From ead5d7d4c9393f3c8b3ea63cbd169d3162057698 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 1 Jun 2026 12:39:39 -0400 Subject: [PATCH 01/58] design doc --- designs/0012-ultra-ssd-support.md | 156 ++++++++++++++++++++++++++++++ designs/README.md | 2 + 2 files changed, 158 insertions(+) create mode 100644 designs/0012-ultra-ssd-support.md diff --git a/designs/0012-ultra-ssd-support.md b/designs/0012-ultra-ssd-support.md new file mode 100644 index 0000000000..975ca29e3a --- /dev/null +++ b/designs/0012-ultra-ssd-support.md @@ -0,0 +1,156 @@ +# Ultra SSD Support for NAP + +**Author:** @pablotrivino + +**Last updated:** June 1, 2026 + +**Status:** Proposed + +## Overview + +AKS supports Azure Ultra Disks by enabling Ultra SSD on the cluster or on a node pool at creation time with `--enable-ultra-ssd`. Nodes created from that cluster or node pool can then attach Persistent Volumes backed by the `UltraSSD_LRS` storage class. + +Today in AKS, `--enable-ultra-ssd` ultimately enables `AdditionalCapabilities.UltraSSDEnabled = true` on the underlying VM or VMSS model. That does not automatically add labels, taints, or tolerations for scheduling. It only makes the node capable of attaching Ultra SSDs for workloads that use an UltraSSD-backed PV. Placement policy remains the user's responsibility. + +For Node Auto Provisioning (NAP), we need the equivalent behavior on dynamically created capacity. This means Karpenter must be able to: + +- express Ultra SSD as part of node configuration, +- filter out VM sizes and zonal offerings that do not support Ultra SSD, +- set the correct downstream API fields when creating capacity + +This document proposes how to complete that work for NAP. + +### Goals + +- Add support for enabling Ultra SSD on dynamically provisioned nodes. +- Support both VM provisioning mode and AKS Machine API mode. +- Filter instance types and offerings to only Ultra SSD-capable SKU plus zone combinations when the feature is enabled. + +### Non-Goals + +- Adding provider-managed scheduling controls beyond offerings filtering, such as automatic Requirements, labels, taints, or tolerations. +- Automatically steering Ultra SSD workloads onto Ultra SSD-capable nodes. + +## Decisions + +### Decision 1: Where should Ultra SSD be configured? + +#### Add a strongly typed field to `AKSNodeClass` + +Proposed shape: + +```yaml +apiVersion: karpenter.azure.com/v1beta1 +kind: AKSNodeClass +spec: + ultraSSD: + enabled: true +``` + +Suggested Go shape: + +```go +type UltraSSD struct { + Enabled *bool `json:"enabled,omitempty"` +} + +type AKSNodeClassSpec struct { + // ... existing fields ... + UltraSSD *UltraSSD `json:"ultraSSD,omitempty"` +} + +func (in *AKSNodeClass) IsUltraSSDEnabled() bool { + return in.Spec.UltraSSD != nil && + in.Spec.UltraSSD.Enabled != nil && + *in.Spec.UltraSSD.Enabled +} +``` + +This matches the existing API style for feature toggles such as `artifactStreaming`, `security.encryptionAtHost`, and `localDNS`. +Ultra SSD should be configured as a strongly typed `AKSNodeClass` feature, not as a raw requirement. + +Reasons: + +- it is a provisioning feature, not just a schedulable label, +- it aligns with the current `AKSNodeClass` design pattern + +The user expectation of “default false” is still satisfied. If `spec.ultraSSD` or `spec.ultraSSD.enabled` is omitted, the effective value is disabled. + +### Decision 2: How should we filter for compatible Instances? + +#### Offerings Filtering + +Ultra SSD is only available in regions and zones that support it, and only by specific SKUs. Therefore, we need to check availability for each zone when creating Offerings for InstanceTypes. + +#### Decision 3: Should the provider add labels, requirements, taints, or tolerations? + +#### No provider-managed scheduling projection + +We will not add Ultra SSD-specific Requirements, Labels, Taints, or Tolerations from the provider. + +Rationale: + +- this matches current AKS behavior, where `--enable-ultra-ssd` enables attachment capability but does not impose placement policy, +- the primary job of this feature is to make the node capable of attaching Ultra SSDs, not to decide which workloads should land on it, +- users who want explicit scheduling separation can model that themselves in the `NodePool` using labels, taints, tolerations, or affinity. + +#### Conclusion + +The implementation should follow the established provider pattern: + +1. strongly typed `AKSNodeClass` feature, +2. helper accessor like `IsUltraSSDEnabled()`, +3. instance type and offering filtering, +4. downstream API wiring in both provisioning modes. + +## Proposed Implementation + +### API changes + +Add a new field to `AKSNodeClass`: + +```yaml +spec: + ultraSSD: + enabled: true +``` + +Semantics: + +- default is disabled when omitted, +- enabling it opts the node class into Ultra SSD-capable capacity only, +- changing it triggers node replacement through drift. + +### Filtering + +Filter out InstanceTypes that don't support UltraSSD when it is enabled. + +- UltraSSD is also region and zone dependent, so we need to filter out at Offering level +- Add a check during createOfferings to verify that the zone + SKU support UltraSSD + +### Scheduling behavior + +The provider will not add Ultra SSD-specific Requirements, Labels, Taints, or Tolerations. + +If users want workloads that use UltraSSD-backed PVs to land only on Ultra SSD-capable nodes, they must model that in their own `NodePool` and workload configuration. + +Examples of user-managed policy include: + +- adding labels to the `NodePool` template, +- adding taints to the `NodePool`, +- adding tolerations and affinity to workloads. + +### VM mode wiring + +Update VM creation so Ultra SSD-enabled node classes set `vm.Properties.AdditionalCapabilities.UltraSSDEnabled = true`. + +This mirrors the current AKS behavior behind `--enable-ultra-ssd`: the node is made capable of attaching Ultra SSDs, but scheduling policy is left to the user. + +### AKS Machine API wiring + +Update AKS machine template creation so Ultra SSD-enabled node classes set `aksMachine.Properties.EnableUltraSSD = true`. + +## References + +- AKS Ultra Disks documentation: https://learn.microsoft.com/en-us/azure/aks/use-ultra-disks +- Related label and feature-toggle guidance in [designs/0006-requirements-and-labels.md](/Users/pablotrivino/go/src/aks/karpenter-provider-azure/designs/0006-requirements-and-labels.md) diff --git a/designs/README.md b/designs/README.md index a648a87e42..d8201f5100 100644 --- a/designs/README.md +++ b/designs/README.md @@ -8,6 +8,8 @@ These designs are written but not implemented. +- [Ultra SSD support](./0012-ultra-ssd-support.md) + ## Completed These designs are implemented. From e54289f1a0cf1b648fd075e87c80de49a3028670 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 1 Jun 2026 14:44:14 -0400 Subject: [PATCH 02/58] define in struct --- pkg/apis/v1alpha2/aksnodeclass.go | 11 +++++++++++ pkg/apis/v1beta1/aksnodeclass.go | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/pkg/apis/v1alpha2/aksnodeclass.go b/pkg/apis/v1alpha2/aksnodeclass.go index 7b55ebc618..0ebc7b0893 100644 --- a/pkg/apis/v1alpha2/aksnodeclass.go +++ b/pkg/apis/v1alpha2/aksnodeclass.go @@ -41,6 +41,14 @@ type ArtifactStreaming struct { Enabled *bool `json:"enabled,omitempty"` } +type UltraSSD struct { + Enabled *bool `json:"enabled,omitempty"` +} + +func (u *UltraSSD) IsEnabled() bool { + return u != nil && u.Enabled != nil && *u.Enabled +} + // AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider. // This will contain configuration necessary to launch instances in AKS. // +kubebuilder:validation:XValidation:message="FIPS is not yet supported for Ubuntu2204 or Ubuntu2404",rule="has(self.fipsMode) && self.fipsMode == 'FIPS' ? (has(self.imageFamily) && self.imageFamily != 'Ubuntu2204' && self.imageFamily != 'Ubuntu2404') : true" @@ -116,6 +124,9 @@ type AKSNodeClassSpec struct { // https://learn.microsoft.com/en-us/azure/aks/custom-node-configuration // +optional LinuxOSConfig *LinuxOSConfiguration `json:"linuxOSConfig,omitempty"` + // ultraSSD enables Ultra SSD for the provisioned nodes. + // +optional + UltraSSD *UltraSSD `json:"ultraSSD,omitempty"` } // TODO: Add link for the aka.ms/nap/aksnodeclass-enable-host-encryption docs diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index ce299caf16..b05dc4e733 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -58,6 +58,14 @@ func (a *ArtifactStreaming) IsEnabled(arch string) bool { return a != nil && a.Enabled != nil && *a.Enabled } +type UltraSSD struct { + Enabled *bool `json:"enabled,omitempty"` +} + +func (u *UltraSSD) IsEnabled() bool { + return u != nil && u.Enabled != nil && *u.Enabled +} + // AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider. // This will contain configuration necessary to launch instances in AKS. // +kubebuilder:validation:XValidation:message="FIPS is not yet supported for Ubuntu2204 or Ubuntu2404",rule="has(self.fipsMode) && self.fipsMode == 'FIPS' ? (has(self.imageFamily) && self.imageFamily != 'Ubuntu2204' && self.imageFamily != 'Ubuntu2404') : true" @@ -133,6 +141,9 @@ type AKSNodeClassSpec struct { // https://learn.microsoft.com/en-us/azure/aks/custom-node-configuration // +optional LinuxOSConfig *LinuxOSConfiguration `json:"linuxOSConfig,omitempty"` + // ultraSSD enables Ultra SSD for the provisioned nodes. + // +optional + UltraSSD *UltraSSD `json:"ultraSSD,omitempty"` } // TODO: Add link for the aka.ms/nap/aksnodeclass-enable-host-encryption docs From 02645f45ccb4d9e5596db007a1f56881c02acabd Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 1 Jun 2026 14:57:01 -0400 Subject: [PATCH 03/58] generate aksnodeclass edits --- .../karpenter.azure.com_aksnodeclasses.yaml | 12 +++++++++ .../karpenter.azure.com_aksnodeclasses.yaml | 12 +++++++++ pkg/apis/v1alpha2/zz_generated.deepcopy.go | 25 +++++++++++++++++++ pkg/apis/v1beta1/zz_generated.deepcopy.go | 25 +++++++++++++++++++ 4 files changed, 74 insertions(+) diff --git a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml index fe560ce078..0a879b54ea 100644 --- a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml +++ b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml @@ -768,6 +768,12 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) + ultraSSD: + description: ultraSSD enables Ultra SSD for the provisioned nodes. + properties: + enabled: + type: boolean + type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. @@ -1668,6 +1674,12 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) + ultraSSD: + description: ultraSSD enables Ultra SSD for the provisioned nodes. + properties: + enabled: + type: boolean + type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. diff --git a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml index fe560ce078..0a879b54ea 100644 --- a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml +++ b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml @@ -768,6 +768,12 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) + ultraSSD: + description: ultraSSD enables Ultra SSD for the provisioned nodes. + properties: + enabled: + type: boolean + type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. @@ -1668,6 +1674,12 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) + ultraSSD: + description: ultraSSD enables Ultra SSD for the provisioned nodes. + properties: + enabled: + type: boolean + type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. diff --git a/pkg/apis/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/v1alpha2/zz_generated.deepcopy.go index 8bae2732e3..9619703c1f 100644 --- a/pkg/apis/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/v1alpha2/zz_generated.deepcopy.go @@ -155,6 +155,11 @@ func (in *AKSNodeClassSpec) DeepCopyInto(out *AKSNodeClassSpec) { *out = new(LinuxOSConfiguration) (*in).DeepCopyInto(*out) } + if in.UltraSSD != nil { + in, out := &in.UltraSSD, &out.UltraSSD + *out = new(UltraSSD) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AKSNodeClassSpec. @@ -616,3 +621,23 @@ func (in *SysctlConfiguration) DeepCopy() *SysctlConfiguration { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UltraSSD) DeepCopyInto(out *UltraSSD) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UltraSSD. +func (in *UltraSSD) DeepCopy() *UltraSSD { + if in == nil { + return nil + } + out := new(UltraSSD) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apis/v1beta1/zz_generated.deepcopy.go b/pkg/apis/v1beta1/zz_generated.deepcopy.go index 4fd113dc71..7e65f93fb1 100644 --- a/pkg/apis/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/v1beta1/zz_generated.deepcopy.go @@ -155,6 +155,11 @@ func (in *AKSNodeClassSpec) DeepCopyInto(out *AKSNodeClassSpec) { *out = new(LinuxOSConfiguration) (*in).DeepCopyInto(*out) } + if in.UltraSSD != nil { + in, out := &in.UltraSSD, &out.UltraSSD + *out = new(UltraSSD) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AKSNodeClassSpec. @@ -616,3 +621,23 @@ func (in *SysctlConfiguration) DeepCopy() *SysctlConfiguration { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UltraSSD) DeepCopyInto(out *UltraSSD) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UltraSSD. +func (in *UltraSSD) DeepCopy() *UltraSSD { + if in == nil { + return nil + } + out := new(UltraSSD) + in.DeepCopyInto(out) + return out +} From 2361e6496724667304beea78e5f9d6b385f0259d Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 2 Jun 2026 00:18:37 -0400 Subject: [PATCH 04/58] filters --- pkg/apis/v1beta1/aksnodeclass.go | 4 ++++ pkg/providers/instancetype/instancetypes.go | 11 ++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index b05dc4e733..51fb2fe267 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -806,3 +806,7 @@ func (in *AKSNodeClass) GetGPUMode() GPUMode { func (in *AKSNodeClass) IsGPUDriverInstallationEnabled() bool { return in.GetGPUMode() != GPUModeNone } + +func (in *AKSNodeClass) IsUltraSSDEnabled() bool { + return in.Spec.UltraSSD != nil && *in.Spec.UltraSSD.Enabled +} diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index 1447d53c40..710f1c59d7 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -126,7 +126,7 @@ func (p *DefaultProvider) List( // Compute fully initialized instance types hash key kcHash, _ := hashstructure.Hash(kc, hashstructure.FormatV2, &hashstructure.HashOptions{SlicesAsSets: true}) - key := fmt.Sprintf("%d-%d-%016x-%s-%d-%d-%t-%t-%s-%t", + key := fmt.Sprintf("%d-%d-%016x-%s-%d-%d-%t-%t-%s-%t-%t", p.instanceTypesSeqNum, p.unavailableOfferings.SeqNum, kcHash, @@ -137,6 +137,7 @@ func (p *DefaultProvider) List( nodeClass.IsLocalDNSEnabled(), string(nodeClass.GetGPUMode()), nodeClass.IsArtifactStreamingExplicitlyEnabled(), + nodeClass.IsUltraSSDEnabled(), ) if item, ok := p.instanceTypesCache.Get(key); ok { // Ensure what's returned from this function is a shallow-copy of the slice (not a deep-copy of the data itself) @@ -163,7 +164,7 @@ func (p *DefaultProvider) List( // Any changes to the values passed into the NewInstanceType method will require making updates to the cache key // so that Karpenter is able to cache the set of InstanceTypes based on values that alter the set of instance types // !!! Important !!! - instanceType := NewInstanceType(ctx, sku, vmsize, kc, p.region, p.createOfferings(sku, instanceTypeZones), nodeClass, architecture) + instanceType := NewInstanceType(ctx, sku, vmsize, kc, p.region, p.createOfferings(sku, instanceTypeZones, nodeClass.IsUltraSSDEnabled()), nodeClass, architecture) if len(instanceType.Offerings) == 0 { continue } @@ -227,9 +228,13 @@ func (p *DefaultProvider) instanceTypeZones(sku *skewer.SKU) sets.Set[string] { // offering, you can do the following thanks to this invariant: // // offering.Requirements.Get(v1.TopologyLabelZone).Any() -func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string]) cloudprovider.Offerings { +func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string], isUltraSSDEnabled bool) cloudprovider.Offerings { offerings := []*cloudprovider.Offering{} for zone := range offeringZones { + if isUltraSSDEnabled && !sku.IsUltraSSDAvailableInAvailabilityZone(zone) { + continue + } + placementScope := zones.PlacementScopeForZone(zone) onDemandPrice, onDemandOk := p.pricingProvider.OnDemandPrice(*sku.Name) spotPrice, spotOk := p.pricingProvider.SpotPrice(*sku.Name) From 2b7cf78593bf8befc5903d7bb1333e42471a932b Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 2 Jun 2026 00:53:22 -0400 Subject: [PATCH 05/58] add ultra ssd --- pkg/providers/instance/aksmachineinstancehelpers.go | 3 ++- pkg/providers/instance/vminstance.go | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/providers/instance/aksmachineinstancehelpers.go b/pkg/providers/instance/aksmachineinstancehelpers.go index 8af65cc312..b10a259297 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers.go +++ b/pkg/providers/instance/aksmachineinstancehelpers.go @@ -128,7 +128,8 @@ func (p *DefaultAKSMachineProvider) buildAKSMachineTemplate(ctx context.Context, Hardware: &armcontainerservice.MachineHardwareProfile{ VMSize: lo.ToPtr(instanceType.Name), // GPUInstanceProfile: nil, - GpuProfile: gpuProfile, + GpuProfile: gpuProfile, + UltraSsdEnabled: lo.ToPtr(nodeClass.IsUltraSSDEnabled()), }, OperatingSystem: &armcontainerservice.MachineOSProfile{ OSType: lo.ToPtr(armcontainerservice.OSTypeLinux), diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index 4aa148c2b6..fedb72f390 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -551,6 +551,7 @@ type createVMOptions struct { UseSIG bool DiskEncryptionSetID string NodePoolName string + UltraSsdEnabled bool } // newVMObject creates a new armcompute.VirtualMachine from the provided options @@ -605,6 +606,9 @@ func newVMObject(opts *createVMOptions) *armcompute.VirtualMachine { }, }, Priority: lo.ToPtr(KarpCapacityTypeToVMPriority[opts.CapacityType]), + AdditionalCapabilities: &armcompute.AdditionalCapabilities{ + UltraSSDEnabled: &opts.UltraSsdEnabled, + }, }, Zones: zones.MakeARMZonesFromAKSLabelZone(opts.Zone), Tags: opts.LaunchTemplate.Tags, @@ -819,6 +823,7 @@ func (p *DefaultVMProvider) beginLaunchInstance( UseSIG: options.FromContext(ctx).UseSIG, DiskEncryptionSetID: p.diskEncryptionSetID, NodePoolName: nodeClaim.Labels[karpv1.NodePoolLabelKey], + UltraSsdEnabled: nodeClass.IsUltraSSDEnabled(), }) if err != nil { sku, skuErr := p.instanceTypeProvider.Get(ctx, instanceType.Name) From 0fe9f2fafaf6acfce7597a6c8b62ef35258b107d Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 2 Jun 2026 18:53:37 -0400 Subject: [PATCH 06/58] remove link --- designs/0012-ultra-ssd-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/designs/0012-ultra-ssd-support.md b/designs/0012-ultra-ssd-support.md index 975ca29e3a..ce4f0ad217 100644 --- a/designs/0012-ultra-ssd-support.md +++ b/designs/0012-ultra-ssd-support.md @@ -153,4 +153,4 @@ Update AKS machine template creation so Ultra SSD-enabled node classes set `aksM ## References - AKS Ultra Disks documentation: https://learn.microsoft.com/en-us/azure/aks/use-ultra-disks -- Related label and feature-toggle guidance in [designs/0006-requirements-and-labels.md](/Users/pablotrivino/go/src/aks/karpenter-provider-azure/designs/0006-requirements-and-labels.md) + From d251af01067f87b64dc2495e822f15f69efddabe Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 15 Jun 2026 13:05:32 -0400 Subject: [PATCH 07/58] make ultra ssd setting consistent --- pkg/providers/instance/vminstance.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index fedb72f390..1a8662e18a 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -606,9 +606,6 @@ func newVMObject(opts *createVMOptions) *armcompute.VirtualMachine { }, }, Priority: lo.ToPtr(KarpCapacityTypeToVMPriority[opts.CapacityType]), - AdditionalCapabilities: &armcompute.AdditionalCapabilities{ - UltraSSDEnabled: &opts.UltraSsdEnabled, - }, }, Zones: zones.MakeARMZonesFromAKSLabelZone(opts.Zone), Tags: opts.LaunchTemplate.Tags, @@ -618,6 +615,7 @@ func newVMObject(opts *createVMOptions) *armcompute.VirtualMachine { setImageReference(vm.Properties, opts.LaunchTemplate.ImageID, opts.UseSIG) setVMPropertiesBillingProfile(vm.Properties, opts.CapacityType) setVMPropertiesSecurityProfile(vm.Properties, opts.NodeClass) + setVMPropertiesAdditionalCapabilities(vm.Properties, opts.UltraSsdEnabled) if opts.ProvisionMode == consts.ProvisionModeBootstrappingClient { vm.Properties.OSProfile.CustomData = lo.ToPtr(opts.LaunchTemplate.CustomScriptsCustomData) @@ -682,6 +680,15 @@ func setVMPropertiesSecurityProfile(vmProperties *armcompute.VirtualMachinePrope } } +func setVMPropertiesAdditionalCapabilities(vmProperties *armcompute.VirtualMachineProperties, ultraSsdEnabled bool) { + if ultraSsdEnabled { + if vmProperties.AdditionalCapabilities == nil { + vmProperties.AdditionalCapabilities = &armcompute.AdditionalCapabilities{} + } + vmProperties.AdditionalCapabilities.UltraSSDEnabled = &ultraSsdEnabled + } +} + type createResult struct { Poller *runtime.Poller[armcompute.VirtualMachinesClientCreateOrUpdateResponse] VM *armcompute.VirtualMachine From f36235905700e284c92a697d0720f6b959f9e1e9 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 15 Jun 2026 19:16:43 -0400 Subject: [PATCH 08/58] reformat for consistency --- pkg/providers/instance/aksmachineinstancehelpers.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/providers/instance/aksmachineinstancehelpers.go b/pkg/providers/instance/aksmachineinstancehelpers.go index b10a259297..9b79924a57 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers.go +++ b/pkg/providers/instance/aksmachineinstancehelpers.go @@ -129,7 +129,7 @@ func (p *DefaultAKSMachineProvider) buildAKSMachineTemplate(ctx context.Context, VMSize: lo.ToPtr(instanceType.Name), // GPUInstanceProfile: nil, GpuProfile: gpuProfile, - UltraSsdEnabled: lo.ToPtr(nodeClass.IsUltraSSDEnabled()), + UltraSsdEnabled: configureUltraSSDEnabled(nodeClass), }, OperatingSystem: &armcontainerservice.MachineOSProfile{ OSType: lo.ToPtr(armcontainerservice.OSTypeLinux), @@ -370,6 +370,13 @@ func configureLabelsAndMode(nodeClaim *karpv1.NodeClaim, instanceType *corecloud return nodeLabelPtrs, modePtr } +func configureUltraSSDEnabled(nodeClass *v1beta1.AKSNodeClass) *bool { + if nodeClass == nil || nodeClass.IsUltraSSDEnabled() == false { + return nil + } + return lo.ToPtr(nodeClass.IsUltraSSDEnabled()) +} + // ConfigureAKSMachineTags returns the tags to be applied to AKS machine instances and their affiliated resources. // This includes all standard tags plus the AKS machine distinguishing tag. func ConfigureAKSMachineTags(opts *options.Options, nodeClass *v1beta1.AKSNodeClass, nodeClaim *karpv1.NodeClaim) map[string]*string { From 6c920a2292f704075f78fd9aa13640d2f1e39a46 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 15 Jun 2026 19:30:55 -0400 Subject: [PATCH 09/58] add small test --- .../aksmachineinstancehelpers_test.go | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/pkg/providers/instance/aksmachineinstancehelpers_test.go b/pkg/providers/instance/aksmachineinstancehelpers_test.go index 498a9bd83d..ed3d2ef42d 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers_test.go +++ b/pkg/providers/instance/aksmachineinstancehelpers_test.go @@ -592,6 +592,33 @@ var _ = Describe("AKSMachineInstance Helper Functions", func() { ) }) + Context("configureUltraSSDEnabled", func() { + It("should return nil when nodeClass is nil", func() { + Expect(configureUltraSSDEnabled(nil)).To(BeNil()) + }) + + It("should return nil when UltraSSD is not configured", func() { + nodeClass.Spec.UltraSSD = nil + + Expect(configureUltraSSDEnabled(nodeClass)).To(BeNil()) + }) + + It("should return nil when UltraSSD is explicitly disabled", func() { + nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{Enabled: lo.ToPtr(false)} + + Expect(configureUltraSSDEnabled(nodeClass)).To(BeNil()) + }) + + It("should return true when UltraSSD is enabled", func() { + nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{Enabled: lo.ToPtr(true)} + + result := configureUltraSSDEnabled(nodeClass) + + Expect(result).ToNot(BeNil()) + Expect(*result).To(BeTrue()) + }) + }) + Context("configureKubeletConfig", func() { It("should return nil when nodeClass is nil", func() { config := configureKubeletConfig(nil) From e8b4112ca527cebed3b33379a1bf65af20f6cdf9 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 15 Jun 2026 19:40:57 -0400 Subject: [PATCH 10/58] Create e2e test file --- test/suites/integration/ultrassd_test.go | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test/suites/integration/ultrassd_test.go diff --git a/test/suites/integration/ultrassd_test.go b/test/suites/integration/ultrassd_test.go new file mode 100644 index 0000000000..e69de29bb2 From 4f13615aa58b4a594b9ced12cfd301f4629cbff3 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 11:12:39 -0400 Subject: [PATCH 11/58] e2e skeleton --- test/suites/integration/ultrassd_test.go | 52 ++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/test/suites/integration/ultrassd_test.go b/test/suites/integration/ultrassd_test.go index e69de29bb2..5a3912bec9 100644 --- a/test/suites/integration/ultrassd_test.go +++ b/test/suites/integration/ultrassd_test.go @@ -0,0 +1,52 @@ +/* +Portions Copyright (c) Microsoft Corporation. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package integration_test + +import ( + corev1 "k8s.io/api/core/v1" + coretest "sigs.k8s.io/karpenter/pkg/test" + + "github.com/Azure/karpenter-provider-azure/pkg/apis/v1beta1" + . "github.com/onsi/ginkgo/v2" +) + +var _ = Describe("UltraSSD", func() { + BeforeEach(func() { + if !env.IsMachineModeOrNPS() { + Skip("UltraSSD tests require NPS (Node Provisioning Service) - only supported in NAP/managed Karpenter mode") + } + }) + + It("should enable UltraSSD when explicitly enabled", func() { + enabled := true + nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{ + Enabled: &enabled, + } + + deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) + env.ExpectCreated(nodeClass, nodePool, deployment) + pods := env.EventuallyExpectHealthyDeployment(deployment) + + env.EventuallyExpectInitializedNodeCount("==", 1) + node := env.GetNode(pods[0].Spec.NodeName) + verifyUltraSSDOnNode(node, true) + }) +}) + +func verifyUltraSSDOnNode(node *corev1.Node, expected bool) { + return +} From 79d2de77a4dac0543dac70b6a0e820fbf97a7f0f Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 13:55:00 -0400 Subject: [PATCH 12/58] cx experience section --- designs/0012-ultra-ssd-support.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/designs/0012-ultra-ssd-support.md b/designs/0012-ultra-ssd-support.md index ce4f0ad217..cd3aaa2a73 100644 --- a/designs/0012-ultra-ssd-support.md +++ b/designs/0012-ultra-ssd-support.md @@ -150,6 +150,16 @@ This mirrors the current AKS behavior behind `--enable-ultra-ssd`: the node is m Update AKS machine template creation so Ultra SSD-enabled node classes set `aksMachine.Properties.EnableUltraSSD = true`. +### Customer Experience and AKS Parity + +Customers wishing to use UltraSSD will set the ultraSSD field on their AKSNodeClass CR to true. This field will be used to filter out offerings to those SKUs and zones that support it (i.g. making sure that the SKU supports UltraSSD in the given zones). + +In AKS, creating a cluster with `--enable-ultra-ssd` means the initial system pool gets UltraSSD capabilities. Additional pools must also explicitly include the `--enable-ultra-ssd` flag at creation time to enable it. Validation runs at cluster/pool validation and rejects the request if the user did not specify zones, or the SKU does not support UltraSSD in any of the zones, and all the nodes belonging to a pool created with the flag are UltraSSD capable. Clusters can have any mix of UltraSSD-enabled and disabled pools, regardless if the cluster was initially created with `--enable-ultra-ssd` or not. + +For NAP parity, enabling the feature in an AKSNodeClass means Karpenter will only consider offerings whose zone has UltraSSD available for the given SKU, and it will automatically set those nodes to support UltraSSD. If a customer disables the feature in the AKSNodeClass CR, then the nodes will be considered drifted and re-created with the UltraSSD support disabled. AKS does not add any kind of label, annotation, or taint to the nodes saying UltraSSD is enabled, so NAP doesn't either. + +See References section for more information on what AKS does. + ## References - AKS Ultra Disks documentation: https://learn.microsoft.com/en-us/azure/aks/use-ultra-disks From 24eca5a4f21e97a2fcc1163a0a2634726d61bc81 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 14:11:57 -0400 Subject: [PATCH 13/58] disable --- test/suites/integration/ultrassd_test.go | 31 +++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/test/suites/integration/ultrassd_test.go b/test/suites/integration/ultrassd_test.go index 5a3912bec9..b09b54062f 100644 --- a/test/suites/integration/ultrassd_test.go +++ b/test/suites/integration/ultrassd_test.go @@ -22,6 +22,7 @@ import ( "github.com/Azure/karpenter-provider-azure/pkg/apis/v1beta1" . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = Describe("UltraSSD", func() { @@ -45,8 +46,36 @@ var _ = Describe("UltraSSD", func() { node := env.GetNode(pods[0].Spec.NodeName) verifyUltraSSDOnNode(node, true) }) + + It("should disable UltraSSD when explicitly disabled", func() { + enabled := false + nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{ + Enabled: &enabled, + } + + deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) + env.ExpectCreated(nodeClass, nodePool, deployment) + pods := env.EventuallyExpectHealthyDeployment(deployment) + + env.EventuallyExpectInitializedNodeCount("==", 1) + node := env.GetNode(pods[0].Spec.NodeName) + verifyUltraSSDOnNode(node, false) + }) }) func verifyUltraSSDOnNode(node *corev1.Node, expected bool) { - return + vm := env.GetVM(node.Name) + Expect(vm.Properties).ToNot(BeNil()) + + if expected { + Expect(vm.Properties.AdditionalCapabilities).ToNot(BeNil()) + Expect(vm.Properties.AdditionalCapabilities.UltraSSDEnabled).ToNot(BeNil()) + Expect(*vm.Properties.AdditionalCapabilities.UltraSSDEnabled).To(BeTrue()) + return + } + + if vm.Properties.AdditionalCapabilities == nil || vm.Properties.AdditionalCapabilities.UltraSSDEnabled == nil { + return + } + Expect(*vm.Properties.AdditionalCapabilities.UltraSSDEnabled).To(BeFalse()) } From f85552ccb34c5eff3c36baad247dc74d02f40743 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 19:40:32 -0400 Subject: [PATCH 14/58] rm just --- designs/0012-ultra-ssd-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/designs/0012-ultra-ssd-support.md b/designs/0012-ultra-ssd-support.md index cd3aaa2a73..9e949d6dad 100644 --- a/designs/0012-ultra-ssd-support.md +++ b/designs/0012-ultra-ssd-support.md @@ -71,7 +71,7 @@ Ultra SSD should be configured as a strongly typed `AKSNodeClass` feature, not a Reasons: -- it is a provisioning feature, not just a schedulable label, +- it is a provisioning feature, not a schedulable label, - it aligns with the current `AKSNodeClass` design pattern The user expectation of “default false” is still satisfied. If `spec.ultraSSD` or `spec.ultraSSD.enabled` is omitted, the effective value is disabled. From 2b81077fa9d78eb27e977053bd67ecc6858ac7a4 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 19:55:39 -0400 Subject: [PATCH 15/58] do not return nil --- pkg/providers/instance/aksmachineinstancehelpers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/providers/instance/aksmachineinstancehelpers.go b/pkg/providers/instance/aksmachineinstancehelpers.go index 9b79924a57..d1c085cb7c 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers.go +++ b/pkg/providers/instance/aksmachineinstancehelpers.go @@ -371,7 +371,7 @@ func configureLabelsAndMode(nodeClaim *karpv1.NodeClaim, instanceType *corecloud } func configureUltraSSDEnabled(nodeClass *v1beta1.AKSNodeClass) *bool { - if nodeClass == nil || nodeClass.IsUltraSSDEnabled() == false { + if nodeClass == nil { return nil } return lo.ToPtr(nodeClass.IsUltraSSDEnabled()) From 5356a06f679194444fb7c86004c642c08f80c08c Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 20:24:06 -0400 Subject: [PATCH 16/58] nil check --- pkg/apis/v1beta1/aksnodeclass.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index 51fb2fe267..885fc31a76 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -808,5 +808,5 @@ func (in *AKSNodeClass) IsGPUDriverInstallationEnabled() bool { } func (in *AKSNodeClass) IsUltraSSDEnabled() bool { - return in.Spec.UltraSSD != nil && *in.Spec.UltraSSD.Enabled + return in.Spec.UltraSSD != nil && in.Spec.UltraSSD.Enabled != nil && *in.Spec.UltraSSD.Enabled } From b0cb70569c9f76e03fe2bc1e29ecd50c0ec0e3a3 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 20:26:19 -0400 Subject: [PATCH 17/58] godoc --- pkg/apis/v1alpha2/aksnodeclass.go | 3 +++ pkg/apis/v1beta1/aksnodeclass.go | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/pkg/apis/v1alpha2/aksnodeclass.go b/pkg/apis/v1alpha2/aksnodeclass.go index 0ebc7b0893..b526c9691d 100644 --- a/pkg/apis/v1alpha2/aksnodeclass.go +++ b/pkg/apis/v1alpha2/aksnodeclass.go @@ -41,10 +41,13 @@ type ArtifactStreaming struct { Enabled *bool `json:"enabled,omitempty"` } +// UltraSSD configures Ultra SSD for provisioned nodes. +// UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { Enabled *bool `json:"enabled,omitempty"` } +// IsEnabled returns true if Ultra SSD is enabled. func (u *UltraSSD) IsEnabled() bool { return u != nil && u.Enabled != nil && *u.Enabled } diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index 885fc31a76..1b4ae3899e 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -58,10 +58,13 @@ func (a *ArtifactStreaming) IsEnabled(arch string) bool { return a != nil && a.Enabled != nil && *a.Enabled } +// UltraSSD configures Ultra SSD for provisioned nodes. +// UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { Enabled *bool `json:"enabled,omitempty"` } +// IsUltraSSDEnabled returns true if Ultra SSD is enabled. func (u *UltraSSD) IsEnabled() bool { return u != nil && u.Enabled != nil && *u.Enabled } @@ -807,6 +810,7 @@ func (in *AKSNodeClass) IsGPUDriverInstallationEnabled() bool { return in.GetGPUMode() != GPUModeNone } +// IsUltraSSDEnabled returns true if Ultra SSD is enabled. func (in *AKSNodeClass) IsUltraSSDEnabled() bool { return in.Spec.UltraSSD != nil && in.Spec.UltraSSD.Enabled != nil && *in.Spec.UltraSSD.Enabled } From c44b25811292db53bd4c53f5366bed84a71d82eb Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 16 Jun 2026 20:31:02 -0400 Subject: [PATCH 18/58] add notes on defaults --- designs/0012-ultra-ssd-support.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/designs/0012-ultra-ssd-support.md b/designs/0012-ultra-ssd-support.md index 9e949d6dad..7d738595e4 100644 --- a/designs/0012-ultra-ssd-support.md +++ b/designs/0012-ultra-ssd-support.md @@ -142,7 +142,11 @@ Examples of user-managed policy include: ### VM mode wiring -Update VM creation so Ultra SSD-enabled node classes set `vm.Properties.AdditionalCapabilities.UltraSSDEnabled = true`. +#### VM +Update VM creation so Ultra SSD-enabled node classes set `vm.Properties.AdditionalCapabilities.UltraSSDEnabled = true`. This is left nil if UltraSSD is not enabled, which is consistent with AKS. + +#### Machine +Set `armcontainerservice.Machine.Properties.MachineProperties.MachineHardwareProfile.UltraSsdEnabled = true` if enabled and `false` if disabled. This is consistent with AKS. This mirrors the current AKS behavior behind `--enable-ultra-ssd`: the node is made capable of attaching Ultra SSDs, but scheduling policy is left to the user. From 0b57f232e5564f2c8f8821b6409789ec62df49fe Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Wed, 17 Jun 2026 11:18:06 -0400 Subject: [PATCH 19/58] fix test --- .../instance/aksmachineinstancehelpers_test.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstancehelpers_test.go b/pkg/providers/instance/aksmachineinstancehelpers_test.go index ed3d2ef42d..388d654bc4 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers_test.go +++ b/pkg/providers/instance/aksmachineinstancehelpers_test.go @@ -597,16 +597,22 @@ var _ = Describe("AKSMachineInstance Helper Functions", func() { Expect(configureUltraSSDEnabled(nil)).To(BeNil()) }) - It("should return nil when UltraSSD is not configured", func() { + It("should return false when UltraSSD is not configured", func() { nodeClass.Spec.UltraSSD = nil - Expect(configureUltraSSDEnabled(nodeClass)).To(BeNil()) + result := configureUltraSSDEnabled(nodeClass) + + Expect(result).ToNot(BeNil()) + Expect(*result).To(BeFalse()) }) - It("should return nil when UltraSSD is explicitly disabled", func() { + It("should return false when UltraSSD is explicitly disabled", func() { nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{Enabled: lo.ToPtr(false)} - Expect(configureUltraSSDEnabled(nodeClass)).To(BeNil()) + result := configureUltraSSDEnabled(nodeClass) + + Expect(result).ToNot(BeNil()) + Expect(*result).To(BeFalse()) }) It("should return true when UltraSSD is enabled", func() { From 80f8d32b17c41f475a5daaba4b7dd06636259d5a Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Wed, 17 Jun 2026 14:00:27 -0400 Subject: [PATCH 20/58] godoc --- pkg/apis/v1alpha2/aksnodeclass.go | 1 + pkg/apis/v1beta1/aksnodeclass.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/apis/v1alpha2/aksnodeclass.go b/pkg/apis/v1alpha2/aksnodeclass.go index b526c9691d..8ed38db6cd 100644 --- a/pkg/apis/v1alpha2/aksnodeclass.go +++ b/pkg/apis/v1alpha2/aksnodeclass.go @@ -44,6 +44,7 @@ type ArtifactStreaming struct { // UltraSSD configures Ultra SSD for provisioned nodes. // UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { + // Enabled indicates if Ultra SSD is enabled. Enabled *bool `json:"enabled,omitempty"` } diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index 1b4ae3899e..5c31b76c5a 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -61,6 +61,7 @@ func (a *ArtifactStreaming) IsEnabled(arch string) bool { // UltraSSD configures Ultra SSD for provisioned nodes. // UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { + // Enabled indicates if Ultra SSD is enabled. Enabled *bool `json:"enabled,omitempty"` } From 83baca60d8a9a5f3935576234fc786892e677ee0 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Wed, 17 Jun 2026 15:41:31 -0400 Subject: [PATCH 21/58] remove guard --- test/suites/integration/ultrassd_test.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/suites/integration/ultrassd_test.go b/test/suites/integration/ultrassd_test.go index b09b54062f..134c90c917 100644 --- a/test/suites/integration/ultrassd_test.go +++ b/test/suites/integration/ultrassd_test.go @@ -26,12 +26,6 @@ import ( ) var _ = Describe("UltraSSD", func() { - BeforeEach(func() { - if !env.IsMachineModeOrNPS() { - Skip("UltraSSD tests require NPS (Node Provisioning Service) - only supported in NAP/managed Karpenter mode") - } - }) - It("should enable UltraSSD when explicitly enabled", func() { enabled := true nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{ From 6e18e9ead37ba4402995ef955576f5a2ad3cf9f6 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Wed, 17 Jun 2026 15:48:45 -0400 Subject: [PATCH 22/58] specify as optional --- pkg/apis/v1alpha2/aksnodeclass.go | 1 + pkg/apis/v1beta1/aksnodeclass.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/apis/v1alpha2/aksnodeclass.go b/pkg/apis/v1alpha2/aksnodeclass.go index 8ed38db6cd..899cd10a00 100644 --- a/pkg/apis/v1alpha2/aksnodeclass.go +++ b/pkg/apis/v1alpha2/aksnodeclass.go @@ -45,6 +45,7 @@ type ArtifactStreaming struct { // UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { // Enabled indicates if Ultra SSD is enabled. + // +optional Enabled *bool `json:"enabled,omitempty"` } diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index 5c31b76c5a..44ea40416d 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -62,6 +62,7 @@ func (a *ArtifactStreaming) IsEnabled(arch string) bool { // UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { // Enabled indicates if Ultra SSD is enabled. + // +optional Enabled *bool `json:"enabled,omitempty"` } From f76ef6fcd297f7e661db44b5c2a69820fee61659 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Thu, 18 Jun 2026 01:10:58 -0400 Subject: [PATCH 23/58] temp focus --- .github/workflows/e2e.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 7be750c360..ffd42bc253 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -7,6 +7,10 @@ on: suite: type: string required: true + focus: + type: string + description: "optional ginkgo focus regex" + default: "" location: type: string description: "the azure location to run the e2e test in" @@ -51,6 +55,10 @@ on: - Storage - Subnet - Utilization + focus: + type: string + description: "optional ginkgo focus regex" + default: "" location: type: choice description: "Azure location to run the e2e test in" @@ -238,6 +246,7 @@ jobs: AZURE_ACR_NAME: ${{ env.ACR_NAME }} AZURE_CLIENT_ID: ${{ secrets.E2E_CLIENT_ID_TEST }} TEST_SUITE: ${{ inputs.suite }} + FOCUS: ${{ inputs.focus }} GIT_REF: ${{ github.sha }} PROVISION_MODE: ${{ inputs.provision_mode }} run: | From 54fbd308d2ab57ee0bc69376a2c770e29ca776dc Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Fri, 19 Jun 2026 14:20:36 -0400 Subject: [PATCH 24/58] add log --- pkg/providers/instancetype/instancetypes.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index ed8e057305..7d95ad3707 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -29,6 +29,7 @@ import ( "github.com/samber/lo" corev1 "k8s.io/api/core/v1" + "k8s.io/klog/v2" karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7" @@ -244,6 +245,8 @@ func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Se offerings := []*cloudprovider.Offering{} for zone := range offeringZones { if params.UltraSSDEnabled && !sku.IsUltraSSDAvailableInAvailabilityZone(zone) { + // Log the fact that the offering is unavailable + klog.V(1).Infof("Offering for SKU %s in zone %s is unavailable", *sku.Name, zone) continue } From c2f8e8d3b9b289e0cc7f8ea06b270242a8789dee Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Fri, 19 Jun 2026 16:16:03 -0400 Subject: [PATCH 25/58] add ctx --- pkg/providers/instancetype/instancetypes.