“Karpenter in AWS EKS: How to Improve Your Application Availability and Cluster Efficiency”

Kubernetes eco-system changing rapidly due to its Open source community (CNCF) & managed services provided by cloud providers especially AWS .

That's where Karpenter incorporated in AWS EKS . Today we will walk through & try to understand Karpenter in AWS EKS managed service .

1> What is Karpenter in AWS EKS ?

2> Why it's gaining popularity ?

3> What is the difference between Karpenter vs Traditional Autoscaler ?

4> Explanation with Real world Example between Karpenter vs Traditional Autoscaler ?

5> Steps to leverage Karpenter in AWS EKS .

• What is Karpenter in AWS EKS ?Karpenter is an open-source, high-performance Kubernetes cluster auto-scaler built with AWS. It helps improve your application availability and cluster efficiency by rapidly launching right-sized compute resources in response to changing application load 1. Karpenter is designed to work with any Kubernetes cluster running in any environment, including all major cloud providers and on-premises environments .When Karpenter is installed in your Amazon Elastic Kubernetes Service (EKS) cluster, it observes the aggregate resource requests of unscheduled pods and makes decisions to launch new nodes and terminate them to reduce scheduling latencies and infrastructure costs 1. Karpenter does this by observing events within the Kubernetes cluster and then sending commands to the underlying cloud provider’s compute service, such as Amazon EC2 .In simple terms, Karpenter helps you manage your EKS cluster by automatically scaling the number of nodes in your cluster based on the demand of your applications. This ensures that your applications are always available and that your cluster is running at peak efficiency .
• Why it's gaining popularity ?

Rapidly changing workloads: Karpenter can help you swiftly adapt to fluctuating workload demands by proactively provisioning nodes. If your EKS cluster frequently experiences shifts in resource requirements or has workloads characterized by short-lived, high-intensity bursts, Karpenter ensures more efficient scaling to meet those dynamic demands promptly .

Granular control over node lifecycle: Karpenter provides fine-grained control over node termination through its Time-To-Live (TTL) settings. This can be useful for scenarios where you need to manage node lifecycles based on factors such as cost considerations, usage patterns, or scheduled maintenance, allowing for fine-grained control over resource utilization .

Optimizing resource utilization: Karpenter customizable scaling policies and support for diverse instance types can help optimize resource utilization in your cluster. If you need to manage various workloads with different resource requirements, Karpenter can help ensure that your cluster provisions nodes tailored to your workloads’ needs .

• What is the difference between Karpenter vs Traditional Autoscaler ?The traditional EKS auto-scaler is a Kubernetes component that scales the number of nodes in your EKS cluster based on the resource utilization of your pods . It works by monitoring the CPU and memory usage of your pods and then scaling the number of nodes in your cluster up or down based on that usage . This ensures that your applications have the resources they need to run efficiently, while also minimizing the cost of running your cluster .On the other hand, Karpenter is an open-source, high-performance Kubernetes cluster auto-scaler built with AWS . It helps improve your application availability and cluster efficiency by rapidly launching right-sized compute resources in response to changing application load . Karpenter is designed to work with any Kubernetes cluster running in any environment, including all major cloud providers and on-premises environments .
• Explanation with Real world Example between Karpenter vs Traditional Autoscaler ?Here’s a real-world example to help illustrate the difference: Imagine you have an EKS cluster running a web application that experiences a sudden surge in traffic. With the traditional EKS auto-scaler, the number of nodes in your cluster would scale up or down based on the CPU and memory usage of your pods . However, if your application experiences a sudden spike in traffic that doesn’t correspond to an increase in CPU or memory usage, the traditional EKS auto-scaler may not be able to respond quickly enough to meet the demand .With Karpenter, on the other hand, the number of nodes in your cluster would scale up or down based on the demand of your application . This means that if your application experiences a sudden surge in traffic, Karpenter would rapidly launch new compute resources to handle the increased demand . This ensures that your application is always available and that your cluster is running at peak efficiency .
• Steps to leverage Karpenter in AWS EKS .Install Helm client: Before installing Karpenter, you need to install the Helm client version 3.11.0 or above. You can find more information on the installation procedures in the Helm Docs.
• Install eksctl: You also need to install eksctl, which is a command-line tool for creating and managing Amazon EKS clusters. You can find more information on the installation procedures in the eksctl user guide.

Create environment variables: Create the following environment variables in your terminal:

export CLUSTER_NAME=your_cluster_name
export KARPENTER_VERSION=your_required_version
export CLUSTER_ENDPOINT="$(aws eks describe-cluster --name ${CLUSTER_NAME} --query \"cluster.endpoint\" --output text)"
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)        

Replace your_cluster_name with the name of your EKS cluster and your_required_version with the version of Karpenter you want to install. You can check the available Karpenter versions in the Karpenter releases.

Create IAM roles: Create the AWS Identity and Access Management (IAM) roles for the nodes provisioned with Karpenter. You can create the Karpenter node role (KarpenterInstanceNodeRole) using the AWS Management Console or the AWS Command Line Interface (AWS CLI). You can find more information on creating the IAM roles in the Amazon EKS node IAM role documentation.

Add IAM policies: Add the following IAM policies to the IAM KarpenterInstanceNodeRole you created:

AmazonEKSWorkerNodePolicy
AmazonEKS_CNI_Policy
AmazonEC2ContainerRegistryReadOnly
AmazonSSMManagedInstanceCore            

Configure the IAM role for the Karpenter controller: Create an IAM role for KarpenterControllerRole. The Karpenter controller uses the IAM roles for Service Accounts (IRSA). Create a controller-policy.json document with the following permissions:

{
    "Statement": [
        {
            "Action": [
                "ssm:GetParameter",
                "iam:PassRole",
                "ec2:DescribeImages",
                "ec2:RunInstances",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeLaunchTemplates",
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceTypes",
                "ec2:DescribeInstanceTypeOfferings",
                "ec2:DescribeAvailabilityZones",
                "ec2:DeleteLaunchTemplate",
                "ec2:CreateTags",
                "ec2:CreateLaunchTemplate",
                "ec2:CreateFleet",
                "ec2:DescribeSpotPriceHistory",
                "pricing:GetProducts"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Sid": "Karpenter"
        },
        {
            "Action": "ec2:TerminateInstances",
            "Condition": {
                "StringLike": {
                    "ec2:ResourceTag/Name": "*karpenter*"
                }
            },
            "Effect": "Allow",
            "Resource": "*",
            "Sid": "ConditionalEC2Termination"
        }
    ],
    "Version": "2012-10-17"
}            

Deploy Karpenter: Finally, deploy Karpenter in your Amazon EKS cluster using the following command:

helm upgrade --install karpenter karpenter/karpenter \
--namespace karpenter \
--version $KARPENTER_VERSION \
--set clusterName=$CLUSTER_NAME \
--set aws.region=$(aws configure get region) \
--set controller.image.tag=$KARPENTER_VERSION \
--set controller.image.repository=public.ecr.aws/aws-controllers-k8s/karpenter-controller \
--set controller.image.pullPolicy=IfNotPresent \
--set controller.serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::$AWS_ACCOUNT_ID:role/KarpenterControllerRole" \
--set controller.serviceAccount.name=karpenter-controller \
--set nodeSelector.karpenter.io/enabled=true \
--set nodeSelector.karpenter.io/instance-types=*