controls if detailed monitoring is enabled for instances that are launched", "type": "boolean" }, "instanceProfile": { "description": "InstanceProfile is the AWS identity that instances use.", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "launchTemplate": { "description": "LaunchTemplateName for the node. If not specified, a launch template will be generated. NOTE: This field is for specifying a custom launch template and is exposed in the Spec as `launchTemplate` for backwards compatibility.", "type": "string" }, "metadataOptions": { "description": "MetadataOptions for the generated launch template of provisioned nodes. \n This specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide. \n Refer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. If omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6 disabled, with httpPutResponseLimit of 2, and with httpTokens required.", "properties": { "httpEndpoint": { "description": "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned nodes. If metadata options is non-nil, but this parameter is not specified, the default state is \"enabled\". \n If you specify a value of \"disabled\", instance metadata will not be accessible on the node.", "type": "string" }, "httpProtocolIPv6": { "description": "HTTPProtocolIPv6 enables or disables the IPv6 endpoint for the instance metadata service on provisioned nodes. If metadata options is non-nil, but this parameter is not specified, the default state is \"disabled\".", "type": "string" }, "httpPutResponseHopLimit": { "description": "HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Possible values are integers from 1 to 64. If metadata options is non-nil, but this parameter is not specified, the default value is 1.", "format": "int64", "type": "integer" }, "httpTokens": { "description": "HTTPTokens determines the state of token usage for instance metadata requests. If metadata options is non-nil, but this parameter is not specified, the default state is \"optional\". \n If the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned. \n If the state is \"required\", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.", "type": "string" } }, "type": "object", "additionalProperties": false }, "securityGroupSelector": { "additionalProperties": { "type": "string" }, "description": "SecurityGroups specify the names of the security groups.", "type": "object" }, "subnetSelector": { "additionalProperties": { "type": "string" }, "description": "SubnetSelector discovers subnets by tags. A value of \"\" is a wildcard.", "type": "object" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags to be applied on ec2 resources like instances and launch templates.", "type": "object" }, "userData": { "description": "UserData to be applied to the provisioned nodes. It must be in the appropriate format based on the AMIFamily in use. Karpenter will merge certain fields into this UserData to ensure nodes are being provisioned with the correct configuration.", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "AWSNodeTemplateStatus contains the resolved state of the AWSNodeTemplate", "properties": { "amis": { "description": "AMI contains the current AMI values that are available to the cluster under the AMI selectors.", "items": { "description": "AMI contains resolved AMI selector values utilized for node launch", "properties": { "id": { "description": "ID of the AMI", "type": "string" }, "name": { "description": "Name of the AMI", "type": "string" }, "requirements": { "description": "Requirements of the AMI to be utilized on an instance type", "items": { "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "id", "requirements" ], "type": "object", "additionalProperties": false }, "type": "array" }, "securityGroups": { "description": "SecurityGroups contains the current Security Groups values that are available to the cluster under the SecurityGroups selectors.", "items": { "description": "SecurityGroup contains resolved SecurityGroup selector values utilized for node launch", "properties": { "id": { "description": "ID of the security group", "type": "string" }, "name": { "description": "Name of the security group", "type": "string" } }, "required": [ "id" ], "type": "object", "additionalProperties": false }, "type": "array" }, "subnets": { "description": "Subnets contains the current Subnet values that are available to the cluster under the subnet selectors.", "items": { "description": "Subnet contains resolved Subnet selector values utilized for node launch", "properties": { "id": { "description": "ID of the subnet", "type": "string" }, "zone": { "description": "The associated availability zone", "type": "string" } }, "required": [ "id", "zone" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object" }