Compatibility issues for Karpenter


To make upgrading easier we aim to minimize the introduction of breaking changes. Before you begin upgrading Karpenter, consider Karpenter compatibility issues related to Kubernetes and the NodePool API (previously Provisioner).

Compatibility Matrix

karpenter>= 0.21>= 0.25>= 0.28>= 0.28>= 0.31>= 0.340.37.0

Compatibility issues

When we introduce a breaking change, we do so only as described in this document.

Karpenter follows Semantic Versioning 2.0.0 in its stable release versions, while in major version zero (0.y.z) anything may change at any time. However, to further protect users during this phase we will only introduce breaking changes in minor releases (releases that increment y in x.y.z). Note this does not mean every minor upgrade has a breaking change as we will also increment the minor version when we release a new feature.

Users should therefore check to see if there is a breaking change every time they are upgrading to a new minor version.

How Do We Break Incompatibility?

When there is a breaking change we will:

  • Increment the minor version when in major version 0
  • Add a permanent separate section named upgrading to x.y.z+ under release upgrade notes clearly explaining the breaking change and what needs to be done on the user side to ensure a safe upgrade
  • Add the sentence “This is a breaking change, please refer to the above link for upgrade instructions” to the top of the release notes and in all our announcements

How Do We Find Incompatibilities?

Besides the peer review process for all changes to the code base we also do the followings in order to find incompatibilities:

  • (To be implemented) To check the compatibility of the application, we will automate tests for installing, uninstalling, upgrading from an older version, and downgrading to an older version
  • (To be implemented) To check the compatibility of the documentation with the application, we will turn the commands in our documentation into scripts that we can automatically run

Security Patches

While we are in major version 0 we will not release security patches to older versions. Rather we provide the patches in the latest versions. When at major version 1 we will have an EOL (end of life) policy where we provide security patches for a subset of older versions and deprecate the others.

Release Types

Karpenter offers three types of releases. This section explains the purpose of each release type and how the images for each release type are tagged in our public image repository.

Stable Releases

Stable releases are the only recommended versions for production environments. Stable releases are tagged with a semantic version (e.g. 0.35.0). Note that stable releases prior to 0.35.0 are prefixed with a v (e.g. v0.34.0).

Release Candidates

We consider having release candidates for major and important minor versions. Our release candidates are tagged like x.y.z-rc.0, x.y.z-rc.1. The release candidate will then graduate to x.y.z as a stable release. By adopting this practice we allow our users who are early adopters to test out new releases before they are available to the wider community, thereby providing us with early feedback resulting in more stable releases. Note that, like the stable releases, release candidates prior to 0.35.0 are prefixed with a v.

Snapshot Releases

We release a snapshot release for every commit that gets merged into aws/karpenter-provider-aws. This enables users to immediately try a new feature or fix right after it’s merged rather than waiting days or weeks for release.

Snapshot releases are not made available in the same public ECR repository as other release types, they are instead published to a separate private ECR repository. Helm charts are published to oci:// and are tagged with the git commit hash prefixed by the Karpenter major version (e.g. 0-fc17bfc89ebb30a3b102a86012b3e3992ec08adf). Anyone with an AWS account can pull from this repository, but must first authenticate:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin