feat: adding artifact streaming to the AKSNodeClass rather than Defaulting to true always

charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml

@@ -60,6 +60,16 @@ spec:
               AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider.
               This will contain configuration necessary to launch instances in AKS.
             properties:
+              artifactStreamingEnabled:
+                default: false
+                description: |-
+                  ArtifactStreamingEnabled controls whether artifact streaming is enabled for container images.
+                  Artifact streaming allows AKS to stream container images from ACR by only pulling the
+                  necessary layers for initial pod startup, reducing image pull times and improving pod start-up performance.
+                  Note: Only supported on Ubuntu2204 and AzureLinux image families. Not supported on ARM64 architecture.
+                  To use artifact streaming, container images must be converted to streaming-compatible artifacts in ACR.
+                  See: https://learn.microsoft.com/en-us/azure/aks/artifact-streaming
+                type: boolean
               fipsMode:
                 description: FIPSMode controls FIPS compliance for the provisioned
                   nodes
@@ -398,6 +408,16 @@ spec:
               AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider.
               This will contain configuration necessary to launch instances in AKS.
             properties:
+              artifactStreamingEnabled:
+                default: false
+                description: |-
+                  ArtifactStreamingEnabled controls whether artifact streaming is enabled for container images.
+                  Artifact streaming allows AKS to stream container images from ACR by only pulling the
+                  necessary layers for initial pod startup, reducing image pull times and improving pod start-up performance.
+                  Note: Only supported on Ubuntu2204 and AzureLinux image families. Not supported on ARM64 architecture.
+                  To use artifact streaming, container images must be converted to streaming-compatible artifacts in ACR.
+                  See: https://learn.microsoft.com/en-us/azure/aks/artifact-streaming
+                type: boolean
               fipsMode:
                 description: FIPSMode controls FIPS compliance for the provisioned
                   nodes

pkg/apis/crds/karpenter.azure.com_aksnodeclasses.yaml

@@ -60,6 +60,16 @@ spec:
               AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider.
               This will contain configuration necessary to launch instances in AKS.
             properties:
+              artifactStreamingEnabled:
+                default: false
+                description: |-
+                  ArtifactStreamingEnabled controls whether artifact streaming is enabled for container images.
+                  Artifact streaming allows AKS to stream container images from ACR by only pulling the
+                  necessary layers for initial pod startup, reducing image pull times and improving pod start-up performance.
+                  Note: Only supported on Ubuntu2204 and AzureLinux image families. Not supported on ARM64 architecture.
+                  To use artifact streaming, container images must be converted to streaming-compatible artifacts in ACR.
+                  See: https://learn.microsoft.com/en-us/azure/aks/artifact-streaming
+                type: boolean
               fipsMode:
                 description: FIPSMode controls FIPS compliance for the provisioned
                   nodes
@@ -398,6 +408,16 @@ spec:
               AKSNodeClassSpec is the top level specification for the AKS Karpenter Provider.
               This will contain configuration necessary to launch instances in AKS.
             properties:
+              artifactStreamingEnabled:
+                default: false
+                description: |-
+                  ArtifactStreamingEnabled controls whether artifact streaming is enabled for container images.
+                  Artifact streaming allows AKS to stream container images from ACR by only pulling the
+                  necessary layers for initial pod startup, reducing image pull times and improving pod start-up performance.
+                  Note: Only supported on Ubuntu2204 and AzureLinux image families. Not supported on ARM64 architecture.
+                  To use artifact streaming, container images must be converted to streaming-compatible artifacts in ACR.
+                  See: https://learn.microsoft.com/en-us/azure/aks/artifact-streaming
+                type: boolean
               fipsMode:
                 description: FIPSMode controls FIPS compliance for the provisioned
                   nodes

