Open tzifudzi opened 11 months ago
This change will be not be implemented within Karpenter, issue is only added here for tracking. The fix will be applied in the Windows bootstrap to extend it to accept an environment variable that can be set with custom userdata. Will share more information regarding the environment variable name and examples of how to use it at a later time within the next few weeks.
This issue can now be closed as the EKS Windows powershell bootstrap script now accepts an environment variable for External SNAT CIDRs which can be set with custom user data. This is available in the latest EKS Windows Optimizd AMIs, that is, version 1.28-2023.10.19
and later.
Example of setting the external SNAT CIDRs:
apiVersion: karpenter.k8s.aws/v1alpha1
kind: AWSNodeTemplate
...
spec:
userData: |
[System.Environment]::SetEnvironmentVariable('EXCLUDED_SNAT_CIDRS', '192.168.40.0/24', 'Machine')
...
This has already been updated in AWS EKS Windows Documentation, and I am happy to add documentation to Karpenter too if necessary.
Description
What problem are you trying to solve? When launching Windows nodes with Karpenter, there's an absence of a straightforward method to specify CIDR blocks that should be exempt from source network address translation. While a command-line argument exists for the bootstrap script, because the Windows bootstrap script invokation is Karpenter managed, it is not possible to specify the command line argument.
How important is this feature to you? The feature is important for use cases involving peered VPCs whereby IPs within peered VPCs have the capability to to access the pod IPs.