Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
ead5d7d
design doc
Jun 1, 2026
e54289f
define in struct
Jun 1, 2026
02645f4
generate aksnodeclass edits
Jun 1, 2026
2361e64
filters
Jun 2, 2026
2b7cf78
add ultra ssd
Jun 2, 2026
0fe9f2f
remove link
Jun 2, 2026
d251af0
make ultra ssd setting consistent
Jun 15, 2026
01cb5f7
resolve conflict and update parameter use to be consistent
Jun 15, 2026
f362359
reformat for consistency
Jun 15, 2026
6c920a2
add small test
Jun 15, 2026
e8b4112
Create e2e test file
Jun 15, 2026
4f13615
e2e skeleton
Jun 16, 2026
79d2de7
cx experience section
Jun 16, 2026
24eca5a
disable
Jun 16, 2026
a5533e5
Merge branch 'main' into pablotrivino/enalbeUltraSSD
PabloTriv Jun 16, 2026
f85552c
rm just
Jun 16, 2026
228fbd9
Merge branch 'pablotrivino/enalbeUltraSSD' of https://github.com/Azur…
Jun 16, 2026
2b81077
do not return nil
Jun 16, 2026
5356a06
nil check
Jun 17, 2026
b0cb705
godoc
Jun 17, 2026
c44b258
add notes on defaults
Jun 17, 2026
0b57f23
fix test
Jun 17, 2026
80f8d32
godoc
Jun 17, 2026
83baca6
remove guard
Jun 17, 2026
6e18e9e
specify as optional
Jun 17, 2026
f76ef6f
temp focus
Jun 18, 2026
54fbd30
add log
Jun 19, 2026
c2f8e8d
add ctx
Jun 19, 2026
31452b2
proper filtering
Jun 22, 2026
a748ddf
update comment and remove ctx parameter
Jun 22, 2026
d92fbc6
undo focus changes
Jun 22, 2026
7066b58
undo changes to e2e yaml
Jun 22, 2026
3f0f0ec
make ci nontest
PabloTriv Jun 23, 2026
13f67ee
second round of make ci-non-test
PabloTriv Jun 23, 2026
7b7d726
settings fix
Jun 23, 2026
7dab9c5
add nl
Jun 23, 2026
636241c
change to label
Jun 26, 2026
19bc586
label impl
Jun 29, 2026
e9044a6
pass the label downstream as an argument to enable ultra ssd
Jun 29, 2026
f3a537b
rm ultrassd
Jun 29, 2026
33205fd
generate diff
Jun 29, 2026
01033e8
better equalfold
Jun 29, 2026
5d1c4d2
remove a bunch of nodeclass stuff
Jun 29, 2026
a5b0109
rm params
Jun 29, 2026
2330c3e
register
Jun 29, 2026
1c6af9f
add focus
Jun 29, 2026
d0034c4
update test
Jun 29, 2026
30a02f5
add in labels
Jun 30, 2026
8146ba9
switch to label
Jun 30, 2026
abab37a
generate yamls
Jun 30, 2026
101e974
make verify
PabloTriv Jun 30, 2026
a9ae1dd
update labels
PabloTriv Jun 30, 2026
da0a33a
make verify
PabloTriv Jun 30, 2026
eb1bb9c
edit test suite to expect well known label
PabloTriv Jun 30, 2026
f204f43
undo change
PabloTriv Jun 30, 2026
1cd09aa
add another test
PabloTriv Jun 30, 2026
4d754a1
ultra ssd from scheduling
PabloTriv Jul 2, 2026
4e337fa
more literal check
PabloTriv Jul 2, 2026
b7ad38c
check reqs
PabloTriv Jul 2, 2026
90467f8
check requirements
PabloTriv Jul 2, 2026
4199ed1
remove selection ultrassd
PabloTriv Jul 2, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/workflows/e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ on:
suite:
type: string
required: true
focus:
type: string
description: "optional ginkgo focus regex"
default: ""
location:
type: string
description: "the azure location to run the e2e test in"
Expand Down Expand Up @@ -51,6 +55,10 @@ on:
- Storage
- Subnet
- Utilization
focus:
type: string
description: "optional ginkgo focus regex"
default: ""
location:
type: choice
description: "Azure location to run the e2e test in"
Expand Down Expand Up @@ -240,6 +248,7 @@ jobs:
TEST_SUITE: ${{ inputs.suite }}
GIT_REF: ${{ github.sha }}
PROVISION_MODE: ${{ inputs.provision_mode }}
FOCUS: ${{ inputs.focus }}
run: |
make az-creds
make e2etests
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ spec:
- message: label "kubernetes.io/hostname" is restricted
rule: self != "kubernetes.io/hostname"
- message: label domain "karpenter.azure.com" is restricted
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
- message: label domain "kubernetes.azure.com" is restricted
rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com")
- message: label "agentpool" is restricted
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ spec:
- message: label "kubernetes.io/hostname" is restricted
rule: self != "kubernetes.io/hostname"
- message: label domain "karpenter.azure.com" is restricted
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
- message: label domain "kubernetes.azure.com" is restricted
rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com")
- message: label "agentpool" is restricted
Expand Down
4 changes: 2 additions & 2 deletions charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ spec:
- message: label "kubernetes.io/hostname" is restricted
rule: self.all(x, x != "kubernetes.io/hostname")
- message: label domain "karpenter.azure.com" is restricted
rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com"))
rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com"))
- message: label domain "kubernetes.azure.com" is restricted
rule: self.all(x, x in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !x.find("^([^/]+)").endsWith("kubernetes.azure.com"))
- message: label "agentpool" is restricted
Expand Down Expand Up @@ -302,7 +302,7 @@ spec:
- message: label "kubernetes.io/hostname" is restricted
rule: self != "kubernetes.io/hostname"
- message: label domain "karpenter.azure.com" is restricted
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
- message: label domain "kubernetes.azure.com" is restricted
rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com")
- message: label "agentpool" is restricted
Expand Down
170 changes: 170 additions & 0 deletions designs/0012-ultra-ssd-support.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
# Ultra SSD Support for NAP

