Terraform
Node Policies Configure Karpenter node provisioning policies with Terraform.
devzero_node_policy configures Karpenter NodePool and NodeClass resources for node provisioning. devzero_node_policy_target attaches a node policy to one or more clusters.
Node policies manage Karpenter NodePool and NodeClass resources. Ensure Karpenter is installed on your target clusters before attaching node policies.
resource "devzero_node_policy" "standard" { name = "standard-nodes" node_pool_name = "standard" node_class_name = "standard" instance_categories = [ "c" , "m" , "r" ] capacity_types = [ "on-demand" ] architectures = [ "amd64" ] limits { cpu = "100" memory = "400Gi" } disruption { consolidation_policy = "WhenEmptyOrUnderutilized" consolidate_after = "15m" expire_after = "720h" } aws { instance_profile = "KarpenterNodeInstanceProfile" ami_family = "AL2023" subnet_selector_terms { tags = { "karpenter.sh/discovery" = "my-cluster" } } security_group_selector_terms { tags = { "karpenter.sh/discovery" = "my-cluster" } } } } Parameter Type Required Description namestring Yes Unique name for the node policy node_pool_namestring Yes Name for the Karpenter NodePool node_class_namestring Yes Name for the Karpenter NodeClass
Parameter Type Description descriptionstring Human-readable description weightnumber Scheduling weight (default: 10) instance_categorieslist(string) Instance categories (e.g. ["c", "m", "r"]) instance_familieslist(string) Instance families (e.g. ["c5", "m5"]) instance_generationslist(string) Instance generations instance_sizeslist(string) Instance sizes (e.g. ["large", "xlarge"]) architectureslist(string) CPU architectures: "amd64", "arm64" capacity_typeslist(string) Capacity types: "spot", "on-demand" availability_zoneslist(string) Availability zones to use labelsmap(string) Labels to apply to provisioned nodes taintsblock Taints to apply (see below) limitsblock Resource limits for the NodePool (see below) disruptionblock Disruption/consolidation settings (see below) awsblock AWS-specific NodeClass configuration (see below) azureblock Azure-specific NodeClass configuration (see below)
Parameter Type Description keystring Taint key valuestring Taint value effectstring "NoSchedule", "PreferNoSchedule", or "NoExecute"
Parameter Type Description cpustring Maximum total CPU across all nodes (e.g. "100") memorystring Maximum total memory across all nodes (e.g. "400Gi")
Parameter Type Description consolidation_policystring "WhenEmptyOrUnderutilized" or "WhenEmpty"consolidate_afterstring Time before consolidating (e.g. "15m") expire_afterstring Maximum node lifetime (e.g. "720h")
Parameter Type Description instance_profilestring IAM instance profile for nodes ami_familystring AMI family (e.g. "AL2023", "Bottlerocket") subnet_selector_termsblock Subnet selection by tags or IDs security_group_selector_termsblock Security group selection by tags or IDs block_device_mappingsblock EBS volume configuration
Parameter Type Description vnet_subnet_idstring VNet subnet resource ID os_disk_size_gbnumber OS disk size in GB image_familystring VM image family
devzero_node_policy_target attaches a devzero_node_policy to one or more clusters.
resource "devzero_node_policy_target" "cluster_nodes" { name = "cluster-nodes" policy_id = devzero_node_policy . standard . id cluster_ids = [devzero_cluster . production . id] enabled = true } Parameter Type Required Description namestring Yes Unique name for the target policy_idstring Yes ID of the devzero_node_policy to attach cluster_idslist(string) Yes List of cluster IDs to apply the policy to descriptionstring No Human-readable description enabledbool No Whether the target is active (default: true)