terraform-aws-eks/examples/karpenter

Karpenter Example

Configuration in this directory creates an AWS EKS cluster with Karpenter provisioned for managing compute resource scaling. In the example provided, Karpenter is running on EKS Fargate yet Karpenter is providing compute in the form of EC2 instances.

Usage

To run this example you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Once the cluster is up and running, you can check that Karpenter is functioning as intended with the following command:

# First, make sure you have updated your local kubeconfig
aws eks --region eu-west-1 update-kubeconfig --name ex-karpenter

# Second, scale the example deployment
kubectl scale deployment inflate --replicas 5

# You can watch Karpenter's controller logs with
kubectl logs -f -n karpenter -l app.kubernetes.io/name=karpenter -c controller

You should see a new node named karpenter.sh/provisioner-name/default eventually come up in the console; this was provisioned by Karpenter in response to the scaled deployment above.

Tear Down & Clean-Up

Because Karpenter manages the state of node resources outside of Terraform, Karpenter created resources will need to be de-provisioned first before removing the remaining resources with Terraform.

1. Remove the example deployment created above and any nodes created by Karpenter

kubectl delete deployment inflate
kubectl delete node -l karpenter.sh/provisioner-name=default

2. Remove the resources created by Terraform

# Necessary to avoid removing Terraform's permissions too soon before its finished
# cleaning up the resources it deployed inside the cluster
terraform state rm 'module.eks.aws_eks_access_entry.this["cluster_creator_admin"]' || true
terraform destroy

Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.

Requirements

Name	Version
terraform	>= 1.3
aws	>= 5.40
helm	>= 2.7
kubectl	>= 2.0

Providers

Name	Version
aws	>= 5.40
aws.virginia	>= 5.40
helm	>= 2.7
kubectl	>= 2.0

Modules

Name	Source	Version
eks	../..	n/a
karpenter	../../modules/karpenter	n/a
karpenter_disabled	../../modules/karpenter	n/a
vpc	terraform-aws-modules/vpc/aws	~> 5.0

Resources

Name	Type
helm_release.karpenter	resource
kubectl_manifest.karpenter_example_deployment	resource
kubectl_manifest.karpenter_node_class	resource
kubectl_manifest.karpenter_node_pool	resource
aws_availability_zones.available	data source
aws_ecrpublic_authorization_token.token	data source

Inputs

No inputs.

Outputs

Name	Description
access_entries	Map of access entries created and their attributes
cloudwatch_log_group_arn	Arn of cloudwatch log group created
cloudwatch_log_group_name	Name of cloudwatch log group created
cluster_addons	Map of attribute maps for all EKS cluster addons enabled
cluster_arn	The Amazon Resource Name (ARN) of the cluster
cluster_certificate_authority_data	Base64 encoded certificate data required to communicate with the cluster
cluster_endpoint	Endpoint for your Kubernetes API server
cluster_iam_role_arn	IAM role ARN of the EKS cluster
cluster_iam_role_name	IAM role name of the EKS cluster
cluster_iam_role_unique_id	Stable and unique string identifying the IAM role
cluster_id	The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts
cluster_identity_providers	Map of attribute maps for all EKS identity providers enabled
cluster_name	The name of the EKS cluster
cluster_oidc_issuer_url	The URL on the EKS cluster for the OpenID Connect identity provider
cluster_platform_version	Platform version for the cluster
cluster_primary_security_group_id	Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console
cluster_security_group_arn	Amazon Resource Name (ARN) of the cluster security group
cluster_security_group_id	ID of the cluster security group
cluster_status	Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED
cluster_tls_certificate_sha1_fingerprint	The SHA1 fingerprint of the public key of the cluster's certificate
eks_managed_node_groups	Map of attribute maps for all EKS managed node groups created
eks_managed_node_groups_autoscaling_group_names	List of the autoscaling group names created by EKS managed node groups
fargate_profiles	Map of attribute maps for all EKS Fargate Profiles created
karpenter_event_rules	Map of the event rules created and their attributes
karpenter_iam_role_arn	The Amazon Resource Name (ARN) specifying the controller IAM role
karpenter_iam_role_name	The name of the controller IAM role
karpenter_iam_role_unique_id	Stable and unique string identifying the controller IAM role
karpenter_instance_profile_arn	ARN assigned by AWS to the instance profile
karpenter_instance_profile_id	Instance profile's ID
karpenter_instance_profile_name	Name of the instance profile
karpenter_instance_profile_unique	Stable and unique string identifying the IAM instance profile
karpenter_node_iam_role_arn	The Amazon Resource Name (ARN) specifying the IAM role
karpenter_node_iam_role_name	The name of the IAM role
karpenter_node_iam_role_unique_id	Stable and unique string identifying the IAM role
karpenter_queue_arn	The ARN of the SQS queue
karpenter_queue_name	The name of the created Amazon SQS queue
karpenter_queue_url	The URL for the created Amazon SQS queue
node_security_group_arn	Amazon Resource Name (ARN) of the node shared security group
node_security_group_id	ID of the node shared security group
oidc_provider	The OpenID Connect identity provider (issuer URL without leading https://)
oidc_provider_arn	The ARN of the OIDC Provider if enable_irsa = true
self_managed_node_groups	Map of attribute maps for all self managed node groups created
self_managed_node_groups_autoscaling_group_names	List of the autoscaling group names created by self-managed node groups