(backport) chore: Remove Post Install Hook (#6827) for v0.36.x (#6835)

Co-authored-by: Jonathan Innis <joinnis@amazon.com>

charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml

@@ -1289,7 +1289,7 @@ spec:
  clientConfig:
  service:
  name: {{ .Values.webhook.serviceName }}
- namespace: {{ .Values.webhook.serviceNamespace }}
+ namespace: {{ .Release.Namespace }}
  port: {{ .Values.webhook.port }}
 {{- end }}
 

charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml

@@ -816,7 +816,7 @@ spec:
  clientConfig:
  service:
  name: {{ .Values.webhook.serviceName }}
- namespace: {{ .Values.webhook.serviceNamespace }}
+ namespace: {{ .Release.Namespace }}
  port: {{ .Values.webhook.port }}
 {{- end }}
 

charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml

@@ -1029,7 +1029,7 @@ spec:
  clientConfig:
  service:
  name: {{ .Values.webhook.serviceName }}
- namespace: {{ .Values.webhook.serviceNamespace }}
+ namespace: {{ .Release.Namespace }}
  port: {{ .Values.webhook.port }}
 {{- end }}
 

charts/karpenter-crd/values.yaml

@@ -1,7 +1,6 @@
 webhook:
- # -- Whether to enable the webhooks and webhook permissions.
+ # -- Whether to enable the webhooks.
  enabled: false
  serviceName: karpenter
- serviceNamespace: kube-system
  # -- The container port to use for the webhook.
  port: 8443

charts/karpenter/templates/_helpers.tpl

@@ -75,17 +75,6 @@ Karpenter image to use
 {{- end }}
 {{- end }}
 
-{{/*
-Karpenter post-install hook image to use
-*/}}
-{{- define "karpenter.postInstallHook.image" -}}
-{{- if .Values.postInstallHook.image.digest }}
-{{- printf "%s:%s@%s" .Values.postInstallHook.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.postInstallHook.image.tag) .Values.postInstallHook.image.digest }}
-{{- else }}
-{{- printf "%s:%s" .Values.postInstallHook.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.postInstallHook.image.tag) }}
-{{- end }}
-{{- end }}
-
 
 {{/* Get PodDisruptionBudget API Version */}}
 {{- define "karpenter.pdb.apiVersion" -}}

charts/karpenter/templates/clusterrole-core.yaml

@@ -47,13 +47,8 @@ rules:
  verbs: ["get", "watch", "list"]
  - apiGroups: ["apiextensions.k8s.io"]
  resources: ["customresourcedefinitions"]
- verbs: ["get", "watch", "list"]
-{{- else }}
- # Used for the post install hook
- - apiGroups: ["apiextensions.k8s.io"]
- resources: ["customresourcedefinitions"]
- verbs: ["get"]
-{{- end }}
+ verbs: ["watch", "list"]
+ {{- end }}
  - apiGroups: ["policy"]
  resources: ["poddisruptionbudgets"]
  verbs: ["get", "list", "watch"]
@@ -80,12 +75,8 @@ rules:
  resourceNames: ["validation.webhook.karpenter.sh", "validation.webhook.config.karpenter.sh"]
  - apiGroups: ["apiextensions.k8s.io"]
  resources: ["customresourcedefinitions"]
- verbs: ["update", "patch"]
-{{- else }}
- - apiGroups: ["apiextensions.k8s.io"]
- resources: ["customresourcedefinitions"]
- verbs: ["patch"]
-{{- end }}
+ verbs: ["update"]
+ {{- end }}
  {{- with .Values.additionalClusterRoleRules -}}
  {{ toYaml . | nindent 2 }}
  {{- end -}}

charts/karpenter/values.yaml

@@ -135,14 +135,6 @@ controller:
  healthProbe:
  # -- The container port to use for http health probe.
  port: 8081
-postInstallHook: 
- image:
- # -- Repository path to the post-install hook. This minimally needs to have `kubectl` installed
- repository: public.ecr.aws/bitnami/kubectl
- # -- Tag of the post-install hook image.
- tag: "1.30"
- # -- SHA256 digest of the post-install hook image.
- digest: sha256:13a2ad1bd37ce42ee2a6f1ab0d30595f42eb7fe4a90d6ec848550524104a1ed6
 webhook:
  # -- Whether to enable the webhooks and webhook permissions.
  enabled: false

