Compatibility

Compatibility issues for Karpenter

Compatibility

To make upgrading easier we aim to minimize the introduction of breaking changes. Before you begin upgrading Karpenter, consider Karpenter compatibility issues related to Kubernetes and the NodePool API (previously Provisioner).

Compatibility Matrix

KUBERNETES	1.23	1.24	1.25	1.26	1.27	1.28	1.29
karpenter	>= 0.21	>= 0.21	>= 0.25	>= 0.28	>= 0.28	>= 0.31	>= 0.34.0

Note

Karpenter currently does not support the following new topologySpreadConstraints keys, promoted to beta in Kubernetes 1.27:

matchLabelKeys
nodeAffinityPolicy
nodeTaintsPolicy

For more information on Karpenter’s support for these keys, view this tracking issue.

Note

Karpenter supports using Kubernetes Common Expression Language for validating its Custom Resource Definitions out-of-the-box; however, this feature is not supported on versions of Kubernetes < 1.25. If you are running an earlier version of Kubernetes, you will need to use the Karpenter admission webhooks for validation instead. You can enable these webhooks with --set webhook.enabled=true when applying the Karpenter Helm chart.

Compatibility issues

When we introduce a breaking change, we do so only as described in this document.

Karpenter follows Semantic Versioning 2.0.0 in its stable release versions, while in major version zero (0.y.z) anything may change at any time. However, to further protect users during this phase we will only introduce breaking changes in minor releases (releases that increment y in x.y.z). Note this does not mean every minor upgrade has a breaking change as we will also increment the minor version when we release a new feature.

Users should therefore check to see if there is a breaking change every time they are upgrading to a new minor version.

How Do We Break Incompatibility?

When there is a breaking change we will:

Increment the minor version when in major version 0
Add a permanent separate section named upgrading to x.y.z+ under release upgrade notes clearly explaining the breaking change and what needs to be done on the user side to ensure a safe upgrade
Add the sentence “This is a breaking change, please refer to the above link for upgrade instructions” to the top of the release notes and in all our announcements

How Do We Find Incompatibilities?

Besides the peer review process for all changes to the code base we also do the followings in order to find incompatibilities:

(To be implemented) To check the compatibility of the application, we will automate tests for installing, uninstalling, upgrading from an older version, and downgrading to an older version
(To be implemented) To check the compatibility of the documentation with the application, we will turn the commands in our documentation into scripts that we can automatically run

Security Patches

While we are in major version 0 we will not release security patches to older versions. Rather we provide the patches in the latest versions. When at major version 1 we will have an EOL (end of life) policy where we provide security patches for a subset of older versions and deprecate the others.

Release Types

Karpenter offers three types of releases. This section explains the purpose of each release type and how the images for each release type are tagged in our public image repository.

Stable Releases

Stable releases are the most reliable releases that are released with weekly cadence. Stable releases are our only recommended versions for production environments. Sometimes we skip a stable release because we find instability or problems that need to be fixed before having a stable release. Stable releases are tagged with a semantic version prefixed by a v. For example v0.13.0.

Release Candidates

We consider having release candidates for major and important minor versions. Our release candidates are tagged like vx.y.z-rc.0, vx.y.z-rc.1. The release candidate will then graduate to vx.y.z as a normal stable release. By adopting this practice we allow our users who are early adopters to test out new releases before they are available to the wider community, thereby providing us with early feedback resulting in more stable releases.

Snapshot Releases

We release a snapshot release for every commit that gets merged into aws/karpenter-provider-aws. This enables users to immediately try a new feature or fix right after it’s merged rather than waiting days or weeks for release.

Snapshot releases are not made available in the same public ECR repository as other release types, they are instead published to a separate private ECR repository. Helm charts are published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter and are tagged with the git commit hash prefixed by the Karpenter major version (e.g. 0-fc17bfc89ebb30a3b102a86012b3e3992ec08adf). Anyone with an AWS account can pull from this repository, but must first authenticate:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com

Note

Snapshot releases are suitable for testing, and troubleshooting but they should not be used in production environments. Snapshot releases are ephemeral and will be removed 90 days after they were published.

Last modified March 14, 2024: docs: drop 1.29 Ubuntu warning (#5867) (5372379a)