[Creator] [design-spec] k8s-karpenter-control-plane-health (#658)

* Add k8s-karpenter-control-plane-health CodeBundle

Implements cluster-scoped checks for Karpenter controller readiness, admission
webhooks, namespace Warning events, CRD groups, and metrics Services. Includes
sli.robot with a four-dimension 0-1 score, generation rules for kubernetes cluster
resources, and .test Taskfile with a sample namespace manifest.

Made-with: Cursor

* Fix readiness check in Karpenter pod script and enhance local testing documentation

- Updated readiness check condition in `check-karpenter-controller-pods.sh` to compare against "True" instead of "true".
- Added comprehensive local testing instructions in the README, detailing the use of a self-contained harness for testing Karpenter checks against a Kind cluster.
- Removed obsolete `manifest.yaml` file from the test directory.

Made-with: Cursor

* Enhance local testing and discovery flow for Karpenter CodeBundles

- Added detailed instructions for running the runbook locally via RunWhen Local in the README files for both k8s-karpenter-autoscaling-health and k8s-karpenter-control-plane-health.
- Updated generation rules to ensure SLX is only emitted for clusters with Karpenter installed, refining match criteria for deployments.
- Introduced new tasks in the Taskfile for generating kubeconfig and running discovery, improving the local testing workflow.
- Enhanced cleanup tasks to remove generated artifacts from the discovery process.

Made-with: Cursor

* Refactor variable import for Karpenter control plane health SLI

- Changed the import method for `${RW_LOOKBACK_WINDOW}` from user variable to platform variable to improve consistency in variable management.
- Removed the logging of the health score report to streamline output during metric pushing.

Made-with: Cursor

* Enhance Karpenter health check scripts with detailed reporting

- Added a `print_report` function to various Karpenter health check scripts to provide human-readable summaries of findings upon exit.
- The report includes details on NodeClasses, NodePools, Pending Pods, Stuck NodeClaims, and webhook configurations, improving visibility into the health of Karpenter components.
- Removed redundant output messages to streamline the reporting process.

Made-with: Cursor

---------

Co-authored-by: rw-codebundle-agent[bot] <rw-codebundle-agent[bot]@users.noreply.github.com>
Co-authored-by: Shea Stewart <shea.stewart@runwhen.com>

Author: rw-codebundle-agent[bot]

codebundles/k8s-karpenter-autoscaling-health/.runwhen/generation-rules/k8s-karpenter-autoscaling-health.yaml

@@ -0,0 +1,43 @@
+apiVersion: runwhen.com/v1
+kind: GenerationRules
+spec:
+  platform: kubernetes
+  generationRules:
+    # Only emit this SLX for clusters that actually have Karpenter installed.
+    #
+    # The upstream Helm chart (kubernetes-sigs/karpenter) and AWS's managed
+    # variants always produce a controller Deployment named `karpenter` with
+    # the standard chart labels (`app.kubernetes.io/name=karpenter`,
+    # `app.kubernetes.io/instance=karpenter`). We do not gate on namespace
+    # because the install location varies (`karpenter`, `kube-system` under
+    # EKS Auto Mode, or org-specific namespaces).
+    #
+    # Requiring BOTH signals (`name` contains `karpenter` AND at least one
+    # label value contains `karpenter`) keeps us out of false positives such
+    # as unrelated deployments that happen to mention the word `karpenter`.
+    # `qualifiers: ["cluster"]` dedupes to a single SLX per cluster even if
+    # multiple matching Deployments exist.
+    - resourceTypes:
+        - deployment
+      matchRules:
+        - type: and
+          matches:
+            - type: pattern
+              pattern: "karpenter"
+              properties: [name]
+              mode: substring
+            - type: pattern
+              pattern: "karpenter"
+              properties: [label-values]
+              mode: substring
+      slxs:
+        - baseName: karp-as-hc
+          shortenedBaseName: karp-as-hc
+          qualifiers: ["cluster"]
+          baseTemplateName: k8s-karpenter-autoscaling-health
+          levelOfDetail: basic
+          outputItems:
+            - type: slx
+            - type: sli
+            - type: runbook
+              templateName: k8s-karpenter-autoscaling-health-taskset.yaml

codebundles/k8s-karpenter-autoscaling-health/.runwhen/templates/k8s-karpenter-autoscaling-health-sli.yaml

