Cloud API Provisioning

Provision cloud instances from GPU and compute providers and join them to your cluster automatically via cloud-init.

Warning
This guide is currently under development. The Cloud API provisioning path and its tooling are still being designed and built. The concepts below describe the intended architecture and are subject to change.

Overview

Cloud API provisioning allows you to spin up instances from any cloud provider and have them join your Kubernetes cluster automatically – no manual SSH required. This is particularly useful for adding GPU compute from specialized providers like Nebius, CoreWeave, OCI, Azure, AWS, and others seamlessly alongside nodes from your existing infrastructure.

How It Works

  1. Unschedulable pods are detected by the Unbounded implementation of Karpenter, which monitors the cluster for pods that cannot be placed on existing nodes.

  2. Machine CRs are created by the Karpenter controller corresponding to the target cloud provider, describing the instance type and provider required to satisfy the pending workload.

  3. Machine controllers provision instances at the target cloud by calling the provider’s API and passing a cloud-init user-data script that installs the unbounded agent on first boot.

  4. The unbounded agent runs on the new instance and contacts the cluster’s API server to complete the join using a bootstrap token generated by kubectl unbounded site init.

  5. unbounded-net establishes WireGuard tunnels (or routes over an existing private link) so pod traffic can flow between the new node and the rest of the cluster.

  6. The Machine transitions through its normal lifecycle phases – PendingProvisioningJoiningReady – just like SSH or PXE provisioned nodes.

Edit this page on GitHub