fix: Pass security groups and subnets into RunInstances dry-run #7844

jonathan-innis · 2025-03-05T16:48:17Z

Description

Ensure that we model our RunInstances request to look like the launch template that we use for launch with CreateFleet. If we don't specify any details about subnet or security group, EC2 will attempt to validate with the user's default VPC -- if the user doesn't have a default VPC, the request will fail (even if the EKS cluster and subnets that they were attempting to launch into weren't associated with the default VPC)

How was this change tested?

make presubmit
/karpenter snapshot

We deleted the default VPCs from regions in our CI accounts -- this ensures that we are testing the bug that happened here. If tests succeed, that's an indication that this is no longer an issue

Does this change impact docs?

Yes, PR includes docs updates
Yes, issue opened: #
No

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

netlify · 2025-03-05T16:48:33Z

✅ Deploy Preview for karpenter-docs-prod canceled.

Name	Link
🔨 Latest commit	`bb6ed2f`
🔍 Latest deploy log	https://app.netlify.com/sites/karpenter-docs-prod/deploys/67c890f980b65f0008b87eb1

jonathan-innis

/karpenter snapshot

github-actions · 2025-03-05T16:53:24Z

Snapshot successfully published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter:0-547ac700b66303c5a4314aacbfb32e93dd37bd17.
To install you must login to the ECR repo with an AWS account:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com

helm upgrade --install karpenter oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter --version "0-547ac700b66303c5a4314aacbfb32e93dd37bd17" --namespace "kube-system" --create-namespace \
  --set "settings.clusterName=${CLUSTER_NAME}" \
  --set "settings.interruptionQueue=${CLUSTER_NAME}" \
  --set controller.resources.requests.cpu=1 \
  --set controller.resources.requests.memory=1Gi \
  --set controller.resources.limits.cpu=1 \
  --set controller.resources.limits.memory=1Gi \
  --wait

coveralls · 2025-03-05T16:56:31Z

Pull Request Test Coverage Report for Build 13682414938

Details

19 of 25 (76.0%) changed or added relevant lines in 1 file are covered.
No unchanged relevant lines lost coverage.
Overall coverage increased (+0.006%) to 67.137%

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/controllers/nodeclass/validation.go	19	25	76.0%

Totals
Change from base Build 13669133528:	0.006%
Covered Lines:	6760
Relevant Lines:	10069

💛 - Coveralls

jonathan-innis

/karpenter snapshot

github-actions · 2025-03-05T17:35:12Z

Snapshot successfully published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter:0-abd16f6d694561be449a575fd7fd4f1cc292ce98.
To install you must login to the ECR repo with an AWS account:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com

helm upgrade --install karpenter oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter --version "0-abd16f6d694561be449a575fd7fd4f1cc292ce98" --namespace "kube-system" --create-namespace \
  --set "settings.clusterName=${CLUSTER_NAME}" \
  --set "settings.interruptionQueue=${CLUSTER_NAME}" \
  --set controller.resources.requests.cpu=1 \
  --set controller.resources.requests.memory=1Gi \
  --set controller.resources.limits.cpu=1 \
  --set controller.resources.limits.memory=1Gi \
  --wait

jonathan-innis

/karpenter snapshot

github-actions · 2025-03-05T17:40:35Z

Snapshot successfully published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter:0-4d18b4a4b9236a2fec7c25e92b20d6754dc65900.
To install you must login to the ECR repo with an AWS account:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com

helm upgrade --install karpenter oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter --version "0-4d18b4a4b9236a2fec7c25e92b20d6754dc65900" --namespace "kube-system" --create-namespace \
  --set "settings.clusterName=${CLUSTER_NAME}" \
  --set "settings.interruptionQueue=${CLUSTER_NAME}" \
  --set controller.resources.requests.cpu=1 \
  --set controller.resources.requests.memory=1Gi \
  --set controller.resources.limits.cpu=1 \
  --set controller.resources.limits.memory=1Gi \
  --wait

jonathan-innis

/karpenter snapshot

jonathan-innis

/karpenter snapshot

jonathan-innis

/karpenter snapshot

github-actions · 2025-03-05T18:01:54Z

Snapshot successfully published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter:0-7d40d9121b2d7fb86761f79bd8945d71031464b2.
To install you must login to the ECR repo with an AWS account:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com

helm upgrade --install karpenter oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter --version "0-7d40d9121b2d7fb86761f79bd8945d71031464b2" --namespace "kube-system" --create-namespace \
  --set "settings.clusterName=${CLUSTER_NAME}" \
  --set "settings.interruptionQueue=${CLUSTER_NAME}" \
  --set controller.resources.requests.cpu=1 \
  --set controller.resources.requests.memory=1Gi \
  --set controller.resources.limits.cpu=1 \
  --set controller.resources.limits.memory=1Gi \
  --wait

github-actions · 2025-03-05T18:04:44Z

Snapshot successfully published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter:0-bb6ed2f69a14af8fe10bb1b2a84332645d395e3f.
To install you must login to the ECR repo with an AWS account:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com

helm upgrade --install karpenter oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter --version "0-bb6ed2f69a14af8fe10bb1b2a84332645d395e3f" --namespace "kube-system" --create-namespace \
  --set "settings.clusterName=${CLUSTER_NAME}" \
  --set "settings.interruptionQueue=${CLUSTER_NAME}" \
  --set controller.resources.requests.cpu=1 \
  --set controller.resources.requests.memory=1Gi \
  --set controller.resources.limits.cpu=1 \
  --set controller.resources.limits.memory=1Gi \
  --wait

jigisha620

LGTM 🚀

pkg/controllers/nodeclass/validation.go

jonathan-innis requested a review from a team as a code owner March 5, 2025 16:48

jonathan-innis requested a review from tzneal March 5, 2025 16:48

jonathan-innis marked this pull request as draft March 5, 2025 16:48