Friday Jun 05, 2026

Karpenter EC2NodeClass: AMI, Subnets, and EBS Config

When your security team mandates a specific AMI, private subnets, custom security groups, and encrypted EBS, Karpenter's EC2NodeClass is exactly where all of that infrastructure detail lives.

You'll learn:

  • The core separation of concerns: NodePool defines what to provision (requirements, constraints); EC2NodeClass defines how (the cloud-provider infrastructure details)
  • How to pin a specific AMI using amiSelectorTerms and lock nodes to private subnets via tag-based subnetSelectorTerms
  • Configuring securityGroupSelectorTerms and enforcing EBS encryption through blockDeviceMappings in the EC2NodeClass spec
  • How nodeClassRef wires a NodePool to a NodeClass — and why one NodeClass can back many NodePools, making AMI rotation straightforward

Keywords: Karpenter EC2NodeClass, Karpenter NodePool vs NodeClass, Karpenter AMI selection, Karpenter private subnets, Kubernetes node provisioning security

🎧 Listen, then go deeper — DevOps & Cloud interview-prep ebooks at DevOpsInterview.Cloud

Comment (0)

No comments yet. Be the first to say something!

Copyright 2026 All rights reserved.

Podcast Powered By Podbean

Version: 20241125