{"id":42307772,"url":"https://github.com/keikoproj/instance-manager","last_synced_at":"2026-01-28T23:07:16.649Z","repository":{"id":35172226,"uuid":"201135355","full_name":"keikoproj/instance-manager","owner":"keikoproj","description":"A Kubernetes controller for creating and managing worker node instance groups across multiple providers","archived":false,"fork":false,"pushed_at":"2025-08-01T13:23:04.000Z","size":10915,"stargazers_count":150,"open_issues_count":41,"forks_count":40,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-08-15T01:49:43.665Z","etag":null,"topics":["aws","aws-eks","eks","eks-fargate","fargate-profiles","instancegroups","kubernetes","kubernetes-cluster","kubernetes-clusters","kubernetes-controller","kubernetes-node","kubernetes-tools","managed-node","spot","worker-nodes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keikoproj.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-08-07T22:15:14.000Z","updated_at":"2025-07-15T16:51:12.000Z","dependencies_parsed_at":"2024-04-21T02:58:04.665Z","dependency_job_id":"9e1f5e7a-48de-4ef6-8088-fba5e12e6b72","html_url":"https://github.com/keikoproj/instance-manager","commit_stats":null,"previous_names":["orkaproj/instance-manager"],"tags_count":34,"template":false,"template_full_name":null,"purl":"pkg:github/keikoproj/instance-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Finstance-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Finstance-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Finstance-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Finstance-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keikoproj","download_url":"https://codeload.github.com/keikoproj/instance-manager/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Finstance-manager/sbom","scorecard":{"id":553879,"data":{"date":"2025-08-11","repo":{"name":"github.com/keikoproj/instance-manager","commit":"446043e825647d52191fd8857e295c7bec51b777"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Code-Review","score":1,"reason":"Found 3/29 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:17","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/functional-test.yaml:3","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:3","Warn: topLevel 'contents' permission set to 'write': .github/workflows/image-push.yml:3","Warn: topLevel 'packages' permission set to 'write': .github/workflows/image-push.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/unit-test.yml:3","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/functional-test.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/functional-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/functional-test.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/functional-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image-push.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image-push.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image-push.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-push.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/image-push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/unit-test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/unit-test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/instance-manager/unit-test.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:latest to gcr.io/distroless/static:latest@sha256:2e114d20aa6371fd271f854aa3d6b2b7d2e70e797bb3ea44fb677afec60db22c","Warn: pipCommand not pinned by hash: .github/workflows/functional-test.yaml:31","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/image-push.yml:15"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (10) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T11:47:00.329Z","repository_id":35172226,"created_at":"2025-08-20T11:47:00.329Z","updated_at":"2025-08-20T11:47:00.329Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28854538,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T22:56:21.783Z","status":"ssl_error","status_checked_at":"2026-01-28T22:56:00.861Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-eks","eks","eks-fargate","fargate-profiles","instancegroups","kubernetes","kubernetes-cluster","kubernetes-clusters","kubernetes-controller","kubernetes-node","kubernetes-tools","managed-node","spot","worker-nodes"],"created_at":"2026-01-27T11:12:46.284Z","updated_at":"2026-01-28T23:07:16.643Z","avatar_url":"https://github.com/keikoproj.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# instance-manager\n\n[![Build Status][BuildStatusImg]][BuildMasterUrl]\n[![Image Push][ImagePushImg]][ImagePushUrl]\n[![Codecov][CodecovImg]][CodecovUrl]\n[![Go Report Card][GoReportImg]][GoReportUrl]\n[![slack][SlackImg]][SlackUrl]\n[![Release][ReleaseImg]][ReleaseUrl]\n\u003e Create and manage instance groups with Kubernetes.\n\n**instance-manager** simplifies the creation of worker nodes from within a Kubernetes cluster and creates `InstanceGroup` objects in your cluster. Additionally, **instance-manager** will provision the actual machines and bootstrap them to the cluster.