pkg/apis/v1alpha2/aksnodeclass.go

@@ -81,6 +81,15 @@ type AKSNodeClassSpec struct {
 	// +kubebuilder:validation:Maximum:=250
 	// +optional
 	MaxPods *int32 `json:"maxPods,omitempty"`
+	// ArtifactStreamingEnabled controls whether artifact streaming is enabled for container images.
+	// Artifact streaming allows AKS to stream container images from ACR by only pulling the
+	// necessary layers for initial pod startup, reducing image pull times and improving pod start-up performance.
+	// Note: Only supported on Ubuntu2204 and AzureLinux image families. Not supported on ARM64 architecture.
+	// To use artifact streaming, container images must be converted to streaming-compatible artifacts in ACR.
+	// See: https://learn.microsoft.com/en-us/azure/aks/artifact-streaming
+	// +kubebuilder:default=false
+	// +optional
+	ArtifactStreamingEnabled *bool `json:"artifactStreamingEnabled,omitempty"`
 	// Collection of security related karpenter fields
 	Security *Security `json:"security,omitempty"`
 }

pkg/apis/v1beta1/aksnodeclass.go

@@ -81,6 +81,15 @@ type AKSNodeClassSpec struct {
 	// +kubebuilder:validation:Maximum:=250
 	// +optional
 	MaxPods *int32 `json:"maxPods,omitempty"`
+	// ArtifactStreamingEnabled controls whether artifact streaming is enabled for container images.
+	// Artifact streaming allows AKS to stream container images from ACR by only pulling the
+	// necessary layers for initial pod startup, reducing image pull times and improving pod start-up performance.
+	// Note: Only supported on Ubuntu2204 and AzureLinux image families. Not supported on ARM64 architecture.
+	// To use artifact streaming, container images must be converted to streaming-compatible artifacts in ACR.
+	// See: https://learn.microsoft.com/en-us/azure/aks/artifact-streaming
+	// +kubebuilder:default=false
+	// +optional
+	ArtifactStreamingEnabled *bool `json:"artifactStreamingEnabled,omitempty"`
 
 	// Collection of security related karpenter fields
 	Security *Security `json:"security,omitempty"`

pkg/apis/v1beta1/crd_validation_cel_test.go

@@ -27,6 +27,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1"
 	"sigs.k8s.io/karpenter/pkg/test"
@@ -363,4 +364,47 @@ var _ = Describe("CEL/Validation", func() {
 			Expect(env.Client.Create(ctx, nodeClass)).To(Succeed())
 		})
 	})
+
+	Context("ArtifactStreamingEnabled", func() {
+		It("should default to false when not specified", func() {
+			nodeClass := &v1beta1.AKSNodeClass{
+				ObjectMeta: metav1.ObjectMeta{Name: strings.ToLower(randomdata.SillyName())},
+				Spec:       v1beta1.AKSNodeClassSpec{},
+			}
+			Expect(env.Client.Create(ctx, nodeClass)).To(Succeed())
+			// Fetch the created nodeClass to check the defaulted value
+			createdNodeClass := &v1beta1.AKSNodeClass{}
+			Expect(env.Client.Get(ctx, client.ObjectKeyFromObject(nodeClass), createdNodeClass)).To(Succeed())
+			Expect(createdNodeClass.Spec.ArtifactStreamingEnabled).ToNot(BeNil())
+			Expect(lo.FromPtr(createdNodeClass.Spec.ArtifactStreamingEnabled)).To(BeFalse())
+		})
+
+		It("should allow explicitly setting to false", func() {
+			nodeClass := &v1beta1.AKSNodeClass{
+				ObjectMeta: metav1.ObjectMeta{Name: strings.ToLower(randomdata.SillyName())},
+				Spec: v1beta1.AKSNodeClassSpec{
+					ArtifactStreamingEnabled: lo.ToPtr(false),
+				},
+			}
+			Expect(env.Client.Create(ctx, nodeClass)).To(Succeed())
+			createdNodeClass := &v1beta1.AKSNodeClass{}
+			Expect(env.Client.Get(ctx, client.ObjectKeyFromObject(nodeClass), createdNodeClass)).To(Succeed())
+			Expect(createdNodeClass.Spec.ArtifactStreamingEnabled).ToNot(BeNil())
+			Expect(lo.FromPtr(createdNodeClass.Spec.ArtifactStreamingEnabled)).To(BeFalse())
+		})
+
+		It("should allow explicitly setting to true", func() {
+			nodeClass := &v1beta1.AKSNodeClass{
+				ObjectMeta: metav1.ObjectMeta{Name: strings.ToLower(randomdata.SillyName())},
+				Spec: v1beta1.AKSNodeClassSpec{
+					ArtifactStreamingEnabled: lo.ToPtr(true),
+				},
+			}
+			Expect(env.Client.Create(ctx, nodeClass)).To(Succeed())
+			createdNodeClass := &v1beta1.AKSNodeClass{}
+			Expect(env.Client.Get(ctx, client.ObjectKeyFromObject(nodeClass), createdNodeClass)).To(Succeed())
+			Expect(createdNodeClass.Spec.ArtifactStreamingEnabled).ToNot(BeNil())
+			Expect(lo.FromPtr(createdNodeClass.Spec.ArtifactStreamingEnabled)).To(BeTrue())
+		})
+	})
 })