hack/docgen.sh

@@ -4,13 +4,13 @@ set -euo pipefail
 compatibilitymatrix() {
  # versionCount is the number of K8s versions to display in the compatibility matrix
  versionCount=7
- go run hack/docs/version_compatibility.go hack/docs/compatibility-karpenter.yaml "$(git describe --exact-match --tags || echo "no tag")"
- go run hack/docs/compatibilitymetrix_gen_docs.go website/content/en/preview/upgrading/compatibility.md hack/docs/compatibility-karpenter.yaml $versionCount
+ go run hack/docs/version_compatibility_gen/main.go hack/docs/compatibilitymatrix_gen/compatibility.yaml "$(git describe --exact-match --tags || echo "no tag")"
+ go run hack/docs/compatibilitymatrix_gen/main.go website/content/en/preview/upgrading/compatibility.md hack/docs/compatibilitymatrix_gen/compatibility.yaml $versionCount
 }
 
 
 compatibilitymatrix
-go run hack/docs/metrics_gen_docs.go pkg/ ${KARPENTER_CORE_DIR}/pkg website/content/en/preview/reference/metrics.md
-go run hack/docs/instancetypes_gen_docs.go website/content/en/preview/reference/instance-types.md
-go run hack/docs/configuration_gen_docs.go website/content/en/preview/reference/settings.md
+go run hack/docs/metrics_gen/main.go pkg/ "${KARPENTER_CORE_DIR}/pkg" website/content/en/preview/reference/metrics.md
+go run hack/docs/instancetypes_gen/main.go website/content/en/preview/reference/instance-types.md
+go run hack/docs/configuration_gen/main.go website/content/en/preview/reference/settings.md
 cd charts/karpenter && helm-docs

hack/mutation/conversion_webhook_injection.sh

@@ -18,7 +18,7 @@ echo "{{- if .Values.webhook.enabled }}
  clientConfig:
  service:
  name: {{ .Values.webhook.serviceName }}
- namespace: {{ .Values.webhook.serviceNamespace }}
+ namespace: {{ .Release.Namespace }}
  port: {{ .Values.webhook.port }}
 {{- end }}
 " >> charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml
@@ -33,7 +33,7 @@ echo "{{- if .Values.webhook.enabled }}
  clientConfig:
  service:
  name: {{ .Values.webhook.serviceName }}
- namespace: {{ .Values.webhook.serviceNamespace }}
+ namespace: {{ .Release.Namespace }}
  port: {{ .Values.webhook.port }}
 {{- end }}
 " >> charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml
@@ -48,7 +48,7 @@ echo "{{- if .Values.webhook.enabled }}
  clientConfig:
  service:
  name: {{ .Values.webhook.serviceName }}
- namespace: {{ .Values.webhook.serviceNamespace }}
+ namespace: {{ .Release.Namespace }}
  port: {{ .Values.webhook.port }}
 {{- end }}
 " >> charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml

hack/toolchain.sh

@@ -16,7 +16,7 @@ tools() {
  go install github.com/mikefarah/yq/v4@latest
  go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
  go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
- go install sigs.k8s.io/controller-tools/cmd/controller-gen@latest
+ go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0
  go install github.com/sigstore/cosign/v2/cmd/cosign@latest
  go install -tags extended github.com/gohugoio/hugo@v0.110.0
  go install golang.org/x/vuln/cmd/govulncheck@latest

pkg/apis/v1/ec2nodeclass_conversion.go

@@ -26,8 +26,9 @@ import (
 
  "github.com/aws/aws-sdk-go/service/ec2"
 
- "github.com/aws/karpenter-provider-aws/pkg/apis/v1beta1"
  corev1beta1 "sigs.k8s.io/karpenter/pkg/apis/v1beta1"
+
+ "github.com/aws/karpenter-provider-aws/pkg/apis/v1beta1"
 )
 
 func (in *EC2NodeClass) ConvertTo(ctx context.Context, to apis.Convertible) error {

pkg/apis/v1beta1/ec2nodeclass_conversion.go

@@ -2,7 +2,9 @@
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
+
  http://www.apache.org/licenses/LICENSE-2.0
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

