Today we are going to install Karpenter with ArgoCD.

This article assumes that you already have ArgoCD working.

The first step to installing a new application with Argo always is to look for an exising Helm chart. If there is one, installing it usually is a no-brainer. Just add up an application, provide repository and chart urls, done.

However, the Karpenter team made a decision to drop Helm repository support at https://charts.karpenter.sh/ and instead publish it in an OCI repository (which turns out to be a thing) hosted on Amazon ECR.

The problem is, ArgoCD will not resolve oci:// url for Helm repository. At least, not without authentication. Even if it’s a public repository. Joyful.

Of course, if you have private charts in ECR, there’s not much choice, you need a token. Someone even put together an automation for refreshing ECR tokens.

However, if you want just the public ones, there’s a workaround. We will chain the charts and let Helm do the heavy lifting.

First, create a wrapper application:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: karpenter-root
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: karpenter
    server: 
  project: default
  source:
    repoURL: 
    targetRevision: HEAD
    path: helm/karpenter-root
    helm:
      valuesObject:
        karpenter:
          serviceAccount:
            annotations:
              eks.amazonaws.com/role-arn: "arn:aws:iam::something/something"
          settings:
            clusterName: "mycluster"
            interruptionQueue: "Karpenter-mycluster"
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

This configuration expects a custom Helm chart in helm/karpenter-root in the same repository. Also note some minimal settings passed to Helm as valuesObject.

Our Helm chart in helm/karpenter-root/Chart.yaml is going to be simplistic:

apiVersion: v2
name: karpenter-root
description: Karpenter parent chart
type: application

version: 0.1.0
appVersion: "1.0.0"

dependencies:
  - name: karpenter
    version: "v0.34.0"
    # TAKE THAT, KARPENTER TEAM! NO TOKENS FOR YOU!!
    repository: "oci://public.ecr.aws/karpenter"

Also add values to helm/karpenter-root/values.yaml:

karpenter:
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: "none"
  settings:
    clusterName: "none"
    interruptionQueue: "none"

To pass more values, you’ll need to add them to both Application definition and values.yaml, but that’s a small price to pay.

That’s all, folks!

Comments