pkg/providers/imagefamily/azlinux.go

@@ -124,6 +124,7 @@ func (u AzureLinux) ScriptlessCustomData(
 	labels map[string]string,
 	caBundle *string,
 	_ *cloudprovider.InstanceType,
+	artifactStreamingEnabled *bool,
 ) bootstrap.Bootstrapper {
 	return bootstrap.AKS{
 		Options: bootstrap.Options{
@@ -151,6 +152,7 @@ func (u AzureLinux) ScriptlessCustomData(
 		NetworkPlugin:                  u.Options.NetworkPlugin,
 		NetworkPolicy:                  u.Options.NetworkPolicy,
 		KubernetesVersion:              u.Options.KubernetesVersion,
+		ArtifactStreamingEnabled:       artifactStreamingEnabled,
 	}
 }
 
@@ -165,6 +167,7 @@ func (u AzureLinux) CustomScriptsNodeBootstrapping(
 	storageProfile string,
 	nodeBootstrappingClient types.NodeBootstrappingAPI,
 	fipsMode *v1beta1.FIPSMode,
+	artifactStreamingEnabled *bool,
 ) customscriptsbootstrap.Bootstrapper {
 	return customscriptsbootstrap.ProvisionClientBootstrap{
 		ClusterName:                    u.Options.ClusterName,
@@ -185,5 +188,6 @@ func (u AzureLinux) CustomScriptsNodeBootstrapping(
 		NodeBootstrappingProvider:      nodeBootstrappingClient,
 		OSSKU:                          customscriptsbootstrap.ImageFamilyOSSKUAzureLinux2,
 		FIPSMode:                       fipsMode,
+		ArtifactStreamingEnabled:       artifactStreamingEnabled,
 	}
 }

pkg/providers/imagefamily/azlinux3.go

@@ -142,6 +142,7 @@ func (u AzureLinux3) ScriptlessCustomData(
 	labels map[string]string,
 	caBundle *string,
 	_ *cloudprovider.InstanceType,
+	artifactStreamingEnabled *bool,
 ) bootstrap.Bootstrapper {
 	return bootstrap.AKS{
 		Options: bootstrap.Options{
@@ -169,6 +170,7 @@ func (u AzureLinux3) ScriptlessCustomData(
 		NetworkPlugin:                  u.Options.NetworkPlugin,
 		NetworkPolicy:                  u.Options.NetworkPolicy,
 		KubernetesVersion:              u.Options.KubernetesVersion,
+		ArtifactStreamingEnabled:       artifactStreamingEnabled,
 	}
 }
 
@@ -183,6 +185,7 @@ func (u AzureLinux3) CustomScriptsNodeBootstrapping(
 	storageProfile string,
 	nodeBootstrappingClient types.NodeBootstrappingAPI,
 	fipsMode *v1beta1.FIPSMode,
+	artifactStreamingEnabled *bool,
 ) customscriptsbootstrap.Bootstrapper {
 	return customscriptsbootstrap.ProvisionClientBootstrap{
 		ClusterName:                    u.Options.ClusterName,
@@ -203,5 +206,6 @@ func (u AzureLinux3) CustomScriptsNodeBootstrapping(
 		NodeBootstrappingProvider:      nodeBootstrappingClient,
 		OSSKU:                          customscriptsbootstrap.ImageFamilyOSSKUAzureLinux3,
 		FIPSMode:                       fipsMode,
+		ArtifactStreamingEnabled:       artifactStreamingEnabled,
 	}
 }

pkg/providers/imagefamily/azlinux3_test.go

@@ -75,6 +75,7 @@ func TestAzureLinux3_CustomScriptsNodeBootstrapping(t *testing.T) {
 		storageProfile,
 		nodeBootstrappingClient,
 		fipsMode,
+		nil, // artifactStreamingEnabled
 	)
 