pkg/operator/operator.go

@@ -144,7 +144,7 @@ func NewOperator(ctx context.Context, operator *operator.Operator) (context.Cont
  *sess.Config.Region,
  )
  versionProvider := version.NewDefaultProvider(operator.KubernetesInterface, cache.New(awscache.DefaultTTL, awscache.DefaultCleanupInterval))
- ssmProvider := ssmp.NewDefaultProvider( ssm.New(sess), cache.New(awscache.SSMProviderTTL, awscache.DefaultCleanupInterval))
+ ssmProvider := ssmp.NewDefaultProvider(ssm.New(sess), cache.New(awscache.SSMProviderTTL, awscache.DefaultCleanupInterval))
  amiProvider := amifamily.NewDefaultProvider(versionProvider, ssmProvider, ec2api, cache.New(awscache.DefaultTTL, awscache.DefaultCleanupInterval))
  amiResolver := amifamily.NewResolver(amiProvider)
  launchTemplateProvider := launchtemplate.NewDefaultProvider(

pkg/providers/amifamily/ami.go

@@ -106,7 +106,7 @@ func NewDefaultProvider(versionProvider version.Provider, ssmProvider ssm.Provid
  cache: cache,
  ec2api: ec2api,
  cm: pretty.NewChangeMonitor(),
- ssmProvider: ssmProvider,
+ ssmProvider:  ssmProvider,
  versionProvider: versionProvider,
  }
 }

pkg/providers/amifamily/resolver.go

@@ -219,6 +219,9 @@ func (r Resolver) resolveLaunchTemplate(nodeClass *v1beta1.EC2NodeClass, nodeCla
  }
  }
  if kubeletConfig.MaxPods == nil {
+ // nolint:gosec
+ // We know that it's not possible to have values that would overflow int32 here since we control
+ // the maxPods values that we pass in here
  kubeletConfig.MaxPods = lo.ToPtr(int32(maxPods))
  }
  resolved := &LaunchTemplate{

pkg/providers/instance/instance.go

@@ -487,17 +487,17 @@ func instancesFromOutput(out *ec2.DescribeInstancesOutput) ([]*Instance, error)
  return lo.Map(instances, func(i *ec2.Instance, _ int) *Instance { return NewInstance(i) }), nil
 }
 
-func combineFleetErrors(errors []*ec2.CreateFleetError) (errs error) {
+func combineFleetErrors(fleetErrs []*ec2.CreateFleetError) (errs error) {
  unique := sets.NewString()
- for _, err := range errors {
+ for _, err := range fleetErrs {
  unique.Insert(fmt.Sprintf("%s: %s", aws.StringValue(err.ErrorCode), aws.StringValue(err.ErrorMessage)))
  }
  for errorCode := range unique {
- errs = multierr.Append(errs, fmt.Errorf(errorCode))
+ errs = multierr.Append(errs, errors.New(errorCode))
  }
  // If all the Fleet errors are ICE errors then we should wrap the combined error in the generic ICE error
- iceErrorCount := lo.CountBy(errors, func(err *ec2.CreateFleetError) bool { return awserrors.IsUnfulfillableCapacity(err) })
- if iceErrorCount == len(errors) {
+ iceErrorCount := lo.CountBy(fleetErrs, func(err *ec2.CreateFleetError) bool { return awserrors.IsUnfulfillableCapacity(err) })
+ if iceErrorCount == len(fleetErrs) {
  return cloudprovider.NewInsufficientCapacityError(fmt.Errorf("with fleet error(s), %w", errs))
  }
  return fmt.Errorf("with fleet error(s), %w", errs)

pkg/test/environment.go

@@ -67,7 +67,7 @@ type Environment struct {
  SubnetCache *cache.Cache
  SecurityGroupCache *cache.Cache
  InstanceProfileCache *cache.Cache
- SSMProviderCache  *cache.Cache
+ SSMProviderCache *cache.Cache
 
  // Providers
  InstanceTypesProvider *instancetype.DefaultProvider
@@ -151,7 +151,7 @@ func NewEnvironment(ctx context.Context, env *coretest.Environment) *Environment
  SecurityGroupCache: securityGroupCache,
  InstanceProfileCache: instanceProfileCache,
  UnavailableOfferingsCache: unavailableOfferingsCache,
- SSMProviderCache:  ssmProviderCache,
+ SSMProviderCache: ssmProviderCache,
 
  InstanceTypesProvider: instanceTypesProvider,
  InstanceProvider: instanceProvider,