diff --git a/cluster-autoscaler/cloudprovider/aws/README.md b/cluster-autoscaler/cloudprovider/aws/README.md index d70c0b9e093f..457534e2c66e 100644 --- a/cluster-autoscaler/cloudprovider/aws/README.md +++ b/cluster-autoscaler/cloudprovider/aws/README.md @@ -176,7 +176,7 @@ If you'd like to scale node groups from 0, an `autoscaling:DescribeLaunchConfigu ``` ## Common Notes and Gotchas: -- The `/etc/ssl/certs/ca-certificates.crt` should exist by default on your ec2 instance. If you use Amazon Linux 2 (EKS worker node AMI by default), use `/etc/kubernetes/pki/ca.crt` instead for the volume hostPath in your cluster autoscaler manifest. +- The `/etc/ssl/certs/ca-bundle.crt` should exist by default on ec2 instance in your EKS cluster. If you use other cluster privision tools like [kops](https://github.com/kubernetes/kops) with different operating systems other than Amazon Linux 2, please use `/etc/ssl/certs/ca-certificates.crt` or correct path on your host instead for the volume hostPath in your cluster autoscaler manifest. - Cluster autoscaler does not support Auto Scaling Groups which span multiple Availability Zones; instead you should use an Auto Scaling Group for each Availability Zone and enable the [--balance-similar-node-groups](../../FAQ.md#im-running-cluster-with-nodes-in-multiple-zones-for-ha-purposes-is-that-supported-by-cluster-autoscaler) feature. If you do use a single Auto Scaling Group that spans multiple Availability Zones you will find that AWS unexpectedly terminates nodes without them being drained because of the [rebalancing feature](https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#arch-AutoScalingMultiAZ). - EBS volumes cannot span multiple AWS Availability Zones. If you have a Pod with Persistent Volume in an AZ, It must be running on a k8s/EKS node which is in the same Availability Zone of the Persistent Volume. If AWS Auto Scaling Group launches a new k8s/EKS node in different AZ and moves this Pod into the new node, The Persistent volume in previous AZ will not be available from the new AZ. The pod will stay in Pending status. The Workaround is using a single AZ for the k8s/EKS nodes. - By default, cluster autoscaler will not terminate nodes running pods in the kube-system namespace. You can override this default behaviour by passing in the `--skip-nodes-with-system-pods=false` flag. diff --git a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml index 4c43c2b916e7..2397f9ed83dc 100644 --- a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml +++ b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml @@ -126,7 +126,7 @@ spec: spec: serviceAccountName: cluster-autoscaler containers: - - image: k8s.gcr.io/cluster-autoscaler:v1.3.6 + - image: k8s.gcr.io/cluster-autoscaler:v1.12.3 name: cluster-autoscaler resources: limits: @@ -142,9 +142,7 @@ spec: - --cloud-provider=aws - --skip-nodes-with-local-storage=false - --expander=least-waste - - >- - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled, - k8s.io/cluster-autoscaler/ + - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/ volumeMounts: - name: ssl-certs mountPath: /etc/ssl/certs/ca-certificates.crt @@ -153,4 +151,4 @@ spec: volumes: - name: ssl-certs hostPath: - path: "/etc/ssl/certs/ca-certificates.crt" + path: "/etc/ssl/certs/ca-bundle.crt" diff --git a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-multi-asg.yaml b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-multi-asg.yaml index 7b6d8f20e360..6f1d97f6be61 100644 --- a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-multi-asg.yaml +++ b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-multi-asg.yaml @@ -126,7 +126,7 @@ spec: spec: serviceAccountName: cluster-autoscaler containers: - - image: k8s.gcr.io/cluster-autoscaler:v1.3.6 + - image: k8s.gcr.io/cluster-autoscaler:v1.12.3 name: cluster-autoscaler resources: limits: @@ -152,4 +152,4 @@ spec: volumes: - name: ssl-certs hostPath: - path: "/etc/ssl/certs/ca-certificates.crt" + path: "/etc/ssl/certs/ca-bundle.crt" diff --git a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-one-asg.yaml b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-one-asg.yaml index ec658f5b58ce..6878e1cac20c 100644 --- a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-one-asg.yaml +++ b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-one-asg.yaml @@ -126,7 +126,7 @@ spec: spec: serviceAccountName: cluster-autoscaler containers: - - image: k8s.gcr.io/cluster-autoscaler:v1.3.6 + - image: k8s.gcr.io/cluster-autoscaler:v1.12.3 name: cluster-autoscaler resources: limits: @@ -150,4 +150,4 @@ spec: volumes: - name: ssl-certs hostPath: - path: "/etc/ssl/certs/ca-certificates.crt" + path: "/etc/ssl/certs/ca-bundle.crt" diff --git a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-run-on-master.yaml b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-run-on-master.yaml index fa4ad375878d..92e3af7e0607 100644 --- a/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-run-on-master.yaml +++ b/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-run-on-master.yaml @@ -133,7 +133,7 @@ spec: nodeSelector: kubernetes.io/role: master containers: - - image: k8s.gcr.io/cluster-autoscaler:v1.3.6 + - image: k8s.gcr.io/cluster-autoscaler:v1.12.3 name: cluster-autoscaler resources: limits: @@ -157,4 +157,4 @@ spec: volumes: - name: ssl-certs hostPath: - path: "/etc/ssl/certs/ca-certificates.crt" + path: "/etc/ssl/certs/ca-bundle.crt"