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index 7d95ad3707..7cc66959ea 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -29,7 +29,6 @@ import ( "github.com/samber/lo" corev1 "k8s.io/api/core/v1" - "k8s.io/klog/v2" karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7" @@ -177,7 +176,7 @@ func (p *DefaultProvider) List( continue } instanceTypeZones := p.instanceTypeZones(sku) - instanceType := newInstanceType(ctx, sku, vmsize, p.region, p.createOfferings(sku, instanceTypeZones, instanceTypeParams), instanceTypeParams, architecture) + instanceType := newInstanceType(ctx, sku, vmsize, p.region, p.createOfferings(ctx, sku, instanceTypeZones, instanceTypeParams), instanceTypeParams, architecture) if len(instanceType.Offerings) == 0 { continue } @@ -241,12 +240,16 @@ func (p *DefaultProvider) instanceTypeZones(sku *skewer.SKU) sets.Set[string] { // offering, you can do the following thanks to this invariant: // // offering.Requirements.Get(v1.TopologyLabelZone).Any() -func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { +func (p *DefaultProvider) createOfferings(ctx context.Context, sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { offerings := []*cloudprovider.Offering{} for zone := range offeringZones { if params.UltraSSDEnabled && !sku.IsUltraSSDAvailableInAvailabilityZone(zone) { // Log the fact that the offering is unavailable - klog.V(1).Infof("Offering for SKU %s in zone %s is unavailable", *sku.Name, zone) + log.FromContext(ctx).Info( + "offering is unavailable", + "skuName", lo.FromPtr(sku.Name), + "zone", zone, + ) continue } From 31452b265904477b96dbce04f75ee38c4d93580a Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 22 Jun 2026 18:01:51 -0400 Subject: [PATCH 26/58] proper filtering --- pkg/providers/instancetype/instancetypes.go | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index 7cc66959ea..cf4622ea10 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -243,16 +243,15 @@ func (p *DefaultProvider) instanceTypeZones(sku *skewer.SKU) sets.Set[string] { func (p *DefaultProvider) createOfferings(ctx context.Context, sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { offerings := []*cloudprovider.Offering{} for zone := range offeringZones { - if params.UltraSSDEnabled && !sku.IsUltraSSDAvailableInAvailabilityZone(zone) { - // Log the fact that the offering is unavailable - log.FromContext(ctx).Info( - "offering is unavailable", - "skuName", lo.FromPtr(sku.Name), - "zone", zone, - ) - continue + if params.UltraSSDEnabled { + if zone == "0" && !sku.IsUltraSSDAvailableWithoutAvailabilityZone() { + continue + } + + if z := strings.Split(zone, "-"); len(z) > 1 && !sku.IsUltraSSDAvailableInAvailabilityZone(z[len(z)-1]) { + continue + } } - placementScope := zones.PlacementScopeForZone(zone) onDemandPrice, onDemandOk := p.pricingProvider.OnDemandPrice(*sku.Name) spotPrice, spotOk := p.pricingProvider.SpotPrice(*sku.Name) From a748ddf0d37e3936929269806eee363862402991 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 22 Jun 2026 19:14:43 -0400 Subject: [PATCH 27/58] update comment and remove ctx parameter --- pkg/providers/instancetype/instancetypes.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index cf4622ea10..6f6c654367 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -176,7 +176,7 @@ func (p *DefaultProvider) List( continue } instanceTypeZones := p.instanceTypeZones(sku) - instanceType := newInstanceType(ctx, sku, vmsize, p.region, p.createOfferings(ctx, sku, instanceTypeZones, instanceTypeParams), instanceTypeParams, architecture) + instanceType := newInstanceType(ctx, sku, vmsize, p.region, p.createOfferings(sku, instanceTypeZones, instanceTypeParams), instanceTypeParams, architecture) if len(instanceType.Offerings) == 0 { continue } @@ -240,7 +240,7 @@ func (p *DefaultProvider) instanceTypeZones(sku *skewer.SKU) sets.Set[string] { // offering, you can do the following thanks to this invariant: // // offering.Requirements.Get(v1.TopologyLabelZone).Any() -func (p *DefaultProvider) createOfferings(ctx context.Context, sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { +func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { offerings := []*cloudprovider.Offering{} for zone := range offeringZones { if params.UltraSSDEnabled { @@ -248,6 +248,7 @@ func (p *DefaultProvider) createOfferings(ctx context.Context, sku *skewer.SKU, continue } + // Zones are formatted as -, but we only care about the zone part. if z := strings.Split(zone, "-"); len(z) > 1 && !sku.IsUltraSSDAvailableInAvailabilityZone(z[len(z)-1]) { continue } From d92fbc6f3571d09f62006683c305b5a94f83f05d Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 22 Jun 2026 19:16:41 -0400 Subject: [PATCH 28/58] undo focus changes --- .github/workflows/e2e.yaml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index ffd42bc253..d2e91feeec 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -7,10 +7,6 @@ on: suite: type: string required: true - focus: - type: string - description: "optional ginkgo focus regex" - default: "" location: type: string description: "the azure location to run the e2e test in" @@ -55,10 +51,6 @@ on: - Storage - Subnet - Utilization - focus: - type: string - description: "optional ginkgo focus regex" - default: "" location: type: choice description: "Azure location to run the e2e test in" @@ -161,7 +153,7 @@ jobs: esm.ubuntu.com:443 169.254.169.254:80 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.git_ref }} - if: always() && github.event_name == 'workflow_run' @@ -246,7 +238,6 @@ jobs: AZURE_ACR_NAME: ${{ env.ACR_NAME }} AZURE_CLIENT_ID: ${{ secrets.E2E_CLIENT_ID_TEST }} TEST_SUITE: ${{ inputs.suite }} - FOCUS: ${{ inputs.focus }} GIT_REF: ${{ github.sha }} PROVISION_MODE: ${{ inputs.provision_mode }} run: | @@ -273,4 +264,4 @@ jobs: uses: ./.github/actions/commit-status/end with: name: ${{ github.workflow }} / e2e (${{ inputs.suite }}) - git_ref: ${{ inputs.git_ref }} + git_ref: ${{ inputs.git_ref }} \ No newline at end of file From 7066b588ec5d97a6d652d1879ca4147f8dc7b733 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 22 Jun 2026 19:18:18 -0400 Subject: [PATCH 29/58] undo changes to e2e yaml --- .github/workflows/e2e.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index d2e91feeec..7be750c360 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -153,7 +153,7 @@ jobs: esm.ubuntu.com:443 169.254.169.254:80 - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ inputs.git_ref }} - if: always() && github.event_name == 'workflow_run' @@ -264,4 +264,4 @@ jobs: uses: ./.github/actions/commit-status/end with: name: ${{ github.workflow }} / e2e (${{ inputs.suite }}) - git_ref: ${{ inputs.git_ref }} \ No newline at end of file + git_ref: ${{ inputs.git_ref }} From 3f0f0ece9307d48b257d376059bb68e7f7014428 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 23 Jun 2026 15:44:38 +0000 Subject: [PATCH 30/58] make ci nontest --- .vscode/settings.json | 28 ++++++++++++++++++- .../karpenter.azure.com_aksnodeclasses.yaml | 2 ++ .../karpenter.azure.com_aksnodeclasses.yaml | 2 ++ pkg/apis/v1alpha2/aksnodeclass.go | 2 +- pkg/apis/v1beta1/aksnodeclass.go | 2 +- 5 files changed, 33 insertions(+), 3 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 9f146249cb..9f6f364a7f 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -28,5 +28,31 @@ } ] }, - "chat.useAgentSkills": true + "chat.useAgentSkills": true, + "githubPullRequests.queries": [ + { + "label": "Local Pull Request Branches", + "query": "default" + }, + { + "label": "Waiting For My Review", + "query": "repo:${owner}/${repository} is:open review-requested:${user}" + }, + { + "label": "Assigned To Me", + "query": "repo:${owner}/${repository} is:open assignee:${user}" + }, + { + "label": "Created By Me", + "query": "repo:${owner}/${repository} is:open author:${user}" + }, + { + "label": "All Open (-dependabot)", + "query": "repo:${owner}/${repository} is:open -label:dependencies" + }, + { + "label": "All Open", + "query": "default" + } + ] } diff --git a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml index 0a879b54ea..a476030dc4 100644 --- a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml +++ b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml @@ -772,6 +772,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: + description: Enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: @@ -1678,6 +1679,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: + description: Enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: diff --git a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml index 0a879b54ea..a476030dc4 100644 --- a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml +++ b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml @@ -772,6 +772,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: + description: Enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: @@ -1678,6 +1679,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: + description: Enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: diff --git a/pkg/apis/v1alpha2/aksnodeclass.go b/pkg/apis/v1alpha2/aksnodeclass.go index 899cd10a00..28d8e9f5d1 100644 --- a/pkg/apis/v1alpha2/aksnodeclass.go +++ b/pkg/apis/v1alpha2/aksnodeclass.go @@ -44,7 +44,7 @@ type ArtifactStreaming struct { // UltraSSD configures Ultra SSD for provisioned nodes. // UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { - // Enabled indicates if Ultra SSD is enabled. + // enabled indicates if Ultra SSD is enabled. // +optional Enabled *bool `json:"enabled,omitempty"` } diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index 44ea40416d..0bce752459 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -61,7 +61,7 @@ func (a *ArtifactStreaming) IsEnabled(arch string) bool { // UltraSSD configures Ultra SSD for provisioned nodes. // UltraSSD allows nodes to use Ultra SSD. type UltraSSD struct { - // Enabled indicates if Ultra SSD is enabled. + // enabled indicates if Ultra SSD is enabled. // +optional Enabled *bool `json:"enabled,omitempty"` } From 13f67eebb6364d1546b30c8d5aa75d8524353762 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 23 Jun 2026 17:13:01 +0000 Subject: [PATCH 31/58] second round of make ci-non-test --- .../templates/karpenter.azure.com_aksnodeclasses.yaml | 4 ++-- pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml index a476030dc4..be0ece35e0 100644 --- a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml +++ b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml @@ -772,7 +772,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: - description: Enabled indicates if Ultra SSD is enabled. + description: enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: @@ -1679,7 +1679,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: - description: Enabled indicates if Ultra SSD is enabled. + description: enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: diff --git a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml index a476030dc4..be0ece35e0 100644 --- a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml +++ b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml @@ -772,7 +772,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: - description: Enabled indicates if Ultra SSD is enabled. + description: enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: @@ -1679,7 +1679,7 @@ spec: description: ultraSSD enables Ultra SSD for the provisioned nodes. properties: enabled: - description: Enabled indicates if Ultra SSD is enabled. + description: enabled indicates if Ultra SSD is enabled. type: boolean type: object vnetSubnetID: From 7b7d7263a06de9a2117d741249df3a0bb230479a Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 23 Jun 2026 14:17:31 -0400 Subject: [PATCH 32/58] settings fix --- .vscode/settings.json | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 9f6f364a7f..56d7b55625 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -28,31 +28,5 @@ } ] }, - "chat.useAgentSkills": true, - "githubPullRequests.queries": [ - { - "label": "Local Pull Request Branches", - "query": "default" - }, - { - "label": "Waiting For My Review", - "query": "repo:${owner}/${repository} is:open review-requested:${user}" - }, - { - "label": "Assigned To Me", - "query": "repo:${owner}/${repository} is:open assignee:${user}" - }, - { - "label": "Created By Me", - "query": "repo:${owner}/${repository} is:open author:${user}" - }, - { - "label": "All Open (-dependabot)", - "query": "repo:${owner}/${repository} is:open -label:dependencies" - }, - { - "label": "All Open", - "query": "default" - } - ] -} + "chat.useAgentSkills": true +} \ No newline at end of file From 7dab9c516505a6e46c48fac16f86329a6572e99c Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 23 Jun 2026 14:18:06 -0400 Subject: [PATCH 33/58] add nl --- .vscode/settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 56d7b55625..9f146249cb 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -29,4 +29,4 @@ ] }, "chat.useAgentSkills": true -} \ No newline at end of file +} From 636241cab64156ea9b9213dbfd02ba785612dbc0 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Fri, 26 Jun 2026 16:27:43 -0400 Subject: [PATCH 34/58] change to label --- pkg/apis/v1beta1/labels.go | 1 + pkg/providers/instancetype/instancetype.