\n\n![instance-manager](hack/instance-manager.png)\n\n- [instance-manager](#instance-manager)\n  - [Installation](#installation)\n  - [Usage example](#usage-example)\n    - [Currently supported provisioners](#currently-supported-provisioners)\n    - [Submit and Verify](#submit-and-verify)\n    - [Alpha-2 Version](#alpha-2-version)\n  - [Contributing](#contributing)\n  - [Developer Guide](#developer-guide)\n\nWorker nodes in Kubernetes clusters work best if provisioned and managed using a logical grouping. Kops introduced the term “InstanceGroup” for this logical grouping. In AWS, an InstanceGroup maps to an AutoScalingGroup.\n\nGiven a particular cluster, there should be a way to create, read, upgrade and delete worker nodes from within the cluster itself. This enables use-cases where worker nodes can be created in response to Kubernetes events, InstanceGroups can be automatically assigned to namespaces for multi-tenancy, etc.\n\ninstance-manager provides this Kubernetes native mechanism for CRUD operations on worker nodes.\n\n## Installation\n\nYou must first have atleast one instance group that was manually created, in order to host the instance-manager pod.\n\n_For installation instructions and more examples of usage, please refer to the [Installation Reference Walkthrough][install]._\n\n## Usage example\n\n![Demo](./docs/demo.gif)\n\n```bash\n$ kubectl create -f instance_group.yaml\ninstancegroup.instancemgr.keikoproj.io/hello-world created\n\n$ kubectl get instancegroups\nNAMESPACE          NAME         STATE                MIN   MAX  GROUP NAME    PROVISIONER   STRATEGY   LIFECYCLE   AGE\ninstance-manager   hello-world  ReconcileModifying   3     6    hello-world   eks           crd        normal      1m\n```\n\nsome time later, once the scaling groups are created\n\n```bash\n$ kubectl get instancegroups\nNAMESPACE          NAME         STATE   MIN   MAX  GROUP NAME    PROVISIONER   STRATEGY   LIFECYCLE   AGE\ninstance-manager   hello-world  Ready   3     6    hello-world   eks           crd        normal      7m\n```\n\nAt this point the new nodes should be joined as well\n\n```bash\n$ kubectl get nodes\nNAME                                        STATUS   ROLES         AGE    VERSION\nip-10-10-10-10.us-west-2.compute.internal   Ready    system        2h     v1.14.6-eks-5047ed\nip-10-10-10-20.us-west-2.compute.internal   Ready    hello-world   32s    v1.14.6-eks-5047ed\nip-10-10-10-30.us-west-2.compute.internal   Ready    hello-world   32s    v1.14.6-eks-5047ed\nip-10-10-10-40.us-west-2.compute.internal   Ready    hello-world   32s    v1.14.6-eks-5047ed\n```\n\n### Provisioners\n\n| Provisioner | Description | Documentation | API Reference | Maturity |\n| :---------- | :---------- | :----------| :----------| :----------|\n| eks         | provision nodes on EKS | [Documentation](./docs/examples/EKS.md) | [API Reference](./docs/EKS.md#api-reference)| Production\n| eks-managed | provision managed node groups on EKS| [Documentation](./docs/examples/EKS-managed.md) | | Experimental\n| eks-fargate | provision a cluster to run pods on EKS Fargate| [Documentation](./docs/examples/EKS-fargate.md) | | Experimental\n\nTo create an instance group, submit an InstanceGroup custom resource in your cluster, and the controller will provision and bootstrap it to your cluster, and allow you to modify it from within the cluster.\n\n### Alpha-2 Version\n\nPlease consider that this project is in alpha stages and breaking API changes may happen, we will do our best to not break backwards compatiblity without a deprecation period going further.\n\nThe previous eks-cf provisioner have been discontinued in favor of the Alpha-2 eks provisioner, which does not use cloudformation as a mechanism to provision the required resources.\n\nIn order to migrate instance-groups from versions \u003c0.5.0, delete all instance groups, update the custom resource definition RBAC, and controller IAM role, and deploy new instance-groups with the new provisioner.\n\n## Contributing\n\nPlease see [CONTRIBUTING.md](.github/CONTRIBUTING.md).\n\n## Developer Guide\n\nPlease see [DEVELOPER.md](.github/DEVELOPER.md).\n\n\u003c!-- Markdown link --\u003e\n[install]: https://github.com/keikoproj/instance-manager/blob/master/docs/INSTALL.md\n[SlackUrl]: https://keikoproj.slack.com/\n[SlackImg]: https://img.shields.io/badge/slack-join%20the%20conversation-ff69b4.svg\n\n[BuildStatusImg]: https://github.com/keikoproj/instance-manager/actions/workflows/unit-test.yml/badge.svg\n[BuildMasterUrl]: https://github.com/keikoproj/instance-manager/actions/workflows/unit-test.yml\n\n[ImagePushImg]: https://github.com/keikoproj/instance-manager/actions/workflows/image-push.yml/badge.svg\n[ImagePushUrl]: https://github.com/keikoproj/instance-manager/actions/workflows/image-push.yml\n\n[CodecovImg]: https://codecov.io/gh/keikoproj/instance-manager/branch/master/graph/badge.svg?token=IJbjmSBliL\n[CodecovUrl]: https://codecov.io/gh/keikoproj/instance-manager\n\n[GoReportImg]: https://goreportcard.com/badge/github.com/keikoproj/instance-manager\n[GoReportUrl]: https://goreportcard.com/report/github.com/keikoproj/instance-manager\n\n[ReleaseImg]: https://img.shields.io/github/release/keikoproj/instance-manager.svg\n[ReleaseUrl]: https://github.com/keikoproj/instance-manager/releases/latest\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeikoproj%2Finstance-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeikoproj%2Finstance-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeikoproj%2Finstance-manager/lists"}