 	// Verify the returned bootstrapper is of the correct type

pkg/providers/imagefamily/azlinux_test.go

@@ -75,6 +75,7 @@ func TestAzureLinux_CustomScriptsNodeBootstrapping(t *testing.T) {
 		storageProfile,
 		nodeBootstrappingClient,
 		fipsMode,
+		nil, // artifactStreamingEnabled
 	)
 
 	// Verify the returned bootstrapper is of the correct type

pkg/providers/imagefamily/bootstrap/aksbootstrap.go

@@ -47,6 +47,7 @@ type AKS struct {
 	NetworkPlugin                  string
 	NetworkPolicy                  string
 	KubernetesVersion              string
+	ArtifactStreamingEnabled       *bool
 }
 
 var _ Bootstrapper = (*AKS)(nil) // assert AKS implements Bootstrapper
@@ -220,6 +221,7 @@ type NodeBootstrapVariables struct {
 	KubeCACrt                               string   // x   unique per cluster
 	ContainerdConfigContent                 string   // k   determined by GPU VM size, WASM support, Kata support
 	IsKata                                  bool     // n   user-specified
+	EnableArtifactStreaming                 bool     // t   user-specified via AKSNodeClass
 }
 
 func (a AKS) aksBootstrapScript() (string, error) {
@@ -354,6 +356,9 @@ func (a AKS) applyOptions(nbv *NodeBootstrapVariables) {
 	nbv.KubeletFlags = strings.Join(lo.MapToSlice(kubeletFlags, func(k, v string) string {
 		return fmt.Sprintf("%s=%s", k, v)
 	}), " ")
+
+	// Set artifact streaming enabled flag
+	nbv.EnableArtifactStreaming = lo.FromPtr(a.ArtifactStreamingEnabled)
 }
 
 func containerdConfigFromNodeBootstrapVars(nbv *NodeBootstrapVariables) (string, error) {

pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go

@@ -65,6 +65,7 @@ type ProvisionClientBootstrap struct {
 	OSSKU                          string
 	NodeBootstrappingProvider      types.NodeBootstrappingAPI
 	FIPSMode                       *v1beta1.FIPSMode
+	ArtifactStreamingEnabled       *bool
 }
 
 var _ Bootstrapper = (*ProvisionClientBootstrap)(nil) // assert ProvisionClientBootstrap implements customscriptsbootstrapper
@@ -107,8 +108,13 @@ func (p *ProvisionClientBootstrap) ConstructProvisionValues(ctx context.Context)
 	labels.AddAgentBakerGeneratedLabels(p.ResourceGroup, options.FromContext(ctx).KubeletIdentityClientID, nodeLabels)
 
 	// artifact streaming is not yet supported for Arm64, for Ubuntu 20.04, Ubuntu 24.04, and for Azure Linux v3
-	enableArtifactStreaming := p.Arch == karpv1.ArchitectureAmd64 &&
-		(p.OSSKU == ImageFamilyOSSKUUbuntu2204 || p.OSSKU == ImageFamilyOSSKUAzureLinux2)
+	// Only enable if explicitly requested in the nodeclass AND the configuration is supported
+	enableArtifactStreaming := false
+	if lo.FromPtr(p.ArtifactStreamingEnabled) {
+		// User wants it enabled, verify the arch and OS SKU are supported
+		enableArtifactStreaming = p.Arch == karpv1.ArchitectureAmd64 &&
+			(p.OSSKU == ImageFamilyOSSKUUbuntu2204 || p.OSSKU == ImageFamilyOSSKUAzureLinux2)
+	}
 
