To make upgrading easier we aim to minimize the introduction of breaking changes. Before you begin upgrading Karpenter, consider Karpenter compatibility issues related to Kubernetes and the NodePool API (previously Provisioner).
Karpenter currently does not support the following new
topologySpreadConstraints keys, promoted to beta in Kubernetes 1.27:
For more information on Karpenter’s support for these keys, view this tracking issue.
NoteKarpenter supports using Kubernetes Common Expression Language for validating its Custom Resource Definitions out-of-the-box; however, this feature is not supported on versions of Kubernetes < 1.25. If you are running an earlier version of Kubernetes, you will need to use the Karpenter admission webhooks for validation instead. You can enable these webhooks with
--set webhook.enabled=true when applying the Karpenter helm chart.
When we introduce a breaking change, we do so only as described in this document.
Karpenter follows Semantic Versioning 2.0.0 in its stable release versions, while in major version zero (v0.y.z) anything may change at any time. However, to further protect users during this phase we will only introduce breaking changes in minor releases (releases that increment y in x.y.z). Note this does not mean every minor upgrade has a breaking change as we will also increment the minor version when we release a new feature.
Users should therefore check to see if there is a breaking change every time they are upgrading to a new minor version.
How Do We Break Incompatibility?
When there is a breaking change we will:
- Increment the minor version when in major version 0
- Add a permanent separate section named
upgrading to vx.y.z+under release upgrade notes clearly explaining the breaking change and what needs to be done on the user side to ensure a safe upgrade
- Add the sentence “This is a breaking change, please refer to the above link for upgrade instructions” to the top of the release notes and in all our announcements
How Do We Find Incompatibilities?
Besides the peer review process for all changes to the code base we also do the followings in order to find incompatibilities:
- (To be implemented) To check the compatibility of the application, we will automate tests for installing, uninstalling, upgrading from an older version, and downgrading to an older version
- (To be implemented) To check the compatibility of the documentation with the application, we will turn the commands in our documentation into scripts that we can automatically run
While we are in major version 0 we will not release security patches to older versions. Rather we provide the patches in the latest versions. When at major version 1 we will have an EOL (end of life) policy where we provide security patches for a subset of older versions and deprecate the others.
Karpenter offers three types of releases. This section explains the purpose of each release type and how the images for each release type are tagged in our public image repository.
Stable releases are the most reliable releases that are released with weekly cadence. Stable releases are our only recommended versions for production environments.
Sometimes we skip a stable release because we find instability or problems that need to be fixed before having a stable release.
Stable releases are tagged with Semantic Versioning. For example
We consider having release candidates for major and important minor versions. Our release candidates are tagged like
vx.y.z-rc.1. The release candidate will then graduate to
vx.y.z as a normal stable release.
By adopting this practice we allow our users who are early adopters to test out new releases before they are available to the wider community, thereby providing us with early feedback resulting in more stable releases.
We release a snapshot release for every commit that gets merged into
aws/karpenter-provider-aws. This enables users to immediately try a new feature or fix right after it’s merged rather than waiting days or weeks for release.
Snapshot releases are not made available in the same public ECR repository as other release types, they are instead published to a separate private ECR repository.
Helm charts are published to
oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter and are tagged with the git commit hash prefixed by the Karpenter major version (e.g.
Anyone with an AWS account can pull from this repository, but must first authenticate:
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com