**Author:** @pablotrivino

**Last updated:** June 1, 2026

**Status:** Proposed

## Overview

AKS supports Azure Ultra Disks by enabling Ultra SSD on the cluster or on a node pool at creation time with `--enable-ultra-ssd`. Nodes created from that cluster or node pool can then attach Persistent Volumes backed by the `UltraSSD_LRS` storage class.

@comtalyst comtalyst Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth clarifying in the design doc the differences between cluster-level and pool-level API in AKS, and how Karpenter support here build on top of that.
E.g., if it is enabled at cluster-level, what will happen to the pools that don't enable it, vice-versa? If it is really just systempool and likely doesn't affect anything in Karpenter layer, then still worth a note.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a note to the design doc in the cx experience section


Today in AKS, `--enable-ultra-ssd` ultimately enables `AdditionalCapabilities.UltraSSDEnabled = true` on the underlying VM or VMSS model. That does not automatically add labels, taints, or tolerations for scheduling. It only makes the node capable of attaching Ultra SSDs for workloads that use an UltraSSD-backed PV. Placement policy remains the user's responsibility.

For Node Auto Provisioning (NAP), we need the equivalent behavior on dynamically created capacity. This means Karpenter must be able to:

- express Ultra SSD as part of node configuration,
- filter out VM sizes and zonal offerings that do not support Ultra SSD,
- set the correct downstream API fields when creating capacity

This document proposes how to complete that work for NAP.

### Goals

- Add support for enabling Ultra SSD on dynamically provisioned nodes.
- Support both VM provisioning mode and AKS Machine API mode.
Comment thread
rakechill marked this conversation as resolved.
- Filter instance types and offerings to only Ultra SSD-capable SKU plus zone combinations when the feature is enabled.

### Non-Goals

- Adding provider-managed scheduling controls beyond offerings filtering, such as automatic Requirements, labels, taints, or tolerations.
- Automatically steering Ultra SSD workloads onto Ultra SSD-capable nodes.

## Decisions

### Decision 1: Where should Ultra SSD be configured?

#### Add a strongly typed field to `AKSNodeClass`

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you consider a label?

		scheduling.NewRequirement(v1beta1.LabelSKUStoragePremiumCapable, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsPremiumIO())),
		scheduling.NewRequirement(v1beta1.LabelSKUAcceleratedNetworking, corev1.NodeSelectorOpIn, fmt.Sprint(sku.IsAcceleratedNetworkingSupported())),

Are labels, and feel very similar to me to ultraSSD. I also think doing a label would make the implementation a bit cleaner (because computeRequirements already takes params *instanceTypeParameters and the SKU, so we could do all of the filtering for ultraSSD+ Zones there).

