Skip to main content
Version: v1.3

1.3.3

This release changes how Luna queries the node instance profile in EKS.

The node instance profile is now determined at runtime rather than during installation. This change requires additional IAM permissions for the Luna manager.

If the configuration option aws.nodeInstanceProfile is populated, the new permissions are not required. Existing Luna installations will have this field already populated and therefore do not need the additional IAM permissions.

To upgrade the policy and enable determining the node instance profile at runtime, use the following command:

export CLUSTER=<eks cluster name>
export LUNA_NAMESPACE=elotl
export ACCOUNT_NUMBER=$(aws sts get-caller-identity --query Account --output text)
$ aws iam create-policy-version \
    --policy-arn arn:aws:iam::$ACCOUNT_NUMBER:policy/$CLUSTER-$LUNA_NAMESPACE-LunaAssumeRoleWithWebIdentity \
    --policy-document file://role_policy.json \
    --set-as-default

role_policy.json is located in the eks directory of the Luna package.

The policy must be updated before the Luna Helm chart is upgraded.

1.3.1

This release includes changes to Luna’s internal database format. Before upgrading to version 1.3.1, ensure all node creation requests with spot pricing are complete and no spot node provisioning operations are in progress. In the rare case a spot node creation request fails during the upgrade, Luna may incorrectly mark the node type as unavailable for on-demand instead of spot. The duration of unavailability depends on the failure type and the option configured in the backoffDurations configuration section, by default 1 hour or less.

1.1.0

When the Luna option reuseBinSelectNodes is set true (default), Luna-managed pods with matching node selection characteristics can reuse bin-select nodes and node pools, and nodes can be allocated for multiple bin-select pods with single multi-node scale-up operations. To determine if bin-select pods have matching node selection characteristics, Luna compares a hash of the pods' K8s representation with a set of non-node-selection-related fields cleared.

In version 1.1.0 of Luna, the K8s libraries are updated, impacting the computed reuse hash value, so existing bin-select nodes and node pools will not be reused after upgrade. If you would like existing bin-select pods to share node pools created for matching pods after Luna upgrade to 1.1.0, please restart the old bin-selected pods.

Note that we have updated our hash computation for node reuse to only apply to fields that explicitly impact Luna's configuration of nodes and node pools for bin-select to avoid a similar impact for Luna K8s library upgrades in the future.

0.7.0

EKS

Luna can now query image families in EKS from the System Manager parameter Store. As a result Luna manager 0.6.7+ requires additional IAM permissions ssm:GetParameter to query the SSM database to get the image ID.

To upgrade to 0.7.0 from a previous version you can either:

  1. Uninstall Luna and reinstall it with the deploy.sh script
  2. Edit the IAM policy attached to the Luna manager service account

For option #2, the IAM policy will be named ${CLUSTER_NAME}-${NAMESPACE}-LunaAssumeRoleWithWebIdentity.

Here’s how to change the policy for Luna 0.6.7:

                 "ec2:DescribeKeyPairs",
                 "ec2:DescribeSecurityGroups",
                 "iam:PassRole",
-                "iam:GetInstanceProfile"
+                "iam:GetInstanceProfile",
+                "ssm:GetParameter"
             ],
             "Resource": "*"
         },