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/apis/v1beta1/labels.go b/pkg/apis/v1beta1/labels.go index dbb5e5d532..230bfb38ea 100644 --- a/pkg/apis/v1beta1/labels.go +++ b/pkg/apis/v1beta1/labels.go @@ -136,6 +136,7 @@ var ( LabelSKUStoragePremiumCapable = Group + "/sku-storage-premium-capable" // sku.IsPremiumIO LabelSKUStorageEphemeralOSMaxSize = Group + "/sku-storage-ephemeralos-maxsize" // calculated as max(sku.CachedDiskBytes, sku.MaxResourceVolumeMB) + LabelUltraSSD = Group + "/sku-storage-ultra-ssd" // sku.IsUltraSSD // GPU labels LabelSKUGPUName = Group + "/sku-gpu-name" // ie GPU Accelerator type we parse from vmSize diff --git a/pkg/providers/instancetype/instancetype.go b/pkg/providers/instancetype/instancetype.go index 09b150af90..9e25f468d1 100644 --- a/pkg/providers/instancetype/instancetype.go +++ b/pkg/providers/instancetype/instancetype.go @@ -195,6 +195,7 @@ func computeRequirements( scheduling.NewRequirement(v1beta1.LabelSKUStoragePremiumCapable, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsPremiumIO())), scheduling.NewRequirement(v1beta1.LabelSKUAcceleratedNetworking, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsAcceleratedNetworkingSupported())), scheduling.NewRequirement(v1beta1.LabelSKUHyperVGeneration, corev1.NodeSelectorOpDoesNotExist), + scheduling.NewRequirement(v1beta1.LabelUltraSSD, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsUltraSSD())), // all additive feature initialized elsewhere ) From 19bc5863d3597146b6856b2745714b63d8b7cff6 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 16:38:46 -0400 Subject: [PATCH 35/58] label impl --- pkg/providers/allocationstrategy/selection.go | 6 +++++ pkg/providers/instance/vminstance.go | 6 ++++- pkg/providers/instancetype/instancetype.go | 1 - pkg/providers/instancetype/instancetypes.go | 23 +++++++++++-------- 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/pkg/providers/allocationstrategy/selection.go b/pkg/providers/allocationstrategy/selection.go index dfc39d2062..5376c2cdaa 100644 --- a/pkg/providers/allocationstrategy/selection.go +++ b/pkg/providers/allocationstrategy/selection.go @@ -21,6 +21,7 @@ import ( karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" corecloudprovider "sigs.k8s.io/karpenter/pkg/cloudprovider" + "github.com/Azure/karpenter-provider-azure/pkg/apis/v1beta1" "github.com/Azure/karpenter-provider-azure/pkg/utils/zones" ) @@ -55,3 +56,8 @@ func (s *Selection) Zone() string { func (s *Selection) PlacementScope() string { return zones.PlacementScopeForOffering(s.Offering) } + +// UltraSSD returns the karpenter.azure.com/ultra-ssd value of the chosen offering. +func (s *Selection) UltraSSD() string { + return s.Offering.Requirements.Get(v1beta1.LabelUltraSSD).Any() +} diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index 1a8662e18a..442b8b7aea 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -763,9 +763,11 @@ func (p *DefaultVMProvider) beginLaunchInstance( } instanceType := selection.InstanceType capacityType := selection.CapacityType() + + ultraSSD := selection.UltraSSD() == "true" zone := selection.Zone() placementScope := selection.PlacementScope() - launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope) + launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope, ultraSSD) if err != nil { return nil, fmt.Errorf("getting launch template: %w", err) } @@ -926,6 +928,7 @@ func (p *DefaultVMProvider) getLaunchTemplate( instanceType *corecloudprovider.InstanceType, capacityType string, placementScope string, + ultraSSD bool, ) (*launchtemplate.Template, error) { // We need to get all single-valued requirement labels from the instance type and the nodeClaim to pass down to kubelet. // We don't just include single-value labels from the instance type because in the case where the label is NOT single-value on the instance @@ -941,6 +944,7 @@ func (p *DefaultVMProvider) getLaunchTemplate( map[string]string{ karpv1.CapacityTypeLabelKey: capacityType, v1beta1.LabelPlacementScope: placementScope, + v1beta1.LabelUltraSSD: fmt.Sprint(ultraSSD), }, ) diff --git a/pkg/providers/instancetype/instancetype.go b/pkg/providers/instancetype/instancetype.go index 9e25f468d1..09b150af90 100644 --- a/pkg/providers/instancetype/instancetype.go +++ b/pkg/providers/instancetype/instancetype.go @@ -195,7 +195,6 @@ func computeRequirements( scheduling.NewRequirement(v1beta1.LabelSKUStoragePremiumCapable, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsPremiumIO())), scheduling.NewRequirement(v1beta1.LabelSKUAcceleratedNetworking, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsAcceleratedNetworkingSupported())), scheduling.NewRequirement(v1beta1.LabelSKUHyperVGeneration, corev1.NodeSelectorOpDoesNotExist), - scheduling.NewRequirement(v1beta1.LabelUltraSSD, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsUltraSSD())), // all additive feature initialized elsewhere ) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index 6f6c654367..df757f4d0b 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -243,16 +243,6 @@ func (p *DefaultProvider) instanceTypeZones(sku *skewer.SKU) sets.Set[string] { func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { offerings := []*cloudprovider.Offering{} for zone := range offeringZones { - if params.UltraSSDEnabled { - if zone == "0" && !sku.IsUltraSSDAvailableWithoutAvailabilityZone() { - continue - } - - // Zones are formatted as -, but we only care about the zone part. - if z := strings.Split(zone, "-"); len(z) > 1 && !sku.IsUltraSSDAvailableInAvailabilityZone(z[len(z)-1]) { - continue - } - } placementScope := zones.PlacementScopeForZone(zone) onDemandPrice, onDemandOk := p.pricingProvider.OnDemandPrice(*sku.Name) spotPrice, spotOk := p.pricingProvider.SpotPrice(*sku.Name) @@ -266,6 +256,7 @@ func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Se scheduling.NewRequirement(v1beta1.AKSLabelPriority, corev1.NodeSelectorOpIn, v1beta1.PriorityRegular), scheduling.NewRequirement(corev1.LabelTopologyZone, corev1.NodeSelectorOpIn, zone), scheduling.NewRequirement(v1beta1.LabelPlacementScope, corev1.NodeSelectorOpIn, placementScope), + scheduling.NewRequirement(v1beta1.LabelUltraSSD, corev1.NodeSelectorOpIn, fmt.Sprint(isUltraSSDAvailable(sku, zone))), ), Price: onDemandPrice, Available: availableOnDemand, @@ -278,6 +269,7 @@ func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Se scheduling.NewRequirement(v1beta1.AKSLabelPriority, corev1.NodeSelectorOpIn, v1beta1.PrioritySpot), scheduling.NewRequirement(corev1.LabelTopologyZone, corev1.NodeSelectorOpIn, zone), scheduling.NewRequirement(v1beta1.LabelPlacementScope, corev1.NodeSelectorOpIn, placementScope), + scheduling.NewRequirement(v1beta1.LabelUltraSSD, corev1.NodeSelectorOpIn, fmt.Sprint(isUltraSSDAvailable(sku, zone))), ), Price: spotPrice, Available: availableSpot, @@ -533,3 +525,14 @@ func nvmeDiskSizeInMiB(s *skewer.SKU) (int64, error) { const selector = "NvmeDiskSizeInMiB" return s.GetCapabilityIntegerQuantity(selector) } + +func isUltraSSDAvailable(sku *skewer.SKU, zone string) bool { + if zone == "0" { + return sku.IsUltraSSDAvailableWithoutAvailabilityZone() + } + z := strings.Split(zone, "-") + if len(z) > 1 { + return sku.IsUltraSSDAvailableInAvailabilityZone(z[len(z)-1]) + } + return false +} From e9044a6920ffeb996e68a414c83ac0ba668e5db4 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 17:11:29 -0400 Subject: [PATCH 36/58] pass the label downstream as an argument to enable ultra ssd --- pkg/providers/instance/aksmachineinstance.go | 3 ++- pkg/providers/instance/aksmachineinstancehelpers.go | 4 ++-- pkg/providers/instance/vminstance.go | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstance.go b/pkg/providers/instance/aksmachineinstance.go index aedd8549fd..266045f2f1 100644 --- a/pkg/providers/instance/aksmachineinstance.go +++ b/pkg/providers/instance/aksmachineinstance.go @@ -441,9 +441,10 @@ func (p *DefaultAKSMachineProvider) beginCreateMachine( capacityType := selection.CapacityType() zone := selection.Zone() placementScope := selection.PlacementScope() + ultraSSD := selection.UltraSSD() == "true" // Build the AKS machine template - aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, nodeClass, nodeClaim) + aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, ultraSSD, nodeClass, nodeClaim) if err != nil { return nil, fmt.Errorf("failed to build AKS machine template from template: %w", err) } diff --git a/pkg/providers/instance/aksmachineinstancehelpers.go b/pkg/providers/instance/aksmachineinstancehelpers.go index d1c085cb7c..4fa3f25f82 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers.go +++ b/pkg/providers/instance/aksmachineinstancehelpers.go @@ -50,7 +50,7 @@ import ( // system knows to move it to the per-machine header. // - If the field is the same for all NodeClaims in a NodePool+NodeClass (like VMSize), // no action needed — it's automatically part of the shared template and batch grouping hash. -func (p *DefaultAKSMachineProvider) buildAKSMachineTemplate(ctx context.Context, instanceType *corecloudprovider.InstanceType, capacityType string, placementScope string, zone string, nodeClass *v1beta1.AKSNodeClass, nodeClaim *karpv1.NodeClaim) (*armcontainerservice.Machine, error) { +func (p *DefaultAKSMachineProvider) buildAKSMachineTemplate(ctx context.Context, instanceType *corecloudprovider.InstanceType, capacityType string, placementScope string, zone string, ultraSSD bool, nodeClass *v1beta1.AKSNodeClass, nodeClaim *karpv1.NodeClaim) (*armcontainerservice.Machine, error) { if instanceType == nil { return nil, fmt.Errorf("InstanceType is not set") } @@ -129,7 +129,7 @@ func (p *DefaultAKSMachineProvider) buildAKSMachineTemplate(ctx context.Context, VMSize: lo.ToPtr(instanceType.Name), // GPUInstanceProfile: nil, GpuProfile: gpuProfile, - UltraSsdEnabled: configureUltraSSDEnabled(nodeClass), + UltraSsdEnabled: lo.ToPtr(ultraSSD), }, OperatingSystem: &armcontainerservice.MachineOSProfile{ OSType: lo.ToPtr(armcontainerservice.OSTypeLinux), diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index 442b8b7aea..ebe25ef60c 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -832,7 +832,7 @@ func (p *DefaultVMProvider) beginLaunchInstance( UseSIG: options.FromContext(ctx).UseSIG, DiskEncryptionSetID: p.diskEncryptionSetID, NodePoolName: nodeClaim.Labels[karpv1.NodePoolLabelKey], - UltraSsdEnabled: nodeClass.IsUltraSSDEnabled(), + UltraSsdEnabled: ultraSSD, }) if err != nil { sku, skuErr := p.instanceTypeProvider.Get(ctx, instanceType.Name) From f3a537b3e982b6b05bbc7a7a4db54cd116327c20 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 17:24:53 -0400 Subject: [PATCH 37/58] rm ultrassd --- .../karpenter.azure.com_aksnodeclasses.yaml | 14 ------------- .../karpenter.azure.com_aksnodeclasses.yaml | 14 ------------- pkg/apis/v1alpha2/aksnodeclass.go | 16 -------------- pkg/apis/v1beta1/aksnodeclass.go | 21 ------------------- 4 files changed, 65 deletions(-) diff --git a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml index be0ece35e0..fe560ce078 100644 --- a/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml +++ b/charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml @@ -768,13 +768,6 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) - ultraSSD: - description: ultraSSD enables Ultra SSD for the provisioned nodes. - properties: - enabled: - description: enabled indicates if Ultra SSD is enabled. - type: boolean - type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. @@ -1675,13 +1668,6 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) - ultraSSD: - description: ultraSSD enables Ultra SSD for the provisioned nodes. - properties: - enabled: - description: enabled indicates if Ultra SSD is enabled. - type: boolean - type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. diff --git a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml index be0ece35e0..fe560ce078 100644 --- a/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml +++ b/pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml @@ -768,13 +768,6 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) - ultraSSD: - description: ultraSSD enables Ultra SSD for the provisioned nodes. - properties: - enabled: - description: enabled indicates if Ultra SSD is enabled. - type: boolean - type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. @@ -1675,13 +1668,6 @@ spec: rule: self.all(k, !k.contains('\\')) - message: tags values must be less than 256 characters rule: self.all(k, size(self[k]) <= 256) - ultraSSD: - description: ultraSSD enables Ultra SSD for the provisioned nodes. - properties: - enabled: - description: enabled indicates if Ultra SSD is enabled. - type: boolean - type: object vnetSubnetID: description: |- vnetSubnetID is the subnet used by nics provisioned with this nodeclass. diff --git a/pkg/apis/v1alpha2/aksnodeclass.go b/pkg/apis/v1alpha2/aksnodeclass.go index 28d8e9f5d1..7b55ebc618 100644 --- a/pkg/apis/v1alpha2/aksnodeclass.go +++ b/pkg/apis/v1alpha2/aksnodeclass.go @@ -41,19 +41,6 @@ type ArtifactStreaming struct { Enabled *bool `json:"enabled,omitempty"` } -// UltraSSD configures Ultra SSD for provisioned nodes. -// UltraSSD allows nodes to use Ultra SSD. -type UltraSSD struct { - // enabled indicates if Ultra SSD is enabled. - // +optional - Enabled *bool `json:"enabled,omitempty"` -} - -// IsEnabled returns true if Ultra SSD is enabled. -func (u *UltraSSD) IsEnabled() bool { - return u != nil && u.Enabled != nil && *u.Enabled -} - // AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider. // This will contain configuration necessary to launch instances in AKS. // +kubebuilder:validation:XValidation:message="FIPS is not yet supported for Ubuntu2204 or Ubuntu2404",rule="has(self.fipsMode) && self.fipsMode == 'FIPS' ? (has(self.imageFamily) && self.imageFamily != 'Ubuntu2204' && self.imageFamily != 'Ubuntu2404') : true" @@ -129,9 +116,6 @@ type AKSNodeClassSpec struct { // https://learn.microsoft.com/en-us/azure/aks/custom-node-configuration // +optional LinuxOSConfig *LinuxOSConfiguration `json:"linuxOSConfig,omitempty"` - // ultraSSD enables Ultra SSD for the provisioned nodes. - // +optional - UltraSSD *UltraSSD `json:"ultraSSD,omitempty"` } // TODO: Add link for the aka.ms/nap/aksnodeclass-enable-host-encryption docs diff --git a/pkg/apis/v1beta1/aksnodeclass.go b/pkg/apis/v1beta1/aksnodeclass.go index 0bce752459..ce299caf16 100644 --- a/pkg/apis/v1beta1/aksnodeclass.go +++ b/pkg/apis/v1beta1/aksnodeclass.go @@ -58,19 +58,6 @@ func (a *ArtifactStreaming) IsEnabled(arch string) bool { return a != nil && a.Enabled != nil && *a.Enabled } -// UltraSSD configures Ultra SSD for provisioned nodes. -// UltraSSD allows nodes to use Ultra SSD. -type UltraSSD struct { - // enabled indicates if Ultra SSD is enabled. - // +optional - Enabled *bool `json:"enabled,omitempty"` -} - -// IsUltraSSDEnabled returns true if Ultra SSD is enabled. -func (u *UltraSSD) IsEnabled() bool { - return u != nil && u.Enabled != nil && *u.Enabled -} - // AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider. // This will contain configuration necessary to launch instances in AKS. // +kubebuilder:validation:XValidation:message="FIPS is not yet supported for Ubuntu2204 or Ubuntu2404",rule="has(self.fipsMode) && self.fipsMode == 'FIPS' ? (has(self.imageFamily) && self.imageFamily != 'Ubuntu2204' && self.imageFamily != 'Ubuntu2404') : true" @@ -146,9 +133,6 @@ type AKSNodeClassSpec struct { // https://learn.microsoft.com/en-us/azure/aks/custom-node-configuration // +optional LinuxOSConfig *LinuxOSConfiguration `json:"linuxOSConfig,omitempty"` - // ultraSSD enables Ultra SSD for the provisioned nodes. - // +optional - UltraSSD *UltraSSD `json:"ultraSSD,omitempty"` } // TODO: Add link for the aka.ms/nap/aksnodeclass-enable-host-encryption docs @@ -811,8 +795,3 @@ func (in *AKSNodeClass) GetGPUMode() GPUMode { func (in *AKSNodeClass) IsGPUDriverInstallationEnabled() bool { return in.GetGPUMode() != GPUModeNone } - -// IsUltraSSDEnabled returns true if Ultra SSD is enabled. -func (in *AKSNodeClass) IsUltraSSDEnabled() bool { - return in.Spec.UltraSSD != nil && in.Spec.UltraSSD.Enabled != nil && *in.Spec.UltraSSD.Enabled -} From 33205fd6db9c976432683fb89116f3195fc2157e Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 