It also means that a workload could ask for ultraSSD on the workload, rather than having to have a totally separate NodePool.

So I am wondering why not a well known label rather than a field on AKSNodeClass.


Proposed shape:

```yaml
apiVersion: karpenter.azure.com/v1beta1
kind: AKSNodeClass
spec:
ultraSSD:
enabled: true
```

Suggested Go shape:

```go
type UltraSSD struct {
Enabled *bool `json:"enabled,omitempty"`
}

type AKSNodeClassSpec struct {
// ... existing fields ...
UltraSSD *UltraSSD `json:"ultraSSD,omitempty"`
}

func (in *AKSNodeClass) IsUltraSSDEnabled() bool {
return in.Spec.UltraSSD != nil &&
in.Spec.UltraSSD.Enabled != nil &&
*in.Spec.UltraSSD.Enabled
}
```

This matches the existing API style for feature toggles such as `artifactStreaming`, `security.encryptionAtHost`, and `localDNS`.
Ultra SSD should be configured as a strongly typed `AKSNodeClass` feature, not as a raw requirement.
Comment thread
rakechill marked this conversation as resolved.

Reasons:

- it is a provisioning feature, not a schedulable label,
- it aligns with the current `AKSNodeClass` design pattern

The user expectation of “default false” is still satisfied. If `spec.ultraSSD` or `spec.ultraSSD.enabled` is omitted, the effective value is disabled.

### Decision 2: How should we filter for compatible Instances?

#### Offerings Filtering

Ultra SSD is only available in regions and zones that support it, and only by specific SKUs. Therefore, we need to check availability for each zone when creating Offerings for InstanceTypes.
Comment thread
rakechill marked this conversation as resolved.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does AKS API validates UltraSSD enablement?
Worth referencing that here and "prove" that Karpenter obliges it, especially if that is determined by how Karpenter select SKUs.
This is so that we can avoid provisioning time failures or accidentally having to support what AKS doesn't.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a reference to this doc https://learn.microsoft.com/en-us/azure/aks/use-ultra-disks. AKS will reject requests for cluster or nodepool creations that have --enable-ultra-ssd but whose SKUs don't have UltraSSD available in the specified regions


#### Decision 3: Should the provider add labels, requirements, taints, or tolerations?

#### No provider-managed scheduling projection

We will not add Ultra SSD-specific Requirements, Labels, Taints, or Tolerations from the provider.

Rationale:

- this matches current AKS behavior, where `--enable-ultra-ssd` enables attachment capability but does not impose placement policy,
- the primary job of this feature is to make the node capable of attaching Ultra SSDs, not to decide which workloads should land on it,
- users who want explicit scheduling separation can model that themselves in the `NodePool` using labels, taints, tolerations, or affinity.

#### Conclusion

The implementation should follow the established provider pattern:

1. strongly typed `AKSNodeClass` feature,
2. helper accessor like `IsUltraSSDEnabled()`,
3. instance type and offering filtering,
4. downstream API wiring in both provisioning modes.

## Proposed Implementation

### API changes

Add a new field to `AKSNodeClass`:

```yaml
spec:
ultraSSD:
enabled: true
```

Semantics:

- default is disabled when omitted,
- enabling it opts the node class into Ultra SSD-capable capacity only,
- changing it triggers node replacement through drift.
Comment thread
rakechill marked this conversation as resolved.

### Filtering

Filter out InstanceTypes that don't support UltraSSD when it is enabled.

- UltraSSD is also region and zone dependent, so we need to filter out at Offering level
- Add a check during createOfferings to verify that the zone + SKU support UltraSSD

### Scheduling behavior

The provider will not add Ultra SSD-specific Requirements, Labels, Taints, or Tolerations.

If users want workloads that use UltraSSD-backed PVs to land only on Ultra SSD-capable nodes, they must model that in their own `NodePool` and workload configuration.

Examples of user-managed policy include:

- adding labels to the `NodePool` template,
- adding taints to the `NodePool`,
- adding tolerations and affinity to workloads.

### VM mode wiring

#### VM
Update VM creation so Ultra SSD-enabled node classes set `vm.Properties.AdditionalCapabilities.UltraSSDEnabled = true`. This is left nil if UltraSSD is not enabled, which is consistent with AKS.