@@ -0,0 +1,48 @@
+apiVersion: runwhen.com/v1
+kind: ServiceLevelIndicator
+metadata:
+  name: {{slx_name}}
+  labels:
+    {% include "common-labels.yaml" %}
+  annotations:
+    {% include "common-annotations.yaml" %}
+spec:
+  displayUnitsLong: OK
+  displayUnitsShort: ok
+  locations:
+    - {{default_location}}
+  description: Measures Karpenter NodePool or NodeClaim conditions, Pending capacity pressure, and stuck NodeClaims for the cluster.
+  codeBundle:
+    {% if repo_url %}
+    repoUrl: {{repo_url}}
+    {% else %}
+    repoUrl: https://github.com/runwhen-contrib/rw-cli-codecollection.git
+    {% endif %}
+    {% if ref %}
+    ref: {{ref}}
+    {% else %}
+    ref: main
+    {% endif %}
+    pathToRobot: codebundles/k8s-karpenter-autoscaling-health/sli.robot
+  intervalStrategy: intermezzo
+  intervalSeconds: 300
+  configProvided:
+    - name: CONTEXT
+      value: "{{cluster.context}}"
+    - name: KUBERNETES_DISTRIBUTION_BINARY
+      value: "{{custom.kubernetes_distribution_binary | default('kubectl')}}"
+    - name: SLI_PENDING_POD_MAX
+      value: "{{ custom.sli_pending_pod_max | default('5') }}"
+    - name: STUCK_NODECLAIM_THRESHOLD_MINUTES
+      value: "{{ custom.stuck_nodeclaim_threshold_minutes | default('30') }}"
+  secretsProvided:
+  {% if wb_version %}
+    {% include "kubernetes-auth.yaml" ignore missing %}
+  {% else %}
+    - name: kubeconfig
+      workspaceKey: {{custom.kubeconfig_secret_name | default("kubeconfig")}}
+  {% endif %}
+  alertConfig:
+    tasks:
+      persona: eager-edgar
+      sessionTTL: 10m

codebundles/k8s-karpenter-autoscaling-health/.runwhen/templates/k8s-karpenter-autoscaling-health-slx.yaml

@@ -0,0 +1,25 @@
+apiVersion: runwhen.com/v1
+kind: ServiceLevelX
+metadata:
+  name: {{slx_name}}
+  labels:
+    {% include "common-labels.yaml" %}
+  annotations:
+    {% include "common-annotations.yaml" %}
+spec:
+  imageURL: https://storage.googleapis.com/runwhen-nonprod-shared-images/icons/kubernetes-icon-color.svg
+  alias: {{ cluster.name }} Karpenter Autoscaling Health
+  asMeasuredBy: Karpenter NodePool or NodeClaim conditions, Pending capacity signals, and stuck NodeClaims versus SLI thresholds.
+  configProvided:
+    - name: OBJECT_NAME
+      value: {{ cluster.name }}
+  owners:
+    - {{ workspace.owner_email }}
+  statement: Karpenter should provision capacity without sustained unhealthy conditions, stuck NodeClaims, or controller errors.
+  additionalContext:
+    {% include "kubernetes-hierarchy.yaml" ignore missing %}
+    qualified_name: "{{ match_resource.qualified_name }}"
+  tags:
+    {% include "kubernetes-tags.yaml" ignore missing %}
+    - name: access
+      value: read-only

codebundles/k8s-karpenter-autoscaling-health/.runwhen/templates/k8s-karpenter-autoscaling-health-taskset.yaml

@@ -0,0 +1,44 @@
+apiVersion: runwhen.com/v1
+kind: Runbook
+metadata:
+  name: {{slx_name}}
+  labels:
+    {% include "common-labels.yaml" %}
+  annotations:
+    {% include "common-annotations.yaml" %}
+spec:
+  location: {{default_location}}
+  codeBundle:
+    {% if repo_url %}
+    repoUrl: {{repo_url}}
+    {% else %}
+    repoUrl: https://github.com/runwhen-contrib/rw-cli-codecollection.git
+    {% endif %}
+    {% if ref %}
+    ref: {{ref}}
+    {% else %}
+    ref: main
+    {% endif %}
+    pathToRobot: codebundles/k8s-karpenter-autoscaling-health/runbook.robot
+  configProvided:
+    - name: CONTEXT
+      value: "{{cluster.context}}"
+    - name: KARPENTER_NAMESPACE
+      value: "{{ custom.karpenter_namespace | default('karpenter') }}"
+    - name: KUBERNETES_DISTRIBUTION_BINARY
+      value: "{{custom.kubernetes_distribution_binary | default('kubectl')}}"
+    - name: RW_LOOKBACK_WINDOW
+      value: "{{ custom.karpenter_lookback | default('30m') }}"
+    - name: KARPENTER_LOG_ERROR_THRESHOLD
+      value: "{{ custom.karpenter_log_error_threshold | default('1') }}"
+    - name: STUCK_NODECLAIM_THRESHOLD_MINUTES
+      value: "{{ custom.stuck_nodeclaim_threshold_minutes | default('30') }}"
+    - name: KARPENTER_LOG_MAX_LINES
+      value: "{{ custom.karpenter_log_max_lines | default('500') }}"
+  secretsProvided:
+  {% if wb_version %}
+    {% include "kubernetes-auth.yaml" ignore missing %}
+  {% else %}
+    - name: kubeconfig
+      workspaceKey: {{custom.kubeconfig_secret_name | default("kubeconfig")}}
+  {% endif %}

codebundles/k8s-karpenter-autoscaling-health/.test/.gitignore

@@ -0,0 +1,5 @@
+# Generated by the local test harness / RunWhen Local discovery.
+kubeconfig
+kubeconfig.internal
+workspaceInfo.yaml
+output/