17:30:19 -0400 Subject: [PATCH 38/58] generate diff --- pkg/apis/v1alpha2/zz_generated.deepcopy.go | 25 ---------------------- pkg/apis/v1beta1/zz_generated.deepcopy.go | 25 ---------------------- 2 files changed, 50 deletions(-) diff --git a/pkg/apis/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/v1alpha2/zz_generated.deepcopy.go index 9619703c1f..8bae2732e3 100644 --- a/pkg/apis/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/v1alpha2/zz_generated.deepcopy.go @@ -155,11 +155,6 @@ func (in *AKSNodeClassSpec) DeepCopyInto(out *AKSNodeClassSpec) { *out = new(LinuxOSConfiguration) (*in).DeepCopyInto(*out) } - if in.UltraSSD != nil { - in, out := &in.UltraSSD, &out.UltraSSD - *out = new(UltraSSD) - (*in).DeepCopyInto(*out) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AKSNodeClassSpec. @@ -621,23 +616,3 @@ func (in *SysctlConfiguration) DeepCopy() *SysctlConfiguration { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UltraSSD) DeepCopyInto(out *UltraSSD) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UltraSSD. -func (in *UltraSSD) DeepCopy() *UltraSSD { - if in == nil { - return nil - } - out := new(UltraSSD) - in.DeepCopyInto(out) - return out -} diff --git a/pkg/apis/v1beta1/zz_generated.deepcopy.go b/pkg/apis/v1beta1/zz_generated.deepcopy.go index 7e65f93fb1..4fd113dc71 100644 --- a/pkg/apis/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/v1beta1/zz_generated.deepcopy.go @@ -155,11 +155,6 @@ func (in *AKSNodeClassSpec) DeepCopyInto(out *AKSNodeClassSpec) { *out = new(LinuxOSConfiguration) (*in).DeepCopyInto(*out) } - if in.UltraSSD != nil { - in, out := &in.UltraSSD, &out.UltraSSD - *out = new(UltraSSD) - (*in).DeepCopyInto(*out) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AKSNodeClassSpec. @@ -621,23 +616,3 @@ func (in *SysctlConfiguration) DeepCopy() *SysctlConfiguration { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UltraSSD) DeepCopyInto(out *UltraSSD) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UltraSSD. -func (in *UltraSSD) DeepCopy() *UltraSSD { - if in == nil { - return nil - } - out := new(UltraSSD) - in.DeepCopyInto(out) - return out -} From 01033e8f6ea7437f03c1ec36a343dca88fcc665e Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 17:37:33 -0400 Subject: [PATCH 39/58] better equalfold --- pkg/providers/allocationstrategy/selection.go | 6 ++++-- pkg/providers/instance/aksmachineinstance.go | 2 +- pkg/providers/instance/vminstance.go | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/pkg/providers/allocationstrategy/selection.go b/pkg/providers/allocationstrategy/selection.go index 5376c2cdaa..5038b020fe 100644 --- a/pkg/providers/allocationstrategy/selection.go +++ b/pkg/providers/allocationstrategy/selection.go @@ -17,6 +17,8 @@ limitations under the License. package allocationstrategy import ( + "strings" + corev1 "k8s.io/api/core/v1" karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" corecloudprovider "sigs.k8s.io/karpenter/pkg/cloudprovider" @@ -58,6 +60,6 @@ func (s *Selection) PlacementScope() string { } // UltraSSD returns the karpenter.azure.com/ultra-ssd value of the chosen offering. -func (s *Selection) UltraSSD() string { - return s.Offering.Requirements.Get(v1beta1.LabelUltraSSD).Any() +func (s *Selection) UltraSSD() bool { + return strings.EqualFold(s.Offering.Requirements.Get(v1beta1.LabelUltraSSD).Any(), "true") } diff --git a/pkg/providers/instance/aksmachineinstance.go b/pkg/providers/instance/aksmachineinstance.go index 266045f2f1..562361a140 100644 --- a/pkg/providers/instance/aksmachineinstance.go +++ b/pkg/providers/instance/aksmachineinstance.go @@ -441,7 +441,7 @@ func (p *DefaultAKSMachineProvider) beginCreateMachine( capacityType := selection.CapacityType() zone := selection.Zone() placementScope := selection.PlacementScope() - ultraSSD := selection.UltraSSD() == "true" + ultraSSD := selection.UltraSSD() // Build the AKS machine template aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, ultraSSD, nodeClass, nodeClaim) diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index ebe25ef60c..1a80d18c34 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -764,7 +764,7 @@ func (p *DefaultVMProvider) beginLaunchInstance( instanceType := selection.InstanceType capacityType := selection.CapacityType() - ultraSSD := selection.UltraSSD() == "true" + ultraSSD := selection.UltraSSD() zone := selection.Zone() placementScope := selection.PlacementScope() launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope, ultraSSD) From 5d1c4d224f2559b7dd2af93f224231c7548aa198 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 17:42:42 -0400 Subject: [PATCH 40/58] remove a bunch of nodeclass stuff --- .../instance/aksmachineinstancehelpers.go | 7 ---- .../aksmachineinstancehelpers_test.go | 33 ------------------- pkg/providers/instancetype/instancetypes.go | 1 - 3 files changed, 41 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstancehelpers.go b/pkg/providers/instance/aksmachineinstancehelpers.go index 4fa3f25f82..25ef6584ff 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers.go +++ b/pkg/providers/instance/aksmachineinstancehelpers.go @@ -370,13 +370,6 @@ func configureLabelsAndMode(nodeClaim *karpv1.NodeClaim, instanceType *corecloud return nodeLabelPtrs, modePtr } -func configureUltraSSDEnabled(nodeClass *v1beta1.AKSNodeClass) *bool { - if nodeClass == nil { - return nil - } - return lo.ToPtr(nodeClass.IsUltraSSDEnabled()) -} - // ConfigureAKSMachineTags returns the tags to be applied to AKS machine instances and their affiliated resources. // This includes all standard tags plus the AKS machine distinguishing tag. func ConfigureAKSMachineTags(opts *options.Options, nodeClass *v1beta1.AKSNodeClass, nodeClaim *karpv1.NodeClaim) map[string]*string { diff --git a/pkg/providers/instance/aksmachineinstancehelpers_test.go b/pkg/providers/instance/aksmachineinstancehelpers_test.go index 388d654bc4..498a9bd83d 100644 --- a/pkg/providers/instance/aksmachineinstancehelpers_test.go +++ b/pkg/providers/instance/aksmachineinstancehelpers_test.go @@ -592,39 +592,6 @@ var _ = Describe("AKSMachineInstance Helper Functions", func() { ) }) - Context("configureUltraSSDEnabled", func() { - It("should return nil when nodeClass is nil", func() { - Expect(configureUltraSSDEnabled(nil)).To(BeNil()) - }) - - It("should return false when UltraSSD is not configured", func() { - nodeClass.Spec.UltraSSD = nil - - result := configureUltraSSDEnabled(nodeClass) - - Expect(result).ToNot(BeNil()) - Expect(*result).To(BeFalse()) - }) - - It("should return false when UltraSSD is explicitly disabled", func() { - nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{Enabled: lo.ToPtr(false)} - - result := configureUltraSSDEnabled(nodeClass) - - Expect(result).ToNot(BeNil()) - Expect(*result).To(BeFalse()) - }) - - It("should return true when UltraSSD is enabled", func() { - nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{Enabled: lo.ToPtr(true)} - - result := configureUltraSSDEnabled(nodeClass) - - Expect(result).ToNot(BeNil()) - Expect(*result).To(BeTrue()) - }) - }) - Context("configureKubeletConfig", func() { It("should return nil when nodeClass is nil", func() { config := configureKubeletConfig(nil) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index df757f4d0b..0143524595 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -147,7 +147,6 @@ func (p *DefaultProvider) List( ArtifactStreamingEnabled: nodeClass.IsArtifactStreamingExplicitlyEnabled(), FIPSMode: lo.FromPtr(nodeClass.Spec.FIPSMode), LocalDNSEnabled: nodeClass.IsLocalDNSEnabled(), - UltraSSDEnabled: nodeClass.IsUltraSSDEnabled(), } paramsHash, _ := hashstructure.Hash(instanceTypeParams, hashstructure.FormatV2, &hashstructure.HashOptions{SlicesAsSets: true}) key := fmt.Sprintf("%d-%d-%016x", From a5b01097336b0786d182a23185bf1e0d71b90f7b Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 17:46:28 -0400 Subject: [PATCH 41/58] rm params --- pkg/providers/instancetype/instancetypes.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/providers/instancetype/instancetypes.go b/pkg/providers/instancetype/instancetypes.go index 0143524595..41a59105ca 100644 --- a/pkg/providers/instancetype/instancetypes.go +++ b/pkg/providers/instancetype/instancetypes.go @@ -175,7 +175,7 @@ func (p *DefaultProvider) List( continue } instanceTypeZones := p.instanceTypeZones(sku) - instanceType := newInstanceType(ctx, sku, vmsize, p.region, p.createOfferings(sku, instanceTypeZones, instanceTypeParams), instanceTypeParams, architecture) + instanceType := newInstanceType(ctx, sku, vmsize, p.region, p.createOfferings(sku, instanceTypeZones), instanceTypeParams, architecture) if len(instanceType.Offerings) == 0 { continue } @@ -239,7 +239,7 @@ func (p *DefaultProvider) instanceTypeZones(sku *skewer.SKU) sets.Set[string] { // offering, you can do the following thanks to this invariant: // // offering.Requirements.Get(v1.TopologyLabelZone).Any() -func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string], params *instanceTypeParameters) cloudprovider.Offerings { +func (p *DefaultProvider) createOfferings(sku *skewer.SKU, offeringZones sets.Set[string]) cloudprovider.Offerings { offerings := []*cloudprovider.Offering{} for zone := range offeringZones { placementScope := zones.PlacementScopeForZone(zone) From 2330c3e861f7f23dc2b56e3d9c2db4fe13108376 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 18:09:47 -0400 Subject: [PATCH 42/58] register --- pkg/apis/v1beta1/labels.go | 2 ++ test/suites/integration/ultrassd_test.go | 19 +++++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/pkg/apis/v1beta1/labels.go b/pkg/apis/v1beta1/labels.go index 230bfb38ea..d4a725dcb1 100644 --- a/pkg/apis/v1beta1/labels.go +++ b/pkg/apis/v1beta1/labels.go @@ -37,6 +37,7 @@ func init() { karpv1.WellKnownValuesForRequirements[karpv1.CapacityTypeLabelKey] = sets.New(karpv1.CapacityTypeOnDemand, karpv1.CapacityTypeSpot) karpv1.WellKnownValuesForRequirements[LabelSKUAcceleratedNetworking] = sets.New("true", "false") karpv1.WellKnownValuesForRequirements[LabelSKUStoragePremiumCapable] = sets.New("true", "false") + karpv1.WellKnownValuesForRequirements[LabelUltraSSD] = sets.New("true", "false") karpv1.WellKnownValuesForRequirements[LabelSKUGPUManufacturer] = sets.New(ManufacturerNvidia, ManufacturerAMD) karpv1.WellKnownValuesForRequirements[LabelPlacementScope] = sets.New(PlacementScopeZonal, PlacementScopeRegional) karpv1.WellKnownValuesForRequirements[AKSLabelMode] = sets.New(ModeSystem, ModeUser) @@ -95,6 +96,7 @@ var ( LabelSKUStoragePremiumCapable, LabelSKUStorageEphemeralOSMaxSize, + LabelUltraSSD, LabelSKUGPUName, LabelSKUGPUManufacturer, diff --git a/test/suites/integration/ultrassd_test.go b/test/suites/integration/ultrassd_test.go index 134c90c917..f572a1a7b0 100644 --- a/test/suites/integration/ultrassd_test.go +++ b/test/suites/integration/ultrassd_test.go @@ -18,6 +18,7 @@ package integration_test import ( corev1 "k8s.io/api/core/v1" + karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" coretest "sigs.k8s.io/karpenter/pkg/test" "github.com/Azure/karpenter-provider-azure/pkg/apis/v1beta1" @@ -27,10 +28,11 @@ import ( var _ = Describe("UltraSSD", func() { It("should enable UltraSSD when explicitly enabled", func() { - enabled := true - nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{ - Enabled: &enabled, - } + nodePool = coretest.ReplaceRequirements(nodePool, karpv1.NodeSelectorRequirementWithMinValues{ + Key: v1beta1.LabelUltraSSD, + Operator: corev1.NodeSelectorOpIn, + Values: []string{"true"}, + }) deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) env.ExpectCreated(nodeClass, nodePool, deployment) @@ -42,10 +44,11 @@ var _ = Describe("UltraSSD", func() { }) It("should disable UltraSSD when explicitly disabled", func() { - enabled := false - nodeClass.Spec.UltraSSD = &v1beta1.UltraSSD{ - Enabled: &enabled, - } + nodePool = coretest.ReplaceRequirements(nodePool, karpv1.NodeSelectorRequirementWithMinValues{ + Key: v1beta1.LabelUltraSSD, + Operator: corev1.NodeSelectorOpIn, + Values: []string{"false"}, + }) deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) env.ExpectCreated(nodeClass, nodePool, deployment) From 1c6af9fcae39649a0a3902ec2890b54c5cc6a6b5 Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 18:48:19 -0400 Subject: [PATCH 43/58] add focus --- .github/workflows/e2e.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 7be750c360..5ed23715ae 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -7,6 +7,10 @@ on: suite: type: string required: true + focus: + type: string + description: "optional ginkgo focus regex" + default: "" location: type: string description: "the azure location to run the e2e test in" @@ -51,6 +55,10 @@ on: - Storage - Subnet - Utilization + focus: + type: string + description: "optional ginkgo focus regex" + default: "" location: type: choice description: "Azure location to run the e2e test in" @@ -240,6 +248,7 @@ jobs: TEST_SUITE: ${{ inputs.suite }} GIT_REF: ${{ github.sha }} PROVISION_MODE: ${{ inputs.provision_mode }} + FOCUS: ${{ inputs.focus }} run: | make az-creds make e2etests From d0034c445be5e19a0a0a123e53b739ca8bf35eca Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Mon, 29 Jun 2026 19:10:13 -0400 Subject: [PATCH 44/58] update test --- pkg/apis/v1alpha2/crd_validation_cel_test.go | 1 + pkg/apis/v1beta1/crd_validation_cel_test.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/apis/v1alpha2/crd_validation_cel_test.go b/pkg/apis/v1alpha2/crd_validation_cel_test.go index b1cd33edef..7839ffa674 100644 --- a/pkg/apis/v1alpha2/crd_validation_cel_test.go +++ b/pkg/apis/v1alpha2/crd_validation_cel_test.go @@ -782,6 +782,7 @@ var _ = Describe("CEL/Validation", func() { v1beta1.AKSLabelPriority, v1beta1.AKSLabelOSSKU, v1beta1.AKSLabelFIPSEnabled, + v1beta1.LabelUltraSSD, ) expectKnownValueValidationError := func(err error, key string) { Expect(err).To(MatchError(And( diff --git a/pkg/apis/v1beta1/crd_validation_cel_test.go b/pkg/apis/v1beta1/crd_validation_cel_test.go index e7925f876b..3971c1bc27 100644 --- a/pkg/apis/v1beta1/crd_validation_cel_test.go +++ b/pkg/apis/v1beta1/crd_validation_cel_test.go @@ -782,6 +782,7 @@ var _ = Describe("CEL/Validation", func() { v1beta1.AKSLabelPriority, v1beta1.AKSLabelOSSKU, v1beta1.AKSLabelFIPSEnabled, + v1beta1.LabelUltraSSD, ) expectKnownValueValidationError := func(err error, key string) { Expect(err).To(MatchError(And( From 30a02f5be967d3fe266f18d2b824b7c3bb1e28ba Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 30 Jun 2026 11:05:09 -0400 Subject: [PATCH 45/58] add in labels --- pkg/apis/v1alpha2/crd_validation_cel_test.go | 1 + pkg/apis/v1beta1/crd_validation_cel_test.