Surface NodeClaim drift/rollout progress in NodePool status

[javanthropus]

Description

What problem are you trying to solve?

Today, drift is only observable per-NodeClaim, via the Drifted status condition. There is no aggregate, NodePool-level signal that tells you how far a NodePool is through reconciling drift across the nodes it owns.

This makes it hard for external systems to gate on "this NodePool has finished rolling out a change" without listing and aggregating NodeClaims themselves. Concretely, we run Karpenter under Argo CD (GitOps). When a NodePool/EC2NodeClass change triggers drift, we want Argo CD to report the Application as Progressing until the drift-driven node replacement is substantially complete, and Healthy once it is.

Argo CD's health is evaluated per resource with a sandboxed Lua check that has no access to other resources. So a NodePool health check can only read the NodePool's own status. A NodeClaim health check could in principle read each NodeClaim's Drifted condition, but:

• It would require NodeClaims to appear as children of the NodePool in Argo's resource tree (which, in our multi-cluster setup, they currently do not), and
• It forces all-or-nothing (100%) semantics, with no notion of a tolerance threshold or a settling window.

As a result we maintain a PostSync Job that polls NodeClaims, groups them by karpenter.sh/nodepool, computes the percentage no longer Drifted, and blocks until each NodePool crosses a threshold (e.g. 90%). This is exactly the kind of aggregation we'd expect Karpenter itself to be able to expose, since it already owns the NodeClaims and tracks their drift state.

Proposal

Expose drift/rollout progress at the NodePool level, in NodePool.status. Any of the following would be sufficient for our use case (in rough order of preference):

1. Counts in NodePool.status, e.g. status.driftedNodeClaims / status.nodeClaims (analogous to the existing status.nodes and status.resources), so consumers can compute completion percentage directly.
2. A NodePool-level condition such as Drifted (status: "True" while any owned NodeClaim is drifted, "False" once reconciliation is complete), mirroring how the per-NodeClaim Drifted condition works.
3. Both — a condition for a simple boolean gate plus counts for threshold-based logic.

This would let any GitOps/automation system gate on a NodePool's own status without re-implementing NodeClaim aggregation, and it would make rollout progress visible in kubectl get nodepool and dashboards.

How important is this feature to you?

Moderately important. We have a working PostSync Job that does the aggregation today, so we are not blocked, but it adds operational surface (a Job + ServiceAccount + ClusterRole + a maintained image per cluster) purely to compute information Karpenter already has internally. A NodePool-level status field/condition would let us replace that machinery with a standard Argo CD custom health check and would benefit anyone integrating Karpenter rollouts with external orchestration.

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[k8s-ci-robot]

This issue is currently awaiting triage.

If Karpenter contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sumukha-radhakrishna]

Right, Karpenter doesn't expose aggregate drift progress at the NodePool level today. The only signals are:

• Per-NodeClaim: status.conditions[Drifted] on each NodeClaim
• NodePool-level: status.resources (aggregate resource counts) and status.nodes exist, but no
  drift-specific counters

Karpenter's disruption controller processes NodeClaims individually and doesn't maintain a "rollout" concept. Drift is detected per-node and resolved opportunistically (respecting disruption budgets, PDBs, etc.). There's no internal state tracking "X of Y drift replacements complete." But we can look into surfacing this thru status

[jigisha620]

@javanthropus,
Curious, what do you think about having a metric that exposes this information?

[javanthropus]

Our immediate need is a way to cause ArgoCD to report that a rollout for a NodePool is in progress. We want to use this as a signal for users and Argo to know when an Argo app that deploys a NodePool is "done" so that they can move on to other apps in sequence. We currently do that now with a hacky script run in a pod as part of a postSync action. This feature will simplify that by eliminating the need for the script.

Argo itself can't query metrics as far as I know. Its health check logic only has access to the NodePool resource, so all details must come from there. @cnmcavoy is already working on a custom health check that we'll use with Argo for this purpose to go with his PR. If it works well, we'll probably submit it to the Argo project for inclusion so that others may benefit.