Update to Karpenter v1.1.1

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>

cluster/manifests/deletions.yaml

@@ -132,6 +132,16 @@ post_apply:
   namespace: kubenurse
   kind: Service
 {{- end }}
+# Remove karpenter webhook related resources which are not used since v1.1.1
+- name: karpenter-lease
+  kind: Role
+  namespace: kube-node-lease
+- name: karpenter-lease
+  kind: RoleBinding
+  namespace: kube-node-lease
+- name: karpenter-cert
+  kind: Secret
+  namespace: kube-system
 {{ if eq .Cluster.ConfigItems.karpenter_pools_enabled "false" }}
 - name: provisioners.karpenter.sh
   kind: CustomResourceDefinition

cluster/manifests/z-karpenter/02-role.yaml

@@ -15,15 +15,7 @@ rules:
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "watch"]
-  - apiGroups: [""]
-    resources: ["configmaps", "secrets"]
-    verbs: ["get", "list", "watch"]
   # Write
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["update"]
-    resourceNames:
-      - "karpenter-cert"
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["patch", "update"]
@@ -50,23 +42,4 @@ rules:
     resources: ["services"]
     resourceNames: ["kube-dns"]
     verbs: ["get"]
----
-# Source: karpenter/templates/role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: karpenter-lease
-  namespace: kube-node-lease
-  labels:
-    application: kubernetes
-    component: karpenter
-rules:
-  # Read
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["get", "list", "watch"]
-  # Write
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["delete"]
 {{end}}

cluster/manifests/z-karpenter/03-rolebinding.yaml

@@ -35,22 +35,4 @@ subjects:
   - kind: ServiceAccount
     name: karpenter
     namespace: kube-system
----
-# Source: karpenter/templates/rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: karpenter-lease
-  namespace: kube-node-lease
-  labels:
-    application: kubernetes
-    component: karpenter
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: karpenter-lease
-subjects:
-  - kind: ServiceAccount
-    name: karpenter
-    namespace: kube-system
 {{end}}

cluster/manifests/z-karpenter/05-clusterrole-core.yaml

@@ -22,12 +22,12 @@ rules:
   - apiGroups: ["apps"]
     resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
     verbs: ["list", "watch"]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "watch", "list"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", list, "watch"]
   # Write
   - apiGroups: ["karpenter.sh"]
     resources: ["nodeclaims", "nodeclaims/status"]
@@ -47,14 +47,6 @@ rules:
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["delete"]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions/status"]
-    resourceNames: ["ec2nodeclasses.karpenter.k8s.aws", "nodepools.karpenter.sh", "nodeclaims.karpenter.sh"]
-    verbs: ["patch"]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    resourceNames: ["ec2nodeclasses.karpenter.k8s.aws", "nodepools.karpenter.sh", "nodeclaims.karpenter.sh"]
-    verbs: ["update"]
 ---
 # Source: karpenter/templates/clusterrole-core.yaml
 apiVersion: rbac.authorization.k8s.io/v1

cluster/manifests/z-karpenter/deployment.yaml

@@ -51,9 +51,9 @@ spec:
                 - ALL
             readOnlyRootFilesystem: true
           {{if eq .Cluster.ConfigItems.karpenter_version "current"}}
-          image: "container-registry-test.zalando.net/teapot/karpenter:1.0.5-pr-27-5.patched"
+          image: "container-registry-test.zalando.net/teapot/karpenter:1.1.1-pr-30-1.patched
           {{else if eq .Cluster.ConfigItems.karpenter_version "legacy"}}
-          image: "container-registry.zalando.net/teapot/karpenter:0.37.0-main-26.patched"
+          image: "container-registry-test.zalando.net/teapot/karpenter:1.0.5-pr-27-5.patched"
           {{end}}
           imagePullPolicy: IfNotPresent
           env:
@@ -71,12 +71,6 @@ spec:
               value: "false"
             - name: KARPENTER_SERVICE
               value: karpenter
-            - name: WEBHOOK_PORT
-              value: "8443"
-            - name: WEBHOOK_METRICS_PORT
-              value: "8001"
-            - name: DISABLE_WEBHOOK
-              value: "false"
             - name: LOG_LEVEL
               value: {{ .Cluster.ConfigItems.karpenter_log_level }}
             - name: LOG_OUTPUT_PATHS
@@ -118,12 +112,6 @@ spec:
             - name: http-metrics
               containerPort: 8000
               protocol: TCP
-            - name: webhook-metrics
-              containerPort: 8001
-              protocol: TCP
-            - name: https-webhook
-              containerPort: 8443
-              protocol: TCP
             - name: http
               containerPort: 8081
               protocol: TCP