#### Machine
Set `armcontainerservice.Machine.Properties.MachineProperties.MachineHardwareProfile.UltraSsdEnabled = true` if enabled and `false` if disabled. This is consistent with AKS.

This mirrors the current AKS behavior behind `--enable-ultra-ssd`: the node is made capable of attaching Ultra SSDs, but scheduling policy is left to the user.

### AKS Machine API wiring

Update AKS machine template creation so Ultra SSD-enabled node classes set `aksMachine.Properties.EnableUltraSSD = true`.

### Customer Experience and AKS Parity

Customers wishing to use UltraSSD will set the ultraSSD field on their AKSNodeClass CR to true. This field will be used to filter out offerings to those SKUs and zones that support it (i.g. making sure that the SKU supports UltraSSD in the given zones).

In AKS, creating a cluster with `--enable-ultra-ssd` means the initial system pool gets UltraSSD capabilities. Additional pools must also explicitly include the `--enable-ultra-ssd` flag at creation time to enable it. Validation runs at cluster/pool validation and rejects the request if the user did not specify zones, or the SKU does not support UltraSSD in any of the zones, and all the nodes belonging to a pool created with the flag are UltraSSD capable. Clusters can have any mix of UltraSSD-enabled and disabled pools, regardless if the cluster was initially created with `--enable-ultra-ssd` or not.

For NAP parity, enabling the feature in an AKSNodeClass means Karpenter will only consider offerings whose zone has UltraSSD available for the given SKU, and it will automatically set those nodes to support UltraSSD. If a customer disables the feature in the AKSNodeClass CR, then the nodes will be considered drifted and re-created with the UltraSSD support disabled. AKS does not add any kind of label, annotation, or taint to the nodes saying UltraSSD is enabled, so NAP doesn't either.

See References section for more information on what AKS does.

## References

- AKS Ultra Disks documentation: https://learn.microsoft.com/en-us/azure/aks/use-ultra-disks

2 changes: 2 additions & 0 deletions designs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ These designs are written but not implemented.

<!-- Please add newer designs at the top of this list -->

- [Ultra SSD support](./0012-ultra-ssd-support.md)

## Completed

These designs are implemented.
Expand Down
1 change: 1 addition & 0 deletions hack/validation/labels.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ rule=$'self.all(x, x in
"karpenter.azure.com/sku-memory",
"karpenter.azure.com/sku-networking-accelerated",
"karpenter.azure.com/sku-storage-premium-capable",
"karpenter.azure.com/sku-storage-ultra-ssd",
"karpenter.azure.com/sku-storage-ephemeralos-maxsize",
"karpenter.azure.com/sku-gpu-name",
"karpenter.azure.com/sku-gpu-manufacturer",
Expand Down
1 change: 1 addition & 0 deletions hack/validation/requirements.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ rule=$'self in
"karpenter.azure.com/sku-memory",
"karpenter.azure.com/sku-networking-accelerated",
"karpenter.azure.com/sku-storage-premium-capable",
"karpenter.azure.com/sku-storage-ultra-ssd",
"karpenter.azure.com/sku-storage-ephemeralos-maxsize",
"karpenter.azure.com/sku-gpu-name",
"karpenter.azure.com/sku-gpu-manufacturer",
Expand Down
2 changes: 1 addition & 1 deletion pkg/apis/crds/karpenter.sh_nodeclaims.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ spec:
- message: label "kubernetes.io/hostname" is restricted
rule: self != "kubernetes.io/hostname"
- message: label domain "karpenter.azure.com" is restricted
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ultra-ssd", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count", "karpenter.azure.com/placement-scope" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com")
- message: label domain "kubernetes.azure.com" is restricted
rule: self in [ "kubernetes.azure.com/mode", "kubernetes.azure.com/scalesetpriority", "kubernetes.azure.com/priority", "kubernetes.azure.com/fips_enabled", "kubernetes.azure.com/os-sku", "kubernetes.azure.com/cluster", "kubernetes.azure.com/sku-cpu", "kubernetes.azure.com/sku-memory", "kubernetes.azure.com/ebpf-dataplane", ] || !self.find("^([^/]+)").endsWith("kubernetes.azure.com")
- message: label "agentpool" is restricted
Expand Down
Loading
Loading