Add validation for enabling with node-termination-handler

hakman · hakman · commit f1f9e8545a86 · 2025-09-06T09:13:50.000+03:00
Signed-off-by: Ciprian Hacman &lt;ciprian@hakman.dev&gt;
diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go
@@ -1898,6 +1898,9 @@ func validateMetricsServer(cluster *kops.Cluster, spec *kops.MetricsServerConfig
 }
 
 func validateNodeTerminationHandler(cluster *kops.Cluster, spec *kops.NodeTerminationHandlerSpec, fldPath *field.Path) (allErrs field.ErrorList) {
+	if (spec.Enabled == nil || *spec.Enabled == true) && cluster.Spec.Karpenter != nil && cluster.Spec.Karpenter.Enabled {
+		allErrs = append(allErrs, field.Forbidden(fldPath, "nodeTerminationHandler cannot be used in conjunction with Karpenter"))
+	}
 	if spec.IsQueueMode() {
 		if spec.EnableSpotInterruptionDraining != nil && !*spec.EnableSpotInterruptionDraining {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("enableSpotInterruptionDraining"), "spot interruption draining cannot be disabled in Queue Processor mode"))
diff --git a/pkg/model/components/nodeterminationhandler.go b/pkg/model/components/nodeterminationhandler.go
@@ -35,18 +35,17 @@ func (b *NodeTerminationHandlerOptionsBuilder) BuildOptions(o *kops.Cluster) err
 	if clusterSpec.CloudProvider.AWS == nil {
 		return nil
 	}
+	if clusterSpec.Karpenter != nil && clusterSpec.Karpenter.Enabled {
+		// Karpenter manages its own NTH, so we disable the NTH addon.
+		// https://karpenter.sh/docs/troubleshooting/#aws-node-termination-handler-nth-interactions
+		return nil
+	}
 	if clusterSpec.CloudProvider.AWS.NodeTerminationHandler == nil {
 		clusterSpec.CloudProvider.AWS.NodeTerminationHandler = &kops.NodeTerminationHandlerSpec{}
 	}
 	nth := clusterSpec.CloudProvider.AWS.NodeTerminationHandler
 	if nth.Enabled == nil {
-		if clusterSpec.Karpenter != nil && clusterSpec.Karpenter.Enabled {
-			// Karpenter manages its own NTH, so we disable the NTH addon.
-			// https://karpenter.sh/docs/troubleshooting/#aws-node-termination-handler-nth-interactions
-			nth.Enabled = fi.PtrTo(false)
-		} else {
-			nth.Enabled = fi.PtrTo(true)
-		}
+		nth.Enabled = fi.PtrTo(true)
 	}
 	if !fi.ValueOf(nth.Enabled) {
 		return nil
diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content
@@ -184,8 +184,6 @@ spec:
   networkCIDR: 172.20.0.0/16
   networking:
     cni: {}
-  nodeTerminationHandler:
-    enabled: false
   nonMasqueradeCIDR: 100.64.0.0/10
   podCIDR: 100.96.0.0/11
   secretStore: memfs://clusters.example.com/minimal.example.com/secrets

Original file line number	Diff line number	Diff line change
`@@ -1898,6 +1898,9 @@ func validateMetricsServer(cluster kops.Cluster, spec kops.MetricsServerConfig`
`1898`	`1898`	`}`
`1899`	`1899`
`1900`	`1900`	`func validateNodeTerminationHandler(cluster kops.Cluster, spec kops.NodeTerminationHandlerSpec, fldPath *field.Path) (allErrs field.ErrorList) {`
	`1901`	`+ if (spec.Enabled == nil \|\| *spec.Enabled == true) && cluster.Spec.Karpenter != nil && cluster.Spec.Karpenter.Enabled {`
	`1902`	`+ allErrs = append(allErrs, field.Forbidden(fldPath, "nodeTerminationHandler cannot be used in conjunction with Karpenter"))`
	`1903`	`+ }`
`1901`	`1904`	`if spec.IsQueueMode() {`
`1902`	`1905`	`if spec.EnableSpotInterruptionDraining != nil && !*spec.EnableSpotInterruptionDraining {`
`1903`	`1906`	`allErrs = append(allErrs, field.Forbidden(fldPath.Child("enableSpotInterruptionDraining"), "spot interruption draining cannot be disabled in Queue Processor mode"))`