Compatibility
Compatibility
To make upgrading easier we aim to minimize the introduction of breaking changes. Before you begin upgrading Karpenter, consider Karpenter compatibility issues related to Kubernetes and the NodePool API (previously Provisioner).
Compatibility Matrix
KUBERNETES | 1.25 | 1.26 | 1.27 | 1.28 | 1.29 | 1.30 | 1.31 |
---|---|---|---|---|---|---|---|
karpenter | >= 0.25 | >= 0.28 | >= 0.28 | >= 0.31 | >= 0.34 | >= 0.37 | >= 1.0.5 |
Note
Karpenter currently does not support the following new topologySpreadConstraints
keys, promoted to beta in Kubernetes 1.27:
matchLabelKeys
nodeAffinityPolicy
nodeTaintsPolicy
For more information on Karpenter’s support for these keys, view this tracking issue.
Note
Karpenter supports using Kubernetes Common Expression Language for validating its Custom Resource Definitions out-of-the-box; however, this feature is not supported on versions of Kubernetes < 1.25. If you are running an earlier version of Kubernetes, you will need to use the Karpenter admission webhooks for validation instead. You can enable these webhooks with--set webhook.enabled=true
when applying the Karpenter Helm chart.Compatibility issues
When we introduce a breaking change, we do so only as described in this document.
Karpenter follows Semantic Versioning 2.0.0 in its stable release versions, while in
major version zero (0.y.z
) anything may change at any time.
However, to further protect users during this phase we will only introduce breaking changes in minor releases (releases that increment y in x.y.z).
Note this does not mean every minor upgrade has a breaking change as we will also increment the
minor version when we release a new feature.
Users should therefore check to see if there is a breaking change every time they are upgrading to a new minor version.
How Do We Break Incompatibility?
When there is a breaking change we will:
- Increment the minor version when in major version 0
- Add a permanent separate section named
upgrading to x.y.z+
under release upgrade notes clearly explaining the breaking change and what needs to be done on the user side to ensure a safe upgrade - Add the sentence “This is a breaking change, please refer to the above link for upgrade instructions” to the top of the release notes and in all our announcements
How Do We Find Incompatibilities?
Besides the peer review process for all changes to the code base we also do the followings in order to find incompatibilities:
- (To be implemented) To check the compatibility of the application, we will automate tests for installing, uninstalling, upgrading from an older version, and downgrading to an older version
- (To be implemented) To check the compatibility of the documentation with the application, we will turn the commands in our documentation into scripts that we can automatically run
Security Patches
While we are in major version 0 we will not release security patches to older versions. Rather we provide the patches in the latest versions. When at major version 1 we will have an EOL (end of life) policy where we provide security patches for a subset of older versions and deprecate the others.
Release Types
Karpenter offers three types of releases. This section explains the purpose of each release type and how the images for each release type are tagged in our public image repository.
Stable Releases
Stable releases are the only recommended versions for production environments. Stable releases are tagged with a semantic version (e.g. 0.35.0
). Note that stable releases prior to 0.35.0
are prefixed with a v
(e.g. v0.34.0
).
Release Candidates
We consider having release candidates for major and important minor versions. Our release candidates are tagged like x.y.z-rc.0
, x.y.z-rc.1
. The release candidate will then graduate to x.y.z
as a stable release.
By adopting this practice we allow our users who are early adopters to test out new releases before they are available to the wider community, thereby providing us with early feedback resulting in more stable releases.
Note that, like the stable releases, release candidates prior to 0.35.0
are prefixed with a v
.
Snapshot Releases
We release a snapshot release for every commit that gets merged into aws/karpenter-provider-aws
. This enables users to immediately try a new feature or fix right after it’s merged rather than waiting days or weeks for release.
Snapshot releases are not made available in the same public ECR repository as other release types, they are instead published to a separate private ECR repository.
Helm charts are published to oci://021119463062.dkr.ecr.us-east-1.amazonaws.com/karpenter/snapshot/karpenter
and are tagged with the git commit hash prefixed by the Karpenter major version (e.g. 0-fc17bfc89ebb30a3b102a86012b3e3992ec08adf
).
Anyone with an AWS account can pull from this repository, but must first authenticate:
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 021119463062.dkr.ecr.us-east-1.amazonaws.com