 	// unspecified FIPSMode is effectively no FIPS for now
 	enableFIPS := lo.FromPtr(p.FIPSMode) == v1beta1.FIPSModeFIPS

pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap_test.go

@@ -313,6 +313,7 @@ func TestConstructProvisionValues(t *testing.T) {
 				OSSKU:                     customscriptsbootstrap.ImageFamilyOSSKUAzureLinux2,
 				Labels:                    map[string]string{"kubernetes.azure.com/mode": "system"}, // Test system mode
 				NodeBootstrappingProvider: &fake.NodeBootstrappingAPI{},
+				ArtifactStreamingEnabled:  lo.ToPtr(true), // Explicitly enable to test artifact streaming works when enabled
 				InstanceType: &cloudprovider.InstanceType{
 					Name: "Standard_D2s_v3",
 					Capacity: v1.ResourceList{
@@ -695,13 +696,13 @@ func TestArtifactStreamingEnablement(t *testing.T) {
 			description:                      "Artifact streaming should be disabled for AMD64 with Ubuntu2004 FIPS",
 		},
 		{
-			name:                             "AMD64 Ubuntu2204 - Artifact streaming enabled",
+			name:                             "AMD64 Ubuntu2204 - Artifact streaming disabled by default",
 			arch:                             karpv1.ArchitectureAmd64,
 			ossku:                            customscriptsbootstrap.ImageFamilyOSSKUUbuntu2204,
 			kubernetesVersion:                "1.31.0",
 			imageDistro:                      "aks-ubuntu-containerd-22.04-gen2",
-			expectedArtifactStreamingEnabled: true,
-			description:                      "Artifact streaming should be enabled for AMD64 with Ubuntu2204",
+			expectedArtifactStreamingEnabled: false,
+			description:                      "Artifact streaming should be disabled by default for AMD64 with Ubuntu2204",
 		},
 		{
 			name:                             "AMD64 Ubuntu2404 - Artifact streaming disabled",
@@ -713,13 +714,13 @@ func TestArtifactStreamingEnablement(t *testing.T) {
 			description:                      "Artifact streaming should be disabled for AMD64 with Ubuntu2404",
 		},
 		{
-			name:                             "AMD64 AzureLinux2 - Artifact streaming enabled",
+			name:                             "AMD64 AzureLinux2 - Artifact streaming disabled by default",
 			arch:                             karpv1.ArchitectureAmd64,
 			ossku:                            customscriptsbootstrap.ImageFamilyOSSKUAzureLinux2,
 			kubernetesVersion:                "1.31.0",
 			imageDistro:                      "aks-azurelinux-v2-gen2",
-			expectedArtifactStreamingEnabled: true,
-			description:                      "Artifact streaming should be enabled for AMD64 with AzureLinux2",
+			expectedArtifactStreamingEnabled: false,
+			description:                      "Artifact streaming should be disabled by default for AMD64 with AzureLinux2",
 		},
 		{
 			name:                             "AMD64 AzureLinux3 - Artifact streaming disabled",

pkg/providers/imagefamily/resolver.go

@@ -69,6 +69,7 @@ type ImageFamily interface {
 		labels map[string]string,
 		caBundle *string,
 		instanceType *cloudprovider.InstanceType,
+		artifactStreamingEnabled *bool,
 	) bootstrap.Bootstrapper
 	CustomScriptsNodeBootstrapping(
 		kubeletConfig *bootstrap.KubeletConfiguration,
@@ -80,6 +81,7 @@ type ImageFamily interface {
 		storageProfile string,
 		nodeBootstrappingClient types.NodeBootstrappingAPI,
 		fipsMode *v1beta1.FIPSMode,
+		artifactStreamingEnabled *bool,
 	) customscriptsbootstrap.Bootstrapper
 	Name() string
 	// DefaultImages returns a list of default CommunityImage definitions for this ImageFamily.
@@ -162,6 +164,7 @@ func (r *defaultResolver) Resolve(
 			staticParameters.Labels,
 			staticParameters.CABundle,
 			instanceType,
+			nodeClass.Spec.ArtifactStreamingEnabled,
 		),
 		CustomScriptsNodeBootstrapping: imageFamily.CustomScriptsNodeBootstrapping(
 			prepareKubeletConfiguration(ctx, instanceType, nodeClass),
@@ -173,6 +176,7 @@ func (r *defaultResolver) Resolve(
 			diskType,
 			r.nodeBootstrappingProvider,
 			nodeClass.Spec.FIPSMode,
+			nodeClass.Spec.ArtifactStreamingEnabled,
 		),
 		StorageProfileDiskType:    diskType,
 		StorageProfileIsEphemeral: diskType == consts.StorageProfileEphemeral,