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/apis/v1alpha2/crd_validation_cel_test.go b/pkg/apis/v1alpha2/crd_validation_cel_test.go index 7839ffa674..8c411d1b89 100644 --- a/pkg/apis/v1alpha2/crd_validation_cel_test.go +++ b/pkg/apis/v1alpha2/crd_validation_cel_test.go @@ -903,6 +903,7 @@ var _ = Describe("CEL/Validation", func() { Entry("AKS OS SKU Ubuntu", v1beta1.AKSLabelOSSKU, v1beta1.OSSKUUbuntu, v1beta1.Ubuntu2204ImageFamily), Entry("AKS OS SKU AzureLinux", v1beta1.AKSLabelOSSKU, v1beta1.OSSKUAzureLinux, "AzureLinux3"), Entry("AKS FIPS enabled", v1beta1.AKSLabelFIPSEnabled, "true", "false"), + Entry("UltraSSD", v1beta1.LabelUltraSSD, "true", "maybe"), ) It("should not allow restricted kubernetes.azure.com requirements", func() { oldNodePool := nodePool.DeepCopy() diff --git a/pkg/apis/v1beta1/crd_validation_cel_test.go b/pkg/apis/v1beta1/crd_validation_cel_test.go index 3971c1bc27..33855906b7 100644 --- a/pkg/apis/v1beta1/crd_validation_cel_test.go +++ b/pkg/apis/v1beta1/crd_validation_cel_test.go @@ -903,6 +903,7 @@ var _ = Describe("CEL/Validation", func() { Entry("AKS OS SKU Ubuntu", v1beta1.AKSLabelOSSKU, v1beta1.OSSKUUbuntu, v1beta1.Ubuntu2204ImageFamily), Entry("AKS OS SKU AzureLinux", v1beta1.AKSLabelOSSKU, v1beta1.OSSKUAzureLinux, "AzureLinux3"), Entry("AKS FIPS enabled", v1beta1.AKSLabelFIPSEnabled, "true", "false"), + Entry("UltraSSD", v1beta1.LabelUltraSSD, "true", "maybe"), ) It("should not allow internal labels", func() { oldNodePool := nodePool.DeepCopy() From 8146ba9fde16be2b906e443344d16ce95c9cc2da Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 30 Jun 2026 12:40:01 -0400 Subject: [PATCH 46/58] switch to label --- pkg/apis/v1alpha2/crd_validation_cel_test.go | 16 +++++++++++++++- pkg/apis/v1beta1/crd_validation_cel_test.go | 16 +++++++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/pkg/apis/v1alpha2/crd_validation_cel_test.go b/pkg/apis/v1alpha2/crd_validation_cel_test.go index 8c411d1b89..fea0eba387 100644 --- a/pkg/apis/v1alpha2/crd_validation_cel_test.go +++ b/pkg/apis/v1alpha2/crd_validation_cel_test.go @@ -955,8 +955,22 @@ var _ = Describe("CEL/Validation", func() { }) Context("Labels", func() { It("should allow well known label exceptions", func() { + knownValueLabelLabels := sets.New( + karpv1.NodePoolLabelKey, + karpv1.CapacityTypeLabelKey, + v1beta1.LabelSKUAcceleratedNetworking, + v1beta1.LabelSKUStoragePremiumCapable, + v1beta1.LabelSKUGPUManufacturer, + v1beta1.LabelPlacementScope, + v1beta1.AKSLabelMode, + v1beta1.AKSLabelScaleSetPriority, + v1beta1.AKSLabelPriority, + v1beta1.AKSLabelOSSKU, + v1beta1.AKSLabelFIPSEnabled, + v1beta1.LabelUltraSSD, + ) oldNodePool := nodePool.DeepCopy() - for label := range karpv1.WellKnownLabels.Difference(sets.New(karpv1.NodePoolLabelKey)) { + for label := range karpv1.WellKnownLabels.Difference(knownValueLabelLabels) { nodePool.Spec.Template.Labels = map[string]string{ label: "test", } diff --git a/pkg/apis/v1beta1/crd_validation_cel_test.go b/pkg/apis/v1beta1/crd_validation_cel_test.go index 33855906b7..23bb546d38 100644 --- a/pkg/apis/v1beta1/crd_validation_cel_test.go +++ b/pkg/apis/v1beta1/crd_validation_cel_test.go @@ -965,8 +965,22 @@ var _ = Describe("CEL/Validation", func() { }) Context("Labels", func() { It("should allow well known label exceptions", func() { + knownValueLabelLabels := sets.New( + karpv1.NodePoolLabelKey, + karpv1.CapacityTypeLabelKey, + v1beta1.LabelSKUAcceleratedNetworking, + v1beta1.LabelSKUStoragePremiumCapable, + v1beta1.LabelSKUGPUManufacturer, + v1beta1.LabelPlacementScope, + v1beta1.AKSLabelMode, + v1beta1.AKSLabelScaleSetPriority, + v1beta1.AKSLabelPriority, + v1beta1.AKSLabelOSSKU, + v1beta1.AKSLabelFIPSEnabled, + v1beta1.LabelUltraSSD, + ) oldNodePool := nodePool.DeepCopy() - for label := range karpv1.WellKnownLabels.Difference(sets.New(karpv1.NodePoolLabelKey)) { + for label := range karpv1.WellKnownLabels.Difference(knownValueLabelLabels) { nodePool.Spec.Template.Labels = map[string]string{ label: "test", } From abab37a4e8b9ad265fe7a215ad06b36687da6f5b Mon Sep 17 00:00:00 2001 From: Pablo Trivino Date: Tue, 30 Jun 2026 13:17:29 -0400 Subject: [PATCH 47/58] generate yamls --- charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml | 2 +- charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml | 2 +- charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml | 4 ++-- pkg/apis/crds/karpenter.sh_nodeclaims.yaml | 2 +- pkg/apis/crds/karpenter.sh_nodeoverlays.yaml | 2 +- pkg/apis/crds/karpenter.sh_nodepools.yaml | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml index 643db3a27d..9a11f6483d 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml @@ -127,7 +127,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml index 59db4c398d..e2b4510d53 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml @@ -100,7 +100,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml index 76adfe2f80..4180055a5c 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml @@ -223,7 +223,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - message: label domain "karpenter.azure.com" is restricted - rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) - message: label domain "kubernetes.azure.com" is restricted rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com")) - message: label "agentpool" is restricted @@ -302,7 +302,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml index 643db3a27d..9a11f6483d 100644 --- a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml @@ -127,7 +127,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml b/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml index 59db4c398d..e2b4510d53 100644 --- a/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml @@ -100,7 +100,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodepools.yaml b/pkg/apis/crds/karpenter.sh_nodepools.yaml index 76adfe2f80..4180055a5c 100644 --- a/pkg/apis/crds/karpenter.sh_nodepools.yaml +++ b/pkg/apis/crds/karpenter.sh_nodepools.yaml @@ -223,7 +223,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - message: label domain "karpenter.azure.com" is restricted - rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) - message: label domain "kubernetes.azure.com" is restricted rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com")) - message: label "agentpool" is restricted @@ -302,7 +302,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted From 101e9740971a83024b8e84723a216112dba32ca7 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 30 Jun 2026 17:45:47 +0000 Subject: [PATCH 48/58] make verify --- charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml | 2 +- charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml | 2 +- charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml | 4 ++-- pkg/apis/crds/karpenter.sh_nodeclaims.yaml | 2 +- pkg/apis/crds/karpenter.sh_nodeoverlays.yaml | 2 +- pkg/apis/crds/karpenter.sh_nodepools.yaml | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml index 9a11f6483d..643db3a27d 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml @@ -127,7 +127,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml index e2b4510d53..59db4c398d 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml @@ -100,7 +100,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml index 4180055a5c..76adfe2f80 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml @@ -223,7 +223,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - message: label domain "karpenter.azure.com" is restricted - rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) - message: label domain "kubernetes.azure.com" is restricted rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com")) - message: label "agentpool" is restricted @@ -302,7 +302,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml index 9a11f6483d..643db3a27d 100644 --- a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml @@ -127,7 +127,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml b/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml index e2b4510d53..59db4c398d 100644 --- a/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml @@ -100,7 +100,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodepools.yaml b/pkg/apis/crds/karpenter.sh_nodepools.yaml index 4180055a5c..76adfe2f80 100644 --- a/pkg/apis/crds/karpenter.sh_nodepools.yaml +++ b/pkg/apis/crds/karpenter.sh_nodepools.yaml @@ -223,7 +223,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - message: label domain "karpenter.azure.com" is restricted - rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) - message: label domain "kubernetes.azure.com" is restricted rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com")) - message: label "agentpool" is restricted @@ -302,7 +302,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted From a9ae1dde9976dace0fb3234ef52f99ccf5cabfc3 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 30 Jun 2026 18:30:49 +0000 Subject: [PATCH 49/58] update labels --- hack/validation/labels.sh | 1 + hack/validation/requirements.sh | 1 + pkg/apis/crds/karpenter.sh_nodeclaims.yaml | 11 +++++++++-- pkg/apis/crds/karpenter.sh_nodeoverlays.yaml | 2 +- pkg/apis/crds/karpenter.sh_nodepools.yaml | 5 ++--- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/hack/validation/labels.sh b/hack/validation/labels.sh index 79fac443ef..c7671958eb 100755 --- a/hack/validation/labels.sh +++ b/hack/validation/labels.sh @@ -15,6 +15,7 @@ rule=$'self.all(x, x in "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", + "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", diff --git a/hack/validation/requirements.sh b/hack/validation/requirements.sh index f8665aa5c6..9daadbdf1f 100755 --- a/hack/validation/requirements.sh +++ b/hack/validation/requirements.sh @@ -15,6 +15,7 @@ rule=$'self in "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", + "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", diff --git a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml index 643db3a27d..2d4ea629fe 100644 --- a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml @@ -10,7 +10,6 @@ spec: names: categories: - karpenter - - nap kind: NodeClaim listKind: NodeClaimList plural: nodeclaims @@ -36,6 +35,14 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date + - jsonPath: .status.imageID + name: ImageID + priority: 1 + type: string + - jsonPath: .status.providerID + name: ID + priority: 1 + type: string - jsonPath: .metadata.labels.karpenter\.sh/nodepool name: NodePool priority: 1 @@ -127,7 +134,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml b/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml index 59db4c398d..c5ec0de4ef 100644 --- a/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeoverlays.yaml @@ -100,7 +100,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodepools.yaml b/pkg/apis/crds/karpenter.sh_nodepools.yaml index 76adfe2f80..316f38d8ac 100644 --- a/pkg/apis/crds/karpenter.sh_nodepools.yaml +++ b/pkg/apis/crds/karpenter.sh_nodepools.yaml @@ -10,7 +10,6 @@ spec: names: categories: - karpenter - - nap kind: NodePool listKind: NodePoolList plural: nodepools @@ -223,7 +222,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - message: label domain "karpenter.azure.com" is restricted - rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) - message: label domain "kubernetes.azure.com" is restricted rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com")) - message: label "agentpool" is restricted @@ -302,7 +301,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted From da0a33a9bb1a3e10389c81e9de43e7c6c7ce3ae0 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 30 Jun 2026 18:33:23 +0000 Subject: [PATCH 50/58] make verify --- .../karpenter-crd/templates/karpenter.sh_nodeclaims.yaml | 2 +- .../templates/karpenter.sh_nodeoverlays.yaml | 2 +- .../karpenter-crd/templates/karpenter.sh_nodepools.yaml | 4 ++-- pkg/apis/crds/karpenter.sh_nodeclaims.yaml | 9 +-------- pkg/apis/crds/karpenter.sh_nodepools.yaml | 1 + 5 files changed, 6 insertions(+), 12 deletions(-) diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml index 643db3a27d..13c128dba7 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml @@ -127,7 +127,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml index 59db4c398d..c5ec0de4ef 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeoverlays.yaml @@ -100,7 +100,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml index 76adfe2f80..7c6c1b5741 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml @@ -223,7 +223,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - message: label domain "karpenter.azure.com" is restricted - rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) - message: label domain "kubernetes.azure.com" is restricted rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com")) - message: label "agentpool" is restricted @@ -302,7 +302,7 @@ spec: - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - message: label domain "karpenter.azure.com" is restricted - rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") - message: label domain "kubernetes.azure.com" is restricted rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com") - message: label "agentpool" is restricted diff --git a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml index 2d4ea629fe..13c128dba7 100644 --- a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml @@ -10,6 +10,7 @@ spec: names: categories: - karpenter + - nap kind: NodeClaim listKind: NodeClaimList plural: nodeclaims @@ -35,14 +36,6 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.imageID - name: ImageID - priority: 1 - type: string - - jsonPath: .status.providerID - name: ID - priority: 1 - type: string - jsonPath: .metadata.labels.karpenter\.sh/nodepool name: NodePool priority: 1 diff --git a/pkg/apis/crds/karpenter.sh_nodepools.yaml b/pkg/apis/crds/karpenter.sh_nodepools.yaml index 316f38d8ac..7c6c1b5741 100644 --- a/pkg/apis/crds/karpenter.sh_nodepools.yaml +++ b/pkg/apis/crds/karpenter.sh_nodepools.yaml @@ -10,6 +10,7 @@ spec: names: categories: - karpenter + - nap kind: NodePool listKind: NodePoolList plural: nodepools From eb1bb9c73fbbfd5bbd81b555749b75ff9a7e0c33 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 30 Jun 2026 19:12:18 +0000 Subject: [PATCH 51/58] edit test suite to expect well known label --- pkg/providers/instancetype/suite_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/providers/instancetype/suite_test.go b/pkg/providers/instancetype/suite_test.go index 4b5591fb5d..0ac2d9afae 100644 --- a/pkg/providers/instancetype/suite_test.go +++ b/pkg/providers/instancetype/suite_test.go @@ -2628,6 +2628,7 @@ var _ = Describe("InstanceType Provider", func() { {Name: v1beta1.LabelSKUStorageEphemeralOSMaxSize, Label: v1beta1.LabelSKUStorageEphemeralOSMaxSize, ValueFunc: func() string { return "429" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, {Name: v1beta1.LabelSKUAcceleratedNetworking, Label: v1beta1.LabelSKUAcceleratedNetworking, ValueFunc: func() string { return "true" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, {Name: v1beta1.LabelSKUStoragePremiumCapable, Label: v1beta1.LabelSKUStoragePremiumCapable, ValueFunc: func() string { return "true" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, + {Name: v1beta1.LabelUltraSSD, Label: v1beta1.LabelUltraSSD, ValueFunc: func() string { return "true" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, {Name: v1beta1.LabelSKUGPUName, Label: v1beta1.LabelSKUGPUName, ValueFunc: func() string { return "A100" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, {Name: v1beta1.LabelSKUGPUManufacturer, Label: v1beta1.LabelSKUGPUManufacturer, ValueFunc: func() string { return "nvidia" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, {Name: v1beta1.LabelSKUGPUCount, Label: v1beta1.LabelSKUGPUCount, ValueFunc: func() string { return "1" }, ExpectedInKubeletLabels: true, ExpectedOnNode: true}, From f204f43a4c14c7148452ed9e1abb080480b28269 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 30 Jun 2026 20:23:15 +0000 Subject: [PATCH 52/58] undo change --- pkg/apis/v1beta1/crd_validation_cel_test.go | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/pkg/apis/v1beta1/crd_validation_cel_test.go b/pkg/apis/v1beta1/crd_validation_cel_test.go index 23bb546d38..33855906b7 100644 --- a/pkg/apis/v1beta1/crd_validation_cel_test.go +++ b/pkg/apis/v1beta1/crd_validation_cel_test.go @@ -965,22 +965,8 @@ var _ = Describe("CEL/Validation", func() { }) Context("Labels", func() { It("should allow well known label exceptions", func() { - knownValueLabelLabels := sets.New( - karpv1.NodePoolLabelKey, - karpv1.CapacityTypeLabelKey, - v1beta1.LabelSKUAcceleratedNetworking, - v1beta1.LabelSKUStoragePremiumCapable, - v1beta1.LabelSKUGPUManufacturer, - v1beta1.LabelPlacementScope, - v1beta1.AKSLabelMode, - v1beta1.AKSLabelScaleSetPriority, - v1beta1.AKSLabelPriority, - v1beta1.AKSLabelOSSKU, - v1beta1.AKSLabelFIPSEnabled, - v1beta1.LabelUltraSSD, - ) oldNodePool := nodePool.DeepCopy() - for label := range karpv1.WellKnownLabels.Difference(knownValueLabelLabels) { + for label := range karpv1.WellKnownLabels.Difference(sets.New(karpv1.NodePoolLabelKey)) { nodePool.Spec.Template.Labels = map[string]string{ label: "test", } From 1cd09aa35b90a6988d3d7c8ae2991f921fe81f64 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Tue, 30 Jun 2026 21:50:08 +0000 Subject: [PATCH 53/58] add another test --- test/suites/integration/ultrassd_test.go | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/test/suites/integration/ultrassd_test.go b/test/suites/integration/ultrassd_test.go index f572a1a7b0..1ba47c885c 100644 --- a/test/suites/integration/ultrassd_test.go +++ b/test/suites/integration/ultrassd_test.go @@ -27,11 +27,21 @@ import ( ) var _ = Describe("UltraSSD", func() { - It("should enable UltraSSD when explicitly enabled", func() { + It("should disable UltraSSD when not specified", func() { + deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) + env.ExpectCreated(nodeClass, nodePool, deployment) + pods := env.EventuallyExpectHealthyDeployment(deployment) + + env.EventuallyExpectInitializedNodeCount("==", 1) + node := env.GetNode(pods[0].Spec.NodeName) + verifyUltraSSDOnNode(node, false) + }) + + It("should disable UltraSSD when explicitly disabled", func() { nodePool = coretest.ReplaceRequirements(nodePool, karpv1.NodeSelectorRequirementWithMinValues{ Key: v1beta1.LabelUltraSSD, Operator: corev1.NodeSelectorOpIn, - Values: []string{"true"}, + Values: []string{"false"}, }) deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) @@ -40,14 +50,14 @@ var _ = Describe("UltraSSD", func() { env.EventuallyExpectInitializedNodeCount("==", 1) node := env.GetNode(pods[0].Spec.NodeName) - verifyUltraSSDOnNode(node, true) + verifyUltraSSDOnNode(node, false) }) - It("should disable UltraSSD when explicitly disabled", func() { + It("should enable UltraSSD when explicitly enabled", func() { nodePool = coretest.ReplaceRequirements(nodePool, karpv1.NodeSelectorRequirementWithMinValues{ Key: v1beta1.LabelUltraSSD, Operator: corev1.NodeSelectorOpIn, - Values: []string{"false"}, + Values: []string{"true"}, }) deployment := coretest.Deployment(coretest.DeploymentOptions{Replicas: 1}) @@ -56,7 +66,7 @@ var _ = Describe("UltraSSD", func() { env.EventuallyExpectInitializedNodeCount("==", 1) node := env.GetNode(pods[0].Spec.NodeName) - verifyUltraSSDOnNode(node, false) + verifyUltraSSDOnNode(node, true) }) }) From 4d754a1c61c8b9da0ab61b668f7cf945bc8d8c63 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Thu, 2 Jul 2026 14:21:38 +0000 Subject: [PATCH 54/58] ultra ssd from scheduling --- pkg/providers/instance/aksmachineinstance.go | 4 +++- pkg/providers/instance/vminstance.go | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstance.go b/pkg/providers/instance/aksmachineinstance.go index 562361a140..7844e17786 100644 --- a/pkg/providers/instance/aksmachineinstance.go +++ b/pkg/providers/instance/aksmachineinstance.go @@ -441,7 +441,9 @@ func (p *DefaultAKSMachineProvider) beginCreateMachine( capacityType := selection.CapacityType() zone := selection.Zone() placementScope := selection.PlacementScope() - ultraSSD := selection.UltraSSD() + ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...). + Get(v1beta1.LabelUltraSSD). + Has("true") // Build the AKS machine template aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, ultraSSD, nodeClass, nodeClaim) diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index 1a80d18c34..29fd8c0fa8 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -764,7 +764,9 @@ func (p *DefaultVMProvider) beginLaunchInstance( instanceType := selection.InstanceType capacityType := selection.CapacityType() - ultraSSD := selection.UltraSSD() + ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...). + Get(v1beta1.LabelUltraSSD). + Has("true") zone := selection.Zone() placementScope := selection.PlacementScope() launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope, ultraSSD) From 4e337faf9eb67fc4515139a080b1e4bef399f3ee Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Thu, 2 Jul 2026 15:34:18 +0000 Subject: [PATCH 55/58] more literal check --- pkg/providers/instance/aksmachineinstance.go | 5 ++--- pkg/providers/instance/vminstance.go | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstance.go b/pkg/providers/instance/aksmachineinstance.go index 7844e17786..6eff35bfb1 100644 --- a/pkg/providers/instance/aksmachineinstance.go +++ b/pkg/providers/instance/aksmachineinstance.go @@ -19,6 +19,7 @@ package instance import ( "context" "fmt" + "strings" "sync" "time" @@ -441,9 +442,7 @@ func (p *DefaultAKSMachineProvider) beginCreateMachine( capacityType := selection.CapacityType() zone := selection.Zone() placementScope := selection.PlacementScope() - ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...). - Get(v1beta1.LabelUltraSSD). - Has("true") + ultraSSD := strings.EqualFold(nodeClaim.Labels[v1beta1.LabelUltraSSD], "true") // Build the AKS machine template aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, ultraSSD, nodeClass, nodeClaim) diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index 29fd8c0fa8..6040e05055 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -21,6 +21,7 @@ import ( "errors" "fmt" "net/http" + "strings" "sync" "time" @@ -764,9 +765,7 @@ func (p *DefaultVMProvider) beginLaunchInstance( instanceType := selection.InstanceType capacityType := selection.CapacityType() - ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...). - Get(v1beta1.LabelUltraSSD). - Has("true") + ultraSSD := strings.EqualFold(nodeClaim.Labels[v1beta1.LabelUltraSSD], "true") zone := selection.Zone() placementScope := selection.PlacementScope() launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope, ultraSSD) From b7ad38cfa8a2ce47ffb9e4c5df16ad2052a546ad Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Thu, 2 Jul 2026 16:37:28 +0000 Subject: [PATCH 56/58] check reqs --- pkg/providers/instance/aksmachineinstance.go | 3 +-- pkg/providers/instance/vminstance.go | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstance.go b/pkg/providers/instance/aksmachineinstance.go index 6eff35bfb1..ee3681e163 100644 --- a/pkg/providers/instance/aksmachineinstance.go +++ b/pkg/providers/instance/aksmachineinstance.go @@ -19,7 +19,6 @@ package instance import ( "context" "fmt" - "strings" "sync" "time" @@ -442,7 +441,7 @@ func (p *DefaultAKSMachineProvider) beginCreateMachine( capacityType := selection.CapacityType() zone := selection.Zone() placementScope := selection.PlacementScope() - ultraSSD := strings.EqualFold(nodeClaim.Labels[v1beta1.LabelUltraSSD], "true") + ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...).Get(v1beta1.LabelUltraSSD).Has("true") // Build the AKS machine template aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, ultraSSD, nodeClass, nodeClaim) diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index 6040e05055..dea660c14b 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -21,7 +21,6 @@ import ( "errors" "fmt" "net/http" - "strings" "sync" "time" @@ -765,7 +764,7 @@ func (p *DefaultVMProvider) beginLaunchInstance( instanceType := selection.InstanceType capacityType := selection.CapacityType() - ultraSSD := strings.EqualFold(nodeClaim.Labels[v1beta1.LabelUltraSSD], "true") + ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...).Get(v1beta1.LabelUltraSSD).Has("true") zone := selection.Zone() placementScope := selection.PlacementScope() launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope, ultraSSD) From 90467f86d3ab331b49919a7c7d95d1e522883b59 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Thu, 2 Jul 2026 16:46:42 +0000 Subject: [PATCH 57/58] check requirements --- pkg/providers/instance/aksmachineinstance.go | 2 +- pkg/providers/instance/vminstance.go | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/pkg/providers/instance/aksmachineinstance.go b/pkg/providers/instance/aksmachineinstance.go index ee3681e163..3a79c891c5 100644 --- a/pkg/providers/instance/aksmachineinstance.go +++ b/pkg/providers/instance/aksmachineinstance.go @@ -441,7 +441,7 @@ func (p *DefaultAKSMachineProvider) beginCreateMachine( capacityType := selection.CapacityType() zone := selection.Zone() placementScope := selection.PlacementScope() - ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...).Get(v1beta1.LabelUltraSSD).Has("true") + ultraSSD := isUltraSSDRequested(nodeClaim) // Build the AKS machine template aksMachineTemplate, err := p.buildAKSMachineTemplate(ctx, instanceType, capacityType, placementScope, zone, ultraSSD, nodeClass, nodeClaim) diff --git a/pkg/providers/instance/vminstance.go b/pkg/providers/instance/vminstance.go index dea660c14b..86c8255a89 100644 --- a/pkg/providers/instance/vminstance.go +++ b/pkg/providers/instance/vminstance.go @@ -742,6 +742,15 @@ func (p *DefaultVMProvider) createVirtualMachine(ctx context.Context, opts *crea return &createResult{Poller: poller, VM: vm}, nil } +func isUltraSSDRequested(nodeClaim *karpv1.NodeClaim) bool { + for _, requirement := range nodeClaim.Spec.Requirements { + if requirement.Key == v1beta1.LabelUltraSSD && requirement.Operator == v1.NodeSelectorOpIn && len(requirement.Values) == 1 && requirement.Values[0] == "true" { + return true + } + } + return false +} + // beginLaunchInstance starts the launch of a VM instance. // The returned VirtualMachinePromise must be called to gather any errors // that are retrieved during async provisioning, as well as to complete the provisioning process. @@ -764,7 +773,7 @@ func (p *DefaultVMProvider) beginLaunchInstance( instanceType := selection.InstanceType capacityType := selection.CapacityType() - ultraSSD := scheduling.NewNodeSelectorRequirementsWithMinValues(nodeClaim.Spec.Requirements...).Get(v1beta1.LabelUltraSSD).Has("true") + ultraSSD := isUltraSSDRequested(nodeClaim) zone := selection.Zone() placementScope := selection.PlacementScope() launchTemplate, err := p.getLaunchTemplate(ctx, nodeClass, nodeClaim, instanceType, capacityType, placementScope, ultraSSD) From 4199ed12342b25c81eb8f0ae2f84f9b704a9b394 Mon Sep 17 00:00:00 2001 From: Pablo Trivino <46615580+PabloTriv@users.noreply.github.com> Date: Thu, 2 Jul 2026 18:42:47 +0000 Subject: [PATCH 58/58] remove selection ultrassd --- pkg/providers/allocationstrategy/selection.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/pkg/providers/allocationstrategy/selection.go b/pkg/providers/allocationstrategy/selection.go index 5038b020fe..dfc39d2062 100644 --- a/pkg/providers/allocationstrategy/selection.go +++ b/pkg/providers/allocationstrategy/selection.go @@ -17,13 +17,10 @@ limitations under the License. package allocationstrategy import ( - "strings" - corev1 "k8s.io/api/core/v1" karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" corecloudprovider "sigs.k8s.io/karpenter/pkg/cloudprovider" - "github.com/Azure/karpenter-provider-azure/pkg/apis/v1beta1" "github.com/Azure/karpenter-provider-azure/pkg/utils/zones" ) @@ -58,8 +55,3 @@ func (s *Selection) Zone() string { func (s *Selection) PlacementScope() string { return zones.PlacementScopeForOffering(s.Offering) } - -// UltraSSD returns the karpenter.azure.com/ultra-ssd value of the chosen offering. -func (s *Selection) UltraSSD() bool { - return strings.EqualFold(s.Offering.Requirements.Get(v1beta1.LabelUltraSSD).Any(), "true") -}